Encrypt data for the content scanner using PkEncryption from the Rust SDK.

This commit is contained in:
Benoit Marty 2024-09-11 11:34:16 +02:00
parent fc68f1cb66
commit 355621b0c7
3 changed files with 13 additions and 48 deletions

View file

@ -16,7 +16,6 @@
package org.matrix.android.sdk.internal.session.contentscanner
import okio.ByteString.Companion.decodeBase64
import org.amshove.kluent.shouldBe
import org.amshove.kluent.shouldBeEqualTo
import org.amshove.kluent.shouldNotBe
@ -24,11 +23,7 @@ import org.junit.Test
import org.matrix.android.sdk.api.session.crypto.attachments.ElementToDecrypt
import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileInfo
import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileKey
import org.matrix.android.sdk.internal.crypto.tools.withOlmDecryption
import org.matrix.android.sdk.internal.di.MoshiProvider
import org.matrix.android.sdk.internal.session.contentscanner.model.DownloadBody
import org.matrix.android.sdk.internal.session.contentscanner.model.EncryptedBody
import org.matrix.olm.OlmPkMessage
class ScanEncryptorUtilsTest {
private val anMxcUrl = "mxc://matrix.org/123456"
@ -67,7 +62,6 @@ class ScanEncryptorUtilsTest {
@Test
fun whenServerKeyIsProvidedTheContentIsEncrypted() {
System.loadLibrary("olm")
val result = ScanEncryptorUtils.getDownloadBodyAndEncryptIfNeeded(
publicServerKey = aPublicKey,
mxcUrl = anMxcUrl,
@ -78,6 +72,8 @@ class ScanEncryptorUtilsTest {
result.encryptedBody shouldNotBe null
}
// Note: PkDecryption is not exposed in the FFI layer, so we cannot use this test.
/*
@Test
fun checkThatTheCodeIsAbleToDecryptContent() {
System.loadLibrary("olm")
@ -121,4 +117,5 @@ class ScanEncryptorUtilsTest {
.fromJson(result)
parseResult shouldBeEqualTo clearInfo
}
*/
}

View file

@ -1,25 +0,0 @@
/*
* Copyright 2020 The Matrix.org Foundation C.I.C.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.matrix.android.sdk.internal.crypto.tools
// TODO BMA
data object OlmPkEncryption
internal fun <T> withOlmEncryption(block: (OlmPkEncryption) -> T): T {
val olmPkEncryption = OlmPkEncryption
return block(olmPkEncryption)
}

View file

@ -19,10 +19,10 @@ package org.matrix.android.sdk.internal.session.contentscanner
import org.matrix.android.sdk.api.session.crypto.attachments.ElementToDecrypt
import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileInfo
import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileKey
import org.matrix.android.sdk.internal.crypto.tools.withOlmEncryption
import org.matrix.android.sdk.internal.session.contentscanner.model.DownloadBody
import org.matrix.android.sdk.internal.session.contentscanner.model.EncryptedBody
import org.matrix.android.sdk.internal.session.contentscanner.model.toCanonicalJson
import org.matrix.rustcomponents.sdk.crypto.PkEncryption
internal object ScanEncryptorUtils {
@ -43,22 +43,15 @@ internal object ScanEncryptorUtils {
v = "v2"
)
return if (publicServerKey != null) {
// We should encrypt
withOlmEncryption { //olm ->
// TODO BMA
error("Not supported anymore")
/*
olm.setRecipientKey(publicServerKey)
val olmResult = olm.encrypt(DownloadBody(encryptedInfo).toCanonicalJson())
DownloadBody(
encryptedBody = EncryptedBody(
cipherText = olmResult.mCipherText,
ephemeral = olmResult.mEphemeralKey,
mac = olmResult.mMac
)
)
*/
}
val pkEncryption = PkEncryption.fromBase64(key = publicServerKey)
val pkMessage = pkEncryption.encrypt(DownloadBody(encryptedInfo).toCanonicalJson())
DownloadBody(
encryptedBody = EncryptedBody(
cipherText = pkMessage.ciphertext,
ephemeral = pkMessage.ephemeralKey,
mac = pkMessage.mac
)
)
} else {
DownloadBody(encryptedInfo)
}