diff --git a/identity-android/src/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java b/identity-android/src/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java index 7e19093a7..ccfdea72c 100644 --- a/identity-android/src/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java +++ b/identity-android/src/main/java/com/android/identity/android/mdoc/deviceretrieval/DeviceRetrievalHelper.java @@ -262,19 +262,16 @@ private OptionalLong ensureSessionEncryption(@NonNull byte[] data) { return OptionalLong.empty(); } - // For reverse engagement, we get EReaderKeyBytes via Reverse Engagement... + // For reverse engagement, if we received a SessionData message then use the + // EReaderKey from the Reverse Engagement. If we received a SessionEstablishment message + // then extract the new key from the message + DataItem decodedData = Util.cborDecode(data); byte[] encodedEReaderKey = null; - if (mReverseEngagementEncodedEReaderKey != null) { + if (mReverseEngagementEncodedEReaderKey != null && !Util.cborMapHasKey(decodedData, "eReaderKey")) { encodedEReaderKey = mReverseEngagementEncodedEReaderKey; - // This is unnecessary but a nice warning regardless... - DataItem decodedData = Util.cborDecode(data); - if (Util.cborMapHasKey(decodedData, "eReaderKey")) { - Logger.w(TAG, "Ignoring eReaderKey in SessionEstablishment since we " - + "already got this get in ReaderEngagement"); - } } else { - // This is the first message. Extract eReaderKey to set up session encryption... - DataItem decodedData = Util.cborDecode(data); + // This is the first message or re-consolidation of the curve types. + // Extract eReaderKey to set up session encryption... try { encodedEReaderKey = Util.cborMapExtractByteString(decodedData, "eReaderKey"); } catch (IllegalArgumentException e) {