Merge pull request #1378 from matrix-org/uhoreg/fix_mac_check

make MAC check robust against unpadded vs padded base64 differences
matrix-org · May 20, 2020 · 048d7a9 · 048d7a9
2 parents 3cd562f + ebdff50
commit 048d7a9
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/src/crypto/SecretStorage.js b/src/crypto/SecretStorage.js
@@ -167,7 +167,7 @@ export class SecretStorage extends EventEmitter {
         if (info.algorithm === SECRET_STORAGE_ALGORITHM_V1_AES) {
             if (info.mac) {
                 const {mac} = await SecretStorage._calculateKeyCheck(key, info.iv);
-                return info.mac === mac;
+                return info.mac.replace(/=+$/g, '') === mac.replace(/=+$/g, '');
             } else {
                 // if we have no information, we have to assume the key is right
                 return true;

diff --git a/src/crypto/aes.js b/src/crypto/aes.js
@@ -84,9 +84,9 @@ async function decryptNode(data, key, name) {
     const [aesKey, hmacKey] = deriveKeysNode(key, name);
 
     const hmac = crypto.createHmac("sha256", hmacKey)
-        .update(data.ciphertext, "base64").digest("base64");
+        .update(data.ciphertext, "base64").digest("base64").replace(/=+$/g, '');
 
-    if (hmac !== data.mac) {
+    if (hmac !== data.mac.replace(/=+$/g, '')) {
         throw new Error(`Error decrypting secret ${name}: bad MAC`);
     }