Skip to content

Commit f0d8635

Browse files
overheadhunteroverheadhunter
committed
fixes #1 
1 parent 135b6f3 commit f0d8635

File tree

2 files changed

+51
-0
lines changed

2 files changed

+51
-0
lines changed

CryptoLib/Masterkey.swift

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,21 @@ public class Masterkey {
7777
}
7878
let macKey = try unwrapMasterKey(wrappedKey: wrappedHmacKey.bytes, kek: kek)
7979

80+
// time-constant version MAC check:
81+
guard let storedVersionMac = Data(base64Encoded: jsonData.versionMac), storedVersionMac.count == CC_SHA256_DIGEST_LENGTH else {
82+
throw MasterkeyError.malformedMasterkeyFile("invalid base64 data in versionMac")
83+
}
84+
var calculatedVersionMac = [UInt8](repeating: 0x00, count: Int(CC_SHA256_DIGEST_LENGTH))
85+
let versionBytes = withUnsafeBytes(of: UInt32(jsonData.version).bigEndian, Array.init)
86+
CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), macKey, macKey.count, versionBytes, versionBytes.count, &calculatedVersionMac)
87+
var diff : UInt8 = 0x00
88+
for i in 0..<calculatedVersionMac.count {
89+
diff |= calculatedVersionMac[i] ^ storedVersionMac[i]
90+
}
91+
if diff != 0x00 {
92+
throw MasterkeyError.malformedMasterkeyFile("incorrect version or versionMac")
93+
}
94+
8095
return createFromRaw(aesMasterKey: aesKey, macMasterKey: macKey)
8196
}
8297

CryptoLibTests/MasterkeyTests.swift

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,24 @@ class MasterkeyTests: XCTestCase {
6868
})
6969
}
7070

71+
func testCreateFromMasterkeyFileWithInvalidVersionMac() throws {
72+
let jsonData = """
73+
{
74+
"version": 3,
75+
"scryptSalt": "AAAAAAAAAAA=",
76+
"scryptCostParam": 2,
77+
"scryptBlockSize": 8,
78+
"primaryMasterKey": "mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==",
79+
"hmacMasterKey": "mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==",
80+
"versionMac": "iUmRRHITuyJsJbVNqGNw+82YQ4A3Rma7j/y1v0DCVLa="
81+
}
82+
""".data(using: .utf8)!
83+
84+
XCTAssertThrowsError(try Masterkey.createFromMasterkeyFile(jsonData: jsonData, password: "asd"), "invalid password", { error in
85+
XCTAssertEqual(error as! MasterkeyError, MasterkeyError.malformedMasterkeyFile("incorrect version or versionMac"))
86+
})
87+
}
88+
7189
func testCreateFromMasterkeyFileWithMalformedJson1() throws {
7290
let jsonData = """
7391
{
@@ -103,5 +121,23 @@ class MasterkeyTests: XCTestCase {
103121
XCTAssertEqual(error as! MasterkeyError, MasterkeyError.malformedMasterkeyFile("invalid base64 data in hmacMasterKey"))
104122
})
105123
}
124+
125+
func testCreateFromMasterkeyFileWithMalformedJson3() throws {
126+
let jsonData = """
127+
{
128+
"version": 3,
129+
"scryptSalt": "AAAAAAAAAAA=",
130+
"scryptCostParam": 2,
131+
"scryptBlockSize": 8,
132+
"primaryMasterKey": "mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==",
133+
"hmacMasterKey": "mM+qoQ+o0qvPTiDAZYt+flaC3WbpNAx1sTXaUzxwpy0M9Ctj6Tih/Q==",
134+
"versionMac": "iUmRRHITuyJsJbVN"
135+
}
136+
""".data(using: .utf8)!
137+
138+
XCTAssertThrowsError(try Masterkey.createFromMasterkeyFile(jsonData: jsonData, password: "asd"), "invalid password", { error in
139+
XCTAssertEqual(error as! MasterkeyError, MasterkeyError.malformedMasterkeyFile("invalid base64 data in versionMac"))
140+
})
141+
}
106142

107143
}

0 commit comments

Comments
 (0)