make MAC check robust against unpadded vs padded base64 differences

uhoreg · uhoreg · commit ebdff505eb26 · 2020-05-15T16:52:53.000-04:00
diff --git a/src/crypto/SecretStorage.js b/src/crypto/SecretStorage.js
@@ -167,7 +167,7 @@ export class SecretStorage extends EventEmitter {
         if (info.algorithm === SECRET_STORAGE_ALGORITHM_V1_AES) {
             if (info.mac) {
                 const {mac} = await SecretStorage._calculateKeyCheck(key, info.iv);
-                return info.mac === mac;
+                return info.mac.replace(/=+$/g, '') === mac.replace(/=+$/g, '');
             } else {
                 // if we have no information, we have to assume the key is right
                 return true;
diff --git a/src/crypto/aes.js b/src/crypto/aes.js
@@ -84,9 +84,9 @@ async function decryptNode(data, key, name) {
     const [aesKey, hmacKey] = deriveKeysNode(key, name);
 
     const hmac = crypto.createHmac("sha256", hmacKey)
-        .update(data.ciphertext, "base64").digest("base64");
+        .update(data.ciphertext, "base64").digest("base64").replace(/=+$/g, '');
 
-    if (hmac !== data.mac) {
+    if (hmac !== data.mac.replace(/=+$/g, '')) {
         throw new Error(`Error decrypting secret ${name}: bad MAC`);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -84,9 +84,9 @@ async function decryptNode(data, key, name) {`
`84`	`84`	`const [aesKey, hmacKey] = deriveKeysNode(key, name);`
`85`	`85`
`86`	`86`	`const hmac = crypto.createHmac("sha256", hmacKey)`
`87`		`- .update(data.ciphertext, "base64").digest("base64");`
	`87`	`+ .update(data.ciphertext, "base64").digest("base64").replace(/=+$/g, '');`
`88`	`88`
`89`		`- if (hmac !== data.mac) {`
	`89`	`+ if (hmac !== data.mac.replace(/=+$/g, '')) {`
`90`	`90`	throw new Error(`Error decrypting secret ${name}: bad MAC`);
`91`	`91`	`}`
`92`	`92`