From 704e3d511182c8606793f02dc7b0fef852165815 Mon Sep 17 00:00:00 2001 From: yostyle Date: Wed, 4 Sep 2024 16:44:04 +0200 Subject: [PATCH] Update crypto rust --- .gitignore | 2 +- library/rustCrypto/matrix-rust-sdk-crypto.aar | 3 ++ matrix-sdk-android/build.gradle | 4 +-- .../crypto/PrepareToEncryptUseCase.kt | 3 +- .../DefaultSharedSecretStorageService.kt | 23 +++++++------- .../sdk/internal/crypto/tools/Tools.kt | 30 ------------------- .../crypto/verification/SasVerification.kt | 1 + .../contentscanner/ScanEncryptorUtils.kt | 26 ++++++++-------- 8 files changed, 32 insertions(+), 60 deletions(-) create mode 100644 library/rustCrypto/matrix-rust-sdk-crypto.aar diff --git a/.gitignore b/.gitignore index 4752469dc1..fbf5eec072 100644 --- a/.gitignore +++ b/.gitignore @@ -30,4 +30,4 @@ Cargo.lock **/out/failures # For manual dependency to rust crypto sdk -library/rustCrypto/matrix-rust-sdk-crypto.aar +#library/rustCrypto/matrix-rust-sdk-crypto.aar diff --git a/library/rustCrypto/matrix-rust-sdk-crypto.aar b/library/rustCrypto/matrix-rust-sdk-crypto.aar new file mode 100644 index 0000000000..6924eca34d --- /dev/null +++ b/library/rustCrypto/matrix-rust-sdk-crypto.aar @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ffd82adbd11c686cd8daf724e874a9e1c0de93345c663fce8e36863f90dc7be6 +size 7659141 diff --git a/matrix-sdk-android/build.gradle b/matrix-sdk-android/build.gradle index f3d81ad154..e02d1ce8eb 100644 --- a/matrix-sdk-android/build.gradle +++ b/matrix-sdk-android/build.gradle @@ -225,8 +225,8 @@ dependencies { implementation libs.google.phonenumber - implementation("org.matrix.rustcomponents:crypto-android:0.4.1") -// api project(":library:rustCrypto") +// implementation("org.matrix.rustcomponents:crypto-android:0.4.1") + api project(":library:rustCrypto") testImplementation libs.tests.junit // Note: version sticks to 1.9.2 due to https://github.com/mockk/mockk/issues/281 diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PrepareToEncryptUseCase.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PrepareToEncryptUseCase.kt index e4c0469c74..e17698837d 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PrepareToEncryptUseCase.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/PrepareToEncryptUseCase.kt @@ -121,7 +121,8 @@ internal class PrepareToEncryptUseCase @Inject constructor( HistoryVisibility.INVITED } else { HistoryVisibility.JOINED - } + }, + errorOnVerifiedUserProblem = false ) measureTimeMillis { keyShareLock.withLock { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt index 05b9e14b82..9052ae48e2 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/secrets/DefaultSharedSecretStorageService.kt @@ -44,9 +44,9 @@ import org.matrix.android.sdk.api.util.toBase64NoPadding import org.matrix.android.sdk.internal.crypto.SecretShareManager import org.matrix.android.sdk.internal.crypto.keysbackup.generatePrivateKeyWithPassword import org.matrix.android.sdk.internal.crypto.tools.HkdfSha256 -import org.matrix.android.sdk.internal.crypto.tools.withOlmDecryption import org.matrix.android.sdk.internal.di.UserId -import org.matrix.olm.OlmPkMessage +import org.matrix.rustcomponents.sdk.crypto.Message +import org.matrix.rustcomponents.sdk.crypto.PkDecryption import java.security.SecureRandom import javax.crypto.Cipher import javax.crypto.Mac @@ -325,16 +325,15 @@ internal class DefaultSharedSecretStorageService @Inject constructor( val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat return withContext(cryptoCoroutineScope.coroutineContext + coroutineDispatchers.computation) { // decrypt from recovery key - withOlmDecryption { olmPkDecryption -> - olmPkDecryption.setPrivateKey(keySpec.privateKey) - olmPkDecryption.decrypt(OlmPkMessage() - .apply { - mCipherText = secretContent.ciphertext - mEphemeralKey = secretContent.ephemeral - mMac = secretContent.mac - } - ) - } + if (secretContent.ciphertext != null && secretContent.mac != null && secretContent.ephemeral != null) { + val pkDecryption = PkDecryption.fromKey(keySpec.privateKey) + pkDecryption.decrypt( + Message( + secretContent.ciphertext.fromBase64(), + secretContent.mac.fromBase64(), + secretContent.ephemeral.fromBase64()) + ).contentToString() + } else throw SharedSecretStorageError.UnknownSecret("none") } } else if (SSSS_ALGORITHM_AES_HMAC_SHA2 == algorithm.algorithm) { val keySpec = secretKey as? RawBytesKeySpec ?: throw SharedSecretStorageError.BadKeyFormat diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tools/Tools.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tools/Tools.kt index 052b3f4e72..710dc65f8b 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tools/Tools.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/tools/Tools.kt @@ -16,38 +16,8 @@ package org.matrix.android.sdk.internal.crypto.tools -import org.matrix.olm.OlmPkDecryption -import org.matrix.olm.OlmPkEncryption -import org.matrix.olm.OlmPkSigning import org.matrix.olm.OlmUtility -internal fun withOlmEncryption(block: (OlmPkEncryption) -> T): T { - val olmPkEncryption = OlmPkEncryption() - try { - return block(olmPkEncryption) - } finally { - olmPkEncryption.releaseEncryption() - } -} - -internal fun withOlmDecryption(block: (OlmPkDecryption) -> T): T { - val olmPkDecryption = OlmPkDecryption() - try { - return block(olmPkDecryption) - } finally { - olmPkDecryption.releaseDecryption() - } -} - -internal fun withOlmSigning(block: (OlmPkSigning) -> T): T { - val olmPkSigning = OlmPkSigning() - try { - return block(olmPkSigning) - } finally { - olmPkSigning.releaseSigning() - } -} - internal fun withOlmUtility(block: (OlmUtility) -> T): T { val olmUtility = OlmUtility() try { diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SasVerification.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SasVerification.kt index 9c8e327cd5..0610d6df62 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SasVerification.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/verification/SasVerification.kt @@ -82,6 +82,7 @@ internal class SasVerification @AssistedInject constructor( SasState.Confirmed -> SasTransactionState.SasMacSent SasState.Done -> SasTransactionState.Done(true) is SasState.Cancelled -> SasTransactionState.Cancelled(safeValueOf(state.cancelInfo.cancelCode), state.cancelInfo.cancelledByUs) + SasState.Created -> TODO() } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/contentscanner/ScanEncryptorUtils.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/contentscanner/ScanEncryptorUtils.kt index 7d14e4ed80..9b7bf2cf84 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/contentscanner/ScanEncryptorUtils.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/contentscanner/ScanEncryptorUtils.kt @@ -19,10 +19,12 @@ package org.matrix.android.sdk.internal.session.contentscanner import org.matrix.android.sdk.api.session.crypto.attachments.ElementToDecrypt import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileInfo import org.matrix.android.sdk.api.session.crypto.model.EncryptedFileKey -import org.matrix.android.sdk.internal.crypto.tools.withOlmEncryption +import org.matrix.android.sdk.api.util.fromBase64 +import org.matrix.android.sdk.api.util.toBase64NoPadding import org.matrix.android.sdk.internal.session.contentscanner.model.DownloadBody import org.matrix.android.sdk.internal.session.contentscanner.model.EncryptedBody import org.matrix.android.sdk.internal.session.contentscanner.model.toCanonicalJson +import org.matrix.rustcomponents.sdk.crypto.PkEncryption internal object ScanEncryptorUtils { @@ -43,19 +45,15 @@ internal object ScanEncryptorUtils { v = "v2" ) return if (publicServerKey != null) { - // We should encrypt - withOlmEncryption { olm -> - olm.setRecipientKey(publicServerKey) - - val olmResult = olm.encrypt(DownloadBody(encryptedInfo).toCanonicalJson()) - DownloadBody( - encryptedBody = EncryptedBody( - cipherText = olmResult.mCipherText, - ephemeral = olmResult.mEphemeralKey, - mac = olmResult.mMac - ) - ) - } + val pkEncryption = PkEncryption.fromPublicKey(publicServerKey.fromBase64()) + val result = pkEncryption.encrypt(DownloadBody(encryptedInfo).toCanonicalJson().toByteArray()) + DownloadBody( + encryptedBody = EncryptedBody( + cipherText = result.ciphertext.toBase64NoPadding(), + ephemeral = result.ephemeralKey.toBase64NoPadding(), + mac = result.mac.toBase64NoPadding() + ) + ) } else { DownloadBody(encryptedInfo) }