rmorawski/standardnotes-app-web
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

chore: add mechanism for legacy uuid aad

Browse Source
This commit is contained in:
Mo
2023-09-12 16:47:24 -05:00
parent 6978b56960
commit 09ba8fb99b
4 changed files with 35 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts
View File

@@ -17,6 +17,7 @@ import {
} from './../../../../Types/EncryptedParameters'
import { DecryptedParameters } from '../../../../Types/DecryptedParameters'
import { DeriveHashingKeyUseCase } from '../Hash/DeriveHashingKey'
import { V004Components } from '../../V004AlgorithmTypes'
export class GenerateDecryptedParametersUseCase {
private base64DataUsecase = new CreateConsistentBase64JsonPayloadUseCase(this.crypto)
@@ -39,7 +40,7 @@ export class GenerateDecryptedParametersUseCase {
}
}
const contentResult = this.decryptContent(encrypted, contentKeyResult.contentKey)
const contentResult = this.decryptContent(encrypted, contentKeyResult.decrypted)
if (!contentResult) {
return {
uuid: encrypted.uuid,
@@ -54,17 +55,17 @@ export class GenerateDecryptedParametersUseCase {
hashingKey,
{
additionalData: contentKeyResult.components.additionalData,
plaintext: contentKeyResult.contentKey,
plaintext: contentKeyResult.decrypted,
},
{
additionalData: contentResult.components.additionalData,
plaintext: contentResult.content,
plaintext: contentResult.decrypted,
},
)
return {
uuid: encrypted.uuid,
content: JSON.parse(contentResult.content),
content: JSON.parse(contentResult.decrypted),
signatureData: signatureVerificationResult,
}
}
@@ -72,34 +73,7 @@ export class GenerateDecryptedParametersUseCase {
private decryptContent(encrypted: EncryptedOutputParameters, contentKey: string) {
const contentComponents = deconstructEncryptedPayloadString(encrypted.content)
const contentAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute(
contentComponents.authenticatedData,
{
u: encrypted.uuid,
v: encrypted.version,
ksi: encrypted.key_system_identifier,
svu: encrypted.shared_vault_uuid,
},
)
const authenticatedDataString = this.base64DataUsecase.execute(contentAuthenticatedData)
const content = this.crypto.xchacha20Decrypt(
contentComponents.ciphertext,
contentComponents.nonce,
contentKey,
authenticatedDataString,
)
if (!content) {
return null
}
return {
content,
components: contentComponents,
authenticatedDataString,
}
return this.decrypt(encrypted, contentComponents, contentKey)
}
private decryptContentKey(
@@ -108,32 +82,37 @@ export class GenerateDecryptedParametersUseCase {
) {
const contentKeyComponents = deconstructEncryptedPayloadString(encrypted.enc_item_key)
const contentKeyAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute(
contentKeyComponents.authenticatedData,
{
u: encrypted.uuid,
v: encrypted.version,
ksi: encrypted.key_system_identifier,
svu: encrypted.shared_vault_uuid,
},
)
return this.decrypt(encrypted, contentKeyComponents, key.itemsKey)
}
const authenticatedDataString = this.base64DataUsecase.execute(contentKeyAuthenticatedData)
private decrypt(encrypted: EncryptedOutputParameters, components: V004Components, key: string) {
const rawAuthenticatedData = this.stringToAuthenticatedDataUseCase.executeRaw(components.authenticatedData)
const contentKey = this.crypto.xchacha20Decrypt(
contentKeyComponents.ciphertext,
contentKeyComponents.nonce,
key.itemsKey,
const doesRawContainLegacyUppercaseUuid = /[A-Z]/.test(rawAuthenticatedData.u)
const authenticatedData = this.stringToAuthenticatedDataUseCase.execute(components.authenticatedData, {
u: doesRawContainLegacyUppercaseUuid ? encrypted.uuid.toUpperCase() : encrypted.uuid,
v: encrypted.version,
ksi: encrypted.key_system_identifier,
svu: encrypted.shared_vault_uuid,
})
const authenticatedDataString = this.base64DataUsecase.execute(authenticatedData)
const decrypted = this.crypto.xchacha20Decrypt(
components.ciphertext,
components.nonce,
key,
authenticatedDataString,
)
if (!contentKey) {
if (!decrypted) {
return null
}
return {
contentKey,
components: contentKeyComponents,
decrypted,
components: components,
authenticatedDataString,
}
}

5
packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts
View File

@@ -16,4 +16,9 @@ export class StringToAuthenticatedDataUseCase {
...override,
})
}
executeRaw(rawAuthenticatedData: string): RootKeyEncryptedAuthenticatedData | ItemAuthenticatedData {
const base = JSON.parse(this.crypto.base64Decode(rawAuthenticatedData))
return base
}
}

2
packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts
View File

@@ -3,7 +3,7 @@ import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
import { GetHost } from './GetHost'
export class IsApplicationUsingThirdPartyHost implements SyncUseCaseInterface<boolean> {
private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org']
private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org', 'localhost:3123']
private readonly FILES_DEFAULT_HOSTS = ['files.standardnotes.com']

2
packages/snjs/mocha/TestRegistry/VaultTests.js
View File

@@ -1,5 +1,5 @@
export const VaultTests = {
enabled: true,
enabled: false,
exclusive: false,
files: [
'vaults/vaults.test.js',