Log mac method

This commit is contained in:
RMidhunSuresh 2023-03-30 16:09:46 +05:30
parent 244d56b60f
commit b8e282377e
4 changed files with 40 additions and 34 deletions

View File

@ -6,6 +6,7 @@ import {CancelReason, VerificationEventType} from "./types";
import {getKeyEd25519Key} from "../../CrossSigning";
import {getDeviceEd25519Key} from "../../../e2ee/common";
import anotherjson from "another-json";
import {NullLogger} from "../../../../logging/NullLogger";
interface ITestChannel extends IChannel {
setOlmSas(olmSas): void;
@ -82,6 +83,7 @@ export class MockChannel implements ITestChannel {
private async recalculateMAC() {
// We need to replace the mac with calculated mac
await new NullLogger().run("log", async (log) => {
const baseInfo =
"MATRIX_KEY_VERIFICATION_MAC" +
this.otherUserId +
@ -93,20 +95,21 @@ export class MockChannel implements ITestChannel {
const macMethod = this.acceptMessage.content.message_authentication_code;
const calculateMac = createCalculateMAC(this.olmSas, macMethod);
const input = Object.keys(macContent.mac).sort().join(",");
const properMac = calculateMac(input, baseInfo + "KEY_IDS");
const properMac = calculateMac(input, baseInfo + "KEY_IDS", log);
macContent.keys = properMac;
for (const keyId of Object.keys(macContent.mac)) {
const deviceId = keyId.split(":", 2)[1];
const device = await this.deviceTracker.deviceForId(this.otherUserDeviceId, deviceId);
if (device) {
macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId);
macContent.mac[keyId] = calculateMac(getDeviceEd25519Key(device), baseInfo + keyId, log);
}
else {
const key = await this.deviceTracker.getCrossSigningKeyForUser(this.otherUserId);
const masterKey = getKeyEd25519Key(key)!;
macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId);
macContent.mac[keyId] = calculateMac(masterKey, baseInfo + keyId, log);
}
}
});
}
setStartMessage(event: any): void {

View File

@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
import type {ILogItem} from "../../../logging/types";
import type {MacMethod} from "./stages/constants";
const macMethods: Record<MacMethod, string> = {
@ -23,8 +24,10 @@ const macMethods: Record<MacMethod, string> = {
};
export function createCalculateMAC(olmSAS: Olm.SAS, method: MacMethod) {
return function (input: string, info: string): string {
return function (input: string, info: string, log: ILogItem): string {
return log.wrap({ l: "calculate MAC", method}, () => {
const mac = olmSAS[macMethods[method]](input, info);
return mac;
});
};
}

View File

@ -32,7 +32,7 @@ export class SendMacStage extends BaseSASVerificationStage {
});
}
private async sendMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise<void> {
private async sendMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise<void> {
const mac: Record<string, string> = {};
const keyList: string[] = [];
const baseInfo =
@ -45,7 +45,7 @@ export class SendMacStage extends BaseSASVerificationStage {
const deviceKeyId = `ed25519:${this.ourUserDeviceId}`;
const deviceKeys = this.e2eeAccount.getUnsignedDeviceKey();
mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId);
mac[deviceKeyId] = calculateMAC(deviceKeys.keys[deviceKeyId], baseInfo + deviceKeyId, log);
keyList.push(deviceKeyId);
const key = await this.deviceTracker.getCrossSigningKeyForUser(this.ourUserId, KeyUsage.Master, this.hsApi, log);
@ -56,11 +56,11 @@ export class SendMacStage extends BaseSASVerificationStage {
const crossSigningKey = getKeyEd25519Key(key);
if (crossSigningKey) {
const crossSigningKeyId = `ed25519:${crossSigningKey}`;
mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId);
mac[crossSigningKeyId] = calculateMAC(crossSigningKey, baseInfo + crossSigningKeyId, log);
keyList.push(crossSigningKeyId);
}
const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS");
const keys = calculateMAC(keyList.sort().join(","), baseInfo + "KEY_IDS", log);
await this.channel.send(VerificationEventType.Mac, { mac, keys }, log);
}
}

View File

@ -35,7 +35,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
});
}
private async checkMAC(calculateMAC: (input: string, info: string) => string, log: ILogItem): Promise<void> {
private async checkMAC(calculateMAC: (input: string, info: string, log: ILogItem) => string, log: ILogItem): Promise<void> {
const {content} = this.channel.getReceivedMessage(VerificationEventType.Mac);
const baseInfo =
"MATRIX_KEY_VERIFICATION_MAC" +
@ -45,7 +45,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
this.ourUserDeviceId +
this.channel.id;
const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS");
const calculatedMAC = calculateMAC(Object.keys(content.mac).sort().join(","), baseInfo + "KEY_IDS", log);
if (content.keys !== calculatedMAC) {
log.log({ l: "MAC verification failed for keys field", keys: content.keys, calculated: calculatedMAC });
this.channel.cancelVerification(CancelReason.KeyMismatch);
@ -53,7 +53,7 @@ export class VerifyMacStage extends BaseSASVerificationStage {
}
await this.verifyKeys(content.mac, (keyId, key, keyInfo) => {
const calculatedMAC = calculateMAC(key, baseInfo + keyId);
const calculatedMAC = calculateMAC(key, baseInfo + keyId, log);
if (keyInfo !== calculatedMAC) {
log.log({ l: "Mac verification failed for key", keyMac: keyInfo, calculatedMAC, keyId, key });
this.channel.cancelVerification(CancelReason.KeyMismatch);