From: ThomasV Date: Sun, 6 Jan 2013 08:41:06 +0000 (+0100) Subject: fix bug with undetected incorrect password that can damage wallet X-Git-Url: https://git.novaco.in/?p=electrum-nvc.git;a=commitdiff_plain;h=04322b7cc91b8fd213e2a1c5e1ab447edb32fa77 fix bug with undetected incorrect password that can damage wallet --- diff --git a/electrum b/electrum index 1489345..9ee2d1d 100755 --- a/electrum +++ b/electrum @@ -388,7 +388,7 @@ if __name__ == '__main__': exit(1) # check password try: - wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: print_msg("Error: This password does not decode this wallet.") exit(1) @@ -419,7 +419,6 @@ if __name__ == '__main__': print_msg(known_commands[cmd2]) elif cmd == 'seed': - seed = wallet.pw_decode( wallet.seed, password) print_msg(seed + ' "' + ' '.join(mnemonic_encode(seed)) + '"') elif cmd == 'deseed': @@ -622,11 +621,6 @@ if __name__ == '__main__': print_msg(h) elif cmd == 'password': - try: - seed = wallet.pw_decode( wallet.seed, password) - except ValueError: - sys.exit("Error: Password does not decrypt this wallet.") - new_password = prompt_password('New password:') wallet.update_password(seed, password, new_password) diff --git a/lib/gui.py b/lib/gui.py index ab25ec2..766ac81 100644 --- a/lib/gui.py +++ b/lib/gui.py @@ -65,7 +65,7 @@ def show_seed_dialog(wallet, password, parent): show_message("No seed") return try: - seed = wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: show_message("Incorrect password") return @@ -477,7 +477,7 @@ def change_password_dialog(wallet, parent, icon): return try: - seed = wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: show_message("Incorrect password") return diff --git a/lib/gui_android.py b/lib/gui_android.py index aee85d5..77832f5 100644 --- a/lib/gui_android.py +++ b/lib/gui_android.py @@ -709,7 +709,7 @@ def seed_dialog(): password = None try: - seed = wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: modal_dialog('error','incorrect password') return @@ -725,7 +725,7 @@ def change_password_dialog(): password = None try: - seed = wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: modal_dialog('error','incorrect password') return diff --git a/lib/gui_qt.py b/lib/gui_qt.py index 1d8c419..2afea6b 100644 --- a/lib/gui_qt.py +++ b/lib/gui_qt.py @@ -1170,10 +1170,9 @@ class ElectrumWindow(QMainWindow): password = None try: - seed = wallet.pw_decode(wallet.seed, password) + seed = wallet.decode_seed(password) except: - QMessageBox.warning(parent, _('Error'), - _('Incorrect Password'), _('OK')) + QMessageBox.warning(parent, _('Error'), _('Incorrect Password'), _('OK')) return dialog = QDialog(None) @@ -1454,7 +1453,7 @@ class ElectrumWindow(QMainWindow): new_password2 = unicode(conf_pw.text()) try: - seed = wallet.pw_decode( wallet.seed, password) + seed = wallet.decode_seed(password) except: QMessageBox.warning(parent, _('Error'), _('Incorrect Password'), _('OK')) return diff --git a/lib/wallet.py b/lib/wallet.py index 5824866..e5583df 100644 --- a/lib/wallet.py +++ b/lib/wallet.py @@ -115,7 +115,7 @@ class Wallet: def import_key(self, sec, password): # try password try: - seed = self.pw_decode( self.seed, password) + seed = self.decode_seed(password) except: raise BaseException("Invalid password") @@ -194,7 +194,6 @@ class Wallet: if address in self.imported_keys.keys(): sec = self.pw_decode( self.imported_keys[address], password ) if not sec: return None, None - pkey = regenerate_key(sec) compressed = is_compressed(sec) secexp = pkey.secret @@ -208,14 +207,19 @@ class Wallet: for_change = True else: raise BaseException("unknown address") - try: - seed = self.pw_decode( self.seed, password) - except: - raise BaseException("Invalid password") + + seed = self.pw_decode( self.seed, password) if not seed: return None secexp = self.stretch_key(seed) secexp = ( secexp + self.get_sequence(n,for_change) ) % order compressed = False + pkey = EC_KEY(secexp) + + public_key = GetPubKey(pkey, compressed) + addr = public_key_to_bc_address(public_key) + if addr != address: + print_error('Invalid password with correct decoding') + raise BaseException('Invalid password') return secexp, compressed @@ -636,16 +640,21 @@ class Wallet: def pw_decode(self, s, password): if password is not None: secret = Hash(password) - d = DecodeAES(secret, s) - if s == self.seed: - try: - d.decode('hex') - except: - raise ValueError("Invalid password") + try: + d = DecodeAES(secret, s) + except: + raise BaseException('Invalid password') return d else: return s + def decode_seed(self, password): + # test password on an address + addr = self.all_addresses()[0] + self.get_private_key(addr, password) + # return seed + return self.pw_decode(self.seed, password) + def get_history(self, address): with self.lock: