keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

Fix MAC

Browse Source
pull/749/head
Matt Corallo 11 years ago
parent 094ee4e95c
commit aa8fe6f9d0
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File

14
helpers.js
Unescape Escape View File

@ -214,16 +214,16 @@ function decryptWebsocketMessage(message) {
return; return;
} }
var iv = CryptoJS.lib.WordArray.create(decodedMessage.subarray(1, 1 + 16)); var iv = CryptoJS.lib.WordArray.create(decodedMessage.subarray(1, 1 + 16));
var ciphertext = btoa(getString(decodedMessage.subarray(1 + 16, decodedMessage.length - 10))); var ciphertext = decodedMessage.subarray(1 + 16, decodedMessage.length - 10);
var mac = CryptoJS.lib.WordArray.create(decodedMessage.subarray(decodedMessage.length - 10, decodedMessage.length)); var mac = CryptoJS.lib.WordArray.create(decodedMessage.subarray(decodedMessage.length - 10, decodedMessage.length));
var calculated_mac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, mac_key); var calculated_mac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, mac_key);
calculated_mac.update(CryptoJS.enc.Latin1.parse(String.fromCharCode(1))); calculated_mac.update(CryptoJS.enc.Latin1.parse(String.fromCharCode(1)));
calculated_mac.update(iv); calculated_mac.update(iv);
calculated_mac.update(ciphertext); calculated_mac.update(CryptoJS.lib.WordArray.create(ciphertext));
calculated_mac = calculated_mac.finalize(); calculated_mac = calculated_mac.finalize();
var plaintext = CryptoJS.AES.decrypt(ciphertext, aes_key, {iv: iv});//TODO: Does this throw on invalid padding? var plaintext = CryptoJS.AES.decrypt(btoa(getString(ciphertext)), aes_key, {iv: iv});//TODO: Does this throw on invalid padding?
if (calculated_mac.toString(CryptoJS.enc.Hex).substring(0, 20) != mac.toString(CryptoJS.enc.Hex)) { if (calculated_mac.toString(CryptoJS.enc.Hex).substring(0, 20) != mac.toString(CryptoJS.enc.Hex)) {
console.log("Got message with bad MAC"); console.log("Got message with bad MAC");
@ -318,14 +318,12 @@ function subscribeToPush(message_callback) {
try { try {
var plaintext = decryptWebsocketMessage(message.message); var plaintext = decryptWebsocketMessage(message.message);
var proto = decodeProtobuf(plaintext); var proto = decodeProtobuf(plaintext);
doAjax({call: 'push', httpType: 'PUT', urlParameters: '/' + message.id, do_auth: true});
message_callback(proto);
} catch (e) { } catch (e) {
console.log("Error decoding message: " + e); console.log("Error decoding message: " + e);
return;
} }
doAjax({call: 'push', httpType: 'PUT', urlParameters: '/' + message.id, do_auth: true});
message_callback(proto);
}, },
onError: function(response) { onError: function(response) {
console.log('Server is down :('); console.log('Server is down :(');

Write Preview
Loading…
Cancel
Save