diff --git a/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts b/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts index 8168136c5..e5a4ef365 100644 --- a/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts +++ b/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts @@ -17,6 +17,7 @@ import { } from './../../../../Types/EncryptedParameters' import { DecryptedParameters } from '../../../../Types/DecryptedParameters' import { DeriveHashingKeyUseCase } from '../Hash/DeriveHashingKey' +import { V004Components } from '../../V004AlgorithmTypes' export class GenerateDecryptedParametersUseCase { private base64DataUsecase = new CreateConsistentBase64JsonPayloadUseCase(this.crypto) @@ -39,7 +40,7 @@ export class GenerateDecryptedParametersUseCase { } } - const contentResult = this.decryptContent(encrypted, contentKeyResult.contentKey) + const contentResult = this.decryptContent(encrypted, contentKeyResult.decrypted) if (!contentResult) { return { uuid: encrypted.uuid, @@ -54,17 +55,17 @@ export class GenerateDecryptedParametersUseCase { hashingKey, { additionalData: contentKeyResult.components.additionalData, - plaintext: contentKeyResult.contentKey, + plaintext: contentKeyResult.decrypted, }, { additionalData: contentResult.components.additionalData, - plaintext: contentResult.content, + plaintext: contentResult.decrypted, }, ) return { uuid: encrypted.uuid, - content: JSON.parse(contentResult.content), + content: JSON.parse(contentResult.decrypted), signatureData: signatureVerificationResult, } } @@ -72,34 +73,7 @@ export class GenerateDecryptedParametersUseCase { private decryptContent(encrypted: EncryptedOutputParameters, contentKey: string) { const contentComponents = deconstructEncryptedPayloadString(encrypted.content) - const contentAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute( - contentComponents.authenticatedData, - { - u: encrypted.uuid, - v: encrypted.version, - ksi: encrypted.key_system_identifier, - svu: encrypted.shared_vault_uuid, - }, - ) - - const authenticatedDataString = this.base64DataUsecase.execute(contentAuthenticatedData) - - const content = this.crypto.xchacha20Decrypt( - contentComponents.ciphertext, - contentComponents.nonce, - contentKey, - authenticatedDataString, - ) - - if (!content) { - return null - } - - return { - content, - components: contentComponents, - authenticatedDataString, - } + return this.decrypt(encrypted, contentComponents, contentKey) } private decryptContentKey( @@ -108,32 +82,37 @@ export class GenerateDecryptedParametersUseCase { ) { const contentKeyComponents = deconstructEncryptedPayloadString(encrypted.enc_item_key) - const contentKeyAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute( - contentKeyComponents.authenticatedData, - { - u: encrypted.uuid, - v: encrypted.version, - ksi: encrypted.key_system_identifier, - svu: encrypted.shared_vault_uuid, - }, - ) + return this.decrypt(encrypted, contentKeyComponents, key.itemsKey) + } - const authenticatedDataString = this.base64DataUsecase.execute(contentKeyAuthenticatedData) + private decrypt(encrypted: EncryptedOutputParameters, components: V004Components, key: string) { + const rawAuthenticatedData = this.stringToAuthenticatedDataUseCase.executeRaw(components.authenticatedData) - const contentKey = this.crypto.xchacha20Decrypt( - contentKeyComponents.ciphertext, - contentKeyComponents.nonce, - key.itemsKey, + const doesRawContainLegacyUppercaseUuid = /[A-Z]/.test(rawAuthenticatedData.u) + + const authenticatedData = this.stringToAuthenticatedDataUseCase.execute(components.authenticatedData, { + u: doesRawContainLegacyUppercaseUuid ? encrypted.uuid.toUpperCase() : encrypted.uuid, + v: encrypted.version, + ksi: encrypted.key_system_identifier, + svu: encrypted.shared_vault_uuid, + }) + + const authenticatedDataString = this.base64DataUsecase.execute(authenticatedData) + + const decrypted = this.crypto.xchacha20Decrypt( + components.ciphertext, + components.nonce, + key, authenticatedDataString, ) - if (!contentKey) { + if (!decrypted) { return null } return { - contentKey, - components: contentKeyComponents, + decrypted, + components: components, authenticatedDataString, } } diff --git a/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts b/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts index eb961e383..154ce806a 100644 --- a/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts +++ b/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts @@ -16,4 +16,9 @@ export class StringToAuthenticatedDataUseCase { ...override, }) } + + executeRaw(rawAuthenticatedData: string): RootKeyEncryptedAuthenticatedData | ItemAuthenticatedData { + const base = JSON.parse(this.crypto.base64Decode(rawAuthenticatedData)) + return base + } } diff --git a/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts b/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts index 31f27a82b..256bd3d90 100644 --- a/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts +++ b/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts @@ -3,7 +3,7 @@ import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core' import { GetHost } from './GetHost' export class IsApplicationUsingThirdPartyHost implements SyncUseCaseInterface { - private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org'] + private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org', 'localhost:3123'] private readonly FILES_DEFAULT_HOSTS = ['files.standardnotes.com'] diff --git a/packages/snjs/mocha/TestRegistry/VaultTests.js b/packages/snjs/mocha/TestRegistry/VaultTests.js index d1df71260..d54e840b3 100644 --- a/packages/snjs/mocha/TestRegistry/VaultTests.js +++ b/packages/snjs/mocha/TestRegistry/VaultTests.js @@ -1,5 +1,5 @@ export const VaultTests = { - enabled: true, + enabled: false, exclusive: false, files: [ 'vaults/vaults.test.js',