Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create MXSecretStorage to support SSSS #851

Merged
merged 21 commits into from
May 18, 2020
Merged

Create MXSecretStorage to support SSSS #851

merged 21 commits into from
May 18, 2020

Conversation

manuroe
Copy link
Contributor

@manuroe manuroe commented May 15, 2020

Fix element-hq/element-ios#2926

Spec: ([MSC1946(]matrix-org/matrix-spec-proposals#1946)

This module will be used for bootstrap and account keys recovery.

image

manuroe added 17 commits May 13, 2020 11:19
@manuroe
SSSS: Add JSON models
d6af451
@manuroe
SSSS: m.secret_storage.v1.aes-hmac-sha2 does not signature
8cd9418
@manuroe
SSSS: make iv and mac optional for m.secret_storage.v1.aes-hmac-sha2
3c3d559 
RiotX did not create the key with them
@manuroe
SSSS: Do not bother with the old storage key alg
794d085 
Go directly to the symmetric encryption defined at https://github.com/uhoreg/matrix-doc/blob/symmetric_ssss/proposals/2472-symmetric-ssss.md
@manuroe
SSSS: Create MXSecretStorage to manage secrets stored on the server
543fa83 
Start with the secret storage key management
@manuroe
SSSS: Start tests
2891b38
@manuroe
MXSession: Update account data as soon as the endpoint returns
1da6184 
This will help to chain requests
@manuroe
SSSS: More tests
b8ab721
@manuroe
SSSS: Started secret storage. TBC
03372f9
@manuroe
SSSS: MXEncryptedSecretContent: ephemeral is not in the spec
3284485
@manuroe
Crypto: Add HKDF and AES-HMAC primitives
b89a57f
@manuroe
SSSS: Support read from SSSS
9a08650
@manuroe
SSSS: Try to make clear that secrets are unpadded base64 strings
d54eaff 
from NSData * keys
@manuroe
SSSS: Support write operation
817cfd1
@manuroe
SSSS: Add support of mac and iv of SSSS key
90497b8
@manuroe
SSSS: mac and iv Base64 not unpadded Base64 strings
1f807e8
@manuroe
CHANGES
8c27553
SBiOSoftWhare
SBiOSoftWhare reviewed May 15, 2020
View reviewed changes
MatrixSDK/Crypto/SecretStorage/MXSecretStorage.h Outdated
#pragma mark - Constants

FOUNDATION_EXPORT NSString *const MXSecretStorageErrorDomain;
typedef enum : NSUInteger
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prefer typedef NS_ENUM(NSUInteger, MXSecretStorageErrorCode) { for Swift usage.

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.h
*/
- (MXHTTPOperation *)storeSecret:(NSString*)unpaddedBase64Secret
withSecretId:(nullable NSString*)secretId
withSecretStorageKeys:(NSDictionary<NSString*, NSData*> *)keys
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with prefix can be replaced by and or removed.

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.h
@param failure A block object called when the operation fails.
*/
- (void)secretWithSecretId:(NSString*)secretId
withSecretStorageKeyId:(nullable NSString*)keyId
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with prefix can be removed.

Copy link
Contributor Author

@manuroe manuroe May 18, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why? SecretId and SecretStorageKeyId are 2 different things. This makes a sentence in objc.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only the second one

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.m Outdated
dispatch_async(processingQueue, ^{
MXStrongifyAndReturnIfNil(self);

NSData *iv = [MXBase64Tools dataFromBase64:key.iv];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MXSecretStorageKeyContent.iv is nullable. Crash can occurs here.

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.m Outdated
Comment on lines 190 to 191
NSData *keyMac = [MXBase64Tools dataFromBase64:key.mac];
NSData *encryptedZeroStringMac = [MXBase64Tools dataFromBase64:encryptedZeroString.mac];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MXSecretStorageKeyContent.mac is nullable. Crash can occurs here.

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.m Outdated

NSData *iv = secretContent.iv ? [MXBase64Tools dataFromBase64:secretContent.iv] : [NSMutableData dataWithLength:16];

NSData *hmac = [MXBase64Tools dataFromBase64:secretContent.mac];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MXEncryptedSecretContent.mac is nullable. Crash can occurs here.

MatrixSDK/Crypto/SecretStorage/MXSecretStorage.m Outdated
return nil;
}

NSData *cipher = [MXBase64Tools dataFromBase64:secretContent.ciphertext];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MXEncryptedSecretContent.cipherText is nullable. Crash can occurs here.

@manuroe manuroe merged commit 376e4d2 into develop May 18, 2020
@manuroe manuroe deleted the riot_2926 branch May 18, 2020 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SBiOSoftWhare SBiOSoftWhare SBiOSoftWhare approved these changes

Assignees

@SBiOSoftWhare SBiOSoftWhare

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSSS: Support in SDK
2 participants
@manuroe @SBiOSoftWhare