diff options
-rw-r--r-- | crypto/key_store_passphrase.go | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/crypto/key_store_passphrase.go b/crypto/key_store_passphrase.go index 1e8d5509b..2700b0f1c 100644 --- a/crypto/key_store_passphrase.go +++ b/crypto/key_store_passphrase.go @@ -34,7 +34,6 @@ import ( "errors" "fmt" "io" - "reflect" "github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/crypto/randentropy" @@ -157,8 +156,7 @@ func DecryptKey(keyjson []byte, auth string) (*Key, error) { keyBytes, keyId []byte err error ) - v := reflect.ValueOf(m["version"]) - if v.Kind() == reflect.String && v.String() == "1" { + if version, ok := m["version"].(string); ok && version == "1" { k := new(encryptedKeyJSONV1) if err := json.Unmarshal(keyjson, k); err != nil { return nil, err @@ -183,12 +181,21 @@ func DecryptKey(keyjson []byte, auth string) (*Key, error) { }, nil } -func decryptKeyFromFile(keysDirPath string, keyAddr common.Address, auth string) (key *Key, err error) { +func decryptKeyFromFile(keysDirPath string, keyAddr common.Address, auth string) (*Key, error) { + // Load the key from the keystore and decrypt its contents keyjson, err := getKeyFile(keysDirPath, keyAddr) if err != nil { return nil, err } - return DecryptKey(keyjson, auth) + key, err := DecryptKey(keyjson, auth) + if err != nil { + return nil, err + } + // Make sure we're really operating on the requested key (no swap attacks) + if keyAddr != key.Address { + return nil, fmt.Errorf("key content mismatch: have account %x, want %x", key.Address, keyAddr) + } + return key, nil } func decryptKeyV3(keyProtected *encryptedKeyJSONV3, auth string) (keyBytes []byte, keyId []byte, err error) { |