mirror of
https://github.com/oxen-io/session-desktop.git
synced 2023-12-14 02:12:57 +01:00
242d51ca8d
* Added Onionv4 support to file server, sogs and pn server * Added blinded message support * Updated endpoints for sogs and file server to remove legacy ones
63 lines
2.1 KiB
TypeScript
63 lines
2.1 KiB
TypeScript
import { from_hex } from 'libsodium-wrappers-sumo';
|
|
import { concatUInt8Array, LibSodiumWrappers } from '../crypto';
|
|
|
|
export function generateBlindingFactor(serverPk: string, sodium: LibSodiumWrappers) {
|
|
const hexServerPk = from_hex(serverPk);
|
|
const serverPkHash = sodium.crypto_generichash(64, hexServerPk);
|
|
if (!serverPkHash.length) {
|
|
throw new Error('generateBlindingFactor: crypto_generichash failed');
|
|
}
|
|
|
|
// Reduce the server public key into an ed25519 scalar (`k`)
|
|
const k = sodium.crypto_core_ed25519_scalar_reduce(serverPkHash);
|
|
|
|
return k;
|
|
}
|
|
|
|
export function combineKeys(
|
|
lhsKeyBytes: Uint8Array,
|
|
rhsKeyBytes: Uint8Array,
|
|
sodium: LibSodiumWrappers
|
|
) {
|
|
return sodium.crypto_scalarmult_ed25519_noclamp(lhsKeyBytes, rhsKeyBytes);
|
|
}
|
|
|
|
// Calculate a shared secret for a message from A to B:
|
|
//
|
|
// BLAKE2b(a kB || kA || kB)
|
|
//
|
|
// The receiver can calulate the same value via:
|
|
//
|
|
// BLAKE2b(b kA || kA || kB)
|
|
export function sharedBlindedEncryptionKey({
|
|
fromBlindedPublicKey,
|
|
otherBlindedPublicKey,
|
|
secretKey,
|
|
sodium,
|
|
toBlindedPublicKey,
|
|
}: {
|
|
secretKey: Uint8Array;
|
|
otherBlindedPublicKey: Uint8Array;
|
|
fromBlindedPublicKey: Uint8Array;
|
|
toBlindedPublicKey: Uint8Array;
|
|
sodium: LibSodiumWrappers;
|
|
}) {
|
|
const aBytes = generatePrivateKeyScalar(secretKey, sodium);
|
|
const combinedKeyBytes = combineKeys(aBytes, otherBlindedPublicKey, sodium);
|
|
return sodium.crypto_generichash(
|
|
32,
|
|
concatUInt8Array(combinedKeyBytes, fromBlindedPublicKey, toBlindedPublicKey)
|
|
);
|
|
}
|
|
|
|
// Calculate k*a. To get 'a' (the Ed25519 private key scalar) we call the sodium function to
|
|
// convert to an *x* secret key, which seems wrong--but isn't because converted keys use the
|
|
// same secret scalar secret (and so this is just the most convenient way to get 'a' out of
|
|
// a sodium Ed25519 secret key)
|
|
export function generatePrivateKeyScalar(secretKey: Uint8Array, sodium: LibSodiumWrappers) {
|
|
return sodium.crypto_sign_ed25519_sk_to_curve25519(secretKey);
|
|
}
|
|
|
|
export function toX25519(ed25519PublicKey: Uint8Array, sodium: LibSodiumWrappers) {
|
|
return sodium.crypto_sign_ed25519_pk_to_curve25519(ed25519PublicKey);
|
|
}
|