Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Normalize keystore passwords #1972

Closed
wants to merge 7 commits into from
Closed

[Merged by Bors] - Normalize keystore passwords #1972

wants to merge 7 commits into from

Conversation

pawanjay176
Copy link
Member

Issue Addressed

Resolves #1879

Proposed Changes

Do NFKD normalization for keystore passwords.

@pawanjay176
Copy link
Member Author

@kirk-baird with #1928 , we are returning an error if we try encrypting using a password with control chars.
However, eip 2335 says

The C0, C1, and Delete control codes are not valid characters in the password and should therefore be stripped from the password.

This is what the deposit-cli seems to be doing here
https://github.com/ethereum/eth2.0-deposit-cli/blob/ed5a6d33a16bf7ef71a4d541212ab2896c7c0fc0/eth2deposit/key_handling/keystore.py#L116-L123

So if the user entered a password with control characters in the deposit-cli, it seems they would get stripped and fail with the import in lighthouse.

Made c5daab7 to strip the characters instead of throwing an error. Can you please check if I understood the spec correctly here? :)

@kirk-baird
Copy link
Member

Made c5daab7 to strip the characters instead of throwing an error. Can you please check if I understood the spec correctly here? :)

Yep I'm happy with your interpretation to strip away any control characters rather than error.

Thanks for fixing this up! I had a look through is_control() too and it matches exactly the control characters we wish to remove :D

kirk-baird
kirk-baird approved these changes Nov 26, 2020
View reviewed changes
Copy link
Member

@kirk-baird kirk-baird left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy with the changes :)

@pawanjay176 pawanjay176 added the ready-for-review The code is ready for review label Nov 26, 2020
@pawanjay176
Copy link
Member Author

Added normalization to the eth2_keystore instead of normalizing user input. This is in line with the eip 2335 specs.

michaelsproul
michaelsproul reviewed Dec 2, 2020
View reviewed changes
crypto/eth2_keystore/src/keystore.rs

let derived_key = derive_key(&password, &kdf)?;
password.retain(|c| !is_control_character(c));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment at the top of this function

(Errors) if password uses utf-8 control characters.

Is out of date

michaelsproul
michaelsproul requested changes Dec 3, 2020
View reviewed changes
Copy link
Member

@michaelsproul michaelsproul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks really good! Just that one doc comment to fix before merge

crypto/eth2_keystore/src/keystore.rs
/// Returns true if the given char is a UTF-8 control character and false otherwise.
fn is_control_character(c: char) -> bool {
// 0x00 - 0x1F + 0x80 - 0x9F + 0x7F
c.is_control()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having reviewed the control characters listed in UnicodeData.txt I'm satisfied that this is equivalent to the set of control characters claimed (and required by the spec). Nice!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haha just saw Kirk's comment. Oh well, now we've triple checked it

@michaelsproul michaelsproul added waiting-on-author The reviewer has suggested changes and awaits thier implementation. and removed ready-for-review The code is ready for review labels Dec 3, 2020
@michaelsproul michaelsproul added ready-for-merge This PR is ready to merge. and removed waiting-on-author The reviewer has suggested changes and awaits thier implementation. labels Dec 3, 2020
@michaelsproul
Copy link
Member

bors r+

bors bot pushed a commit that referenced this pull request Dec 3, 2020
@pawanjay176
Normalize keystore passwords (#1972)
e135308 
## Issue Addressed

Resolves #1879 

## Proposed Changes

Do NFKD normalization for keystore passwords.
@bors
Copy link

bors bot commented Dec 3, 2020

Pull request successfully merged into unstable.

Build succeeded:

@bors bors bot changed the title Normalize keystore passwords [Merged by Bors] - Normalize keystore passwords Dec 3, 2020
@bors bors bot closed this Dec 3, 2020
@pawanjay176 pawanjay176 deleted the normailze branch June 4, 2021 07:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelsproul michaelsproul michaelsproul approved these changes

@kirk-baird kirk-baird kirk-baird approved these changes

@paulhauner paulhauner Awaiting requested review from paulhauner

Assignees
No one assigned
Labels
ready-for-merge This PR is ready to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pawanjay176 @kirk-baird @michaelsproul