@unwanted/matrix-sdk-mini 34.12.0-2 → 34.12.0-4

package/lib/utils/encryptAESSecretStorageItem.js

@@ -1,68 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { decodeBase64, encodeBase64 } from "../base64.js";
-import { deriveKeys } from "./internal/deriveKeys.js";
-/**
- * Encrypt a string as a secret storage item, using AES-CTR.
- *
- * @param data - the plaintext to encrypt
- * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for
- *    encryption. Obviously, the same key must be provided when decrypting.
- * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,
- *    so again the same value must be provided when decrypting.
- * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.
- *
- * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,
- *   or generated), and an HMAC on the ciphertext — all base64-encoded.
- */
-export default function encryptAESSecretStorageItem(_x, _x2, _x3, _x4) {
-  return _encryptAESSecretStorageItem.apply(this, arguments);
-}
-function _encryptAESSecretStorageItem() {
-  _encryptAESSecretStorageItem = _asyncToGenerator(function* (data, key, name, ivStr) {
-    var iv;
-    if (ivStr) {
-      iv = decodeBase64(ivStr);
-    } else {
-      iv = new Uint8Array(16);
-      globalThis.crypto.getRandomValues(iv);
-
-      // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary
-      // (which would mean we wouldn't be able to decrypt on Android). The loss
-      // of a single bit of iv is a price we have to pay.
-      iv[8] &= 0x7f;
-    }
-    var [aesKey, hmacKey] = yield deriveKeys(key, name);
-    var encodedData = new TextEncoder().encode(data);
-    var ciphertext = yield globalThis.crypto.subtle.encrypt({
-      name: "AES-CTR",
-      counter: iv,
-      length: 64
-    }, aesKey, encodedData);
-    var hmac = yield globalThis.crypto.subtle.sign({
-      name: "HMAC"
-    }, hmacKey, ciphertext);
-    return {
-      iv: encodeBase64(iv),
-      ciphertext: encodeBase64(ciphertext),
-      mac: encodeBase64(hmac)
-    };
-  });
-  return _encryptAESSecretStorageItem.apply(this, arguments);
-}
-//# sourceMappingURL=encryptAESSecretStorageItem.js.map

package/lib/utils/encryptAESSecretStorageItem.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"encryptAESSecretStorageItem.js","names":["decodeBase64","encodeBase64","deriveKeys","encryptAESSecretStorageItem","_x","_x2","_x3","_x4","_encryptAESSecretStorageItem","apply","arguments","_asyncToGenerator","data","key","name","ivStr","iv","Uint8Array","globalThis","crypto","getRandomValues","aesKey","hmacKey","encodedData","TextEncoder","encode","ciphertext","subtle","encrypt","counter","length","hmac","sign","mac"],"sources":["../../src/utils/encryptAESSecretStorageItem.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { decodeBase64, encodeBase64 } from \"../base64.ts\";\nimport { deriveKeys } from \"./internal/deriveKeys.ts\";\nimport { AESEncryptedSecretStoragePayload } from \"../@types/AESEncryptedSecretStoragePayload.ts\";\n\n/**\n * Encrypt a string as a secret storage item, using AES-CTR.\n *\n * @param data - the plaintext to encrypt\n * @param key - the encryption key to use as an input to the HKDF function which is used to derive the AES key for\n *    encryption. Obviously, the same key must be provided when decrypting.\n * @param name - the name of the secret. Used as an input to the HKDF operation which is used to derive the AES key,\n *    so again the same value must be provided when decrypting.\n * @param ivStr - the base64-encoded initialization vector to use. If not supplied, a random one will be generated.\n *\n * @returns The encrypted result, including the ciphertext itself, the initialization vector (as supplied in `ivStr`,\n *   or generated), and an HMAC on the ciphertext — all base64-encoded.\n */\nexport default async function encryptAESSecretStorageItem(\n    data: string,\n    key: Uint8Array,\n    name: string,\n    ivStr?: string,\n): Promise<AESEncryptedSecretStoragePayload> {\n    let iv: Uint8Array;\n    if (ivStr) {\n        iv = decodeBase64(ivStr);\n    } else {\n        iv = new Uint8Array(16);\n        globalThis.crypto.getRandomValues(iv);\n\n        // clear bit 63 of the IV to stop us hitting the 64-bit counter boundary\n        // (which would mean we wouldn't be able to decrypt on Android). The loss\n        // of a single bit of iv is a price we have to pay.\n        iv[8] &= 0x7f;\n    }\n\n    const [aesKey, hmacKey] = await deriveKeys(key, name);\n    const encodedData = new TextEncoder().encode(data);\n\n    const ciphertext = await globalThis.crypto.subtle.encrypt(\n        {\n            name: \"AES-CTR\",\n            counter: iv,\n            length: 64,\n        },\n        aesKey,\n        encodedData,\n    );\n\n    const hmac = await globalThis.crypto.subtle.sign({ name: \"HMAC\" }, hmacKey, ciphertext);\n\n    return {\n        iv: encodeBase64(iv),\n        ciphertext: encodeBase64(ciphertext),\n        mac: encodeBase64(hmac),\n    };\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,YAAY,EAAEC,YAAY,QAAQ,cAAc;AACzD,SAASC,UAAU,QAAQ,0BAA0B;AAGrD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAA8BC,2BAA2BA,CAAAC,EAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAuCxD,SAAAF,6BAAA;EAAAA,4BAAA,GAAAG,iBAAA,CAvCc,WACXC,IAAY,EACZC,GAAe,EACfC,IAAY,EACZC,KAAc,EAC2B;IACzC,IAAIC,EAAc;IAClB,IAAID,KAAK,EAAE;MACPC,EAAE,GAAGhB,YAAY,CAACe,KAAK,CAAC;IAC5B,CAAC,MAAM;MACHC,EAAE,GAAG,IAAIC,UAAU,CAAC,EAAE,CAAC;MACvBC,UAAU,CAACC,MAAM,CAACC,eAAe,CAACJ,EAAE,CAAC;;MAErC;MACA;MACA;MACAA,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI;IACjB;IAEA,IAAM,CAACK,MAAM,EAAEC,OAAO,CAAC,SAASpB,UAAU,CAACW,GAAG,EAAEC,IAAI,CAAC;IACrD,IAAMS,WAAW,GAAG,IAAIC,WAAW,CAAC,CAAC,CAACC,MAAM,CAACb,IAAI,CAAC;IAElD,IAAMc,UAAU,SAASR,UAAU,CAACC,MAAM,CAACQ,MAAM,CAACC,OAAO,CACrD;MACId,IAAI,EAAE,SAAS;MACfe,OAAO,EAAEb,EAAE;MACXc,MAAM,EAAE;IACZ,CAAC,EACDT,MAAM,EACNE,WACJ,CAAC;IAED,IAAMQ,IAAI,SAASb,UAAU,CAACC,MAAM,CAACQ,MAAM,CAACK,IAAI,CAAC;MAAElB,IAAI,EAAE;IAAO,CAAC,EAAEQ,OAAO,EAAEI,UAAU,CAAC;IAEvF,OAAO;MACHV,EAAE,EAAEf,YAAY,CAACe,EAAE,CAAC;MACpBU,UAAU,EAAEzB,YAAY,CAACyB,UAAU,CAAC;MACpCO,GAAG,EAAEhC,YAAY,CAAC8B,IAAI;IAC1B,CAAC;EACL,CAAC;EAAA,OAAAvB,4BAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/lib/utils/internal/deriveKeys.d.ts

@@ -1,10 +0,0 @@
-/**
- * Derive AES and HMAC keys from a master key.
- *
- * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).
- *
- * @param key
- * @param name
- */
-export declare function deriveKeys(key: Uint8Array, name: string): Promise<[CryptoKey, CryptoKey]>;
-//# sourceMappingURL=deriveKeys.d.ts.map

package/lib/utils/internal/deriveKeys.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"deriveKeys.d.ts","sourceRoot":"","sources":["../../../src/utils/internal/deriveKeys.ts"],"names":[],"mappings":"AAmBA;;;;;;;GAOG;AACH,wBAAsB,UAAU,CAAC,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAmC/F"}

package/lib/utils/internal/deriveKeys.js

@@ -1,60 +0,0 @@
-import _asyncToGenerator from "@babel/runtime/helpers/asyncToGenerator";
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-// salt for HKDF, with 8 bytes of zeros
-var zeroSalt = new Uint8Array(8);
-
-/**
- * Derive AES and HMAC keys from a master key.
- *
- * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).
- *
- * @param key
- * @param name
- */
-export function deriveKeys(_x, _x2) {
-  return _deriveKeys.apply(this, arguments);
-}
-function _deriveKeys() {
-  _deriveKeys = _asyncToGenerator(function* (key, name) {
-    var hkdfkey = yield globalThis.crypto.subtle.importKey("raw", key, {
-      name: "HKDF"
-    }, false, ["deriveBits"]);
-    var keybits = yield globalThis.crypto.subtle.deriveBits({
-      name: "HKDF",
-      salt: zeroSalt,
-      // eslint-disable-next-line @typescript-eslint/ban-ts-comment
-      // @ts-ignore: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/879
-      info: new TextEncoder().encode(name),
-      hash: "SHA-256"
-    }, hkdfkey, 512);
-    var aesKey = keybits.slice(0, 32);
-    var hmacKey = keybits.slice(32);
-    var aesProm = globalThis.crypto.subtle.importKey("raw", aesKey, {
-      name: "AES-CTR"
-    }, false, ["encrypt", "decrypt"]);
-    var hmacProm = globalThis.crypto.subtle.importKey("raw", hmacKey, {
-      name: "HMAC",
-      hash: {
-        name: "SHA-256"
-      }
-    }, false, ["sign", "verify"]);
-    return Promise.all([aesProm, hmacProm]);
-  });
-  return _deriveKeys.apply(this, arguments);
-}
-//# sourceMappingURL=deriveKeys.js.map

package/lib/utils/internal/deriveKeys.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"deriveKeys.js","names":["zeroSalt","Uint8Array","deriveKeys","_x","_x2","_deriveKeys","apply","arguments","_asyncToGenerator","key","name","hkdfkey","globalThis","crypto","subtle","importKey","keybits","deriveBits","salt","info","TextEncoder","encode","hash","aesKey","slice","hmacKey","aesProm","hmacProm","Promise","all"],"sources":["../../../src/utils/internal/deriveKeys.ts"],"sourcesContent":["/*\n * Copyright 2024 The Matrix.org Foundation C.I.C.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n *     http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\n// salt for HKDF, with 8 bytes of zeros\nconst zeroSalt = new Uint8Array(8);\n\n/**\n * Derive AES and HMAC keys from a master key.\n *\n * This is used for deriving secret storage keys: see https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2 (step 1).\n *\n * @param key\n * @param name\n */\nexport async function deriveKeys(key: Uint8Array, name: string): Promise<[CryptoKey, CryptoKey]> {\n    const hkdfkey = await globalThis.crypto.subtle.importKey(\"raw\", key, { name: \"HKDF\" }, false, [\"deriveBits\"]);\n    const keybits = await globalThis.crypto.subtle.deriveBits(\n        {\n            name: \"HKDF\",\n            salt: zeroSalt,\n            // eslint-disable-next-line @typescript-eslint/ban-ts-comment\n            // @ts-ignore: https://github.com/microsoft/TypeScript-DOM-lib-generator/pull/879\n            info: new TextEncoder().encode(name),\n            hash: \"SHA-256\",\n        },\n        hkdfkey,\n        512,\n    );\n\n    const aesKey = keybits.slice(0, 32);\n    const hmacKey = keybits.slice(32);\n\n    const aesProm = globalThis.crypto.subtle.importKey(\"raw\", aesKey, { name: \"AES-CTR\" }, false, [\n        \"encrypt\",\n        \"decrypt\",\n    ]);\n\n    const hmacProm = globalThis.crypto.subtle.importKey(\n        \"raw\",\n        hmacKey,\n        {\n            name: \"HMAC\",\n            hash: { name: \"SHA-256\" },\n        },\n        false,\n        [\"sign\", \"verify\"],\n    );\n\n    return Promise.all([aesProm, hmacProm]);\n}\n"],"mappings":";AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,IAAMA,QAAQ,GAAG,IAAIC,UAAU,CAAC,CAAC,CAAC;;AAElC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAsBC,UAAUA,CAAAC,EAAA,EAAAC,GAAA;EAAA,OAAAC,WAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA;AAmC/B,SAAAF,YAAA;EAAAA,WAAA,GAAAG,iBAAA,CAnCM,WAA0BC,GAAe,EAAEC,IAAY,EAAmC;IAC7F,IAAMC,OAAO,SAASC,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAAC,KAAK,EAAEN,GAAG,EAAE;MAAEC,IAAI,EAAE;IAAO,CAAC,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,CAAC;IAC7G,IAAMM,OAAO,SAASJ,UAAU,CAACC,MAAM,CAACC,MAAM,CAACG,UAAU,CACrD;MACIP,IAAI,EAAE,MAAM;MACZQ,IAAI,EAAElB,QAAQ;MACd;MACA;MACAmB,IAAI,EAAE,IAAIC,WAAW,CAAC,CAAC,CAACC,MAAM,CAACX,IAAI,CAAC;MACpCY,IAAI,EAAE;IACV,CAAC,EACDX,OAAO,EACP,GACJ,CAAC;IAED,IAAMY,MAAM,GAAGP,OAAO,CAACQ,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;IACnC,IAAMC,OAAO,GAAGT,OAAO,CAACQ,KAAK,CAAC,EAAE,CAAC;IAEjC,IAAME,OAAO,GAAGd,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAAC,KAAK,EAAEQ,MAAM,EAAE;MAAEb,IAAI,EAAE;IAAU,CAAC,EAAE,KAAK,EAAE,CAC1F,SAAS,EACT,SAAS,CACZ,CAAC;IAEF,IAAMiB,QAAQ,GAAGf,UAAU,CAACC,MAAM,CAACC,MAAM,CAACC,SAAS,CAC/C,KAAK,EACLU,OAAO,EACP;MACIf,IAAI,EAAE,MAAM;MACZY,IAAI,EAAE;QAAEZ,IAAI,EAAE;MAAU;IAC5B,CAAC,EACD,KAAK,EACL,CAAC,MAAM,EAAE,QAAQ,CACrB,CAAC;IAED,OAAOkB,OAAO,CAACC,GAAG,CAAC,CAACH,OAAO,EAAEC,QAAQ,CAAC,CAAC;EAC3C,CAAC;EAAA,OAAAtB,WAAA,CAAAC,KAAA,OAAAC,SAAA;AAAA","ignoreList":[]}

package/src/@types/AESEncryptedSecretStoragePayload.ts

@@ -1,29 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/**
- * An AES-encrypted secret storage payload.
- * See https://spec.matrix.org/v1.11/client-server-api/#msecret_storagev1aes-hmac-sha2-1
- */
-export interface AESEncryptedSecretStoragePayload {
-    [key: string]: any; // extensible
-    /** the initialization vector in base64 */
-    iv: string;
-    /** the ciphertext in base64 */
-    ciphertext: string;
-    /** the HMAC in base64 */
-    mac: string;
-}

package/src/@types/crypto.ts

@@ -1,73 +0,0 @@
-/*
-Copyright 2022-2023 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import type { ISignatures } from "./signed.ts";
-
-export type OlmGroupSessionExtraData = {
-    untrusted?: boolean;
-    sharedHistory?: boolean;
-};
-
-// Backwards compatible re-export
-export type { EventDecryptionResult as IEventDecryptionResult } from "../common-crypto/CryptoBackend.ts";
-
-interface Extensible {
-    [key: string]: any;
-}
-
-/* eslint-disable camelcase */
-
-/** The result of a call to {@link MatrixClient.exportRoomKeys} */
-export interface IMegolmSessionData extends Extensible {
-    /** Sender's Curve25519 device key */
-    sender_key: string;
-    /** Devices which forwarded this session to us (normally empty). */
-    forwarding_curve25519_key_chain: string[];
-    /** Other keys the sender claims. */
-    sender_claimed_keys: Record<string, string>;
-    /** Room this session is used in */
-    room_id: string;
-    /** Unique id for the session */
-    session_id: string;
-    /** Base64'ed key data */
-    session_key: string;
-    algorithm?: string;
-    untrusted?: boolean;
-}
-
-/* eslint-enable camelcase */
-
-/** the type of the `device_keys` parameter on `/_matrix/client/v3/keys/upload`
- *
- * @see https://spec.matrix.org/v1.5/client-server-api/#post_matrixclientv3keysupload
- */
-export interface IDeviceKeys {
-    algorithms: Array<string>;
-    device_id: string; // eslint-disable-line camelcase
-    user_id: string; // eslint-disable-line camelcase
-    keys: Record<string, string>;
-    signatures?: ISignatures;
-}
-
-/** the type of the `one_time_keys` and `fallback_keys` parameters on `/_matrix/client/v3/keys/upload`
- *
- * @see https://spec.matrix.org/v1.5/client-server-api/#post_matrixclientv3keysupload
- */
-export interface IOneTimeKey {
-    key: string;
-    fallback?: boolean;
-    signatures?: ISignatures;
-}

package/src/@types/matrix-sdk-crypto-wasm.d.ts

@@ -1,44 +0,0 @@
-/*
-Copyright 2024 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import type * as RustSdkCryptoJs from "@matrix-org/matrix-sdk-crypto-wasm";
-
-declare module "@matrix-org/matrix-sdk-crypto-wasm" {
-    interface OlmMachine {
-        importSecretsBundle(bundle: RustSdkCryptoJs.SecretsBundle): Promise<void>;
-        exportSecretsBundle(): Promise<RustSdkCryptoJs.SecretsBundle>;
-    }
-
-    interface SecretsBundle {
-        // eslint-disable-next-line @typescript-eslint/naming-convention
-        to_json(): Promise<{
-            cross_signing: {
-                master_key: string;
-                self_signing_key: string;
-                user_signing_key: string;
-            };
-            backup?: {
-                algorithm: string;
-                key: string;
-                backup_version: string;
-            };
-        }>;
-    }
-
-    interface Device {
-        requestVerification(methods?: any[]): [RustSdkCryptoJs.VerificationRequest, RustSdkCryptoJs.ToDeviceRequest];
-    }
-}

package/src/common-crypto/CryptoBackend.ts

@@ -1,302 +0,0 @@
-/*
-Copyright 2022 The Matrix.org Foundation C.I.C.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-import type { IDeviceLists, IToDeviceEvent } from "../sync-accumulator.ts";
-import { IClearEvent, MatrixEvent } from "../models/event.ts";
-import { Room } from "../models/room.ts";
-import { CryptoApi, DecryptionFailureCode, ImportRoomKeysOpts } from "../crypto-api/index.ts";
-import { CrossSigningInfo, UserTrustLevel } from "../crypto/CrossSigning.ts";
-import { IEncryptedEventInfo } from "../crypto/api.ts";
-import { KeyBackupInfo, KeyBackupSession } from "../crypto-api/keybackup.ts";
-import { IMegolmSessionData } from "../@types/crypto.ts";
-
-/**
- * Common interface for the crypto implementations
- *
- * @internal
- */
-export interface CryptoBackend extends SyncCryptoCallbacks, CryptoApi {
-    /**
-     * Whether sendMessage in a room with unknown and unverified devices
-     * should throw an error and not send the message. This has 'Global' for
-     * symmetry with setGlobalBlacklistUnverifiedDevices but there is currently
-     * no room-level equivalent for this setting.
-     *
-     * @remarks This has no effect in Rust Crypto; it exists only for the sake of
-     * the accessors in MatrixClient.
-     */
-    globalErrorOnUnknownDevices: boolean;
-
-    /**
-     * Shut down any background processes related to crypto
-     */
-    stop(): void;
-
-    /**
-     * Get the verification level for a given user
-     *
-     * @param userId - user to be checked
-     *
-     * @deprecated Superceded by {@link CryptoApi#getUserVerificationStatus}.
-     */
-    checkUserTrust(userId: string): UserTrustLevel;
-
-    /**
-     * Encrypt an event according to the configuration of the room.
-     *
-     * @param event -  event to be sent
-     *
-     * @param room - destination room.
-     *
-     * @returns Promise which resolves when the event has been
-     *     encrypted, or null if nothing was needed
-     */
-    encryptEvent(event: MatrixEvent, room: Room): Promise<void>;
-
-    /**
-     * Decrypt a received event
-     *
-     * @returns a promise which resolves once we have finished decrypting.
-     * Rejects with an error if there is a problem decrypting the event.
-     */
-    decryptEvent(event: MatrixEvent): Promise<EventDecryptionResult>;
-
-    /**
-     * Get information about the encryption of an event
-     *
-     * @param event - event to be checked
-     */
-    getEventEncryptionInfo(event: MatrixEvent): IEncryptedEventInfo;
-
-    /**
-     * Get the cross signing information for a given user.
-     *
-     * The cross-signing API is currently UNSTABLE and may change without notice.
-     *
-     * @param userId - the user ID to get the cross-signing info for.
-     *
-     * @returns the cross signing information for the user.
-     * @deprecated Prefer {@link CryptoApi#userHasCrossSigningKeys}
-     */
-    getStoredCrossSigningForUser(userId: string): CrossSigningInfo | null;
-
-    /**
-     * Check the cross signing trust of the current user
-     *
-     * @param opts - Options object.
-     *
-     * @deprecated Unneeded for the new crypto
-     */
-    checkOwnCrossSigningTrust(opts?: CheckOwnCrossSigningTrustOpts): Promise<void>;
-
-    /**
-     * Get a backup decryptor capable of decrypting megolm session data encrypted with the given backup information.
-     * @param backupInfo - The backup information
-     * @param privKey - The private decryption key.
-     */
-    getBackupDecryptor(backupInfo: KeyBackupInfo, privKey: ArrayLike<number>): Promise<BackupDecryptor>;
-
-    /**
-     * Import a list of room keys restored from backup
-     *
-     * @param keys - a list of session export objects
-     * @param backupVersion - the version of the backup these keys came from.
-     * @param opts - options object
-     * @returns a promise which resolves once the keys have been imported
-     */
-    importBackedUpRoomKeys(keys: IMegolmSessionData[], backupVersion: string, opts?: ImportRoomKeysOpts): Promise<void>;
-}
-
-/** The methods which crypto implementations should expose to the Sync api
- *
- * @internal
- */
-export interface SyncCryptoCallbacks {
-    /**
-     * Called by the /sync loop whenever there are incoming to-device messages.
-     *
-     * The implementation may preprocess the received messages (eg, decrypt them) and return an
-     * updated list of messages for dispatch to the rest of the system.
-     *
-     * Note that, unlike {@link ClientEvent.ToDeviceEvent} events, this is called on the raw to-device
-     * messages, rather than the results of any decryption attempts.
-     *
-     * @param events - the received to-device messages
-     * @returns A list of preprocessed to-device messages.
-     */
-    preprocessToDeviceMessages(events: IToDeviceEvent[]): Promise<IToDeviceEvent[]>;
-
-    /**
-     * Called by the /sync loop when one time key counts and unused fallback key details are received.
-     *
-     * @param oneTimeKeysCounts - the received one time key counts
-     * @param unusedFallbackKeys - the received unused fallback keys
-     */
-    processKeyCounts(oneTimeKeysCounts?: Record<string, number>, unusedFallbackKeys?: string[]): Promise<void>;
-
-    /**
-     * Handle the notification from /sync that device lists have
-     * been changed.
-     *
-     * @param deviceLists - device_lists field from /sync
-     */
-    processDeviceLists(deviceLists: IDeviceLists): Promise<void>;
-
-    /**
-     * Called by the /sync loop whenever an m.room.encryption event is received.
-     *
-     * This is called before RoomStateEvents are emitted for any of the events in the /sync
-     * response (even if the other events technically happened first). This works around a problem
-     * if the client uses a RoomStateEvent (typically a membership event) as a trigger to send a message
-     * in a new room (or one where encryption has been newly enabled): that would otherwise leave the
-     * crypto layer confused because it expects crypto to be set up, but it has not yet been.
-     *
-     * @param room - in which the event was received
-     * @param event - encryption event to be processed
-     */
-    onCryptoEvent(room: Room, event: MatrixEvent): Promise<void>;
-
-    /**
-     * Called by the /sync loop after each /sync response is processed.
-     *
-     * Used to complete batch processing, or to initiate background processes
-     *
-     * @param syncState - information about the completed sync.
-     */
-    onSyncCompleted(syncState: OnSyncCompletedData): void;
-}
-
-/**
- * @internal
- */
-export interface OnSyncCompletedData {
-    /**
-     * The 'next_batch' result from /sync, which will become the 'since' token for the next call to /sync.
-     */
-    nextSyncToken?: string;
-
-    /**
-     * True if we are working our way through a backlog of events after connecting.
-     */
-    catchingUp?: boolean;
-}
-
-/**
- * Options object for {@link CryptoBackend#checkOwnCrossSigningTrust}.
- */
-export interface CheckOwnCrossSigningTrustOpts {
-    allowPrivateKeyRequests?: boolean;
-}
-
-/**
- * The result of a (successful) call to {@link CryptoBackend.decryptEvent}
- */
-export interface EventDecryptionResult {
-    /**
-     * The plaintext payload for the event (typically containing <tt>type</tt> and <tt>content</tt> fields).
-     */
-    clearEvent: IClearEvent;
-    /**
-     * List of curve25519 keys involved in telling us about the senderCurve25519Key and claimedEd25519Key.
-     * See {@link MatrixEvent#getForwardingCurve25519KeyChain}.
-     */
-    forwardingCurve25519KeyChain?: string[];
-    /**
-     * Key owned by the sender of this event.  See {@link MatrixEvent#getSenderKey}.
-     */
-    senderCurve25519Key?: string;
-    /**
-     * ed25519 key claimed by the sender of this event. See {@link MatrixEvent#getClaimedEd25519Key}.
-     */
-    claimedEd25519Key?: string;
-    /**
-     * Whether the keys for this event have been received via an unauthenticated source (eg via key forwards, or
-     * restored from backup)
-     */
-    untrusted?: boolean;
-}
-
-/**
- * Responsible for decrypting megolm session data retrieved from a remote backup.
- * The result of {@link CryptoBackend#getBackupDecryptor}.
- */
-export interface BackupDecryptor {
-    /**
-     * Whether keys retrieved from this backup can be trusted.
-     *
-     * Depending on the backup algorithm, keys retrieved from the backup can be trusted or not.
-     * If false, keys retrieved from the backup  must be considered unsafe (authenticity cannot be guaranteed).
-     * It could be by design (deniability) or for some technical reason (eg asymmetric encryption).
-     */
-    readonly sourceTrusted: boolean;
-
-    /**
-     *
-     * Decrypt megolm session data retrieved from backup.
-     *
-     * @param ciphertexts - a Record of sessionId to session data.
-     *
-     * @returns An array of decrypted `IMegolmSessionData`
-     */
-    decryptSessions(ciphertexts: Record<string, KeyBackupSession>): Promise<IMegolmSessionData[]>;
-
-    /**
-     * Free any resources held by this decryptor.
-     *
-     * Should be called once the decryptor is no longer needed.
-     */
-    free(): void;
-}
-
-/**
- * Exception thrown when decryption fails
- *
- * @param code - Reason code for the failure.
- *
- * @param msg - user-visible message describing the problem
- *
- * @param details - key/value pairs reported in the logs but not shown
- *   to the user.
- */
-export class DecryptionError extends Error {
-    public readonly detailedString: string;
-
-    public constructor(
-        public readonly code: DecryptionFailureCode,
-        msg: string,
-        details?: Record<string, string | Error>,
-    ) {
-        super(msg);
-        this.name = "DecryptionError";
-        this.detailedString = detailedStringForDecryptionError(this, details);
-    }
-}
-
-function detailedStringForDecryptionError(err: DecryptionError, details?: Record<string, string | Error>): string {
-    let result = err.name + "[msg: " + err.message;
-
-    if (details) {
-        result +=
-            ", " +
-            Object.keys(details)
-                .map((k) => k + ": " + details[k])
-                .join(", ");
-    }
-
-    result += "]";
-
-    return result;
-}

package/src/common-crypto/README.md

@@ -1,4 +0,0 @@
-This directory contains functionality which is common to both the legacy (libolm-based) crypto implementation,
-and the new rust-based implementation.
-
-It is an internal module, and is _not_ directly exposed to applications.

package/src/common-crypto/key-passphrase.ts

@@ -1,43 +0,0 @@
-/*
- * Copyright 2024 The Matrix.org Foundation C.I.C.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-import { deriveRecoveryKeyFromPassphrase } from "../crypto-api/index.ts";
-
-/* eslint-disable camelcase */
-interface IAuthData {
-    private_key_salt?: string;
-    private_key_iterations?: number;
-    private_key_bits?: number;
-}
-
-/**
- * Derive a backup key from a passphrase using the salt and iterations from the auth data.
- * @param authData - The auth data containing the salt and iterations
- * @param passphrase - The passphrase to derive the key from
- * @deprecated Deriving a backup key from a passphrase is not part of the matrix spec. Instead, a random key is generated and stored/shared via 4S.
- */
-export function keyFromAuthData(authData: IAuthData, passphrase: string): Promise<Uint8Array> {
-    if (!authData.private_key_salt || !authData.private_key_iterations) {
-        throw new Error("Salt and/or iterations not found: " + "this backup cannot be restored with a passphrase");
-    }
-
-    return deriveRecoveryKeyFromPassphrase(
-        passphrase,
-        authData.private_key_salt,
-        authData.private_key_iterations,
-        authData.private_key_bits,
-    );
-}