2020-10-23 17:45:15 +02:00
|
|
|
/*
|
|
|
|
Copyright 2020 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Decrypt an attachment.
|
|
|
|
* @param {ArrayBuffer} ciphertextBuffer The encrypted attachment data buffer.
|
|
|
|
* @param {Object} info The information needed to decrypt the attachment.
|
|
|
|
* @param {Object} info.key AES-CTR JWK key object.
|
|
|
|
* @param {string} info.iv Base64 encoded 16 byte AES-CTR IV.
|
|
|
|
* @param {string} info.hashes.sha256 Base64 encoded SHA-256 hash of the ciphertext.
|
|
|
|
* @return {Promise} A promise that resolves with an ArrayBuffer when the attachment is decrypted.
|
|
|
|
*/
|
2021-02-12 16:01:54 +01:00
|
|
|
export async function decryptAttachment(platform, ciphertextBuffer, info) {
|
2020-10-23 17:45:15 +02:00
|
|
|
if (info === undefined || info.key === undefined || info.iv === undefined
|
|
|
|
|| info.hashes === undefined || info.hashes.sha256 === undefined) {
|
|
|
|
throw new Error("Invalid info. Missing info.key, info.iv or info.hashes.sha256 key");
|
|
|
|
}
|
|
|
|
|
2021-02-12 16:01:54 +01:00
|
|
|
const {crypto} = platform;
|
|
|
|
const {base64} = platform.encoding;
|
2020-10-23 17:45:15 +02:00
|
|
|
var ivArray = base64.decode(info.iv);
|
|
|
|
// re-encode to not deal with padded vs unpadded
|
|
|
|
var expectedSha256base64 = base64.encode(base64.decode(info.hashes.sha256));
|
|
|
|
// Check the sha256 hash
|
2020-10-26 17:08:29 +01:00
|
|
|
const digestResult = await crypto.digest("SHA-256", ciphertextBuffer);
|
2020-10-23 17:45:15 +02:00
|
|
|
if (base64.encode(new Uint8Array(digestResult)) != expectedSha256base64) {
|
|
|
|
throw new Error("Mismatched SHA-256 digest");
|
|
|
|
}
|
|
|
|
var counterLength;
|
|
|
|
if (info.v == "v1" || info.v == "v2") {
|
|
|
|
// Version 1 and 2 use a 64 bit counter.
|
|
|
|
counterLength = 64;
|
|
|
|
} else {
|
|
|
|
// Version 0 uses a 128 bit counter.
|
|
|
|
counterLength = 128;
|
|
|
|
}
|
|
|
|
|
2020-10-26 17:08:29 +01:00
|
|
|
const decryptedBuffer = await crypto.aes.decryptCTR({
|
2020-10-23 17:45:15 +02:00
|
|
|
jwkKey: info.key,
|
|
|
|
iv: ivArray,
|
|
|
|
data: ciphertextBuffer,
|
|
|
|
counterLength
|
|
|
|
});
|
|
|
|
return decryptedBuffer;
|
|
|
|
}
|
2020-11-10 22:36:26 +01:00
|
|
|
|
2020-11-11 10:46:37 +01:00
|
|
|
export async function encryptAttachment(platform, blob) {
|
|
|
|
const {crypto} = platform;
|
2021-02-12 16:01:54 +01:00
|
|
|
const {base64} = platform.encoding;
|
2020-11-10 22:36:26 +01:00
|
|
|
const iv = await crypto.aes.generateIV();
|
|
|
|
const key = await crypto.aes.generateKey("jwk", 256);
|
2020-11-11 10:46:37 +01:00
|
|
|
const buffer = await blob.readAsBuffer();
|
2020-11-11 11:47:39 +01:00
|
|
|
const ciphertext = await crypto.aes.encryptCTR({jwkKey: key, iv, data: buffer});
|
2020-11-10 22:36:26 +01:00
|
|
|
const digest = await crypto.digest("SHA-256", ciphertext);
|
|
|
|
return {
|
2020-11-13 19:10:04 +01:00
|
|
|
blob: platform.createBlob(ciphertext, 'application/octet-stream'),
|
2020-11-10 22:36:26 +01:00
|
|
|
info: {
|
|
|
|
v: "v2",
|
|
|
|
key,
|
2021-02-12 16:01:54 +01:00
|
|
|
iv: base64.encodeUnpadded(iv),
|
2020-11-10 22:36:26 +01:00
|
|
|
hashes: {
|
2021-02-12 16:01:54 +01:00
|
|
|
sha256: base64.encodeUnpadded(digest)
|
2020-11-10 22:36:26 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|