improve(hd-wallet): verify that the derivation path template includes…

… <index> (#2168)
kadena-community · May 24, 2024 · b916ea4 · b916ea4
1 parent 4b8c2bc
commit b916ea4
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 0 deletions.
diff --git a/.changeset/pretty-crabs-jog.md b/.changeset/pretty-crabs-jog.md
@@ -0,0 +1,5 @@
+---
+"@kadena/hd-wallet": patch
+---
+
+Verify that the derivation path template includes `<index>`
diff --git a/packages/libs/hd-wallet/src/SLIP10/kadenaGenKeypairFromSeed.ts b/packages/libs/hd-wallet/src/SLIP10/kadenaGenKeypairFromSeed.ts
@@ -1,6 +1,7 @@
 import type { BinaryLike } from '../utils/crypto.js';
 import type { EncryptedString } from '../utils/kadenaEncryption.js';
 import { kadenaDecrypt, kadenaEncrypt } from '../utils/kadenaEncryption.js';
+import { isDerivationPathTemplateValid } from './utils/isDerivationPathTemplateValid.js';
 import { deriveKeyPair } from './utils/sign.js';
 
 async function genKeypairFromSeed(
@@ -9,6 +10,9 @@ async function genKeypairFromSeed(
   index: number,
   derivationPathTemplate: string,
 ): Promise<[string, EncryptedString]> {
+  if (!isDerivationPathTemplateValid(derivationPathTemplate)) {
+    throw new Error('Invalid derivation path template.');
+  }
   const derivationPath = derivationPathTemplate.replace(
     '<index>',
     index.toString(),
@@ -66,6 +70,10 @@ export async function kadenaGenKeypairFromSeed(
     throw new Error('NO_SEED: No seed provided.');
   }
 
+  if (!isDerivationPathTemplateValid(derivationPathTemplate)) {
+    throw new Error('Invalid derivation path template.');
+  }
+
   const seedBuffer = await kadenaDecrypt(password, seed);
 
   if (typeof indexOrRange === 'number') {

diff --git a/packages/libs/hd-wallet/src/SLIP10/kadenaGetPublic.ts b/packages/libs/hd-wallet/src/SLIP10/kadenaGetPublic.ts
@@ -1,12 +1,17 @@
 import type { BinaryLike } from '../utils/crypto.js';
 import { kadenaDecrypt } from '../utils/kadenaEncryption.js';
+import { isDerivationPathTemplateValid } from './utils/isDerivationPathTemplateValid.js';
 import { deriveKeyPair } from './utils/sign.js';
 
 function genPublicKeyFromSeed(
   seedBuffer: Uint8Array,
   index: number,
   derivationPathTemplate: string,
 ): string {
+  if (!isDerivationPathTemplateValid(derivationPathTemplate)) {
+    throw new Error('Invalid derivation path template.');
+  }
+
   const derivationPath = derivationPathTemplate.replace(
     '<index>',
     index.toString(),

diff --git a/packages/libs/hd-wallet/src/SLIP10/kadenaSign.ts b/packages/libs/hd-wallet/src/SLIP10/kadenaSign.ts
@@ -2,6 +2,7 @@ import { verifySig } from '@kadena/cryptography-utils';
 import type { BinaryLike } from '../utils/crypto.js';
 import type { EncryptedString } from '../utils/kadenaEncryption.js';
 import { kadenaDecrypt } from '../utils/kadenaEncryption.js';
+import { isDerivationPathTemplateValid } from './utils/isDerivationPathTemplateValid.js';
 import type { ISignatureWithPublicKey } from './utils/sign.js';
 import { signWithKeyPair, signWithSeed } from './utils/sign.js';
 
@@ -63,6 +64,9 @@ export function kadenaSignWithSeed(
   decryptedSeed.catch(() => {
     console.error('Could not decrypt private key');
   });
+  if (!isDerivationPathTemplateValid(derivationPathTemplate)) {
+    throw new Error('Invalid derivation path template.');
+  }
   if (typeof index === 'number') {
     return async (hash: string) =>
       signWithSeed(

diff --git a/packages/libs/hd-wallet/src/SLIP10/utils/isDerivationPathTemplateValid.ts b/packages/libs/hd-wallet/src/SLIP10/utils/isDerivationPathTemplateValid.ts
@@ -0,0 +1,8 @@
+export function isDerivationPathTemplateValid(
+  derivationPathTemplate: string,
+): boolean {
+  return (
+    typeof derivationPathTemplate === 'string' &&
+    derivationPathTemplate.includes('<index>')
+  );
+}
diff --git a/packages/libs/hd-wallet/src/SLIP10/utils/tests/isDerivationPathTemplateValid.test.ts b/packages/libs/hd-wallet/src/SLIP10/utils/tests/isDerivationPathTemplateValid.test.ts
@@ -0,0 +1,17 @@
+import { describe, expect, it } from 'vitest';
+import { isDerivationPathTemplateValid } from '../isDerivationPathTemplateValid.js';
+
+describe('isDerivationPathTemplateValid', () => {
+  it("should return true if derivationPathTemplate is a string and includes '<index>'", () => {
+    expect(isDerivationPathTemplateValid("m'/44'/626'/<index>'")).toBe(true);
+  });
+  it('should return false if derivationPathTemplate is not a string', () => {
+    expect(isDerivationPathTemplateValid(123 as unknown as string)).toBe(false);
+  });
+  it("should return false if derivationPathTemplate does not include '<index>'", () => {
+    expect(isDerivationPathTemplateValid("m'/44'/626'/index'")).toBe(false);
+  });
+  it('returns false if derivationPathTemplate is an empty string', () => {
+    expect(isDerivationPathTemplateValid('')).toBe(false);
+  });
+});