android-apps-mirrors/CakeWallet
0
0
Fork 0
mirror of https://github.com/cake-tech/cake_wallet.git synced 2025-06-28 20:39:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Secure storage overwrite fix (#1161)

Browse source 
* secure storage overwrite fix

* add comment

* bump encrypt package, use more explicit iv source

---------

Co-authored-by: fossephate <fosse@book.local>
This commit is contained in:
Matthew Fosse 2023-11-15 11:31:25 -06:00 committed by GitHub
parent fdeee8874a
commit 062315f01b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/core/auth_service.dart
View file

@ -38,6 +38,9 @@ class AuthService with Store {
Future<void> setPassword(String password) async { Future<void> setPassword(String password) async {
final key = generateStoreKeyFor(key: SecretStoreKey.pinCodePassword); final key = generateStoreKeyFor(key: SecretStoreKey.pinCodePassword);
final encodedPassword = encodedPinCode(pin: password); final encodedPassword = encodedPinCode(pin: password);
// secure storage has a weird bug on macOS, where overwriting a key doesn't work, unless
// we delete what's there first:
await secureStorage.delete(key: key);
await secureStorage.write(key: key, value: encodedPassword); await secureStorage.write(key: key, value: encodedPassword);
} }
@ -104,8 +107,7 @@ class AuthService with Store {
} }
return; return;
} }
} }
Navigator.of(context).pushNamed(Routes.auth, Navigator.of(context).pushNamed(Routes.auth,
arguments: (bool isAuthenticatedSuccessfully, AuthPageState auth) async { arguments: (bool isAuthenticatedSuccessfully, AuthPageState auth) async {
@ -140,8 +142,6 @@ class AuthService with Store {
} }
} }
} }
});
});
} }
} }

8
lib/entities/encrypt.dart
View file

@ -2,18 +2,18 @@ import 'package:encrypt/encrypt.dart';
// import 'package:password/password.dart'; // import 'package:password/password.dart';
import 'package:cake_wallet/.secrets.g.dart' as secrets; import 'package:cake_wallet/.secrets.g.dart' as secrets;
String encrypt({required String source, required String key, int keyLength = 16}) { String encrypt({required String source, required String key}) {
final _key = Key.fromUtf8(key); final _key = Key.fromUtf8(key);
final iv = IV.fromLength(keyLength); final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(_key)); final encrypter = Encrypter(AES(_key));
final encrypted = encrypter.encrypt(source, iv: iv); final encrypted = encrypter.encrypt(source, iv: iv);
return encrypted.base64; return encrypted.base64;
} }
String decrypt({required String source, required String key, int keyLength = 16}) { String decrypt({required String source, required String key}) {
final _key = Key.fromUtf8(key); final _key = Key.fromUtf8(key);
final iv = IV.fromLength(keyLength); final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(_key)); final encrypter = Encrypter(AES(_key));
final decrypted = encrypter.decrypt64(source, iv: iv); final decrypted = encrypter.decrypt64(source, iv: iv);

2
pubspec_base.yaml
View file

@ -49,7 +49,7 @@ dependencies:
lottie: ^1.3.0 lottie: ^1.3.0
animate_do: ^2.1.0 animate_do: ^2.1.0
cupertino_icons: ^1.0.5 cupertino_icons: ^1.0.5
encrypt: 5.0.1 encrypt: 5.0.2
crypto: ^3.0.2 crypto: ^3.0.2
# password: ^1.0.0 # password: ^1.0.0
basic_utils: ^5.6.1 basic_utils: ^5.6.1