🌱 Add validation to decrypt passphrase

Closes #688
LiskArchive · Jul 13, 2018 · 018b4de · 018b4de
1 parent 83de8e8
commit 018b4de
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 5 deletions.
diff --git a/packages/lisk-cryptography/src/encrypt.js b/packages/lisk-cryptography/src/encrypt.js
@@ -133,10 +133,33 @@ const getTagBuffer = tag => {
 	return tagBuffer;
 };
 
-const decryptAES256GCMWithPassword = (
-	{ iterations = PBKDF2_ITERATIONS, cipherText, iv, salt, tag },
-	password,
-) => {
+const validateEncryptedPassphrase = ({ cipherText, iv, salt, tag }) => {
+	const requiredProperties = [
+		[cipherText, 'Cipher text'],
+		[iv, 'IV'],
+		[salt, 'Salt'],
+		[tag, 'Tag'],
+	];
+
+	requiredProperties.forEach(([property, propertyName]) => {
+		try {
+			hexToBuffer(property);
+		} catch (error) {
+			throw new Error(`${propertyName} must be a valid hex string.`);
+		}
+	});
+};
+
+const decryptAES256GCMWithPassword = (encryptedPassphrase, password) => {
+	validateEncryptedPassphrase(encryptedPassphrase);
+	const {
+		iterations = PBKDF2_ITERATIONS,
+		cipherText,
+		iv,
+		salt,
+		tag,
+	} = encryptedPassphrase;
+
 	const tagBuffer = getTagBuffer(tag);
 	const key = getKeyFromPassword(password, hexToBuffer(salt), iterations);
 

diff --git a/packages/lisk-cryptography/test/encrypt.js b/packages/lisk-cryptography/test/encrypt.js
@@ -264,6 +264,50 @@ describe('encrypt', () => {
 				return expect(decrypted).to.be.equal(defaultPassphrase);
 			});
 
+			it('should inform the user if cipherText is missing', () => {
+				delete encryptedPassphrase.cipherText;
+				return expect(
+					decryptPassphraseWithPassword.bind(
+						null,
+						encryptedPassphrase,
+						defaultPassword,
+					),
+				).to.throw('Cipher text must be a valid hex string.');
+			});
+
+			it('should inform the user if iv is missing', () => {
+				delete encryptedPassphrase.iv;
+				return expect(
+					decryptPassphraseWithPassword.bind(
+						null,
+						encryptedPassphrase,
+						defaultPassword,
+					),
+				).to.throw('IV must be a valid hex string.');
+			});
+
+			it('should inform the user if salt is missing', () => {
+				delete encryptedPassphrase.salt;
+				return expect(
+					decryptPassphraseWithPassword.bind(
+						null,
+						encryptedPassphrase,
+						defaultPassword,
+					),
+				).to.throw('Salt must be a valid hex string.');
+			});
+
+			it('should inform the user if tag is missing', () => {
+				delete encryptedPassphrase.tag;
+				return expect(
+					decryptPassphraseWithPassword.bind(
+						null,
+						encryptedPassphrase,
+						defaultPassword,
+					),
+				).to.throw('Tag must be a valid hex string.');
+			});
+
 			it('should inform the user if the salt has been altered', () => {
 				encryptedPassphrase.salt = `00${encryptedPassphrase.salt.slice(2)}`;
 				return expect(
@@ -294,7 +338,7 @@ describe('encrypt', () => {
 						encryptedPassphrase,
 						defaultPassword,
 					),
-				).to.throw('Argument must be a valid hex string.');
+				).to.throw('Tag must be a valid hex string.');
 			});
 
 			it('should inform the user if the tag has been altered', () => {