Skip to content

BIP32: CExtKey::SetSeed missing validation of seed bit-length #35308

Description

@kuliq23

Current behaviour

CExtKey::SetSeed does not check the seed bit-length constraints defined in BIP32

Generate a seed byte sequence S of a chosen length (between 128 and 512 bits; 256 bits is advised) from a (P)RNG.

I don't see a reason for not adhering to the spec in this case. Weak seeds used for master key generation can & have been exploited.

Found using the bitcoinfuzz tool.

Expected behaviour

CExtKey::SetSeed should provide bit-length (or byte-length) checks for the parameter seed
e.g.,

void CExtKey::SetSeed(std::span<const std::byte> seed)
{
    if (seed.size() < 16) return; // or throw
    ...
}

Steps to reproduce

Added a testcase in key_tests.cpp and ran the tests:

BOOST_AUTO_TEST_CASE(extkey_setseed_empty)
{
    CExtKey key;
    
    // Test with 0 bytes
    std::vector<std::byte> empty{};
    key.SetSeed(empty);

    // Test with 1 byte
    std::vector<std::byte> one{std::byte{0x01}};
    key.SetSeed(one);
    
}
Running 8 test cases...

*** No errors detected

How did you obtain Bitcoin Core

Compiled from source

What version of Bitcoin Core are you using?

master@ed1795a

Operating system and version

Ubuntu 24.04.3 LTS

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions