Skip to content

fix(scrypt): Fix scrypt JSON parsing for p and r #4611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
MatusKysel wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(scrypt): Fix scrypt JSON parsing for p and r #4611

MatusKysel wants to merge 1 commit into from
+2 −2

Conversation

@MatusKysel
Copy link

@MatusKysel MatusKysel commented Jan 9, 2026

Description

Fixed the JSON parsing copy-paste bug so p and r are only read when their own keys are present, preventing defaults from being silently used. Updated logic in src/Keystore/ScryptParameters.cpp to check CodingKeys::SP::p and CodingKeys::SP::r instead of CodingKeys::SP::n.

@MatusKysel MatusKysel requested a review from a team as a code owner January 9, 2026 14:07
sergei-boiko-trustwallet
sergei-boiko-trustwallet approved these changes Jan 10, 2026
View reviewed changes
Copy link
Contributor

@sergei-boiko-trustwallet sergei-boiko-trustwallet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks legit, thanks for the fix!

Copilot AI reviewed Jan 10, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a critical copy-paste bug in the scrypt parameter JSON parsing logic. The bug caused the p and r parameters to always use default values when parsing JSON, even when different values were explicitly provided, because the code was incorrectly checking the n key instead of the respective p and r keys.

Changes:

  • Fixed conditional checks for p parameter to use CodingKeys::SP::p instead of CodingKeys::SP::n
  • Fixed conditional checks for r parameter to use CodingKeys::SP::r instead of CodingKeys::SP::n

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/Keystore/ScryptParameters.cpp
Comment on lines +78 to 81
if (json.count(CodingKeys::SP::p) != 0)
p = json[CodingKeys::SP::p];
if (json.count(CodingKeys::SP::n) != 0)
if (json.count(CodingKeys::SP::r) != 0)
r = json[CodingKeys::SP::r];
Copy link

Copilot AI Jan 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix correctly addresses the copy-paste bug where p and r parameters were checking the wrong JSON key (n instead of their respective keys). However, there is no test coverage that specifically validates the conditional parsing behavior when p or r keys are missing from JSON. Consider adding a unit test that verifies the default values are used when these keys are absent, and that custom values are correctly parsed when present.

Copilot uses AI. Check for mistakes.
@sergei-boiko-trustwallet
Copy link
Contributor

sergei-boiko-trustwallet commented Jan 10, 2026

@MatusKysel, from the first glance, the fix is correct, but the implementation in general looks wrong because we shouldn't use default n, p, r if they aren't provided. Should we throw an exception instead?
Am I missing something?

@MatusKysel
Copy link
Author

MatusKysel commented Jan 12, 2026

@MatusKysel, from the first glance, the fix is correct, but the implementation in general looks wrong because we shouldn't use default n, p, r if they aren't provided. Should we throw an exception instead? Am I missing something?

Thanks for the catch. The fix here only corrects the key checks for p/r; the “default if missing” behavior was already present via the struct defaults (same pattern as PBKDF2 iterations). So the patch doesn’t introduce that behavior.

If we want to treat missing n/p/r as invalid, I agree that’s a separate behavior change. We’d probably want to enforce required fields (and likely do the same for PBKDF2) to avoid silently falling back and to surface malformed keystores explicitly. Happy to follow up with a separate PR if that’s the direction

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@sergei-boiko-trustwallet sergei-boiko-trustwallet sergei-boiko-trustwallet approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MatusKysel @sergei-boiko-trustwallet