2020-09-17 11:38:53 +02:00
|
|
|
/*
|
|
|
|
Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
import type {Platform} from "../../platform/web/Platform.js";
|
|
|
|
|
2021-11-29 09:23:06 +01:00
|
|
|
export interface IKeyDescription {
|
2021-11-25 12:55:00 +01:00
|
|
|
algorithm: string;
|
|
|
|
passphrase: {
|
|
|
|
algorithm: string;
|
|
|
|
iterations: number;
|
|
|
|
salt: string;
|
2021-11-29 10:48:04 +01:00
|
|
|
bits?: number;
|
2021-11-25 12:55:00 +01:00
|
|
|
};
|
|
|
|
mac: string;
|
|
|
|
iv: string;
|
|
|
|
}
|
|
|
|
|
2020-09-17 11:38:53 +02:00
|
|
|
export class KeyDescription {
|
2021-11-25 12:55:00 +01:00
|
|
|
private readonly _id: string;
|
|
|
|
private readonly _keyDescription: IKeyDescription;
|
|
|
|
|
|
|
|
constructor(id: string, keyDescription: IKeyDescription) {
|
2020-09-17 11:38:53 +02:00
|
|
|
this._id = id;
|
2021-10-29 15:48:28 +02:00
|
|
|
this._keyDescription = keyDescription;
|
2020-09-17 11:38:53 +02:00
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get id(): string {
|
2020-09-17 11:38:53 +02:00
|
|
|
return this._id;
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get passphraseParams(): IKeyDescription["passphrase"] {
|
2021-10-29 15:48:28 +02:00
|
|
|
return this._keyDescription?.passphrase;
|
2020-09-17 11:38:53 +02:00
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get algorithm(): string {
|
2021-10-29 15:48:28 +02:00
|
|
|
return this._keyDescription?.algorithm;
|
2020-09-17 11:38:53 +02:00
|
|
|
}
|
2021-10-29 19:17:31 +02:00
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
async isCompatible(key: Key, platform: Platform): Promise<boolean> {
|
2021-11-03 02:07:57 +01:00
|
|
|
if (this.algorithm === "m.secret_storage.v1.aes-hmac-sha2") {
|
|
|
|
const kd = this._keyDescription;
|
|
|
|
if (kd.mac) {
|
|
|
|
const otherMac = await calculateKeyMac(key.binaryKey, kd.iv, platform);
|
|
|
|
return kd.mac === otherMac;
|
|
|
|
} else if (kd.passphrase) {
|
|
|
|
const kdOther = key.description._keyDescription;
|
2021-10-29 19:17:31 +02:00
|
|
|
if (!kdOther.passphrase) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return kd.passphrase.algorithm === kdOther.passphrase.algorithm &&
|
|
|
|
kd.passphrase.iterations === kdOther.passphrase.iterations &&
|
|
|
|
kd.passphrase.salt === kdOther.passphrase.salt;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
2020-09-17 11:38:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
export class Key {
|
2021-11-25 12:55:00 +01:00
|
|
|
private readonly _keyDescription: KeyDescription;
|
|
|
|
private readonly _binaryKey: Uint8Array;
|
|
|
|
|
|
|
|
constructor(keyDescription: KeyDescription, binaryKey: Uint8Array) {
|
2020-09-17 11:38:53 +02:00
|
|
|
this._keyDescription = keyDescription;
|
|
|
|
this._binaryKey = binaryKey;
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
withDescription(description: KeyDescription): Key {
|
2021-10-29 19:17:31 +02:00
|
|
|
return new Key(description, this._binaryKey);
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get description(): KeyDescription {
|
2021-10-29 15:48:28 +02:00
|
|
|
return this._keyDescription;
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get id(): string {
|
2020-09-17 11:38:53 +02:00
|
|
|
return this._keyDescription.id;
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get binaryKey(): Uint8Array {
|
2020-09-17 11:38:53 +02:00
|
|
|
return this._binaryKey;
|
|
|
|
}
|
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
get algorithm(): string {
|
2020-09-17 11:38:53 +02:00
|
|
|
return this._keyDescription.algorithm;
|
|
|
|
}
|
|
|
|
}
|
2021-11-03 02:07:57 +01:00
|
|
|
|
2021-11-25 12:55:00 +01:00
|
|
|
async function calculateKeyMac(key: BufferSource, ivStr: string, platform: Platform): Promise<string> {
|
2021-11-03 02:07:57 +01:00
|
|
|
const {crypto, encoding} = platform;
|
|
|
|
const {utf8, base64} = encoding;
|
|
|
|
const {derive, aes, hmac} = crypto;
|
|
|
|
|
|
|
|
const iv = base64.decode(ivStr);
|
|
|
|
|
|
|
|
// salt for HKDF, with 8 bytes of zeros
|
|
|
|
const zerosalt = new Uint8Array(8);
|
|
|
|
const ZERO_STR = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
|
|
|
|
|
|
|
|
const info = utf8.encode("");
|
|
|
|
const keybits = await derive.hkdf(key, zerosalt, info, "SHA-256", 512);
|
|
|
|
const aesKey = keybits.slice(0, 32);
|
|
|
|
const hmacKey = keybits.slice(32);
|
|
|
|
const ciphertext = await aes.encryptCTR({key: aesKey, iv, data: utf8.encode(ZERO_STR)});
|
|
|
|
const mac = await hmac.compute(hmacKey, ciphertext, "SHA-256");
|
|
|
|
|
|
|
|
return base64.encode(mac);
|
|
|
|
}
|