vector-im-hydrogen-web/src/matrix/e2ee/common.ts

/*
Copyright 2020 The Matrix.org Foundation C.I.C.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

import anotherjson from "another-json";

import type {UnsentStateEvent} from "../room/common";
import type {ILogItem} from "../../logging/types";
import type * as OlmNamespace from "@matrix-org/olm";
type Olm = typeof OlmNamespace;

export enum DecryptionSource {
    Sync, Timeline, Retry
};

// use common prefix so it's easy to clear properties that are not e2ee related during session clear
export const SESSION_E2EE_KEY_PREFIX = "e2ee:";
export const OLM_ALGORITHM = "m.olm.v1.curve25519-aes-sha2";
export const MEGOLM_ALGORITHM = "m.megolm.v1.aes-sha2";

export class DecryptionError extends Error {
    constructor(private readonly code: string, private readonly event: object, private readonly detailsObj?: object) {
        super(`Decryption error ${code}${detailsObj ? ": "+JSON.stringify(detailsObj) : ""}`);
    }
}

export const SIGNATURE_ALGORITHM = "ed25519";

export type SignedValue = {
    signatures?: {[userId: string]: {[keyId: string]: string}}
    unsigned?: object
}

// we store device keys (and cross-signing) in the format we get them from the server
// as that is what the signature is calculated on, so to verify and sign, we need
// it in this format anyway.
export type DeviceKey = SignedValue & {
    readonly user_id: string;
    readonly device_id: string;
    readonly algorithms: ReadonlyArray<string>;
    readonly keys: {[keyId: string]: string};
    readonly unsigned: {
        device_display_name?: string
    }
}

export function getDeviceEd25519Key(deviceKey: DeviceKey): string {
    return deviceKey.keys[`ed25519:${deviceKey.device_id}`];
}

export function getDeviceCurve25519Key(deviceKey: DeviceKey): string {
    return deviceKey.keys[`curve25519:${deviceKey.device_id}`];
}

export function getEd25519Signature(signedValue: SignedValue, userId: string, deviceOrKeyId: string): string | undefined {
    return signedValue?.signatures?.[userId]?.[`${SIGNATURE_ALGORITHM}:${deviceOrKeyId}`];
}

export enum SignatureVerification {
    Valid,
    Invalid,
    NotSigned,
}

export function verifyEd25519Signature(olmUtil: Olm.Utility, userId: string, deviceOrKeyId: string, ed25519Key: string, value: SignedValue, log?: ILogItem): SignatureVerification {
    const signature = getEd25519Signature(value, userId, deviceOrKeyId);
    if (!signature) {
        log?.set("no_signature", true);
        return SignatureVerification.NotSigned;
    }
    const clone = Object.assign({}, value) as object;
    delete clone["unsigned"];
    delete clone["signatures"];
    const canonicalJson = anotherjson.stringify(clone);
    try {
        // throws when signature is invalid
        olmUtil.ed25519_verify(ed25519Key, canonicalJson, signature);
        return SignatureVerification.Valid;
    } catch (err) {
        if (log) {
            const logItem = log.log({l: "Invalid signature, ignoring.", ed25519Key, canonicalJson, signature});
            logItem.error = err;
            logItem.logLevel = log.level.Warn;
        }
        return SignatureVerification.Invalid;
    }
}

export function createRoomEncryptionEvent(): UnsentStateEvent {
    return {
        "type": "m.room.encryption",
        "state_key": "",
        "content": {
            "algorithm": MEGOLM_ALGORITHM,
            "rotation_period_ms": 604800000,
            "rotation_period_msgs": 100
        }
    }
}

export enum HistoryVisibility {
    Joined = "joined",
    Invited = "invited",
    WorldReadable = "world_readable",
    Shared = "shared",
};

export function shouldShareKey(membership: string, historyVisibility: HistoryVisibility) {
    switch (historyVisibility) {
        case HistoryVisibility.WorldReadable:
            return true;
        case HistoryVisibility.Shared:
            // was part of room at some time
            return membership !== undefined;
        case HistoryVisibility.Joined:
            return membership === "join";
        case HistoryVisibility.Invited:
            return membership === "invite" || membership === "join";
        default:
            return false;
    }
}
move e2ee constants to common file 2020-08-28 14:35:47 +02:00			`/*`
			`Copyright 2020 The Matrix.org Foundation C.I.C.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

make all dependencies use vite and remove post-install script / lib dir 2021-10-05 17:51:10 +02:00			`import anotherjson from "another-json";`
expose multi-step decryption from RoomEncryption, adjust room timeline sync code hasn't been adjusted yet 2020-09-10 12:09:17 +02:00
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`import type {UnsentStateEvent} from "../room/common";`
			`import type {ILogItem} from "../../logging/types";`
			`import type * as OlmNamespace from "@matrix-org/olm";`
			`type Olm = typeof OlmNamespace;`

			`export enum DecryptionSource {`
			`Sync, Timeline, Retry`
			`};`
extract verifying a signed object from the device tracker 2020-09-02 17:37:48 +02:00
move e2ee constants to common file 2020-08-28 14:35:47 +02:00			`// use common prefix so it's easy to clear properties that are not e2ee related during session clear`
store e2ee session values as well in localStorage 2021-09-29 11:49:58 +02:00			`export const SESSION_E2EE_KEY_PREFIX = "e2ee:";`
move e2ee constants to common file 2020-08-28 14:35:47 +02:00			`export const OLM_ALGORITHM = "m.olm.v1.curve25519-aes-sha2";`
			`export const MEGOLM_ALGORITHM = "m.megolm.v1.aes-sha2";`
implement olm decryption algorithm 2020-09-01 17:59:39 +02:00
			`export class DecryptionError extends Error {`
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`constructor(private readonly code: string, private readonly event: object, private readonly detailsObj?: object) {`
implement olm decryption algorithm 2020-09-01 17:59:39 +02:00			super(`Decryption error ${code}${detailsObj ? ": "+JSON.stringify(detailsObj) : ""}`);
			`}`
			`}`
extract verifying a signed object from the device tracker 2020-09-02 17:37:48 +02:00
			`export const SIGNATURE_ALGORITHM = "ed25519";`

Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`export type SignedValue = {`
implement signing users and other devices 2023-03-02 15:02:42 +01:00			`signatures?: {[userId: string]: {[keyId: string]: string}}`
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`unsigned?: object`
			`}`

			`// we store device keys (and cross-signing) in the format we get them from the server`
			`// as that is what the signature is calculated on, so to verify and sign, we need`
			`// it in this format anyway.`
			`export type DeviceKey = SignedValue & {`
			`readonly user_id: string;`
			`readonly device_id: string;`
			`readonly algorithms: ReadonlyArray<string>;`
			`readonly keys: {[keyId: string]: string};`
			`readonly unsigned: {`
			`device_display_name?: string`
			`}`
			`}`

			`export function getDeviceEd25519Key(deviceKey: DeviceKey): string {`
			return deviceKey.keys[`ed25519:${deviceKey.device_id}`];
			`}`

			`export function getDeviceCurve25519Key(deviceKey: DeviceKey): string {`
			return deviceKey.keys[`curve25519:${deviceKey.device_id}`];
			`}`

implement signing users and other devices 2023-03-02 15:02:42 +01:00			`export function getEd25519Signature(signedValue: SignedValue, userId: string, deviceOrKeyId: string): string \| undefined {`
Store cross-signing keys in format as returned from server, in separate store This will make it easier to sign and verify signatures with these keys, as the signed value needs to have the same layout when signing and for every verification. 2023-02-24 17:45:56 +01:00			return signedValue?.signatures?.[userId]?.[`${SIGNATURE_ALGORITHM}:${deviceOrKeyId}`];
			`}`

return enum explaining user trust level rather than boolean 2023-03-07 10:53:32 +01:00			`export enum SignatureVerification {`
			`Valid,`
			`Invalid,`
			`NotSigned,`
			`}`

			`export function verifyEd25519Signature(olmUtil: Olm.Utility, userId: string, deviceOrKeyId: string, ed25519Key: string, value: SignedValue, log?: ILogItem): SignatureVerification {`
Store cross-signing keys in format as returned from server, in separate store This will make it easier to sign and verify signatures with these keys, as the signed value needs to have the same layout when signing and for every verification. 2023-02-24 17:45:56 +01:00			`const signature = getEd25519Signature(value, userId, deviceOrKeyId);`
			`if (!signature) {`
			`log?.set("no_signature", true);`
return enum explaining user trust level rather than boolean 2023-03-07 10:53:32 +01:00			`return SignatureVerification.NotSigned;`
Store cross-signing keys in format as returned from server, in separate store This will make it easier to sign and verify signatures with these keys, as the signed value needs to have the same layout when signing and for every verification. 2023-02-24 17:45:56 +01:00			`}`
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`const clone = Object.assign({}, value) as object;`
			`delete clone["unsigned"];`
			`delete clone["signatures"];`
extract verifying a signed object from the device tracker 2020-09-02 17:37:48 +02:00			`const canonicalJson = anotherjson.stringify(clone);`
			`try {`
			`// throws when signature is invalid`
forgot to remove this after extracting function 2020-09-03 15:27:40 +02:00			`olmUtil.ed25519_verify(ed25519Key, canonicalJson, signature);`
return enum explaining user trust level rather than boolean 2023-03-07 10:53:32 +01:00			`return SignatureVerification.Valid;`
extract verifying a signed object from the device tracker 2020-09-02 17:37:48 +02:00			`} catch (err) {`
log signature verification failure in logger, not console 2021-11-15 15:27:57 +01:00			`if (log) {`
			`const logItem = log.log({l: "Invalid signature, ignoring.", ed25519Key, canonicalJson, signature});`
			`logItem.error = err;`
			`logItem.logLevel = log.level.Warn;`
			`}`
return enum explaining user trust level rather than boolean 2023-03-07 10:53:32 +01:00			`return SignatureVerification.Invalid;`
extract verifying a signed object from the device tracker 2020-09-02 17:37:48 +02:00			`}`
			`}`
draft code in matrix layer to create room 2022-02-02 10:19:49 +01:00
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`export function createRoomEncryptionEvent(): UnsentStateEvent {`
draft code in matrix layer to create room 2022-02-02 10:19:49 +01:00			`return {`
			`"type": "m.room.encryption",`
			`"state_key": "",`
			`"content": {`
			`"algorithm": MEGOLM_ALGORITHM,`
			`"rotation_period_ms": 604800000,`
			`"rotation_period_msgs": 100`
			`}`
			`}`
			`}`
logic for whether a key should be shared by membership and h. visibility 2022-07-22 17:46:53 +02:00
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`export enum HistoryVisibility {`
			`Joined = "joined",`
			`Invited = "invited",`
			`WorldReadable = "world_readable",`
			`Shared = "shared",`
			`};`
logic for whether a key should be shared by membership and h. visibility 2022-07-22 17:46:53 +02:00
Store device keys in format needed to sign/verify, convert to TS In order to sign and verify signatures of design keys, we need to have them in the format as they are uploaded and downloaded from the homeserver. So, like the cross-signing keys, we store them in locally in the same format to avoid constant convertions. I also renamed deviceIdentities to deviceKeys, analogue to crossSigningKeys. In order to prevent mistakes in this refactor, I also converted DeviceTracker to typescript. 2023-02-27 18:13:53 +01:00			`export function shouldShareKey(membership: string, historyVisibility: HistoryVisibility) {`
logic for whether a key should be shared by membership and h. visibility 2022-07-22 17:46:53 +02:00			`switch (historyVisibility) {`
			`case HistoryVisibility.WorldReadable:`
			`return true;`
			`case HistoryVisibility.Shared:`
			`// was part of room at some time`
			`return membership !== undefined;`
			`case HistoryVisibility.Joined:`
			`return membership === "join";`
			`case HistoryVisibility.Invited:`
			`return membership === "invite" \|\| membership === "join";`
			`default:`
			`return false;`
			`}`
			`}`