t/pow-captcha
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(shared): make wire.verifyAndDeserializeData verify message correctly

Browse Source
This commit is contained in:
Thomas Heck
2025-07-06 18:37:12 +02:00
parent 2e5d08d57c
commit 4fa46488c8
2 changed files with 15 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkgs/shared/src/utils.ts
View File

@@ -4,3 +4,16 @@ export function createArray<T>(
): Array<T> { ): Array<T> {
return Array.from({ length }, (_, index) => f(index)); return Array.from({ length }, (_, index) => f(index));
} }
export function byteArraysEqual(arr1: Uint8Array, arr2: Uint8Array): boolean {
const len = arr1.length;
if (len !== arr2.length) {
return false;
}
for (let i = 0; i < len; i += 1) {
if (arr1[i] !== arr2[i]) {
return false;
}
}
return true;
}

3
pkgs/shared/src/wire.ts
View File

@@ -3,6 +3,7 @@ import {
fromByteArray as serializeArray, fromByteArray as serializeArray,
toByteArray as deserializeArray, toByteArray as deserializeArray,
} from "base64-js"; } from "base64-js";
import { byteArraysEqual } from "./utils";
export { serializeArray, deserializeArray }; export { serializeArray, deserializeArray };
@@ -56,7 +57,7 @@ export async function verifyAndDeserializeData<T>(
): Promise<T> { ): Promise<T> {
const arr = utf16StringToArrayBuffer(`${signedData.data}:${secret}`); const arr = utf16StringToArrayBuffer(`${signedData.data}:${secret}`);
const hash = new Uint8Array(await crypto.subtle.digest("SHA-256", arr)); const hash = new Uint8Array(await crypto.subtle.digest("SHA-256", arr));
if (hash !== deserializeArray(signedData.hash)) { if (!byteArraysEqual(hash, deserializeArray(signedData.hash))) {
throw new Error(`Signed data verification failed, hash mismatch`); throw new Error(`Signed data verification failed, hash mismatch`);
} }
const data = JSON.parse(signedData.data); const data = JSON.parse(signedData.data);