reconstructKey: Remove ciphertext padding

Previously, the ciphertext was padded. However, ciphertexts should in general not be padded, as it leads to decryption errors. Here we remove the padding.
torusresearch · Sep 11, 2023 · 5ab777a · 5ab777a
1 parent 61b3668
commit 5ab777a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 30 deletions.
diff --git a/Sources/TorusUtils/Extensions/TorusUtils+extension.swift b/Sources/TorusUtils/Extensions/TorusUtils+extension.swift
@@ -404,8 +404,7 @@ extension TorusUtils {
 
             if thresholdPublicKey?.X != nil && (thresholdNonceData != nil && thresholdNonceData?.pubNonce?.x != "" || verifierParams.extended_verifier_id != nil || isLegacyNetwork()) {
                 // Code block to execute if all conditions are true
-                var sharePkcs7 = [String]()
-                var shareZeroPadding = [String]()
+                var shares = [String]()
                 var sessionTokenSigPromises = [String?]()
                 var sessionTokenPromises = [String?]()
                 var nodeIndexes = [Int]()
@@ -449,20 +448,11 @@ extension TorusUtils {
                         let latestKey = currentShareResponse.keys[0]
                         nodeIndexes.append(Int(latestKey.nodeIndex))
                         let data = Data(base64Encoded: latestKey.share, options: [] )!
-                        let binaryString = String(data: data, encoding: .ascii) ?? ""
-                        let paddedBinaryString = binaryString.padding(toLength: 64, withPad: "0", startingAt: 0)
-                        var decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: paddedBinaryString, privKey: sessionAuthKey)
-                        sharePkcs7.append(decryptedShare.addLeading0sForLength64())
-                        // temporary workaround on decrypt padding issue
-                        if ( decryptedShare.count < 64 ) {
-
-                            decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: paddedBinaryString, privKey: sessionAuthKey, padding: .zeroPadding).addLeading0sForLength64()
-                            shareZeroPadding.append(decryptedShare)
-                        } else {
-                            shareZeroPadding.append(decryptedShare)
+                        guard let ciphertextHex = String(data: data, encoding: .ascii) else {
+                            throw TorusUtilError.decodingFailed()
                         }
-
-
+                        var decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: ciphertextHex, privKey: sessionAuthKey)
+                        shares.append(decryptedShare.addLeading0sForLength64())
                     } else {
                         os_log("retrieveShare -  0 keys returned from nodes", log: getTorusLogger(log: TorusUtilsLogger.core, type: .error), type: .error)
                         throw TorusUtilError.thresholdError
@@ -508,23 +498,15 @@ extension TorusUtils {
                         sessionTokenData.append(SessionToken(token: token, signature: signature!, node_pubx: nodePubX, node_puby: nodePubY))
                     }
                 }
-                let decryptedSharesPkcs7 = sharePkcs7.enumerated().reduce(into: [ Int : String ]()) { acc, current in
+
+                let sharesWithIndex = shares.enumerated().reduce(into: [ Int : String ]()) { acc, current in
                     let (index, curr) = current
                     acc[nodeIndexes[index]] = curr
                 }
 
-
-
-
-                var returnedKey = try reconstructKey(decryptedShares: decryptedSharesPkcs7, thresholdPublicKey: thresholdPublicKey!)
-
+                let returnedKey = try reconstructKey(decryptedShares: sharesWithIndex, thresholdPublicKey: thresholdPublicKey!)
                 if (returnedKey == nil) {
-                    let decryptedSharesZeroPadding = shareZeroPadding.enumerated().reduce(into: [ Int : String ]()) { acc, current in
-                        let (index, curr) = current
-                        acc[nodeIndexes[index]] = curr
-                    }
-                    returnedKey = try reconstructKey(decryptedShares: decryptedSharesZeroPadding, thresholdPublicKey: thresholdPublicKey!)
-
+                    throw TorusUtilError.privateKeyDeriveFailed
                 }
 
                 guard let oAuthKey = returnedKey else {

diff --git a/Tests/TorusUtilsTests/SapphireTest.swift b/Tests/TorusUtilsTests/SapphireTest.swift
@@ -413,10 +413,9 @@ final class SapphireTest: XCTestCase {
         }
     }
 
-    func testAggregrateLogin() async throws {
+    func testAggregrateLoginWithEmail(email: String) async throws {
         let exp1 = XCTestExpectation(description: "Should be able to aggregate login")
-
-        let email = generateRandomEmail(of: 6)
+
         print("email", email)
         let verifier: String = TORUS_TEST_AGGREGATE_VERIFIER
         let verifierID: String = email
@@ -447,4 +446,16 @@ final class SapphireTest: XCTestCase {
         }
     }
 
+    func testAggregateLoginWithFixedEmail() async throws {
+        // This fixed email was previously known to trigger an edge case that
+        // revealed a bug in our share decryption implementation.
+        let email = "[email protected]"
+        try await testAggregrateLoginWithEmail(email: email)
+    }
+
+    func testAggregateLoginWithRandomEmail() async throws {
+        let email = generateRandomEmail(of: 6)
+        try await testAggregrateLoginWithEmail(email: email)
+    }
+
 }