mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Fix CDS fetches; use proper hashing mechanism

Browse source
This commit is contained in:
Scott Nonnenberg 2021-04-07 14:27:40 -07:00 committed by GitHub
parent e4db9358cf
commit a1c534ec0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
ts/Crypto.ts
View file

@ -8,6 +8,7 @@ import {
CipherType, CipherType,
encrypt, encrypt,
decrypt, decrypt,
HashType,
hash, hash,
sign, sign,
} from './util/synchronousCrypto'; } from './util/synchronousCrypto';
@ -470,8 +471,8 @@ export async function decryptAesGcm(
// Hashing // Hashing
export async function sha256(data: ArrayBuffer): Promise<ArrayBuffer> { export function sha256(data: ArrayBuffer): ArrayBuffer {
return hash(data); return hash(HashType.size256, data);
} }
// Utility // Utility
@ -628,7 +629,7 @@ export async function encryptCdsDiscoveryRequest(
}); });
const queryDataPlaintext = concatenateBytes(nonce, numbersArray.buffer); const queryDataPlaintext = concatenateBytes(nonce, numbersArray.buffer);
const queryDataKey = getRandomBytes(32); const queryDataKey = getRandomBytes(32);
const commitment = await sha256(queryDataPlaintext); const commitment = sha256(queryDataPlaintext);
const iv = getRandomBytes(12); const iv = getRandomBytes(12);
const queryDataCiphertext = await encryptAesGcm( const queryDataCiphertext = await encryptAesGcm(
queryDataKey, queryDataKey,

13
ts/test-both/util/synchronousCrypto_test.ts
View file

@ -5,12 +5,21 @@ import { assert } from 'chai';
import crypto from 'crypto'; import crypto from 'crypto';
import { typedArrayToArrayBuffer as toArrayBuffer } from '../../Crypto'; import { typedArrayToArrayBuffer as toArrayBuffer } from '../../Crypto';
import { hash, sign, encrypt, decrypt } from '../../util/synchronousCrypto'; import {
HashType,
hash,
sign,
encrypt,
decrypt,
} from '../../util/synchronousCrypto';
describe('synchronousCrypto', () => { describe('synchronousCrypto', () => {
describe('hash', () => { describe('hash', () => {
it('returns SHA512 hash of the input', () => { it('returns SHA512 hash of the input', () => {
const result = hash(toArrayBuffer(Buffer.from('signal'))); const result = hash(
HashType.size512,
toArrayBuffer(Buffer.from('signal'))
);
assert.strictEqual( assert.strictEqual(
Buffer.from(result).toString('base64'), Buffer.from(result).toString('base64'),
'WxneQjrfSlY95Bi+SAzDAr2cf3mxUXePeNYn6DILN4a8NFr9VelTbP5tGHdthi+' + 'WxneQjrfSlY95Bi+SAzDAr2cf3mxUXePeNYn6DILN4a8NFr9VelTbP5tGHdthi+' +

9
ts/util/synchronousCrypto.ts
View file

@ -14,9 +14,14 @@ export function sign(key: ArrayBuffer, data: ArrayBuffer): ArrayBuffer {
); );
} }
export function hash(data: ArrayBuffer): ArrayBuffer { export enum HashType {
size256 = 'sha256',
size512 = 'sha512',
}
export function hash(type: HashType, data: ArrayBuffer): ArrayBuffer {
return toArrayBuffer( return toArrayBuffer(
crypto.createHash('sha512').update(Buffer.from(data)).digest() crypto.createHash(type).update(Buffer.from(data)).digest()
); );
} }