Encrypt rust database

This commit is contained in:
valere 2023-01-27 14:05:16 +01:00
parent 0e47a441e1
commit 2a5768dd60
4 changed files with 42 additions and 4 deletions

View file

@ -44,6 +44,7 @@ import org.matrix.android.sdk.api.session.permalinks.PermalinkService
import org.matrix.android.sdk.api.session.securestorage.SharedSecretStorageService
import org.matrix.android.sdk.api.session.typing.TypingUsersTracker
import org.matrix.android.sdk.api.util.md5
import org.matrix.android.sdk.internal.crypto.RustEncryptionConfiguration
import org.matrix.android.sdk.internal.crypto.secrets.DefaultSharedSecretStorageService
import org.matrix.android.sdk.internal.crypto.tasks.DefaultRedactEventTask
import org.matrix.android.sdk.internal.crypto.tasks.RedactEventTask
@ -189,11 +190,12 @@ internal abstract class SessionModule {
fun providesRustCryptoFilesDir(
@SessionFilesDirectory parent: File,
@CryptoDatabase realmConfiguration: RealmConfiguration,
rustEncryptionConfiguration: RustEncryptionConfiguration,
): File {
val target = File(parent, "rustFlavor")
val file: File
measureTimeMillis {
file = MigrateEAtoEROperation().execute(realmConfiguration, target)
file = MigrateEAtoEROperation().execute(realmConfiguration, target, rustEncryptionConfiguration.getDatabasePassphrase())
}.let { duration ->
Timber.v("Migrating to ER in $duration ms")
}

View file

@ -130,12 +130,13 @@ internal class OlmMachine @Inject constructor(
private val ensureUsersKeys: EnsureUsersKeysUseCase,
private val matrixConfiguration: MatrixConfiguration,
private val megolmSessionImportManager: MegolmSessionImportManager,
private val rustEncryptionConfiguration: RustEncryptionConfiguration,
) {
private val inner: InnerMachine
init {
inner = InnerMachine(userId, deviceId, path.toString(), null)
inner = InnerMachine(userId, deviceId, path.toString(), rustEncryptionConfiguration.getDatabasePassphrase())
}
private val flowCollectors = FlowCollectors()

View file

@ -0,0 +1,35 @@
/*
* Copyright 2023 The Matrix.org Foundation C.I.C.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.matrix.android.sdk.internal.crypto
import org.matrix.android.sdk.api.util.toBase64NoPadding
import org.matrix.android.sdk.internal.database.RealmKeysUtils
import org.matrix.android.sdk.internal.di.UserMd5
import org.matrix.android.sdk.internal.session.SessionScope
import javax.inject.Inject
@SessionScope
internal class RustEncryptionConfiguration @Inject constructor(
@UserMd5 private val userMd5: String,
private val realmKeyUtil: RealmKeysUtils,
) {
fun getDatabasePassphrase(): String {
// let's reuse the code for realm that creates a random 64 bytes array.
return realmKeyUtil.getRealmEncryptionKey("crypto_module_rust_$userMd5").toBase64NoPadding()
}
}

View file

@ -25,7 +25,7 @@ import java.io.File
class MigrateEAtoEROperation {
fun execute(cryptoRealm: RealmConfiguration, rustFilesDir: File): File {
fun execute(cryptoRealm: RealmConfiguration, rustFilesDir: File, passphrase: String?): File {
// Temporary code for migration
if (!rustFilesDir.exists()) {
rustFilesDir.mkdir()
@ -43,7 +43,7 @@ class MigrateEAtoEROperation {
Realm.getInstance(cryptoRealm).use { realm ->
extractMigrationData.extractData(realm) {
org.matrix.rustcomponents.sdk.crypto.migrate(it, rustFilesDir.path, null, progressListener)
org.matrix.rustcomponents.sdk.crypto.migrate(it, rustFilesDir.path, passphrase, progressListener)
}
}
} catch (failure: Throwable) {