mirror of
https://github.com/vector-im/element-android.git
synced 2024-11-16 02:05:06 +08:00
Merge pull request #1175 from vector-im/feature/fix_ssss_symetric_get_secret
Fixes #1174
This commit is contained in:
commit
638970fa77
@ -9,6 +9,7 @@ Improvements 🙌:
|
|||||||
|
|
||||||
Bugfix 🐛:
|
Bugfix 🐛:
|
||||||
- Missing avatar/displayname after verification request message (#841)
|
- Missing avatar/displayname after verification request message (#841)
|
||||||
|
- RiotX can't restore cross signing keys saved by web in SSSS (#1174)
|
||||||
|
|
||||||
Translations 🗣:
|
Translations 🗣:
|
||||||
-
|
-
|
||||||
|
@ -272,7 +272,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||||||
val ivParameterSpec = IvParameterSpec(iv)
|
val ivParameterSpec = IvParameterSpec(iv)
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
|
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
|
||||||
// secret are not that big, just do Final
|
// secret are not that big, just do Final
|
||||||
val cipherBytes = cipher.doFinal(clearDataBase64.fromBase64())
|
val cipherBytes = cipher.doFinal(clearDataBase64.toByteArray())
|
||||||
require(cipherBytes.isNotEmpty())
|
require(cipherBytes.isNotEmpty())
|
||||||
|
|
||||||
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
||||||
@ -303,6 +303,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||||||
|
|
||||||
val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText
|
val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText
|
||||||
|
|
||||||
|
// Check Signature
|
||||||
|
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
||||||
|
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
|
||||||
|
val digest = mac.doFinal(cipherRawBytes)
|
||||||
|
|
||||||
|
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
|
||||||
|
throw SharedSecretStorageError.BadMac
|
||||||
|
}
|
||||||
|
|
||||||
val cipher = Cipher.getInstance("AES/CTR/NoPadding")
|
val cipher = Cipher.getInstance("AES/CTR/NoPadding")
|
||||||
|
|
||||||
val secretKeySpec = SecretKeySpec(aesKey, "AES")
|
val secretKeySpec = SecretKeySpec(aesKey, "AES")
|
||||||
@ -313,17 +322,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||||||
|
|
||||||
require(decryptedSecret.isNotEmpty())
|
require(decryptedSecret.isNotEmpty())
|
||||||
|
|
||||||
// Check Signature
|
return String(decryptedSecret, Charsets.UTF_8)
|
||||||
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
|
||||||
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
|
|
||||||
val digest = mac.doFinal(cipherRawBytes)
|
|
||||||
|
|
||||||
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
|
|
||||||
throw SharedSecretStorageError.BadMac
|
|
||||||
} else {
|
|
||||||
// we are good
|
|
||||||
return decryptedSecret.toBase64NoPadding()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {
|
override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {
|
||||||
|
Loading…
Reference in New Issue
Block a user