...and the rest

2024-11-23 18:15:22 +00:00 · 2023-05-05 12:32:54 +09:30 · 2023-05-05 12:32:54 +09:30 · a9078c8d08
commit a9078c8d08
parent d3ce899a80
4 changed files with 68 additions and 63 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/backup/FullBackupImporter.kt
+++ b/app/src/main/java/org/thoughtcrime/securesms/backup/FullBackupImporter.kt
@ -12,6 +12,7 @@ import org.session.libsession.messaging.sending_receiving.attachments.Attachment
 import org.session.libsession.utilities.Address
 import org.session.libsession.utilities.Conversions
 import org.session.libsession.utilities.Util
+import org.session.libsignal.crypto.CipherUtil.CIPHER_LOCK
 import org.session.libsignal.crypto.kdf.HKDFv3
 import org.session.libsignal.utilities.ByteUtil
 import org.session.libsignal.utilities.Log
@ -243,7 +244,7 @@ object FullBackupImporter {
                val split = ByteUtil.split(derived, 32, 32)
                cipherKey = split[0]
                macKey = split[1]
-                cipher = Cipher.getInstance("AES/CTR/NoPadding")
+                cipher = synchronized(CIPHER_LOCK) { Cipher.getInstance("AES/CTR/NoPadding") }
                mac = Mac.getInstance("HmacSHA256")
                mac.init(SecretKeySpec(macKey, "HmacSHA256"))
                counter = Conversions.byteArrayToInt(iv)
@ -269,7 +270,12 @@ object FullBackupImporter {
            var length = length
            try {
                Conversions.intToByteArray(iv, 0, counter++)
-                cipher.init(Cipher.DECRYPT_MODE, SecretKeySpec(cipherKey, "AES"), IvParameterSpec(iv))
+                val plaintext = synchronized(CIPHER_LOCK) {
+                    cipher.init(
+                        Cipher.DECRYPT_MODE,
+                        SecretKeySpec(cipherKey, "AES"),
+                        IvParameterSpec(iv)
+                    )
                    mac.update(iv)
                    val buffer = ByteArray(8192)
                    while (length > 0) {
@ -282,7 +288,8 @@ object FullBackupImporter {
                        }
                        length -= read
                    }
-                val plaintext = cipher.doFinal()
+                    cipher.doFinal()
+                }
                if (plaintext != null) {
                    out.write(plaintext, 0, plaintext.size)
                }
@ -325,8 +332,10 @@ object FullBackupImporter {
                    throw IOException("Bad MAC")
                }
                Conversions.intToByteArray(iv, 0, counter++)
+                val plaintext = synchronized(CIPHER_LOCK) {
                    cipher.init(Cipher.DECRYPT_MODE, SecretKeySpec(cipherKey, "AES"), IvParameterSpec(iv))
-                val plaintext = cipher.doFinal(frame, 0, frame.size - 10)
+                    cipher.doFinal(frame, 0, frame.size - 10)
+                }
                BackupFrame.parseFrom(plaintext)
            } catch (e: Exception) {
                when (e) {
--- a/app/src/main/java/org/thoughtcrime/securesms/crypto/KeyStoreHelper.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/crypto/KeyStoreHelper.java
@ -1,6 +1,8 @@
 package org.thoughtcrime.securesms.crypto;


+import static org.session.libsignal.crypto.CipherUtil.CIPHER_LOCK;
+
 import android.os.Build;
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.KeyProperties;
@ -45,11 +47,11 @@ public final class KeyStoreHelper {
  private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
  private static final String KEY_ALIAS         = "SignalSecret";

-  @RequiresApi(Build.VERSION_CODES.M)
  public static SealedData seal(@NonNull byte[] input) {
    SecretKey secretKey = getOrCreateKeyStoreEntry();

    try {
+      synchronized (CIPHER_LOCK) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);

@ -57,32 +59,32 @@ public final class KeyStoreHelper {
        byte[] data = cipher.doFinal(input);

        return new SealedData(iv, data);
+      }
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
      throw new AssertionError(e);
    }
  }

-  @RequiresApi(Build.VERSION_CODES.M)
  public static byte[] unseal(@NonNull SealedData sealedData) {
    SecretKey secretKey = getKeyStoreEntry();

    try {
+      synchronized (CIPHER_LOCK) {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, secretKey, new GCMParameterSpec(128, sealedData.iv));

        return cipher.doFinal(sealedData.data);
+      }
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
      throw new AssertionError(e);
    }
  }

-  @RequiresApi(Build.VERSION_CODES.M)
  private static SecretKey getOrCreateKeyStoreEntry() {
    if (hasKeyStoreEntry()) return getKeyStoreEntry();
    else                    return createKeyStoreEntry();
  }

-  @RequiresApi(Build.VERSION_CODES.M)
  private static SecretKey createKeyStoreEntry() {
    try {
      KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
@ -99,7 +101,6 @@ public final class KeyStoreHelper {
    }
  }

-  @RequiresApi(Build.VERSION_CODES.M)
  private static SecretKey getKeyStoreEntry() {
    KeyStore keyStore = getKeyStore();

@ -137,7 +138,6 @@ public final class KeyStoreHelper {
    }
  }

-  @RequiresApi(Build.VERSION_CODES.M)
  private static boolean hasKeyStoreEntry() {
    try {
      KeyStore ks = KeyStore.getInstance(ANDROID_KEY_STORE);
@ -202,7 +202,5 @@ public final class KeyStoreHelper {
        return Base64.decode(p.getValueAsString(), Base64.NO_WRAP | Base64.NO_PADDING);
      }
    }
-
  }
-
 }
--- a/app/src/main/java/org/thoughtcrime/securesms/logging/LogFile.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/logging/LogFile.java
@ -1,5 +1,7 @@
 package org.thoughtcrime.securesms.logging;

+import static org.session.libsignal.crypto.CipherUtil.CIPHER_LOCK;
+
 import androidx.annotation.NonNull;

 import org.session.libsession.utilities.Conversions;
@ -66,6 +68,7 @@ class LogFile {

      byte[] plaintext = entry.getBytes();
      try {
+        synchronized (CIPHER_LOCK) {
          cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(secret, "AES"), new IvParameterSpec(ivBuffer));

          int cipherLength = cipher.getOutputSize(plaintext.length);
@ -75,6 +78,7 @@ class LogFile {
          outputStream.write(ivBuffer);
          outputStream.write(Conversions.intToByteArray(cipherLength));
          outputStream.write(ciphertext, 0, cipherLength);
+        }

        outputStream.flush();
      } catch (ShortBufferException | InvalidAlgorithmParameterException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException e) {
@ -134,10 +138,11 @@ class LogFile {
        Util.readFully(inputStream, ciphertext, length);

        try {
+          synchronized (CIPHER_LOCK) {
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secret, "AES"), new IvParameterSpec(ivBuffer));
            byte[] plaintext = cipher.doFinal(ciphertext, 0, length);
-
            return new String(plaintext);
+          }
        } catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
          throw new AssertionError(e);
        }
--- a/libsignal/src/main/java/org/session/libsignal/streams/AttachmentCipherInputStream.java
+++ b/libsignal/src/main/java/org/session/libsignal/streams/AttachmentCipherInputStream.java
@ -6,6 +6,8 @@

 package org.session.libsignal.streams;

+import static org.session.libsignal.crypto.CipherUtil.CIPHER_LOCK;
+
 import org.session.libsignal.exceptions.InvalidMacException;
 import org.session.libsignal.exceptions.InvalidMessageException;
 import org.session.libsignal.utilities.Util;
@ -92,19 +94,15 @@ public class AttachmentCipherInputStream extends FilterInputStream {
      byte[] iv = new byte[BLOCK_SIZE];
      readFully(iv);

+      synchronized (CIPHER_LOCK) {
        this.cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        this.cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cipherKey, "AES"), new IvParameterSpec(iv));
+      }

      this.done          = false;
      this.totalRead     = 0;
      this.totalDataSize = totalDataSize;
-    } catch (NoSuchAlgorithmException e) {
-      throw new AssertionError(e);
-    } catch (InvalidKeyException e) {
-      throw new AssertionError(e);
-    } catch (NoSuchPaddingException e) {
-      throw new AssertionError(e);
-    } catch (InvalidAlgorithmParameterException e) {
+    } catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchPaddingException | InvalidAlgorithmParameterException e) {
      throw new AssertionError(e);
    }
  }
@ -141,15 +139,12 @@ public class AttachmentCipherInputStream extends FilterInputStream {

  private int readFinal(byte[] buffer, int offset, int length) throws IOException {
    try {
+      synchronized (CIPHER_LOCK) {
        int flourish = cipher.doFinal(buffer, offset);
-
        done = true;
        return flourish;
-    } catch (IllegalBlockSizeException e) {
-      throw new IOException(e);
-    } catch (BadPaddingException e) {
-      throw new IOException(e);
-    } catch (ShortBufferException e) {
+      }
+    } catch (IllegalBlockSizeException | ShortBufferException | BadPaddingException e) {
      throw new IOException(e);
    }
  }
@ -234,9 +229,7 @@ public class AttachmentCipherInputStream extends FilterInputStream {
        throw new InvalidMacException("Digest doesn't match!");
      }

-    } catch (IOException e) {
-      throw new InvalidMacException(e);
-    } catch (ArithmeticException e) {
+    } catch (IOException | ArithmeticException e) {
      throw new InvalidMacException(e);
    } catch (NoSuchAlgorithmException e) {
      throw new AssertionError(e);