Padded attachments, attachments v2
* Handle incoming padded attachments * Attachments v2 - multipart form POST, and direct CDN GET access * Pad outgoing attachments before encryption (disabled for now)
This commit is contained in:
Scott Nonnenberg
parent
4a8e0bd466
commit
26a3342d2a
7 changed files with 519 additions and 105 deletions
|
|
@ -5,6 +5,7 @@
|
|||
|
||||
module.exports = {
|
||||
arrayBufferToBase64,
|
||||
typedArrayToArrayBuffer,
|
||||
base64ToArrayBuffer,
|
||||
bytesFromString,
|
||||
concatenateBytes,
|
||||
|
|
@ -22,6 +23,7 @@ module.exports = {
|
|||
encryptSymmetric,
|
||||
fromEncodedBinaryToArrayBuffer,
|
||||
getAccessKeyVerifier,
|
||||
getFirstBytes,
|
||||
getRandomBytes,
|
||||
getViewOfArrayBuffer,
|
||||
getZeroes,
|
||||
|
|
@ -34,6 +36,11 @@ module.exports = {
|
|||
verifyAccessKey,
|
||||
};
|
||||
|
||||
function typedArrayToArrayBuffer(typedArray) {
|
||||
const { buffer, byteOffset, byteLength } = typedArray;
|
||||
return buffer.slice(byteOffset, byteLength + byteOffset);
|
||||
}
|
||||
|
||||
function arrayBufferToBase64(arrayBuffer) {
|
||||
return dcodeIO.ByteBuffer.wrap(arrayBuffer).toString('base64');
|
||||
}
|
||||
|
|
@ -63,7 +70,7 @@ async function encryptDeviceName(deviceName, identityPublic) {
|
|||
);
|
||||
|
||||
const key1 = await hmacSha256(masterSecret, bytesFromString('auth'));
|
||||
const syntheticIv = _getFirstBytes(await hmacSha256(key1, plaintext), 16);
|
||||
const syntheticIv = getFirstBytes(await hmacSha256(key1, plaintext), 16);
|
||||
|
||||
const key2 = await hmacSha256(masterSecret, bytesFromString('cipher'));
|
||||
const cipherKey = await hmacSha256(key2, syntheticIv);
|
||||
|
|
@ -94,7 +101,7 @@ async function decryptDeviceName(
|
|||
const plaintext = await decryptAesCtr(cipherKey, ciphertext, counter);
|
||||
|
||||
const key1 = await hmacSha256(masterSecret, bytesFromString('auth'));
|
||||
const ourSyntheticIv = _getFirstBytes(await hmacSha256(key1, plaintext), 16);
|
||||
const ourSyntheticIv = getFirstBytes(await hmacSha256(key1, plaintext), 16);
|
||||
|
||||
if (!constantTimeEqual(ourSyntheticIv, syntheticIv)) {
|
||||
throw new Error('decryptDeviceName: synthetic IV did not match');
|
||||
|
|
@ -133,7 +140,7 @@ async function encryptFile(staticPublicKey, uniqueId, plaintext) {
|
|||
}
|
||||
|
||||
async function decryptFile(staticPrivateKey, uniqueId, data) {
|
||||
const ephemeralPublicKey = _getFirstBytes(data, PUB_KEY_LENGTH);
|
||||
const ephemeralPublicKey = getFirstBytes(data, PUB_KEY_LENGTH);
|
||||
const ciphertext = _getBytes(data, PUB_KEY_LENGTH, data.byteLength);
|
||||
const agreement = await libsignal.Curve.async.calculateAgreement(
|
||||
ephemeralPublicKey,
|
||||
|
|
@ -149,7 +156,7 @@ async function deriveAccessKey(profileKey) {
|
|||
const iv = getZeroes(12);
|
||||
const plaintext = getZeroes(16);
|
||||
const accessKey = await _encrypt_aes_gcm(profileKey, iv, plaintext);
|
||||
return _getFirstBytes(accessKey, 16);
|
||||
return getFirstBytes(accessKey, 16);
|
||||
}
|
||||
|
||||
async function getAccessKeyVerifier(accessKey) {
|
||||
|
|
@ -185,7 +192,7 @@ async function encryptSymmetric(key, plaintext) {
|
|||
iv,
|
||||
plaintext
|
||||
);
|
||||
const mac = _getFirstBytes(await hmacSha256(macKey, cipherText), MAC_LENGTH);
|
||||
const mac = getFirstBytes(await hmacSha256(macKey, cipherText), MAC_LENGTH);
|
||||
|
||||
return concatenateBytes(nonce, cipherText, mac);
|
||||
}
|
||||
|
|
@ -193,7 +200,7 @@ async function encryptSymmetric(key, plaintext) {
|
|||
async function decryptSymmetric(key, data) {
|
||||
const iv = getZeroes(IV_LENGTH);
|
||||
|
||||
const nonce = _getFirstBytes(data, NONCE_LENGTH);
|
||||
const nonce = getFirstBytes(data, NONCE_LENGTH);
|
||||
const cipherText = _getBytes(
|
||||
data,
|
||||
NONCE_LENGTH,
|
||||
|
|
@ -204,7 +211,7 @@ async function decryptSymmetric(key, data) {
|
|||
const cipherKey = await hmacSha256(key, nonce);
|
||||
const macKey = await hmacSha256(key, cipherKey);
|
||||
|
||||
const ourMac = _getFirstBytes(
|
||||
const ourMac = getFirstBytes(
|
||||
await hmacSha256(macKey, cipherText),
|
||||
MAC_LENGTH
|
||||
);
|
||||
|
|
@ -379,7 +386,7 @@ function intsToByteHighAndLow(highValue, lowValue) {
|
|||
}
|
||||
|
||||
function trimBytes(buffer, length) {
|
||||
return _getFirstBytes(buffer, length);
|
||||
return getFirstBytes(buffer, length);
|
||||
}
|
||||
|
||||
function getViewOfArrayBuffer(buffer, start, finish) {
|
||||
|
|
@ -437,13 +444,13 @@ function splitBytes(buffer, ...lengths) {
|
|||
return results;
|
||||
}
|
||||
|
||||
// Internal-only
|
||||
|
||||
function _getFirstBytes(data, n) {
|
||||
function getFirstBytes(data, n) {
|
||||
const source = new Uint8Array(data);
|
||||
return source.subarray(0, n);
|
||||
}
|
||||
|
||||
// Internal-only
|
||||
|
||||
function _getBytes(data, start, n) {
|
||||
const source = new Uint8Array(data);
|
||||
return source.subarray(start, start + n);
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ const { Agent } = require('https');
|
|||
|
||||
const is = require('@sindresorhus/is');
|
||||
|
||||
/* global Buffer, setTimeout, log, _ */
|
||||
/* global Buffer, setTimeout, log, _, getGuid */
|
||||
|
||||
/* eslint-disable more/no-then, no-bitwise, no-nested-ternary */
|
||||
|
||||
|
|
@ -388,7 +388,7 @@ const URL_CALLS = {
|
|||
accounts: 'v1/accounts',
|
||||
updateDeviceName: 'v1/accounts/name',
|
||||
removeSignalingKey: 'v1/accounts/signaling_key',
|
||||
attachment: 'v1/attachments',
|
||||
attachmentId: 'v2/attachments/form/upload',
|
||||
deliveryCert: 'v1/certificate/delivery',
|
||||
supportUnauthenticatedDelivery: 'v1/devices/unauthenticated_delivery',
|
||||
devices: 'v1/devices',
|
||||
|
|
@ -834,41 +834,88 @@ function initialize({
|
|||
});
|
||||
}
|
||||
|
||||
function getAttachment(id) {
|
||||
return _ajax({
|
||||
call: 'attachment',
|
||||
httpType: 'GET',
|
||||
urlParameters: `/${id}`,
|
||||
responseType: 'json',
|
||||
validateResponse: { location: 'string' },
|
||||
}).then(response =>
|
||||
// Using _outerAJAX, since it's not hardcoded to the Signal Server
|
||||
_outerAjax(response.location, {
|
||||
contentType: 'application/octet-stream',
|
||||
proxyUrl,
|
||||
responseType: 'arraybuffer',
|
||||
timeout: 0,
|
||||
type: 'GET',
|
||||
})
|
||||
);
|
||||
async function getAttachment(id) {
|
||||
// This is going to the CDN, not the service, so we use _outerAjax
|
||||
return _outerAjax(`${cdnUrl}/attachments/${id}`, {
|
||||
certificateAuthority,
|
||||
proxyUrl,
|
||||
responseType: 'arraybuffer',
|
||||
timeout: 0,
|
||||
type: 'GET',
|
||||
});
|
||||
}
|
||||
|
||||
function putAttachment(encryptedBin) {
|
||||
return _ajax({
|
||||
call: 'attachment',
|
||||
async function putAttachment(encryptedBin) {
|
||||
const response = await _ajax({
|
||||
call: 'attachmentId',
|
||||
httpType: 'GET',
|
||||
responseType: 'json',
|
||||
}).then(response =>
|
||||
// Using _outerAJAX, since it's not hardcoded to the Signal Server
|
||||
_outerAjax(response.location, {
|
||||
contentType: 'application/octet-stream',
|
||||
data: encryptedBin,
|
||||
processData: false,
|
||||
proxyUrl,
|
||||
timeout: 0,
|
||||
type: 'PUT',
|
||||
}).then(() => response.idString)
|
||||
});
|
||||
|
||||
const {
|
||||
key,
|
||||
credential,
|
||||
acl,
|
||||
algorithm,
|
||||
date,
|
||||
policy,
|
||||
signature,
|
||||
attachmentIdString,
|
||||
} = response;
|
||||
|
||||
// Note: when using the boundary string in the POST body, it needs to be prefixed by
|
||||
// an extra --, and the final boundary string at the end gets a -- prefix and a --
|
||||
// suffix.
|
||||
const boundaryString = `----------------${getGuid().replace(/-/g, '')}`;
|
||||
const CRLF = '\r\n';
|
||||
const getSection = (name, value) =>
|
||||
[
|
||||
`--${boundaryString}`,
|
||||
`Content-Disposition: form-data; name="${name}"${CRLF}`,
|
||||
value,
|
||||
].join(CRLF);
|
||||
|
||||
const start = [
|
||||
getSection('key', key),
|
||||
getSection('x-amz-credential', credential),
|
||||
getSection('acl', acl),
|
||||
getSection('x-amz-algorithm', algorithm),
|
||||
getSection('x-amz-date', date),
|
||||
getSection('policy', policy),
|
||||
getSection('x-amz-signature', signature),
|
||||
getSection('Content-Type', 'application/octet-stream'),
|
||||
`--${boundaryString}`,
|
||||
'Content-Disposition: form-data; name="file"',
|
||||
`Content-Type: application/octet-stream${CRLF}${CRLF}`,
|
||||
].join(CRLF);
|
||||
const end = `${CRLF}--${boundaryString}--${CRLF}`;
|
||||
|
||||
const startBuffer = Buffer.from(start, 'utf8');
|
||||
const attachmentBuffer = Buffer.from(encryptedBin);
|
||||
const endBuffer = Buffer.from(end, 'utf8');
|
||||
|
||||
const contentLength =
|
||||
startBuffer.length + attachmentBuffer.length + endBuffer.length;
|
||||
const data = Buffer.concat(
|
||||
[startBuffer, attachmentBuffer, endBuffer],
|
||||
contentLength
|
||||
);
|
||||
|
||||
// This is going to the CDN, not the service, so we use _outerAjax
|
||||
await _outerAjax(`${cdnUrl}/attachments/`, {
|
||||
certificateAuthority,
|
||||
contentType: `multipart/form-data; boundary=${boundaryString}`,
|
||||
data,
|
||||
proxyUrl,
|
||||
timeout: 0,
|
||||
type: 'POST',
|
||||
headers: {
|
||||
'Content-Length': contentLength,
|
||||
},
|
||||
processData: false,
|
||||
});
|
||||
|
||||
return attachmentIdString;
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-shadow
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue