Log mac method

This commit is contained in:
RMidhunSuresh 2023-03-30 16:09:46 +05:30
parent 244d56b60f
commit b8e282377e
4 changed files with 40 additions and 34 deletions

View File

@ -6,6 +6,7 @@ import {CancelReason, VerificationEventType} from "./types";
import {getKeyEd25519Key} from "../../CrossSigning"; import {getKeyEd25519Key} from "../../CrossSigning";
import {getDeviceEd25519Key} from "../../../e2ee/common"; import {getDeviceEd25519Key} from "../../../e2ee/common";
import anotherjson from "another-json"; import anotherjson from "another-json";
import {NullLogger} from "../../../../logging/NullLogger";
interface ITestChannel extends IChannel { interface ITestChannel extends IChannel {
setOlmSas(olmSas): void; setOlmSas(olmSas): void;
@ -82,6 +83,7 @@ export class MockChannel implements ITestChannel {
private async recalculateMAC() { private async recalculateMAC() {
// We need to replace the mac with calculated mac // We need to replace the mac with calculated mac
await new NullLogger().run("log", async (log) => {
const baseInfo = const baseInfo =
"MATRIX_KEY_VERIFICATION_MAC" + "MATRIX_KEY_VERIFICATION_MAC" +
this.otherUserId + this.otherUserId +
@ -93,20 +95,21 @@ export class MockChannel implements ITestChannel {
const macMethod = this.acceptMessage.content.message_authentication_code; const macMethod = this.acceptMessage.content.message_authentication_code;
const calculateMac = createCalculateMAC(this.olmSas, macMethod); const calculateMac = createCalculateMAC(this.olmSas, macMethod);
const input = Object.keys(macContent.mac).sort().join(","); const input = Object.keys(macContent.mac).sort().join(",");
const properMac = calculateMac(input, baseInfo + "KEY_IDS"); const properMac = calculateMac(input, baseInfo + "KEY_IDS", log);
macContent.keys = properMac; macContent.keys = properMac;
for (const keyId of Object.keys(macContent.mac)) { for (const keyId of Object.keys(macContent.mac)) {
const deviceId = keyId.split(":", 2)[1]; const deviceId = keyId.split(":", 2)[1];
const device = await this.deviceTracker.deviceForId(this.otherUserDeviceId, deviceId); const device = await this.deviceTracker.deviceForId(this.otherUserDeviceId, deviceId);
if (device) { if (device) {
macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId); macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId, log);
} }
else { else {
const key = await this.deviceTracker.getCrossSigningKeyForUser(this.otherUserId); const key = await this.deviceTracker.getCrossSigningKeyForUser(this.otherUserId);
const masterKey = getKeyEd25519Key(key)!; const masterKey = getKeyEd25519Key(key)!;
macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId); macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId, log);
} }
} }
});
} }
setStartMessage(event: any): void { setStartMessage(event: any): void {

View File

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/ */
import type {ILogItem} from "../../../logging/types";
import type {MacMethod} from "./stages/constants"; import type {MacMethod} from "./stages/constants";
const macMethods: Record<MacMethod, string> = { const macMethods: Record<MacMethod, string> = {
@ -23,8 +24,10 @@ const macMethods: Record<MacMethod, string> = {
}; };
export function createCalculateMAC(olmSAS: Olm.SAS, method: MacMethod) { export function createCalculateMAC(olmSAS: Olm.SAS, method: MacMethod) {
return function (input: string, info: string): string { return function (input: string, info: string, log: ILogItem): string {
return log.wrap({ l: "calculate MAC", method}, () => {
const mac = olmSAS[macMethods[method]](input, info); const mac = olmSAS[macMethods[method]](input, info);
return mac; return mac;
});
}; };
} }

View File

@ -32,7 +32,7 @@ export class SendMacStage extends BaseSASVerificationStage {
}); });
} }
private async sendMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise<void> { private async sendMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise<void> {
const mac: Record<string, string> = {}; const mac: Record<string, string> = {};
const keyList: string[] = []; const keyList: string[] = [];
const baseInfo = const baseInfo =
@ -45,7 +45,7 @@ export class SendMacStage extends BaseSASVerificationStage {
const deviceKeyId = `ed25519:${this.ourUserDeviceId}`; const deviceKeyId = `ed25519:${this.ourUserDeviceId}`;
const deviceKeys = this.e2eeAccount.getUnsignedDeviceKey(); const deviceKeys = this.e2eeAccount.getUnsignedDeviceKey();
mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId); mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId, log);
keyList.push(deviceKeyId); keyList.push(deviceKeyId);
const key = await this.deviceTracker.getCrossSigningKeyForUser(this.ourUserId, KeyUsage.Master, this.hsApi, log); const key = await this.deviceTracker.getCrossSigningKeyForUser(this.ourUserId, KeyUsage.Master, this.hsApi, log);
@ -56,11 +56,11 @@ export class SendMacStage extends BaseSASVerificationStage {
const crossSigningKey = getKeyEd25519Key(key); const crossSigningKey = getKeyEd25519Key(key);
if (crossSigningKey) { if (crossSigningKey) {
const crossSigningKeyId = `ed25519:${crossSigningKey}`; const crossSigningKeyId = `ed25519:${crossSigningKey}`;
mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId); mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId, log);
keyList.push(crossSigningKeyId); keyList.push(crossSigningKeyId);
} }
const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS"); const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS", log);
await this.channel.send(VerificationEventType.Mac, { mac, keys }, log); await this.channel.send(VerificationEventType.Mac, { mac, keys }, log);
} }
} }

View File

@ -35,7 +35,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
}); });
} }
private async checkMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise<void> { private async checkMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise<void> {
const {content} = this.channel.getReceivedMessage(VerificationEventType.Mac); const {content} = this.channel.getReceivedMessage(VerificationEventType.Mac);
const baseInfo = const baseInfo =
"MATRIX_KEY_VERIFICATION_MAC" + "MATRIX_KEY_VERIFICATION_MAC" +
@ -45,7 +45,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
this.ourUserDeviceId + this.ourUserDeviceId +
this.channel.id; this.channel.id;
const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS"); const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS", log);
if (content.keys !== calculatedMAC) { if (content.keys !== calculatedMAC) {
log.log({ l: "MAC verification failed for keys field", keys: content.keys, calculated: calculatedMAC }); log.log({ l: "MAC verification failed for keys field", keys: content.keys, calculated: calculatedMAC });
this.channel.cancelVerification(CancelReason.KeyMismatch); this.channel.cancelVerification(CancelReason.KeyMismatch);
@ -53,7 +53,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
} }
await this.verifyKeys(content.mac, (keyId, key, keyInfo) => { await this.verifyKeys(content.mac, (keyId, key, keyInfo) => {
const calculatedMAC = calculateMAC(key, baseInfo + keyId); const calculatedMAC = calculateMAC(key, baseInfo + keyId, log);
if (keyInfo !== calculatedMAC) { if (keyInfo !== calculatedMAC) {
log.log({ l: "Mac verification failed for key", keyMac: keyInfo, calculatedMAC, keyId, key }); log.log({ l: "Mac verification failed for key", keyMac: keyInfo, calculatedMAC, keyId, key });
this.channel.cancelVerification(CancelReason.KeyMismatch); this.channel.cancelVerification(CancelReason.KeyMismatch);