Ecosystem/cake_wallet
1
0
Fork 0
mirror of https://github.com/cake-tech/cake_wallet.git synced 2024-11-16 17:27:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Secure storage overwrite fix (#1161)

Browse source 
* secure storage overwrite fix

* add comment

* bump encrypt package, use more explicit iv source

---------

Co-authored-by: fossephate <fosse@book.local>
This commit is contained in:
Matthew Fosse 2023-11-15 11:31:25 -06:00 committed by GitHub
parent fdeee8874a
commit 062315f01b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/core/auth_service.dart
View file

@ -38,6 +38,9 @@ class AuthService with Store {
Future<void> setPassword(String password) async {
final key = generateStoreKeyFor(key: SecretStoreKey.pinCodePassword);
final encodedPassword = encodedPinCode(pin: password);
// secure storage has a weird bug on macOS, where overwriting a key doesn't work, unless
// we delete what's there first:
await secureStorage.delete(key: key);
await secureStorage.write(key: key, value: encodedPassword);
}
@ -104,9 +107,8 @@ class AuthService with Store {
}
return;
}
}
}
Navigator.of(context).pushNamed(Routes.auth,
arguments: (bool isAuthenticatedSuccessfully, AuthPageState auth) async {
if (!isAuthenticatedSuccessfully) {
@ -140,8 +142,6 @@ class AuthService with Store {
}
}
}
});
});
}
}

8
lib/entities/encrypt.dart
View file

@ -2,18 +2,18 @@ import 'package:encrypt/encrypt.dart';
// import 'package:password/password.dart';
import 'package:cake_wallet/.secrets.g.dart' as secrets;
String encrypt({required String source, required String key, int keyLength = 16}) {
String encrypt({required String source, required String key}) {
final _key = Key.fromUtf8(key);
final iv = IV.fromLength(keyLength);
final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(_key));
final encrypted = encrypter.encrypt(source, iv: iv);
return encrypted.base64;
}
String decrypt({required String source, required String key, int keyLength = 16}) {
String decrypt({required String source, required String key}) {
final _key = Key.fromUtf8(key);
final iv = IV.fromLength(keyLength);
final iv = IV.allZerosOfLength(16);
final encrypter = Encrypter(AES(_key));
final decrypted = encrypter.decrypt64(source, iv: iv);

2
pubspec_base.yaml
View file

@ -49,7 +49,7 @@ dependencies:
lottie: ^1.3.0
animate_do: ^2.1.0
cupertino_icons: ^1.0.5
encrypt: 5.0.1
encrypt: 5.0.2
crypto: ^3.0.2
# password: ^1.0.0
basic_utils: ^5.6.1