Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decodeAddress now verifies the checksum (fixes #262) #269

Merged
merged 2 commits into from
Jan 25, 2021
Merged

decodeAddress now verifies the checksum (fixes #262) #269

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fb5fd31
fixes #262 (decodeAddress now verifies the checksum);
Neurone Jan 21, 2021
b65138f
added explicit exception for invalid checksum
Neurone Jan 23, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ Include this line in your HTML.

To build a new version of the library for browsers, run:
```bash
npm build
npm run build
```

### Testing
Expand Down
28 changes: 13 additions & 15 deletions src/encoding/address.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,28 +17,18 @@ const INVALID_MSIG_PK = new Error("bad multisig public key - wrong length");
const UNEXPECTED_PK_LEN = new Error("nacl public key length is not 32 bytes");

/**
* isValidAddress takes an Algorand address and checks if valid.
* @param address Algorand address
* isValidAddress checks if a string is a valid Algorand address.
* @param {string} address an Algorand address with checksum.
* @returns {boolean} true if valid, false otherwise
*/
function isValidAddress(address) {
if (typeof address !== "string") return false;

if (address.length !== ALGORAND_ADDRESS_LENGTH) return false;

// Try to decode
let decoded;
try {
decoded = decodeAddress(address);
decodeAddress(address);
} catch (e) {
return false;
}

// Compute checksum
let checksum = nacl.genericHash(decoded.publicKey).slice(nacl.HASH_BYTES_LENGTH - ALGORAND_CHECKSUM_BYTE_LENGTH,nacl.HASH_BYTES_LENGTH);

// Check if the checksum and the address are equal
return utils.arrayEqual(checksum, decoded.checksum);
return true;
}

/**
Expand All @@ -47,17 +37,25 @@ function isValidAddress(address) {
* @returns {{publicKey: Uint8Array, checksum: Uint8Array}} the decoded form of the address's public key and checksum
*/
function decodeAddress(address) {
if (!(typeof address === "string" || address instanceof String)) throw MALFORMED_ADDRESS_ERROR;
if (!(typeof address === "string" || address instanceof String) || address.length !== ALGORAND_ADDRESS_LENGTH)
throw MALFORMED_ADDRESS_ERROR;

//try to decode
let decoded = base32.decode.asBytes(address);

// Sanity check
if (decoded.length !== ALGORAND_ADDRESS_BYTE_LENGTH) throw MALFORMED_ADDRESS_ERROR;

// Find publickey and checksum
let pk = new Uint8Array(decoded.slice(0, ALGORAND_ADDRESS_BYTE_LENGTH - ALGORAND_CHECKSUM_BYTE_LENGTH));
let cs = new Uint8Array(decoded.slice(nacl.PUBLIC_KEY_LENGTH, ALGORAND_ADDRESS_BYTE_LENGTH));

// Compute checksum
let checksum = nacl.genericHash(pk).slice(nacl.HASH_BYTES_LENGTH - ALGORAND_CHECKSUM_BYTE_LENGTH,nacl.HASH_BYTES_LENGTH);

// Check if the checksum and the address are equal
if(!utils.arrayEqual(checksum, cs)) throw MALFORMED_ADDRESS_ERROR;

return {"publicKey": pk, "checksum": cs}
}

Expand Down