Verify HMAC when decrypting received payloads. (#11)

prashanOS · web-flow · commit f67314fb7735 · 2022-09-29T15:34:10.000-04:00
* Verify HMAC when decrypting received payloads.
diff --git a/lib/src/main/kotlin/org/walletconnect/impls/MoshiPayloadAdapter.kt b/lib/src/main/kotlin/org/walletconnect/impls/MoshiPayloadAdapter.kt
@@ -155,11 +155,4 @@ class MoshiPayloadAdapter(moshi: Moshi) : Session.PayloadAdapter {
             "method" to method,
             "params" to params
         )
-
-    @JsonClass(generateAdapter = true)
-    data class EncryptedPayload(
-        @Json(name = "data") val data: String,
-        @Json(name = "iv") val iv: String,
-        @Json(name = "hmac") val hmac: String
-    )
 }
diff --git a/lib/src/main/kotlin/org/walletconnect/impls/MoshiPayloadEncryption.kt b/lib/src/main/kotlin/org/walletconnect/impls/MoshiPayloadEncryption.kt
@@ -1,5 +1,7 @@
 package org.walletconnect.impls
 
+import com.squareup.moshi.Json
+import com.squareup.moshi.JsonClass
 import com.squareup.moshi.Moshi
 import org.bouncycastle.crypto.digests.SHA256Digest
 import org.bouncycastle.crypto.engines.AESEngine
@@ -16,7 +18,7 @@ import java.security.SecureRandom
 
 class MoshiPayloadEncryption(moshi: Moshi) : Session.PayloadEncryption {
 
-    private val encryptedPayloadAdapter = moshi.adapter(MoshiPayloadAdapter.EncryptedPayload::class.java)
+    private val encryptedPayloadAdapter = moshi.adapter(EncryptedPayload::class.java)
 
     override fun encrypt(unencryptedPayloadJson: String, key: String): String {
         val bytesData = unencryptedPayloadJson.toByteArray()
@@ -45,7 +47,7 @@ class MoshiPayloadEncryption(moshi: Moshi) : Session.PayloadEncryption {
         hmac.doFinal(hmacResult, 0)
 
         return encryptedPayloadAdapter.toJson(
-            MoshiPayloadAdapter.EncryptedPayload(
+            EncryptedPayload(
                 outBuf.toNoPrefixHexString(),
                 hmac = hmacResult.toNoPrefixHexString(),
                 iv = iv.toNoPrefixHexString()
@@ -56,20 +58,34 @@ class MoshiPayloadEncryption(moshi: Moshi) : Session.PayloadEncryption {
     override fun decrypt(encryptedPayloadJson: String, key: String): String {
         val encryptedPayload = encryptedPayloadAdapter.fromJson(encryptedPayloadJson) ?: throw IllegalArgumentException("Invalid json payload!")
 
-        // TODO verify hmac
+        val hexKey = decode(key)
+        val iv = decode(encryptedPayload.iv)
+        val encryptedData = decode(encryptedPayload.data)
+        val providedHmac = decode(encryptedPayload.hmac)
+
+        // verify hmac
+        with(HMac(SHA256Digest())) {
+            val hmacResult = ByteArray(macSize)
+            init(KeyParameter(hexKey))
+            update(encryptedData, 0, encryptedData.size)
+            update(iv, 0, iv.size)
+            doFinal(hmacResult, 0)
 
+            require(hmacResult.contentEquals(providedHmac)) { "HMAC does not match - expected: $hmacResult received: $providedHmac" }
+        }
+
+        // decrypt payload
         val padding = PKCS7Padding()
         val aes = PaddedBufferedBlockCipher(
             CBCBlockCipher(AESEngine()),
             padding
         )
         val ivAndKey = ParametersWithIV(
-            KeyParameter(decode(key)),
-            decode(encryptedPayload.iv)
+            KeyParameter(hexKey),
+            iv
         )
         aes.init(false, ivAndKey)
 
-        val encryptedData = decode(encryptedPayload.data)
         val minSize = aes.getOutputSize(encryptedData.size)
         val outBuf = ByteArray(minSize)
         var len = aes.processBytes(encryptedData, 0, encryptedData.size, outBuf, 0)
@@ -79,4 +95,11 @@ class MoshiPayloadEncryption(moshi: Moshi) : Session.PayloadEncryption {
     }
 
     private fun createRandomBytes(i: Int) = ByteArray(i).also { SecureRandom().nextBytes(it) }
-}
+}
+
+@JsonClass(generateAdapter = true)
+data class EncryptedPayload(
+    @Json(name = "data") val data: String,
+    @Json(name = "iv") val iv: String,
+    @Json(name = "hmac") val hmac: String
+)
diff --git a/lib/src/main/kotlin/org/walletconnect/impls/WCSession.kt b/lib/src/main/kotlin/org/walletconnect/impls/WCSession.kt
@@ -13,7 +13,7 @@ class WCSession(
     private val payloadAdapter: Session.PayloadAdapter,
     private val payloadEncryption: Session.PayloadEncryption,
     private val sessionStore: WCSessionStore,
-    private val messageLogger: Session.MessageLogger,
+    private val messageLogger: Session.MessageLogger? = null,
     transportBuilder: Session.Transport.Builder,
     clientMeta: Session.PeerMeta,
     clientId: String? = null
@@ -97,7 +97,7 @@ class WCSession(
                 config.handshakeTopic, "sub", ""
             )
             transport.send(message)
-            messageLogger.log(message, isOwnMessage = true)
+            messageLogger?.log(message, isOwnMessage = true)
         }
     }
 
@@ -173,7 +173,7 @@ class WCSession(
                     clientData.id, "sub", ""
                 )
                 transport.send(message)
-                messageLogger.log(message, isOwnMessage = true)
+                messageLogger?.log(message, isOwnMessage = true)
             }
             Session.Transport.Status.Disconnected -> {
                 // no-op
@@ -198,7 +198,7 @@ class WCSession(
             try {
                 val decryptedPayload = payloadEncryption.decrypt(message.payload, decryptionKey)
                 data = payloadAdapter.parse(decryptedPayload)
-                messageLogger.log(message.copy(payload = decryptedPayload), isOwnMessage = false)
+                messageLogger?.log(message.copy(payload = decryptedPayload), isOwnMessage = false)
             } catch (e: Exception) {
                 handlePayloadError(e)
                 return
@@ -299,7 +299,7 @@ class WCSession(
         }
         val message = Session.Transport.Message(topic, "pub", payload)
         transport.send(message)
-        messageLogger.log(message.copy(payload = unencryptedPayload), isOwnMessage = true)
+        messageLogger?.log(message.copy(payload = unencryptedPayload), isOwnMessage = true)
         return true
     }
 
diff --git a/lib/src/test/java/org/walletconnect/TheUriParser.kt b/lib/src/test/java/org/walletconnect/TheUriParser.kt
@@ -1,15 +1,7 @@
 package org.walletconnect
 
-import com.squareup.moshi.Moshi
-import okhttp3.OkHttpClient
 import org.assertj.core.api.Assertions.assertThat
-import org.junit.Test
-import org.walletconnect.impls.FileWCSessionStore
-import org.walletconnect.impls.MoshiPayloadAdapter
-import org.walletconnect.impls.OkHttpTransport
-import org.walletconnect.impls.WCSession
-import java.io.File
-import java.util.concurrent.TimeUnit
+import org.junit.jupiter.api.Test
 
 class TheUriParser {
 
diff --git a/lib/src/test/java/org/walletconnect/WalletConnectBridgeRepositoryIntegrationTest.kt b/lib/src/test/java/org/walletconnect/WalletConnectBridgeRepositoryIntegrationTest.kt
@@ -2,9 +2,9 @@ package org.walletconnect
 
 import com.squareup.moshi.Moshi
 import okhttp3.OkHttpClient
-import org.junit.Test
 import org.walletconnect.impls.FileWCSessionStore
 import org.walletconnect.impls.MoshiPayloadAdapter
+import org.walletconnect.impls.MoshiPayloadEncryption
 import org.walletconnect.impls.OkHttpTransport
 import org.walletconnect.impls.WCSession
 import java.io.File
@@ -27,11 +27,12 @@ class WalletConnectBridgeRepositoryIntegrationTest {
 
         val config = Session.Config.fromWCUri(uri).toFullyQualifiedConfig()
         val session = WCSession(
-            config,
-            MoshiPayloadAdapter(moshi),
-            sessionStore,
-            OkHttpTransport.Builder(client, moshi),
-            Session.PeerMeta(name = "WC Unit Test")
+            config = config,
+            payloadAdapter = MoshiPayloadAdapter(moshi),
+            payloadEncryption = MoshiPayloadEncryption(moshi),
+            sessionStore = sessionStore,
+            transportBuilder = OkHttpTransport.Builder(client, moshi),
+            clientMeta = Session.PeerMeta(name = "WC Unit Test"),
         )
 
         session.addCallback(object : Session.Callback {
diff --git a/lib/src/test/java/org/walletconnect/impls/MoshiPayloadEncryptionTest.kt b/lib/src/test/java/org/walletconnect/impls/MoshiPayloadEncryptionTest.kt
@@ -0,0 +1,96 @@
+package org.walletconnect.impls
+
+import com.squareup.moshi.Moshi
+import org.assertj.core.api.Assertions.assertThat
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
+import java.security.SecureRandom
+
+class MoshiPayloadEncryptionTest {
+
+    private val moshi = Moshi.Builder().build()
+    private val payloadEncryption = MoshiPayloadEncryption(Moshi.Builder().build())
+    private val encryptedPayloadAdapter = moshi.adapter(EncryptedPayload::class.java)
+
+    @Test
+    fun `happy path encryption + decryption`() {
+        val key = generateKey()
+        val payloadJson =
+            """
+                {
+                    "id" : 123456,
+                    "method" : "wc_sessionRequest",
+                }
+            """.trimIndent()
+        val encryptedPayload = payloadEncryption.encrypt(payloadJson, key)
+
+        val result = payloadEncryption.decrypt(encryptedPayload, key)
+
+        assertThat(result).isEqualTo(payloadJson)
+    }
+
+    @Test
+    fun `invalid hmac throws exception`() {
+        val key = generateKey()
+        // this is the original payload
+        val payloadJson =
+            """
+                {
+                    "id" : 123456,
+                    "method" : "wc_sessionRequest",
+                }
+            """.trimIndent()
+        val mutatedPayload = with(encryptedPayloadAdapter.fromJson(payloadEncryption.encrypt(payloadJson, key))) {
+            requireNotNull(this)
+            encryptedPayloadAdapter.toJson(copy(hmac = hmac.dropLast(4)+"1234"))
+        }
+
+        assertThrows<IllegalArgumentException> {
+            payloadEncryption.decrypt(mutatedPayload, key)
+        }
+    }
+
+    @Test
+    fun `invalid iv throws exception`() {
+        val key = generateKey()
+        // this is the original payload
+        val payloadJson =
+            """
+                {
+                    "id" : 123456,
+                    "method" : "wc_sessionRequest",
+                }
+            """.trimIndent()
+        val mutatedPayload = with(encryptedPayloadAdapter.fromJson(payloadEncryption.encrypt(payloadJson, key))) {
+            requireNotNull(this)
+            encryptedPayloadAdapter.toJson(copy(iv = iv.dropLast(4)+"1234"))
+        }
+
+        assertThrows<IllegalArgumentException> {
+            payloadEncryption.decrypt(mutatedPayload, key)
+        }
+    }
+
+    @Test
+    fun `invalid data throws exception`() {
+        val key = generateKey()
+        // this is the original payload
+        val payloadJson =
+            """
+                {
+                    "id" : 123456,
+                    "method" : "wc_sessionRequest",
+                }
+            """.trimIndent()
+        val mutatedPayload = with(encryptedPayloadAdapter.fromJson(payloadEncryption.encrypt(payloadJson, key))) {
+            requireNotNull(this)
+            encryptedPayloadAdapter.toJson(copy(data = data.dropLast(4)+"1234"))
+        }
+
+        assertThrows<IllegalArgumentException> {
+            payloadEncryption.decrypt(mutatedPayload, key)
+        }
+    }
+
+    private fun generateKey() = ByteArray(32).also { SecureRandom().nextBytes(it) }.joinToString(separator = "") { "%02x".format(it) }
+}

Original file line number	Diff line number	Diff line change
`@@ -155,11 +155,4 @@ class MoshiPayloadAdapter(moshi: Moshi) : Session.PayloadAdapter {`
`155`	`155`	`"method" to method,`
`156`	`156`	`"params" to params`
`157`	`157`	`)`
`158`		`-`
`159`		`- @JsonClass(generateAdapter = true)`
`160`		`- data class EncryptedPayload(`
`161`		`- @Json(name = "data") val data: String,`
`162`		`- @Json(name = "iv") val iv: String,`
`163`		`- @Json(name = "hmac") val hmac: String`
`164`		`- )`
`165`	`158`	`}`
Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@ class WCSession(`
`13`	`13`	`private val payloadAdapter: Session.PayloadAdapter,`
`14`	`14`	`private val payloadEncryption: Session.PayloadEncryption,`
`15`	`15`	`private val sessionStore: WCSessionStore,`
`16`		`- private val messageLogger: Session.MessageLogger,`
	`16`	`+ private val messageLogger: Session.MessageLogger? = null,`
`17`	`17`	`transportBuilder: Session.Transport.Builder,`
`18`	`18`	`clientMeta: Session.PeerMeta,`
`19`	`19`	`clientId: String? = null`
`@@ -97,7 +97,7 @@ class WCSession(`
`97`	`97`	`config.handshakeTopic, "sub", ""`
`98`	`98`	`)`
`99`	`99`	`transport.send(message)`
`100`		`- messageLogger.log(message, isOwnMessage = true)`
	`100`	`+ messageLogger?.log(message, isOwnMessage = true)`
`101`	`101`	`}`
`102`	`102`	`}`
`103`	`103`
`@@ -173,7 +173,7 @@ class WCSession(`
`173`	`173`	`clientData.id, "sub", ""`
`174`	`174`	`)`
`175`	`175`	`transport.send(message)`
`176`		`- messageLogger.log(message, isOwnMessage = true)`
	`176`	`+ messageLogger?.log(message, isOwnMessage = true)`
`177`	`177`	`}`
`178`	`178`	`Session.Transport.Status.Disconnected -> {`
`179`	`179`	`// no-op`
`@@ -198,7 +198,7 @@ class WCSession(`
`198`	`198`	`try {`
`199`	`199`	`val decryptedPayload = payloadEncryption.decrypt(message.payload, decryptionKey)`
`200`	`200`	`data = payloadAdapter.parse(decryptedPayload)`
`201`		`- messageLogger.log(message.copy(payload = decryptedPayload), isOwnMessage = false)`
	`201`	`+ messageLogger?.log(message.copy(payload = decryptedPayload), isOwnMessage = false)`
`202`	`202`	`} catch (e: Exception) {`
`203`	`203`	`handlePayloadError(e)`
`204`	`204`	`return`
`@@ -299,7 +299,7 @@ class WCSession(`
`299`	`299`	`}`
`300`	`300`	`val message = Session.Transport.Message(topic, "pub", payload)`
`301`	`301`	`transport.send(message)`
`302`		`- messageLogger.log(message.copy(payload = unencryptedPayload), isOwnMessage = true)`
	`302`	`+ messageLogger?.log(message.copy(payload = unencryptedPayload), isOwnMessage = true)`
`303`	`303`	`return true`
`304`	`304`	`}`
`305`	`305`