Merge pull request #1211 from matrix-org/bwindels/logsasmac

log MAC calculation during SAS
matrix-org · Feb 14, 2020 · 47a1224 · 47a1224
2 parents 6684574 + edefd3e
commit 47a1224
Showing 1 changed file with 15 additions and 5 deletions.
diff --git a/src/crypto/verification/SAS.js b/src/crypto/verification/SAS.js
@@ -28,6 +28,7 @@ import {
     newUnknownMethodError,
     newUserCancelledError,
 } from './Error';
+import {logger} from '../../logger';
 
 const START_TYPE = "m.key.verification.start";
 
@@ -165,6 +166,15 @@ const macMethods = {
     "hmac-sha256": "calculate_mac_long_kdf",
 };
 
+function calculateMAC(olmSAS, method) {
+    return function(...args) {
+        const macFunction = olmSAS[macMethods[method]];
+        const mac = macFunction.apply(olmSAS, args);
+        logger.log("SAS calculateMAC:", method, args, mac);
+        return mac;
+    };
+}
+
 /* lists of algorithms/methods that are supported.  The key agreement, hashes,
  * and MAC lists should be sorted in order of preference (most preferred
  * first).
@@ -429,7 +439,7 @@ export class SAS extends Base {
               + this._channel.transactionId;
 
         const deviceKeyId = `ed25519:${this._baseApis.deviceId}`;
-        mac[deviceKeyId] = olmSAS[macMethods[method]](
+        mac[deviceKeyId] = calculateMAC(olmSAS, method)(
             this._baseApis.getDeviceEd25519Key(),
             baseInfo + deviceKeyId,
         );
@@ -438,14 +448,14 @@ export class SAS extends Base {
         const crossSigningId = this._baseApis.getCrossSigningId();
         if (crossSigningId) {
             const crossSigningKeyId = `ed25519:${crossSigningId}`;
-            mac[crossSigningKeyId] = olmSAS[macMethods[method]](
+            mac[crossSigningKeyId] = calculateMAC(olmSAS, method)(
                 crossSigningId,
                 baseInfo + crossSigningKeyId,
             );
             keyList.push(crossSigningKeyId);
         }
 
-        const keys = olmSAS[macMethods[method]](
+        const keys = calculateMAC(olmSAS, method)(
             keyList.sort().join(","),
             baseInfo + "KEY_IDS",
         );
@@ -458,15 +468,15 @@ export class SAS extends Base {
               + this._baseApis.getUserId() + this._baseApis.deviceId
               + this._channel.transactionId;
 
-        if (content.keys !== olmSAS[macMethods[method]](
+        if (content.keys !== calculateMAC(olmSAS, method)(
             Object.keys(content.mac).sort().join(","),
             baseInfo + "KEY_IDS",
         )) {
             throw newKeyMismatchError();
         }
 
         await this._verifyKeys(this.userId, content.mac, (keyId, device, keyInfo) => {
-            if (keyInfo !== olmSAS[macMethods[method]](
+            if (keyInfo !== calculateMAC(olmSAS, method)(
                 device.keys[keyId],
                 baseInfo + keyId,
             )) {