@vex-chat/libvex 7.1.4 → 7.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/Client.d.ts +1 -0
- package/dist/Client.d.ts.map +1 -1
- package/dist/Client.js +64 -3
- package/dist/Client.js.map +1 -1
- package/dist/storage/sqlite.d.ts.map +1 -1
- package/dist/storage/sqlite.js +10 -6
- package/dist/storage/sqlite.js.map +1 -1
- package/dist/utils/ratchet.d.ts +1 -1
- package/dist/utils/ratchet.d.ts.map +1 -1
- package/dist/utils/ratchet.js +6 -1
- package/dist/utils/ratchet.js.map +1 -1
- package/package.json +1 -1
- package/src/Client.ts +90 -0
- package/src/__tests__/storage-sqlite.test.ts +122 -0
- package/src/storage/sqlite.ts +21 -13
- package/src/utils/ratchet.ts +8 -1
package/src/storage/sqlite.ts
CHANGED
|
@@ -538,24 +538,30 @@ export class SqliteStorage extends EventEmitter implements Storage {
|
|
|
538
538
|
return;
|
|
539
539
|
}
|
|
540
540
|
|
|
541
|
-
// Encrypt plaintext with at-rest key before saving to disk.
|
|
542
541
|
const storedPlaintext = encodeStoredMessagePlaintext(message);
|
|
542
|
+
const isPlaintextFailurePlaceholder =
|
|
543
|
+
!message.decrypted &&
|
|
544
|
+
message.message === "" &&
|
|
545
|
+
message.extra === undefined;
|
|
543
546
|
const fips = getCryptoProfile() === "fips";
|
|
544
|
-
const
|
|
545
|
-
?
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
547
|
+
const encryptedMessage = isPlaintextFailurePlaceholder
|
|
548
|
+
? storedPlaintext
|
|
549
|
+
: XUtils.encodeHex(
|
|
550
|
+
fips
|
|
551
|
+
? await xSecretboxAsync(
|
|
552
|
+
XUtils.decodeUTF8(storedPlaintext),
|
|
553
|
+
XUtils.decodeHex(message.nonce),
|
|
554
|
+
this.atRestAesKey,
|
|
555
|
+
)
|
|
556
|
+
: xSecretbox(
|
|
557
|
+
XUtils.decodeUTF8(storedPlaintext),
|
|
558
|
+
XUtils.decodeHex(message.nonce),
|
|
559
|
+
this.atRestAesKey,
|
|
560
|
+
),
|
|
554
561
|
);
|
|
555
562
|
if (this.isClosingNow()) {
|
|
556
563
|
return;
|
|
557
564
|
}
|
|
558
|
-
const encryptedMessage = XUtils.encodeHex(ct);
|
|
559
565
|
|
|
560
566
|
try {
|
|
561
567
|
await this.db
|
|
@@ -787,7 +793,9 @@ export class SqliteStorage extends EventEmitter implements Storage {
|
|
|
787
793
|
for (const msg of messages) {
|
|
788
794
|
const decryptedFlag = msg.decrypted !== 0;
|
|
789
795
|
let plaintext = msg.message;
|
|
790
|
-
|
|
796
|
+
const isPlaintextFailurePlaceholder =
|
|
797
|
+
!decryptedFlag && msg.message === "" && msg.extra === null;
|
|
798
|
+
if (!isPlaintextFailurePlaceholder) {
|
|
791
799
|
const cipher = XUtils.decodeHex(msg.message);
|
|
792
800
|
const nonce = XUtils.decodeHex(msg.nonce);
|
|
793
801
|
const decrypted = fips
|
package/src/utils/ratchet.ts
CHANGED
|
@@ -16,8 +16,15 @@ import {
|
|
|
16
16
|
} from "@vex-chat/crypto";
|
|
17
17
|
|
|
18
18
|
const VERSION = 1;
|
|
19
|
+
|
|
20
|
+
// Per-message derivation guard: do not derive more than this many skipped
|
|
21
|
+
// message keys from a single ratchet header jump.
|
|
19
22
|
export const MAX_SKIP_MESSAGE_GAP = 1024;
|
|
20
|
-
|
|
23
|
+
|
|
24
|
+
// Per-session retention guard: keep this close to Signal's recommended
|
|
25
|
+
// skipped-message-key cache bound so delayed messages work without retaining
|
|
26
|
+
// excessive decryptable past message keys.
|
|
27
|
+
export const MAX_SKIPPED_KEYS = 1024;
|
|
21
28
|
|
|
22
29
|
const encoder = new TextEncoder();
|
|
23
30
|
|