Threema::Receive::File Bytesize never matches on iOS
Closed this issue · 1 comments
Ok, so we're running into one of those wonderful errors.
This line here errors out on iOS but does not fail on Android. On iOS the download.bytesize
is consistently larger than structure['s']
by 16 (bytes).
Here are our devices:
OS | Threema | Result |
---|---|---|
Android 10 | v4.5 | Success |
iOS 14.3 | 4.6.5 (2604) | Error |
iOS 12.5.1 | 4.6.5 (2605) | Error |
The error is the same on mobile app or a connected Threema web app.
When I do a git blame on the line, the commit message tells me Initial commit.
See here: https://github.com/thorsteneckel/threema/blame/master/lib/threema/receive/file.rb#L19
There is a test case for the behaviour. The test case description, however, does not explain why the check is necessary: https://github.com/thorsteneckel/threema/blob/master/spec/threema/receive/file_spec.rb#L70
-
Does this ring a bell?
-
Can you explain us, what might happen if this if-clause wouldn't be there? Man-in-the-middle because the file size of the incoming message is used as some sort of signature?
@mattwr18 had a quick look into the iOS and Android implementations. There is something about padding of 16 bytes but it's not 100% clear (the "authenticator"? - why is it different for Android/iOS?) to me what it is and what's the best way how the gem threema
should treat the file size difference.
https://github.com/threema-ch/threema-ios/blob/main/NaClCrypto/NaClCrypto.h#L26