Skip to content

fix(cli): incorrect/unnecessary passphrase assumptions #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
0xferrous wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(cli): incorrect/unnecessary passphrase assumptions #224

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 2 additions & 12 deletions ows/crates/ows-cli/src/commands/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,23 +106,13 @@ pub fn peek_passphrase() -> Option<String> {

/// Resolve a wallet into the private key bytes for a specific chain.
///
/// Tries an empty passphrase first; if that fails, prompts the user.
/// Delegates to `ows_lib::decrypt_signing_key` for the actual decryption
/// and key derivation so the signing path is never duplicated.
/// Reads the passphrase once, then delegates to `ows_lib::decrypt_signing_key`
/// for the actual decryption and key derivation so the signing path is never duplicated.
pub fn resolve_signing_key(
wallet_name: &str,
chain_type: ows_core::ChainType,
index: u32,
) -> Result<SecretBytes, CliError> {
// Try empty passphrase first.
match ows_lib::decrypt_signing_key(wallet_name, chain_type, "", Some(index), None) {
Ok(key) => return Ok(key),
Err(ows_lib::OwsLibError::Crypto(_)) => {
// Empty passphrase didn't work — prompt the user.
}
Err(e) => return Err(e.into()),
}

let passphrase = read_passphrase();
Ok(ows_lib::decrypt_signing_key(
wallet_name,
Expand Down
20 changes: 9 additions & 11 deletions ows/crates/ows-cli/src/commands/wallet.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ use zeroize::Zeroize;
pub fn create(name: &str, words: u32, show_mnemonic: bool) -> Result<(), CliError> {
// Generate mnemonic, then import it to create the wallet
let mut mnemonic_phrase = ows_lib::generate_mnemonic(words)?;
let info = ows_lib::import_wallet_mnemonic(name, &mnemonic_phrase, None, Some(0), None)?;
let passphrase = super::read_passphrase();
let info =
ows_lib::import_wallet_mnemonic(name, &mnemonic_phrase, Some(&passphrase), Some(0), None)?;

audit::log_wallet_created(&info);

Expand Down Expand Up @@ -66,9 +68,11 @@ pub fn import(
));
}

let passphrase = super::read_passphrase();

let info = if use_mnemonic {
let phrase = super::read_mnemonic()?;
ows_lib::import_wallet_mnemonic(name, &phrase, None, Some(index), None)?
ows_lib::import_wallet_mnemonic(name, &phrase, Some(&passphrase), Some(index), None)?
} else {
// Read from env/stdin only when both curve keys are not already provided
let private_key_hex = if both_curve_keys {
Expand All @@ -80,7 +84,7 @@ pub fn import(
name,
&private_key_hex,
chain,
None,
Some(&passphrase),
None,
secp256k1_key,
ed25519_key,
Expand Down Expand Up @@ -109,14 +113,8 @@ pub fn export(wallet_name: &str) -> Result<(), CliError> {
));
}

// Try empty passphrase first, then prompt if it fails
let mut exported = match ows_lib::export_wallet(wallet_name, None, None) {
Ok(s) => s,
Err(_) => {
let passphrase = super::read_passphrase();
ows_lib::export_wallet(wallet_name, Some(&passphrase), None)?
}
};
let passphrase = super::read_passphrase();
let mut exported = ows_lib::export_wallet(wallet_name, Some(&passphrase), None)?;

let is_key_pair = exported.starts_with('{');
eprintln!();
Expand Down