fix: add hidden types and seed words to key manager #4925
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sdbondi
reviewed
Nov 16, 2022
sdbondi
added
P-conflicts
sdbondi
removed
the
P-conflicts
sdbondi
previously approved these changes
Nov 21, 2022
sdbondi
reviewed
Nov 21, 2022
AaronFeickert
requested changes
Nov 21, 2022
| @@ -100,7 +105,8 @@ impl MnemonicLanguage { | |||
| return Err(MnemonicError::UnknownLanguage); | |||
| }, | |||
| Ordering::Greater => { | |||
| for word in words { | |||
| for word_ind in 0..words.len() { | |||
There was a problem hiding this comment.
Is it worth it to have SeedWords implement an iterator that provides word references? Then you don't need to mess around with indexes.
There was a problem hiding this comment.
I would say that it would be nice to have it. But honestly, to implement Iterator one needs to make some lifetime algebra, which adds unnecessary complexity to the SeedWords type. Since these are the only instances in which we need to traverse the SeedWords type, I think it might be not worth the extra complexity. But happy to refactor if you think otherwise :)
There was a problem hiding this comment.
Ah, I hadn't considered that lifetimes would be problematic when writing this. As you say, it's probably not worth it for the two times when it would be used, and the bounds checks are correct as implemented anyway.
sdbondi
approved these changes
Nov 22, 2022
stringhandler
approved these changes
Nov 22, 2022
sdbondi
added a commit
to sdbondi/tari
that referenced
this pull request
Nov 23, 2022
* development: fix: add hidden types and seed words to key manager (tari-project#4925) feat: timestamp validation (tari-project#4887) fix: deleted_txo_mmr_position_to_height_index already exists error (tari-project#4924) feat: add default grpc for localnet (tari-project#4937) first commit (tari-project#4926) v0.40.2 fix(dht): use limited ban period for invalid peer (tari-project#4933) feat: upgrade tari_crypto sign api (tari-project#4932) v0.40.1 chore: fix depreciated timestamp clippy (tari-project#4929) chore: fix naming of ffi functions and comments (tari-project#4930) fix: set wallet start scan height to birthday and not 0 (see issue tari-project#4807) (tari-project#4911) v0.40.0 chore: remove unused methods (tari-project#4922) fix: updates for SafePassword API change (tari-project#4927)
stringhandler
pushed a commit
that referenced
this pull request
Nov 30, 2022
Description --- The goal of this PR is to zeroize sensitive data content across the Tari repo. We pay special attention to kdf key data and other occurrences of sensitive data. For more details, we refer to issue #4846. Moreover, this PR is a companion to #4953 and #4925 Motivation and Context --- Tackle issue #4846. How Has This Been Tested? ---
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
We refactor the
key_managercrate so that hides sensitive data such as mnemonics, encryption and mac keys, etc.Motivation and Context
Tackle issue #4861 and a portion of #4846.
Fixes #4861
How Has This Been Tested?
Add unit tests for
SeedWords. Also generated need wallet with visible seed words, to the user.