Page MenuHomePhabricator
Files F3513797

D6950.diff
No OneTemporary
Actions

D6950.diff
View Options

diff --git a/keyserver/src/responders/user-responders.js b/keyserver/src/responders/user-responders.js
--- a/keyserver/src/responders/user-responders.js
+++ b/keyserver/src/responders/user-responders.js
@@ -41,6 +41,10 @@
SubscriptionUpdateResponse,
} from 'lib/types/subscription-types.js';
import type { PasswordUpdate } from 'lib/types/user-types.js';
+import {
+ identityKeysBlobValidator,
+ signedIdentityKeysBlobValidator,
+} from 'lib/utils/crypto-utils.js';
import { ServerError } from 'lib/utils/errors.js';
import { values } from 'lib/utils/objects.js';
import { promiseAll } from 'lib/utils/promises.js';
@@ -195,11 +199,6 @@
deviceToken: t.String,
});
-const signedIdentityKeysBlobValidator = tShape({
- payload: t.String,
- signature: t.String,
-});
-
const registerRequestInputValidator = tShape({
username: t.String,
email: t.maybe(tEmail),
@@ -224,6 +223,9 @@
const identityKeys: IdentityKeysBlob = JSON.parse(
signedIdentityKeysBlob.payload,
);
+ if (!identityKeysBlobValidator.is(identityKeys)) {
+ throw new ServerError('invalid_identity_keys_blob');
+ }
const olmUtil: OLMUtility = getOLMUtility();
try {
@@ -520,6 +522,10 @@
let identityKeys: ?IdentityKeysBlob;
if (signedIdentityKeysBlob) {
identityKeys = JSON.parse(signedIdentityKeysBlob.payload);
+ if (!identityKeysBlobValidator.is(identityKeys)) {
+ throw new ServerError('invalid_identity_keys_blob');
+ }
+
const olmUtil: OLMUtility = getOLMUtility();
try {
olmUtil.ed25519_verify(
diff --git a/lib/utils/crypto-utils.js b/lib/utils/crypto-utils.js
--- a/lib/utils/crypto-utils.js
+++ b/lib/utils/crypto-utils.js
@@ -1,5 +1,30 @@
// @flow
+import t from 'tcomb';
+import { type TInterface } from 'tcomb';
+
+import { primaryIdentityPublicKeyRegex } from './siwe-utils.js';
+import { tRegex, tShape } from './validation-utils.js';
+
const minimumOneTimeKeysRequired = 10;
-export { minimumOneTimeKeysRequired };
+const signedIdentityKeysBlobValidator: TInterface = tShape({
+ payload: t.String,
+ signature: t.String,
+});
+
+const olmIdentityKeysValidator: TInterface = tShape({
+ ed25519: tRegex(primaryIdentityPublicKeyRegex),
+ curve25519: tRegex(primaryIdentityPublicKeyRegex),
+});
+
+const identityKeysBlobValidator: TInterface = tShape({
+ primaryIdentityPublicKeys: olmIdentityKeysValidator,
+ notificationIdentityPublicKeys: olmIdentityKeysValidator,
+});
+
+export {
+ minimumOneTimeKeysRequired,
+ signedIdentityKeysBlobValidator,
+ identityKeysBlobValidator,
+};

File Metadata

Mime Type
text/plain
Expires
Mon, Dec 23, 2:08 AM (19 h, 10 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2693173
Default Alt Text
D6950.diff (2 KB)

Event Timeline