chore: add mechanism for legacy uuid aad

2023-09-12 16:47:24 -05:00
parent 6978b56960
commit 09ba8fb99b
4 changed files with 35 additions and 51 deletions
--- a/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts
+++ b/packages/encryption/src/Domain/Operator/004/UseCase/Symmetric/GenerateDecryptedParameters.ts
@@ -17,6 +17,7 @@ import {
 } from './../../../../Types/EncryptedParameters'
 import { DecryptedParameters } from '../../../../Types/DecryptedParameters'
 import { DeriveHashingKeyUseCase } from '../Hash/DeriveHashingKey'
 import { V004Components } from '../../V004AlgorithmTypes'
 export class GenerateDecryptedParametersUseCase {
  private base64DataUsecase = new CreateConsistentBase64JsonPayloadUseCase(this.crypto)
@@ -39,7 +40,7 @@ export class GenerateDecryptedParametersUseCase {
      }
    }
-    const contentResult = this.decryptContent(encrypted, contentKeyResult.contentKey)
+    const contentResult = this.decryptContent(encrypted, contentKeyResult.decrypted)
    if (!contentResult) {
      return {
        uuid: encrypted.uuid,
@@ -54,17 +55,17 @@ export class GenerateDecryptedParametersUseCase {
      hashingKey,
      {
        additionalData: contentKeyResult.components.additionalData,
-        plaintext: contentKeyResult.contentKey,
+        plaintext: contentKeyResult.decrypted,
      },
      {
        additionalData: contentResult.components.additionalData,
-        plaintext: contentResult.content,
+        plaintext: contentResult.decrypted,
      },
    )
    return {
      uuid: encrypted.uuid,
-      content: JSON.parse(contentResult.content),
+      content: JSON.parse(contentResult.decrypted),
      signatureData: signatureVerificationResult,
    }
  }
@@ -72,34 +73,7 @@ export class GenerateDecryptedParametersUseCase {
  private decryptContent(encrypted: EncryptedOutputParameters, contentKey: string) {
    const contentComponents = deconstructEncryptedPayloadString(encrypted.content)
-    const contentAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute(
+    return this.decrypt(encrypted, contentComponents, contentKey)
      contentComponents.authenticatedData,
      {
        u: encrypted.uuid,
        v: encrypted.version,
        ksi: encrypted.key_system_identifier,
        svu: encrypted.shared_vault_uuid,
      },
    )
    const authenticatedDataString = this.base64DataUsecase.execute(contentAuthenticatedData)
    const content = this.crypto.xchacha20Decrypt(
      contentComponents.ciphertext,
      contentComponents.nonce,
      contentKey,
      authenticatedDataString,
    )
    if (!content) {
      return null
    }
    return {
      content,
      components: contentComponents,
      authenticatedDataString,
    }
  }
  private decryptContentKey(
@@ -108,32 +82,37 @@ export class GenerateDecryptedParametersUseCase {
  ) {
    const contentKeyComponents = deconstructEncryptedPayloadString(encrypted.enc_item_key)
-    const contentKeyAuthenticatedData = this.stringToAuthenticatedDataUseCase.execute(
+    return this.decrypt(encrypted, contentKeyComponents, key.itemsKey)
-      contentKeyComponents.authenticatedData,
+  }
-      {
+
-        u: encrypted.uuid,
+  private decrypt(encrypted: EncryptedOutputParameters, components: V004Components, key: string) {
    const rawAuthenticatedData = this.stringToAuthenticatedDataUseCase.executeRaw(components.authenticatedData)
    const doesRawContainLegacyUppercaseUuid = /[A-Z]/.test(rawAuthenticatedData.u)
    const authenticatedData = this.stringToAuthenticatedDataUseCase.execute(components.authenticatedData, {
      u: doesRawContainLegacyUppercaseUuid ? encrypted.uuid.toUpperCase() : encrypted.uuid,
      v: encrypted.version,
      ksi: encrypted.key_system_identifier,
      svu: encrypted.shared_vault_uuid,
-      },
+    })
    )
-    const authenticatedDataString = this.base64DataUsecase.execute(contentKeyAuthenticatedData)
+    const authenticatedDataString = this.base64DataUsecase.execute(authenticatedData)
-    const contentKey = this.crypto.xchacha20Decrypt(
+    const decrypted = this.crypto.xchacha20Decrypt(
-      contentKeyComponents.ciphertext,
+      components.ciphertext,
-      contentKeyComponents.nonce,
+      components.nonce,
-      key.itemsKey,
+      key,
      authenticatedDataString,
    )
-    if (!contentKey) {
+    if (!decrypted) {
      return null
    }
    return {
-      contentKey,
+      decrypted,
-      components: contentKeyComponents,
+      components: components,
      authenticatedDataString,
    }
  }
--- a/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts
+++ b/packages/encryption/src/Domain/Operator/004/UseCase/Utils/StringToAuthenticatedData.ts
@@ -16,4 +16,9 @@ export class StringToAuthenticatedDataUseCase {
      ...override,
    })
  }
  executeRaw(rawAuthenticatedData: string): RootKeyEncryptedAuthenticatedData | ItemAuthenticatedData {
    const base = JSON.parse(this.crypto.base64Decode(rawAuthenticatedData))
    return base
  }
 }
--- a/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts
+++ b/packages/services/src/Domain/UseCase/IsApplicationUsingThirdPartyHost.ts
@@ -3,7 +3,7 @@ import { Result, SyncUseCaseInterface } from '@standardnotes/domain-core'
 import { GetHost } from './GetHost'
 export class IsApplicationUsingThirdPartyHost implements SyncUseCaseInterface<boolean> {
-  private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org']
+  private readonly APPLICATION_DEFAULT_HOSTS = ['api.standardnotes.com', 'sync.standardnotes.org', 'localhost:3123']
  private readonly FILES_DEFAULT_HOSTS = ['files.standardnotes.com']
--- a/packages/snjs/mocha/TestRegistry/VaultTests.js
+++ b/packages/snjs/mocha/TestRegistry/VaultTests.js
@@ -1,5 +1,5 @@
 export const VaultTests = {
-  enabled: true,
+  enabled: false,
  exclusive: false,
  files: [
    'vaults/vaults.test.js',