feat: Check the HMAC during decryption
This commit is contained in:
parent
6d8238475c
commit
8d222a160f
@ -1,6 +1,7 @@
|
|||||||
import 'dart:convert';
|
import 'dart:convert';
|
||||||
import 'package:cryptography/cryptography.dart';
|
import 'package:cryptography/cryptography.dart';
|
||||||
import 'package:omemo_dart/protobuf/schema.pb.dart';
|
import 'package:omemo_dart/protobuf/schema.pb.dart';
|
||||||
|
import 'package:omemo_dart/src/errors.dart';
|
||||||
import 'package:omemo_dart/src/helpers.dart';
|
import 'package:omemo_dart/src/helpers.dart';
|
||||||
|
|
||||||
/// Info string for ENCRYPT
|
/// Info string for ENCRYPT
|
||||||
@ -93,7 +94,9 @@ Future<List<int>> decrypt(List<int> mk, List<int> ciphertext, List<int> associat
|
|||||||
secretKey: SecretKey(authenticationKey),
|
secretKey: SecretKey(authenticationKey),
|
||||||
)).bytes.sublist(0, 16);
|
)).bytes.sublist(0, 16);
|
||||||
|
|
||||||
// TODO(PapaTutuWawa): Check the HMAC result
|
if (!listsEqual(hmacResult, message.mac)) {
|
||||||
|
throw InvalidMessageHMACException();
|
||||||
|
}
|
||||||
|
|
||||||
final plaintext = await AesCbc.with256bits(
|
final plaintext = await AesCbc.with256bits(
|
||||||
macAlgorithm: MacAlgorithm.empty,
|
macAlgorithm: MacAlgorithm.empty,
|
||||||
|
@ -1,3 +1,9 @@
|
|||||||
|
/// Triggered during X3DH if the signature if the SPK does verify to the actual SPK.
|
||||||
class InvalidSignatureException implements Exception {
|
class InvalidSignatureException implements Exception {
|
||||||
String errMsg() => 'The signature of the SPK does not match the provided signature';
|
String errMsg() => 'The signature of the SPK does not match the provided signature';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Triggered by the Double Ratchet if the computet HMAC does not match the attached HMAC.
|
||||||
|
class InvalidMessageHMACException implements Exception {
|
||||||
|
String errMsg() => 'The computed HMAC does not match the provided HMAC';
|
||||||
|
}
|
||||||
|
@ -7,3 +7,16 @@ List<int> concat(List<List<int>> inputs) {
|
|||||||
|
|
||||||
return tmp;
|
return tmp;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/// Compares the two lists [a] and [b] and return true if [a] and [b] are index-by-index
|
||||||
|
/// equal. Returns false, if they are not "equal";
|
||||||
|
bool listsEqual(List<int> a, List<int> b) {
|
||||||
|
// TODO(Unknown): Do we need to use a constant time comparison?
|
||||||
|
if (a.length != b.length) return false;
|
||||||
|
|
||||||
|
for (var i = 0; i < a.length; i++) {
|
||||||
|
if (a[i] != b[i]) return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user