Skip to content

Commit cf93f34

Browse files
SessionHero01SessionHero01
authored
Merge pull request #1650 from session-foundation/ses-4795-deterministic
[SES-4795] - Fix deterministic encryption
2 parents 39e9051 + 3911aaf commit cf93f34

File tree

1 file changed

+14
-1
lines changed

1 file changed

+14
-1
lines changed

app/src/main/java/org/thoughtcrime/securesms/attachments/AttachmentProcessor.kt

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ import coil3.request.allowConversionToBitmap
1818
import coil3.request.allowHardware
1919
import coil3.request.allowRgb565
2020
import coil3.size.Precision
21+
import dagger.Lazy
2122
import dagger.hilt.android.qualifiers.ApplicationContext
2223
import network.loki.messenger.libsession_util.encrypt.Attachments
2324
import network.loki.messenger.libsession_util.image.GifUtils
@@ -30,7 +31,10 @@ import org.session.libsignal.streams.AttachmentCipherOutputStream
3031
import org.session.libsignal.streams.PaddingInputStream
3132
import org.session.libsignal.utilities.ByteArraySlice
3233
import org.session.libsignal.utilities.ByteArraySlice.Companion.view
34+
import org.session.libsignal.utilities.Hex
3335
import org.session.libsignal.utilities.Log
36+
import org.thoughtcrime.securesms.crypto.IdentityKeyUtil
37+
import org.thoughtcrime.securesms.database.Storage
3438
import org.thoughtcrime.securesms.util.AnimatedImageUtils
3539
import org.thoughtcrime.securesms.util.BitmapUtil
3640
import org.thoughtcrime.securesms.util.ImageUtils
@@ -50,6 +54,7 @@ typealias DigestResult = ByteArray
5054
class AttachmentProcessor @Inject constructor(
5155
@param:ApplicationContext private val context: Context,
5256
private val imageLoader: Provider<ImageLoader>,
57+
private val storage: Lazy<Storage>,
5358
) {
5459
class ProcessResult(
5560
val data: ByteArray,
@@ -152,8 +157,16 @@ class AttachmentProcessor @Inject constructor(
152157
*/
153158
fun encryptDeterministically(plaintext: ByteArray, domain: Attachments.Domain): EncryptResult {
154159
val cipherOut = ByteArray(Attachments.encryptedSize(plaintext.size.toLong()).toInt())
160+
val privateKey = requireNotNull(storage.get().getUserED25519KeyPair()?.secretKey) {
161+
"No user identity available"
162+
}
163+
check(privateKey.data.size == 64) {
164+
"Invalid ED25519 private key size: ${privateKey.data.size}"
165+
}
166+
val seed = privateKey.data.sliceArray(0 until 32)
167+
155168
val key = Attachments.encryptBytes(
156-
seed = Util.getSecretBytes(32),
169+
seed = seed,
157170
plaintextIn = plaintext,
158171
cipherOut = cipherOut,
159172
domain = domain,

0 commit comments

Comments
 (0)