Dont accept shards from mismatched sets - all muss match the first shard received

briar-android/src/main/java/org/briarproject/briar/android/socialbackup/recover/OwnerReturnShardActivity.java

@@ -13,6 +13,7 @@ import org.briarproject.briar.android.activity.ActivityComponent;
 import org.briarproject.briar.android.activity.BaseActivity;
 import org.briarproject.briar.android.fragment.BaseFragment;
 import org.briarproject.briar.api.socialbackup.ReturnShardPayload;
+import org.briarproject.briar.api.socialbackup.recovery.RestoreAccount;
 import org.briarproject.briar.api.socialbackup.recovery.SecretOwnerTask;
 
 import java.security.GeneralSecurityException;
@@ -146,9 +147,16 @@ public class OwnerReturnShardActivity extends BaseActivity
 		if (state instanceof SecretOwnerTask.State.Success) {
 			ReturnShardPayload shardPayload =
 					((SecretOwnerTask.State.Success) state).getRemotePayload();
-			boolean added = viewModel.addToShardSet(shardPayload);
+			RestoreAccount.AddReturnShardPayloadResult result = viewModel.addToShardSet(shardPayload);
+			if (result == RestoreAccount.AddReturnShardPayloadResult.MISMATCH) {
+				// TODO improve this
+				Toast.makeText(this,
+						"WARNING: Mismatched backup piece!",
+						Toast.LENGTH_LONG).show();
+			}
+			boolean added = (result != RestoreAccount.AddReturnShardPayloadResult.DUPLICATE) ? true : false;
 			Toast.makeText(this,
-					"Success - got shard" + (added ? "" : " duplicate"),
+					"Success - got backup piece" + (added ? "" : " duplicate"),
 					Toast.LENGTH_SHORT).show();
 			if (added && viewModel.canRecover()) {
 				LOG.info("Secret key recovered");
@@ -173,19 +181,10 @@ public class OwnerReturnShardActivity extends BaseActivity
 			}
 			onBackPressed();
 		} else if (state instanceof SecretOwnerTask.State.Failure) {
-//			Toast.makeText(this,
-//					"Shard return failed!",
-//					Toast.LENGTH_SHORT).show();
-//			onBackPressed();
 			showNextFragment(new OwnerRecoveryModeErrorFragment());
 		}
 	}
 
-//	private void showErrorFragment() {
-//		// TODO change this for an appropriate error message fragment
-//		showNextFragment(new AddNearbyContactErrorFragment());
-//	}
-
 	@Override
 	@Deprecated
 	public void runOnDbThread(Runnable runnable) {

briar-android/src/main/java/org/briarproject/briar/android/socialbackup/recover/OwnerReturnShardViewModel.java

@@ -226,8 +226,7 @@ class OwnerReturnShardViewModel extends AndroidViewModel
 		}
 	}
 
-	// TODO figure out how to actually use a hash set for these objects
+	public RestoreAccount.AddReturnShardPayloadResult addToShardSet(ReturnShardPayload toAdd) {
-	public boolean addToShardSet(ReturnShardPayload toAdd) {
 		return restoreAccount.addReturnShardPayload(toAdd);
 	}
 

briar-api/src/main/java/org/briarproject/briar/api/socialbackup/recovery/RestoreAccount.java

@@ -9,10 +9,15 @@ import java.security.GeneralSecurityException;
 
 public interface RestoreAccount {
 
+	enum AddReturnShardPayloadResult {
+		DUPLICATE,
+		MISMATCH,
+		OK
+	}
 
 	int getNumberOfShards();
 
-	boolean addReturnShardPayload(ReturnShardPayload toAdd);
+	AddReturnShardPayloadResult addReturnShardPayload(ReturnShardPayload toAdd);
 
 	boolean canRecover();
 

briar-core/src/main/java/org/briarproject/briar/socialbackup/recovery/RestoreAccountImpl.java

@@ -20,6 +20,7 @@ import org.briarproject.briar.socialbackup.BackupPayloadDecoder;
 
 import java.security.GeneralSecurityException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.concurrent.Executor;
 import java.util.logging.Logger;
 
@@ -37,6 +38,7 @@ public class RestoreAccountImpl implements RestoreAccount {
 	private SecretKey secretKey;
 	private final BackupPayloadDecoder backupPayloadDecoder;
 	private SocialBackup socialBackup;
+	private byte[] secretId;
 
 	private static final Logger LOG =
 			getLogger(RestoreAccountImpl.class.getName());
@@ -59,24 +61,30 @@ public class RestoreAccountImpl implements RestoreAccount {
 		return recoveredShards.size();
 	}
 
-	// TODO figure out how to actually use a hash set for these objects
+	public AddReturnShardPayloadResult addReturnShardPayload(ReturnShardPayload toAdd) {
-	public boolean addReturnShardPayload(ReturnShardPayload toAdd) {
+		AddReturnShardPayloadResult result = AddReturnShardPayloadResult.OK;
-		boolean found = false;
+		// TODO figure out how to actually use a hash set for these objects
 		for (ReturnShardPayload returnShardPayload : recoveredShards) {
 			if (toAdd.equals(returnShardPayload)) {
-				found = true;
+				return AddReturnShardPayloadResult.DUPLICATE;
-				break;
 			}
 		}
-		if (!found) recoveredShards.add(toAdd);
+
-		return !found;
+		if (secretId == null) secretId = toAdd.getShard().getSecretId();
+		if (!Arrays.equals(secretId, toAdd.getShard().getSecretId())) {
+			return AddReturnShardPayloadResult.MISMATCH;
+		}
+		recoveredShards.add(toAdd);
+		return AddReturnShardPayloadResult.OK;
 	}
 
 	public boolean canRecover() {
 		ArrayList<Shard> shards = new ArrayList<>();
 		for (ReturnShardPayload returnShardPayload : recoveredShards) {
 			// TODO check shards all have same secret id
-			shards.add(returnShardPayload.getShard());
+			Shard shard = returnShardPayload.getShard();
+//			shard.getSecretId();
+			shards.add(shard);
 		}
 		try {
 			secretKey = darkCrystal.combineShards(shards);