signal-desktop/ts/updater/signature.ts

// Copyright 2019 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only

import { createHash } from 'crypto';
import {
  createReadStream,
  readFile as readFileCallback,
  writeFile as writeFileCallback,
} from 'fs';
import { pipeline } from 'stream/promises';
import { basename, dirname, join, resolve as resolvePath } from 'path';

import pify from 'pify';

import { sign, verify } from './curve';

const readFile = pify(readFileCallback);
const writeFile = pify(writeFileCallback);

export async function generateSignature(
  updatePackagePath: string,
  version: string,
  privateKeyPath: string
): Promise<Buffer> {
  const privateKey = await loadHexFromPath(privateKeyPath);
  const message = await generateMessage(updatePackagePath, version);

  return sign(privateKey, message);
}

export async function verifySignature(
  updatePackagePath: string,
  version: string,
  signature: Buffer,
  publicKey: Buffer
): Promise<boolean> {
  const message = await generateMessage(updatePackagePath, version);

  return verify(publicKey, message, signature);
}

// Helper methods

async function generateMessage(
  updatePackagePath: string,
  version: string
): Promise<Buffer> {
  const hash = await _getFileHash(updatePackagePath);
  const messageString = `${Buffer.from(hash).toString('hex')}-${version}`;

  return Buffer.from(messageString);
}

export async function writeSignature(
  updatePackagePath: string,
  version: string,
  privateKeyPath: string
): Promise<Buffer> {
  const signaturePath = getSignaturePath(updatePackagePath);
  const signature = await generateSignature(
    updatePackagePath,
    version,
    privateKeyPath
  );
  await writeHexToPath(signaturePath, signature);

  return signature;
}

export async function _getFileHash(updatePackagePath: string): Promise<Buffer> {
  const hash = createHash('sha256');
  await pipeline(createReadStream(updatePackagePath), hash);

  return hash.digest();
}

export function getSignatureFileName(fileName: string): string {
  return `${fileName}.sig`;
}

export function getSignaturePath(updatePackagePath: string): string {
  const updateFullPath = resolvePath(updatePackagePath);
  const updateDir = dirname(updateFullPath);
  const updateFileName = basename(updateFullPath);

  return join(updateDir, getSignatureFileName(updateFileName));
}

export function hexToBinary(target: string): Buffer {
  return Buffer.from(target, 'hex');
}

export function binaryToHex(data: Buffer): string {
  return Buffer.from(data).toString('hex');
}

export async function loadHexFromPath(target: string): Promise<Buffer> {
  const hexString = await readFile(target, 'utf8');

  return hexToBinary(hexString);
}

export async function writeHexToPath(
  target: string,
  data: Buffer
): Promise<void> {
  await writeFile(target, binaryToHex(data));
}
Remove end year from licenses 2023-01-03 11:55:46 -08:00			`// Copyright 2019 Signal Messenger, LLC`
Add license headers across the project 2020-10-30 15:34:04 -05:00			`// SPDX-License-Identifier: AGPL-3.0-only`

Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`import { createHash } from 'crypto';`
			`import {`
			`createReadStream,`
			`readFile as readFileCallback,`
			`writeFile as writeFileCallback,`
			`} from 'fs';`
Make updates atomic again 2022-03-03 14:34:51 -08:00			`import { pipeline } from 'stream/promises';`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`import { basename, dirname, join, resolve as resolvePath } from 'path';`

			`import pify from 'pify';`

Use curve functions from native module 2019-08-19 15:26:45 -07:00			`import { sign, verify } from './curve';`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00
			`const readFile = pify(readFileCallback);`
			`const writeFile = pify(writeFileCallback);`

			`export async function generateSignature(`
			`updatePackagePath: string,`
			`version: string,`
			`privateKeyPath: string`
Migrate to eslint 2020-09-16 12:31:05 -07:00			`): Promise<Buffer> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`const privateKey = await loadHexFromPath(privateKeyPath);`
			`const message = await generateMessage(updatePackagePath, version);`

			`return sign(privateKey, message);`
			`}`

			`export async function verifySignature(`
			`updatePackagePath: string,`
			`version: string,`
Make updates atomic again 2022-03-03 14:34:51 -08:00			`signature: Buffer,`
Use curve functions from native module 2019-08-19 15:26:45 -07:00			`publicKey: Buffer`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`): Promise<boolean> {`
			`const message = await generateMessage(updatePackagePath, version);`

			`return verify(publicKey, message, signature);`
			`}`

			`// Helper methods`

			`async function generateMessage(`
			`updatePackagePath: string,`
			`version: string`
Use curve functions from native module 2019-08-19 15:26:45 -07:00			`): Promise<Buffer> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`const hash = await _getFileHash(updatePackagePath);`
			const messageString = `${Buffer.from(hash).toString('hex')}-${version}`;

			`return Buffer.from(messageString);`
			`}`

			`export async function writeSignature(`
			`updatePackagePath: string,`
			`version: string,`
			`privateKeyPath: string`
Make updates atomic again 2022-03-03 14:34:51 -08:00			`): Promise<Buffer> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`const signaturePath = getSignaturePath(updatePackagePath);`
			`const signature = await generateSignature(`
			`updatePackagePath,`
			`version,`
			`privateKeyPath`
			`);`
			`await writeHexToPath(signaturePath, signature);`
Make updates atomic again 2022-03-03 14:34:51 -08:00
			`return signature;`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`}`

Use curve functions from native module 2019-08-19 15:26:45 -07:00			`export async function _getFileHash(updatePackagePath: string): Promise<Buffer> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`const hash = createHash('sha256');`
Make updates atomic again 2022-03-03 14:34:51 -08:00			`await pipeline(createReadStream(updatePackagePath), hash);`

			`return hash.digest();`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`}`

Migrate to eslint 2020-09-16 12:31:05 -07:00			`export function getSignatureFileName(fileName: string): string {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			return `${fileName}.sig`;
			`}`

			`export function getSignaturePath(updatePackagePath: string): string {`
			`const updateFullPath = resolvePath(updatePackagePath);`
			`const updateDir = dirname(updateFullPath);`
			`const updateFileName = basename(updateFullPath);`

			`return join(updateDir, getSignatureFileName(updateFileName));`
			`}`

Use curve functions from native module 2019-08-19 15:26:45 -07:00			`export function hexToBinary(target: string): Buffer {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`return Buffer.from(target, 'hex');`
			`}`

Use curve functions from native module 2019-08-19 15:26:45 -07:00			`export function binaryToHex(data: Buffer): string {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`return Buffer.from(data).toString('hex');`
			`}`

Use curve functions from native module 2019-08-19 15:26:45 -07:00			`export async function loadHexFromPath(target: string): Promise<Buffer> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`const hexString = await readFile(target, 'utf8');`

			`return hexToBinary(hexString);`
			`}`

Migrate to eslint 2020-09-16 12:31:05 -07:00			`export async function writeHexToPath(`
			`target: string,`
			`data: Buffer`
			`): Promise<void> {`
Download and install updates without the help of electron-updater 2019-03-28 10:09:26 -07:00			`await writeFile(target, binaryToHex(data));`
			`}`