mirror of
https://github.com/element-hq/element-android
synced 2024-11-28 05:31:21 +03:00
Convert SharedSecretStorageService to suspend functions
Signed-off-by: Dominic Fischer <dominicfischer7@gmail.com>
This commit is contained in:
parent
2045a164c1
commit
b70585016c
6 changed files with 227 additions and 329 deletions
|
@ -19,7 +19,6 @@ package org.matrix.android.sdk.internal.crypto.ssss
|
|||
import androidx.lifecycle.Observer
|
||||
import androidx.test.ext.junit.runners.AndroidJUnit4
|
||||
import org.matrix.android.sdk.InstrumentedTest
|
||||
import org.matrix.android.sdk.api.MatrixCallback
|
||||
import org.matrix.android.sdk.api.session.Session
|
||||
import org.matrix.android.sdk.api.session.securestorage.EncryptedSecretContent
|
||||
import org.matrix.android.sdk.api.session.securestorage.KeySigner
|
||||
|
@ -31,7 +30,6 @@ import org.matrix.android.sdk.api.util.Optional
|
|||
import org.matrix.android.sdk.common.CommonTestHelper
|
||||
import org.matrix.android.sdk.common.SessionTestParams
|
||||
import org.matrix.android.sdk.common.TestConstants
|
||||
import org.matrix.android.sdk.common.TestMatrixCallback
|
||||
import org.matrix.android.sdk.internal.crypto.SSSS_ALGORITHM_AES_HMAC_SHA2
|
||||
import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding
|
||||
import org.matrix.android.sdk.internal.crypto.secrets.DefaultSharedSecretStorageService
|
||||
|
@ -40,7 +38,6 @@ import kotlinx.coroutines.Dispatchers
|
|||
import kotlinx.coroutines.GlobalScope
|
||||
import kotlinx.coroutines.launch
|
||||
import kotlinx.coroutines.runBlocking
|
||||
import org.amshove.kluent.shouldBe
|
||||
import org.junit.Assert.assertEquals
|
||||
import org.junit.Assert.assertNotNull
|
||||
import org.junit.Assert.assertNull
|
||||
|
@ -70,8 +67,8 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
val TEST_KEY_ID = "my.test.Key"
|
||||
|
||||
mTestHelper.doSync<SsssKeyCreationInfo> {
|
||||
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner, it)
|
||||
mTestHelper.runBlockingTest {
|
||||
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner)
|
||||
}
|
||||
|
||||
// Assert Account data is updated
|
||||
|
@ -99,7 +96,9 @@ class QuadSTests : InstrumentedTest {
|
|||
assertNull("Key was not generated from passphrase", parsed.passphrase)
|
||||
|
||||
// Set as default key
|
||||
quadS.setDefaultKey(TEST_KEY_ID, object : MatrixCallback<Unit> {})
|
||||
GlobalScope.launch {
|
||||
quadS.setDefaultKey(TEST_KEY_ID)
|
||||
}
|
||||
|
||||
var defaultKeyAccountData: UserAccountDataEvent? = null
|
||||
val defaultDataLock = CountDownLatch(1)
|
||||
|
@ -133,12 +132,11 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
// Store a secret
|
||||
val clearSecret = "42".toByteArray().toBase64NoPadding()
|
||||
mTestHelper.doSync<Unit> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.storeSecret(
|
||||
"secret.of.life",
|
||||
clearSecret,
|
||||
listOf(SharedSecretStorageService.KeyRef(null, keySpec)), // default key
|
||||
it
|
||||
listOf(SharedSecretStorageService.KeyRef(null, keySpec)) // default key
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -155,12 +153,11 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
// Try to decrypt??
|
||||
|
||||
val decryptedSecret = mTestHelper.doSync<String> {
|
||||
val decryptedSecret = mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.getSecret(
|
||||
"secret.of.life",
|
||||
null, // default key
|
||||
keySpec!!,
|
||||
it
|
||||
keySpec!!
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -176,13 +173,13 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
val TEST_KEY_ID = "my.test.Key"
|
||||
|
||||
mTestHelper.doSync<SsssKeyCreationInfo> {
|
||||
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner, it)
|
||||
mTestHelper.runBlockingTest {
|
||||
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner)
|
||||
}
|
||||
|
||||
// Test that we don't need to wait for an account data sync to access directly the keyid from DB
|
||||
mTestHelper.doSync<Unit> {
|
||||
quadS.setDefaultKey(TEST_KEY_ID, it)
|
||||
mTestHelper.runBlockingTest {
|
||||
quadS.setDefaultKey(TEST_KEY_ID)
|
||||
}
|
||||
|
||||
mTestHelper.signOutAndClose(aliceSession)
|
||||
|
@ -198,15 +195,14 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
val mySecretText = "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
|
||||
|
||||
mTestHelper.doSync<Unit> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.storeSecret(
|
||||
"my.secret",
|
||||
mySecretText.toByteArray().toBase64NoPadding(),
|
||||
listOf(
|
||||
SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)),
|
||||
SharedSecretStorageService.KeyRef(keyId2, RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey))
|
||||
),
|
||||
it
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -219,19 +215,17 @@ class QuadSTests : InstrumentedTest {
|
|||
assertNotNull(encryptedContent?.get(keyId2))
|
||||
|
||||
// Assert that can decrypt with both keys
|
||||
mTestHelper.doSync<String> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.getSecret("my.secret",
|
||||
keyId1,
|
||||
RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)!!,
|
||||
it
|
||||
RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)!!
|
||||
)
|
||||
}
|
||||
|
||||
mTestHelper.doSync<String> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.getSecret("my.secret",
|
||||
keyId2,
|
||||
RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey)!!,
|
||||
it
|
||||
RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey)!!
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -247,50 +241,34 @@ class QuadSTests : InstrumentedTest {
|
|||
|
||||
val mySecretText = "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
|
||||
|
||||
mTestHelper.doSync<Unit> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.storeSecret(
|
||||
"my.secret",
|
||||
mySecretText.toByteArray().toBase64NoPadding(),
|
||||
listOf(SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey))),
|
||||
it
|
||||
listOf(SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)))
|
||||
)
|
||||
}
|
||||
|
||||
val decryptCountDownLatch = CountDownLatch(1)
|
||||
var error = false
|
||||
aliceSession.sharedSecretStorageService.getSecret("my.secret",
|
||||
keyId1,
|
||||
RawBytesKeySpec.fromPassphrase(
|
||||
"A bad passphrase",
|
||||
key1Info.content?.passphrase?.salt ?: "",
|
||||
key1Info.content?.passphrase?.iterations ?: 0,
|
||||
null),
|
||||
object : MatrixCallback<String> {
|
||||
override fun onSuccess(data: String) {
|
||||
decryptCountDownLatch.countDown()
|
||||
}
|
||||
|
||||
override fun onFailure(failure: Throwable) {
|
||||
error = true
|
||||
decryptCountDownLatch.countDown()
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
mTestHelper.await(decryptCountDownLatch)
|
||||
|
||||
error shouldBe true
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.getSecret("my.secret",
|
||||
keyId1,
|
||||
RawBytesKeySpec.fromPassphrase(
|
||||
"A bad passphrase",
|
||||
key1Info.content?.passphrase?.salt ?: "",
|
||||
key1Info.content?.passphrase?.iterations ?: 0,
|
||||
null)
|
||||
)
|
||||
}
|
||||
|
||||
// Now try with correct key
|
||||
mTestHelper.doSync<String> {
|
||||
mTestHelper.runBlockingTest {
|
||||
aliceSession.sharedSecretStorageService.getSecret("my.secret",
|
||||
keyId1,
|
||||
RawBytesKeySpec.fromPassphrase(
|
||||
passphrase,
|
||||
key1Info.content?.passphrase?.salt ?: "",
|
||||
key1Info.content?.passphrase?.iterations ?: 0,
|
||||
null),
|
||||
it
|
||||
null)
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -321,15 +299,15 @@ class QuadSTests : InstrumentedTest {
|
|||
private fun generatedSecret(session: Session, keyId: String, asDefault: Boolean = true): SsssKeyCreationInfo {
|
||||
val quadS = session.sharedSecretStorageService
|
||||
|
||||
val creationInfo = mTestHelper.doSync<SsssKeyCreationInfo> {
|
||||
quadS.generateKey(keyId, null, keyId, emptyKeySigner, it)
|
||||
val creationInfo = mTestHelper.runBlockingTest {
|
||||
quadS.generateKey(keyId, null, keyId, emptyKeySigner)
|
||||
}
|
||||
|
||||
assertAccountData(session, "${DefaultSharedSecretStorageService.KEY_ID_BASE}.$keyId")
|
||||
|
||||
if (asDefault) {
|
||||
mTestHelper.doSync<Unit> {
|
||||
quadS.setDefaultKey(keyId, it)
|
||||
mTestHelper.runBlockingTest {
|
||||
quadS.setDefaultKey(keyId)
|
||||
}
|
||||
assertAccountData(session, DefaultSharedSecretStorageService.DEFAULT_KEY_ID)
|
||||
}
|
||||
|
@ -340,21 +318,20 @@ class QuadSTests : InstrumentedTest {
|
|||
private fun generatedSecretFromPassphrase(session: Session, passphrase: String, keyId: String, asDefault: Boolean = true): SsssKeyCreationInfo {
|
||||
val quadS = session.sharedSecretStorageService
|
||||
|
||||
val creationInfo = mTestHelper.doSync<SsssKeyCreationInfo> {
|
||||
val creationInfo = mTestHelper.runBlockingTest {
|
||||
quadS.generateKeyWithPassphrase(
|
||||
keyId,
|
||||
keyId,
|
||||
passphrase,
|
||||
emptyKeySigner,
|
||||
null,
|
||||
it)
|
||||
null)
|
||||
}
|
||||
|
||||
assertAccountData(session, "${DefaultSharedSecretStorageService.KEY_ID_BASE}.$keyId")
|
||||
if (asDefault) {
|
||||
val setDefaultLatch = CountDownLatch(1)
|
||||
quadS.setDefaultKey(keyId, TestMatrixCallback(setDefaultLatch))
|
||||
mTestHelper.await(setDefaultLatch)
|
||||
mTestHelper.runBlockingTest {
|
||||
quadS.setDefaultKey(keyId)
|
||||
}
|
||||
assertAccountData(session, DefaultSharedSecretStorageService.DEFAULT_KEY_ID)
|
||||
}
|
||||
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
|
||||
package org.matrix.android.sdk.api.session.securestorage
|
||||
|
||||
import org.matrix.android.sdk.api.MatrixCallback
|
||||
import org.matrix.android.sdk.api.listeners.ProgressListener
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
|
||||
import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME
|
||||
|
@ -43,13 +42,12 @@ interface SharedSecretStorageService {
|
|||
* @param keyName a human readable name
|
||||
* @param keySigner Used to add a signature to the key (client should check key signature before storing secret)
|
||||
*
|
||||
* @param callback Get key creation info
|
||||
* @return key creation info
|
||||
*/
|
||||
fun generateKey(keyId: String,
|
||||
key: SsssKeySpec?,
|
||||
keyName: String,
|
||||
keySigner: KeySigner?,
|
||||
callback: MatrixCallback<SsssKeyCreationInfo>)
|
||||
suspend fun generateKey(keyId: String,
|
||||
key: SsssKeySpec?,
|
||||
keyName: String,
|
||||
keySigner: KeySigner?): SsssKeyCreationInfo
|
||||
|
||||
/**
|
||||
* Generates a SSSS key using the given passphrase.
|
||||
|
@ -61,14 +59,13 @@ interface SharedSecretStorageService {
|
|||
* @param keySigner Used to add a signature to the key (client should check key signature before retrieving secret)
|
||||
* @param progressListener The derivation of the passphrase may take long depending on the device, use this to report progress
|
||||
*
|
||||
* @param callback Get key creation info
|
||||
* @return key creation info
|
||||
*/
|
||||
fun generateKeyWithPassphrase(keyId: String,
|
||||
keyName: String,
|
||||
passphrase: String,
|
||||
keySigner: KeySigner,
|
||||
progressListener: ProgressListener?,
|
||||
callback: MatrixCallback<SsssKeyCreationInfo>)
|
||||
suspend fun generateKeyWithPassphrase(keyId: String,
|
||||
keyName: String,
|
||||
passphrase: String,
|
||||
keySigner: KeySigner,
|
||||
progressListener: ProgressListener?): SsssKeyCreationInfo
|
||||
|
||||
fun getKey(keyId: String): KeyInfoResult
|
||||
|
||||
|
@ -80,7 +77,7 @@ interface SharedSecretStorageService {
|
|||
*/
|
||||
fun getDefaultKey(): KeyInfoResult
|
||||
|
||||
fun setDefaultKey(keyId: String, callback: MatrixCallback<Unit>)
|
||||
suspend fun setDefaultKey(keyId: String)
|
||||
|
||||
/**
|
||||
* Check whether we have a key with a given ID.
|
||||
|
@ -98,7 +95,7 @@ interface SharedSecretStorageService {
|
|||
* @param secret The secret contents.
|
||||
* @param keys The list of (ID,privateKey) of the keys to use to encrypt the secret.
|
||||
*/
|
||||
fun storeSecret(name: String, secretBase64: String, keys: List<KeyRef>, callback: MatrixCallback<Unit>)
|
||||
suspend fun storeSecret(name: String, secretBase64: String, keys: List<KeyRef>)
|
||||
|
||||
/**
|
||||
* Use this call to determine which SSSSKeySpec to use for requesting secret
|
||||
|
@ -113,7 +110,7 @@ interface SharedSecretStorageService {
|
|||
* @param secretKey the secret key to use (@see #RawBytesKeySpec)
|
||||
*
|
||||
*/
|
||||
fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec, callback: MatrixCallback<String>)
|
||||
suspend fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec): String
|
||||
|
||||
/**
|
||||
* Return true if SSSS is configured
|
||||
|
|
|
@ -16,7 +16,6 @@
|
|||
|
||||
package org.matrix.android.sdk.internal.crypto.secrets
|
||||
|
||||
import org.matrix.android.sdk.api.MatrixCallback
|
||||
import org.matrix.android.sdk.api.extensions.orFalse
|
||||
import org.matrix.android.sdk.api.listeners.ProgressListener
|
||||
import org.matrix.android.sdk.api.session.accountdata.AccountDataService
|
||||
|
@ -43,10 +42,10 @@ import org.matrix.android.sdk.internal.crypto.keysbackup.util.computeRecoveryKey
|
|||
import org.matrix.android.sdk.internal.crypto.tools.HkdfSha256
|
||||
import org.matrix.android.sdk.internal.crypto.tools.withOlmDecryption
|
||||
import org.matrix.android.sdk.internal.di.UserId
|
||||
import org.matrix.android.sdk.internal.extensions.foldToCallback
|
||||
import org.matrix.android.sdk.internal.util.MatrixCoroutineDispatchers
|
||||
import kotlinx.coroutines.CoroutineScope
|
||||
import kotlinx.coroutines.launch
|
||||
import kotlinx.coroutines.withContext
|
||||
import org.matrix.android.sdk.internal.util.awaitCallback
|
||||
import org.matrix.olm.OlmPkMessage
|
||||
import java.security.SecureRandom
|
||||
import javax.crypto.Cipher
|
||||
|
@ -64,21 +63,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
private val cryptoCoroutineScope: CoroutineScope
|
||||
) : SharedSecretStorageService {
|
||||
|
||||
override fun generateKey(keyId: String,
|
||||
key: SsssKeySpec?,
|
||||
keyName: String,
|
||||
keySigner: KeySigner?,
|
||||
callback: MatrixCallback<SsssKeyCreationInfo>) {
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
|
||||
val bytes = try {
|
||||
(key as? RawBytesKeySpec)?.privateKey
|
||||
?: ByteArray(32).also {
|
||||
SecureRandom().nextBytes(it)
|
||||
}
|
||||
} catch (failure: Throwable) {
|
||||
callback.onFailure(failure)
|
||||
return@launch
|
||||
}
|
||||
override suspend fun generateKey(keyId: String,
|
||||
key: SsssKeySpec?,
|
||||
keyName: String,
|
||||
keySigner: KeySigner?): SsssKeyCreationInfo {
|
||||
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
|
||||
val bytes = (key as? RawBytesKeySpec)?.privateKey
|
||||
?: ByteArray(32).also {
|
||||
SecureRandom().nextBytes(it)
|
||||
}
|
||||
|
||||
val storageKeyContent = SecretStorageKeyContent(
|
||||
name = keyName,
|
||||
|
@ -92,34 +85,24 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
)
|
||||
} ?: storageKeyContent
|
||||
|
||||
accountDataService.updateAccountData(
|
||||
"$KEY_ID_BASE.$keyId",
|
||||
signedContent.toContent(),
|
||||
object : MatrixCallback<Unit> {
|
||||
override fun onFailure(failure: Throwable) {
|
||||
callback.onFailure(failure)
|
||||
}
|
||||
|
||||
override fun onSuccess(data: Unit) {
|
||||
callback.onSuccess(SsssKeyCreationInfo(
|
||||
keyId = keyId,
|
||||
content = storageKeyContent,
|
||||
recoveryKey = computeRecoveryKey(bytes),
|
||||
keySpec = RawBytesKeySpec(bytes)
|
||||
))
|
||||
}
|
||||
}
|
||||
awaitCallback<Unit> {
|
||||
accountDataService.updateAccountData("$KEY_ID_BASE.$keyId", signedContent.toContent(), it)
|
||||
}
|
||||
SsssKeyCreationInfo(
|
||||
keyId = keyId,
|
||||
content = storageKeyContent,
|
||||
recoveryKey = computeRecoveryKey(bytes),
|
||||
keySpec = RawBytesKeySpec(bytes)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
override fun generateKeyWithPassphrase(keyId: String,
|
||||
keyName: String,
|
||||
passphrase: String,
|
||||
keySigner: KeySigner,
|
||||
progressListener: ProgressListener?,
|
||||
callback: MatrixCallback<SsssKeyCreationInfo>) {
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
|
||||
override suspend fun generateKeyWithPassphrase(keyId: String,
|
||||
keyName: String,
|
||||
passphrase: String,
|
||||
keySigner: KeySigner,
|
||||
progressListener: ProgressListener?): SsssKeyCreationInfo {
|
||||
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
|
||||
val privatePart = generatePrivateKeyWithPassword(passphrase, progressListener)
|
||||
|
||||
val storageKeyContent = SecretStorageKeyContent(
|
||||
|
@ -133,23 +116,18 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
)
|
||||
} ?: storageKeyContent
|
||||
|
||||
accountDataService.updateAccountData(
|
||||
"$KEY_ID_BASE.$keyId",
|
||||
signedContent.toContent(),
|
||||
object : MatrixCallback<Unit> {
|
||||
override fun onFailure(failure: Throwable) {
|
||||
callback.onFailure(failure)
|
||||
}
|
||||
|
||||
override fun onSuccess(data: Unit) {
|
||||
callback.onSuccess(SsssKeyCreationInfo(
|
||||
keyId = keyId,
|
||||
content = storageKeyContent,
|
||||
recoveryKey = computeRecoveryKey(privatePart.privateKey),
|
||||
keySpec = RawBytesKeySpec(privatePart.privateKey)
|
||||
))
|
||||
}
|
||||
}
|
||||
awaitCallback<Unit> {
|
||||
accountDataService.updateAccountData(
|
||||
"$KEY_ID_BASE.$keyId",
|
||||
signedContent.toContent(),
|
||||
it
|
||||
)
|
||||
}
|
||||
SsssKeyCreationInfo(
|
||||
keyId = keyId,
|
||||
content = storageKeyContent,
|
||||
recoveryKey = computeRecoveryKey(privatePart.privateKey),
|
||||
keySpec = RawBytesKeySpec(privatePart.privateKey)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
@ -168,15 +146,17 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
} ?: KeyInfoResult.Error(SharedSecretStorageError.UnknownAlgorithm(keyId))
|
||||
}
|
||||
|
||||
override fun setDefaultKey(keyId: String, callback: MatrixCallback<Unit>) {
|
||||
override suspend fun setDefaultKey(keyId: String) {
|
||||
val existingKey = getKey(keyId)
|
||||
if (existingKey is KeyInfoResult.Success) {
|
||||
accountDataService.updateAccountData(DEFAULT_KEY_ID,
|
||||
mapOf("key" to keyId),
|
||||
callback
|
||||
)
|
||||
awaitCallback<Unit> {
|
||||
accountDataService.updateAccountData(DEFAULT_KEY_ID,
|
||||
mapOf("key" to keyId),
|
||||
it
|
||||
)
|
||||
}
|
||||
} else {
|
||||
callback.onFailure(SharedSecretStorageError.UnknownKey(keyId))
|
||||
throw SharedSecretStorageError.UnknownKey(keyId)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -188,41 +168,35 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
return getKey(keyId)
|
||||
}
|
||||
|
||||
override fun storeSecret(name: String, secretBase64: String, keys: List<SharedSecretStorageService.KeyRef>, callback: MatrixCallback<Unit>) {
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
|
||||
override suspend fun storeSecret(name: String, secretBase64: String, keys: List<SharedSecretStorageService.KeyRef>) {
|
||||
withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
|
||||
val encryptedContents = HashMap<String, EncryptedSecretContent>()
|
||||
try {
|
||||
keys.forEach {
|
||||
val keyId = it.keyId
|
||||
// encrypt the content
|
||||
when (val key = keyId?.let { getKey(keyId) } ?: getDefaultKey()) {
|
||||
is KeyInfoResult.Success -> {
|
||||
if (key.keyInfo.content.algorithm == SSSS_ALGORITHM_AES_HMAC_SHA2) {
|
||||
encryptAesHmacSha2(it.keySpec!!, name, secretBase64).let {
|
||||
encryptedContents[key.keyInfo.id] = it
|
||||
}
|
||||
} else {
|
||||
// Unknown algorithm
|
||||
callback.onFailure(SharedSecretStorageError.UnknownAlgorithm(key.keyInfo.content.algorithm ?: ""))
|
||||
return@launch
|
||||
keys.forEach {
|
||||
val keyId = it.keyId
|
||||
// encrypt the content
|
||||
when (val key = keyId?.let { getKey(keyId) } ?: getDefaultKey()) {
|
||||
is KeyInfoResult.Success -> {
|
||||
if (key.keyInfo.content.algorithm == SSSS_ALGORITHM_AES_HMAC_SHA2) {
|
||||
encryptAesHmacSha2(it.keySpec!!, name, secretBase64).let {
|
||||
encryptedContents[key.keyInfo.id] = it
|
||||
}
|
||||
}
|
||||
is KeyInfoResult.Error -> {
|
||||
callback.onFailure(key.error)
|
||||
return@launch
|
||||
} else {
|
||||
// Unknown algorithm
|
||||
throw SharedSecretStorageError.UnknownAlgorithm(key.keyInfo.content.algorithm ?: "")
|
||||
}
|
||||
}
|
||||
is KeyInfoResult.Error -> throw key.error
|
||||
}
|
||||
}
|
||||
|
||||
awaitCallback<Unit> {
|
||||
accountDataService.updateAccountData(
|
||||
type = name,
|
||||
content = mapOf(
|
||||
"encrypted" to encryptedContents
|
||||
),
|
||||
callback = callback
|
||||
callback = it
|
||||
)
|
||||
} catch (failure: Throwable) {
|
||||
callback.onFailure(failure)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -344,57 +318,40 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
|
|||
return results
|
||||
}
|
||||
|
||||
override fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec, callback: MatrixCallback<String>) {
|
||||
val accountData = accountDataService.getAccountDataEvent(name) ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.UnknownSecret(name))
|
||||
}
|
||||
val encryptedContent = accountData.content[ENCRYPTED] as? Map<*, *> ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.SecretNotEncrypted(name))
|
||||
}
|
||||
val key = keyId?.let { getKey(it) } as? KeyInfoResult.Success ?: getDefaultKey() as? KeyInfoResult.Success ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.UnknownKey(name))
|
||||
}
|
||||
override suspend fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec): String {
|
||||
val accountData = accountDataService.getAccountDataEvent(name) ?: throw SharedSecretStorageError.UnknownSecret(name)
|
||||
val encryptedContent = accountData.content[ENCRYPTED] as? Map<*, *> ?: throw SharedSecretStorageError.SecretNotEncrypted(name)
|
||||
val key = keyId?.let { getKey(it) } as? KeyInfoResult.Success ?: getDefaultKey() as? KeyInfoResult.Success
|
||||
?: throw SharedSecretStorageError.UnknownKey(name)
|
||||
|
||||
val encryptedForKey = encryptedContent[key.keyInfo.id] ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.SecretNotEncryptedWithKey(name, key.keyInfo.id))
|
||||
}
|
||||
val encryptedForKey = encryptedContent[key.keyInfo.id] ?: throw SharedSecretStorageError.SecretNotEncryptedWithKey(name, key.keyInfo.id)
|
||||
|
||||
val secretContent = EncryptedSecretContent.fromJson(encryptedForKey)
|
||||
?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.ParsingError)
|
||||
}
|
||||
?: throw SharedSecretStorageError.ParsingError
|
||||
|
||||
val algorithm = key.keyInfo.content
|
||||
if (SSSS_ALGORITHM_CURVE25519_AES_SHA2 == algorithm.algorithm) {
|
||||
val keySpec = secretKey as? RawBytesKeySpec ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.BadKeyFormat)
|
||||
}
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
|
||||
runCatching {
|
||||
// decrypt from recovery key
|
||||
withOlmDecryption { olmPkDecryption ->
|
||||
olmPkDecryption.setPrivateKey(keySpec.privateKey)
|
||||
olmPkDecryption.decrypt(OlmPkMessage()
|
||||
.apply {
|
||||
mCipherText = secretContent.ciphertext
|
||||
mEphemeralKey = secretContent.ephemeral
|
||||
mMac = secretContent.mac
|
||||
}
|
||||
)
|
||||
}
|
||||
}.foldToCallback(callback)
|
||||
val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat
|
||||
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
|
||||
// decrypt from recovery key
|
||||
withOlmDecryption { olmPkDecryption ->
|
||||
olmPkDecryption.setPrivateKey(keySpec.privateKey)
|
||||
olmPkDecryption.decrypt(OlmPkMessage()
|
||||
.apply {
|
||||
mCipherText = secretContent.ciphertext
|
||||
mEphemeralKey = secretContent.ephemeral
|
||||
mMac = secretContent.mac
|
||||
}
|
||||
)
|
||||
}
|
||||
}
|
||||
} else if (SSSS_ALGORITHM_AES_HMAC_SHA2 == algorithm.algorithm) {
|
||||
val keySpec = secretKey as? RawBytesKeySpec ?: return Unit.also {
|
||||
callback.onFailure(SharedSecretStorageError.BadKeyFormat)
|
||||
}
|
||||
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
|
||||
runCatching {
|
||||
decryptAesHmacSha2(keySpec, name, secretContent)
|
||||
}.foldToCallback(callback)
|
||||
val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat
|
||||
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
|
||||
decryptAesHmacSha2(keySpec, name, secretContent)
|
||||
}
|
||||
} else {
|
||||
callback.onFailure(SharedSecretStorageError.UnsupportedAlgorithm(algorithm.algorithm ?: ""))
|
||||
throw SharedSecretStorageError.UnsupportedAlgorithm(algorithm.algorithm ?: "")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -43,7 +43,6 @@ import org.matrix.android.sdk.api.session.securestorage.IntegrityResult
|
|||
import org.matrix.android.sdk.api.session.securestorage.KeyInfoResult
|
||||
import org.matrix.android.sdk.api.session.securestorage.RawBytesKeySpec
|
||||
import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding
|
||||
import org.matrix.android.sdk.internal.util.awaitCallback
|
||||
import org.matrix.android.sdk.rx.rx
|
||||
import timber.log.Timber
|
||||
import java.io.ByteArrayOutputStream
|
||||
|
@ -130,13 +129,13 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
|
|||
override fun handle(action: SharedSecureStorageAction) = withState {
|
||||
when (action) {
|
||||
is SharedSecureStorageAction.TogglePasswordVisibility -> handleTogglePasswordVisibility()
|
||||
is SharedSecureStorageAction.Cancel -> handleCancel()
|
||||
is SharedSecureStorageAction.SubmitPassphrase -> handleSubmitPassphrase(action)
|
||||
SharedSecureStorageAction.UseKey -> handleUseKey()
|
||||
is SharedSecureStorageAction.SubmitKey -> handleSubmitKey(action)
|
||||
SharedSecureStorageAction.Back -> handleBack()
|
||||
SharedSecureStorageAction.ForgotResetAll -> handleResetAll()
|
||||
SharedSecureStorageAction.DoResetAll -> handleDoResetAll()
|
||||
is SharedSecureStorageAction.Cancel -> handleCancel()
|
||||
is SharedSecureStorageAction.SubmitPassphrase -> handleSubmitPassphrase(action)
|
||||
SharedSecureStorageAction.UseKey -> handleUseKey()
|
||||
is SharedSecureStorageAction.SubmitKey -> handleSubmitKey(action)
|
||||
SharedSecureStorageAction.Back -> handleBack()
|
||||
SharedSecureStorageAction.ForgotResetAll -> handleResetAll()
|
||||
SharedSecureStorageAction.DoResetAll -> handleDoResetAll()
|
||||
}.exhaustive
|
||||
}
|
||||
|
||||
|
@ -220,13 +219,10 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
|
|||
withContext(Dispatchers.IO) {
|
||||
args.requestedSecrets.forEach {
|
||||
if (session.getAccountDataEvent(it) != null) {
|
||||
val res = awaitCallback<String> { callback ->
|
||||
session.sharedSecretStorageService.getSecret(
|
||||
name = it,
|
||||
keyId = keyInfo.id,
|
||||
secretKey = keySpec,
|
||||
callback = callback)
|
||||
}
|
||||
val res = session.sharedSecretStorageService.getSecret(
|
||||
name = it,
|
||||
keyId = keyInfo.id,
|
||||
secretKey = keySpec)
|
||||
decryptedSecretMap[it] = res
|
||||
} else {
|
||||
Timber.w("## Cannot find secret $it in SSSS, skip")
|
||||
|
@ -292,13 +288,10 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
|
|||
withContext(Dispatchers.IO) {
|
||||
args.requestedSecrets.forEach {
|
||||
if (session.getAccountDataEvent(it) != null) {
|
||||
val res = awaitCallback<String> { callback ->
|
||||
session.sharedSecretStorageService.getSecret(
|
||||
name = it,
|
||||
keyId = keyInfo.id,
|
||||
secretKey = keySpec,
|
||||
callback = callback)
|
||||
}
|
||||
val res = session.sharedSecretStorageService.getSecret(
|
||||
name = it,
|
||||
keyId = keyInfo.id,
|
||||
secretKey = keySpec)
|
||||
decryptedSecretMap[it] = res
|
||||
} else {
|
||||
Timber.w("## Cannot find secret $it in SSSS, skip")
|
||||
|
|
|
@ -97,37 +97,31 @@ class BackupToQuadSMigrationTask @Inject constructor(
|
|||
when {
|
||||
params.passphrase?.isNotEmpty() == true -> {
|
||||
reportProgress(params, R.string.bootstrap_progress_generating_ssss)
|
||||
awaitCallback {
|
||||
quadS.generateKeyWithPassphrase(
|
||||
UUID.randomUUID().toString(),
|
||||
"ssss_key",
|
||||
params.passphrase,
|
||||
EmptyKeySigner(),
|
||||
object : ProgressListener {
|
||||
override fun onProgress(progress: Int, total: Int) {
|
||||
params.progressListener?.onProgress(
|
||||
WaitingViewData(
|
||||
stringProvider.getString(
|
||||
R.string.bootstrap_progress_generating_ssss_with_info,
|
||||
"$progress/$total")
|
||||
))
|
||||
}
|
||||
},
|
||||
it
|
||||
)
|
||||
}
|
||||
quadS.generateKeyWithPassphrase(
|
||||
UUID.randomUUID().toString(),
|
||||
"ssss_key",
|
||||
params.passphrase,
|
||||
EmptyKeySigner(),
|
||||
object : ProgressListener {
|
||||
override fun onProgress(progress: Int, total: Int) {
|
||||
params.progressListener?.onProgress(
|
||||
WaitingViewData(
|
||||
stringProvider.getString(
|
||||
R.string.bootstrap_progress_generating_ssss_with_info,
|
||||
"$progress/$total")
|
||||
))
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
params.recoveryKey != null -> {
|
||||
reportProgress(params, R.string.bootstrap_progress_generating_ssss_recovery)
|
||||
awaitCallback {
|
||||
quadS.generateKey(
|
||||
UUID.randomUUID().toString(),
|
||||
extractCurveKeyFromRecoveryKey(params.recoveryKey)?.let { RawBytesKeySpec(it) },
|
||||
"ssss_key",
|
||||
EmptyKeySigner(),
|
||||
it
|
||||
)
|
||||
}
|
||||
quadS.generateKey(
|
||||
UUID.randomUUID().toString(),
|
||||
extractCurveKeyFromRecoveryKey(params.recoveryKey)?.let { RawBytesKeySpec(it) },
|
||||
"ssss_key",
|
||||
EmptyKeySigner()
|
||||
)
|
||||
}
|
||||
else -> {
|
||||
return Result.IllegalParams
|
||||
|
@ -137,14 +131,11 @@ class BackupToQuadSMigrationTask @Inject constructor(
|
|||
// Ok, so now we have migrated the old keybackup secret as the quadS key
|
||||
// Now we need to store the keybackup key in SSSS in a compatible way
|
||||
reportProgress(params, R.string.bootstrap_progress_storing_in_sss)
|
||||
awaitCallback<Unit> {
|
||||
quadS.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
curveKey.toBase64NoPadding(),
|
||||
listOf(SharedSecretStorageService.KeyRef(info.keyId, info.keySpec)),
|
||||
it
|
||||
)
|
||||
}
|
||||
quadS.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
curveKey.toBase64NoPadding(),
|
||||
listOf(SharedSecretStorageService.KeyRef(info.keyId, info.keySpec))
|
||||
)
|
||||
|
||||
// save for gossiping
|
||||
keysBackupService.saveBackupRecoveryKey(recoveryKey, version.version)
|
||||
|
|
|
@ -126,25 +126,21 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S key with pass: ${params.passphrase != null}")
|
||||
try {
|
||||
keyInfo = awaitCallback {
|
||||
params.passphrase?.let { passphrase ->
|
||||
ssssService.generateKeyWithPassphrase(
|
||||
UUID.randomUUID().toString(),
|
||||
"ssss_key",
|
||||
passphrase,
|
||||
EmptyKeySigner(),
|
||||
null,
|
||||
it
|
||||
)
|
||||
} ?: run {
|
||||
ssssService.generateKey(
|
||||
UUID.randomUUID().toString(),
|
||||
params.keySpec,
|
||||
"ssss_key",
|
||||
EmptyKeySigner(),
|
||||
it
|
||||
)
|
||||
}
|
||||
keyInfo = params.passphrase?.let { passphrase ->
|
||||
ssssService.generateKeyWithPassphrase(
|
||||
UUID.randomUUID().toString(),
|
||||
"ssss_key",
|
||||
passphrase,
|
||||
EmptyKeySigner(),
|
||||
null
|
||||
)
|
||||
} ?: run {
|
||||
ssssService.generateKey(
|
||||
UUID.randomUUID().toString(),
|
||||
params.keySpec,
|
||||
"ssss_key",
|
||||
EmptyKeySigner()
|
||||
)
|
||||
}
|
||||
} catch (failure: Failure) {
|
||||
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Failed to generate key <${failure.localizedMessage}>")
|
||||
|
@ -159,9 +155,7 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Set default key")
|
||||
try {
|
||||
awaitCallback<Unit> {
|
||||
ssssService.setDefaultKey(keyInfo.keyId, it)
|
||||
}
|
||||
ssssService.setDefaultKey(keyInfo.keyId)
|
||||
} catch (failure: Failure) {
|
||||
// Maybe we could just ignore this error?
|
||||
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Set default key error <${failure.localizedMessage}>")
|
||||
|
@ -183,13 +177,11 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
)
|
||||
)
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing MSK...")
|
||||
awaitCallback<Unit> {
|
||||
ssssService.storeSecret(
|
||||
MASTER_KEY_SSSS_NAME,
|
||||
mskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
|
||||
)
|
||||
}
|
||||
ssssService.storeSecret(
|
||||
MASTER_KEY_SSSS_NAME,
|
||||
mskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
|
||||
)
|
||||
params.progressListener?.onProgress(
|
||||
WaitingViewData(
|
||||
stringProvider.getString(R.string.bootstrap_crosssigning_progress_save_usk),
|
||||
|
@ -197,27 +189,22 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
)
|
||||
)
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing USK...")
|
||||
awaitCallback<Unit> {
|
||||
ssssService.storeSecret(
|
||||
USER_SIGNING_KEY_SSSS_NAME,
|
||||
uskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)),
|
||||
it
|
||||
)
|
||||
}
|
||||
ssssService.storeSecret(
|
||||
USER_SIGNING_KEY_SSSS_NAME,
|
||||
uskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)),
|
||||
)
|
||||
params.progressListener?.onProgress(
|
||||
WaitingViewData(
|
||||
stringProvider.getString(R.string.bootstrap_crosssigning_progress_save_ssk), isIndeterminate = true
|
||||
)
|
||||
)
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing SSK...")
|
||||
awaitCallback<Unit> {
|
||||
ssssService.storeSecret(
|
||||
SELF_SIGNING_KEY_SSSS_NAME,
|
||||
sskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
|
||||
)
|
||||
}
|
||||
ssssService.storeSecret(
|
||||
SELF_SIGNING_KEY_SSSS_NAME,
|
||||
sskPrivateKey,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
|
||||
)
|
||||
} catch (failure: Failure) {
|
||||
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Failed to store keys <${failure.localizedMessage}>")
|
||||
// Maybe we could just ignore this error?
|
||||
|
@ -265,14 +252,12 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Save megolm backup key for gossiping")
|
||||
session.cryptoService().keysBackupService().saveBackupRecoveryKey(creationInfo.recoveryKey, version = version.version)
|
||||
|
||||
awaitCallback<Unit> {
|
||||
extractCurveKeyFromRecoveryKey(creationInfo.recoveryKey)?.toBase64NoPadding()?.let { secret ->
|
||||
ssssService.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
secret,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
|
||||
)
|
||||
}
|
||||
extractCurveKeyFromRecoveryKey(creationInfo.recoveryKey)?.toBase64NoPadding()?.let { secret ->
|
||||
ssssService.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
secret,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
|
||||
)
|
||||
}
|
||||
} else {
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Existing megolm backup found")
|
||||
|
@ -284,14 +269,12 @@ class BootstrapCrossSigningTask @Inject constructor(
|
|||
}
|
||||
if (isValid) {
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Megolm key valid and known")
|
||||
awaitCallback<Unit> {
|
||||
extractCurveKeyFromRecoveryKey(knownMegolmSecret!!.recoveryKey)?.toBase64NoPadding()?.let { secret ->
|
||||
ssssService.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
secret,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
|
||||
)
|
||||
}
|
||||
extractCurveKeyFromRecoveryKey(knownMegolmSecret!!.recoveryKey)?.toBase64NoPadding()?.let { secret ->
|
||||
ssssService.storeSecret(
|
||||
KEYBACKUP_SECRET_SSSS_NAME,
|
||||
secret,
|
||||
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
|
||||
)
|
||||
}
|
||||
} else {
|
||||
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Megolm key is unknown by this session")
|
||||
|
|
Loading…
Reference in a new issue