From a1c534ec0ccc31510c916b0c8c9835f915528b7e Mon Sep 17 00:00:00 2001 From: Scott Nonnenberg Date: Wed, 7 Apr 2021 14:27:40 -0700 Subject: [PATCH] Fix CDS fetches; use proper hashing mechanism --- ts/Crypto.ts | 7 ++++--- ts/test-both/util/synchronousCrypto_test.ts | 13 +++++++++++-- ts/util/synchronousCrypto.ts | 9 +++++++-- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/ts/Crypto.ts b/ts/Crypto.ts index e47daf53c2..45428a5d7b 100644 --- a/ts/Crypto.ts +++ b/ts/Crypto.ts @@ -8,6 +8,7 @@ import { CipherType, encrypt, decrypt, + HashType, hash, sign, } from './util/synchronousCrypto'; @@ -470,8 +471,8 @@ export async function decryptAesGcm( // Hashing -export async function sha256(data: ArrayBuffer): Promise { - return hash(data); +export function sha256(data: ArrayBuffer): ArrayBuffer { + return hash(HashType.size256, data); } // Utility @@ -628,7 +629,7 @@ export async function encryptCdsDiscoveryRequest( }); const queryDataPlaintext = concatenateBytes(nonce, numbersArray.buffer); const queryDataKey = getRandomBytes(32); - const commitment = await sha256(queryDataPlaintext); + const commitment = sha256(queryDataPlaintext); const iv = getRandomBytes(12); const queryDataCiphertext = await encryptAesGcm( queryDataKey, diff --git a/ts/test-both/util/synchronousCrypto_test.ts b/ts/test-both/util/synchronousCrypto_test.ts index 8ad7dae752..dbb50da2d5 100644 --- a/ts/test-both/util/synchronousCrypto_test.ts +++ b/ts/test-both/util/synchronousCrypto_test.ts @@ -5,12 +5,21 @@ import { assert } from 'chai'; import crypto from 'crypto'; import { typedArrayToArrayBuffer as toArrayBuffer } from '../../Crypto'; -import { hash, sign, encrypt, decrypt } from '../../util/synchronousCrypto'; +import { + HashType, + hash, + sign, + encrypt, + decrypt, +} from '../../util/synchronousCrypto'; describe('synchronousCrypto', () => { describe('hash', () => { it('returns SHA512 hash of the input', () => { - const result = hash(toArrayBuffer(Buffer.from('signal'))); + const result = hash( + HashType.size512, + toArrayBuffer(Buffer.from('signal')) + ); assert.strictEqual( Buffer.from(result).toString('base64'), 'WxneQjrfSlY95Bi+SAzDAr2cf3mxUXePeNYn6DILN4a8NFr9VelTbP5tGHdthi+' + diff --git a/ts/util/synchronousCrypto.ts b/ts/util/synchronousCrypto.ts index 1fcc1e8b6e..be17bb5b18 100644 --- a/ts/util/synchronousCrypto.ts +++ b/ts/util/synchronousCrypto.ts @@ -14,9 +14,14 @@ export function sign(key: ArrayBuffer, data: ArrayBuffer): ArrayBuffer { ); } -export function hash(data: ArrayBuffer): ArrayBuffer { +export enum HashType { + size256 = 'sha256', + size512 = 'sha512', +} + +export function hash(type: HashType, data: ArrayBuffer): ArrayBuffer { return toArrayBuffer( - crypto.createHash('sha512').update(Buffer.from(data)).digest() + crypto.createHash(type).update(Buffer.from(data)).digest() ); }