diff --git a/CHANGES.md b/CHANGES.md index 6f8b8ead15..3bdf495ecb 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -9,6 +9,7 @@ Improvements 🙌: Bugfix 🐛: - Missing avatar/displayname after verification request message (#841) + - RiotX can't restore cross signing keys saved by web in SSSS (#1174) Translations 🗣: - diff --git a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt index 1bd55dd35d..42f72a0a33 100644 --- a/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt +++ b/matrix-sdk-android/src/main/java/im/vector/matrix/android/internal/crypto/secrets/DefaultSharedSecretStorageService.kt @@ -272,7 +272,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor( val ivParameterSpec = IvParameterSpec(iv) cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec) // secret are not that big, just do Final - val cipherBytes = cipher.doFinal(clearDataBase64.fromBase64()) + val cipherBytes = cipher.doFinal(clearDataBase64.toByteArray()) require(cipherBytes.isNotEmpty()) val macKeySpec = SecretKeySpec(macKey, "HmacSHA256") @@ -303,6 +303,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor( val cipherRawBytes = cipherContent.ciphertext?.fromBase64() ?: throw SharedSecretStorageError.BadCipherText + // Check Signature + val macKeySpec = SecretKeySpec(macKey, "HmacSHA256") + val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) } + val digest = mac.doFinal(cipherRawBytes) + + if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) { + throw SharedSecretStorageError.BadMac + } + val cipher = Cipher.getInstance("AES/CTR/NoPadding") val secretKeySpec = SecretKeySpec(aesKey, "AES") @@ -313,17 +322,7 @@ internal class DefaultSharedSecretStorageService @Inject constructor( require(decryptedSecret.isNotEmpty()) - // Check Signature - val macKeySpec = SecretKeySpec(macKey, "HmacSHA256") - val mac = Mac.getInstance("HmacSHA256").apply { init(macKeySpec) } - val digest = mac.doFinal(cipherRawBytes) - - if (!cipherContent.mac?.fromBase64()?.contentEquals(digest).orFalse()) { - throw SharedSecretStorageError.BadMac - } else { - // we are good - return decryptedSecret.toBase64NoPadding() - } + return String(decryptedSecret, Charsets.UTF_8) } override fun getAlgorithmsForSecret(name: String): List {