[GH-#84] Introducing key lenght check verification

HristianHristov · HristianHristov · commit 805dc108e5bc · 2017-10-31T13:06:09.000+02:00
diff --git a/apps/aecore/lib/aecore/keys/worker.ex b/apps/aecore/lib/aecore/keys/worker.ex
@@ -9,6 +9,7 @@ defmodule Aecore.Keys.Worker do
 
   @filename_pub "key.pub"
   @filename_priv "key"
+  @pub_key_length 65
 
   def start_link() do
     GenServer.start_link(
@@ -123,19 +124,23 @@ defmodule Aecore.Keys.Worker do
       0
     }
   end
-
   def handle_call(
         {:verify, {term, signature, pub_key}},
         _from,
         %{algo: algo, digest: digest, curve: curve} = state
       ) do
-    result =
-      :crypto.verify(algo, digest, :erlang.term_to_binary(term), signature, [
-        pub_key,
-        :crypto.ec_curve(curve)
-      ])
+    case is_valid_pub_key(pub_key) do
+      true ->
+        result =
+          :crypto.verify(algo, digest, :erlang.term_to_binary(term), signature, [
+                pub_key,
+                :crypto.ec_curve(curve)
+              ])
 
-    {:reply, result, state}
+        {:reply, result, state}
+      false ->
+        {:reply, {:error, "Key length is not valid!"}, state}
+    end
   end
 
   def handle_call(
@@ -294,6 +299,12 @@ defmodule Aecore.Keys.Worker do
     pub
   end
 
+  defp is_valid_pub_key(pub_key_str) do
+    pub_key_str
+    |> Base.decode16!()
+    |> byte_size() == @pub_key_length
+  end
+
   defp padding128(bin) do
     pad0 = 128 - :erlang.size(bin)
     pad1 = pad0 * 8
diff --git a/apps/aecore/test/aecore_keys_test.exs b/apps/aecore/test/aecore_keys_test.exs
@@ -22,4 +22,17 @@ defmodule AecoreKeysTest do
     {:ok, to_account} = Keys.pubkey()
     assert {:ok, _} = Keys.sign_tx(to_account, 5, Map.get(Chain.chain_state, to_account, %{nonce: 0}).nonce + 1)
   end
+
+  test "check pubkey length" do
+    pub_key_str = "041A470AE9831B61D9951A10D49663419CE087DF1BD7DB06578971767F032D389CB283AD4DD4E3532F3A5F3C89B006092CB6CECE39CAC3B06C2CB6DF8B51C73675"
+
+    assert false  == Keys.verify("", "", pub_key_str)
+  end
+
+  test "wrong key verification" do
+    pub_key_str = "041A470AE9831B61D9951A10D49663419CE087DF1BD7DB06578971767F032D389CB283AD4DD4E3"
+
+    assert {:error, _} = Keys.verify("", "", pub_key_str)
+  end
+
 end
