ReVanced-Mirror/VancedMicroG
1
0
Fork 0
mirror of https://github.com/TeamVanced/VancedMicroG synced 2024-12-02 17:02:54 +01:00
Code Issues Projects Releases Wiki Activity

Verify keyfiles only when a backend PK exists

Browse Source
This commit is contained in:
Christian Grigis 2021-02-09 18:42:21 +01:00 committed by Marvin W
parent 8a1ac35c4d
commit dd617e27b6
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
play-services-nearby-core/src/main/kotlin/org/microg/gms/nearby/exposurenotification/ExposureNotificationServiceImpl.kt
View File

@ -57,6 +57,17 @@ class ExposureNotificationServiceImpl(private val context: Context, private val
Pair("ch.admin.bag.dp3t", Pair("ch.admin.bag.dp3t",
"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK2k9nZ8guo7JP2ELPQXnUkqDyjjJmYmpt9Zy0HPsiGXCdI3SFmLr204KNzkuITppNV5P7+bXRxiiY04NMrEITg=="), "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK2k9nZ8guo7JP2ELPQXnUkqDyjjJmYmpt9Zy0HPsiGXCdI3SFmLr204KNzkuITppNV5P7+bXRxiiY04NMrEITg=="),
) )
// Back-end public key for this package
private val backendPublicKey = backendPubKeyForPackage[packageName]?.let {
try {
KeyFactory.getInstance("EC").generatePublic(X509EncodedKeySpec(Base64.decode(it, Base64.DEFAULT)))
} catch (e: Exception) {
Log.w(TAG, "Failed to retrieve back-end public key for ${packageName}: " + e.message)
null
}
}
// Table of supported signature algorithms for the diagnosed TEKs. // Table of supported signature algorithms for the diagnosed TEKs.
// The table is indexed by ASN.1 OIDs as specified in https://tools.ietf.org/html/rfc5758#section-3.2 // The table is indexed by ASN.1 OIDs as specified in https://tools.ietf.org/html/rfc5758#section-3.2
private val sigAlgoForOid = mapOf<String, Signature>( private val sigAlgoForOid = mapOf<String, Signature>(
@ -358,9 +369,9 @@ class ExposureNotificationServiceImpl(private val context: Context, private val
var newKeys = if (params.keys != null) database.finishSingleMatching(tid) else 0 var newKeys = if (params.keys != null) database.finishSingleMatching(tid) else 0
for ((cacheFile, hash) in todoKeyFiles) { for ((cacheFile, hash) in todoKeyFiles) {
withContext(Dispatchers.IO) { withContext(Dispatchers.IO) {
if (!verifyKeyFile(cacheFile)) { if (backendPublicKey != null && !verifyKeyFile(cacheFile)) {
// FIXME: do something, perhaps reject according to some user setting Log.w(TAG, "Skipping non-verified key file")
Log.w(TAG, "Using non-verified key file") return@withContext
} }
try { try {
ZipFile(cacheFile).use { zip -> ZipFile(cacheFile).use { zip ->
@ -435,10 +446,6 @@ class ExposureNotificationServiceImpl(private val context: Context, private val
private fun verifyKeyFile(file: File): Boolean { private fun verifyKeyFile(file: File): Boolean {
try { try {
val publicKeyData = backendPubKeyForPackage.get(packageName) ?: throw Exception("Public key for ${packageName} is not available")
val publicKeyBytes: ByteArray = Base64.decode(publicKeyData, Base64.DEFAULT)
val publicKey = KeyFactory.getInstance("EC").generatePublic(X509EncodedKeySpec(publicKeyBytes))
ZipFile(file).use { zip -> ZipFile(file).use { zip ->
var dataEntry: ZipEntry? = null var dataEntry: ZipEntry? = null
var sigEntry: ZipEntry? = null var sigEntry: ZipEntry? = null
@ -475,7 +482,7 @@ class ExposureNotificationServiceImpl(private val context: Context, private val
val signature = sig.signature?.toByteArray() ?: throw Exception("Signature contents is missing") val signature = sig.signature?.toByteArray() ?: throw Exception("Signature contents is missing")
val sigVerifier = sigAlgoForOid.get(sigInfo.signature_algorithm) ?: throw Exception("Signature algorithm not supported: ${sigInfo.signature_algorithm}") val sigVerifier = sigAlgoForOid.get(sigInfo.signature_algorithm) ?: throw Exception("Signature algorithm not supported: ${sigInfo.signature_algorithm}")
sigVerifier.initVerify(publicKey) sigVerifier.initVerify(backendPublicKey)
val stream = zip.getInputStream(dataEntry) val stream = zip.getInputStream(dataEntry)
val buf = ByteArray(1024) val buf = ByteArray(1024)