MnemonicCode: Add null check for passphrase.

The null check is added due to a likely undesirable outcome when supplying a null passphrase. If allowed, the salt will be "mnemonicnull", when one would expect only "mnemonic" due to the following from BIP39 "If a passphrase is not present, an empty string "" is used instead."
2025-02-24 14:50:57 +01:00 · 2018-02-19 16:31:52 +01:00 · 2018-02-19 16:31:52 +01:00 · 2acdb34948
commit 2acdb34948
parent c4d1f200a9
2 changed files with 8 additions and 0 deletions
--- a/core/src/main/java/org/bitcoinj/crypto/MnemonicCode.java
+++ b/core/src/main/java/org/bitcoinj/crypto/MnemonicCode.java
@ -34,6 +34,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;

+import static com.google.common.base.Preconditions.checkNotNull;
 import static org.bitcoinj.core.Utils.HEX;

 /**
@ -119,6 +120,7 @@ public class MnemonicCode {
     * Convert mnemonic word list to seed.
     */
    public static byte[] toSeed(List<String> words, String passphrase) {
+        checkNotNull(passphrase, "A null passphrase is not allowed.");

        // To create binary seed from mnemonic, we use PBKDF2 function
        // with mnemonic sentence (in UTF-8) used as a password and
--- a/core/src/test/java/org/bitcoinj/crypto/MnemonicCodeTest.java
+++ b/core/src/test/java/org/bitcoinj/crypto/MnemonicCodeTest.java
@ -212,6 +212,12 @@ public class MnemonicCodeTest {
        mc.toMnemonic(entropy);
    }

+    @Test(expected = NullPointerException.class)
+    public void testNullPassphrase() throws Exception {
+        List<String> code = split("legal winner thank year wave sausage worth useful legal winner thank yellow");
+        MnemonicCode.toSeed(code, null);
+    }
+
    public static List<String> split(String words) {
        return new ArrayList<>(Arrays.asList(words.split("\\s+")));
    }