feat: Check the HMAC during decryption
This commit is contained in:
parent
6d8238475c
commit
8d222a160f
@ -1,6 +1,7 @@
|
||||
import 'dart:convert';
|
||||
import 'package:cryptography/cryptography.dart';
|
||||
import 'package:omemo_dart/protobuf/schema.pb.dart';
|
||||
import 'package:omemo_dart/src/errors.dart';
|
||||
import 'package:omemo_dart/src/helpers.dart';
|
||||
|
||||
/// Info string for ENCRYPT
|
||||
@ -93,7 +94,9 @@ Future<List<int>> decrypt(List<int> mk, List<int> ciphertext, List<int> associat
|
||||
secretKey: SecretKey(authenticationKey),
|
||||
)).bytes.sublist(0, 16);
|
||||
|
||||
// TODO(PapaTutuWawa): Check the HMAC result
|
||||
if (!listsEqual(hmacResult, message.mac)) {
|
||||
throw InvalidMessageHMACException();
|
||||
}
|
||||
|
||||
final plaintext = await AesCbc.with256bits(
|
||||
macAlgorithm: MacAlgorithm.empty,
|
||||
|
@ -1,3 +1,9 @@
|
||||
/// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
|
||||
class InvalidSignatureException implements Exception {
|
||||
String errMsg() => 'The signature of the SPK does not match the provided signature';
|
||||
}
|
||||
|
||||
/// Triggered by the Double Ratchet if the computet HMAC does not match the attached HMAC.
|
||||
class InvalidMessageHMACException implements Exception {
|
||||
String errMsg() => 'The computed HMAC does not match the provided HMAC';
|
||||
}
|
||||
|
@ -7,3 +7,16 @@ List<int> concat(List<List<int>> inputs) {
|
||||
|
||||
return tmp;
|
||||
}
|
||||
|
||||
/// Compares the two lists [a] and [b] and return true if [a] and [b] are index-by-index
|
||||
/// equal. Returns false, if they are not "equal";
|
||||
bool listsEqual(List<int> a, List<int> b) {
|
||||
// TODO(Unknown): Do we need to use a constant time comparison?
|
||||
if (a.length != b.length) return false;
|
||||
|
||||
for (var i = 0; i < a.length; i++) {
|
||||
if (a[i] != b[i]) return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user