mirrors/signal-desktop
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Optimize publicKey deserialization for server trust root

Browse source
This commit is contained in:
trevor-signal 2025-05-02 14:09:25 -04:00 committed by GitHub
parent aab1423930
commit ae6ffd26e7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 11 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ts/test-electron/MessageReceiver_test.ts
View file

@ -13,6 +13,7 @@ import { generateAci } from '../types/ServiceId';
import type { AciString } from '../types/ServiceId';
import { SignalService as Proto } from '../protobuf';
import * as Crypto from '../Crypto';
import { toBase64 } from '../Bytes';
describe('MessageReceiver', () => {
const someAci = generateAci();
@ -37,9 +38,12 @@ describe('MessageReceiver', () => {
describe('connecting', () => {
it('generates decryption-error event when it cannot decrypt', async () => {
const fakeTrustRootPublicKey = Crypto.getRandomBytes(33);
fakeTrustRootPublicKey.set([5], 0); // first byte is the key type (5)
const messageReceiver = new MessageReceiver({
storage: window.storage,
serverTrustRoot: 'AAAAAAAA',
serverTrustRoot: toBase64(fakeTrustRootPublicKey),
});
const body = Proto.Envelope.encode({

15
ts/textsecure/MessageReceiver.ts
View file

@ -300,7 +300,7 @@ export default class MessageReceiver
#encryptedQueue: PQueue;
#decryptedQueue: PQueue;
#retryCachedTimeout: NodeJS.Timeout | undefined;
#serverTrustRoot: Uint8Array;
#serverTrustRoot: PublicKey;
#stoppingProcessing?: boolean;
#pniIdentityKeyCheckRequired?: boolean;
@ -315,7 +315,9 @@ export default class MessageReceiver
if (!serverTrustRoot) {
throw new Error('Server trust root is required!');
}
this.#serverTrustRoot = Bytes.fromBase64(serverTrustRoot);
this.#serverTrustRoot = PublicKey.deserialize(
Buffer.from(Bytes.fromBase64(serverTrustRoot))
);
this.#incomingQueue = new PQueue({
concurrency: 1,
@ -1637,12 +1639,7 @@ export default class MessageReceiver
`${logId}: Sealed sender message was missing serverTimestamp`
);
if (
!certificate.validate(
PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)),
serverTimestamp
)
) {
if (!certificate.validate(this.#serverTrustRoot, serverTimestamp)) {
throw new Error(`${logId}: Sealed sender certificate validation failed`);
}
@ -1794,7 +1791,7 @@ export default class MessageReceiver
() =>
sealedSenderDecryptMessage(
Buffer.from(ciphertext),
PublicKey.deserialize(Buffer.from(this.#serverTrustRoot)),
this.#serverTrustRoot,
envelope.serverTimestamp,
localE164 || null,
destinationServiceId,