From 63587a3e128851db07ded58ac83eba730d758a8f Mon Sep 17 00:00:00 2001 From: Matthias Geihs Date: Mon, 11 Sep 2023 12:06:44 +0800 Subject: [PATCH] reconstructKey: Remove ciphertext padding Previously, the ciphertext was padded. However, ciphertexts should in general not be padded, as it leads to decryption errors. Here we remove the padding. --- .../Extensions/TorusUtils+extension.swift | 38 +++++-------------- Tests/TorusUtilsTests/SapphireTest.swift | 17 +++++++-- 2 files changed, 24 insertions(+), 31 deletions(-) diff --git a/Sources/TorusUtils/Extensions/TorusUtils+extension.swift b/Sources/TorusUtils/Extensions/TorusUtils+extension.swift index 989ccbe2..46f81a34 100644 --- a/Sources/TorusUtils/Extensions/TorusUtils+extension.swift +++ b/Sources/TorusUtils/Extensions/TorusUtils+extension.swift @@ -230,7 +230,7 @@ extension TorusUtils { - private func reconstructKey(decryptedShares: [Int: String], thresholdPublicKey: KeyAssignment.PublicKey) throws -> String? { +private func reconstructKey(decryptedShares: [Int: String], thresholdPublicKey: KeyAssignment.PublicKey) throws -> String? { // run lagrange interpolation on all subsets, faster in the optimistic scenario than berlekamp-welch due to early exit let allCombis = kCombinations(s: decryptedShares.count, k: 3) @@ -404,8 +404,7 @@ extension TorusUtils { if thresholdPublicKey?.X != nil && (thresholdNonceData != nil && thresholdNonceData?.pubNonce?.x != "" || verifierParams.extended_verifier_id != nil || isLegacyNetwork()) { // Code block to execute if all conditions are true - var sharePkcs7 = [String]() - var shareZeroPadding = [String]() + var shares = [String]() var sessionTokenSigPromises = [String?]() var sessionTokenPromises = [String?]() var nodeIndexes = [Int]() @@ -449,20 +448,11 @@ extension TorusUtils { let latestKey = currentShareResponse.keys[0] nodeIndexes.append(Int(latestKey.nodeIndex)) let data = Data(base64Encoded: latestKey.share, options: [] )! - let binaryString = String(data: data, encoding: .ascii) ?? "" - let paddedBinaryString = binaryString.padding(toLength: 64, withPad: "0", startingAt: 0) - var decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: paddedBinaryString, privKey: sessionAuthKey) - sharePkcs7.append(decryptedShare.addLeading0sForLength64()) - // temporary workaround on decrypt padding issue - if ( decryptedShare.count < 64 ) { - - decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: paddedBinaryString, privKey: sessionAuthKey, padding: .zeroPadding).addLeading0sForLength64() - shareZeroPadding.append(decryptedShare) - } else { - shareZeroPadding.append(decryptedShare) + guard let ciphertextHex = String(data: data, encoding: .ascii) else { + throw TorusUtilError.decodingFailed() } - - + var decryptedShare = try decryptNodeData(eciesData: latestKey.shareMetadata, ciphertextHex: ciphertextHex, privKey: sessionAuthKey) + shares.append(decryptedShare.addLeading0sForLength64()) } else { os_log("retrieveShare - 0 keys returned from nodes", log: getTorusLogger(log: TorusUtilsLogger.core, type: .error), type: .error) throw TorusUtilError.thresholdError @@ -508,23 +498,15 @@ extension TorusUtils { sessionTokenData.append(SessionToken(token: token, signature: signature!, node_pubx: nodePubX, node_puby: nodePubY)) } } - let decryptedSharesPkcs7 = sharePkcs7.enumerated().reduce(into: [ Int : String ]()) { acc, current in + + let sharesWithIndex = shares.enumerated().reduce(into: [ Int : String ]()) { acc, current in let (index, curr) = current acc[nodeIndexes[index]] = curr } - - - - var returnedKey = try reconstructKey(decryptedShares: decryptedSharesPkcs7, thresholdPublicKey: thresholdPublicKey!) - + let returnedKey = try reconstructKey(decryptedShares: sharesWithIndex, thresholdPublicKey: thresholdPublicKey!) if (returnedKey == nil) { - let decryptedSharesZeroPadding = shareZeroPadding.enumerated().reduce(into: [ Int : String ]()) { acc, current in - let (index, curr) = current - acc[nodeIndexes[index]] = curr - } - returnedKey = try reconstructKey(decryptedShares: decryptedSharesZeroPadding, thresholdPublicKey: thresholdPublicKey!) - + throw TorusUtilError.privateKeyDeriveFailed } guard let oAuthKey = returnedKey else { diff --git a/Tests/TorusUtilsTests/SapphireTest.swift b/Tests/TorusUtilsTests/SapphireTest.swift index ab32083c..58b73bd0 100644 --- a/Tests/TorusUtilsTests/SapphireTest.swift +++ b/Tests/TorusUtilsTests/SapphireTest.swift @@ -413,10 +413,9 @@ final class SapphireTest: XCTestCase { } } - func testAggregrateLogin() async throws { + func testAggregrateLoginWithEmail(email: String) async throws { let exp1 = XCTestExpectation(description: "Should be able to aggregate login") - - let email = generateRandomEmail(of: 6) + print("email", email) let verifier: String = TORUS_TEST_AGGREGATE_VERIFIER let verifierID: String = email @@ -447,4 +446,16 @@ final class SapphireTest: XCTestCase { } } + func testAggregateLoginWithFixedEmail() async throws { + // This fixed email was previously known to trigger an edge case that + // revealed a bug in our share decryption implementation. + let email = "hEJTRg@gmail.com" + try await testAggregrateLoginWithEmail(email: email) + } + + func testAggregateLoginWithRandomEmail() async throws { + let email = generateRandomEmail(of: 6) + try await testAggregrateLoginWithEmail(email: email) + } + }