Signal/Desktop
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Desktop.git synced 2026-04-24 18:38:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use constant time mac comparison

Browse Source 
In libtextsecure and in libaxolotl.

// FREEBIE
This commit is contained in:
lilia
2015-11-24 16:14:12 -08:00
parent d4e0c11ebc
commit 63cd3b2788
3 changed files with 64 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libtextsecure/crypto.js
View File

@@ -25,12 +25,24 @@
});
};
var verifyMAC = function(data, key, mac) {
var verifyMAC = function(data, key, mac, length) {
return calculateMAC(key, data).then(function(calculated_mac) {
if (!isEqual(calculated_mac, mac, true))
if (mac.byteLength != length || calculated_mac.byteLength < length) {
throw new Error("Bad MAC length");
}
var a = new Uint8Array(calculated_mac);
var b = new Uint8Array(mac);
var result = 0;
for (var i=0; i < mac.byteLength; ++i) {
result = result | (a[i] ^ b[i]);
}
if (result !== 0) {
throw new Error("Bad MAC");
}
});
}
};
window.textsecure = window.textsecure || {};
window.textsecure.crypto = {
@@ -56,7 +68,7 @@
var ivAndCiphertext = decodedMessage.slice(0, decodedMessage.byteLength - 10);
var mac = decodedMessage.slice(decodedMessage.byteLength - 10, decodedMessage.byteLength);
return verifyMAC(ivAndCiphertext, mac_key, mac).then(function() {
return verifyMAC(ivAndCiphertext, mac_key, mac, 10).then(function() {
return decrypt(aes_key, ciphertext, iv);
});
},
@@ -77,7 +89,7 @@
var ivAndCiphertext = encryptedBin.slice(0, encryptedBin.byteLength - 32);
var mac = encryptedBin.slice(encryptedBin.byteLength - 32, encryptedBin.byteLength);
return verifyMAC(ivAndCiphertext, mac_key, mac).then(function() {
return verifyMAC(ivAndCiphertext, mac_key, mac, 32).then(function() {
return decrypt(aes_key, ciphertext, iv);
});
},