Merge pull request #1175 from vector-im/feature/fix_ssss_symetric_get_secret

Fixes #1174
This commit is contained in:
Valere 2020-03-26 10:34:49 +01:00 committed by GitHub
commit 638970fa77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 12 deletions

View File

@ -9,6 +9,7 @@ Improvements 🙌:
Bugfix 🐛: Bugfix 🐛:
- Missing avatar/displayname after verification request message (#841) - Missing avatar/displayname after verification request message (#841)
- RiotX can't restore cross signing keys saved by web in SSSS (#1174)
Translations 🗣: Translations 🗣:
- -

View File

@ -272,7 +272,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
val ivParameterSpec = IvParameterSpec(iv) val ivParameterSpec = IvParameterSpec(iv)
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec) cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
// secret are not that big, just do Final // secret are not that big, just do Final
val cipherBytes = cipher.doFinal(clearDataBase64.fromBase64()) val cipherBytes = cipher.doFinal(clearDataBase64.toByteArray())
require(cipherBytes.isNotEmpty()) require(cipherBytes.isNotEmpty())
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256") val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
@ -303,6 +303,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText
// Check Signature
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
val digest = mac.doFinal(cipherRawBytes)
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
throw SharedSecretStorageError.BadMac
}
val cipher = Cipher.getInstance("AES/CTR/NoPadding") val cipher = Cipher.getInstance("AES/CTR/NoPadding")
val secretKeySpec = SecretKeySpec(aesKey, "AES") val secretKeySpec = SecretKeySpec(aesKey, "AES")
@ -313,17 +322,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
require(decryptedSecret.isNotEmpty()) require(decryptedSecret.isNotEmpty())
// Check Signature return String(decryptedSecret, Charsets.UTF_8)
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
val digest = mac.doFinal(cipherRawBytes)
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
throw SharedSecretStorageError.BadMac
} else {
// we are good
return decryptedSecret.toBase64NoPadding()
}
} }
override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> { override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {