From da044820d7d3255e41e403bfbd035bf7b90ddd6a Mon Sep 17 00:00:00 2001 From: Florian Duros Date: Thu, 3 Oct 2024 15:20:56 +0200 Subject: [PATCH] Clean AES export and move back `calculateKeyCheck` to `secret-storage.ts` (#4440) --- spec/unit/secret-storage.spec.ts | 2 +- src/calculateKeyCheck.ts | 34 -------------------------------- src/crypto/aes.ts | 9 +++------ src/crypto/backup.ts | 2 +- src/crypto/index.ts | 2 +- src/secret-storage.ts | 17 +++++++++++++++- 6 files changed, 22 insertions(+), 44 deletions(-) delete mode 100644 src/calculateKeyCheck.ts diff --git a/spec/unit/secret-storage.spec.ts b/spec/unit/secret-storage.spec.ts index b71da45e2f8..b2346d88e6c 100644 --- a/spec/unit/secret-storage.spec.ts +++ b/spec/unit/secret-storage.spec.ts @@ -18,6 +18,7 @@ import { Mocked } from "jest-mock"; import { AccountDataClient, + calculateKeyCheck, PassphraseInfo, SecretStorageCallbacks, SecretStorageKeyDescriptionAesV1, @@ -26,7 +27,6 @@ import { trimTrailingEquals, } from "../../src/secret-storage"; import { randomString } from "../../src/randomstring"; -import { calculateKeyCheck } from "../../src/calculateKeyCheck.ts"; describe("ServerSideSecretStorageImpl", function () { describe(".addKey", function () { diff --git a/src/calculateKeyCheck.ts b/src/calculateKeyCheck.ts deleted file mode 100644 index 7e979a71263..00000000000 --- a/src/calculateKeyCheck.ts +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2024 The Matrix.org Foundation C.I.C. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -// string of zeroes, for calculating the key check -import encryptAESSecretStorageItem from "./utils/encryptAESSecretStorageItem.ts"; -import { AESEncryptedSecretStoragePayload } from "./@types/AESEncryptedSecretStoragePayload.ts"; - -const ZERO_STR = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; - -/** - * Calculate the MAC for checking the key. - * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2, steps 3 and 4. - * - * @param key - the key to use - * @param iv - The initialization vector as a base64-encoded string. - * If omitted, a random initialization vector will be created. - * @returns An object that contains, `mac` and `iv` properties. - */ -export function calculateKeyCheck(key: Uint8Array, iv?: string): Promise { - return encryptAESSecretStorageItem(ZERO_STR, key, "", iv); -} diff --git a/src/crypto/aes.ts b/src/crypto/aes.ts index f435d8c15e5..450e1756a14 100644 --- a/src/crypto/aes.ts +++ b/src/crypto/aes.ts @@ -16,11 +16,8 @@ limitations under the License. import encryptAESSecretStorageItem from "../utils/encryptAESSecretStorageItem.ts"; import decryptAESSecretStorageItem from "../utils/decryptAESSecretStorageItem.ts"; -import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts"; // Export for backwards compatibility -export type { AESEncryptedSecretStoragePayload as IEncryptedPayload }; -// Export with new names instead of using `as` to not break react-sdk tests -export const encryptAES = encryptAESSecretStorageItem; -export const decryptAES = decryptAESSecretStorageItem; -export { calculateKeyCheck } from "../calculateKeyCheck.ts"; +export type { AESEncryptedSecretStoragePayload as IEncryptedPayload } from "../@types/AESEncryptedSecretStoragePayload.ts"; +export { encryptAESSecretStorageItem as encryptAES, decryptAESSecretStorageItem as decryptAES }; +export { calculateKeyCheck } from "../secret-storage.ts"; diff --git a/src/crypto/backup.ts b/src/crypto/backup.ts index 7caf069ab4a..39bcaae6126 100644 --- a/src/crypto/backup.ts +++ b/src/crypto/backup.ts @@ -43,7 +43,7 @@ import { encodeRecoveryKey } from "../crypto-api/index.ts"; import decryptAESSecretStorageItem from "../utils/decryptAESSecretStorageItem.ts"; import encryptAESSecretStorageItem from "../utils/encryptAESSecretStorageItem.ts"; import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts"; -import { calculateKeyCheck } from "../calculateKeyCheck.ts"; +import { calculateKeyCheck } from "../secret-storage.ts"; const KEY_BACKUP_KEYS_PER_REQUEST = 200; const KEY_BACKUP_CHECK_RATE_LIMIT = 5000; // ms diff --git a/src/crypto/index.ts b/src/crypto/index.ts index 932ce3adf48..9f4b3978187 100644 --- a/src/crypto/index.ts +++ b/src/crypto/index.ts @@ -75,6 +75,7 @@ import { MapWithDefault, recursiveMapToObject } from "../utils.ts"; import { AccountDataClient, AddSecretStorageKeyOpts, + calculateKeyCheck, SECRET_STORAGE_ALGORITHM_V1_AES, SecretStorageKeyDescription, SecretStorageKeyObject, @@ -109,7 +110,6 @@ import { KnownMembership } from "../@types/membership.ts"; import decryptAESSecretStorageItem from "../utils/decryptAESSecretStorageItem.ts"; import encryptAESSecretStorageItem from "../utils/encryptAESSecretStorageItem.ts"; import { AESEncryptedSecretStoragePayload } from "../@types/AESEncryptedSecretStoragePayload.ts"; -import { calculateKeyCheck } from "../calculateKeyCheck.ts"; /* re-exports for backwards compatibility */ export type { diff --git a/src/secret-storage.ts b/src/secret-storage.ts index f192ddfd7f5..13e8bdc625b 100644 --- a/src/secret-storage.ts +++ b/src/secret-storage.ts @@ -28,7 +28,6 @@ import { logger } from "./logger.ts"; import encryptAESSecretStorageItem from "./utils/encryptAESSecretStorageItem.ts"; import decryptAESSecretStorageItem from "./utils/decryptAESSecretStorageItem.ts"; import { AESEncryptedSecretStoragePayload } from "./@types/AESEncryptedSecretStoragePayload.ts"; -import { calculateKeyCheck } from "./crypto/aes.ts"; export const SECRET_STORAGE_ALGORITHM_V1_AES = "m.secret_storage.v1.aes-hmac-sha2"; @@ -676,3 +675,19 @@ export function trimTrailingEquals(input: string): string { return input; } } + +// string of zeroes, for calculating the key check +const ZERO_STR = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + +/** + * Calculate the MAC for checking the key. + * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2, steps 3 and 4. + * + * @param key - the key to use + * @param iv - The initialization vector as a base64-encoded string. + * If omitted, a random initialization vector will be created. + * @returns An object that contains, `mac` and `iv` properties. + */ +export function calculateKeyCheck(key: Uint8Array, iv?: string): Promise { + return encryptAESSecretStorageItem(ZERO_STR, key, "", iv); +}