Closed giovEra closed 1 year ago
Hello, thanks for reporting this. I'll have a look at it today or tomorrow!
BR
Very fast response! Thanks for taking a look at it.
I'm also using Aegis on my phone. I've just tried to import the encrypted json, and it works fine for me (also on Tumbleweed using latest OTPClient and Aegis).
Can you try to execute it from the terminal and see if it outputs something more?
That is the output:
user@laptop:~> otpclient
(otpclient:22394): GLib-GIO-CRITICAL **: 18:48:29.161: Error while sending AddMatch() message: The connection is closed
(otpclient:22394): GLib-GIO-CRITICAL **: 18:48:29.161: Error while sending AddMatch() message: The connection is closed
(otpclient:22394): GLib-GIO-CRITICAL **: 18:48:29.161: Error while sending AddMatch() message: The connection is closed
Terminated
Hmm, that doesn't help me much. If I were to provide you a more verbose version, would you be able to compile it yourself?
I think I will have no problem to compile it. So, go for the more verbose version.
Nice, then I'll work something out for tomorrow to help debugging
I invite you not to take it easy. I am not in a hurry :)
edit: I misspelled, sorry :) I meant to say that -I am in no hurry- so I invite you to -take it easy-
I took a look at it and the error occurs in line 125. The value returned is 16777226 instead of 0.
The strange thing is that it does not generate any message the line 127.
How I got this information: I modified aegis.c in this way, and got this output. (I also printed out the macros to compare them with the value of the errors)
Note: To make sure the backup was not corrupted, I tried restoring it to two android devices, and it imported correctly. And the password is also correct because I stored it in a KeepassXC database (In other words, I don't know the password, so each time I copy it from the database).
The gpg_err
returned by gcry_cipher_checktag
is converted to a gcry_err_code
via gcry_err_code
, and that last one returns 10
which is equivalent to GPG_ERR_CHECKSUM
.
So now, questions for myself:
Question for you:
I found out with the error was not printed in the dialog, and that is fixed. Still, ATM I have no idea why the import fails.
It must be something related to the input password.
Hi, I'm back.
My password is: ,=@vYQAG)Z}fq}h%Pp)?nyHcxG"-n)=:}ZGXFswT>dM;y!_B^MP@N/MqQC.\KjH]
What is the maximum length of the Aegis backup password that OTPClient can handle?
Import works with passwords of length 32 consisting only of A-Za-z0-9
.
AFAIR, max pwd length should be 255, but I'm going by memory (it was done long ago). I'll double check that and also why it's not allowing a pwd with standard chars.
Thanks a lot
Ok, thanks :)
note: I have try passwords of length 254 consisting only of A-Za-z0-9
but import not work :)
The issue with long pwds occurs during key derivation. Why is still a mystery though...
The issue is reproducible when the input pwd is > 64 chars :thinking:
well, it's done :smile: bug has been squashed!
The issue was that, for Aegis, the NUL
char shouldn't be part of the key derivation. Why it worked for strings <= 64 I have no idea though :see_no_evil:
@giovEra can you compile latest master and confirm that everything is fixed? Thanks a lot :smile:
I compiled the master branch successfully, and tested the import with passwords of 254 characters length and confirm that it works.
Thank you for the fix!
When you have time, I invite you to make a pull request to the opensuse factory so that the fixed version will be available for download from the openSUSE official repo. Thanks again.
Thanks for confirming it :) Yes, don't worry! I'm the official maintainer of otpclient for openSUSE, so it will always be up to date ;)
OS: OpenSUSE Tumbleweed OTPClient: v3.1.1 (from official openSUSE repo) Aegis: 2.1.2 (from F-Droid)
When I try to import an encrypted json from Aegis I get this (generic) error:
Do you have any ideas on how to solve it? If more information is needed, I am available.