Use new AES functions (#97)
This commit is contained in:
parent
f33e802627
commit
33198cca35
4 changed files with 15 additions and 12 deletions
|
@ -92,6 +92,8 @@ module.exports = {
|
|||
"!matrix-js-sdk/src/crypto-api",
|
||||
"!matrix-js-sdk/src/types",
|
||||
"!matrix-js-sdk/src/testing",
|
||||
"!matrix-js-sdk/src/utils/**",
|
||||
"matrix-js-sdk/src/utils/internal/**",
|
||||
"matrix-js-sdk/lib",
|
||||
"matrix-js-sdk/lib/",
|
||||
"matrix-js-sdk/lib/**",
|
||||
|
@ -119,7 +121,6 @@ module.exports = {
|
|||
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
|
||||
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
|
||||
"!matrix-js-sdk/src/crypto",
|
||||
"!matrix-js-sdk/src/crypto/aes",
|
||||
"!matrix-js-sdk/src/crypto/keybackup",
|
||||
"!matrix-js-sdk/src/crypto/deviceinfo",
|
||||
"!matrix-js-sdk/src/crypto/dehydration",
|
||||
|
|
|
@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.
|
|||
|
||||
import { ReactNode } from "react";
|
||||
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
|
||||
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
|
||||
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
|
||||
import { QueryDict } from "matrix-js-sdk/src/utils";
|
||||
import { logger } from "matrix-js-sdk/src/logger";
|
||||
|
||||
|
@ -472,9 +472,9 @@ export interface IStoredSession {
|
|||
hsUrl: string;
|
||||
isUrl: string;
|
||||
hasAccessToken: boolean;
|
||||
accessToken: string | IEncryptedPayload;
|
||||
accessToken: string | AESEncryptedSecretStoragePayload;
|
||||
hasRefreshToken: boolean;
|
||||
refreshToken?: string | IEncryptedPayload;
|
||||
refreshToken?: string | AESEncryptedSecretStoragePayload;
|
||||
userId: string;
|
||||
deviceId: string;
|
||||
isGuest: boolean;
|
||||
|
|
|
@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
|
|||
Please see LICENSE files in the repository root for full details.
|
||||
*/
|
||||
|
||||
import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
|
||||
import { logger } from "matrix-js-sdk/src/logger";
|
||||
import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
|
||||
import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
|
||||
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
|
||||
|
||||
import * as StorageAccess from "../StorageAccess";
|
||||
|
||||
|
@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
|
|||
*/
|
||||
export async function tryDecryptToken(
|
||||
pickleKey: string | undefined,
|
||||
token: IEncryptedPayload | string,
|
||||
token: AESEncryptedSecretStoragePayload | string,
|
||||
tokenName: string,
|
||||
): Promise<string> {
|
||||
if (typeof token === "string") {
|
||||
|
@ -92,7 +94,7 @@ export async function tryDecryptToken(
|
|||
}
|
||||
|
||||
const encrKey = await pickleKeyToAesKey(pickleKey);
|
||||
const decryptedToken = await decryptAES(token, encrKey, tokenName);
|
||||
const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
|
||||
encrKey.fill(0);
|
||||
return decryptedToken;
|
||||
}
|
||||
|
@ -130,12 +132,12 @@ export async function persistTokenInStorage(
|
|||
}
|
||||
|
||||
if (pickleKey) {
|
||||
let encryptedToken: IEncryptedPayload | undefined;
|
||||
let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
|
||||
if (token) {
|
||||
try {
|
||||
// try to encrypt the access token using the pickle key
|
||||
const encrKey = await pickleKeyToAesKey(pickleKey);
|
||||
encryptedToken = await encryptAES(token, encrKey, tokenName);
|
||||
encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
|
||||
encrKey.fill(0);
|
||||
} catch (e) {
|
||||
// This is likely due to the browser not having WebCrypto or somesuch.
|
||||
|
|
|
@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
|
|||
import { logger } from "matrix-js-sdk/src/logger";
|
||||
import * as MatrixJs from "matrix-js-sdk/src/matrix";
|
||||
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
|
||||
import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes";
|
||||
import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
|
||||
import { mocked, MockedObject } from "jest-mock";
|
||||
import fetchMock from "fetch-mock-jest";
|
||||
|
||||
|
@ -74,7 +74,7 @@ describe("Lifecycle", () => {
|
|||
delete window.crypto;
|
||||
window.crypto = webCrypto;
|
||||
|
||||
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore();
|
||||
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
|
||||
});
|
||||
|
||||
afterAll(() => {
|
||||
|
@ -675,7 +675,7 @@ describe("Lifecycle", () => {
|
|||
});
|
||||
|
||||
it("should persist token when encrypting the token fails", async () => {
|
||||
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES");
|
||||
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
|
||||
await setLoggedIn(credentials);
|
||||
|
||||
// persist the unencrypted token
|
||||
|
|
Loading…
Reference in a new issue