ente/lib/core/configuration.dart

import 'dart:convert';
import 'dart:io' as io;
import 'dart:typed_data';

import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:flutter_sodium/flutter_sodium.dart';
import 'package:path_provider/path_provider.dart';
import 'package:photos/models/key_attributes.dart';
import 'package:shared_preferences/shared_preferences.dart';

import 'package:photos/utils/crypto_util.dart';

class Configuration {
  Configuration._privateConstructor();
  static final Configuration instance = Configuration._privateConstructor();

  static const endpointKey = "endpoint";
  static const userIDKey = "user_id";
  static const emailKey = "email";
  static const tokenKey = "token";
  static const hasOptedForE2EKey = "has_opted_for_e2e_encryption";
  static const foldersToBackUpKey = "folders_to_back_up";
  static const keyKey = "key";
  static const encryptedKeyKey = "encrypted_key";
  static const keyAttributesKey = "key_attributes";

  SharedPreferences _preferences;
  FlutterSecureStorage _secureStorage;
  String _key;
  String _documentsDirectory;
  String _tempDirectory;
  String _thumbnailsDirectory;

  Future<void> init() async {
    _preferences = await SharedPreferences.getInstance();
    _secureStorage = FlutterSecureStorage();
    _documentsDirectory = (await getApplicationDocumentsDirectory()).path;
    _tempDirectory = _documentsDirectory + "/temp/";
    _thumbnailsDirectory = _documentsDirectory + "/thumbnails/";
    new io.Directory(_tempDirectory).createSync(recursive: true);
    new io.Directory(_thumbnailsDirectory).createSync(recursive: true);
    _key = await _secureStorage.read(key: keyKey);
  }

  Future<KeyAttributes> generateAndSaveKey(String passphrase) async {
    // Create a master key
    final key = CryptoUtil.generateMasterKey();

    // Derive a key from the passphrase that will be used to encrypt and
    // decrypt the master key
    final kekSalt = CryptoUtil.getSaltToDeriveKey();
    final kek = CryptoUtil.deriveKey(utf8.encode(passphrase), kekSalt);

    // Encrypt the key with this derived key
    final encryptedKeyData = await CryptoUtil.encrypt(key, key: kek);

    // Hash the passphrase so that its correctness can be compared later
    final passphraseHash = CryptoUtil.hash(utf8.encode(passphrase));
    final attributes = KeyAttributes(
      passphraseHash: passphraseHash,
      kekSalt: Sodium.bin2base64(kekSalt),
      encryptedKey: encryptedKeyData.encryptedData.base64,
      keyDecryptionNonce: encryptedKeyData.nonce.base64,
    );
    await setKey(Sodium.bin2base64(key));
    await setEncryptedKey(encryptedKeyData.encryptedData.base64);
    await setKeyAttributes(attributes);
    return attributes;
  }

  Future<void> decryptAndSaveKey(
      String passphrase, KeyAttributes attributes) async {
    final passphraseBytes = utf8.encode(passphrase);
    bool correctPassphrase =
        CryptoUtil.verifyHash(passphraseBytes, attributes.passphraseHash);
    if (!correctPassphrase) {
      throw Exception("Incorrect passphrase");
    }
    final kek = CryptoUtil.deriveKey(
        passphraseBytes, Sodium.base642bin(attributes.kekSalt));
    final key = await CryptoUtil.decrypt(
        Sodium.base642bin(attributes.encryptedKey),
        kek,
        Sodium.base642bin(attributes.keyDecryptionNonce));
    await setKey(Sodium.bin2base64(key));
  }

  String getHttpEndpoint() {
    return "https://api.staging.ente.io";
  }

  Future<void> setEndpoint(String endpoint) async {
    await _preferences.setString(endpointKey, endpoint);
  }

  String getToken() {
    return _preferences.getString(tokenKey);
  }

  Future<void> setToken(String token) async {
    await _preferences.setString(tokenKey, token);
  }

  String getEmail() {
    return _preferences.getString(emailKey);
  }

  Future<void> setEmail(String email) async {
    await _preferences.setString(emailKey, email);
  }

  int getUserID() {
    return _preferences.getInt(userIDKey);
  }

  Future<void> setUserID(int userID) async {
    await _preferences.setInt(userIDKey, userID);
  }

  Future<void> setOptInForE2E(bool hasOptedForE2E) async {
    await _preferences.setBool(hasOptedForE2EKey, hasOptedForE2E);
  }

  bool hasOptedForE2E() {
    return true;
    // return _preferences.getBool(hasOptedForE2EKey);
  }

  Set<String> getFoldersToBackUp() {
    if (_preferences.containsKey(foldersToBackUpKey)) {
      return _preferences.getStringList(foldersToBackUpKey).toSet();
    } else {
      final foldersToBackUp = Set<String>();
      foldersToBackUp.add("Camera");
      foldersToBackUp.add("Recents");
      foldersToBackUp.add("DCIM");
      foldersToBackUp.add("Download");
      foldersToBackUp.add("Screenshot");
      return foldersToBackUp;
    }
  }

  Future<void> setFoldersToBackUp(Set<String> folders) async {
    await _preferences.setStringList(foldersToBackUpKey, folders.toList());
  }

  Future<void> setKeyAttributes(KeyAttributes attributes) async {
    await _preferences.setString(
        keyAttributesKey, attributes == null ? null : attributes.toJson());
  }

  KeyAttributes getKeyAttributes() {
    if (_preferences.getString(keyAttributesKey) == null) {
      return null;
    }
    return KeyAttributes.fromJson(_preferences.getString(keyAttributesKey));
  }

  Future<void> setEncryptedKey(String encryptedKey) async {
    await _preferences.setString(encryptedKeyKey, encryptedKey);
  }

  String getEncryptedKey() {
    return _preferences.getString(encryptedKeyKey);
  }

  Future<void> setKey(String key) async {
    await _secureStorage.write(key: keyKey, value: key);
    _key = key;
  }

  Uint8List getKey() {
    return Sodium.base642bin(_key);
  }

  String getBase64EncodedKey() {
    return _key;
  }

  String getDocumentsDirectory() {
    return _documentsDirectory;
  }

  String getThumbnailsDirectory() {
    return _thumbnailsDirectory;
  }

  String getTempDirectory() {
    return _tempDirectory;
  }

  bool hasConfiguredAccount() {
    return getToken() != null && getBase64EncodedKey() != null;
  }
}
Modify steel crypt to expose a hashBytes function that does not assume the encoding of the inputs or output 2020-09-09 09:05:24 +00:00			`import 'dart:convert';`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`import 'dart:io' as io;`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`import 'dart:typed_data';`
Pull the key from server on sign in 2020-08-15 01:22:14 +00:00
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`import 'package:flutter_secure_storage/flutter_secure_storage.dart';`
Use sodium for all base64 to byte conversions 2020-09-28 15:54:14 +00:00			`import 'package:flutter_sodium/flutter_sodium.dart';`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`import 'package:path_provider/path_provider.dart';`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`import 'package:photos/models/key_attributes.dart';`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`import 'package:shared_preferences/shared_preferences.dart';`

Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`import 'package:photos/utils/crypto_util.dart';`

Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`class Configuration {`
			`Configuration._privateConstructor();`
			`static final Configuration instance = Configuration._privateConstructor();`

Refactor variable names 2020-08-09 20:40:55 +00:00			`static const endpointKey = "endpoint";`
			`static const userIDKey = "user_id";`
Update UI for the OTT sign in flow 2020-08-25 06:00:19 +00:00			`static const emailKey = "email";`
			`static const tokenKey = "token";`
Save the encryption preference to configuration 2020-08-10 00:02:37 +00:00			`static const hasOptedForE2EKey = "has_opted_for_e2e_encryption";`
Add an option to configure the folders whose photos should be backed up 2020-09-17 11:53:17 +00:00			`static const foldersToBackUpKey = "folders_to_back_up";`
Refactor variable names 2020-08-09 20:40:55 +00:00			`static const keyKey = "key";`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`static const encryptedKeyKey = "encrypted_key";`
			`static const keyAttributesKey = "key_attributes";`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00
Prefix private variables with an underscore 2020-05-06 13:51:25 +00:00			`SharedPreferences _preferences;`
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`FlutterSecureStorage _secureStorage;`
			`String _key;`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`String _documentsDirectory;`
			`String _tempDirectory;`
			`String _thumbnailsDirectory;`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00
			`Future<void> init() async {`
Prefix private variables with an underscore 2020-05-06 13:51:25 +00:00			`_preferences = await SharedPreferences.getInstance();`
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`_secureStorage = FlutterSecureStorage();`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`_documentsDirectory = (await getApplicationDocumentsDirectory()).path;`
			`_tempDirectory = _documentsDirectory + "/temp/";`
			`_thumbnailsDirectory = _documentsDirectory + "/thumbnails/";`
			`new io.Directory(_tempDirectory).createSync(recursive: true);`
			`new io.Directory(_thumbnailsDirectory).createSync(recursive: true);`
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`_key = await _secureStorage.read(key: keyKey);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`Future<KeyAttributes> generateAndSaveKey(String passphrase) async {`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`// Create a master key`
			`final key = CryptoUtil.generateMasterKey();`

			`// Derive a key from the passphrase that will be used to encrypt and`
			`// decrypt the master key`
			`final kekSalt = CryptoUtil.getSaltToDeriveKey();`
			`final kek = CryptoUtil.deriveKey(utf8.encode(passphrase), kekSalt);`

			`// Encrypt the key with this derived key`
Replace AES with libsodium abstractions 2020-09-28 17:52:43 +00:00			`final encryptedKeyData = await CryptoUtil.encrypt(key, key: kek);`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00
			`// Hash the passphrase so that its correctness can be compared later`
Reduce the memlimit for pwhash 2020-09-28 19:04:22 +00:00			`final passphraseHash = CryptoUtil.hash(utf8.encode(passphrase));`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`final attributes = KeyAttributes(`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`passphraseHash: passphraseHash,`
			`kekSalt: Sodium.bin2base64(kekSalt),`
			`encryptedKey: encryptedKeyData.encryptedData.base64,`
			`keyDecryptionNonce: encryptedKeyData.nonce.base64,`
			`);`
Replace AES with libsodium abstractions 2020-09-28 17:52:43 +00:00			`await setKey(Sodium.bin2base64(key));`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`await setEncryptedKey(encryptedKeyData.encryptedData.base64);`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`await setKeyAttributes(attributes);`
			`return attributes;`
			`}`

			`Future<void> decryptAndSaveKey(`
			`String passphrase, KeyAttributes attributes) async {`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`final passphraseBytes = utf8.encode(passphrase);`
Remove single line hash function 2020-09-09 20:52:18 +00:00			`bool correctPassphrase =`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`CryptoUtil.verifyHash(passphraseBytes, attributes.passphraseHash);`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`if (!correctPassphrase) {`
			`throw Exception("Incorrect passphrase");`
			`}`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`final kek = CryptoUtil.deriveKey(`
			`passphraseBytes, Sodium.base642bin(attributes.kekSalt));`
Replace AES with libsodium abstractions 2020-09-28 17:52:43 +00:00			`final key = await CryptoUtil.decrypt(`
			`Sodium.base642bin(attributes.encryptedKey),`
			`kek,`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`Sodium.base642bin(attributes.keyDecryptionNonce));`
Replace AES with libsodium abstractions 2020-09-28 17:52:43 +00:00			`await setKey(Sodium.bin2base64(key));`
Pull the key from server on sign in 2020-08-15 01:22:14 +00:00			`}`

Send token with every user request 2020-04-30 15:18:26 +00:00			`String getHttpEndpoint() {`
Revert endpoint to OG staging 2020-09-26 17:45:41 +00:00			`return "https://api.staging.ente.io";`
Send token with every user request 2020-04-30 15:18:26 +00:00			`}`

Remove redundant base64 encoding 2020-09-06 06:30:26 +00:00			`Future<void> setEndpoint(String endpoint) async {`
Refactor variable names 2020-08-09 20:40:55 +00:00			`await _preferences.setString(endpointKey, endpoint);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

			`String getToken() {`
Refactor variable names 2020-08-09 20:40:55 +00:00			`return _preferences.getString(tokenKey);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

Remove redundant base64 encoding 2020-09-06 06:30:26 +00:00			`Future<void> setToken(String token) async {`
Refactor variable names 2020-08-09 20:40:55 +00:00			`await _preferences.setString(tokenKey, token);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

Update UI for the OTT sign in flow 2020-08-25 06:00:19 +00:00			`String getEmail() {`
			`return _preferences.getString(emailKey);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

Remove redundant base64 encoding 2020-09-06 06:30:26 +00:00			`Future<void> setEmail(String email) async {`
Update UI for the OTT sign in flow 2020-08-25 06:00:19 +00:00			`await _preferences.setString(emailKey, email);`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`

Update API parameters 2020-07-31 21:26:53 +00:00			`int getUserID() {`
Refactor variable names 2020-08-09 20:40:55 +00:00			`return _preferences.getInt(userIDKey);`
Update API parameters 2020-07-31 21:26:53 +00:00			`}`

Remove redundant base64 encoding 2020-09-06 06:30:26 +00:00			`Future<void> setUserID(int userID) async {`
Refactor variable names 2020-08-09 20:40:55 +00:00			`await _preferences.setInt(userIDKey, userID);`
Update API parameters 2020-07-31 21:26:53 +00:00			`}`

Remove redundant base64 encoding 2020-09-06 06:30:26 +00:00			`Future<void> setOptInForE2E(bool hasOptedForE2E) async {`
Save the encryption preference to configuration 2020-08-10 00:02:37 +00:00			`await _preferences.setBool(hasOptedForE2EKey, hasOptedForE2E);`
			`}`

			`bool hasOptedForE2E() {`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`return true;`
			`// return _preferences.getBool(hasOptedForE2EKey);`
Save the encryption preference to configuration 2020-08-10 00:02:37 +00:00			`}`

Add an option to configure the folders whose photos should be backed up 2020-09-17 11:53:17 +00:00			`Set<String> getFoldersToBackUp() {`
			`if (_preferences.containsKey(foldersToBackUpKey)) {`
			`return _preferences.getStringList(foldersToBackUpKey).toSet();`
			`} else {`
			`final foldersToBackUp = Set<String>();`
			`foldersToBackUp.add("Camera");`
			`foldersToBackUp.add("Recents");`
			`foldersToBackUp.add("DCIM");`
			`foldersToBackUp.add("Download");`
			`foldersToBackUp.add("Screenshot");`
			`return foldersToBackUp;`
			`}`
			`}`

			`Future<void> setFoldersToBackUp(Set<String> folders) async {`
			`await _preferences.setStringList(foldersToBackUpKey, folders.toList());`
			`}`

Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`Future<void> setKeyAttributes(KeyAttributes attributes) async {`
Set the key attributes on server post login 2020-09-05 09:38:03 +00:00			`await _preferences.setString(`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`keyAttributesKey, attributes == null ? null : attributes.toJson());`
Verify the correctness of the passphrase entered 2020-09-05 08:53:23 +00:00			`}`

			`KeyAttributes getKeyAttributes() {`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`if (_preferences.getString(keyAttributesKey) == null) {`
Set the key attributes on server post login 2020-09-05 09:38:03 +00:00			`return null;`
			`}`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`return KeyAttributes.fromJson(_preferences.getString(keyAttributesKey));`
			`}`

			`Future<void> setEncryptedKey(String encryptedKey) async {`
			`await _preferences.setString(encryptedKeyKey, encryptedKey);`
Pull the key from server on sign in 2020-08-15 01:22:14 +00:00			`}`

			`String getEncryptedKey() {`
Replace scrypt with libsodium's abstractions 2020-09-28 18:32:53 +00:00			`return _preferences.getString(encryptedKeyKey);`
Pull the key from server on sign in 2020-08-15 01:22:14 +00:00			`}`

			`Future<void> setKey(String key) async {`
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`await _secureStorage.write(key: keyKey, value: key);`
			`_key = key;`
Add functionality to generate and retrieve file encryption keys 2020-08-09 20:39:33 +00:00			`}`

Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`Uint8List getKey() {`
Use sodium for all base64 to byte conversions 2020-09-28 15:54:14 +00:00			`return Sodium.base642bin(_key);`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`}`

			`String getBase64EncodedKey() {`
Store the key in secure storage 2020-08-17 21:08:23 +00:00			`return _key;`
Decrypt, save and display encrypted thumbnails 2020-08-12 23:17:15 +00:00			`}`

			`String getDocumentsDirectory() {`
			`return _documentsDirectory;`
			`}`

			`String getThumbnailsDirectory() {`
			`return _thumbnailsDirectory;`
			`}`

			`String getTempDirectory() {`
			`return _tempDirectory;`
Add functionality to generate and retrieve file encryption keys 2020-08-09 20:39:33 +00:00			`}`

Trigger sync only if the user has configured his account 2020-05-28 10:19:25 +00:00			`bool hasConfiguredAccount() {`
Make no assumptions about the encoding type of the key 2020-09-09 19:31:14 +00:00			`return getToken() != null && getBase64EncodedKey() != null;`
Trigger sync only if the user has configured his account 2020-05-28 10:19:25 +00:00			`}`
Add endpoint discovery mechanism 2020-04-30 15:09:41 +00:00			`}`