mirror of
https://github.com/bitwarden/android.git
synced 2024-12-24 18:08:26 +03:00
hmac check on rsa decrypt
This commit is contained in:
parent
1e5883f028
commit
7823ec3fc8
4 changed files with 43 additions and 10 deletions
|
@ -6,6 +6,8 @@
|
|||
AesCbc128_HmacSha256_B64 = 1,
|
||||
AesCbc256_HmacSha256_B64 = 2,
|
||||
Rsa2048_OaepSha256_B64 = 3,
|
||||
Rsa2048_OaepSha1_B64 = 4
|
||||
Rsa2048_OaepSha1_B64 = 4,
|
||||
Rsa2048_OaepSha256_HmacSha256_B64 = 5,
|
||||
Rsa2048_OaepSha1_HmacSha256_B64 = 6
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,6 +63,15 @@ namespace Bit.App.Models
|
|||
}
|
||||
CipherText = encPieces[0];
|
||||
break;
|
||||
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
|
||||
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
|
||||
if(encPieces.Length != 2)
|
||||
{
|
||||
throw new ArgumentException("Malformed encPieces.");
|
||||
}
|
||||
CipherText = encPieces[0];
|
||||
Mac = encPieces[1];
|
||||
break;
|
||||
default:
|
||||
throw new ArgumentException("Unknown encType.");
|
||||
}
|
||||
|
|
|
@ -323,13 +323,24 @@ namespace Bit.App.Services
|
|||
throw new ArgumentNullException(nameof(privateKey));
|
||||
}
|
||||
|
||||
if(EncKey?.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
|
||||
{
|
||||
var computedMacBytes = Crypto.ComputeMac(encyptedValue.CipherTextBytes, EncKey.MacKey);
|
||||
if(!Crypto.MacsEqual(EncKey.MacKey, computedMacBytes, encyptedValue.MacBytes))
|
||||
{
|
||||
throw new InvalidOperationException("MAC failed.");
|
||||
}
|
||||
}
|
||||
|
||||
IAsymmetricKeyAlgorithmProvider provider = null;
|
||||
switch(encyptedValue.EncryptionType)
|
||||
{
|
||||
case EncryptionType.Rsa2048_OaepSha256_B64:
|
||||
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
|
||||
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha256);
|
||||
break;
|
||||
case EncryptionType.Rsa2048_OaepSha1_B64:
|
||||
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
|
||||
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
|
||||
break;
|
||||
default:
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
using Bit.App.Models;
|
||||
using PCLCrypto;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
|
||||
namespace Bit.App.Utilities
|
||||
|
@ -63,19 +64,14 @@ namespace Bit.App.Utilities
|
|||
return WinRTCrypto.CryptographicBuffer.GenerateRandom(length);
|
||||
}
|
||||
|
||||
private static string ComputeMacBase64(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
|
||||
public static string ComputeMacBase64(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
|
||||
{
|
||||
var mac = ComputeMac(ctBytes, ivBytes, macKey);
|
||||
return Convert.ToBase64String(mac);
|
||||
}
|
||||
|
||||
private static byte[] ComputeMac(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
|
||||
public static byte[] ComputeMac(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
|
||||
{
|
||||
if(macKey == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(macKey));
|
||||
}
|
||||
|
||||
if(ctBytes == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(ctBytes));
|
||||
|
@ -86,16 +82,31 @@ namespace Bit.App.Utilities
|
|||
throw new ArgumentNullException(nameof(ivBytes));
|
||||
}
|
||||
|
||||
return ComputeMac(ivBytes.Concat(ctBytes), macKey);
|
||||
}
|
||||
|
||||
public static byte[] ComputeMac(IEnumerable<byte> dataBytes, byte[] macKey)
|
||||
{
|
||||
if(macKey == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(macKey));
|
||||
}
|
||||
|
||||
if(dataBytes == null)
|
||||
{
|
||||
throw new ArgumentNullException(nameof(dataBytes));
|
||||
}
|
||||
|
||||
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
|
||||
var hasher = algorithm.CreateHash(macKey);
|
||||
hasher.Append(ivBytes.Concat(ctBytes).ToArray());
|
||||
hasher.Append(dataBytes.ToArray());
|
||||
var mac = hasher.GetValueAndReset();
|
||||
return mac;
|
||||
}
|
||||
|
||||
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
|
||||
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
|
||||
private static bool MacsEqual(byte[] macKey, byte[] mac1, byte[] mac2)
|
||||
public static bool MacsEqual(byte[] macKey, byte[] mac1, byte[] mac2)
|
||||
{
|
||||
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
|
||||
var hasher = algorithm.CreateHash(macKey);
|
||||
|
|
Loading…
Reference in a new issue