nip49: normalize passwords.

because nostr is a giant shit show: nostr-protocol/nips#1053
nbd-wtf · Feb 16, 2024 · 2cba101 · 2cba101
1 parent f3d9f02
commit 2cba101
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -16,6 +16,7 @@ require (
 	golang.org/x/crypto v0.7.0
 	golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53
 	golang.org/x/net v0.8.0
+	golang.org/x/text v0.8.0
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -134,6 +134,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.8.0 h1:57P1ETyNKtuIjB4SRd15iJxuhj8Gc416Y78H3qgMh68=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/nip49/nip49.go b/nip49/nip49.go
@@ -9,6 +9,8 @@ import (
 	"github.com/btcsuite/btcd/btcutil/bech32"
 	"golang.org/x/crypto/chacha20poly1305"
 	"golang.org/x/crypto/scrypt"
+	"golang.org/x/text/transform"
+	"golang.org/x/text/unicode/norm"
 )
 
 type KeySecurityByte byte
@@ -33,9 +35,10 @@ func EncryptBytes(secretKey []byte, password string, logn uint8, ksb KeySecurity
 		return "", fmt.Errorf("failed to read salt: %w", err)
 	}
 	n := int(math.Pow(2, float64(int(logn))))
-	key, err := scrypt.Key([]byte(password), salt, n, 8, 1, 32)
+
+	key, err := getKey(password, salt, n)
 	if err != nil {
-		return "", fmt.Errorf("failed to compute key with scrypt: %w", err)
+		return "", err
 	}
 
 	concat := make([]byte, 91)
@@ -95,9 +98,9 @@ func DecryptToBytes(bech32string string, password string) (secretKey []byte, err
 	// keySecurityByte := ad[0]
 	encryptedKey := data[2+16+24+1:]
 
-	key, err := scrypt.Key([]byte(password), salt, n, 8, 1, 32)
+	key, err := getKey(password, salt, n)
 	if err != nil {
-		return nil, fmt.Errorf("failed to compute key with scrypt: %w", err)
+		return nil, err
 	}
 
 	c2p1, err := chacha20poly1305.NewX(key)
@@ -107,3 +110,16 @@ func DecryptToBytes(bech32string string, password string) (secretKey []byte, err
 
 	return c2p1.Open(nil, nonce, encryptedKey, ad)
 }
+
+func getKey(password string, salt []byte, n int) ([]byte, error) {
+	normalizedPassword, _, err := transform.Bytes(norm.NFKC, []byte(password))
+	if err != nil {
+		return nil, fmt.Errorf("failed to normalize password: %w", err)
+	}
+
+	key, err := scrypt.Key(normalizedPassword, salt, n, 8, 1, 32)
+	if err != nil {
+		return nil, fmt.Errorf("failed to compute key with scrypt: %w", err)
+	}
+	return key, nil
+}