mirror of
https://github.com/bitwarden/android.git
synced 2024-11-01 07:35:52 +03:00
use random key for double hmac comparisons
This commit is contained in:
parent
01878ef00c
commit
1390df48b6
2 changed files with 5 additions and 4 deletions
|
@ -386,7 +386,7 @@ namespace Bit.App.Services
|
||||||
if(EncKey?.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
|
if(EncKey?.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
|
||||||
{
|
{
|
||||||
var computedMacBytes = Crypto.ComputeMac(encyptedValue.CipherTextBytes, EncKey.MacKey);
|
var computedMacBytes = Crypto.ComputeMac(encyptedValue.CipherTextBytes, EncKey.MacKey);
|
||||||
if(!Crypto.MacsEqual(EncKey.MacKey, computedMacBytes, encyptedValue.MacBytes))
|
if(!Crypto.MacsEqual(computedMacBytes, encyptedValue.MacBytes))
|
||||||
{
|
{
|
||||||
throw new InvalidOperationException("MAC failed.");
|
throw new InvalidOperationException("MAC failed.");
|
||||||
}
|
}
|
||||||
|
|
|
@ -95,7 +95,7 @@ namespace Bit.App.Utilities
|
||||||
if(key.MacKey != null && mac != null)
|
if(key.MacKey != null && mac != null)
|
||||||
{
|
{
|
||||||
var computedMacBytes = ComputeMac(ct, iv, key.MacKey);
|
var computedMacBytes = ComputeMac(ct, iv, key.MacKey);
|
||||||
if(!MacsEqual(key.MacKey, computedMacBytes, mac))
|
if(!MacsEqual(computedMacBytes, mac))
|
||||||
{
|
{
|
||||||
throw new InvalidOperationException("MAC failed.");
|
throw new InvalidOperationException("MAC failed.");
|
||||||
}
|
}
|
||||||
|
@ -148,10 +148,11 @@ namespace Bit.App.Utilities
|
||||||
|
|
||||||
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
|
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
|
||||||
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
|
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
|
||||||
public static bool MacsEqual(byte[] macKey, byte[] mac1, byte[] mac2)
|
// ref: https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy
|
||||||
|
public static bool MacsEqual(byte[] mac1, byte[] mac2)
|
||||||
{
|
{
|
||||||
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
|
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
|
||||||
var hasher = algorithm.CreateHash(macKey);
|
var hasher = algorithm.CreateHash(RandomBytes(32));
|
||||||
|
|
||||||
hasher.Append(mac1);
|
hasher.Append(mac1);
|
||||||
mac1 = hasher.GetValueAndReset();
|
mac1 = hasher.GetValueAndReset();
|
||||||
|
|
Loading…
Reference in a new issue