fix(shared): make wire.verifyAndDeserializeData verify message correctly

2025-07-06 18:37:12 +02:00
parent 2e5d08d57c
commit 4fa46488c8
2 changed files with 15 additions and 1 deletions
--- a/pkgs/shared/src/utils.ts
+++ b/pkgs/shared/src/utils.ts
@@ -4,3 +4,16 @@ export function createArray<T>(
 ): Array<T> {
 	return Array.from({ length }, (_, index) => f(index));
 }
+
+export function byteArraysEqual(arr1: Uint8Array, arr2: Uint8Array): boolean {
+	const len = arr1.length;
+	if (len !== arr2.length) {
+		return false;
+	}
+	for (let i = 0; i < len; i += 1) {
+		if (arr1[i] !== arr2[i]) {
+			return false;
+		}
+	}
+	return true;
+}
--- a/pkgs/shared/src/wire.ts
+++ b/pkgs/shared/src/wire.ts
@@ -3,6 +3,7 @@ import {
 	fromByteArray as serializeArray,
 	toByteArray as deserializeArray,
 } from "base64-js";
+import { byteArraysEqual } from "./utils";

 export { serializeArray, deserializeArray };

@@ -56,7 +57,7 @@ export async function verifyAndDeserializeData<T>(
 ): Promise<T> {
 	const arr = utf16StringToArrayBuffer(`${signedData.data}:${secret}`);
 	const hash = new Uint8Array(await crypto.subtle.digest("SHA-256", arr));
-	if (hash !== deserializeArray(signedData.hash)) {
+	if (!byteArraysEqual(hash, deserializeArray(signedData.hash))) {
 		throw new Error(`Signed data verification failed, hash mismatch`);
 	}
 	const data = JSON.parse(signedData.data);