bitwarden/mobile
1
0
Fork 0
mirror of https://github.com/bitwarden/mobile synced 2026-01-06 18:43:43 +00:00
Code Issues Releases Wiki Activity

hmac check on rsa decrypt

Browse Source
This commit is contained in:
Kyle Spearrin
2017-06-19 11:57:37 -04:00
parent 1e5883f028
commit 7823ec3fc8
4 changed files with 43 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
src/App/Utilities/Crypto.cs
View File

@@ -1,6 +1,7 @@
using Bit.App.Models;
using PCLCrypto;
using System;
using System.Collections.Generic;
using System.Linq;
namespace Bit.App.Utilities
@@ -63,19 +64,14 @@ namespace Bit.App.Utilities
return WinRTCrypto.CryptographicBuffer.GenerateRandom(length);
}
private static string ComputeMacBase64(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
public static string ComputeMacBase64(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
{
var mac = ComputeMac(ctBytes, ivBytes, macKey);
return Convert.ToBase64String(mac);
}
private static byte[] ComputeMac(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
public static byte[] ComputeMac(byte[] ctBytes, byte[] ivBytes, byte[] macKey)
{
if(macKey == null)
{
throw new ArgumentNullException(nameof(macKey));
}
if(ctBytes == null)
{
throw new ArgumentNullException(nameof(ctBytes));
@@ -86,16 +82,31 @@ namespace Bit.App.Utilities
throw new ArgumentNullException(nameof(ivBytes));
}
return ComputeMac(ivBytes.Concat(ctBytes), macKey);
}
public static byte[] ComputeMac(IEnumerable<byte> dataBytes, byte[] macKey)
{
if(macKey == null)
{
throw new ArgumentNullException(nameof(macKey));
}
if(dataBytes == null)
{
throw new ArgumentNullException(nameof(dataBytes));
}
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
var hasher = algorithm.CreateHash(macKey);
hasher.Append(ivBytes.Concat(ctBytes).ToArray());
hasher.Append(dataBytes.ToArray());
var mac = hasher.GetValueAndReset();
return mac;
}
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
// ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
private static bool MacsEqual(byte[] macKey, byte[] mac1, byte[] mac2)
public static bool MacsEqual(byte[] macKey, byte[] mac1, byte[] mac2)
{
var algorithm = WinRTCrypto.MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256);
var hasher = algorithm.CreateHash(macKey);