Add channel encryption library with tests (not in used so far)

6 years ago · e2abc0d510
parent 0460c62847
commit e2abc0d510
6 changed files with 3041 additions and 17 deletions
--- a/bower.json
+++ b/bower.json
@ -58,7 +58,8 @@
      "components/qrcode/**/*.js",
      "node_modules/intl-tel-input/build/js/intlTelInput.js",
      "components/autosize/**/*.js",
-      "components/webaudiorecorder/lib/WebAudioRecorder.js"
+      "components/webaudiorecorder/lib/WebAudioRecorder.js",
+      "components/multibase/dist/index.js"
    ],
    "libtextsecure": [
      "components/long/**/*.js",
@ -68,7 +69,8 @@
    "libloki": [
      "components/long/**/*.js",
      "components/bytebuffer/**/*.js",
-      "components/JSBI/dist/jsbi.mjs"
+      "components/JSBI/dist/jsbi.mjs",
+      "components/multibase/dist/index.js"
    ]
  }
 }
--- a/components/multibase/dist/index.js
+++ b/components/multibase/dist/index.js
--- a/libloki/crypto.js
+++ b/libloki/crypto.js
@ -1,4 +1,4 @@
-/* global window, libsignal, textsecure, StringView */
+/* global window, libsignal, textsecure, StringView, Multibase */

 // eslint-disable-next-line func-names
 (function() {
@ -8,6 +8,27 @@

  const IV_LENGTH = 16;

+  async function DHEncrypt(symmetricKey, plainText) {
+    const iv = libsignal.crypto.getRandomBytes(IV_LENGTH);
+    const ciphertext = await libsignal.crypto.encrypt(
+      symmetricKey,
+      plainText,
+      iv
+    );
+    const ivAndCiphertext = new Uint8Array(
+      iv.byteLength + ciphertext.byteLength
+    );
+    ivAndCiphertext.set(new Uint8Array(iv));
+    ivAndCiphertext.set(new Uint8Array(ciphertext), iv.byteLength);
+    return ivAndCiphertext;
+  }
+
+  async function DHDecrypt(symmetricKey, ivAndCiphertext) {
+    const iv = ivAndCiphertext.slice(0, IV_LENGTH);
+    const cipherText = ivAndCiphertext.slice(IV_LENGTH);
+    return libsignal.crypto.decrypt(symmetricKey, cipherText, iv);
+  }
+
  class FallBackSessionCipher {
    constructor(address) {
      this.identityKeyString = address.getName();
@ -21,17 +42,7 @@
        this.pubKey,
        myPrivateKey
      );
-      const iv = libsignal.crypto.getRandomBytes(IV_LENGTH);
-      const ciphertext = await libsignal.crypto.encrypt(
-        symmetricKey,
-        plaintext,
-        iv
-      );
-      const ivAndCiphertext = new Uint8Array(
-        iv.byteLength + ciphertext.byteLength
-      );
-      ivAndCiphertext.set(new Uint8Array(iv));
-      ivAndCiphertext.set(new Uint8Array(ciphertext), iv.byteLength);
+      const ivAndCiphertext = await DHEncrypt(symmetricKey, plaintext);
      return {
        type: textsecure.protobuf.Envelope.Type.FRIEND_REQUEST,
        body: ivAndCiphertext,
@ -40,8 +51,6 @@
    }

    async decrypt(ivAndCiphertext) {
-      const iv = ivAndCiphertext.slice(0, IV_LENGTH);
-      const cipherText = ivAndCiphertext.slice(IV_LENGTH);
      const myKeyPair = await textsecure.storage.protocol.getIdentityKeyPair();
      const myPrivateKey = myKeyPair.privKey;
      const symmetricKey = libsignal.Curve.calculateAgreement(
@ -49,7 +58,7 @@
        myPrivateKey
      );
      try {
-        return await libsignal.crypto.decrypt(symmetricKey, cipherText, iv);
+        return await DHDecrypt(symmetricKey, ivAndCiphertext);
      } catch (e) {
        throw new FallBackDecryptionError(
          `Could not decrypt message from ${
@ -60,8 +69,79 @@
    }
  }

+  const base32zIndex = Multibase.names.indexOf('base32z');
+  const base32zCode = Multibase.codes[base32zIndex];
+
+  function bufferToArrayBuffer(buf) {
+    const ab = new ArrayBuffer(buf.length);
+    const view = new Uint8Array(ab);
+    for (let i = 0; i < buf.length; i += 1) {
+      view[i] = buf[i];
+    }
+    return ab;
+  }
+
+  function decodeSnodeAddressToBuffer(snodeAddress) {
+    const snodeAddressClean = snodeAddress
+      .replace('.snode', '')
+      .replace('http://', '');
+    return Multibase.decode(`${base32zCode}${snodeAddressClean}`);
+  }
+
+  class LokiSnodeChannel {
+    constructor() {
+      this._ephemeralKeyPair = libsignal.Curve.generateKeyPair();
+      // Signal protocol prepends with "0x05"
+      this._ephemeralKeyPair.pubKey = this._ephemeralKeyPair.pubKey.slice(1);
+      this._ephemeralPubKeyHex = StringView.arrayBufferToHex(
+        this._ephemeralKeyPair.pubKey
+      );
+      this._cache = {};
+    }
+
+    _getSymmetricKey(snodeAddress) {
+      if (snodeAddress in this._cache) {
+        return this._cache[snodeAddress];
+      }
+      const buffer = decodeSnodeAddressToBuffer(snodeAddress);
+      const snodePubKeyArrayBuffer = bufferToArrayBuffer(buffer);
+      const symmetricKey = libsignal.Curve.calculateAgreement(
+        snodePubKeyArrayBuffer,
+        this._ephemeralKeyPair.privKey
+      );
+      this._cache[snodeAddress] = symmetricKey;
+      return symmetricKey;
+    }
+
+    getChannelPublicKeyHex() {
+      return this._ephemeralPubKeyHex;
+    }
+
+    async decrypt(snodeAddress, ivAndCipherText) {
+      const symmetricKey = this._getSymmetricKey(snodeAddress);
+      try {
+        return await DHDecrypt(symmetricKey, ivAndCipherText);
+      } catch (e) {
+        return ivAndCipherText;
+      }
+    }
+
+    async encrypt(snodeAddress, plainText) {
+      const symmetricKey = this._getSymmetricKey(snodeAddress);
+      return DHEncrypt(symmetricKey, plainText);
+    }
+  }
+
+  const snodeCipher = new LokiSnodeChannel();
+
  window.libloki.crypto = {
+    DHEncrypt,
+    DHDecrypt,
    FallBackSessionCipher,
    FallBackDecryptionError,
+    snodeCipher,
+    // for testing
+    _LokiSnodeChannel: LokiSnodeChannel,
+    _decodeSnodeAddressToBuffer: decodeSnodeAddressToBuffer,
  };
 })();
--- a/libloki/test/index.html
+++ b/libloki/test/index.html
@ -33,6 +33,7 @@
  <script type="text/javascript" src="proof-of-work_test.js"></script>
  <script type="text/javascript" src="service_nodes_test.js"></script>
  <script type="text/javascript" src="storage_test.js"></script>
+  <script type="text/javascript" src="snode_channel_test.js"></script>

  <!-- Comment out to turn off code coverage. Useful for getting real callstacks. -->
  <!--   NOTE: blanket doesn't support modern syntax and will choke until we find a replacement. :0( -->
--- a/libloki/test/snode_channel_test.js
+++ b/libloki/test/snode_channel_test.js
@ -0,0 +1,121 @@
+/* global libloki, Multibase, libsignal, StringView */
+
+'use strict';
+
+function generateSnodeKeysAndAddress() {
+  const keyPair = libsignal.Curve.generateKeyPair();
+  // Signal protocol prepends with "0x05"
+  keyPair.pubKey = keyPair.pubKey.slice(1);
+  let address = Multibase.encode(
+    'base32z',
+    Multibase.Buffer.from(keyPair.pubKey)
+  ).toString();
+  // first letter is the encoding code
+  address = address.substring(1);
+  return { keyPair, address };
+}
+
+describe('Snode Channel', () => {
+  describe('snodeCipher singleton', () => {
+    it('should be defined at libloki.crypto', () => {
+      assert.isDefined(libloki.crypto.snodeCipher);
+      assert.isTrue(
+        libloki.crypto.snodeCipher instanceof libloki.crypto._LokiSnodeChannel
+      );
+    });
+  });
+
+  describe('#decodeSnodeAddressToBuffer', () => {
+    it('should decode a base32z encoded .snode address', () => {
+      const { keyPair, address } = generateSnodeKeysAndAddress();
+
+      const buffer = libloki.crypto._decodeSnodeAddressToBuffer(
+        `http://${address}.snode`
+      );
+
+      const expected = new Uint8Array(keyPair.pubKey);
+      assert.strictEqual(expected.length, 32);
+      assert.strictEqual(buffer.length, 32);
+      for (let i = 0; i < buffer.length; i += 1) {
+        assert.strictEqual(buffer[i], expected[i]);
+      }
+    });
+  });
+
+  describe('#LokiSnodeChannel', () => {
+    it('should generate an ephemeral key pair', () => {
+      const channel = new libloki.crypto._LokiSnodeChannel();
+
+      assert.isDefined(channel._ephemeralKeyPair);
+      assert.isTrue(channel._ephemeralKeyPair.privKey instanceof ArrayBuffer);
+      assert.isTrue(channel._ephemeralKeyPair.pubKey instanceof ArrayBuffer);
+      const pubKeyHex = StringView.arrayBufferToHex(
+        channel._ephemeralKeyPair.pubKey
+      );
+      assert.strictEqual(channel.getChannelPublicKeyHex(), pubKeyHex);
+    });
+
+    it('should cache something by snode address', () => {
+      const { address } = generateSnodeKeysAndAddress();
+
+      const channel = new libloki.crypto._LokiSnodeChannel();
+      // cache should be empty
+      assert.strictEqual(Object.keys(channel._cache).length, 0);
+
+      // push to cache
+      channel._getSymmetricKey(address);
+
+      assert.strictEqual(Object.keys(channel._cache).length, 1);
+      assert.strictEqual(Object.keys(channel._cache)[0], address);
+    });
+
+    it('should encrypt data correctly', async () => {
+      // message sent by Loki Messenger
+      const snode = generateSnodeKeysAndAddress();
+      const messageSent = 'I am Groot';
+      const textEncoder = new TextEncoder();
+      const data = textEncoder.encode(messageSent);
+
+      const channel = new libloki.crypto._LokiSnodeChannel();
+      const encrypted = await channel.encrypt(snode.address, data);
+
+      assert.isTrue(encrypted instanceof Uint8Array);
+
+      // message received by storage server
+      const senderPubKey = StringView.hexToArrayBuffer(
+        channel.getChannelPublicKeyHex()
+      );
+      const symmetricKey = libsignal.Curve.calculateAgreement(
+        senderPubKey,
+        snode.keyPair.privKey
+      );
+      const decrypted = await libloki.crypto.DHDecrypt(symmetricKey, encrypted);
+      const textDecoder = new TextDecoder();
+      const messageReceived = textDecoder.decode(decrypted);
+      assert.strictEqual(messageSent, messageReceived);
+    });
+
+    it('should decrypt data correctly', async () => {
+      const channel = new libloki.crypto._LokiSnodeChannel();
+      // message sent by storage server
+      const snode = generateSnodeKeysAndAddress();
+      const messageSent = 'You are Groot';
+      const textEncoder = new TextEncoder();
+      const data = textEncoder.encode(messageSent);
+      const senderPubKey = StringView.hexToArrayBuffer(
+        channel.getChannelPublicKeyHex()
+      );
+      const symmetricKey = libsignal.Curve.calculateAgreement(
+        senderPubKey,
+        snode.keyPair.privKey
+      );
+      const encrypted = await libloki.crypto.DHEncrypt(symmetricKey, data);
+
+      // message received by Loki Messenger
+      const decrypted = await channel.decrypt(snode.address, encrypted);
+      const textDecoder = new TextDecoder();
+      const messageReceived = textDecoder.decode(decrypted);
+      assert.strictEqual(messageSent, messageReceived);
+    });
+  });
+});
--- a/yarn.lock
+++ b/yarn.lock
@ -758,6 +758,13 @@ balanced-match@^0.4.1, balanced-match@^0.4.2:
  version "0.4.2"
  resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-0.4.2.tgz#cb3f3e3c732dc0f01ee70b403f302e61d7709838"

+base-x@3.0.4:
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/base-x/-/base-x-3.0.4.tgz#94c1788736da065edb1d68808869e357c977fa77"
+  integrity sha512-UYOadoSIkEI/VrRGSG6qp93rp2WdokiAiNYDfGW5qURAY8GiAQkvMbwNNSDYiVJopqv4gCna7xqf4rrNGp+5AA==
+  dependencies:
+    safe-buffer "^5.0.1"
+
 base64-js@^1.0.2:
  version "1.2.0"
  resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.2.0.tgz#a39992d723584811982be5e290bb6a53d86700f1"
@ -5717,6 +5724,13 @@ ms@^2.1.1:
  resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.1.tgz#30a5864eb3ebb0a66f2ebe6d727af06a09d86e0a"
  integrity sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg==

+multibase@^0.6.0:
+  version "0.6.0"
+  resolved "https://registry.yarnpkg.com/multibase/-/multibase-0.6.0.tgz#0216e350614c7456da5e8e5b20d3fcd4c9104f56"
+  integrity sha512-R9bNLQhbD7MsitPm1NeY7w9sDgu6d7cuj25snAWH7k5PSNPSwIQQBpcpj8jx1W96dLbdigZqmUWOdQRMnAmgjA==
+  dependencies:
+    base-x "3.0.4"
+
 multicast-dns-service-types@^1.1.0:
  version "1.1.0"
  resolved "https://registry.yarnpkg.com/multicast-dns-service-types/-/multicast-dns-service-types-1.1.0.tgz#899f11d9686e5e05cb91b35d5f0e63b773cfc901"