From 0aee5cc2aa021c877f76fee5a7bdc9b24cca251a Mon Sep 17 00:00:00 2001 From: Torsten Grote Date: Thu, 4 Mar 2021 17:23:08 -0300 Subject: [PATCH] Provide correct version to associated data --- .../org/calyxos/backup/storage/crypto/StreamCrypto.kt | 10 +++++----- .../calyxos/backup/storage/plugin/SnapshotRetriever.kt | 4 ++-- .../backup/storage/restore/AbstractChunkRestore.kt | 2 +- .../java/org/calyxos/backup/storage/restore/Restore.kt | 3 ++- 4 files changed, 10 insertions(+), 9 deletions(-) diff --git a/storage/lib/src/main/java/org/calyxos/backup/storage/crypto/StreamCrypto.kt b/storage/lib/src/main/java/org/calyxos/backup/storage/crypto/StreamCrypto.kt index 14cbf811..27123ae6 100644 --- a/storage/lib/src/main/java/org/calyxos/backup/storage/crypto/StreamCrypto.kt +++ b/storage/lib/src/main/java/org/calyxos/backup/storage/crypto/StreamCrypto.kt @@ -1,7 +1,7 @@ package org.calyxos.backup.storage.crypto import com.google.crypto.tink.subtle.AesGcmHkdfStreaming -import org.calyxos.backup.storage.backup.Backup +import org.calyxos.backup.storage.backup.Backup.Companion.VERSION import org.calyxos.backup.storage.crypto.Hkdf.ALGORITHM_HMAC import org.calyxos.backup.storage.crypto.Hkdf.KEY_SIZE_BYTES import org.calyxos.backup.storage.toByteArrayFromHex @@ -29,16 +29,16 @@ public object StreamCrypto { outLengthBytes = KEY_SIZE_BYTES ) - internal fun getAssociatedDataForChunk(chunkId: String): ByteArray = + internal fun getAssociatedDataForChunk(chunkId: String, version: Byte = VERSION): ByteArray = ByteBuffer.allocate(2 + KEY_SIZE_BYTES) - .put(Backup.VERSION) + .put(version) .put(TYPE_CHUNK) // type ID for chunks .put(chunkId.toByteArrayFromHex().apply { check(size == KEY_SIZE_BYTES) }) .array() - internal fun getAssociatedDataForSnapshot(timestamp: Long): ByteArray = + internal fun getAssociatedDataForSnapshot(timestamp: Long, version: Byte = VERSION): ByteArray = ByteBuffer.allocate(2 + 8) - .put(Backup.VERSION) + .put(version) .put(TYPE_SNAPSHOT) // type ID for chunks .put(timestamp.toByteArray()) .array() diff --git a/storage/lib/src/main/java/org/calyxos/backup/storage/plugin/SnapshotRetriever.kt b/storage/lib/src/main/java/org/calyxos/backup/storage/plugin/SnapshotRetriever.kt index 1ae75cbc..943c5358 100644 --- a/storage/lib/src/main/java/org/calyxos/backup/storage/plugin/SnapshotRetriever.kt +++ b/storage/lib/src/main/java/org/calyxos/backup/storage/plugin/SnapshotRetriever.kt @@ -16,8 +16,8 @@ internal class SnapshotRetriever( @Throws(IOException::class, GeneralSecurityException::class) suspend fun getSnapshot(streamKey: ByteArray, timestamp: Long): BackupSnapshot { return storagePlugin.getBackupSnapshotInputStream(timestamp).use { inputStream -> - inputStream.readVersion() - val ad = streamCrypto.getAssociatedDataForSnapshot(timestamp) + val version = inputStream.readVersion() + val ad = streamCrypto.getAssociatedDataForSnapshot(timestamp, version.toByte()) streamCrypto.newDecryptingStream(streamKey, inputStream, ad).use { decryptedStream -> BackupSnapshot.parseFrom(decryptedStream) } diff --git a/storage/lib/src/main/java/org/calyxos/backup/storage/restore/AbstractChunkRestore.kt b/storage/lib/src/main/java/org/calyxos/backup/storage/restore/AbstractChunkRestore.kt index b9a6a9cc..6346d5ef 100644 --- a/storage/lib/src/main/java/org/calyxos/backup/storage/restore/AbstractChunkRestore.kt +++ b/storage/lib/src/main/java/org/calyxos/backup/storage/restore/AbstractChunkRestore.kt @@ -24,7 +24,7 @@ internal abstract class AbstractChunkRestore( ) { storagePlugin.getChunkInputStream(chunkId).use { inputStream -> inputStream.readVersion(version) - val ad = streamCrypto.getAssociatedDataForChunk(chunkId) + val ad = streamCrypto.getAssociatedDataForChunk(chunkId, version.toByte()) streamCrypto.newDecryptingStream(streamKey, inputStream, ad).use { decryptedStream -> streamReader(decryptedStream) } diff --git a/storage/lib/src/main/java/org/calyxos/backup/storage/restore/Restore.kt b/storage/lib/src/main/java/org/calyxos/backup/storage/restore/Restore.kt index 53a8aa59..70fa18ed 100644 --- a/storage/lib/src/main/java/org/calyxos/backup/storage/restore/Restore.kt +++ b/storage/lib/src/main/java/org/calyxos/backup/storage/restore/Restore.kt @@ -116,7 +116,7 @@ internal class Restore( } @Throws(IOException::class, GeneralSecurityException::class) -internal fun InputStream.readVersion(expectedVersion: Int? = null) { +internal fun InputStream.readVersion(expectedVersion: Int? = null): Int { val version = read() if (version == -1) throw IOException() if (expectedVersion != null && version != expectedVersion) { @@ -126,4 +126,5 @@ internal fun InputStream.readVersion(expectedVersion: Int? = null) { // TODO maybe throw a different exception here and tell the user? throw IOException() } + return version }