Merge branch 'develop' into feature/ensure_olm_account_unicity
This commit is contained in:
commit
6721f337bd
|
@ -11,6 +11,7 @@ Improvements 🙌:
|
||||||
Bugfix 🐛:
|
Bugfix 🐛:
|
||||||
- Missing avatar/displayname after verification request message (#841)
|
- Missing avatar/displayname after verification request message (#841)
|
||||||
- Crypto | RiotX sometimes rotate the current device keys (#1170)
|
- Crypto | RiotX sometimes rotate the current device keys (#1170)
|
||||||
|
- RiotX can't restore cross signing keys saved by web in SSSS (#1174)
|
||||||
|
|
||||||
Translations 🗣:
|
Translations 🗣:
|
||||||
-
|
-
|
||||||
|
|
|
@ -272,7 +272,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
||||||
val ivParameterSpec = IvParameterSpec(iv)
|
val ivParameterSpec = IvParameterSpec(iv)
|
||||||
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
|
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec)
|
||||||
// secret are not that big, just do Final
|
// secret are not that big, just do Final
|
||||||
val cipherBytes = cipher.doFinal(clearDataBase64.fromBase64())
|
val cipherBytes = cipher.doFinal(clearDataBase64.toByteArray())
|
||||||
require(cipherBytes.isNotEmpty())
|
require(cipherBytes.isNotEmpty())
|
||||||
|
|
||||||
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
||||||
|
@ -303,6 +303,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
||||||
|
|
||||||
val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText
|
val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText
|
||||||
|
|
||||||
|
// Check Signature
|
||||||
|
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
||||||
|
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
|
||||||
|
val digest = mac.doFinal(cipherRawBytes)
|
||||||
|
|
||||||
|
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
|
||||||
|
throw SharedSecretStorageError.BadMac
|
||||||
|
}
|
||||||
|
|
||||||
val cipher = Cipher.getInstance("AES/CTR/NoPadding")
|
val cipher = Cipher.getInstance("AES/CTR/NoPadding")
|
||||||
|
|
||||||
val secretKeySpec = SecretKeySpec(aesKey, "AES")
|
val secretKeySpec = SecretKeySpec(aesKey, "AES")
|
||||||
|
@ -313,17 +322,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
||||||
|
|
||||||
require(decryptedSecret.isNotEmpty())
|
require(decryptedSecret.isNotEmpty())
|
||||||
|
|
||||||
// Check Signature
|
return String(decryptedSecret, Charsets.UTF_8)
|
||||||
val macKeySpec = SecretKeySpec(macKey, "HmacSHA256")
|
|
||||||
val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) }
|
|
||||||
val digest = mac.doFinal(cipherRawBytes)
|
|
||||||
|
|
||||||
if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) {
|
|
||||||
throw SharedSecretStorageError.BadMac
|
|
||||||
} else {
|
|
||||||
// we are good
|
|
||||||
return decryptedSecret.toBase64NoPadding()
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {
|
override fun getAlgorithmsForSecret(name: String): List<KeyInfoResult> {
|
||||||
|
|
Loading…
Reference in New Issue