Merge branch 'develop' into 308/did-document-update

jolocom · Aug 7, 2019 · 8a978cf · 8a978cf
2 parents 8c10162 + 2bc2fda
commit 8a978cf
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 19 deletions.
diff --git a/tests/vaultedKeyProvider/softwareProvider.test.ts b/tests/vaultedKeyProvider/softwareProvider.test.ts
@@ -33,26 +33,49 @@ describe('Software Vaulted Key Provider', () => {
   )
 
   describe('static fromSeed', () => {
+    it('Should instantiated with all accepted seed lengths', () => {
+      const { encryptionPass: pass } = keyDerivationArgs
+
+      /** Helper function to save on typing */
+      const testFromSeedAndMnemonic = (seedLength, seedPhraseLength) => {
+        const provider = SoftwareKeyProvider.fromSeed(
+          Buffer.from('a'.repeat(seedLength)),
+          pass,
+        )
+
+        expect(provider.getMnemonic(pass).split(' ').length).to.eq(
+          seedPhraseLength,
+        )
+      }
+
+      testFromSeedAndMnemonic(16, 12)
+      testFromSeedAndMnemonic(20, 15)
+      testFromSeedAndMnemonic(24, 18)
+      testFromSeedAndMnemonic(28, 21)
+      testFromSeedAndMnemonic(32, 24)
+    })
+
     it('Should fail to instantiate if entropy too short', () => {
-      expect(() => SoftwareKeyProvider.fromSeed(
-        Buffer.from('a'),
-        keyDerivationArgs.encryptionPass,
-      )).to.throw()
+      expect(() =>
+        SoftwareKeyProvider.fromSeed(
+          Buffer.from('a'),
+          keyDerivationArgs.encryptionPass,
+        ),
+      ).to.throw()
     })
 
     it('Should fail to instantiate if entropy too long', () => {
       const longEntropy = Buffer.concat([testSeed, testSeed, testSeed])
-      expect(() => SoftwareKeyProvider.fromSeed(
-        longEntropy,
-        keyDerivationArgs.encryptionPass,
-      )).to.throw()
+      expect(() =>
+        SoftwareKeyProvider.fromSeed(
+          longEntropy,
+          keyDerivationArgs.encryptionPass,
+        ),
+      ).to.throw()
     })
 
     it('Should fail to instantiate if password is empty', () => {
-      expect(() => SoftwareKeyProvider.fromSeed(
-        testSeed,
-        ''
-      )).to.throw()
+      expect(() => SoftwareKeyProvider.fromSeed(testSeed, '')).to.throw()
     })
   })
 
@@ -118,11 +141,15 @@ describe('Software Vaulted Key Provider', () => {
     const pubKey = vault.getPublicKey(keyDerivationArgs)
 
     it('Should correctly validate signature given digest signature, and public key', () => {
-      expect(SoftwareKeyProvider.verify(msgToSign, pubKey, msgSignature)).to.eq(true)
+      expect(SoftwareKeyProvider.verify(msgToSign, pubKey, msgSignature)).to.eq(
+        true,
+      )
     })
 
     it('Should correctly detect invalid signature', () => {
-      expect(SoftwareKeyProvider.verify(msgToSign, pubKey, incorrectSignature)).to.eq(false)
+      expect(
+        SoftwareKeyProvider.verify(msgToSign, pubKey, incorrectSignature),
+      ).to.eq(false)
     })
 
     it('Should throw given invalid input', () => {

diff --git a/ts/vaultedKeyProvider/softwareProvider.ts b/ts/vaultedKeyProvider/softwareProvider.ts
@@ -10,9 +10,29 @@ const ALG = 'aes-256-cbc'
 
 /** @dev length in bytes */
 const PASSWORD_LENGTH = 32
-const CIPHERTEXT_LENGTH = 48
+const PADDING_LENGTH = 16
+const MIN_SEED_LENGTH = 16
+const MAX_SEED_LENGTH = 32
+
 const IV_LENGTH = 16
-const ENCRYPTED_SEED_LENGTH = IV_LENGTH + CIPHERTEXT_LENGTH
+const MIN_ENCRYPTED_SEED_LENGTH = IV_LENGTH + MIN_SEED_LENGTH + PADDING_LENGTH
+const MAX_ENCRYPTED_SEED_LENGTH = IV_LENGTH + MAX_SEED_LENGTH + PADDING_LENGTH
+
+/**
+ * Ensure the encrypted seed is of the correct length (for generating BIP39 seed phrases)
+ * @param encryptedSeed - aes256-cbc encrypted seed
+ */
+
+function isEncryptedSeedLengthValid(encryptedSeed: Buffer): Boolean {
+  const { length } = encryptedSeed
+
+  const inBounds =
+    length >= MIN_ENCRYPTED_SEED_LENGTH && length <= MAX_ENCRYPTED_SEED_LENGTH
+
+  const multipleOfFour = length % 4 === 0
+
+  return inBounds && multipleOfFour
+}
 
 export class SoftwareKeyProvider implements IVaultedKeyProvider {
   private readonly _encryptedSeed: Buffer
@@ -24,11 +44,11 @@ export class SoftwareKeyProvider implements IVaultedKeyProvider {
    */
 
   public constructor(encryptedSeed: Buffer) {
-    if (encryptedSeed.length !== ENCRYPTED_SEED_LENGTH) {
+    if (!isEncryptedSeedLengthValid(encryptedSeed)) {
       throw new Error(
-        `Expected encrypted seed to be ${ENCRYPTED_SEED_LENGTH} bytes long (${IV_LENGTH} IV + ${CIPHERTEXT_LENGTH} ciphertext), got ${
+        `Expected encrypted seed to be between ${MIN_ENCRYPTED_SEED_LENGTH} and ${MAX_ENCRYPTED_SEED_LENGTH} bytes long. Got ${
           encryptedSeed.length
-        }`,
+        }.`,
       )
     }