test_derived_key_zeroing.py
python
sha256:81ae324db5ad375fbfe4834c6fcb378312cafad3cc92dec5d3e5c427306621a2
fix: remove commit_exists filter from have anchors — server…
Sonnet 4.6
patch
21 days ago
| 1 | """Tests for DerivedKey memory zeroing after use. |
| 2 | |
| 3 | DerivedKey.private_bytes and DerivedKey.chain_code used to be immutable |
| 4 | ``bytes`` — they could not be zeroed, so raw key material lingered in the |
| 5 | Python heap indefinitely after derivation. |
| 6 | |
| 7 | Fix: |
| 8 | - Fields changed to ``bytearray`` so contents can be overwritten. |
| 9 | - ``DerivedKey.zero()`` sets both fields to all-zero bytes. |
| 10 | - ``derive_path`` zeroes each intermediate DerivedKey after deriving the |
| 11 | next child. |
| 12 | - ``derive_hd_public_info`` zeroes the final DerivedKey after the Ed25519 |
| 13 | PrivateKey object has been created. |
| 14 | |
| 15 | Coverage |
| 16 | -------- |
| 17 | I DerivedKey fields are bytearray |
| 18 | I1 private_bytes is bytearray, not bytes |
| 19 | I2 chain_code is bytearray, not bytes |
| 20 | |
| 21 | II DerivedKey.zero() wipes both fields |
| 22 | II1 after zero(), private_bytes is all-zero |
| 23 | II2 after zero(), chain_code is all-zero |
| 24 | II3 zero() does not affect the length (still 32 bytes) |
| 25 | |
| 26 | III derive_hd_public_info zeroes the final DerivedKey |
| 27 | III1 private_bytes is all-zero in the DerivedKey after derive_hd_public_info returns |
| 28 | III2 chain_code is all-zero in the DerivedKey after derive_hd_public_info returns |
| 29 | |
| 30 | IV Derivation still correct after zeroing changes |
| 31 | IV1 same seed → same fingerprint (deterministic derivation unchanged) |
| 32 | """ |
| 33 | |
| 34 | from __future__ import annotations |
| 35 | |
| 36 | from unittest.mock import patch |
| 37 | |
| 38 | import pytest |
| 39 | |
| 40 | from muse.core import hdkeys as _hdkeys |
| 41 | from muse.core.slip010 import master_key, DerivedKey |
| 42 | from muse.core.bip39 import mnemonic_to_seed |
| 43 | from muse.core.keypair import derive_hd_public_info |
| 44 | |
| 45 | _MNEMONIC = ( |
| 46 | "abandon abandon abandon abandon abandon abandon abandon abandon " |
| 47 | "abandon abandon abandon about" |
| 48 | ) |
| 49 | _SEED = mnemonic_to_seed(_MNEMONIC) |
| 50 | |
| 51 | |
| 52 | |
| 53 | |
| 54 | # --------------------------------------------------------------------------- |
| 55 | # I DerivedKey fields are bytearray |
| 56 | # --------------------------------------------------------------------------- |
| 57 | |
| 58 | class TestDerivedKeyFieldTypes: |
| 59 | def test_I1_private_bytes_is_bytearray(self) -> None: |
| 60 | """I1: DerivedKey.private_bytes must be bytearray, not bytes.""" |
| 61 | dk = master_key(_SEED) |
| 62 | assert isinstance(dk.private_bytes, bytearray), ( |
| 63 | f"private_bytes must be bytearray, got {type(dk.private_bytes).__name__}" |
| 64 | ) |
| 65 | |
| 66 | def test_I2_chain_code_is_bytearray(self) -> None: |
| 67 | """I2: DerivedKey.chain_code must be bytearray, not bytes.""" |
| 68 | dk = master_key(_SEED) |
| 69 | assert isinstance(dk.chain_code, bytearray), ( |
| 70 | f"chain_code must be bytearray, got {type(dk.chain_code).__name__}" |
| 71 | ) |
| 72 | |
| 73 | |
| 74 | # --------------------------------------------------------------------------- |
| 75 | # II DerivedKey.zero() wipes both fields |
| 76 | # --------------------------------------------------------------------------- |
| 77 | |
| 78 | class TestDerivedKeyZero: |
| 79 | def test_II1_zero_wipes_private_bytes(self) -> None: |
| 80 | """II1: after zero(), private_bytes contains only null bytes.""" |
| 81 | dk = master_key(_SEED) |
| 82 | assert any(b != 0 for b in dk.private_bytes), "pre-condition: key must not already be zero" |
| 83 | dk.zero() |
| 84 | assert dk.private_bytes == bytearray(32), "private_bytes must be all-zero after zero()" |
| 85 | |
| 86 | def test_II2_zero_wipes_chain_code(self) -> None: |
| 87 | """II2: after zero(), chain_code contains only null bytes.""" |
| 88 | dk = master_key(_SEED) |
| 89 | assert any(b != 0 for b in dk.chain_code), "pre-condition: chain_code must not already be zero" |
| 90 | dk.zero() |
| 91 | assert dk.chain_code == bytearray(32), "chain_code must be all-zero after zero()" |
| 92 | |
| 93 | def test_II3_zero_preserves_length(self) -> None: |
| 94 | """II3: zero() does not change the field lengths.""" |
| 95 | dk = master_key(_SEED) |
| 96 | dk.zero() |
| 97 | assert len(dk.private_bytes) == 32 |
| 98 | assert len(dk.chain_code) == 32 |
| 99 | |
| 100 | |
| 101 | # --------------------------------------------------------------------------- |
| 102 | # III derive_hd_public_info zeroes the final DerivedKey |
| 103 | # --------------------------------------------------------------------------- |
| 104 | |
| 105 | class TestDeriveHdPublicInfoZeroing: |
| 106 | def test_III1_private_bytes_zeroed_after_derive(self) -> None: |
| 107 | """III1: the DerivedKey's private_bytes are all-zero after derive_hd_public_info.""" |
| 108 | captured: list[DerivedKey] = [] |
| 109 | original_derive = _hdkeys.derive_identity_key |
| 110 | |
| 111 | def capturing_derive(*args: int | bytes, **kwargs: int) -> DerivedKey: |
| 112 | dk = original_derive(*args, **kwargs) |
| 113 | captured.append(dk) |
| 114 | return dk |
| 115 | |
| 116 | with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive): |
| 117 | derive_hd_public_info(_SEED) |
| 118 | |
| 119 | assert captured, "derive_identity_key was not called" |
| 120 | dk = captured[0] |
| 121 | assert dk.private_bytes == bytearray(32), ( |
| 122 | "private_bytes must be zeroed after derive_hd_public_info" |
| 123 | ) |
| 124 | |
| 125 | def test_III2_chain_code_zeroed_after_derive(self) -> None: |
| 126 | """III2: the DerivedKey's chain_code is all-zero after derive_hd_public_info.""" |
| 127 | captured: list[DerivedKey] = [] |
| 128 | original_derive = _hdkeys.derive_identity_key |
| 129 | |
| 130 | def capturing_derive(*args: int | bytes, **kwargs: int) -> DerivedKey: |
| 131 | dk = original_derive(*args, **kwargs) |
| 132 | captured.append(dk) |
| 133 | return dk |
| 134 | |
| 135 | with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive): |
| 136 | derive_hd_public_info(_SEED) |
| 137 | |
| 138 | dk = captured[0] |
| 139 | assert dk.chain_code == bytearray(32), ( |
| 140 | "chain_code must be zeroed after derive_hd_public_info" |
| 141 | ) |
| 142 | |
| 143 | |
| 144 | # --------------------------------------------------------------------------- |
| 145 | # IV Derivation still correct |
| 146 | # --------------------------------------------------------------------------- |
| 147 | |
| 148 | class TestDerivedKeyZeroingCorrectness: |
| 149 | def test_IV1_same_seed_same_fingerprint(self) -> None: |
| 150 | """IV1: zeroing does not affect determinism — same seed → same fingerprint.""" |
| 151 | _, fp1 = derive_hd_public_info(_SEED) |
| 152 | _, fp2 = derive_hd_public_info(_SEED) |
| 153 | assert fp1 == fp2, "Zeroing must not break deterministic derivation" |
File History
4 commits
sha256:81ae324db5ad375fbfe4834c6fcb378312cafad3cc92dec5d3e5c427306621a2
fix: remove commit_exists filter from have anchors — server…
Sonnet 4.6
patch
21 days ago
sha256:36c3cb3e76619d4c30a6d9bf81b5ec4ff148e30dcfed913e3114ca7b43b81c7e
fix: rename objects→blobs in push client and all stale test…
Sonnet 4.6
patch
22 days ago
sha256:c06a9b9b9fee26c68ea725b44d54b2c0a171301ce9de746d5b656617b4463a9a
fix: repair four test failures from post-migration audit
Sonnet 4.6
patch
29 days ago
sha256:1900655993c83c4107067375548a7be823e471d2515830842f1a12cba4bd3cdf
fix: unified object store migration — idempotent writes, JS…
Sonnet 4.6
minor
⚠
29 days ago