From 1f7be6c7d5f1cdfda58617b212630575066e5496 Mon Sep 17 00:00:00 2001 From: Craig Raw Date: Thu, 6 Aug 2020 10:28:20 +0200 Subject: [PATCH] store passphrase in memory as securestring --- .../drongo/wallet/DeterministicSeed.java | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/sparrowwallet/drongo/wallet/DeterministicSeed.java b/src/main/java/com/sparrowwallet/drongo/wallet/DeterministicSeed.java index 1e4c3f6..3dbb34a 100644 --- a/src/main/java/com/sparrowwallet/drongo/wallet/DeterministicSeed.java +++ b/src/main/java/com/sparrowwallet/drongo/wallet/DeterministicSeed.java @@ -18,7 +18,7 @@ public class DeterministicSeed implements EncryptableItem { private long creationTimeSeconds; //Session only storage - private transient String passphrase; + private transient SecureString passphrase; public DeterministicSeed(CharSequence mnemonicString, String passphrase, long creationTimeSeconds, Type type) { this(decodeMnemonicCode(mnemonicString), passphrase, creationTimeSeconds, type); @@ -26,7 +26,7 @@ public class DeterministicSeed implements EncryptableItem { public DeterministicSeed(List mnemonic, String passphrase, long creationTimeSeconds, Type type) { this(mnemonic, needsPassphrase(passphrase), creationTimeSeconds, type); - this.passphrase = passphrase; + this.passphrase = (passphrase == null ? null : new SecureString(passphrase)); } public DeterministicSeed(List mnemonic, boolean needsPassphrase, long creationTimeSeconds, Type type) { @@ -84,11 +84,12 @@ public class DeterministicSeed implements EncryptableItem { } this.encryptedMnemonicCode = null; this.needsPassphrase = needsPassphrase(passphrase); + this.passphrase = new SecureString(passphrase); this.creationTimeSeconds = creationTimeSeconds; this.type = Type.BIP39; } - public static boolean needsPassphrase(String passphrase) { + private static boolean needsPassphrase(String passphrase) { return passphrase != null && !passphrase.isEmpty(); } @@ -96,14 +97,18 @@ public class DeterministicSeed implements EncryptableItem { return needsPassphrase; } - public String getPassphrase() { + public SecureString getPassphrase() { return passphrase; } - public void setPassphrase(String passphrase) { + public void setPassphrase(SecureString passphrase) { this.passphrase = passphrase; } + public void setPassphrase(String passphrase) { + this.passphrase = new SecureString(passphrase); + } + private static byte[] getEntropy(SecureRandom random, int bits) { if(bits > MAX_SEED_ENTROPY_BITS) { throw new IllegalArgumentException("Requested entropy size too large"); @@ -139,7 +144,7 @@ public class DeterministicSeed implements EncryptableItem { throw new MnemonicException("Passphrase required but not provided"); } - return type.toSeed(mnemonicCode, passphrase); + return type.toSeed(mnemonicCode, passphrase == null ? null : passphrase.asString()); } @Override @@ -266,7 +271,7 @@ public class DeterministicSeed implements EncryptableItem { mnemonicCode.clear(); } if(passphrase != null) { - passphrase = ""; + passphrase = new SecureString(""); } }