feat: Add signature validation

This commit is contained in:
PapaTutuWawa 2022-08-02 15:40:26 +02:00
parent fc43655956
commit 4211775c90
4 changed files with 57 additions and 4 deletions

View File

@ -1,5 +1,6 @@
library omemo_dart; library omemo_dart;
export 'src/bundle.dart'; export 'src/bundle.dart';
export 'src/errors.dart';
export 'src/key.dart'; export 'src/key.dart';
export 'src/x3dh.dart'; export 'src/x3dh.dart';

4
lib/src/errors.dart Normal file
View File

@ -0,0 +1,4 @@
class InvalidSignatureException implements Exception {
@override
String errMsg() => 'The signature of the SPK does not match the provided signature';
}

View File

@ -2,6 +2,7 @@ import 'dart:convert';
import 'dart:math'; import 'dart:math';
import 'package:cryptography/cryptography.dart'; import 'package:cryptography/cryptography.dart';
import 'package:omemo_dart/src/bundle.dart'; import 'package:omemo_dart/src/bundle.dart';
import 'package:omemo_dart/src/errors.dart';
import 'package:omemo_dart/src/key.dart'; import 'package:omemo_dart/src/key.dart';
/// The overarching assumption is that we use Ed25519 keys for the identity keys /// The overarching assumption is that we use Ed25519 keys for the identity keys
@ -99,6 +100,19 @@ List<int> concat(List<List<int>> inputs) {
/// Alice builds a session with Bob using his bundle [bundle] and Alice's identity key /// Alice builds a session with Bob using his bundle [bundle] and Alice's identity key
/// pair [ik]. /// pair [ik].
Future<X3DHAliceResult> x3dhFromBundle(OmemoBundle bundle, OmemoKeyPair ik) async { Future<X3DHAliceResult> x3dhFromBundle(OmemoBundle bundle, OmemoKeyPair ik) async {
// Check the signature first
final signatureValue = await Ed25519().verify(
await bundle.spk.getBytes(),
signature: Signature(
bundle.spkSignature,
publicKey: bundle.ik.asPublicKey(),
),
);
if (!signatureValue) {
throw InvalidSignatureException();
}
// Generate EK // Generate EK
final ek = await OmemoKeyPair.generateNewPair(KeyPairType.x25519); final ek = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);

View File

@ -1,9 +1,10 @@
import 'dart:convert';
import 'package:cryptography/cryptography.dart'; import 'package:cryptography/cryptography.dart';
import 'package:omemo_dart/omemo_dart.dart'; import 'package:omemo_dart/omemo_dart.dart';
import 'package:test/test.dart'; import 'package:test/test.dart';
void main() { void main() {
test('X3DH', () async { test('X3DH with correct signature', () async {
// Generate keys // Generate keys
final ikAlice = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519); final ikAlice = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
final ikBob = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519); final ikBob = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
@ -13,8 +14,10 @@ void main() {
'1', '1',
await spkBob.pk.asBase64(), await spkBob.pk.asBase64(),
'3', '3',
// TODO(PapaTutuWawa): Do base64Encode(
'n/a', await sig(ikBob, await spkBob.pk.getBytes()),
),
//'Q5in+/L4kJixEX692h6mJkPMyp4I3SlQ84L0E7ipPzqfPHOMiraUlqG2vG/O8wvFjLsKYZpPBraga9IvwhqVDA==',
await ikBob.pk.asBase64(), await ikBob.pk.asBase64(),
{ {
'2': await opkBob.pk.asBase64(), '2': await opkBob.pk.asBase64(),
@ -42,4 +45,35 @@ void main() {
expect(resultAlice.sk, resultBob.sk); expect(resultAlice.sk, resultBob.sk);
expect(resultAlice.ad, resultBob.ad); expect(resultAlice.ad, resultBob.ad);
}); });
test('X3DH with incorrect signature', () async {
// Generate keys
final ikAlice = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
final ikBob = await OmemoKeyPair.generateNewPair(KeyPairType.ed25519);
final spkBob = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final opkBob = await OmemoKeyPair.generateNewPair(KeyPairType.x25519);
final bundleBob = OmemoBundle(
'1',
await spkBob.pk.asBase64(),
'3',
// NOTE: A bit flakey, but it is highly unlikely that the same keypair as this one
// gets generated.
'Q5in+/L4kJixEX692h6mJkPMyp4I3SlQ84L0E7ipPzqfPHOMiraUlqG2vG/O8wvFjLsKYZpPBraga9IvwhqVDA==',
await ikBob.pk.asBase64(),
{
'2': await opkBob.pk.asBase64(),
},
);
// Alice does X3DH
var exception = false;
try {
await x3dhFromBundle(bundleBob, ikAlice);
} catch(e) {
exception = true;
expect(e is InvalidSignatureException, true, reason: 'Expected InvalidSignatureException, but got $e');
}
expect(exception, true, reason: 'Expected test failure');
});
} }