From c1ffe23b1e77a75fc4f71f17b87660ed506b5113 Mon Sep 17 00:00:00 2001 From: Audric Ackermann Date: Mon, 12 Jul 2021 15:15:40 +1000 Subject: [PATCH] moved verifySignature of opengroup messages to a worker --- .prettierignore | 1 + Gruntfile.js | 4 +-- js/curve/curve25519_wrapper.js | 2 +- js/util_worker_tasks.js | 21 ++++++++----- ts/opengroup/opengroupV2/ApiUtil.ts | 47 +++++------------------------ 5 files changed, 26 insertions(+), 49 deletions(-) diff --git a/.prettierignore b/.prettierignore index 5e05306c9..d21e26970 100644 --- a/.prettierignore +++ b/.prettierignore @@ -31,6 +31,7 @@ js/curve/** js/Mp3LameEncoder.min.js js/WebAudioRecorderMp3.js libtextsecure/libsignal-protocol.js +js/util_worker.js libtextsecure/test/blanket_mocha.js test/blanket_mocha.js mnemonic_languages/** diff --git a/Gruntfile.js b/Gruntfile.js index 1e6d1600b..0fbb37b64 100644 --- a/Gruntfile.js +++ b/Gruntfile.js @@ -33,8 +33,8 @@ module.exports = grunt => { const utilWorkerComponents = [ 'node_modules/bytebuffer/dist/bytebuffer.js', - 'node_modules/libsodium/dist/modules/libsodium.js', - 'node_modules/libsodium-wrappers/dist/modules/libsodium-wrappers.js', + 'js/curve/curve25519_compiled.js', + 'js/curve/curve25519_wrapper.js', 'js/util_worker_tasks.js', ]; diff --git a/js/curve/curve25519_wrapper.js b/js/curve/curve25519_wrapper.js index 3b1294180..84b447ca0 100644 --- a/js/curve/curve25519_wrapper.js +++ b/js/curve/curve25519_wrapper.js @@ -1,5 +1,5 @@ /* vim: ts=4:sw=4:expandtab */ -var Internal = global.Internal || {}; +var Internal = typeof global === 'undefined' ? {} : global.Internal || {}; (function() { 'use strict'; diff --git a/js/util_worker_tasks.js b/js/util_worker_tasks.js index 8a2b596fd..6249b13a3 100644 --- a/js/util_worker_tasks.js +++ b/js/util_worker_tasks.js @@ -1,4 +1,4 @@ -/* global dcodeIO, libsignal */ +/* global dcodeIO */ /* eslint-disable strict */ const functions = { @@ -43,14 +43,21 @@ function fromBase64ToArrayBuffer(value) { return dcodeIO.ByteBuffer.wrap(value, 'base64').toArrayBuffer(); } -async function verifySignature(senderPubKey, messageData, signature) { +async function verifySignature(senderPubKey, messageBase64, signatureBase64) { try { - const result = sodium.crypto_sign_verify_detached(signature, messageData, senderPubKey); - console.warn('sodium result', result); - return result; - // libsignal.Curve.async.verifySignature(senderPubKey, messageData, signature); + const messageData = new Uint8Array(fromBase64ToArrayBuffer(messageBase64)); + const signature = new Uint8Array(fromBase64ToArrayBuffer(signatureBase64)); + + // verify returns true if the signature is not correct + const verifyRet = Internal.curve25519.verify(senderPubKey, messageData, signature); + if (verifyRet) { + console.warn('Invalid signature'); + return false; + } + + return true; } catch (e) { - console.warn('verifySignature:', e); + console.warn('verifySignature got an error:', e); return false; } } diff --git a/ts/opengroup/opengroupV2/ApiUtil.ts b/ts/opengroup/opengroupV2/ApiUtil.ts index 51a402b3b..77f856ae2 100644 --- a/ts/opengroup/opengroupV2/ApiUtil.ts +++ b/ts/opengroup/opengroupV2/ApiUtil.ts @@ -44,7 +44,7 @@ export type OpenGroupV2InfoJoinable = OpenGroupV2Info & { export const parseMessages = async ( rawMessages: Array> ): Promise> => { - if (!rawMessages) { + if (!rawMessages || rawMessages.length === 0) { window?.log?.info('no new messages'); return []; } @@ -64,50 +64,19 @@ export const parseMessages = async ( continue; } // Validate the message signature - console.time(`worker1-${opengroupv2Message?.serverId}`); const senderPubKey = PubKey.cast(opengroupv2Message.sender).withoutPrefix(); - const signature = (await window.callWorker( - 'fromBase64ToArrayBuffer', - opengroupv2Message.base64EncodedSignature - )) as ArrayBuffer; - console.timeEnd(`worker1-${opengroupv2Message?.serverId}`); - console.time(`worker2-${opengroupv2Message?.serverId}`); - - const messageData = (await window.callWorker( - 'fromBase64ToArrayBuffer', - opengroupv2Message.base64EncodedData - )) as ArrayBuffer; - console.timeEnd(`worker2-${opengroupv2Message?.serverId}`); - - // throws if signature failed - console.time(`verifySignature-${opengroupv2Message?.serverId}`); - // const senderEd = (await getSodium()).crypto_sign_ed25519_sk_to_curve25519( - // fromHexToArray(senderPubKey), - // 'uint8array' - // ); - - const valid = (await getSodium()).crypto_sign_verify_detached( - new Uint8Array(signature), - new Uint8Array(messageData), - fromHexToArray(senderPubKey) - ); - - // const signatureValid = (await window.callWorker( - // 'verifySignature', - // fromHexToArray(senderPubKey), - // new Uint8Array(messageData), - // new Uint8Array(signature) - // )) as boolean; - if (!valid) { - console.timeEnd(`verifySignature-${opengroupv2Message?.serverId}`); + const signatureValid = (await window.callWorker( + 'verifySignature', + fromHexToArray(senderPubKey), + opengroupv2Message.base64EncodedData, + opengroupv2Message.base64EncodedSignature + )) as boolean; + if (!signatureValid) { throw new Error('opengroup message signature invalisd'); } - console.timeEnd(`verifySignature-${opengroupv2Message?.serverId}`); parsedMessages.push(opengroupv2Message); - // as we are not running in a worker, just give some time for UI events - await sleepFor(5); } catch (e) { window?.log?.error('An error happened while fetching getMessages output:', e); }