From 33198cca35a2e03746a975fac2379d973a6db3f9 Mon Sep 17 00:00:00 2001 From: Florian Duros Date: Tue, 1 Oct 2024 16:12:46 +0200 Subject: [PATCH] Use new AES functions (#97) --- .eslintrc.js | 3 ++- src/Lifecycle.ts | 6 +++--- src/utils/tokens/tokens.ts | 12 +++++++----- test/Lifecycle-test.ts | 6 +++--- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/.eslintrc.js b/.eslintrc.js index a3c7eb4f8d..a1fe472db2 100644 --- a/.eslintrc.js +++ b/.eslintrc.js @@ -92,6 +92,8 @@ module.exports = { "!matrix-js-sdk/src/crypto-api", "!matrix-js-sdk/src/types", "!matrix-js-sdk/src/testing", + "!matrix-js-sdk/src/utils/**", + "matrix-js-sdk/src/utils/internal/**", "matrix-js-sdk/lib", "matrix-js-sdk/lib/", "matrix-js-sdk/lib/**", @@ -119,7 +121,6 @@ module.exports = { "!matrix-js-sdk/src/extensible_events_v1/PollEndEvent", "!matrix-js-sdk/src/extensible_events_v1/InvalidEventError", "!matrix-js-sdk/src/crypto", - "!matrix-js-sdk/src/crypto/aes", "!matrix-js-sdk/src/crypto/keybackup", "!matrix-js-sdk/src/crypto/deviceinfo", "!matrix-js-sdk/src/crypto/dehydration", diff --git a/src/Lifecycle.ts b/src/Lifecycle.ts index e83b8df20d..a8ddaf0a1d 100644 --- a/src/Lifecycle.ts +++ b/src/Lifecycle.ts @@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details. import { ReactNode } from "react"; import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix"; -import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes"; +import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types"; import { QueryDict } from "matrix-js-sdk/src/utils"; import { logger } from "matrix-js-sdk/src/logger"; @@ -472,9 +472,9 @@ export interface IStoredSession { hsUrl: string; isUrl: string; hasAccessToken: boolean; - accessToken: string | IEncryptedPayload; + accessToken: string | AESEncryptedSecretStoragePayload; hasRefreshToken: boolean; - refreshToken?: string | IEncryptedPayload; + refreshToken?: string | AESEncryptedSecretStoragePayload; userId: string; deviceId: string; isGuest: boolean; diff --git a/src/utils/tokens/tokens.ts b/src/utils/tokens/tokens.ts index febd7f23ff..2bf67924f9 100644 --- a/src/utils/tokens/tokens.ts +++ b/src/utils/tokens/tokens.ts @@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only Please see LICENSE files in the repository root for full details. */ -import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes"; import { logger } from "matrix-js-sdk/src/logger"; +import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem"; +import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem"; +import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types"; import * as StorageAccess from "../StorageAccess"; @@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise { */ export async function tryDecryptToken( pickleKey: string | undefined, - token: IEncryptedPayload | string, + token: AESEncryptedSecretStoragePayload | string, tokenName: string, ): Promise { if (typeof token === "string") { @@ -92,7 +94,7 @@ export async function tryDecryptToken( } const encrKey = await pickleKeyToAesKey(pickleKey); - const decryptedToken = await decryptAES(token, encrKey, tokenName); + const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName); encrKey.fill(0); return decryptedToken; } @@ -130,12 +132,12 @@ export async function persistTokenInStorage( } if (pickleKey) { - let encryptedToken: IEncryptedPayload | undefined; + let encryptedToken: AESEncryptedSecretStoragePayload | undefined; if (token) { try { // try to encrypt the access token using the pickle key const encrKey = await pickleKeyToAesKey(pickleKey); - encryptedToken = await encryptAES(token, encrKey, tokenName); + encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName); encrKey.fill(0); } catch (e) { // This is likely due to the browser not having WebCrypto or somesuch. diff --git a/test/Lifecycle-test.ts b/test/Lifecycle-test.ts index 04c7408b68..890c6bf1ac 100644 --- a/test/Lifecycle-test.ts +++ b/test/Lifecycle-test.ts @@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto"; import { logger } from "matrix-js-sdk/src/logger"; import * as MatrixJs from "matrix-js-sdk/src/matrix"; import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix"; -import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes"; +import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem"; import { mocked, MockedObject } from "jest-mock"; import fetchMock from "fetch-mock-jest"; @@ -74,7 +74,7 @@ describe("Lifecycle", () => { delete window.crypto; window.crypto = webCrypto; - jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore(); + jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore(); }); afterAll(() => { @@ -675,7 +675,7 @@ describe("Lifecycle", () => { }); it("should persist token when encrypting the token fails", async () => { - jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES"); + jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES"); await setLoggedIn(credentials); // persist the unencrypted token