[EOSIO/eos] Require wallet password when revealing private keys (#3629)

spoonincode commented on this pull request.

> @@ -327,6 +327,16 @@ void wallet_api::unlock(string password)
} EOS_RETHROW_EXCEPTIONS(chain::wallet_invalid_password_exception,
«Invalid password for wallet: «${wallet_name}»», («wallet_name», get_wallet_filename())) }

+void wallet_api::check_password(string password)
+{ try {
+ FC_ASSERT(password.size() > 0);
+ auto pw = fc::sha512::hash(password.c_str(), password.size());
+ vector decrypted = fc::aes_decrypt(pw, my->_wallet.cipher_keys);
+ auto pk = fc::raw::unpack(decrypted);
+ FC_ASSERT(pk.checksum == pw);
+} EOS_RETHROW_EXCEPTIONS(chain::wallet_invalid_password_exception,
+ «Invalid password for wallet: «${wallet_name}»», («wallet_name», get_wallet_filename())) }
+

I thought about that too but my concern is if I call `unlock()` on an already unlocked wallet. That will replace `_keys` with the decrypted keys. What if `_keys` has new keys that have not been written out to `cipher_keys` yet? Seems like I could potentially lose unsaved keys that way. I was a little surprised that `import_key()` for example doesn’t save the wallet — so `_keys` in that case will have contents that don’t exist in `chiper_keys` until `encrypt_keys()` is called.

Basically I couldn’t convince myself of the safety here.

Добавить комментарий