Convert SharedSecretStorageService to suspend functions

Signed-off-by: Dominic Fischer <dominicfischer7@gmail.com>
This commit is contained in:
Dominic Fischer 2021-03-28 11:50:17 +01:00
parent 2045a164c1
commit b70585016c
6 changed files with 227 additions and 329 deletions

View file

@ -19,7 +19,6 @@ package org.matrix.android.sdk.internal.crypto.ssss
import androidx.lifecycle.Observer
import androidx.test.ext.junit.runners.AndroidJUnit4
import org.matrix.android.sdk.InstrumentedTest
import org.matrix.android.sdk.api.MatrixCallback
import org.matrix.android.sdk.api.session.Session
import org.matrix.android.sdk.api.session.securestorage.EncryptedSecretContent
import org.matrix.android.sdk.api.session.securestorage.KeySigner
@ -31,7 +30,6 @@ import org.matrix.android.sdk.api.util.Optional
import org.matrix.android.sdk.common.CommonTestHelper
import org.matrix.android.sdk.common.SessionTestParams
import org.matrix.android.sdk.common.TestConstants
import org.matrix.android.sdk.common.TestMatrixCallback
import org.matrix.android.sdk.internal.crypto.SSSS_ALGORITHM_AES_HMAC_SHA2
import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding
import org.matrix.android.sdk.internal.crypto.secrets.DefaultSharedSecretStorageService
@ -40,7 +38,6 @@ import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.GlobalScope
import kotlinx.coroutines.launch
import kotlinx.coroutines.runBlocking
import org.amshove.kluent.shouldBe
import org.junit.Assert.assertEquals
import org.junit.Assert.assertNotNull
import org.junit.Assert.assertNull
@ -70,8 +67,8 @@ class QuadSTests : InstrumentedTest {
val TEST_KEY_ID = "my.test.Key"
mTestHelper.doSync<SsssKeyCreationInfo> {
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner, it)
mTestHelper.runBlockingTest {
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner)
}
// Assert Account data is updated
@ -99,7 +96,9 @@ class QuadSTests : InstrumentedTest {
assertNull("Key was not generated from passphrase", parsed.passphrase)
// Set as default key
quadS.setDefaultKey(TEST_KEY_ID, object : MatrixCallback<Unit> {})
GlobalScope.launch {
quadS.setDefaultKey(TEST_KEY_ID)
}
var defaultKeyAccountData: UserAccountDataEvent? = null
val defaultDataLock = CountDownLatch(1)
@ -133,12 +132,11 @@ class QuadSTests : InstrumentedTest {
// Store a secret
val clearSecret = "42".toByteArray().toBase64NoPadding()
mTestHelper.doSync<Unit> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.storeSecret(
"secret.of.life",
clearSecret,
listOf(SharedSecretStorageService.KeyRef(null, keySpec)), // default key
it
listOf(SharedSecretStorageService.KeyRef(null, keySpec)) // default key
)
}
@ -155,12 +153,11 @@ class QuadSTests : InstrumentedTest {
// Try to decrypt??
val decryptedSecret = mTestHelper.doSync<String> {
val decryptedSecret = mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.getSecret(
"secret.of.life",
null, // default key
keySpec!!,
it
keySpec!!
)
}
@ -176,13 +173,13 @@ class QuadSTests : InstrumentedTest {
val TEST_KEY_ID = "my.test.Key"
mTestHelper.doSync<SsssKeyCreationInfo> {
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner, it)
mTestHelper.runBlockingTest {
quadS.generateKey(TEST_KEY_ID, null, "Test Key", emptyKeySigner)
}
// Test that we don't need to wait for an account data sync to access directly the keyid from DB
mTestHelper.doSync<Unit> {
quadS.setDefaultKey(TEST_KEY_ID, it)
mTestHelper.runBlockingTest {
quadS.setDefaultKey(TEST_KEY_ID)
}
mTestHelper.signOutAndClose(aliceSession)
@ -198,15 +195,14 @@ class QuadSTests : InstrumentedTest {
val mySecretText = "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
mTestHelper.doSync<Unit> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.storeSecret(
"my.secret",
mySecretText.toByteArray().toBase64NoPadding(),
listOf(
SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)),
SharedSecretStorageService.KeyRef(keyId2, RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey))
),
it
)
)
}
@ -219,19 +215,17 @@ class QuadSTests : InstrumentedTest {
assertNotNull(encryptedContent?.get(keyId2))
// Assert that can decrypt with both keys
mTestHelper.doSync<String> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.getSecret("my.secret",
keyId1,
RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)!!,
it
RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)!!
)
}
mTestHelper.doSync<String> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.getSecret("my.secret",
keyId2,
RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey)!!,
it
RawBytesKeySpec.fromRecoveryKey(key2Info.recoveryKey)!!
)
}
@ -247,50 +241,34 @@ class QuadSTests : InstrumentedTest {
val mySecretText = "Lorem ipsum dolor sit amet, consectetur adipiscing elit"
mTestHelper.doSync<Unit> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.storeSecret(
"my.secret",
mySecretText.toByteArray().toBase64NoPadding(),
listOf(SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey))),
it
listOf(SharedSecretStorageService.KeyRef(keyId1, RawBytesKeySpec.fromRecoveryKey(key1Info.recoveryKey)))
)
}
val decryptCountDownLatch = CountDownLatch(1)
var error = false
aliceSession.sharedSecretStorageService.getSecret("my.secret",
keyId1,
RawBytesKeySpec.fromPassphrase(
"A bad passphrase",
key1Info.content?.passphrase?.salt ?: "",
key1Info.content?.passphrase?.iterations ?: 0,
null),
object : MatrixCallback<String> {
override fun onSuccess(data: String) {
decryptCountDownLatch.countDown()
}
override fun onFailure(failure: Throwable) {
error = true
decryptCountDownLatch.countDown()
}
}
)
mTestHelper.await(decryptCountDownLatch)
error shouldBe true
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.getSecret("my.secret",
keyId1,
RawBytesKeySpec.fromPassphrase(
"A bad passphrase",
key1Info.content?.passphrase?.salt ?: "",
key1Info.content?.passphrase?.iterations ?: 0,
null)
)
}
// Now try with correct key
mTestHelper.doSync<String> {
mTestHelper.runBlockingTest {
aliceSession.sharedSecretStorageService.getSecret("my.secret",
keyId1,
RawBytesKeySpec.fromPassphrase(
passphrase,
key1Info.content?.passphrase?.salt ?: "",
key1Info.content?.passphrase?.iterations ?: 0,
null),
it
null)
)
}
@ -321,15 +299,15 @@ class QuadSTests : InstrumentedTest {
private fun generatedSecret(session: Session, keyId: String, asDefault: Boolean = true): SsssKeyCreationInfo {
val quadS = session.sharedSecretStorageService
val creationInfo = mTestHelper.doSync<SsssKeyCreationInfo> {
quadS.generateKey(keyId, null, keyId, emptyKeySigner, it)
val creationInfo = mTestHelper.runBlockingTest {
quadS.generateKey(keyId, null, keyId, emptyKeySigner)
}
assertAccountData(session, "${DefaultSharedSecretStorageService.KEY_ID_BASE}.$keyId")
if (asDefault) {
mTestHelper.doSync<Unit> {
quadS.setDefaultKey(keyId, it)
mTestHelper.runBlockingTest {
quadS.setDefaultKey(keyId)
}
assertAccountData(session, DefaultSharedSecretStorageService.DEFAULT_KEY_ID)
}
@ -340,21 +318,20 @@ class QuadSTests : InstrumentedTest {
private fun generatedSecretFromPassphrase(session: Session, passphrase: String, keyId: String, asDefault: Boolean = true): SsssKeyCreationInfo {
val quadS = session.sharedSecretStorageService
val creationInfo = mTestHelper.doSync<SsssKeyCreationInfo> {
val creationInfo = mTestHelper.runBlockingTest {
quadS.generateKeyWithPassphrase(
keyId,
keyId,
passphrase,
emptyKeySigner,
null,
it)
null)
}
assertAccountData(session, "${DefaultSharedSecretStorageService.KEY_ID_BASE}.$keyId")
if (asDefault) {
val setDefaultLatch = CountDownLatch(1)
quadS.setDefaultKey(keyId, TestMatrixCallback(setDefaultLatch))
mTestHelper.await(setDefaultLatch)
mTestHelper.runBlockingTest {
quadS.setDefaultKey(keyId)
}
assertAccountData(session, DefaultSharedSecretStorageService.DEFAULT_KEY_ID)
}

View file

@ -16,7 +16,6 @@
package org.matrix.android.sdk.api.session.securestorage
import org.matrix.android.sdk.api.MatrixCallback
import org.matrix.android.sdk.api.listeners.ProgressListener
import org.matrix.android.sdk.api.session.crypto.crosssigning.KEYBACKUP_SECRET_SSSS_NAME
import org.matrix.android.sdk.api.session.crypto.crosssigning.MASTER_KEY_SSSS_NAME
@ -43,13 +42,12 @@ interface SharedSecretStorageService {
* @param keyName a human readable name
* @param keySigner Used to add a signature to the key (client should check key signature before storing secret)
*
* @param callback Get key creation info
* @return key creation info
*/
fun generateKey(keyId: String,
key: SsssKeySpec?,
keyName: String,
keySigner: KeySigner?,
callback: MatrixCallback<SsssKeyCreationInfo>)
suspend fun generateKey(keyId: String,
key: SsssKeySpec?,
keyName: String,
keySigner: KeySigner?): SsssKeyCreationInfo
/**
* Generates a SSSS key using the given passphrase.
@ -61,14 +59,13 @@ interface SharedSecretStorageService {
* @param keySigner Used to add a signature to the key (client should check key signature before retrieving secret)
* @param progressListener The derivation of the passphrase may take long depending on the device, use this to report progress
*
* @param callback Get key creation info
* @return key creation info
*/
fun generateKeyWithPassphrase(keyId: String,
keyName: String,
passphrase: String,
keySigner: KeySigner,
progressListener: ProgressListener?,
callback: MatrixCallback<SsssKeyCreationInfo>)
suspend fun generateKeyWithPassphrase(keyId: String,
keyName: String,
passphrase: String,
keySigner: KeySigner,
progressListener: ProgressListener?): SsssKeyCreationInfo
fun getKey(keyId: String): KeyInfoResult
@ -80,7 +77,7 @@ interface SharedSecretStorageService {
*/
fun getDefaultKey(): KeyInfoResult
fun setDefaultKey(keyId: String, callback: MatrixCallback<Unit>)
suspend fun setDefaultKey(keyId: String)
/**
* Check whether we have a key with a given ID.
@ -98,7 +95,7 @@ interface SharedSecretStorageService {
* @param secret The secret contents.
* @param keys The list of (ID,privateKey) of the keys to use to encrypt the secret.
*/
fun storeSecret(name: String, secretBase64: String, keys: List<KeyRef>, callback: MatrixCallback<Unit>)
suspend fun storeSecret(name: String, secretBase64: String, keys: List<KeyRef>)
/**
* Use this call to determine which SSSSKeySpec to use for requesting secret
@ -113,7 +110,7 @@ interface SharedSecretStorageService {
* @param secretKey the secret key to use (@see #RawBytesKeySpec)
*
*/
fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec, callback: MatrixCallback<String>)
suspend fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec): String
/**
* Return true if SSSS is configured

View file

@ -16,7 +16,6 @@
package org.matrix.android.sdk.internal.crypto.secrets
import org.matrix.android.sdk.api.MatrixCallback
import org.matrix.android.sdk.api.extensions.orFalse
import org.matrix.android.sdk.api.listeners.ProgressListener
import org.matrix.android.sdk.api.session.accountdata.AccountDataService
@ -43,10 +42,10 @@ import org.matrix.android.sdk.internal.crypto.keysbackup.util.computeRecoveryKey
import org.matrix.android.sdk.internal.crypto.tools.HkdfSha256
import org.matrix.android.sdk.internal.crypto.tools.withOlmDecryption
import org.matrix.android.sdk.internal.di.UserId
import org.matrix.android.sdk.internal.extensions.foldToCallback
import org.matrix.android.sdk.internal.util.MatrixCoroutineDispatchers
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.launch
import kotlinx.coroutines.withContext
import org.matrix.android.sdk.internal.util.awaitCallback
import org.matrix.olm.OlmPkMessage
import java.security.SecureRandom
import javax.crypto.Cipher
@ -64,21 +63,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
private val cryptoCoroutineScope: CoroutineScope
) : SharedSecretStorageService {
override fun generateKey(keyId: String,
key: SsssKeySpec?,
keyName: String,
keySigner: KeySigner?,
callback: MatrixCallback<SsssKeyCreationInfo>) {
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
val bytes = try {
(key as? RawBytesKeySpec)?.privateKey
?: ByteArray(32).also {
SecureRandom().nextBytes(it)
}
} catch (failure: Throwable) {
callback.onFailure(failure)
return@launch
}
override suspend fun generateKey(keyId: String,
key: SsssKeySpec?,
keyName: String,
keySigner: KeySigner?): SsssKeyCreationInfo {
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
val bytes = (key as? RawBytesKeySpec)?.privateKey
?: ByteArray(32).also {
SecureRandom().nextBytes(it)
}
val storageKeyContent = SecretStorageKeyContent(
name = keyName,
@ -92,34 +85,24 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
)
} ?: storageKeyContent
accountDataService.updateAccountData(
"$KEY_ID_BASE.$keyId",
signedContent.toContent(),
object : MatrixCallback<Unit> {
override fun onFailure(failure: Throwable) {
callback.onFailure(failure)
}
override fun onSuccess(data: Unit) {
callback.onSuccess(SsssKeyCreationInfo(
keyId = keyId,
content = storageKeyContent,
recoveryKey = computeRecoveryKey(bytes),
keySpec = RawBytesKeySpec(bytes)
))
}
}
awaitCallback<Unit> {
accountDataService.updateAccountData("$KEY_ID_BASE.$keyId", signedContent.toContent(), it)
}
SsssKeyCreationInfo(
keyId = keyId,
content = storageKeyContent,
recoveryKey = computeRecoveryKey(bytes),
keySpec = RawBytesKeySpec(bytes)
)
}
}
override fun generateKeyWithPassphrase(keyId: String,
keyName: String,
passphrase: String,
keySigner: KeySigner,
progressListener: ProgressListener?,
callback: MatrixCallback<SsssKeyCreationInfo>) {
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
override suspend fun generateKeyWithPassphrase(keyId: String,
keyName: String,
passphrase: String,
keySigner: KeySigner,
progressListener: ProgressListener?): SsssKeyCreationInfo {
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
val privatePart = generatePrivateKeyWithPassword(passphrase, progressListener)
val storageKeyContent = SecretStorageKeyContent(
@ -133,23 +116,18 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
)
} ?: storageKeyContent
accountDataService.updateAccountData(
"$KEY_ID_BASE.$keyId",
signedContent.toContent(),
object : MatrixCallback<Unit> {
override fun onFailure(failure: Throwable) {
callback.onFailure(failure)
}
override fun onSuccess(data: Unit) {
callback.onSuccess(SsssKeyCreationInfo(
keyId = keyId,
content = storageKeyContent,
recoveryKey = computeRecoveryKey(privatePart.privateKey),
keySpec = RawBytesKeySpec(privatePart.privateKey)
))
}
}
awaitCallback<Unit> {
accountDataService.updateAccountData(
"$KEY_ID_BASE.$keyId",
signedContent.toContent(),
it
)
}
SsssKeyCreationInfo(
keyId = keyId,
content = storageKeyContent,
recoveryKey = computeRecoveryKey(privatePart.privateKey),
keySpec = RawBytesKeySpec(privatePart.privateKey)
)
}
}
@ -168,15 +146,17 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
} ?: KeyInfoResult.Error(SharedSecretStorageError.UnknownAlgorithm(keyId))
}
override fun setDefaultKey(keyId: String, callback: MatrixCallback<Unit>) {
override suspend fun setDefaultKey(keyId: String) {
val existingKey = getKey(keyId)
if (existingKey is KeyInfoResult.Success) {
accountDataService.updateAccountData(DEFAULT_KEY_ID,
mapOf("key" to keyId),
callback
)
awaitCallback<Unit> {
accountDataService.updateAccountData(DEFAULT_KEY_ID,
mapOf("key" to keyId),
it
)
}
} else {
callback.onFailure(SharedSecretStorageError.UnknownKey(keyId))
throw SharedSecretStorageError.UnknownKey(keyId)
}
}
@ -188,41 +168,35 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
return getKey(keyId)
}
override fun storeSecret(name: String, secretBase64: String, keys: List<SharedSecretStorageService.KeyRef>, callback: MatrixCallback<Unit>) {
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
override suspend fun storeSecret(name: String, secretBase64: String, keys: List<SharedSecretStorageService.KeyRef>) {
withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
val encryptedContents = HashMap<String, EncryptedSecretContent>()
try {
keys.forEach {
val keyId = it.keyId
// encrypt the content
when (val key = keyId?.let { getKey(keyId) } ?: getDefaultKey()) {
is KeyInfoResult.Success -> {
if (key.keyInfo.content.algorithm == SSSS_ALGORITHM_AES_HMAC_SHA2) {
encryptAesHmacSha2(it.keySpec!!, name, secretBase64).let {
encryptedContents[key.keyInfo.id] = it
}
} else {
// Unknown algorithm
callback.onFailure(SharedSecretStorageError.UnknownAlgorithm(key.keyInfo.content.algorithm ?: ""))
return@launch
keys.forEach {
val keyId = it.keyId
// encrypt the content
when (val key = keyId?.let { getKey(keyId) } ?: getDefaultKey()) {
is KeyInfoResult.Success -> {
if (key.keyInfo.content.algorithm == SSSS_ALGORITHM_AES_HMAC_SHA2) {
encryptAesHmacSha2(it.keySpec!!, name, secretBase64).let {
encryptedContents[key.keyInfo.id] = it
}
}
is KeyInfoResult.Error -> {
callback.onFailure(key.error)
return@launch
} else {
// Unknown algorithm
throw SharedSecretStorageError.UnknownAlgorithm(key.keyInfo.content.algorithm ?: "")
}
}
is KeyInfoResult.Error -> throw key.error
}
}
awaitCallback<Unit> {
accountDataService.updateAccountData(
type = name,
content = mapOf(
"encrypted" to encryptedContents
),
callback = callback
callback = it
)
} catch (failure: Throwable) {
callback.onFailure(failure)
}
}
}
@ -344,57 +318,40 @@ internal class DefaultSharedSecretStorageService @Inject constructor(
return results
}
override fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec, callback: MatrixCallback<String>) {
val accountData = accountDataService.getAccountDataEvent(name) ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.UnknownSecret(name))
}
val encryptedContent = accountData.content[ENCRYPTED] as? Map<*, *> ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.SecretNotEncrypted(name))
}
val key = keyId?.let { getKey(it) } as? KeyInfoResult.Success ?: getDefaultKey() as? KeyInfoResult.Success ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.UnknownKey(name))
}
override suspend fun getSecret(name: String, keyId: String?, secretKey: SsssKeySpec): String {
val accountData = accountDataService.getAccountDataEvent(name) ?: throw SharedSecretStorageError.UnknownSecret(name)
val encryptedContent = accountData.content[ENCRYPTED] as? Map<*, *> ?: throw SharedSecretStorageError.SecretNotEncrypted(name)
val key = keyId?.let { getKey(it) } as? KeyInfoResult.Success ?: getDefaultKey() as? KeyInfoResult.Success
?: throw SharedSecretStorageError.UnknownKey(name)
val encryptedForKey = encryptedContent[key.keyInfo.id] ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.SecretNotEncryptedWithKey(name, key.keyInfo.id))
}
val encryptedForKey = encryptedContent[key.keyInfo.id] ?: throw SharedSecretStorageError.SecretNotEncryptedWithKey(name, key.keyInfo.id)
val secretContent = EncryptedSecretContent.fromJson(encryptedForKey)
?: return Unit.also {
callback.onFailure(SharedSecretStorageError.ParsingError)
}
?: throw SharedSecretStorageError.ParsingError
val algorithm = key.keyInfo.content
if (SSSS_ALGORITHM_CURVE25519_AES_SHA2 == algorithm.algorithm) {
val keySpec = secretKey as? RawBytesKeySpec ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.BadKeyFormat)
}
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
runCatching {
// decrypt from recovery key
withOlmDecryption { olmPkDecryption ->
olmPkDecryption.setPrivateKey(keySpec.privateKey)
olmPkDecryption.decrypt(OlmPkMessage()
.apply {
mCipherText = secretContent.ciphertext
mEphemeralKey = secretContent.ephemeral
mMac = secretContent.mac
}
)
}
}.foldToCallback(callback)
val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
// decrypt from recovery key
withOlmDecryption { olmPkDecryption ->
olmPkDecryption.setPrivateKey(keySpec.privateKey)
olmPkDecryption.decrypt(OlmPkMessage()
.apply {
mCipherText = secretContent.ciphertext
mEphemeralKey = secretContent.ephemeral
mMac = secretContent.mac
}
)
}
}
} else if (SSSS_ALGORITHM_AES_HMAC_SHA2 == algorithm.algorithm) {
val keySpec = secretKey as? RawBytesKeySpec ?: return Unit.also {
callback.onFailure(SharedSecretStorageError.BadKeyFormat)
}
cryptoCoroutineScope.launch(coroutineDispatchers.main) {
runCatching {
decryptAesHmacSha2(keySpec, name, secretContent)
}.foldToCallback(callback)
val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat
return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.main) {
decryptAesHmacSha2(keySpec, name, secretContent)
}
} else {
callback.onFailure(SharedSecretStorageError.UnsupportedAlgorithm(algorithm.algorithm ?: ""))
throw SharedSecretStorageError.UnsupportedAlgorithm(algorithm.algorithm ?: "")
}
}

View file

@ -43,7 +43,6 @@ import org.matrix.android.sdk.api.session.securestorage.IntegrityResult
import org.matrix.android.sdk.api.session.securestorage.KeyInfoResult
import org.matrix.android.sdk.api.session.securestorage.RawBytesKeySpec
import org.matrix.android.sdk.internal.crypto.crosssigning.toBase64NoPadding
import org.matrix.android.sdk.internal.util.awaitCallback
import org.matrix.android.sdk.rx.rx
import timber.log.Timber
import java.io.ByteArrayOutputStream
@ -130,13 +129,13 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
override fun handle(action: SharedSecureStorageAction) = withState {
when (action) {
is SharedSecureStorageAction.TogglePasswordVisibility -> handleTogglePasswordVisibility()
is SharedSecureStorageAction.Cancel -> handleCancel()
is SharedSecureStorageAction.SubmitPassphrase -> handleSubmitPassphrase(action)
SharedSecureStorageAction.UseKey -> handleUseKey()
is SharedSecureStorageAction.SubmitKey -> handleSubmitKey(action)
SharedSecureStorageAction.Back -> handleBack()
SharedSecureStorageAction.ForgotResetAll -> handleResetAll()
SharedSecureStorageAction.DoResetAll -> handleDoResetAll()
is SharedSecureStorageAction.Cancel -> handleCancel()
is SharedSecureStorageAction.SubmitPassphrase -> handleSubmitPassphrase(action)
SharedSecureStorageAction.UseKey -> handleUseKey()
is SharedSecureStorageAction.SubmitKey -> handleSubmitKey(action)
SharedSecureStorageAction.Back -> handleBack()
SharedSecureStorageAction.ForgotResetAll -> handleResetAll()
SharedSecureStorageAction.DoResetAll -> handleDoResetAll()
}.exhaustive
}
@ -220,13 +219,10 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
withContext(Dispatchers.IO) {
args.requestedSecrets.forEach {
if (session.getAccountDataEvent(it) != null) {
val res = awaitCallback<String> { callback ->
session.sharedSecretStorageService.getSecret(
name = it,
keyId = keyInfo.id,
secretKey = keySpec,
callback = callback)
}
val res = session.sharedSecretStorageService.getSecret(
name = it,
keyId = keyInfo.id,
secretKey = keySpec)
decryptedSecretMap[it] = res
} else {
Timber.w("## Cannot find secret $it in SSSS, skip")
@ -292,13 +288,10 @@ class SharedSecureStorageViewModel @AssistedInject constructor(
withContext(Dispatchers.IO) {
args.requestedSecrets.forEach {
if (session.getAccountDataEvent(it) != null) {
val res = awaitCallback<String> { callback ->
session.sharedSecretStorageService.getSecret(
name = it,
keyId = keyInfo.id,
secretKey = keySpec,
callback = callback)
}
val res = session.sharedSecretStorageService.getSecret(
name = it,
keyId = keyInfo.id,
secretKey = keySpec)
decryptedSecretMap[it] = res
} else {
Timber.w("## Cannot find secret $it in SSSS, skip")

View file

@ -97,37 +97,31 @@ class BackupToQuadSMigrationTask @Inject constructor(
when {
params.passphrase?.isNotEmpty() == true -> {
reportProgress(params, R.string.bootstrap_progress_generating_ssss)
awaitCallback {
quadS.generateKeyWithPassphrase(
UUID.randomUUID().toString(),
"ssss_key",
params.passphrase,
EmptyKeySigner(),
object : ProgressListener {
override fun onProgress(progress: Int, total: Int) {
params.progressListener?.onProgress(
WaitingViewData(
stringProvider.getString(
R.string.bootstrap_progress_generating_ssss_with_info,
"$progress/$total")
))
}
},
it
)
}
quadS.generateKeyWithPassphrase(
UUID.randomUUID().toString(),
"ssss_key",
params.passphrase,
EmptyKeySigner(),
object : ProgressListener {
override fun onProgress(progress: Int, total: Int) {
params.progressListener?.onProgress(
WaitingViewData(
stringProvider.getString(
R.string.bootstrap_progress_generating_ssss_with_info,
"$progress/$total")
))
}
}
)
}
params.recoveryKey != null -> {
reportProgress(params, R.string.bootstrap_progress_generating_ssss_recovery)
awaitCallback {
quadS.generateKey(
UUID.randomUUID().toString(),
extractCurveKeyFromRecoveryKey(params.recoveryKey)?.let { RawBytesKeySpec(it) },
"ssss_key",
EmptyKeySigner(),
it
)
}
quadS.generateKey(
UUID.randomUUID().toString(),
extractCurveKeyFromRecoveryKey(params.recoveryKey)?.let { RawBytesKeySpec(it) },
"ssss_key",
EmptyKeySigner()
)
}
else -> {
return Result.IllegalParams
@ -137,14 +131,11 @@ class BackupToQuadSMigrationTask @Inject constructor(
// Ok, so now we have migrated the old keybackup secret as the quadS key
// Now we need to store the keybackup key in SSSS in a compatible way
reportProgress(params, R.string.bootstrap_progress_storing_in_sss)
awaitCallback<Unit> {
quadS.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
curveKey.toBase64NoPadding(),
listOf(SharedSecretStorageService.KeyRef(info.keyId, info.keySpec)),
it
)
}
quadS.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
curveKey.toBase64NoPadding(),
listOf(SharedSecretStorageService.KeyRef(info.keyId, info.keySpec))
)
// save for gossiping
keysBackupService.saveBackupRecoveryKey(recoveryKey, version.version)

View file

@ -126,25 +126,21 @@ class BootstrapCrossSigningTask @Inject constructor(
Timber.d("## BootstrapCrossSigningTask: Creating 4S key with pass: ${params.passphrase != null}")
try {
keyInfo = awaitCallback {
params.passphrase?.let { passphrase ->
ssssService.generateKeyWithPassphrase(
UUID.randomUUID().toString(),
"ssss_key",
passphrase,
EmptyKeySigner(),
null,
it
)
} ?: run {
ssssService.generateKey(
UUID.randomUUID().toString(),
params.keySpec,
"ssss_key",
EmptyKeySigner(),
it
)
}
keyInfo = params.passphrase?.let { passphrase ->
ssssService.generateKeyWithPassphrase(
UUID.randomUUID().toString(),
"ssss_key",
passphrase,
EmptyKeySigner(),
null
)
} ?: run {
ssssService.generateKey(
UUID.randomUUID().toString(),
params.keySpec,
"ssss_key",
EmptyKeySigner()
)
}
} catch (failure: Failure) {
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Failed to generate key <${failure.localizedMessage}>")
@ -159,9 +155,7 @@ class BootstrapCrossSigningTask @Inject constructor(
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Set default key")
try {
awaitCallback<Unit> {
ssssService.setDefaultKey(keyInfo.keyId, it)
}
ssssService.setDefaultKey(keyInfo.keyId)
} catch (failure: Failure) {
// Maybe we could just ignore this error?
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Set default key error <${failure.localizedMessage}>")
@ -183,13 +177,11 @@ class BootstrapCrossSigningTask @Inject constructor(
)
)
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing MSK...")
awaitCallback<Unit> {
ssssService.storeSecret(
MASTER_KEY_SSSS_NAME,
mskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
)
}
ssssService.storeSecret(
MASTER_KEY_SSSS_NAME,
mskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
)
params.progressListener?.onProgress(
WaitingViewData(
stringProvider.getString(R.string.bootstrap_crosssigning_progress_save_usk),
@ -197,27 +189,22 @@ class BootstrapCrossSigningTask @Inject constructor(
)
)
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing USK...")
awaitCallback<Unit> {
ssssService.storeSecret(
USER_SIGNING_KEY_SSSS_NAME,
uskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)),
it
)
}
ssssService.storeSecret(
USER_SIGNING_KEY_SSSS_NAME,
uskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)),
)
params.progressListener?.onProgress(
WaitingViewData(
stringProvider.getString(R.string.bootstrap_crosssigning_progress_save_ssk), isIndeterminate = true
)
)
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Storing SSK...")
awaitCallback<Unit> {
ssssService.storeSecret(
SELF_SIGNING_KEY_SSSS_NAME,
sskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
)
}
ssssService.storeSecret(
SELF_SIGNING_KEY_SSSS_NAME,
sskPrivateKey,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
)
} catch (failure: Failure) {
Timber.e("## BootstrapCrossSigningTask: Creating 4S - Failed to store keys <${failure.localizedMessage}>")
// Maybe we could just ignore this error?
@ -265,14 +252,12 @@ class BootstrapCrossSigningTask @Inject constructor(
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Save megolm backup key for gossiping")
session.cryptoService().keysBackupService().saveBackupRecoveryKey(creationInfo.recoveryKey, version = version.version)
awaitCallback<Unit> {
extractCurveKeyFromRecoveryKey(creationInfo.recoveryKey)?.toBase64NoPadding()?.let { secret ->
ssssService.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
secret,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
)
}
extractCurveKeyFromRecoveryKey(creationInfo.recoveryKey)?.toBase64NoPadding()?.let { secret ->
ssssService.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
secret,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
)
}
} else {
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Existing megolm backup found")
@ -284,14 +269,12 @@ class BootstrapCrossSigningTask @Inject constructor(
}
if (isValid) {
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Megolm key valid and known")
awaitCallback<Unit> {
extractCurveKeyFromRecoveryKey(knownMegolmSecret!!.recoveryKey)?.toBase64NoPadding()?.let { secret ->
ssssService.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
secret,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec)), it
)
}
extractCurveKeyFromRecoveryKey(knownMegolmSecret!!.recoveryKey)?.toBase64NoPadding()?.let { secret ->
ssssService.storeSecret(
KEYBACKUP_SECRET_SSSS_NAME,
secret,
listOf(SharedSecretStorageService.KeyRef(keyInfo.keyId, keyInfo.keySpec))
)
}
} else {
Timber.d("## BootstrapCrossSigningTask: Creating 4S - Megolm key is unknown by this session")