Fix issue #455

In the context of reverse engagement, check whether the EReader sent a SessionEstablisment message or a SessionData message. If the EReader sent a SessionEstablishment message, use the public key in the message instead of the initial public key in the ReaderEngagement message.
openwallet-foundation-labs · Jan 24, 2024 · c9e32f0 · c9e32f0
1 parent 06fe0d3
commit c9e32f0
Showing 1 changed file with 7 additions and 10 deletions.
diff --git a/...rc/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java b/...rc/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java
@@ -262,19 +262,16 @@ private OptionalLong ensureSessionEncryption(@NonNull byte[] data) {
             return OptionalLong.empty();
         }
 
-        // For reverse engagement, we get EReaderKeyBytes via Reverse Engagement...
+        // For reverse engagement, if we received a SessionData message then use the
+        // EReaderKey from the Reverse Engagement. If we received a SessionEstablishment message
+        // then extract the new key from the message
+        DataItem decodedData = Util.cborDecode(data);
         byte[] encodedEReaderKey = null;
-        if (mReverseEngagementEncodedEReaderKey != null) {
+        if (mReverseEngagementEncodedEReaderKey != null && !Util.cborMapHasKey(decodedData, "eReaderKey")) {
             encodedEReaderKey = mReverseEngagementEncodedEReaderKey;
-            // This is unnecessary but a nice warning regardless...
-            DataItem decodedData = Util.cborDecode(data);
-            if (Util.cborMapHasKey(decodedData, "eReaderKey")) {
-                Logger.w(TAG, "Ignoring eReaderKey in SessionEstablishment since we "
-                        + "already got this get in ReaderEngagement");
-            }
         } else {
-            // This is the first message. Extract eReaderKey to set up session encryption...
-            DataItem decodedData = Util.cborDecode(data);
+            // This is the first message or re-consolidation of the curve types.
+            // Extract eReaderKey to set up session encryption...
             try {
                 encodedEReaderKey = Util.cborMapExtractByteString(decodedData, "eReaderKey");
             } catch (IllegalArgumentException e) {