ente/lib/utils/crypto_util.dart

import 'dart:typed_data';

import 'dart:io' as io;
import 'package:aes_crypt/aes_crypt.dart';
import 'package:computer/computer.dart';
import 'package:encrypt/encrypt.dart';
import 'package:flutter_sodium/flutter_sodium.dart';
import 'package:logging/logging.dart';

import 'package:photos/core/configuration.dart';
import 'package:photos/models/encrypted_file_attributes.dart';
import 'package:steel_crypt/steel_crypt.dart' as steel;
import 'package:uuid/uuid.dart';

class CryptoUtil {
  static Logger _logger = Logger("CryptoUtil");

  static int encryptionBlockSize = 4 * 1024 * 1024;
  static int decryptionBlockSize =
      encryptionBlockSize + Sodium.cryptoSecretstreamXchacha20poly1305Abytes;

  static Future<EncryptedFileAttributes> chachaEncrypt(
    io.File sourceFile,
    io.File destinationFile,
  ) async {
    var encryptionStartTime = DateTime.now().millisecondsSinceEpoch;

    final sourceFileLength = sourceFile.lengthSync();
    _logger.info("Encrypting file of size " + sourceFileLength.toString());

    final inputFile = await (sourceFile.open(mode: io.FileMode.read));
    final outputFile =
        await (destinationFile.open(mode: io.FileMode.writeOnlyAppend));

    final key = Sodium.cryptoSecretstreamXchacha20poly1305Keygen();
    final initPushResult =
        Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);

    var bytesRead = 0;
    var encryptionTag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
    while (
        encryptionTag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
      bool isLastBlock = false;
      var blockLength = encryptionBlockSize;
      if (bytesRead + blockLength >= sourceFileLength) {
        blockLength = sourceFileLength - bytesRead;
        isLastBlock = true;
      }
      final blockData = await inputFile.read(blockLength);
      bytesRead += blockLength;
      if (isLastBlock) {
        encryptionTag = Sodium.cryptoSecretstreamXchacha20poly1305TagFinal;
      }
      final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(
          initPushResult.state, blockData, null, encryptionTag);
      outputFile.writeFromSync(encryptedData);
    }
    await inputFile.close();
    await outputFile.close();

    _logger.info("ChaCha20 Encryption time: " +
        (DateTime.now().millisecondsSinceEpoch - encryptionStartTime)
            .toString());

    return EncryptedFileAttributes(key, initPushResult.header);
  }

  static Future<void> chachaDecrypt(
    io.File sourceFile,
    io.File destinationFile,
    EncryptedFileAttributes attributes,
  ) async {
    var decryptionStartTime = DateTime.now().millisecondsSinceEpoch;

    final sourceFileLength = sourceFile.lengthSync();
    _logger.info("Decrypting file of size " + sourceFileLength.toString());

    final inputFile = await (sourceFile.open(mode: io.FileMode.read));
    final outputFile =
        await (destinationFile.open(mode: io.FileMode.writeOnlyAppend));
    final pullState = Sodium.cryptoSecretstreamXchacha20poly1305InitPull(
        attributes.header, attributes.key);

    var bytesRead = 0;
    var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;
    while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {
      var blockLength = decryptionBlockSize;
      if (bytesRead + blockLength >= sourceFileLength) {
        blockLength = sourceFileLength - bytesRead;
      }
      final blockData = await inputFile.read(blockLength);
      bytesRead += blockLength;
      final pullResult = Sodium.cryptoSecretstreamXchacha20poly1305Pull(
          pullState, blockData, null);
      outputFile.writeFromSync(pullResult.m);
      tag = pullResult.tag;
    }
    await inputFile.close();
    await outputFile.close();

    _logger.info("ChaCha20 Decryption time: " +
        (DateTime.now().millisecondsSinceEpoch - decryptionStartTime)
            .toString());
  }

  static Uint8List getSecureRandomBytes({int length = 32}) {
    return SecureRandom(length).bytes;
  }

  static String getSecureRandomString({int length = 32}) {
    return SecureRandom(length).base64;
  }

  static Uint8List scrypt(Uint8List plainText, Uint8List salt) {
    return steel.PassCryptRaw.scrypt()
        .hash(salt: salt, plain: plainText, len: 32);
  }

  static Uint8List aesEncrypt(
      Uint8List plainText, Uint8List key, Uint8List iv) {
    final encrypter = AES(Key(key), mode: AESMode.cbc);
    return encrypter
        .encrypt(
          plainText,
          iv: IV(iv),
        )
        .bytes;
  }

  static Uint8List aesDecrypt(
      Uint8List cipherText, Uint8List key, Uint8List iv) {
    final encrypter = AES(Key(key), mode: AESMode.cbc);
    return encrypter.decrypt(
      Encrypted(cipherText),
      iv: IV(iv),
    );
  }

  static Future<String> encryptFileToFile(
      String sourcePath, String destinationPath, String password) async {
    final args = Map<String, dynamic>();
    args["password"] = password;
    args["source"] = sourcePath;
    args["destination"] = destinationPath;
    return Computer().compute(runEncryptFileToFile, param: args);
  }

  static Future<String> encryptDataToFile(
      Uint8List source, String destinationPath, String password) async {
    final args = Map<String, dynamic>();
    args["password"] = password;
    args["source"] = source;
    args["destination"] = destinationPath;
    return Computer().compute(runEncryptDataToFile, param: args);
  }

  static Future<Uint8List> encryptDataToData(
      Uint8List source, String password) async {
    final destinationPath =
        Configuration.instance.getTempDirectory() + Uuid().v4();
    return encryptDataToFile(source, destinationPath, password).then((value) {
      final file = io.File(destinationPath);
      final data = file.readAsBytesSync();
      file.deleteSync();
      return data;
    });
  }

  static Future<void> decryptFileToFile(
      String sourcePath, String destinationPath, String password) async {
    final args = Map<String, dynamic>();
    args["password"] = password;
    args["source"] = sourcePath;
    args["destination"] = destinationPath;
    return Computer().compute(runDecryptFileToFile, param: args);
  }

  static Future<Uint8List> decryptFileToData(
      String sourcePath, String password) {
    final args = Map<String, dynamic>();
    args["password"] = password;
    args["source"] = sourcePath;
    return Computer().compute(runDecryptFileToData, param: args);
  }

  static Future<Uint8List> decryptDataToData(
      Uint8List source, String password) {
    final sourcePath = Configuration.instance.getTempDirectory() + Uuid().v4();
    final file = io.File(sourcePath);
    file.writeAsBytesSync(source);
    return decryptFileToData(sourcePath, password).then((value) {
      file.deleteSync();
      return value;
    });
  }
}

Future<String> runEncryptFileToFile(Map<String, dynamic> args) {
  final encrypter = getEncrypter(args["password"]);
  return encrypter.encryptFile(args["source"], args["destination"]);
}

Future<String> runEncryptDataToFile(Map<String, dynamic> args) {
  final encrypter = getEncrypter(args["password"]);
  return encrypter.encryptDataToFile(args["source"], args["destination"]);
}

Future<String> runDecryptFileToFile(Map<String, dynamic> args) async {
  final encrypter = getEncrypter(args["password"]);
  return encrypter.decryptFile(args["source"], args["destination"]);
}

Future<Uint8List> runDecryptFileToData(Map<String, dynamic> args) async {
  final encrypter = getEncrypter(args["password"]);
  return encrypter.decryptDataFromFile(args["source"]);
}

AesCrypt getEncrypter(String password) {
  final encrypter = AesCrypt(password);
  encrypter.aesSetMode(AesMode.cbc);
  encrypter.setOverwriteMode(AesCryptOwMode.on);
  return encrypter;
}
Encrypt and upload files 2020-08-10 23:47:22 +00:00			`import 'dart:typed_data';`

Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`import 'dart:io' as io;`
Encrypt and upload files 2020-08-10 23:47:22 +00:00			`import 'package:aes_crypt/aes_crypt.dart';`
Use Computer to handle isolates 2020-08-13 23:04:32 +00:00			`import 'package:computer/computer.dart';`
Add crypto util 2020-08-09 20:39:11 +00:00			`import 'package:encrypt/encrypt.dart';`
Add API to chacha encrypt and decrypt a file 2020-09-25 15:45:00 +00:00			`import 'package:flutter_sodium/flutter_sodium.dart';`
			`import 'package:logging/logging.dart';`
Add crypto util 2020-08-09 20:39:11 +00:00
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`import 'package:photos/core/configuration.dart';`
Add API to chacha encrypt and decrypt a file 2020-09-25 15:45:00 +00:00			`import 'package:photos/models/encrypted_file_attributes.dart';`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`import 'package:steel_crypt/steel_crypt.dart' as steel;`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`import 'package:uuid/uuid.dart';`

Add crypto util 2020-08-09 20:39:11 +00:00			`class CryptoUtil {`
Add API to chacha encrypt and decrypt a file 2020-09-25 15:45:00 +00:00			`static Logger _logger = Logger("CryptoUtil");`

			`static int encryptionBlockSize = 4 * 1024 * 1024;`
			`static int decryptionBlockSize =`
			`encryptionBlockSize + Sodium.cryptoSecretstreamXchacha20poly1305Abytes;`

			`static Future<EncryptedFileAttributes> chachaEncrypt(`
			`io.File sourceFile,`
			`io.File destinationFile,`
			`) async {`
			`var encryptionStartTime = DateTime.now().millisecondsSinceEpoch;`

			`final sourceFileLength = sourceFile.lengthSync();`
			`_logger.info("Encrypting file of size " + sourceFileLength.toString());`

			`final inputFile = await (sourceFile.open(mode: io.FileMode.read));`
			`final outputFile =`
			`await (destinationFile.open(mode: io.FileMode.writeOnlyAppend));`

			`final key = Sodium.cryptoSecretstreamXchacha20poly1305Keygen();`
			`final initPushResult =`
			`Sodium.cryptoSecretstreamXchacha20poly1305InitPush(key);`

			`var bytesRead = 0;`
			`var encryptionTag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;`
			`while (`
			`encryptionTag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {`
			`bool isLastBlock = false;`
			`var blockLength = encryptionBlockSize;`
			`if (bytesRead + blockLength >= sourceFileLength) {`
			`blockLength = sourceFileLength - bytesRead;`
			`isLastBlock = true;`
			`}`
			`final blockData = await inputFile.read(blockLength);`
			`bytesRead += blockLength;`
			`if (isLastBlock) {`
			`encryptionTag = Sodium.cryptoSecretstreamXchacha20poly1305TagFinal;`
			`}`
			`final encryptedData = Sodium.cryptoSecretstreamXchacha20poly1305Push(`
			`initPushResult.state, blockData, null, encryptionTag);`
			`outputFile.writeFromSync(encryptedData);`
			`}`
			`await inputFile.close();`
			`await outputFile.close();`

			`_logger.info("ChaCha20 Encryption time: " +`
			`(DateTime.now().millisecondsSinceEpoch - encryptionStartTime)`
			`.toString());`

			`return EncryptedFileAttributes(key, initPushResult.header);`
			`}`

			`static Future<void> chachaDecrypt(`
			`io.File sourceFile,`
			`io.File destinationFile,`
			`EncryptedFileAttributes attributes,`
			`) async {`
			`var decryptionStartTime = DateTime.now().millisecondsSinceEpoch;`

			`final sourceFileLength = sourceFile.lengthSync();`
			`_logger.info("Decrypting file of size " + sourceFileLength.toString());`

			`final inputFile = await (sourceFile.open(mode: io.FileMode.read));`
			`final outputFile =`
			`await (destinationFile.open(mode: io.FileMode.writeOnlyAppend));`
			`final pullState = Sodium.cryptoSecretstreamXchacha20poly1305InitPull(`
			`attributes.header, attributes.key);`

			`var bytesRead = 0;`
			`var tag = Sodium.cryptoSecretstreamXchacha20poly1305TagMessage;`
			`while (tag != Sodium.cryptoSecretstreamXchacha20poly1305TagFinal) {`
			`var blockLength = decryptionBlockSize;`
			`if (bytesRead + blockLength >= sourceFileLength) {`
			`blockLength = sourceFileLength - bytesRead;`
			`}`
			`final blockData = await inputFile.read(blockLength);`
			`bytesRead += blockLength;`
			`final pullResult = Sodium.cryptoSecretstreamXchacha20poly1305Pull(`
			`pullState, blockData, null);`
			`outputFile.writeFromSync(pullResult.m);`
			`tag = pullResult.tag;`
			`}`
			`await inputFile.close();`
			`await outputFile.close();`

			`_logger.info("ChaCha20 Decryption time: " +`
			`(DateTime.now().millisecondsSinceEpoch - decryptionStartTime)`
			`.toString());`
			`}`

Modify steel crypt to expose a hashBytes function that does not assume the encoding of the inputs or output 2020-09-09 09:05:24 +00:00			`static Uint8List getSecureRandomBytes({int length = 32}) {`
			`return SecureRandom(length).bytes;`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`}`

Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`static String getSecureRandomString({int length = 32}) {`
Return base64 encoded string 2020-09-09 23:48:11 +00:00			`return SecureRandom(length).base64;`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`}`

Modify steel crypt to expose a hashBytes function that does not assume the encoding of the inputs or output 2020-09-09 09:05:24 +00:00			`static Uint8List scrypt(Uint8List plainText, Uint8List salt) {`
Use existing raw API for steel crypt 2020-09-09 21:30:04 +00:00			`return steel.PassCryptRaw.scrypt()`
			`.hash(salt: salt, plain: plainText, len: 32);`
Modify steel crypt to expose a hashBytes function that does not assume the encoding of the inputs or output 2020-09-09 09:05:24 +00:00			`}`

Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`static Uint8List aesEncrypt(`
			`Uint8List plainText, Uint8List key, Uint8List iv) {`
Ensure that CBC is always the chosen mode of encryption 2020-09-09 20:47:51 +00:00			`final encrypter = AES(Key(key), mode: AESMode.cbc);`
Download and save encrypted files 2020-08-11 23:04:16 +00:00			`return encrypter`
			`.encrypt(`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`plainText,`
			`iv: IV(iv),`
Download and save encrypted files 2020-08-11 23:04:16 +00:00			`)`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`.bytes;`
Add crypto util 2020-08-09 20:39:11 +00:00			`}`

Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`static Uint8List aesDecrypt(`
			`Uint8List cipherText, Uint8List key, Uint8List iv) {`
			`final encrypter = AES(Key(key), mode: AESMode.cbc);`
			`return encrypter.decrypt(`
			`Encrypted(cipherText),`
			`iv: IV(iv),`
			`);`
Add crypto util 2020-08-09 20:39:11 +00:00			`}`
Encrypt and upload files 2020-08-10 23:47:22 +00:00
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`static Future<String> encryptFileToFile(`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`String sourcePath, String destinationPath, String password) async {`
Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`final args = Map<String, dynamic>();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`args["password"] = password;`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`args["source"] = sourcePath;`
			`args["destination"] = destinationPath;`
Use Computer to handle isolates 2020-08-13 23:04:32 +00:00			`return Computer().compute(runEncryptFileToFile, param: args);`
Encrypt and upload files 2020-08-10 23:47:22 +00:00			`}`
Upload thumbnail along with the file 2020-08-11 00:08:48 +00:00
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`static Future<String> encryptDataToFile(`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`Uint8List source, String destinationPath, String password) async {`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`final args = Map<String, dynamic>();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`args["password"] = password;`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`args["source"] = source;`
			`args["destination"] = destinationPath;`
Use Computer to handle isolates 2020-08-13 23:04:32 +00:00			`return Computer().compute(runEncryptDataToFile, param: args);`
Upload thumbnail along with the file 2020-08-11 00:08:48 +00:00			`}`
Download and save encrypted files 2020-08-11 23:04:16 +00:00
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`static Future<Uint8List> encryptDataToData(`
			`Uint8List source, String password) async {`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`final destinationPath =`
			`Configuration.instance.getTempDirectory() + Uuid().v4();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`return encryptDataToFile(source, destinationPath, password).then((value) {`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`final file = io.File(destinationPath);`
Update file upload API 2020-09-06 06:29:30 +00:00			`final data = file.readAsBytesSync();`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`file.deleteSync();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`return data;`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`});`
			`}`

Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`static Future<void> decryptFileToFile(`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`String sourcePath, String destinationPath, String password) async {`
Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`final args = Map<String, dynamic>();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`args["password"] = password;`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`args["source"] = sourcePath;`
			`args["destination"] = destinationPath;`
Use Computer to handle isolates 2020-08-13 23:04:32 +00:00			`return Computer().compute(runDecryptFileToFile, param: args);`
Download and save encrypted files 2020-08-11 23:04:16 +00:00			`}`

Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`static Future<Uint8List> decryptFileToData(`
			`String sourcePath, String password) {`
Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`final args = Map<String, dynamic>();`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`args["password"] = password;`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`args["source"] = sourcePath;`
Use Computer to handle isolates 2020-08-13 23:04:32 +00:00			`return Computer().compute(runDecryptFileToData, param: args);`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`}`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`static Future<Uint8List> decryptDataToData(`
			`Uint8List source, String password) {`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`final sourcePath = Configuration.instance.getTempDirectory() + Uuid().v4();`
			`final file = io.File(sourcePath);`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`file.writeAsBytesSync(source);`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`return decryptFileToData(sourcePath, password).then((value) {`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`file.deleteSync();`
Update file upload API 2020-09-06 06:29:30 +00:00			`return value;`
Add API to use AesCrypt to encrypt and decrypt data directly 2020-09-03 15:38:46 +00:00			`});`
			`}`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`}`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00
Remove all assumptions related to key attribute encoding 2020-09-09 21:09:41 +00:00			`Future<String> runEncryptFileToFile(Map<String, dynamic> args) {`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`final encrypter = getEncrypter(args["password"]);`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`return encrypter.encryptFile(args["source"], args["destination"]);`
			`}`

			`Future<String> runEncryptDataToFile(Map<String, dynamic> args) {`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`final encrypter = getEncrypter(args["password"]);`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`return encrypter.encryptDataToFile(args["source"], args["destination"]);`
			`}`

			`Future<String> runDecryptFileToFile(Map<String, dynamic> args) async {`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`final encrypter = getEncrypter(args["password"]);`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`return encrypter.decryptFile(args["source"], args["destination"]);`
			`}`

			`Future<Uint8List> runDecryptFileToData(Map<String, dynamic> args) async {`
Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`final encrypter = getEncrypter(args["password"]);`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`return encrypter.decryptDataFromFile(args["source"]);`
			`}`

Explicitly call the AESCrypt password as password 2020-09-09 22:27:54 +00:00			`AesCrypt getEncrypter(String password) {`
			`final encrypter = AesCrypt(password);`
Perform encryption and decryption on a separate isolate 2020-08-13 21:00:40 +00:00			`encrypter.aesSetMode(AesMode.cbc);`
			`encrypter.setOverwriteMode(AesCryptOwMode.on);`
			`return encrypter;`
Add crypto util 2020-08-09 20:39:11 +00:00			`}`