From d2472007b8a40b08395dcc836b681f6b1ce73729 Mon Sep 17 00:00:00 2001
From: Audric Ackermann <audric@loki.network>
Date: Thu, 8 Sep 2022 13:31:22 +1000
Subject: [PATCH] fix: swallow exception while doing
 tryMatchBlindWithStandardKey

---
 .../open_group_api/sogsv3/knownBlindedkeys.ts | 49 +++++++++++--------
 1 file changed, 29 insertions(+), 20 deletions(-)

diff --git a/ts/session/apis/open_group_api/sogsv3/knownBlindedkeys.ts b/ts/session/apis/open_group_api/sogsv3/knownBlindedkeys.ts
index a1aa8cf3e..00b0b1ca6 100644
--- a/ts/session/apis/open_group_api/sogsv3/knownBlindedkeys.ts
+++ b/ts/session/apis/open_group_api/sogsv3/knownBlindedkeys.ts
@@ -151,34 +151,43 @@ export function tryMatchBlindWithStandardKey(
   if (!blindedSessionId.startsWith(KeyPrefixType.blinded)) {
     throw new Error('blindedKey must be a blinded key (starting with 15)');
   }
-  // tslint:disable: no-bitwise
 
-  const sessionIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(standardSessionId).key);
-  const blindedIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(blindedSessionId).key);
-  const kBytes = generateBlindingFactor(serverPubKey, sodium);
+  // We don't want to stop iterating even if an error happens while looking for a blind/standard match.
+  // That's why we catch any errors and return false if it happens.
+  try {
+    // tslint:disable: no-bitwise
 
-  // From the session id (ignoring 05 prefix) we have two possible ed25519 pubkeys; the first is
-  // the positive(which is what Signal's XEd25519 conversion always uses)
+    const sessionIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(standardSessionId).key);
+    const blindedIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(blindedSessionId).key);
+    const kBytes = generateBlindingFactor(serverPubKey, sodium);
 
-  const inbin = from_hex(sessionIdNoPrefix);
-  // Note: The below method is code we have exposed from the  method within the Curve25519-js library
-  // rather than custom code we have written
-  const xEd25519Key = crypto_sign_curve25519_pk_to_ed25519(inbin);
+    // From the session id (ignoring 05 prefix) we have two possible ed25519 pubkeys; the first is
+    // the positive(which is what Signal's XEd25519 conversion always uses)
 
-  // Blind it:
-  const pk1 = combineKeys(kBytes, xEd25519Key, sodium);
-  //  For the negative, what we're going to get out of the above is simply the negative of pk1, so
-  // flip the sign bit to get pk2:
-  const pk2 = cloneDeep(pk1);
-  pk2[31] = pk1[31] ^ 0b1000_0000;
+    const inbin = from_hex(sessionIdNoPrefix);
+    // Note: The below method is code we have exposed from the method within the Curve25519-js library
+    // rather than custom code we have written
+    const xEd25519Key = crypto_sign_curve25519_pk_to_ed25519(inbin);
 
-  const match = isEqual(blindedIdNoPrefix, to_hex(pk1)) || isEqual(blindedIdNoPrefix, to_hex(pk2));
+    // Blind it:
+    const pk1 = combineKeys(kBytes, xEd25519Key, sodium);
+    //  For the negative, what we're going to get out of the above is simply the negative of pk1, so
+    // flip the sign bit to get pk2:
+    const pk2 = cloneDeep(pk1);
+    pk2[31] = pk1[31] ^ 0b1000_0000;
 
-  if (!match) {
+    const match =
+      isEqual(blindedIdNoPrefix, to_hex(pk1)) || isEqual(blindedIdNoPrefix, to_hex(pk2));
+
+    if (!match) {
+      return false;
+    }
+
+    return true;
+  } catch (e) {
+    window.log.warn('Failed to do crypto tryMatchBlindWithStandardKey with ', e.message);
     return false;
   }
-
-  return true;
 }
 
 /**