oxen-io/session-desktop
1
0
Fork 0
mirror of https://github.com/oxen-io/session-desktop.git synced 2023-12-14 02:12:57 +01:00
Code Issues Projects Releases Wiki Activity

move libtextsecure/crypto.js to ts

Browse source 
used mostly for attachments encrypting before upload/decrypt and profile
encrypt/derypt
This commit is contained in:
Audric Ackermann 2022-03-30 09:18:09 +11:00
parent 5bc576249b
commit 79bf0c53ee
11 changed files with 170 additions and 228 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Gruntfile.js
View file

@ -63,11 +63,7 @@ module.exports = grunt => {
banner: ';(function() {\n',
footer: '})();\n',
},
src: [
'libtextsecure/errors.js',
'libtextsecure/libsignal-protocol.js',
'libtextsecure/crypto.js',
],
src: ['libtextsecure/errors.js', 'libtextsecure/libsignal-protocol.js'],
dest: 'js/libtextsecure.js',
},
},

17
libtextsecure/crypto.d.ts vendored
View file

@ -1,17 +0,0 @@
export interface LibTextsecureCryptoInterface {
encryptAttachment(
plaintext: ArrayBuffer,
keys: ArrayBuffer,
iv: ArrayBuffer
): Promise<{
digest: ArrayBuffer;
ciphertext: ArrayBuffer;
}>;
decryptAttachment(
encryptedBin: ArrayBuffer,
keys: ArrayBuffer,
theirDigest: ArrayBuffer
): Promise<ArrayBuffer>;
decryptProfile(data: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer>;
encryptProfile(data: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer>;
}

178
libtextsecure/crypto.js
View file

@ -1,178 +0,0 @@
/* global libsignal, crypto, textsecure, dcodeIO, window */
/* eslint-disable more/no-then, no-bitwise */
// eslint-disable-next-line func-names
(function() {
const { encrypt, decrypt, calculateMAC, verifyMAC } = libsignal.crypto;
const PROFILE_IV_LENGTH = 12; // bytes
const PROFILE_KEY_LENGTH = 32; // bytes
const PROFILE_TAG_LENGTH = 128; // bits
const PROFILE_NAME_PADDED_LENGTH = 26; // bytes
function verifyDigest(data, theirDigest) {
return crypto.subtle.digest({ name: 'SHA-256' }, data).then(ourDigest => {
const a = new Uint8Array(ourDigest);
const b = new Uint8Array(theirDigest);
let result = 0;
for (let i = 0; i < theirDigest.byteLength; i += 1) {
result |= a[i] ^ b[i];
}
if (result !== 0) {
throw new Error('Bad digest');
}
});
}
function calculateDigest(data) {
return crypto.subtle.digest({ name: 'SHA-256' }, data);
}
function getRandomBytesFromLength(n) {
const bytes = new Uint8Array(n);
crypto.getRandomValues(bytes);
return bytes;
}
window.textsecure = window.textsecure || {};
window.textsecure.crypto = {
decryptAttachment(encryptedBin, keys, theirDigest) {
if (keys.byteLength !== 64) {
throw new Error('Got invalid length attachment keys');
}
if (encryptedBin.byteLength < 16 + 32) {
throw new Error('Got invalid length attachment');
}
const aesKey = keys.slice(0, 32);
const macKey = keys.slice(32, 64);
const iv = encryptedBin.slice(0, 16);
const ciphertext = encryptedBin.slice(16, encryptedBin.byteLength - 32);
const ivAndCiphertext = encryptedBin.slice(0, encryptedBin.byteLength - 32);
const mac = encryptedBin.slice(encryptedBin.byteLength - 32, encryptedBin.byteLength);
return verifyMAC(ivAndCiphertext, macKey, mac, 32)
.then(() => {
if (!theirDigest) {
throw new Error('Failure: Ask sender to update Signal and resend.');
}
return verifyDigest(encryptedBin, theirDigest);
})
.then(() => decrypt(aesKey, ciphertext, iv));
},
encryptAttachment(plaintext, keys, iv) {
if (!(plaintext instanceof ArrayBuffer) && !ArrayBuffer.isView(plaintext)) {
throw new TypeError(
`\`plaintext\` must be an \`ArrayBuffer\` or \`ArrayBufferView\`; got: ${typeof plaintext}`
);
}
if (keys.byteLength !== 64) {
throw new Error('Got invalid length attachment keys');
}
if (iv.byteLength !== 16) {
throw new Error('Got invalid length attachment iv');
}
const aesKey = keys.slice(0, 32);
const macKey = keys.slice(32, 64);
return encrypt(aesKey, plaintext, iv).then(ciphertext => {
const ivAndCiphertext = new Uint8Array(16 + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), 16);
return calculateMAC(macKey, ivAndCiphertext.buffer).then(mac => {
const encryptedBin = new Uint8Array(16 + ciphertext.byteLength + 32);
encryptedBin.set(ivAndCiphertext);
encryptedBin.set(new Uint8Array(mac), 16 + ciphertext.byteLength);
return calculateDigest(encryptedBin.buffer).then(digest => ({
ciphertext: encryptedBin.buffer,
digest,
}));
});
});
},
encryptProfile(data, key) {
const iv = getRandomBytesFromLength(PROFILE_IV_LENGTH);
if (key.byteLength !== PROFILE_KEY_LENGTH) {
throw new Error('Got invalid length profile key');
}
if (iv.byteLength !== PROFILE_IV_LENGTH) {
throw new Error('Got invalid length profile iv');
}
return crypto.subtle
.importKey('raw', key, { name: 'AES-GCM' }, false, ['encrypt'])
.then(keyForEncryption =>
crypto.subtle
.encrypt({ name: 'AES-GCM', iv, tagLength: PROFILE_TAG_LENGTH }, keyForEncryption, data)
.then(ciphertext => {
const ivAndCiphertext = new Uint8Array(PROFILE_IV_LENGTH + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), PROFILE_IV_LENGTH);
return ivAndCiphertext.buffer;
})
);
},
decryptProfile(data, key) {
if (data.byteLength < 12 + 16 + 1) {
throw new Error(`Got too short input: ${data.byteLength}`);
}
const iv = data.slice(0, PROFILE_IV_LENGTH);
const ciphertext = data.slice(PROFILE_IV_LENGTH, data.byteLength);
if (key.byteLength !== PROFILE_KEY_LENGTH) {
throw new Error('Got invalid length profile key');
}
if (iv.byteLength !== PROFILE_IV_LENGTH) {
throw new Error('Got invalid length profile iv');
}
const error = new Error(); // save stack
return crypto.subtle
.importKey('raw', key, { name: 'AES-GCM' }, false, ['decrypt'])
.then(keyForEncryption =>
crypto.subtle
.decrypt(
{ name: 'AES-GCM', iv, tagLength: PROFILE_TAG_LENGTH },
keyForEncryption,
ciphertext
)
.catch(e => {
if (e.name === 'OperationError') {
// bad mac, basically.
error.message =
'Failed to decrypt profile data. Most likely the profile key has changed.';
error.name = 'ProfileDecryptError';
throw error;
}
})
);
},
encryptProfileName(name, key) {
const padded = new Uint8Array(PROFILE_NAME_PADDED_LENGTH);
padded.set(new Uint8Array(name));
return textsecure.crypto.encryptProfile(padded.buffer, key);
},
decryptProfileName(encryptedProfileName, key) {
const data = dcodeIO.ByteBuffer.wrap(encryptedProfileName, 'base64').toArrayBuffer();
return textsecure.crypto.decryptProfile(data, key).then(decrypted => {
// unpad
const padded = new Uint8Array(decrypted);
let i;
for (i = padded.length; i > 0; i -= 1) {
if (padded[i - 1] !== 0x00) {
break;
}
}
return dcodeIO.ByteBuffer.wrap(padded)
.slice(0, i)
.toArrayBuffer();
});
},
getRandomBytes(size) {
return getRandomBytesFromLength(size);
},
};
})();

4
libtextsecure/libsignal-protocol.d.ts vendored
View file

@ -40,12 +40,8 @@ export interface CryptoInterface {
getRandomBytes(size: number): ArrayBuffer;
}
export interface KeyHelperInterface {
generateIdentityKeyPair(): Promise<KeyPair>;
}
export interface LibsignalProtocol {
Curve: CurveInterface;
crypto: CryptoInterface;
KeyHelper: KeyHelperInterface;
}

8
libtextsecure/libsignal-protocol.js
View file

@ -34736,7 +34736,7 @@ var libsignal
'use strict';
function validatePrivKey(privKey) {
if (privKey === undefined || !(privKey instanceof ArrayBuffer)) {
if (privKey === undefined || !(privKey instanceof ArrayBuffer)) {
console.log(privKey === undefined, (privKey instanceof ArrayBuffer), privKey.byteLength)
throw new Error("Invalid private key", privKey);
@ -34982,13 +34982,7 @@ var libsignal
},
};
})();
var KeyHelper = {
generateIdentityKeyPair: function () {
return Internal.crypto.createKeyPair();
},
};
libsignal.KeyHelper = KeyHelper;
})();

6
ts/interactions/conversationInteractions.ts
View file

@ -47,6 +47,7 @@ import { urlToBlob } from '../types/attachments/VisualAttachment';
import { MIME } from '../types';
import { setLastProfileUpdateTimestamp } from '../util/storage';
import { getSodium } from '../session/crypto';
import { encryptProfile } from '../util/crypto/profileEncrypter';
export const getCompleteUrlForV2ConvoId = async (convoId: string) => {
if (convoId.match(openGroupV2ConversationIdRegex)) {
@ -427,10 +428,7 @@ export async function uploadOurAvatar(newAvatarDecrypted?: ArrayBuffer) {
return;
}
const encryptedData = await window.textsecure.crypto.encryptProfile(
decryptedAvatarData,
profileKey
);
const encryptedData = await encryptProfile(decryptedAvatarData, profileKey);
const avatarPointer = await FSv2.uploadFileToFsV2(encryptedData);
let fileUrl;

10
ts/receiver/attachments.ts
View file

@ -11,6 +11,7 @@ import {
import { OpenGroupRequestCommonType } from '../session/apis/open_group_api/opengroupV2/ApiUtil';
import { FSv2 } from '../session/apis/file_server_api';
import { getUnpaddedAttachment } from '../session/crypto/BufferPadding';
import { decryptAttachment } from '../util/crypto/attachmentsEncrypter';
export async function downloadAttachment(attachment: {
url: string;
@ -60,10 +61,13 @@ export async function downloadAttachment(attachment: {
throw new Error('Attachment expected size is 0');
}
const keyBuffer = await window.callWorker('fromBase64ToArrayBuffer', key);
const digestBuffer = await window.callWorker('fromBase64ToArrayBuffer', digest);
const keyBuffer = (await window.callWorker('fromBase64ToArrayBuffer', key)) as ArrayBuffer;
const digestBuffer = (await window.callWorker(
'fromBase64ToArrayBuffer',
digest
)) as ArrayBuffer;
data = await window.textsecure.crypto.decryptAttachment(data, keyBuffer, digestBuffer);
data = await decryptAttachment(data, keyBuffer, digestBuffer);
if (size !== data.byteLength) {
// we might have padding, check that all the remaining bytes are padding bytes

8
ts/receiver/dataMessage.ts
View file

@ -27,6 +27,7 @@ import {
} from '../models/messageFactory';
import { MessageModel } from '../models/message';
import { isUsFromCache } from '../session/utils/User';
import { decryptProfile } from '../util/crypto/profileEncrypter';
export async function updateProfileOneAtATime(
conversation: ConversationModel,
@ -51,7 +52,7 @@ async function createOrUpdateProfile(
profile: SignalService.DataMessage.ILokiProfile,
profileKey?: Uint8Array | null
) {
const { dcodeIO, textsecure } = window;
const { dcodeIO } = window;
// Retain old values unless changed:
const newProfile = conversation.get('profile') || {};
@ -79,10 +80,7 @@ async function createOrUpdateProfile(
profileKey,
encoding
).toArrayBuffer();
const decryptedData = await textsecure.crypto.decryptProfile(
downloaded.data,
profileKeyArrayBuffer
);
const decryptedData = await decryptProfile(downloaded.data, profileKeyArrayBuffer);
const scaledData = await autoScaleForIncomingAvatar(decryptedData);
const upgraded = await processNewAttachment({

7
ts/session/utils/Attachments.ts
View file

@ -11,6 +11,7 @@ import {
import { FSv2 } from '../apis/file_server_api';
import { addAttachmentPadding } from '../crypto/BufferPadding';
import _ from 'lodash';
import { encryptAttachment } from '../../util/crypto/attachmentsEncrypter';
interface UploadParams {
attachment: Attachment;
@ -70,11 +71,7 @@ export class AttachmentFsV2Utils {
const iv = new Uint8Array(crypto.randomBytes(16));
const dataToEncrypt = !shouldPad ? attachment.data : addAttachmentPadding(attachment.data);
const data = await window.textsecure.crypto.encryptAttachment(
dataToEncrypt,
pointer.key.buffer,
iv.buffer
);
const data = await encryptAttachment(dataToEncrypt, pointer.key.buffer, iv.buffer);
pointer.digest = new Uint8Array(data.digest);
attachmentData = data.ciphertext;
}

88
ts/util/crypto/attachmentsEncrypter.ts Normal file
View file

@ -0,0 +1,88 @@
const { encrypt, decrypt, calculateMAC, verifyMAC } = window.libsignal.crypto;
// tslint:disable: binary-expression-operand-order
// tslint:disable: restrict-plus-operands
async function verifyDigest(data: ArrayBuffer, theirDigest: ArrayBuffer) {
return crypto.subtle.digest({ name: 'SHA-256' }, data).then(ourDigest => {
const a = new Uint8Array(ourDigest);
const b = new Uint8Array(theirDigest);
let result = 0;
for (let i = 0; i < theirDigest.byteLength; i += 1) {
// tslint:disable-next-line: no-bitwise
result |= a[i] ^ b[i];
}
if (result !== 0) {
throw new Error('Bad digest');
}
});
}
async function calculateDigest(data: ArrayBuffer) {
return crypto.subtle.digest({ name: 'SHA-256' }, data);
}
export async function decryptAttachment(
encryptedBin: ArrayBuffer,
keys: ArrayBuffer,
theirDigest: ArrayBuffer
) {
if (keys.byteLength !== 64) {
throw new Error('Got invalid length attachment keys');
}
if (encryptedBin.byteLength < 16 + 32) {
throw new Error('Got invalid length attachment');
}
const aesKey = keys.slice(0, 32);
const macKey = keys.slice(32, 64);
const iv = encryptedBin.slice(0, 16);
const ciphertext = encryptedBin.slice(16, encryptedBin.byteLength - 32);
const ivAndCiphertext = encryptedBin.slice(0, encryptedBin.byteLength - 32);
const mac = encryptedBin.slice(encryptedBin.byteLength - 32, encryptedBin.byteLength);
return verifyMAC(ivAndCiphertext, macKey, mac, 32)
.then(async () => {
if (!theirDigest) {
throw new Error('Failure: Ask sender to update Signal and resend.');
}
return verifyDigest(encryptedBin, theirDigest);
})
.then(() => decrypt(aesKey, ciphertext, iv));
}
export async function encryptAttachment(
plaintext: ArrayBuffer,
keys: ArrayBuffer,
iv: ArrayBuffer
) {
if (!(plaintext instanceof ArrayBuffer) && !ArrayBuffer.isView(plaintext)) {
throw new TypeError(
`\`plaintext\` must be an \`ArrayBuffer\` or \`ArrayBufferView\`; got: ${typeof plaintext}`
);
}
if (keys.byteLength !== 64) {
throw new Error('Got invalid length attachment keys');
}
if (iv.byteLength !== 16) {
throw new Error('Got invalid length attachment iv');
}
const aesKey = keys.slice(0, 32);
const macKey = keys.slice(32, 64);
return encrypt(aesKey, plaintext, iv).then((ciphertext: any) => {
const ivAndCiphertext = new Uint8Array(16 + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), 16);
return calculateMAC(macKey, ivAndCiphertext.buffer).then(async (mac: any) => {
const encryptedBin = new Uint8Array(16 + ciphertext.byteLength + 32);
encryptedBin.set(ivAndCiphertext);
encryptedBin.set(new Uint8Array(mac), 16 + ciphertext.byteLength);
return calculateDigest(encryptedBin.buffer).then(digest => ({
ciphertext: encryptedBin.buffer,
digest,
}));
});
});
}

66
ts/util/crypto/profileEncrypter.ts Normal file
View file

@ -0,0 +1,66 @@
import { getSodium } from '../../session/crypto';
const PROFILE_IV_LENGTH = 12; // bytes
const PROFILE_KEY_LENGTH = 32; // bytes
const PROFILE_TAG_LENGTH = 128; // bits
export async function decryptProfile(data: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
if (data.byteLength < 12 + 16 + 1) {
throw new Error(`Got too short input: ${data.byteLength}`);
}
const iv = data.slice(0, PROFILE_IV_LENGTH);
const ciphertext = data.slice(PROFILE_IV_LENGTH, data.byteLength);
if (key.byteLength !== PROFILE_KEY_LENGTH) {
throw new Error('Got invalid length profile key');
}
if (iv.byteLength !== PROFILE_IV_LENGTH) {
throw new Error('Got invalid length profile iv');
}
const error = new Error(); // save stack
return crypto.subtle
.importKey('raw', key, { name: 'AES-GCM' }, false, ['decrypt'])
.then(keyForEncryption =>
crypto.subtle
.decrypt(
{ name: 'AES-GCM', iv, tagLength: PROFILE_TAG_LENGTH },
keyForEncryption,
ciphertext
)
.catch(e => {
if (e.name === 'OperationError') {
// bad mac, basically.
error.message =
'Failed to decrypt profile data. Most likely the profile key has changed.';
error.name = 'ProfileDecryptError';
throw error;
}
})
);
}
async function getRandomBytesFromLength(n: number) {
return (await getSodium()).randombytes_buf(n);
}
export async function encryptProfile(data: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
const iv = await getRandomBytesFromLength(PROFILE_IV_LENGTH);
if (key.byteLength !== PROFILE_KEY_LENGTH) {
throw new Error('Got invalid length profile key');
}
if (iv.byteLength !== PROFILE_IV_LENGTH) {
throw new Error('Got invalid length profile iv');
}
return crypto.subtle
.importKey('raw', key, { name: 'AES-GCM' }, false, ['encrypt'])
.then(keyForEncryption =>
crypto.subtle
.encrypt({ name: 'AES-GCM', iv, tagLength: PROFILE_TAG_LENGTH }, keyForEncryption, data)
.then(ciphertext => {
// tslint:disable-next-line: restrict-plus-operands
const ivAndCiphertext = new Uint8Array(PROFILE_IV_LENGTH + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), PROFILE_IV_LENGTH);
return ivAndCiphertext.buffer;
})
);
}