mirrors/element-web
1
0
Fork 0
mirror of https://github.com/element-hq/element-web synced 2024-11-22 09:15:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

Use new AES functions (#97)

Browse source
This commit is contained in:
Florian Duros 2024-10-01 16:12:46 +02:00 committed by GitHub
parent f33e802627
commit 33198cca35
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 15 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.eslintrc.js
View file

@ -92,6 +92,8 @@ module.exports = {
"!matrix-js-sdk/src/crypto-api", "!matrix-js-sdk/src/crypto-api",
"!matrix-js-sdk/src/types", "!matrix-js-sdk/src/types",
"!matrix-js-sdk/src/testing", "!matrix-js-sdk/src/testing",
"!matrix-js-sdk/src/utils/**",
"matrix-js-sdk/src/utils/internal/**",
"matrix-js-sdk/lib", "matrix-js-sdk/lib",
"matrix-js-sdk/lib/", "matrix-js-sdk/lib/",
"matrix-js-sdk/lib/**", "matrix-js-sdk/lib/**",
@ -119,7 +121,6 @@ module.exports = {
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent", "!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError", "!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
"!matrix-js-sdk/src/crypto", "!matrix-js-sdk/src/crypto",
"!matrix-js-sdk/src/crypto/aes",
"!matrix-js-sdk/src/crypto/keybackup", "!matrix-js-sdk/src/crypto/keybackup",
"!matrix-js-sdk/src/crypto/deviceinfo", "!matrix-js-sdk/src/crypto/deviceinfo",
"!matrix-js-sdk/src/crypto/dehydration", "!matrix-js-sdk/src/crypto/dehydration",

6
src/Lifecycle.ts
View file

@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.
import { ReactNode } from "react"; import { ReactNode } from "react";
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix"; import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes"; import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
import { QueryDict } from "matrix-js-sdk/src/utils"; import { QueryDict } from "matrix-js-sdk/src/utils";
import { logger } from "matrix-js-sdk/src/logger"; import { logger } from "matrix-js-sdk/src/logger";
@ -472,9 +472,9 @@ export interface IStoredSession {
hsUrl: string; hsUrl: string;
isUrl: string; isUrl: string;
hasAccessToken: boolean; hasAccessToken: boolean;
accessToken: string | IEncryptedPayload; accessToken: string | AESEncryptedSecretStoragePayload;
hasRefreshToken: boolean; hasRefreshToken: boolean;
refreshToken?: string | IEncryptedPayload; refreshToken?: string | AESEncryptedSecretStoragePayload;
userId: string; userId: string;
deviceId: string; deviceId: string;
isGuest: boolean; isGuest: boolean;

12
src/utils/tokens/tokens.ts
View file

@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details. Please see LICENSE files in the repository root for full details.
*/ */
import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { logger } from "matrix-js-sdk/src/logger"; import { logger } from "matrix-js-sdk/src/logger";
import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
import * as StorageAccess from "../StorageAccess"; import * as StorageAccess from "../StorageAccess";
@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
*/ */
export async function tryDecryptToken( export async function tryDecryptToken(
pickleKey: string | undefined, pickleKey: string | undefined,
token: IEncryptedPayload | string, token: AESEncryptedSecretStoragePayload | string,
tokenName: string, tokenName: string,
): Promise<string> { ): Promise<string> {
if (typeof token === "string") { if (typeof token === "string") {
@ -92,7 +94,7 @@ export async function tryDecryptToken(
} }
const encrKey = await pickleKeyToAesKey(pickleKey); const encrKey = await pickleKeyToAesKey(pickleKey);
const decryptedToken = await decryptAES(token, encrKey, tokenName); const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0); encrKey.fill(0);
return decryptedToken; return decryptedToken;
} }
@ -130,12 +132,12 @@ export async function persistTokenInStorage(
} }
if (pickleKey) { if (pickleKey) {
let encryptedToken: IEncryptedPayload | undefined; let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
if (token) { if (token) {
try { try {
// try to encrypt the access token using the pickle key // try to encrypt the access token using the pickle key
const encrKey = await pickleKeyToAesKey(pickleKey); const encrKey = await pickleKeyToAesKey(pickleKey);
encryptedToken = await encryptAES(token, encrKey, tokenName); encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0); encrKey.fill(0);
} catch (e) { } catch (e) {
// This is likely due to the browser not having WebCrypto or somesuch. // This is likely due to the browser not having WebCrypto or somesuch.

6
test/Lifecycle-test.ts
View file

@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
import { logger } from "matrix-js-sdk/src/logger"; import { logger } from "matrix-js-sdk/src/logger";
import * as MatrixJs from "matrix-js-sdk/src/matrix"; import * as MatrixJs from "matrix-js-sdk/src/matrix";
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix"; import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes"; import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { mocked, MockedObject } from "jest-mock"; import { mocked, MockedObject } from "jest-mock";
import fetchMock from "fetch-mock-jest"; import fetchMock from "fetch-mock-jest";
@ -74,7 +74,7 @@ describe("Lifecycle", () => {
delete window.crypto; delete window.crypto;
window.crypto = webCrypto; window.crypto = webCrypto;
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore(); jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
}); });
afterAll(() => { afterAll(() => {
@ -675,7 +675,7 @@ describe("Lifecycle", () => {
}); });
it("should persist token when encrypting the token fails", async () => { it("should persist token when encrypting the token fails", async () => {
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES"); jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
await setLoggedIn(credentials); await setLoggedIn(credentials);
// persist the unencrypted token // persist the unencrypted token