Use new AES functions (#97)

pull/28192/head
Florian Duros 2024-10-01 16:12:46 +02:00 committed by GitHub
parent f33e802627
commit 33198cca35
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 15 additions and 12 deletions

View File

@ -92,6 +92,8 @@ module.exports = {
"!matrix-js-sdk/src/crypto-api",
"!matrix-js-sdk/src/types",
"!matrix-js-sdk/src/testing",
"!matrix-js-sdk/src/utils/**",
"matrix-js-sdk/src/utils/internal/**",
"matrix-js-sdk/lib",
"matrix-js-sdk/lib/",
"matrix-js-sdk/lib/**",
@ -119,7 +121,6 @@ module.exports = {
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
"!matrix-js-sdk/src/crypto",
"!matrix-js-sdk/src/crypto/aes",
"!matrix-js-sdk/src/crypto/keybackup",
"!matrix-js-sdk/src/crypto/deviceinfo",
"!matrix-js-sdk/src/crypto/dehydration",

View File

@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.
import { ReactNode } from "react";
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
import { QueryDict } from "matrix-js-sdk/src/utils";
import { logger } from "matrix-js-sdk/src/logger";
@ -472,9 +472,9 @@ export interface IStoredSession {
hsUrl: string;
isUrl: string;
hasAccessToken: boolean;
accessToken: string | IEncryptedPayload;
accessToken: string | AESEncryptedSecretStoragePayload;
hasRefreshToken: boolean;
refreshToken?: string | IEncryptedPayload;
refreshToken?: string | AESEncryptedSecretStoragePayload;
userId: string;
deviceId: string;
isGuest: boolean;

View File

@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details.
*/
import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { logger } from "matrix-js-sdk/src/logger";
import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
import * as StorageAccess from "../StorageAccess";
@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
*/
export async function tryDecryptToken(
pickleKey: string | undefined,
token: IEncryptedPayload | string,
token: AESEncryptedSecretStoragePayload | string,
tokenName: string,
): Promise<string> {
if (typeof token === "string") {
@ -92,7 +94,7 @@ export async function tryDecryptToken(
}
const encrKey = await pickleKeyToAesKey(pickleKey);
const decryptedToken = await decryptAES(token, encrKey, tokenName);
const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0);
return decryptedToken;
}
@ -130,12 +132,12 @@ export async function persistTokenInStorage(
}
if (pickleKey) {
let encryptedToken: IEncryptedPayload | undefined;
let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
if (token) {
try {
// try to encrypt the access token using the pickle key
const encrKey = await pickleKeyToAesKey(pickleKey);
encryptedToken = await encryptAES(token, encrKey, tokenName);
encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0);
} catch (e) {
// This is likely due to the browser not having WebCrypto or somesuch.

View File

@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
import { logger } from "matrix-js-sdk/src/logger";
import * as MatrixJs from "matrix-js-sdk/src/matrix";
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes";
import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { mocked, MockedObject } from "jest-mock";
import fetchMock from "fetch-mock-jest";
@ -74,7 +74,7 @@ describe("Lifecycle", () => {
delete window.crypto;
window.crypto = webCrypto;
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore();
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
});
afterAll(() => {
@ -675,7 +675,7 @@ describe("Lifecycle", () => {
});
it("should persist token when encrypting the token fails", async () => {
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES");
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
await setLoggedIn(credentials);
// persist the unencrypted token