Signal/Desktop
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Desktop.git synced 2026-05-08 08:58:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

Attachment encrypt/decrypt: Validate digest/mac length for better errors

Browse Source
This commit is contained in:
Scott Nonnenberg
2024-01-08 16:35:05 -08:00
parent d1aa47544b
commit 038194c946
1 changed files with 33 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ts/AttachmentCrypto.ts
+33 -5
View File
@@ -41,6 +41,7 @@ import type { ContextType } from './types/Message2';
export const IV_LENGTH = 16;
export const KEY_LENGTH = 32;
export const DIGEST_LENGTH = 32;
export const ATTACHMENT_MAC_LENGTH = 32;
export type EncryptedAttachmentV2 = {
@@ -128,12 +129,20 @@ export async function encryptAttachmentV2({
}
const { digest: plaintextHash } = plaintextHashTransform;
if (!plaintextHash || !plaintextHash.byteLength) {
if (
!plaintextHash ||
!plaintextHash.byteLength ||
plaintextHash.byteLength !== DIGEST_LENGTH
) {
throw new Error(`${logId}: Failed to generate plaintext hash!`);
}
const { digest: ourDigest } = digestTransform;
if (!ourDigest || !ourDigest.byteLength) {
if (
!ourDigest ||
!ourDigest.byteLength ||
ourDigest.byteLength !== DIGEST_LENGTH
) {
throw new Error(`${logId}: Failed to generate ourDigest!`);
}
@@ -221,10 +230,18 @@ export async function decryptAttachmentV2({
const { ourMac } = macTransform;
const { theirMac } = coreDecryptionTransform;
if (!ourMac || !ourMac.byteLength) {
if (
!ourMac ||
!ourMac.byteLength ||
ourMac.byteLength !== ATTACHMENT_MAC_LENGTH
) {
throw new Error(`${logId}: Failed to generate ourMac!`);
}
if (!theirMac || !theirMac.byteLength) {
if (
!theirMac ||
!theirMac.byteLength ||
theirMac.byteLength !== ATTACHMENT_MAC_LENGTH
) {
throw new Error(`${logId}: Failed to find theirMac!`);
}
if (!constantTimeEqual(ourMac, theirMac)) {
@@ -232,9 +249,20 @@ export async function decryptAttachmentV2({
}
const { digest: ourDigest } = digestTransform;
if (!ourDigest || !ourDigest.byteLength) {
if (
!ourDigest ||
!ourDigest.byteLength ||
ourDigest.byteLength !== DIGEST_LENGTH
) {
throw new Error(`${logId}: Failed to generate ourDigest!`);
}
if (
!theirDigest ||
!theirDigest.byteLength ||
theirDigest.byteLength !== DIGEST_LENGTH
) {
throw new Error(`${logId}: Failed to find theirDigest!`);
}
if (!constantTimeEqual(ourDigest, theirDigest)) {
throw new Error(`${logId}: Bad digest`);
}