Use the old encode method for passwords over 64 bytes and repair the slot (#98)

Commit afb9e59711 fixed a bug where the password encode function would add null bytes to the end of the output. Luckily (I thought), PBKDF2 produces collisions for inputs with trailing null bytes and thus scrypt does this as well, so we could safely change that function to remove the null bytes without any impact. Unfortunately, that doesn't hold up if the password is over 64 bytes in size. So after that change, the KDF started producing different keys than before for such passwords and thus some users could no longer unlock their vault. This patch addresses the issue by using the old password encode function for passwords over 64 bytes and repairing the affected password slot.
2025-05-14 14:02:49 +00:00 · 2019-05-26 23:52:20 +02:00 · 2019-05-26 23:52:20 +02:00 · 8c658ac930
commit 8c658ac930
parent 588c1c07df
9 changed files with 184 additions and 67 deletions
--- a/app/src/main/java/com/beemdevelopment/aegis/ui/AuthActivity.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/ui/AuthActivity.java
@ -19,7 +19,6 @@ import android.widget.TextView;
 import com.beemdevelopment.aegis.R;
 import com.beemdevelopment.aegis.crypto.KeyStoreHandle;
 import com.beemdevelopment.aegis.crypto.KeyStoreHandleException;
-import com.beemdevelopment.aegis.crypto.MasterKey;
 import com.beemdevelopment.aegis.db.DatabaseFileCredentials;
 import com.beemdevelopment.aegis.db.slots.FingerprintSlot;
 import com.beemdevelopment.aegis.db.slots.PasswordSlot;
@ -136,14 +135,6 @@ public class AuthActivity extends AegisActivity implements FingerprintUiHelper.C
        new SlotListTask<>(type, this, this).execute(params);
    }

-    private void setKey(MasterKey key) {
-        // send the master key back to the main activity
-        Intent result = new Intent();
-        result.putExtra("creds", new DatabaseFileCredentials(key, _slots));
-        setResult(RESULT_OK, result);
-        finish();
-    }
-
    private void selectPassword() {
        _textPassword.selectAll();

@ -185,9 +176,19 @@ public class AuthActivity extends AegisActivity implements FingerprintUiHelper.C
    }

    @Override
-    public void onTaskFinished(MasterKey key) {
-        if (key != null) {
-            setKey(key);
+    public void onTaskFinished(SlotListTask.Result result) {
+        if (result != null) {
+            // replace the old slot with the repaired one
+            if (result.isSlotRepaired()) {
+                _slots.replace(result.getSlot());
+            }
+
+            // send the master key back to the main activity
+            Intent intent = new Intent();
+            intent.putExtra("creds", new DatabaseFileCredentials(result.getKey(), _slots));
+            intent.putExtra("repairedSlot", result.isSlotRepaired());
+            setResult(RESULT_OK, intent);
+            finish();
        } else {
            showError();
        }