PoliBa-Software-Architecture/Typescript-MessageUtils
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V0.7.0 Arroyo Toad

Browse Source 
Fixed a design flaw where we supposed we could find keys before reading part of the message by adding support for a method to grab the key at runtime
This commit is contained in:
Christian Risi
2024-12-14 11:51:28 +00:00
parent e6b1f8d5ea
commit 15bae1af19
12 changed files with 63 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/utils/deserializer.ts
View File

@@ -7,7 +7,9 @@ import { DeviceLocation } from "../classes/DeviceLocation.ts";
import { signatureVerifierV1 } from "./signatureVerifier.ts";
import * as mod from "node:crypto";
export async function deserializerV1(buffer: ArrayBuffer, key: mod.webcrypto.CryptoKey) {
export async function deserializerV1(buffer: ArrayBuffer, retrieveKey: (deviceType: DeviceType, deviceID: bigint) => Promise<mod.webcrypto.CryptoKey> | mod.webcrypto.CryptoKey) {
const version: number = new Uint8Array(buffer.slice(0, 1))[0];
// UGLY Force typecasting
@@ -33,6 +35,7 @@ export async function deserializerV1(buffer: ArrayBuffer, key: mod.webcrypto.Cry
] as keyof typeof SignatureType
];
const timestamp: number = new Float64Array(buffer.slice(8, 16))[0];
// UGLY: sum the 2 bigints to a sing bigint
@@ -78,6 +81,10 @@ export async function deserializerV1(buffer: ArrayBuffer, key: mod.webcrypto.Cry
const msgBuffer = buffer.slice(0, signatureStart)
const signature = new Uint8Array(buffer.slice(index))
const key = await retrieveKey(deviceType, deviceID)
const result = await signatureVerifierV1(msgBuffer, signature, key)
if (!result) {