feat: Check the HMAC during decryption

This commit is contained in:
PapaTutuWawa 2022-08-03 16:41:33 +02:00
parent 6d8238475c
commit 8d222a160f
3 changed files with 23 additions and 1 deletions

View File

@ -1,6 +1,7 @@
import 'dart:convert';
import 'package:cryptography/cryptography.dart';
import 'package:omemo_dart/protobuf/schema.pb.dart';
import 'package:omemo_dart/src/errors.dart';
import 'package:omemo_dart/src/helpers.dart';
/// Info string for ENCRYPT
@ -93,7 +94,9 @@ Future<List<int>> decrypt(List<int> mk, List<int> ciphertext, List<int> associat
secretKey: SecretKey(authenticationKey),
)).bytes.sublist(0, 16);
// TODO(PapaTutuWawa): Check the HMAC result
if (!listsEqual(hmacResult, message.mac)) {
throw InvalidMessageHMACException();
}
final plaintext = await AesCbc.with256bits(
macAlgorithm: MacAlgorithm.empty,

View File

@ -1,3 +1,9 @@
/// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
class InvalidSignatureException implements Exception {
String errMsg() => 'The signature of the SPK does not match the provided signature';
}
/// Triggered by the Double Ratchet if the computet HMAC does not match the attached HMAC.
class InvalidMessageHMACException implements Exception {
String errMsg() => 'The computed HMAC does not match the provided HMAC';
}

View File

@ -7,3 +7,16 @@ List<int> concat(List<List<int>> inputs) {
return tmp;
}
/// Compares the two lists [a] and [b] and return true if [a] and [b] are index-by-index
/// equal. Returns false, if they are not "equal";
bool listsEqual(List<int> a, List<int> b) {
// TODO(Unknown): Do we need to use a constant time comparison?
if (a.length != b.length) return false;
for (var i = 0; i < a.length; i++) {
if (a[i] != b[i]) return false;
}
return true;
}