From f726d16ce0e59ba600aa5d1b0a3622b440aadc69 Mon Sep 17 00:00:00 2001 From: Benoit Marty Date: Mon, 16 Sep 2024 17:45:43 +0200 Subject: [PATCH] Fix wrong sha256 conversion and add unit test. --- matrix-sdk-android/build.gradle | 1 + .../identity/IdentityBulkLookupTask.kt | 15 +++----- .../session/identity/Sha256Converter.kt | 29 +++++++++++++++ .../internal/session/identity/Sha256Test.kt | 35 +++++++++++++++++++ 4 files changed, 70 insertions(+), 10 deletions(-) create mode 100644 matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/Sha256Converter.kt create mode 100644 matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/identity/Sha256Test.kt diff --git a/matrix-sdk-android/build.gradle b/matrix-sdk-android/build.gradle index f5f05a600b0..c5f7485b408 100644 --- a/matrix-sdk-android/build.gradle +++ b/matrix-sdk-android/build.gradle @@ -233,6 +233,7 @@ dependencies { testImplementation 'net.lachlanmckee:timber-junit-rule:1.0.1' // Transitively required for mocking realm as monarchy doesn't expose Rx testImplementation libs.rx.rxKotlin + testImplementation libs.tests.robolectric kaptAndroidTest libs.dagger.daggerCompiler androidTestImplementation libs.androidx.testCore diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt index c0ad79b46c9..a9d6753d3a9 100644 --- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt @@ -30,7 +30,6 @@ import org.matrix.android.sdk.internal.session.identity.model.IdentityLookUpPara import org.matrix.android.sdk.internal.session.identity.model.IdentityLookUpResponse import org.matrix.android.sdk.internal.task.Task import org.matrix.android.sdk.internal.util.base64ToBase64Url -import java.security.MessageDigest import java.util.Locale import javax.inject.Inject @@ -43,7 +42,8 @@ internal interface IdentityBulkLookupTask : Task { @@ -120,7 +120,9 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor( private fun getHashedAddresses(threePids: List, pepper: String): List { return threePids.map { threePid -> base64ToBase64Url( - (threePid.value.lowercase(Locale.ROOT) + " " + threePid.toMedium() + " " + pepper).toSha256() + sha256Converter.convertToSha256( + str = threePid.value.lowercase(Locale.ROOT) + " " + threePid.toMedium() + " " + pepper + ) ) } } @@ -139,11 +141,4 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor( ) } } - - private val sha256 by lazy { MessageDigest.getInstance("SHA-256") } - - @OptIn(ExperimentalStdlibApi::class) - private fun String.toSha256(): String { - return sha256.digest(toByteArray()).toHexString() - } } diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/Sha256Converter.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/Sha256Converter.kt new file mode 100644 index 00000000000..8c996a52eb6 --- /dev/null +++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/Sha256Converter.kt @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2024 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.session.identity + +import org.matrix.android.sdk.api.util.toBase64NoPadding +import java.security.MessageDigest +import javax.inject.Inject + +class Sha256Converter @Inject constructor() { + private val sha256 by lazy { MessageDigest.getInstance("SHA-256") } + + fun convertToSha256(str: String): String { + return sha256.digest(str.toByteArray()).toBase64NoPadding() + } +} diff --git a/matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/identity/Sha256Test.kt b/matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/identity/Sha256Test.kt new file mode 100644 index 00000000000..90eb5ea9b0e --- /dev/null +++ b/matrix-sdk-android/src/test/java/org/matrix/android/sdk/internal/session/identity/Sha256Test.kt @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2024 New Vector Ltd + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.matrix.android.sdk.internal.session.identity + +import org.amshove.kluent.shouldBeEqualTo +import org.junit.Test +import org.junit.runner.RunWith +import org.robolectric.RobolectricTestRunner + +@RunWith(RobolectricTestRunner::class) +class Sha256Test { + /** + * Check that the behavior is the same than what is done in the Olm library. + * https://gitlab.matrix.org/matrix-org/olm/-/blob/master/tests/test_olm_sha256.cpp#L16 + */ + @Test + fun testSha256() { + val sut = Sha256Converter() + sut.convertToSha256("Hello, World") shouldBeEqualTo "A2daxT/5zRU1zMffzfosRYxSGDcfQY3BNvLRmsH76KU" + } +}