key: validate BIP32 seed length in CExtKey::SetSeed#35320
Conversation
|
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers. Code Coverage & BenchmarksFor details see: https://corecheck.dev/bitcoin/bitcoin/pulls/35320. ReviewsSee the guideline for information on the review process.
If your review is incorrectly listed, please copy-paste |
|
Two things:
|
Yeah, very much agree!. Checked it out - I'll move the tests. |
53544a3 to
d46735f
Compare
|
| BOOST_CHECK(!pubkey_parent.Derive(pubkey_child, 0)); | ||
| } | ||
|
|
||
| BOOST_AUTO_TEST_CASE(extkey_setseed_bip32_length) |
There was a problem hiding this comment.
What is the purpose of this test? The fixed test vectors already handle these cases.
|
Assertions enforce invariants and are there to reveal programming bugs outside of tests. This does not need any new tests. |
Got it |
BIP32 specifies that seed must be between 128 and 512 bits (16 to 64 bytes). CExtKey::SetSeed currently accepts any length, including empty seeds, which could lead to weak master keys. Add an Assert at the start of SetSeed to enforce the valid seed length range. Fixes bitcoin#35308
d46735f to
2cf9d79
Compare
|
Removed the test case per @achow101 feedback, the existing BIP32 test vectors provide sufficient coverage and Assert is there to enforce the invariant, not to be tested directly. Updated the commit to only include the Assert in key.cpp. |
BIP32 specifies that the seed must be between 128 and 512 bits (16 to 64 bytes). CExtKey::SetSeed currently accepts any length, which could result in weak master keys being generated.
Add an Assert at the start of SetSeed to enforce the valid seed length range as a programming invariant. The existing BIP32 test vectors already provide sufficient coverage of valid seed lengths.
To test:
Fixes #35308