@wireapp/core 28.4.7 → 28.5.0

package/CHANGELOG.md

@@ -3,6 +3,17 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+# [28.5.0](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@28.4.7...@wireapp/core@28.5.0) (2022-07-15)
+
+
+### Features
+
+* Decrypt incoming MLS messages ([#4315](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/issues/4315)) ([c93b0ae](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/commit/c93b0aea0a43f5eef204d5a20ca047215d6998d6))
+
+
+
+
+
 ## [28.4.7](https://github.com/wireapp/wire-web-packages/tree/main/packages/core/compare/@wireapp/core@28.4.6...@wireapp/core@28.4.7) (2022-07-15)
 
 **Note:** Version bump only for package @wireapp/core

package/package.json

@@ -7,7 +7,7 @@
     "@otak/core-crypto": "0.3.0-beta-1",
     "@types/long": "4.0.1",
     "@types/node": "~14",
-    "@wireapp/api-client": "19.14.1",
+    "@wireapp/api-client": "19.15.0",
     "@wireapp/commons": "4.3.0",
     "@wireapp/cryptobox": "12.8.0",
     "@wireapp/store-engine-dexie": "1.6.10",
@@ -42,7 +42,6 @@
     "karma-spec-reporter": "0.0.32",
     "mock-socket": "9.0.3",
     "nock": "13.1.1",
-    "nodemon": "2.0.19",
     "nyc": "15.1.0",
     "rimraf": "3.0.2",
     "typescript": "4.4.2",
@@ -76,9 +75,8 @@
     "test:browser": "webpack --mode=development && karma start",
     "test:project": "yarn dist && yarn test",
     "test:node": "nyc jasmine --config=jasmine.json",
-    "watch": "tsc ---watch",
-    "test:watch": "nodemon --ext ts --exec 'yarn test:node'"
+    "watch": "tsc ---watch"
   },
-  "version": "28.4.7",
-  "gitHead": "bbe98e85b48966ae66bb4439f6560d0920368063"
+  "version": "28.5.0",
+  "gitHead": "9d06dbf709b35ec4c5d0f3e2aa3b2fdd370da607"
 }

package/src/main/Account.js

@@ -229,11 +229,11 @@ class Account extends events_1.EventEmitter {
         const connectionService = new connection_1.ConnectionService(this.apiClient);
         const giphyService = new giphy_1.GiphyService(this.apiClient);
         const linkPreviewService = new linkPreview_1.LinkPreviewService(assetService);
+        const notificationService = new notification_1.NotificationService(this.apiClient, cryptographyService, this.storeEngine, () => this.coreCryptoClient);
         const conversationService = new conversation_1.ConversationService(this.apiClient, cryptographyService, {
             // We can use qualified ids to send messages as long as the backend supports federated endpoints
             useQualifiedIds: this.backendFeatures.federationEndpoints,
-        }, () => this.coreCryptoClient);
-        const notificationService = new notification_1.NotificationService(this.apiClient, cryptographyService, this.storeEngine);
+        }, () => this.coreCryptoClient, notificationService);
         const selfService = new self_1.SelfService(this.apiClient);
         const teamService = new team_1.TeamService(this.apiClient);
         const broadcastService = new broadcast_1.BroadcastService(this.apiClient, cryptographyService);

package/src/main/conversation/ConversationService.d.ts

@@ -9,22 +9,39 @@ import type { RemoteData } from '../conversation/content/';
 import type { CryptographyService } from '../cryptography/';
 import type { ClearConversationMessage, DeleteMessage, HideMessage, OtrMessage } from './message/OtrMessage';
 import { XOR } from '@wireapp/commons/src/main/util/TypeUtil';
+import type { NotificationService } from '../notification';
 export declare enum MessageTargetMode {
     NONE = 0,
     USERS = 1,
     USERS_CLIENTS = 2
 }
 interface SendCommonParams<T> {
+    /**
+     * The protocol to use to send the message (MLS or Proteus)
+     */
     protocol: ConversationProtocol;
+    /**
+     * The message to send to the conversation
+     */
     payload: T;
     onStart?: (message: GenericMessage) => void | boolean | Promise<boolean>;
     onSuccess?: (message: GenericMessage, sentTime?: string) => void;
 }
 declare type SendProteusMessageParams<T> = SendCommonParams<T> & MessageSendingOptions & {
+    /**
+     * Can be either a QualifiedId[], string[], UserClients or QualfiedUserClients. The type has some effect on the behavior of the method. (Needed only for Proteus)
+     *    When given a QualifiedId[] or string[] the method will fetch the freshest list of devices for those users (since they are not given by the consumer). As a consequence no ClientMismatch error will trigger and we will ignore missing clients when sending
+     *    When given a QualifiedUserClients or UserClients the method will only send to the clients listed in the userIds. This could lead to ClientMismatch (since the given list of devices might not be the freshest one and new clients could have been created)
+     *    When given a QualifiedId[] or QualifiedUserClients the method will send the message through the federated API endpoint
+     *    When given a string[] or UserClients the method will send the message through the old API endpoint
+     */
     userIds?: string[] | QualifiedId[] | UserClients | QualifiedUserClients;
     onClientMismatch?: (status: ClientMismatch | MessageSendingStatus, wasSent: boolean) => void | boolean | Promise<boolean>;
 };
 declare type SendMlsMessageParams<T> = SendCommonParams<T> & {
+    /**
+     * The groupId of the conversation to send the message to (Needed only for MLS)
+     */
     groupId: string;
 };
 interface MessageSendingOptions {
@@ -77,12 +94,13 @@ export declare class ConversationService {
     private readonly apiClient;
     private readonly config;
     private readonly coreCryptoClientProvider;
+    private readonly notificationService;
     readonly messageTimer: MessageTimer;
     private readonly messageService;
     private selfConversationId?;
     constructor(apiClient: APIClient, cryptographyService: CryptographyService, config: {
         useQualifiedIds?: boolean;
-    }, coreCryptoClientProvider: () => CoreCrypto);
+    }, coreCryptoClientProvider: () => CoreCrypto, notificationService: NotificationService);
     private createEphemeral;
     private getConversationQualifiedMembers;
     /**
@@ -191,24 +209,7 @@ export declare class ConversationService {
     getUnencryptedAsset(assetId: string, assetToken?: string): Promise<ArrayBuffer>;
     addUser(conversationId: QualifiedId, userIds: string | string[] | QualifiedId | QualifiedId[]): Promise<QualifiedId[]>;
     removeUser(conversationId: string, userId: string): Promise<string>;
-    /**
-     * Sends a mls message to a conversation
-     *
-     * @param params.payload The message to send to the conversation
-     * @param params.protocol The protocol to use to send the message (MLS or Proteus)
-     * @param params.groupId? The groupId of the conversation to send the message to (Needed only for MLS)
-     * @return resolves with the sent message
-     */
     private sendMlsMessage;
-    /**
-     * Sends a proteus message to a conversation
-     * @param params.userIds? Can be either a QualifiedId[], string[], UserClients or QualfiedUserClients. The type has some effect on the behavior of the method. (Needed only for Proteus)
-     *    When given a QualifiedId[] or string[] the method will fetch the freshest list of devices for those users (since they are not given by the consumer). As a consequence no ClientMismatch error will trigger and we will ignore missing clients when sending
-     *    When given a QualifiedUserClients or UserClients the method will only send to the clients listed in the userIds. This could lead to ClientMismatch (since the given list of devices might not be the freshest one and new clients could have been created)
-     *    When given a QualifiedId[] or QualifiedUserClients the method will send the message through the federated API endpoint
-     *    When given a string[] or UserClients the method will send the message through the old API endpoint
-     * @return resolves with the sent message
-     */
     private sendProteusMessage;
     /**
      * Sends a message to a conversation

package/src/main/conversation/ConversationService.js

@@ -1,7 +1,7 @@
 "use strict";
 /*
  * Wire
- * Copyright (C) 2018 Wire Swiss GmbH
+ * Copyright (C) 2022 Wire Swiss GmbH
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -39,10 +39,11 @@ function isMLS(params) {
     return params.protocol === conversation_1.ConversationProtocol.MLS;
 }
 class ConversationService {
-    constructor(apiClient, cryptographyService, config, coreCryptoClientProvider) {
+    constructor(apiClient, cryptographyService, config, coreCryptoClientProvider, notificationService) {
         this.apiClient = apiClient;
         this.config = config;
         this.coreCryptoClientProvider = coreCryptoClientProvider;
+        this.notificationService = notificationService;
         this.messageTimer = new conversation_2.MessageTimer();
         this.messageService = new MessageService_1.MessageService(this.apiClient, cryptographyService);
     }
@@ -685,6 +686,7 @@ class ConversationService {
             sendingPromises.push(this.apiClient.api.conversation.postMlsMessage(Uint8Array.from(memberAddedMessages.message)));
         }
         await Promise.all(sendingPromises);
+        await this.notificationService.saveConversationGroupId(newConversation);
         // We fetch the fresh version of the conversation created on backend with the newly added users
         return this.getConversations(newConversation.id);
     }
@@ -720,14 +722,6 @@ class ConversationService {
         await this.apiClient.api.conversation.deleteMember(conversationId, userId);
         return userId;
     }
-    /**
-     * Sends a mls message to a conversation
-     *
-     * @param params.payload The message to send to the conversation
-     * @param params.protocol The protocol to use to send the message (MLS or Proteus)
-     * @param params.groupId? The groupId of the conversation to send the message to (Needed only for MLS)
-     * @return resolves with the sent message
-     */
     async sendMlsMessage(params, genericMessage, content) {
         var _a, _b;
         const { groupId, onSuccess, payload } = params;
@@ -743,15 +737,6 @@ class ConversationService {
             return Object.assign(Object.assign({}, payload), { content, messageTimer: ((_b = genericMessage.ephemeral) === null || _b === void 0 ? void 0 : _b.expireAfterMillis) || 0, state: conversation_2.PayloadBundleState.CANCELLED });
         }
     }
-    /**
-     * Sends a proteus message to a conversation
-     * @param params.userIds? Can be either a QualifiedId[], string[], UserClients or QualfiedUserClients. The type has some effect on the behavior of the method. (Needed only for Proteus)
-     *    When given a QualifiedId[] or string[] the method will fetch the freshest list of devices for those users (since they are not given by the consumer). As a consequence no ClientMismatch error will trigger and we will ignore missing clients when sending
-     *    When given a QualifiedUserClients or UserClients the method will only send to the clients listed in the userIds. This could lead to ClientMismatch (since the given list of devices might not be the freshest one and new clients could have been created)
-     *    When given a QualifiedId[] or QualifiedUserClients the method will send the message through the federated API endpoint
-     *    When given a string[] or UserClients the method will send the message through the old API endpoint
-     * @return resolves with the sent message
-     */
     async sendProteusMessage(params, genericMessage, content) {
         var _a;
         const { userIds, sendAsProtobuf, conversationDomain, nativePush, targetMode, payload, onClientMismatch, onSuccess } = params;

package/src/main/conversation/message/PayloadBundle.d.ts

@@ -50,6 +50,7 @@ export declare enum PayloadBundleType {
     MESSAGE_DELETE = "PayloadBundleType.MESSAGE_DELETE",
     MESSAGE_EDIT = "PayloadBundleType.MESSAGE_EDIT",
     MESSAGE_HIDE = "PayloadBundleType.MESSAGE_HIDE",
+    MLS_WELCOME_MESSAGE = "PayloadBundleType.MLS_WELCOME",
     PING = "PayloadBundleType.PING",
     REACTION = "PayloadBundleType.REACTION",
     TEAM_CONVERSATION_CREATE = "PayloadBundleType.TEAM_CONVERSATION_CREATE",

package/src/main/conversation/message/PayloadBundle.js

@@ -54,6 +54,7 @@ var PayloadBundleType;
     PayloadBundleType["MESSAGE_DELETE"] = "PayloadBundleType.MESSAGE_DELETE";
     PayloadBundleType["MESSAGE_EDIT"] = "PayloadBundleType.MESSAGE_EDIT";
     PayloadBundleType["MESSAGE_HIDE"] = "PayloadBundleType.MESSAGE_HIDE";
+    PayloadBundleType["MLS_WELCOME_MESSAGE"] = "PayloadBundleType.MLS_WELCOME";
     PayloadBundleType["PING"] = "PayloadBundleType.PING";
     PayloadBundleType["REACTION"] = "PayloadBundleType.REACTION";
     PayloadBundleType["TEAM_CONVERSATION_CREATE"] = "PayloadBundleType.TEAM_CONVERSATION_CREATE";

package/src/main/cryptography/CryptographyDatabaseRepository.d.ts

@@ -4,7 +4,8 @@ export declare enum DatabaseStores {
     CLIENTS = "clients",
     KEYS = "keys",
     PRE_KEYS = "prekeys",
-    SESSIONS = "sessions"
+    SESSIONS = "sessions",
+    GROUP_IDS = "group_ids"
 }
 export declare class CryptographyDatabaseRepository {
     private readonly storeEngine;

package/src/main/cryptography/CryptographyDatabaseRepository.js

@@ -26,6 +26,7 @@ var DatabaseStores;
     DatabaseStores["KEYS"] = "keys";
     DatabaseStores["PRE_KEYS"] = "prekeys";
     DatabaseStores["SESSIONS"] = "sessions";
+    DatabaseStores["GROUP_IDS"] = "group_ids";
 })(DatabaseStores = exports.DatabaseStores || (exports.DatabaseStores = {}));
 class CryptographyDatabaseRepository {
     constructor(storeEngine) {
@@ -38,6 +39,7 @@ class CryptographyDatabaseRepository {
             this.storeEngine.deleteAll(CryptographyDatabaseRepository.STORES.KEYS),
             this.storeEngine.deleteAll(CryptographyDatabaseRepository.STORES.SESSIONS),
             this.storeEngine.deleteAll(CryptographyDatabaseRepository.STORES.PRE_KEYS),
+            this.storeEngine.deleteAll(CryptographyDatabaseRepository.STORES.GROUP_IDS),
         ]);
     }
 }

package/src/main/notification/NotificationDatabaseRepository.d.ts

@@ -1,6 +1,11 @@
 import type { BackendEvent } from '@wireapp/api-client/src/event';
 import type { Notification } from '@wireapp/api-client/src/notification/';
 import type { CRUDEngine } from '@wireapp/store-engine';
+declare type CompoundGroupIdParams = {
+    groupId: string;
+    conversationId: string;
+    conversationDomain: string;
+};
 export declare enum DatabaseStores {
     EVENTS = "events"
 }
@@ -17,4 +22,8 @@ export declare class NotificationDatabaseRepository {
     createLastEventDate(eventDate: Date): Promise<Date>;
     getLastNotificationId(): Promise<string>;
     updateLastNotificationId(lastNotification: Notification): Promise<string>;
+    private generateCompoundGroupIdPrimaryKey;
+    addCompoundGroupId(params: CompoundGroupIdParams): Promise<void>;
+    getCompoundGroupId(params: Omit<CompoundGroupIdParams, 'groupId'>): Promise<string>;
 }
+export {};

package/src/main/notification/NotificationDatabaseRepository.js

@@ -30,6 +30,7 @@ var DatabaseKeys;
     DatabaseKeys["PRIMARY_KEY_LAST_NOTIFICATION"] = "z.storage.StorageKey.NOTIFICATION.LAST_ID";
 })(DatabaseKeys = exports.DatabaseKeys || (exports.DatabaseKeys = {}));
 const STORE_AMPLIFY = CryptographyDatabaseRepository_1.CryptographyDatabaseRepository.STORES.AMPLIFY;
+const STORE_GROUPIDS = CryptographyDatabaseRepository_1.CryptographyDatabaseRepository.STORES.GROUP_IDS;
 class NotificationDatabaseRepository {
     constructor(storeEngine) {
         this.storeEngine = storeEngine;
@@ -59,6 +60,15 @@ class NotificationDatabaseRepository {
         });
         return lastNotification.id;
     }
+    generateCompoundGroupIdPrimaryKey({ conversationId, conversationDomain, }) {
+        return `${conversationId}@${conversationDomain}`;
+    }
+    async addCompoundGroupId(params) {
+        await this.storeEngine.updateOrCreate(STORE_GROUPIDS, this.generateCompoundGroupIdPrimaryKey(params), params.groupId);
+    }
+    async getCompoundGroupId(params) {
+        return this.storeEngine.read(STORE_GROUPIDS, this.generateCompoundGroupIdPrimaryKey(params));
+    }
 }
 exports.NotificationDatabaseRepository = NotificationDatabaseRepository;
 //# sourceMappingURL=NotificationDatabaseRepository.js.map

package/src/main/notification/NotificationService.d.ts

@@ -9,6 +9,9 @@ import { NotificationError } from '../CoreError';
 import type { CryptographyService } from '../cryptography';
 import { GenericMessage } from '@wireapp/protocol-messaging';
 import { AbortHandler } from '@wireapp/api-client/src/tcp';
+import type { CoreCrypto } from '@otak/core-crypto/platforms/web/corecrypto';
+import { QualifiedId } from '@wireapp/api-client/src/user';
+import { Conversation } from '@wireapp/api-client/src/conversation';
 export declare type HandledEventPayload = {
     event: Events.BackendEvent;
     mappedEvent?: PayloadBundle;
@@ -29,13 +32,14 @@ export interface NotificationService {
     on(event: TOPIC.NOTIFICATION_ERROR, listener: (payload: NotificationError) => void): this;
 }
 export declare class NotificationService extends EventEmitter {
+    private readonly coreCryptoClientProvider;
     private readonly apiClient;
     private readonly backend;
     private readonly cryptographyService;
     private readonly database;
     private readonly logger;
     static readonly TOPIC: typeof TOPIC;
-    constructor(apiClient: APIClient, cryptographyService: CryptographyService, storeEngine: CRUDEngine);
+    constructor(apiClient: APIClient, cryptographyService: CryptographyService, storeEngine: CRUDEngine, coreCryptoClientProvider: () => CoreCrypto | undefined);
     private getAllNotifications;
     /** Should only be called with a completely new client. */
     initializeNotificationStream(): Promise<string>;
@@ -56,5 +60,20 @@ export declare class NotificationService extends EventEmitter {
     handleNotification(notification: Notification, source: PayloadBundleSource, dryRun?: boolean): AsyncGenerator<HandledEventPayload>;
     private cleanupPayloadBundle;
     private handleEvent;
+    /**
+     * If there is a groupId in the conversation, we need to store the conversationId => groupId pair
+     * in order to find the groupId when decrypting messages
+     * This is a bit hacky but since mls messages do not embed the groupId we need to keep a mapping of those
+     *
+     * @param conversation conversation with group_id
+     */
+    saveConversationGroupId(conversation: Conversation): Promise<void>;
+    /**
+     * If there is a matching conversationId => groupId pair in the database,
+     * we can find the groupId and return it as a Uint8Array
+     *
+     * @param conversationQualifiedId
+     */
+    getUint8ArrayFromConversationGroupId(conversationQualifiedId: QualifiedId): Promise<Uint8Array>;
 }
 export {};

package/src/main/notification/NotificationService.js

@@ -63,13 +63,16 @@ const CoreError_1 = require("../CoreError");
 const UserMapper_1 = require("../user/UserMapper");
 const NotificationBackendRepository_1 = require("./NotificationBackendRepository");
 const NotificationDatabaseRepository_1 = require("./NotificationDatabaseRepository");
+const protocol_messaging_1 = require("@wireapp/protocol-messaging");
+const bazinga64_1 = require("bazinga64");
 var TOPIC;
 (function (TOPIC) {
     TOPIC["NOTIFICATION_ERROR"] = "NotificationService.TOPIC.NOTIFICATION_ERROR";
 })(TOPIC || (TOPIC = {}));
 class NotificationService extends events_1.EventEmitter {
-    constructor(apiClient, cryptographyService, storeEngine) {
+    constructor(apiClient, cryptographyService, storeEngine, coreCryptoClientProvider) {
         super();
+        this.coreCryptoClientProvider = coreCryptoClientProvider;
         this.logger = (0, logdown_1.default)('@wireapp/core/notification/NotificationService', {
             logger: console,
             markdown: false,
@@ -206,8 +209,38 @@ class NotificationService extends events_1.EventEmitter {
         }
     }
     async handleEvent(event, source, dryRun = false) {
+        var _a;
+        const coreCryptoClient = this.coreCryptoClientProvider();
         switch (event.type) {
-            // Encrypted events
+            case Events.CONVERSATION_EVENT.MLS_WELCOME_MESSAGE:
+                if (!coreCryptoClient) {
+                    // TODO throw proper error
+                    throw new Error('TODO');
+                }
+                const data = bazinga64_1.Decoder.fromBase64(event.data).asBytes;
+                // We extract the groupId from the welcome message and let coreCrypto store this group
+                const newGroupId = await coreCryptoClient.processWelcomeMessage(data);
+                const groupIdStr = bazinga64_1.Encoder.toBase64(newGroupId).asString;
+                // The groupId can then be sent back to the consumer
+                return {
+                    event,
+                    mappedEvent: ConversationMapper_1.ConversationMapper.mapConversationEvent(Object.assign(Object.assign({}, event), { data: groupIdStr }), source),
+                };
+            case Events.CONVERSATION_EVENT.MLS_MESSAGE_ADD:
+                if (!coreCryptoClient) {
+                    // TODO throw proper error
+                    throw new Error('TODO');
+                }
+                const encryptedData = bazinga64_1.Decoder.fromBase64(event.data).asBytes;
+                const groupId = await this.getUint8ArrayFromConversationGroupId(event.qualified_conversation || { id: event.conversation, domain: '' });
+                const rawData = await coreCryptoClient.decryptMessage(groupId, encryptedData);
+                if (!rawData) {
+                    // TODO
+                    throw new Error('empty message');
+                }
+                const decryptedData = protocol_messaging_1.GenericMessage.decode(rawData);
+                return { event, decryptedData };
+            // Encrypted Proteus events
             case Events.CONVERSATION_EVENT.OTR_MESSAGE_ADD: {
                 if (dryRun) {
                     // In case of a dry run, we do not want to decrypt messages
@@ -228,6 +261,13 @@ class NotificationService extends events_1.EventEmitter {
             }
             // Meta events
             case Events.CONVERSATION_EVENT.MEMBER_JOIN:
+                // As of today (07/07/2022) the backend sends `WELCOME` message to the user's own conversation (not the actual conversation that the welcome should be part of)
+                // So in order to map conversation Ids and groupId together, we need to first fetch the conversation and get the groupId linked to it.
+                const conversation = await this.apiClient.api.conversation.getConversation((_a = event.qualified_conversation) !== null && _a !== void 0 ? _a : { id: event.conversation, domain: '' });
+                if (!conversation) {
+                    throw new Error('no conv');
+                }
+                await this.saveConversationGroupId(conversation);
             case Events.CONVERSATION_EVENT.MESSAGE_TIMER_UPDATE:
             case Events.CONVERSATION_EVENT.RENAME:
             case Events.CONVERSATION_EVENT.TYPING: {
@@ -245,6 +285,36 @@ class NotificationService extends events_1.EventEmitter {
         }
         return { event };
     }
+    /**
+     * If there is a groupId in the conversation, we need to store the conversationId => groupId pair
+     * in order to find the groupId when decrypting messages
+     * This is a bit hacky but since mls messages do not embed the groupId we need to keep a mapping of those
+     *
+     * @param conversation conversation with group_id
+     */
+    async saveConversationGroupId(conversation) {
+        if (conversation.group_id) {
+            const { group_id: groupId, qualified_id: { id: conversationId, domain: conversationDomain }, } = conversation;
+            await this.database.addCompoundGroupId({ conversationDomain, conversationId, groupId });
+        }
+    }
+    /**
+     * If there is a matching conversationId => groupId pair in the database,
+     * we can find the groupId and return it as a Uint8Array
+     *
+     * @param conversationQualifiedId
+     */
+    async getUint8ArrayFromConversationGroupId(conversationQualifiedId) {
+        const { id: conversationId, domain: conversationDomain } = conversationQualifiedId;
+        const groupId = await this.database.getCompoundGroupId({
+            conversationId,
+            conversationDomain,
+        });
+        if (!groupId) {
+            throw new Error(`Could not find a group_id for conversation ${conversationId}@${conversationDomain}`);
+        }
+        return bazinga64_1.Decoder.fromBase64(groupId).asBytes;
+    }
 }
 exports.NotificationService = NotificationService;
 NotificationService.TOPIC = TOPIC;