Skip to content
This repository has been archived by the owner on Oct 22, 2024. It is now read-only.

Commit

Permalink
Use new AES functions (#97)
Browse files Browse the repository at this point in the history
  • Loading branch information
florianduros authored Oct 1, 2024
1 parent f33e802 commit 33198cc
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 12 deletions.
3 changes: 2 additions & 1 deletion .eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,8 @@ module.exports = {
"!matrix-js-sdk/src/crypto-api",
"!matrix-js-sdk/src/types",
"!matrix-js-sdk/src/testing",
"!matrix-js-sdk/src/utils/**",
"matrix-js-sdk/src/utils/internal/**",
"matrix-js-sdk/lib",
"matrix-js-sdk/lib/",
"matrix-js-sdk/lib/**",
Expand Down Expand Up @@ -119,7 +121,6 @@ module.exports = {
"!matrix-js-sdk/src/extensible_events_v1/PollEndEvent",
"!matrix-js-sdk/src/extensible_events_v1/InvalidEventError",
"!matrix-js-sdk/src/crypto",
"!matrix-js-sdk/src/crypto/aes",
"!matrix-js-sdk/src/crypto/keybackup",
"!matrix-js-sdk/src/crypto/deviceinfo",
"!matrix-js-sdk/src/crypto/dehydration",
Expand Down
6 changes: 3 additions & 3 deletions src/Lifecycle.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ Please see LICENSE files in the repository root for full details.

import { ReactNode } from "react";
import { createClient, MatrixClient, SSOAction, OidcTokenRefresher, decodeBase64 } from "matrix-js-sdk/src/matrix";
import { IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";
import { QueryDict } from "matrix-js-sdk/src/utils";
import { logger } from "matrix-js-sdk/src/logger";

Expand Down Expand Up @@ -472,9 +472,9 @@ export interface IStoredSession {
hsUrl: string;
isUrl: string;
hasAccessToken: boolean;
accessToken: string | IEncryptedPayload;
accessToken: string | AESEncryptedSecretStoragePayload;
hasRefreshToken: boolean;
refreshToken?: string | IEncryptedPayload;
refreshToken?: string | AESEncryptedSecretStoragePayload;
userId: string;
deviceId: string;
isGuest: boolean;
Expand Down
12 changes: 7 additions & 5 deletions src/utils/tokens/tokens.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,10 @@ SPDX-License-Identifier: AGPL-3.0-only OR GPL-3.0-only
Please see LICENSE files in the repository root for full details.
*/

import { decryptAES, encryptAES, IEncryptedPayload } from "matrix-js-sdk/src/crypto/aes";
import { logger } from "matrix-js-sdk/src/logger";
import decryptAESSecretStorageItem from "matrix-js-sdk/src/utils/decryptAESSecretStorageItem";
import encryptAESSecretStorageItem from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { AESEncryptedSecretStoragePayload } from "matrix-js-sdk/src/types";

import * as StorageAccess from "../StorageAccess";

Expand Down Expand Up @@ -78,7 +80,7 @@ async function pickleKeyToAesKey(pickleKey: string): Promise<Uint8Array> {
*/
export async function tryDecryptToken(
pickleKey: string | undefined,
token: IEncryptedPayload | string,
token: AESEncryptedSecretStoragePayload | string,
tokenName: string,
): Promise<string> {
if (typeof token === "string") {
Expand All @@ -92,7 +94,7 @@ export async function tryDecryptToken(
}

const encrKey = await pickleKeyToAesKey(pickleKey);
const decryptedToken = await decryptAES(token, encrKey, tokenName);
const decryptedToken = await decryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0);
return decryptedToken;
}
Expand Down Expand Up @@ -130,12 +132,12 @@ export async function persistTokenInStorage(
}

if (pickleKey) {
let encryptedToken: IEncryptedPayload | undefined;
let encryptedToken: AESEncryptedSecretStoragePayload | undefined;
if (token) {
try {
// try to encrypt the access token using the pickle key
const encrKey = await pickleKeyToAesKey(pickleKey);
encryptedToken = await encryptAES(token, encrKey, tokenName);
encryptedToken = await encryptAESSecretStorageItem(token, encrKey, tokenName);
encrKey.fill(0);
} catch (e) {
// This is likely due to the browser not having WebCrypto or somesuch.
Expand Down
6 changes: 3 additions & 3 deletions test/Lifecycle-test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import { Crypto } from "@peculiar/webcrypto";
import { logger } from "matrix-js-sdk/src/logger";
import * as MatrixJs from "matrix-js-sdk/src/matrix";
import { decodeBase64, encodeUnpaddedBase64 } from "matrix-js-sdk/src/matrix";
import * as MatrixCryptoAes from "matrix-js-sdk/src/crypto/aes";
import * as encryptAESSecretStorageItemModule from "matrix-js-sdk/src/utils/encryptAESSecretStorageItem";
import { mocked, MockedObject } from "jest-mock";
import fetchMock from "fetch-mock-jest";

Expand Down Expand Up @@ -74,7 +74,7 @@ describe("Lifecycle", () => {
delete window.crypto;
window.crypto = webCrypto;

jest.spyOn(MatrixCryptoAes, "encryptAES").mockRestore();
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRestore();
});

afterAll(() => {
Expand Down Expand Up @@ -675,7 +675,7 @@ describe("Lifecycle", () => {
});

it("should persist token when encrypting the token fails", async () => {
jest.spyOn(MatrixCryptoAes, "encryptAES").mockRejectedValue("MOCK REJECT ENCRYPTAES");
jest.spyOn(encryptAESSecretStorageItemModule, "default").mockRejectedValue("MOCK REJECT ENCRYPTAES");
await setLoggedIn(credentials);

// persist the unencrypted token
Expand Down

0 comments on commit 33198cc

Please sign in to comment.