Throw error on invalid backup key

giahuy98 · giahuy98 · commit 08f96660c730 · 2025-02-17T22:25:32.000+07:00
diff --git a/contrib/bitcoin-core/src/util/strencodings.cpp b/contrib/bitcoin-core/src/util/strencodings.cpp
@@ -82,6 +82,29 @@ bool IsHexNumber(const std::string& str)
     return (str.size() > starting_location);
 }
 
+template <typename Byte>
+std::optional<std::vector<Byte>> TryParseHex(std::string_view str)
+{
+    std::vector<Byte> vch;
+    vch.reserve(str.size() / 2); // two hex characters form a single byte
+
+    auto it = str.begin();
+    while (it != str.end()) {
+        if (IsSpace(*it)) {
+            ++it;
+            continue;
+        }
+        auto c1 = HexDigit(*(it++));
+        if (it == str.end()) return std::nullopt;
+        auto c2 = HexDigit(*(it++));
+        if (c1 < 0 || c2 < 0) return std::nullopt;
+        vch.push_back(Byte(c1 << 4) | Byte(c2));
+    }
+    return vch;
+}
+template std::optional<std::vector<std::byte>> TryParseHex(std::string_view);
+template std::optional<std::vector<uint8_t>> TryParseHex(std::string_view);
+
 std::vector<unsigned char> ParseHex(const char* psz)
 {
     // convert hex dump to vector
diff --git a/contrib/bitcoin-core/src/util/strencodings.h b/contrib/bitcoin-core/src/util/strencodings.h
@@ -14,6 +14,7 @@
 
 #include <cstdint>
 #include <iterator>
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -37,6 +38,9 @@ enum SafeChars
 std::string SanitizeString(const std::string& str, int rule = SAFE_CHARS_DEFAULT);
 std::vector<unsigned char> ParseHex(const char* psz);
 std::vector<unsigned char> ParseHex(const std::string& str);
+/** Parse the hex string into bytes (uint8_t or std::byte). Ignores whitespace. Returns nullopt on invalid input. */
+template <typename Byte = std::byte>
+std::optional<std::vector<Byte>> TryParseHex(std::string_view str);
 signed char HexDigit(char c);
 /* Returns true if each character in str is a hex character, and has an even
  * number of hex digits.*/
diff --git a/src/hwi_tapsigner.cpp b/src/hwi_tapsigner.cpp
@@ -2,6 +2,7 @@
 #include <cctype>
 #include <iostream>
 #include <memory>
+#include <optional>
 #include <string>
 #include <vector>
 #include <psbt.h>
@@ -497,12 +498,12 @@ std::string HWITapsignerImpl::DecryptBackup(const Bytes &encrypted_data,
   static constexpr unsigned char xprv[] = {'x', 'p', 'r', 'v'};
   static constexpr unsigned char tprv[] = {'t', 'p', 'r', 'v'};
 
-  const auto backup_key_bytes = ParseHex(backup_key);
-  if (backup_key_bytes.size() != 16) {
+  const auto opt_key_bytes = TryParseHex<unsigned char>(backup_key);
+  if (!opt_key_bytes || opt_key_bytes->size() != 16) {
     throw TapProtoException(TapProtoException::INVALID_BACKUP_KEY,
                             "Invalid backup key");
   }
-  Bytes decrypted = AES128CTRDecrypt(encrypted_data, backup_key_bytes);
+  Bytes decrypted = AES128CTRDecrypt(encrypted_data, *opt_key_bytes);
 
   if (decrypted.size() < std::size(xprv)) {
     throw TapProtoException(TapProtoException::INVALID_BACKUP_KEY,
