Merge branch 'develop' into feature/ensure_olm_account_unicity

2024-11-15 01:35:07 +08:00 · 2020-03-26 12:11:00 +01:00 · 2020-03-26 12:11:00 +01:00 · 6721f337bd
commit 6721f337bd
parent 19990b27bb 535cdf0ef5
2 changed files with 12 additions and 12 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -11,6 +11,7 @@ Improvements 🙌:
 Bugfix 🐛:
 - Missing avatar/displayname after verification request message (#841)
 - Crypto | RiotX sometimes rotate the current device keys (#1170)
+ - RiotX can't restore cross signing keys saved by web in SSSS (#1174)

 Translations 🗣:
 -
--- a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt
+++ b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt
@ -272,7 +272,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
        val ivParameterSpec = IvParameterSpec(iv)
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
        // secret are not that big, just do Final
-        val cipherBytes = cipher.doFinal(clearDataBase64.fromBase64())
+        val cipherBytes = cipher.doFinal(clearDataBase64.toByteArray())
        require(cipherBytes.isNotEmpty())

        val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
@ -303,6 +303,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(

        val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText

+        // Check Signature
+        val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
+        val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
+        val digest = mac.doFinal(cipherRawBytes)
+
+        if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
+            throw SharedSecretStorageError.BadMac
+        }
+
        val cipher = Cipher.getInstance("AES/CTR/NoPadding")

        val secretKeySpec = SecretKeySpec(aesKey, "AES")
@ -313,17 +322,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(

        require(decryptedSecret.isNotEmpty())

-        // Check Signature
-        val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
-        val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
-        val digest = mac.doFinal(cipherRawBytes)
-
-        if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
-            throw SharedSecretStorageError.BadMac
-        } else {
-            // we are good
-            return decryptedSecret.toBase64NoPadding()
-        }
+        return String(decryptedSecret, Charsets.UTF_8)
    }

    override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {