@protontech/drive-sdk 0.11.0 → 0.12.1

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@protontech/drive-sdk",
-    "version": "0.11.0",
+    "version": "0.12.1",
     "description": "Proton Drive SDK",
     "license": "GPL-3.0",
     "main": "dist/index.js",

package/src/crypto/driveCrypto.test.ts

@@ -68,6 +68,7 @@ describe('DriveCrypto.encryptShareUrlPassword', () => {
             undefined,
             [encryptionKey],
             signingKey,
+            { enableAeadWithEncryptionKeys: false },
         );
     });
 });

package/src/crypto/driveCrypto.ts

@@ -27,6 +27,19 @@ enum SIGNING_CONTEXTS {
  * but we do share same key generation across shares and nodes modules,
  * for example, which we can generelise here and in each module just
  * call with specific arguments.
+ *
+ * Note about AEAD encryption:
+ *
+ * The algorithm of generated session key or encrypted data is defined by
+ * the encryption key preferences. If encryption key was generated with
+ * `aeadProtect` set to true, session key or encrypted data should use
+ * AEAD algorithm.
+ *
+ * However, in Drive, we do not want to use the AEAD algorithm everywhere,
+ * only for file content. Thus, we must pass the `enableAeadWithEncryptionKeys`
+ * flag explicitely to control whether to use the encryption key preferences
+ * to avoid using AEAD on places where it would not be supported. It should
+ * be set to false by default everywhere except for content encryption.
  */
 export class DriveCrypto {
     constructor(
@@ -55,6 +68,7 @@ export class DriveCrypto {
     async generateKey(
         encryptionKeys: PrivateKey[],
         signingKey: PrivateKey,
+        { enableAead }: { enableAead: boolean } = { enableAead: false },
     ): Promise<{
         encrypted: {
             armoredKey: string;
@@ -69,8 +83,9 @@ export class DriveCrypto {
     }> {
         const passphrase = this.openPGPCrypto.generatePassphrase();
         const [{ privateKey, armoredKey }, passphraseSessionKey] = await Promise.all([
-            this.openPGPCrypto.generateKey(passphrase),
-            this.openPGPCrypto.generateSessionKey(encryptionKeys),
+            this.openPGPCrypto.generateKey(passphrase, { enableAead }),
+            // See note in the interface documentation about AEAD encryption.
+            this.openPGPCrypto.generateSessionKey(encryptionKeys, { enableAeadWithEncryptionKeys: false }),
         ]);
 
         const { armoredPassphrase, armoredPassphraseSignature } = await this.encryptPassphrase(
@@ -109,7 +124,10 @@ export class DriveCrypto {
             contentKeyPacketSessionKey: SessionKey;
         };
     }> {
-        const contentKeyPacketSessionKey = await this.openPGPCrypto.generateSessionKey([encryptionKey]);
+        // See note in the interface documentation about AEAD encryption.
+        const contentKeyPacketSessionKey = await this.openPGPCrypto.generateSessionKey([encryptionKey], {
+            enableAeadWithEncryptionKeys: true,
+        });
         const { signature: armoredContentKeyPacketSignature } = await this.openPGPCrypto.signArmored(
             contentKeyPacketSessionKey.data,
             [encryptionKey],
@@ -149,6 +167,8 @@ export class DriveCrypto {
                 sessionKey,
                 encryptionKeys,
                 signingKey,
+                // See note in the interface documentation about AEAD encryption.
+                { enableAeadWithEncryptionKeys: false },
             );
 
         return {
@@ -242,7 +262,13 @@ export class DriveCrypto {
         srp: SRPVerifier;
     }> {
         const [{ armoredData: armoredPassword }, { keyPacket }, srp] = await Promise.all([
-            this.openPGPCrypto.encryptArmored(new TextEncoder().encode(password), [addressKey]),
+            this.openPGPCrypto.encryptArmored(
+                new TextEncoder().encode(password),
+                [addressKey],
+                undefined,
+                // See note in the interface documentation about AEAD encryption.
+                { enableAeadWithEncryptionKeys: false },
+            ),
             this.openPGPCrypto.encryptSessionKeyWithPassword(sharePassphraseSessionKey, bcryptPassphrase),
             this.srpModule.getSrpVerifier(password),
         ]);
@@ -356,6 +382,8 @@ export class DriveCrypto {
             signature,
             [encryptionKey],
             sessionKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: false },
         );
         return {
             armoredSignature,
@@ -381,6 +409,8 @@ export class DriveCrypto {
             undefined,
             [encryptionAndSigningKey],
             encryptionAndSigningKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: false },
         );
         return {
             armoredHashKey,
@@ -420,6 +450,8 @@ export class DriveCrypto {
             sessionKey,
             encryptionKey ? [encryptionKey] : [],
             signingKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: false },
         );
         return {
             armoredNodeName,
@@ -502,7 +534,8 @@ export class DriveCrypto {
             undefined,
             [encryptionKey],
             signingKey,
-            { compress: true },
+            // See note in the interface documentation about AEAD encryption.
+            { compress: true, enableAeadWithEncryptionKeys: false },
         );
         return {
             armoredExtendedAttributes,
@@ -626,8 +659,10 @@ export class DriveCrypto {
             sessionKey,
             [], // Thumbnails use the session key so we do not send encryption key.
             signingKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: true },
         );
-        this.recordPerformance('content_encryption', thumbnailData.length, start);
+        this.recordPerformance('content_encryption', sessionKey, thumbnailData.length, start);
 
         return {
             encryptedData,
@@ -649,7 +684,7 @@ export class DriveCrypto {
             verified,
             verificationErrors,
         } = await this.openPGPCrypto.decryptAndVerify(encryptedThumbnail, sessionKey, verificationKeys);
-        this.recordPerformance('content_decryption', decryptedThumbnail.length, start);
+        this.recordPerformance('content_decryption', sessionKey, decryptedThumbnail.length, start);
         return {
             decryptedThumbnail,
             verified,
@@ -672,8 +707,10 @@ export class DriveCrypto {
             sessionKey,
             [], // Blocks use the session key so we do not send encryption key.
             signingKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: true },
         );
-        this.recordPerformance('content_encryption', blockData.length, start);
+        this.recordPerformance('content_encryption', sessionKey, blockData.length, start);
 
         const { armoredSignature } = await this.encryptSignature(signature, encryptionKey, sessionKey);
 
@@ -689,7 +726,7 @@ export class DriveCrypto {
     ): Promise<Uint8Array<ArrayBuffer>> {
         const start = performance.now();
         const { data: decryptedBlock } = await this.openPGPCrypto.decryptAndVerify(encryptedBlock, sessionKey, []);
-        this.recordPerformance('content_decryption', decryptedBlock.length, start);
+        this.recordPerformance('content_decryption', sessionKey, decryptedBlock.length, start);
 
         return decryptedBlock;
     }
@@ -740,21 +777,25 @@ export class DriveCrypto {
             undefined,
             [encryptionKey],
             signingKey,
+            // See note in the interface documentation about AEAD encryption.
+            { enableAeadWithEncryptionKeys: false },
         );
         return armoredData;
     }
 
     private recordPerformance(
         type: 'content_encryption' | 'content_decryption',
+        sessionKey: SessionKey,
         bytesProcessed: number,
         start: number,
     ) {
         const end = performance.now();
         const duration = end - start;
+        const cryptoModel = sessionKey.aeadAlgorithm ? 'v1.5' : 'v1';
         this.telemetry.recordMetric({
             eventName: 'performance',
             type,
-            cryptoModel: 'v1',
+            cryptoModel,
             bytesProcessed,
             milliseconds: Math.round(duration),
         });

package/src/crypto/interface.ts

@@ -2,7 +2,7 @@
 export interface PublicKey {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     readonly _idx: any;
-        readonly _keyContentHash: [string, string];
+    readonly _keyContentHash: [string, string];
 
     getVersion(): number;
     getFingerprint(): string;
@@ -39,8 +39,8 @@ export interface PrivateKey extends PublicKey {
 
 export interface SessionKey {
     data: Uint8Array<ArrayBuffer>;
-    // eslint-disable-next-line @typescript-eslint/no-explicit-any
-    algorithm: any;
+    algorithm: string | null;
+    aeadAlgorithm: string | null;
 }
 
 export enum VERIFICATION_STATUS {
@@ -91,7 +91,10 @@ export interface OpenPGPCrypto {
      */
     generatePassphrase: () => string;
 
-    generateSessionKey: (encryptionKeys: PublicKey[]) => Promise<SessionKey>;
+    generateSessionKey: (
+        encryptionKeys: PublicKey[],
+        options: { enableAeadWithEncryptionKeys: boolean },
+    ) => Promise<SessionKey>;
 
     encryptSessionKey: (
         sessionKey: SessionKey,
@@ -112,7 +115,10 @@ export interface OpenPGPCrypto {
      *
      * The key pair is generated using the Curve25519 algorithm.
      */
-    generateKey: (passphrase: string) => Promise<{
+    generateKey: (
+        passphrase: string,
+        options: { enableAead: boolean },
+    ) => Promise<{
         privateKey: PrivateKey;
         armoredKey: string;
     }>;
@@ -120,7 +126,8 @@ export interface OpenPGPCrypto {
     encryptArmored: (
         data: Uint8Array<ArrayBuffer>,
         encryptionKeys: PublicKey[],
-        sessionKey?: SessionKey,
+        sessionKey: SessionKey | undefined,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) => Promise<{
         armoredData: string;
     }>;
@@ -130,6 +137,7 @@ export interface OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) => Promise<{
         encryptedData: Uint8Array<ArrayBuffer>;
     }>;
@@ -139,7 +147,7 @@ export interface OpenPGPCrypto {
         sessionKey: SessionKey | undefined,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
-        options?: { compress?: boolean },
+        options: { compress?: boolean; enableAeadWithEncryptionKeys: boolean },
     ) => Promise<{
         armoredData: string;
     }>;
@@ -149,6 +157,7 @@ export interface OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) => Promise<{
         encryptedData: Uint8Array<ArrayBuffer>;
         signature: Uint8Array<ArrayBuffer>;
@@ -159,6 +168,7 @@ export interface OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) => Promise<{
         armoredData: string;
         armoredSignature: string;
@@ -198,7 +208,10 @@ export interface OpenPGPCrypto {
         verificationErrors?: Error[];
     }>;
 
-    decryptSessionKey: (data: Uint8Array<ArrayBuffer>, decryptionKeys: PrivateKey | PrivateKey[]) => Promise<SessionKey>;
+    decryptSessionKey: (
+        data: Uint8Array<ArrayBuffer>,
+        decryptionKeys: PrivateKey | PrivateKey[],
+    ) => Promise<SessionKey>;
 
     decryptArmoredSessionKey: (armoredData: string, decryptionKeys: PrivateKey | PrivateKey[]) => Promise<SessionKey>;
 

package/src/crypto/openPGPCrypto.ts

@@ -8,10 +8,18 @@ import { uint8ArrayToBase64String } from './utils';
  * clients/packages/crypto/lib/proxy/proxy.ts.
  */
 export interface OpenPGPCryptoProxy {
-    generateKey: (options: { userIDs: { name: string }[]; type: 'ecc'; curve: 'ed25519Legacy' }) => Promise<PrivateKey>;
+    generateKey: (options: {
+        userIDs: { name: string }[];
+        type: 'ecc';
+        curve: 'ed25519Legacy';
+        config?: { aeadProtect: boolean };
+    }) => Promise<PrivateKey>;
     exportPrivateKey: (options: { privateKey: PrivateKey; passphrase: string | null }) => Promise<string>;
     importPrivateKey: (options: { armoredKey: string; passphrase: string | null }) => Promise<PrivateKey>;
-    generateSessionKey: (options: { recipientKeys: PublicKey[] }) => Promise<SessionKey>;
+    generateSessionKey: (options: {
+        recipientKeys: PublicKey[];
+        config?: { ignoreSEIPDv2FeatureFlag: boolean };
+    }) => Promise<SessionKey>;
     encryptSessionKey: (
         options: SessionKey & {
             format: 'binary';
@@ -32,6 +40,7 @@ export interface OpenPGPCryptoProxy {
         signingKeys?: PrivateKey;
         detached?: Detached;
         compress?: boolean;
+        config?: { ignoreSEIPDv2FeatureFlag: boolean };
     }) => Promise<
         Detached extends true
             ? {
@@ -93,8 +102,15 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         return uint8ArrayToBase64String(value);
     }
 
-    async generateSessionKey(encryptionKeys: PublicKey[]) {
-        return this.cryptoProxy.generateSessionKey({ recipientKeys: encryptionKeys });
+    async generateSessionKey(encryptionKeys: PublicKey[], options: { enableAeadWithEncryptionKeys: boolean }) {
+        return this.cryptoProxy.generateSessionKey({
+            recipientKeys: encryptionKeys,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the session key will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
+        });
     }
 
     async encryptSessionKey(sessionKey: SessionKey, encryptionKeys: PublicKey | PublicKey[]) {
@@ -119,11 +135,12 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         };
     }
 
-    async generateKey(passphrase: string) {
+    async generateKey(passphrase: string, options: { enableAead: boolean }) {
         const privateKey = await this.cryptoProxy.generateKey({
             userIDs: [{ name: 'Drive key' }],
             type: 'ecc',
             curve: 'ed25519Legacy',
+            config: { aeadProtect: options.enableAead },
         });
 
         const armoredKey = await this.cryptoProxy.exportPrivateKey({
@@ -137,11 +154,21 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         };
     }
 
-    async encryptArmored(data: Uint8Array<ArrayBuffer>, encryptionKeys: PublicKey[], sessionKey?: SessionKey) {
+    async encryptArmored(
+        data: Uint8Array<ArrayBuffer>,
+        encryptionKeys: PublicKey[],
+        sessionKey: SessionKey | undefined,
+        options: { enableAeadWithEncryptionKeys: boolean },
+    ) {
         const { message: armoredData } = await this.cryptoProxy.encryptMessage({
             binaryData: data,
             sessionKey,
             encryptionKeys,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the encrypted data will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
         });
         return {
             armoredData: armoredData,
@@ -153,6 +180,7 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { compress?: boolean; enableAeadWithEncryptionKeys: boolean },
     ) {
         const { message: encryptedData } = await this.cryptoProxy.encryptMessage({
             binaryData: data,
@@ -161,6 +189,11 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             encryptionKeys,
             format: 'binary',
             detached: false,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the encrypted data will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
         });
         return {
             encryptedData: encryptedData,
@@ -172,7 +205,7 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         sessionKey: SessionKey | undefined,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
-        options: { compress?: boolean } = {},
+        options: { compress?: boolean; enableAeadWithEncryptionKeys: boolean },
     ) {
         const { message: armoredData } = await this.cryptoProxy.encryptMessage({
             binaryData: data,
@@ -181,6 +214,11 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             signingKeys: signingKey,
             detached: false,
             compress: options.compress || false,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the encrypted data will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
         });
         return {
             armoredData: armoredData,
@@ -192,6 +230,7 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) {
         const { message: encryptedData, signature } = await this.cryptoProxy.encryptMessage({
             binaryData: data,
@@ -200,6 +239,11 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             encryptionKeys,
             format: 'binary',
             detached: true,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the encrypted data will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
         });
         return {
             encryptedData: encryptedData,
@@ -212,6 +256,7 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         sessionKey: SessionKey,
         encryptionKeys: PublicKey[],
         signingKey: PrivateKey,
+        options: { enableAeadWithEncryptionKeys: boolean },
     ) {
         const { message: armoredData, signature: armoredSignature } = await this.cryptoProxy.encryptMessage({
             binaryData: data,
@@ -219,6 +264,11 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             signingKeys: signingKey,
             encryptionKeys,
             detached: true,
+            // `ignoreSEIPDv2FeatureFlag` means that the key preferences are
+            // ignored. If set to `true`, the encrypted data will be generated
+            // the standard non-AEAD algorithm. If set to `false`, the session
+            // key will always follow the encryption key preferences.
+            config: { ignoreSEIPDv2FeatureFlag: !options.enableAeadWithEncryptionKeys },
         });
         return {
             armoredData: armoredData,
@@ -251,7 +301,11 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
         };
     }
 
-    async verify(data: Uint8Array<ArrayBuffer>, signature: Uint8Array<ArrayBuffer>, verificationKeys: PublicKey | PublicKey[]) {
+    async verify(
+        data: Uint8Array<ArrayBuffer>,
+        signature: Uint8Array<ArrayBuffer>,
+        verificationKeys: PublicKey | PublicKey[],
+    ) {
         const { verificationStatus, errors } = await this.cryptoProxy.verifyMessage({
             binaryData: data,
             binarySignature: signature,
@@ -292,6 +346,12 @@ export class OpenPGPCryptoWithCryptoProxy implements OpenPGPCrypto {
             throw new Error('Could not decrypt session key');
         }
 
+        // Encrypted OpenPGP v6 session keys used for AEAD do not store algorithm information, so we hardcode it
+        if (sessionKey.algorithm === null) {
+            sessionKey.algorithm = 'aes256';
+            sessionKey.aeadAlgorithm = 'gcm';
+        }
+
         return sessionKey;
     }
 

package/src/interface/featureFlags.ts

@@ -3,5 +3,9 @@
  * Applications must supply their own implementation.
  */
 export interface FeatureFlagProvider {
-    isEnabled(flagName: string, signal?: AbortSignal): Promise<boolean>;
+    isEnabled(flagName: FeatureFlags, signal?: AbortSignal): Promise<boolean>;
+}
+
+export enum FeatureFlags {
+    DriveCryptoEncryptBlocksWithPgpAead = 'DriveCryptoEncryptBlocksWithPgpAead',
 }

package/src/interface/index.ts

@@ -14,6 +14,7 @@ export type { Author, UnverifiedAuthorError, AnonymousUser } from './author';
 export type { ProtonDriveConfig } from './config';
 export type { Device, DeviceOrUid } from './devices';
 export type { FeatureFlagProvider } from './featureFlags';
+export { FeatureFlags } from './featureFlags';
 export { DeviceType } from './devices';
 export type { FileDownloader, DownloadController, SeekableReadableStream } from './download';
 export type {

package/src/internal/photos/index.ts

@@ -1,5 +1,6 @@
 import { DriveCrypto } from '../../crypto';
 import {
+    FeatureFlagProvider,
     ProtonDriveAccount,
     ProtonDriveCryptoCache,
     ProtonDriveEntitiesCache,
@@ -148,10 +149,11 @@ export function initPhotoUploadModule(
     driveCrypto: DriveCrypto,
     sharesService: SharesService,
     nodesService: UploadNodesService,
+    featureFlagProvider: FeatureFlagProvider,
     clientUid?: string,
 ) {
     const api = new PhotoUploadAPIService(apiService, clientUid);
-    const cryptoService = new PhotoUploadCryptoService(driveCrypto, nodesService);
+    const cryptoService = new PhotoUploadCryptoService(telemetry, driveCrypto, nodesService, featureFlagProvider);
 
     const uploadTelemetry = new UploadTelemetry(telemetry, sharesService);
     const manager = new PhotoUploadManager(telemetry, api, cryptoService, nodesService, clientUid);

package/src/internal/photos/upload.ts

@@ -1,5 +1,5 @@
 import { DriveCrypto } from '../../crypto';
-import { ProtonDriveTelemetry, UploadMetadata, Thumbnail, AnonymousUser } from '../../interface';
+import { ProtonDriveTelemetry, UploadMetadata, Thumbnail, AnonymousUser, FeatureFlagProvider } from '../../interface';
 import { DriveAPIService, drivePaths } from '../apiService';
 import { generateFileExtendedAttributes } from '../nodes';
 import { splitNodeRevisionUid } from '../uids';
@@ -162,7 +162,10 @@ export class PhotoUploadManager extends UploadManager {
         }
 
         // TODO: handle photo extended attributes in the SDK - now it must be passed from the client
-        const generatedExtendedAttributes = generateFileExtendedAttributes(extendedAttributes, uploadMetadata.additionalMetadata);
+        const generatedExtendedAttributes = generateFileExtendedAttributes(
+            extendedAttributes,
+            uploadMetadata.additionalMetadata,
+        );
         const nodeCommitCrypto = await this.cryptoService.commitFile(
             nodeRevisionDraft.nodeKeys,
             manifest,
@@ -170,13 +173,16 @@ export class PhotoUploadManager extends UploadManager {
         );
 
         const sha1 = extendedAttributes.digests.sha1;
-        const contentHash = await this.photoCryptoService.generateContentHash(sha1, nodeRevisionDraft.parentNodeKeys?.hashKey);
+        const contentHash = await this.photoCryptoService.generateContentHash(
+            sha1,
+            nodeRevisionDraft.parentNodeKeys?.hashKey,
+        );
         const photo = {
             contentHash,
-            captureTime: uploadMetadata.captureTime || extendedAttributes.modificationTime,
+            captureTime: uploadMetadata.captureTime || extendedAttributes.modificationTime,
             mainPhotoLinkID: uploadMetadata.mainPhotoLinkID,
             tags: uploadMetadata.tags,
-        }
+        };
         await this.photoApiService.commitDraftPhoto(nodeRevisionDraft.nodeRevisionUid, nodeCommitCrypto, photo);
         await this.notifyNodeUploaded(nodeRevisionDraft);
     }
@@ -184,10 +190,12 @@ export class PhotoUploadManager extends UploadManager {
 
 export class PhotoUploadCryptoService extends UploadCryptoService {
     constructor(
+        telemetry: ProtonDriveTelemetry,
         driveCrypto: DriveCrypto,
         nodesService: NodesService,
+        featureFlagProvider: FeatureFlagProvider,
     ) {
-        super(driveCrypto, nodesService);
+        super(telemetry, driveCrypto, nodesService, featureFlagProvider);
     }
 
     async generateContentHash(sha1: string, parentHashKey: Uint8Array<ArrayBuffer>): Promise<string> {

package/src/internal/sharingPublic/nodes.ts

@@ -86,12 +86,19 @@ export class SharingPublicNodesAPIService extends NodeAPIService {
         const nodeUid = makeNodeUid(volumeId, link.Link.LinkID);
         const encryptedNode = linkToEncryptedNode(this.logger, volumeId, link, isOwnVolumeId);
 
-        // TEMPORARY: Inject public permissions for the root node only.
-        // This ensures the root node has the correct directRole instead of
-        // incorrectly falling back to 'admin' due to null DirectPermissions.
-        // May be fixed by backend later.
+        // TODO: This affects the cache. At this moment, the public link is not cached
+        // anywhere, thus OK. To avoid issues when public links reuses the same cache,
+        // we need to move this either to the interface of given instance, or leave
+        // this as a responsibility to the client.
         if (this.publicRootNodeUid === nodeUid) {
+            // Inject public permissions for the root node only.
+            // This ensures the root node has the correct directRole instead of
+            // incorrectly falling back to 'admin' due to null DirectPermissions.
             encryptedNode.directRole = this.publicRole;
+            // This prevent to have parentUid in case user visited parent folder public link of a public link
+            // Since the session got permissions to get the parentNode,
+            // when visiting children it will return the parentLinkID in links request.
+            encryptedNode.parentUid = undefined;
         }
 
         return encryptedNode;

package/src/internal/upload/cryptoService.ts

@@ -2,7 +2,14 @@ import { c } from 'ttag';
 
 import { DriveCrypto, PrivateKey, SessionKey } from '../../crypto';
 import { IntegrityError } from '../../errors';
-import { Thumbnail, AnonymousUser } from '../../interface';
+import {
+    Thumbnail,
+    AnonymousUser,
+    FeatureFlagProvider,
+    FeatureFlags,
+    ProtonDriveTelemetry,
+    Logger,
+} from '../../interface';
 import {
     EncryptedBlock,
     EncryptedThumbnail,
@@ -13,12 +20,18 @@ import {
 } from './interface';
 
 export class UploadCryptoService {
+    protected logger: Logger;
+
     constructor(
+        telemetry: ProtonDriveTelemetry,
         protected driveCrypto: DriveCrypto,
         protected nodesService: NodesService,
+        protected featureFlagProvider: FeatureFlagProvider,
     ) {
+        this.logger = telemetry.getLogger('upload');
         this.driveCrypto = driveCrypto;
         this.nodesService = nodesService;
+        this.featureFlagProvider = featureFlagProvider;
     }
 
     async generateFileCrypto(
@@ -26,6 +39,13 @@ export class UploadCryptoService {
         parentKeys: { key: PrivateKey; hashKey: Uint8Array<ArrayBuffer> },
         name: string,
     ): Promise<NodeCrypto> {
+        const useAeadFeatureFlag = await this.featureFlagProvider.isEnabled(
+            FeatureFlags.DriveCryptoEncryptBlocksWithPgpAead,
+        );
+        if (useAeadFeatureFlag) {
+            this.logger.info('Generating file crypto with AEAD enabled');
+        }
+
         const signingKeys = await this.getSigningKeys({ parentNodeUid: parentUid });
 
         if (!signingKeys.nameAndPassphraseSigningKey) {
@@ -33,7 +53,9 @@ export class UploadCryptoService {
         }
 
         const [nodeKeys, { armoredNodeName }, hash] = await Promise.all([
-            this.driveCrypto.generateKey([parentKeys.key], signingKeys.nameAndPassphraseSigningKey),
+            this.driveCrypto.generateKey([parentKeys.key], signingKeys.nameAndPassphraseSigningKey, {
+                enableAead: useAeadFeatureFlag,
+            }),
             this.driveCrypto.encryptNodeName(name, undefined, parentKeys.key, signingKeys.nameAndPassphraseSigningKey),
             this.driveCrypto.generateLookupHash(name, parentKeys.hashKey),
         ]);