validate: Fix account signature check and device signature generation

This commit is contained in:
Rajeh Taher
2025-09-28 19:20:14 +03:00
parent 357ef1e599
commit 096994b927
+10 -8
View File
@@ -146,32 +146,34 @@ export const configureSuccessfulPairing = (
proto.ADVSignedDeviceIdentityHMAC,
deviceIdentityNode.content as Buffer
)
const isHostedAccount = accountType !== undefined && accountType === proto.ADVEncryptionType.HOSTED
const accountPrefix = isHostedAccount ? WA_ADV_HOSTED_ACCOUNT_SIG_PREFIX : Buffer.from([])
let hmacPrefix = Buffer.from([])
if (accountType !== undefined && accountType === proto.ADVEncryptionType.HOSTED) {
hmacPrefix = WA_ADV_HOSTED_ACCOUNT_SIG_PREFIX
}
const advSign = hmacSign(Buffer.concat([accountPrefix, details]), Buffer.from(advSecretKey, 'base64'))
const advSign = hmacSign(Buffer.concat([hmacPrefix, details]), Buffer.from(advSecretKey, 'base64'))
if (Buffer.compare(hmac, advSign) !== 0) {
throw new Boom('Invalid account signature')
}
const account = decodeAndHydrate(proto.ADVSignedDeviceIdentity, details)
const { accountSignatureKey, accountSignature, details: deviceDetails } = account
const accountSignaturePrefix = isHostedAccount ? WA_ADV_HOSTED_ACCOUNT_SIG_PREFIX : WA_ADV_ACCOUNT_SIG_PREFIX
const deviceIdentity = decodeAndHydrate(proto.ADVDeviceIdentity, deviceDetails)
const accountSignaturePrefix = deviceIdentity.deviceType == proto.ADVEncryptionType.HOSTED ? WA_ADV_HOSTED_ACCOUNT_SIG_PREFIX : WA_ADV_ACCOUNT_SIG_PREFIX
const accountMsg = Buffer.concat([accountSignaturePrefix, deviceDetails, signedIdentityKey.public])
if (!Curve.verify(accountSignatureKey, accountMsg, accountSignature)) {
throw new Boom('Failed to verify account signature')
}
const devicePrefix = isHostedAccount ? WA_ADV_HOSTED_DEVICE_SIG_PREFIX : WA_ADV_DEVICE_SIG_PREFIX
const deviceMsg = Buffer.concat([devicePrefix, deviceDetails, signedIdentityKey.public, accountSignatureKey])
const deviceMsg = Buffer.concat([WA_ADV_DEVICE_SIG_PREFIX, deviceDetails, signedIdentityKey.public, accountSignatureKey])
account.deviceSignature = Curve.sign(signedIdentityKey.private, deviceMsg)
const identity = createSignalIdentity(lid!, accountSignatureKey)
const accountEnc = encodeSignedDeviceIdentity(account, false)
const deviceIdentity = decodeAndHydrate(proto.ADVDeviceIdentity, account.details)
const reply: BinaryNode = {
tag: 'iq',
attrs: {