Use new AES functions (#97)
This commit is contained in:
parent
f33e802627
commit
33198cca35
4 changed files with 15 additions and 12 deletions
|
@ -92,6 +92,8 @@ module.exports = {
|
||||||
"!matrix-js-sdk/src/crypto-api",
|
"!matrix-js-sdk/src/crypto-api",
|
||||||
"!matrix-js-sdk/src/types",
|
"!matrix-js-sdk/src/types",
|
||||||
"!matrix-js-sdk/src/testing",
|
"!matrix-js-sdk/src/testing",
|
||||||
|
"!matrix-js-sdk/src/utils/**",
|
||||||
|
"matrix-js-sdk/src/utils/internal/**",
|
||||||
"matrix-js-sdk/lib",
|
"matrix-js-sdk/lib",
|
||||||
"matrix-js-sdk/lib/",
|
"matrix-js-sdk/lib/",
|
||||||
"matrix-js-sdk/lib/**",
|
"matrix-js-sdk/lib/**",
|
||||||
|
@ -119,7 +121,6 @@ module.exports = {
|
||||||
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
|
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
|
||||||
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
|
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
|
||||||
"!matrix-js-sdk/src/crypto",
|
"!matrix-js-sdk/src/crypto",
|
||||||
"!matrix-js-sdk/src/crypto/aes",
|
|
||||||
"!matrix-js-sdk/src/crypto/keybackup",
|
"!matrix-js-sdk/src/crypto/keybackup",
|
||||||
"!matrix-js-sdk/src/crypto/deviceinfo",
|
"!matrix-js-sdk/src/crypto/deviceinfo",
|
||||||
"!matrix-js-sdk/src/crypto/dehydration",
|
"!matrix-js-sdk/src/crypto/dehydration",
|
||||||
|
|
|
@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.
|
||||||
|
|
||||||
import { ReactNode } from "react";
|
import { ReactNode } from "react";
|
||||||
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
|
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
|
||||||
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
|
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
|
||||||
import { QueryDict } from "matrix-js-sdk/src/utils";
|
import { QueryDict } from "matrix-js-sdk/src/utils";
|
||||||
import { logger } from "matrix-js-sdk/src/logger";
|
import { logger } from "matrix-js-sdk/src/logger";
|
||||||
|
|
||||||
|
@ -472,9 +472,9 @@ export interface IStoredSession {
|
||||||
hsUrl: string;
|
hsUrl: string;
|
||||||
isUrl: string;
|
isUrl: string;
|
||||||
hasAccessToken: boolean;
|
hasAccessToken: boolean;
|
||||||
accessToken: string | IEncryptedPayload;
|
accessToken: string | AESEncryptedSecretStoragePayload;
|
||||||
hasRefreshToken: boolean;
|
hasRefreshToken: boolean;
|
||||||
refreshToken?: string | IEncryptedPayload;
|
refreshToken?: string | AESEncryptedSecretStoragePayload;
|
||||||
userId: string;
|
userId: string;
|
||||||
deviceId: string;
|
deviceId: string;
|
||||||
isGuest: boolean;
|
isGuest: boolean;
|
||||||
|
|
|
@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
|
||||||
Please see LICENSE files in the repository root for full details.
|
Please see LICENSE files in the repository root for full details.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
|
|
||||||
import { logger } from "matrix-js-sdk/src/logger";
|
import { logger } from "matrix-js-sdk/src/logger";
|
||||||
|
import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
|
||||||
|
import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
|
||||||
|
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
|
||||||
|
|
||||||
import * as StorageAccess from "../StorageAccess";
|
import * as StorageAccess from "../StorageAccess";
|
||||||
|
|
||||||
|
@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
|
||||||
*/
|
*/
|
||||||
export async function tryDecryptToken(
|
export async function tryDecryptToken(
|
||||||
pickleKey: string | undefined,
|
pickleKey: string | undefined,
|
||||||
token: IEncryptedPayload | string,
|
token: AESEncryptedSecretStoragePayload | string,
|
||||||
tokenName: string,
|
tokenName: string,
|
||||||
): Promise<string> {
|
): Promise<string> {
|
||||||
if (typeof token === "string") {
|
if (typeof token === "string") {
|
||||||
|
@ -92,7 +94,7 @@ export async function tryDecryptToken(
|
||||||
}
|
}
|
||||||
|
|
||||||
const encrKey = await pickleKeyToAesKey(pickleKey);
|
const encrKey = await pickleKeyToAesKey(pickleKey);
|
||||||
const decryptedToken = await decryptAES(token, encrKey, tokenName);
|
const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
|
||||||
encrKey.fill(0);
|
encrKey.fill(0);
|
||||||
return decryptedToken;
|
return decryptedToken;
|
||||||
}
|
}
|
||||||
|
@ -130,12 +132,12 @@ export async function persistTokenInStorage(
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pickleKey) {
|
if (pickleKey) {
|
||||||
let encryptedToken: IEncryptedPayload | undefined;
|
let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
|
||||||
if (token) {
|
if (token) {
|
||||||
try {
|
try {
|
||||||
// try to encrypt the access token using the pickle key
|
// try to encrypt the access token using the pickle key
|
||||||
const encrKey = await pickleKeyToAesKey(pickleKey);
|
const encrKey = await pickleKeyToAesKey(pickleKey);
|
||||||
encryptedToken = await encryptAES(token, encrKey, tokenName);
|
encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
|
||||||
encrKey.fill(0);
|
encrKey.fill(0);
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
// This is likely due to the browser not having WebCrypto or somesuch.
|
// This is likely due to the browser not having WebCrypto or somesuch.
|
||||||
|
|
|
@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
|
||||||
import { logger } from "matrix-js-sdk/src/logger";
|
import { logger } from "matrix-js-sdk/src/logger";
|
||||||
import * as MatrixJs from "matrix-js-sdk/src/matrix";
|
import * as MatrixJs from "matrix-js-sdk/src/matrix";
|
||||||
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
|
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
|
||||||
import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes";
|
import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
|
||||||
import { mocked, MockedObject } from "jest-mock";
|
import { mocked, MockedObject } from "jest-mock";
|
||||||
import fetchMock from "fetch-mock-jest";
|
import fetchMock from "fetch-mock-jest";
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ describe("Lifecycle", () => {
|
||||||
delete window.crypto;
|
delete window.crypto;
|
||||||
window.crypto = webCrypto;
|
window.crypto = webCrypto;
|
||||||
|
|
||||||
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore();
|
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
|
||||||
});
|
});
|
||||||
|
|
||||||
afterAll(() => {
|
afterAll(() => {
|
||||||
|
@ -675,7 +675,7 @@ describe("Lifecycle", () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should persist token when encrypting the token fails", async () => {
|
it("should persist token when encrypting the token fails", async () => {
|
||||||
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES");
|
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
|
||||||
await setLoggedIn(credentials);
|
await setLoggedIn(credentials);
|
||||||
|
|
||||||
// persist the unencrypted token
|
// persist the unencrypted token
|
||||||
|
|
Loading…
Reference in a new issue