Merge pull request #1476 from atsign-foundation/fix/apkam-non-zero-iv

XavierChanth · web-flow · commit e9b1900bd0dd · 2025-01-29T11:11:43.000-05:00
fix: Updated APKAM enrollment to use server generated IVs
diff --git a/packages/at_client_mobile/lib/src/auth/at_auth_service_impl.dart b/packages/at_client_mobile/lib/src/auth/at_auth_service_impl.dart
@@ -449,6 +449,7 @@ class AtAuthServiceImpl implements AtAuthService {
     var privateKeyCommand =
         'keys:get:keyName:$enrollmentIdFromServer.${AtConstants.defaultEncryptionPrivateKey}.__manage$_atSign\n';
     String encryptionPrivateKeyFromServer;
+    String? encryptionPrivateKeyIV;
     try {
       var getPrivateKeyResult =
           await _atLookUp?.executeCommand('$privateKeyCommand\n', auth: true);
@@ -458,13 +459,17 @@ class AtAuthServiceImpl implements AtAuthService {
       getPrivateKeyResult = getPrivateKeyResult.replaceFirst('data:', '');
       var privateKeyResultJson = jsonDecode(getPrivateKeyResult);
       encryptionPrivateKeyFromServer = privateKeyResultJson['value'];
+      encryptionPrivateKeyIV = privateKeyResultJson['iv'];
     } on Exception catch (e) {
       throw AtEnrollmentException(
           'Exception while getting encrypted private key/self key from server: $e');
     }
     AtEncryptionResult? atEncryptionResult = atChops.decryptString(
         encryptionPrivateKeyFromServer, EncryptionKeyType.aes256,
-        keyName: 'apkamSymmetricKey', iv: AtChopsUtil.generateIVLegacy());
+        keyName: 'apkamSymmetricKey',
+        iv: encryptionPrivateKeyIV != null
+            ? InitialisationVector(base64Decode(encryptionPrivateKeyIV))
+            : AtChopsUtil.generateIVLegacy());
     return atEncryptionResult.result;
   }
 
@@ -476,6 +481,7 @@ class AtAuthServiceImpl implements AtAuthService {
     var selfEncryptionKeyCommand =
         'keys:get:keyName:$enrollmentIdFromServer.${AtConstants.defaultSelfEncryptionKey}.__manage$_atSign\n';
     String selfEncryptionKeyFromServer;
+    String? selfEncryptionKeyIV;
     try {
       String? encryptedSelfEncryptionKey = await _atLookUp
           ?.executeCommand('$selfEncryptionKeyCommand\n', auth: true);
@@ -488,13 +494,17 @@ class AtAuthServiceImpl implements AtAuthService {
           encryptedSelfEncryptionKey.replaceFirst('data:', '');
       var selfEncryptionKeyResultJson = jsonDecode(encryptedSelfEncryptionKey);
       selfEncryptionKeyFromServer = selfEncryptionKeyResultJson['value'];
+      selfEncryptionKeyIV = selfEncryptionKeyResultJson['iv'];
     } on Exception catch (e) {
       throw AtEnrollmentException(
           'Exception while getting encrypted private key/self key from server: $e');
     }
     AtEncryptionResult? atEncryptionResult = atChops.decryptString(
         selfEncryptionKeyFromServer, EncryptionKeyType.aes256,
-        keyName: 'apkamSymmetricKey', iv: AtChopsUtil.generateIVLegacy());
+        keyName: 'apkamSymmetricKey',
+        iv: selfEncryptionKeyIV != null
+            ? InitialisationVector(base64Decode(selfEncryptionKeyIV))
+            : AtChopsUtil.generateIVLegacy());
     return atEncryptionResult.result;
   }
 
