oxen-io
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #2482 from Bilb/crypto-magic-swallow-exception 

fix: swallow exception while doing tryMatchBlindWithStandardKey
This commit is contained in:
Audric Ackermann 2022-09-13 13:08:02 +10:00 committed by GitHub
parent 4b0bd43193 d2472007b8
commit afe573fd06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
ts/session/apis/open_group_api/sogsv3/knownBlindedkeys.ts
View File

@ -151,34 +151,43 @@ export function tryMatchBlindWithStandardKey(
if (!blindedSessionId.startsWith(KeyPrefixType.blinded)) {
throw new Error('blindedKey must be a blinded key (starting with 15)');
}
// tslint:disable: no-bitwise
const sessionIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(standardSessionId).key);
const blindedIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(blindedSessionId).key);
const kBytes = generateBlindingFactor(serverPubKey, sodium);
// We don't want to stop iterating even if an error happens while looking for a blind/standard match.
// That's why we catch any errors and return false if it happens.
try {
// tslint:disable: no-bitwise
// From the session id (ignoring 05 prefix) we have two possible ed25519 pubkeys; the first is
// the positive(which is what Signal's XEd25519 conversion always uses)
const sessionIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(standardSessionId).key);
const blindedIdNoPrefix = PubKey.removePrefixIfNeeded(PubKey.cast(blindedSessionId).key);
const kBytes = generateBlindingFactor(serverPubKey, sodium);
const inbin = from_hex(sessionIdNoPrefix);
// Note: The below method is code we have exposed from the method within the Curve25519-js library
// rather than custom code we have written
const xEd25519Key = crypto_sign_curve25519_pk_to_ed25519(inbin);
// From the session id (ignoring 05 prefix) we have two possible ed25519 pubkeys; the first is
// the positive(which is what Signal's XEd25519 conversion always uses)
// Blind it:
const pk1 = combineKeys(kBytes, xEd25519Key, sodium);
// For the negative, what we're going to get out of the above is simply the negative of pk1, so
// flip the sign bit to get pk2:
const pk2 = cloneDeep(pk1);
pk2[31] = pk1[31] ^ 0b1000_0000;
const inbin = from_hex(sessionIdNoPrefix);
// Note: The below method is code we have exposed from the method within the Curve25519-js library
// rather than custom code we have written
const xEd25519Key = crypto_sign_curve25519_pk_to_ed25519(inbin);
const match = isEqual(blindedIdNoPrefix, to_hex(pk1)) || isEqual(blindedIdNoPrefix, to_hex(pk2));
// Blind it:
const pk1 = combineKeys(kBytes, xEd25519Key, sodium);
// For the negative, what we're going to get out of the above is simply the negative of pk1, so
// flip the sign bit to get pk2:
const pk2 = cloneDeep(pk1);
pk2[31] = pk1[31] ^ 0b1000_0000;
if (!match) {
const match =
isEqual(blindedIdNoPrefix, to_hex(pk1)) || isEqual(blindedIdNoPrefix, to_hex(pk2));
if (!match) {
return false;
}
return true;
} catch (e) {
window.log.warn('Failed to do crypto tryMatchBlindWithStandardKey with ', e.message);
return false;
}
return true;
}
/**