From 62c8c202681afe869efa2f47d55c4e3118111e6c Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 31 Jan 2017 12:29:16 +0000 Subject: [PATCH 1/2] Megolm export: fix Android incompatibility I'd carefully added a workaround to maintain compatibility with the Android AES-CTR implementation... to the wrong thing. --- src/utils/MegolmExportEncryption.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/utils/MegolmExportEncryption.js b/src/utils/MegolmExportEncryption.js index abae81e5ad..4745aad017 100644 --- a/src/utils/MegolmExportEncryption.js +++ b/src/utils/MegolmExportEncryption.js @@ -107,14 +107,14 @@ export function encryptMegolmKeyFile(data, password, options) { const salt = new Uint8Array(16); window.crypto.getRandomValues(salt); - // clear bit 63 of the salt to stop us hitting the 64-bit counter boundary - // (which would mean we wouldn't be able to decrypt on Android). The loss - // of a single bit of salt is a price we have to pay. - salt[9] &= 0x7f; - const iv = new Uint8Array(16); window.crypto.getRandomValues(iv); + // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary + // (which would mean we wouldn't be able to decrypt on Android). The loss + // of a single bit of iv is a price we have to pay. + iv[9] &= 0x7f; + return deriveKeys(salt, kdf_rounds, password).then((keys) => { const [aes_key, hmac_key] = keys; From c5f447260afa4f671afdd3f68ecbd521e3df4d0f Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Tue, 31 Jan 2017 12:30:30 +0000 Subject: [PATCH 2/2] Megolm import: Fix handling of short files Make sure we throw a sensible error when the body of the data is too short. --- src/utils/MegolmExportEncryption.js | 2 +- test/utils/MegolmExportEncryption-test.js | 10 ++++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/utils/MegolmExportEncryption.js b/src/utils/MegolmExportEncryption.js index 4745aad017..27c6ede937 100644 --- a/src/utils/MegolmExportEncryption.js +++ b/src/utils/MegolmExportEncryption.js @@ -50,7 +50,7 @@ export function decryptMegolmKeyFile(data, password) { } const ciphertextLength = body.length-(1+16+16+4+32); - if (body.length < 0) { + if (ciphertextLength < 0) { throw new Error('Invalid file: too short'); } diff --git a/test/utils/MegolmExportEncryption-test.js b/test/utils/MegolmExportEncryption-test.js index 28752ae529..0c49fd48d1 100644 --- a/test/utils/MegolmExportEncryption-test.js +++ b/test/utils/MegolmExportEncryption-test.js @@ -75,6 +75,16 @@ describe('MegolmExportEncryption', function() { .toThrow('Trailer line not found'); }); + it('should handle a too-short body', function() { + const input=stringToArray(`-----BEGIN MEGOLM SESSION DATA----- +AXNhbHRzYWx0c2FsdHNhbHSIiIiIiIiIiIiIiIiIiIiIAAAACmIRUW2OjZ3L2l6j9h0lHlV3M2dx +cissyYBxjsfsAn +-----END MEGOLM SESSION DATA----- +`); + expect(()=>{MegolmExportEncryption.decryptMegolmKeyFile(input, '')}) + .toThrow('Invalid file: too short'); + }); + it('should decrypt a range of inputs', function(done) { function next(i) { if (i >= TEST_VECTORS.length) {