beenull/ente
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix issues

Browse source
This commit is contained in:
Abhinav 2023-07-20 11:28:10 +05:30
parent 538f52c815
commit 98b44d0681
6 changed files with 57 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
apps/photos/src/components/SignUp.tsx
View file

@ -7,9 +7,7 @@ import { useRouter } from 'next/router';
import SubmitButton from 'components/SubmitButton';
import {
generateAndSaveIntermediateKeyAttributes,
generateKeyAttributes,
generateLoginSubKey,
generateSRPSetupAttributes,
generateKeyAndSRPAttributes,
isWeakPassword,
saveKeyInSessionStore,
} from 'utils/crypto';
@ -79,18 +77,8 @@ export default function SignUp(props: SignUpProps) {
throw e;
}
try {
const { keyAttributes, masterKey } =
await generateKeyAttributes(passphrase);
const loginSubKey = await generateLoginSubKey(
passphrase,
keyAttributes.kekSalt,
keyAttributes.memLimit,
keyAttributes.opsLimit
);
const srpSetupAttributes = await generateSRPSetupAttributes(
loginSubKey
);
const { keyAttributes, masterKey, srpSetupAttributes } =
await generateKeyAndSRPAttributes(passphrase);
setData(LS_KEYS.ORIGINAL_KEY_ATTRIBUTES, keyAttributes);
setData(LS_KEYS.SRP_SETUP_ATTRIBUTES, srpSetupAttributes);

7
apps/photos/src/pages/change-password/index.tsx
View file

@ -69,12 +69,7 @@ export default function ChangePassword() {
memLimit: kek.memLimit,
};
const loginSubKey = await generateLoginSubKey(
passphrase,
updatedKey.kekSalt,
updatedKey.opsLimit,
updatedKey.memLimit
);
const loginSubKey = await generateLoginSubKey(kek.key);
const { srpUserID, srpSalt, srpVerifier } =
await generateSRPSetupAttributes(loginSubKey);

5
apps/photos/src/pages/verify/index.tsx
View file

@ -95,19 +95,20 @@ export default function Verify() {
if (keyAttributes) {
setData(LS_KEYS.KEY_ATTRIBUTES, keyAttributes);
setData(LS_KEYS.ORIGINAL_KEY_ATTRIBUTES, keyAttributes);
} else if (getData(LS_KEYS.ORIGINAL_KEY_ATTRIBUTES)) {
} else {
if (getData(LS_KEYS.ORIGINAL_KEY_ATTRIBUTES)) {
await putAttributes(
token,
getData(LS_KEYS.ORIGINAL_KEY_ATTRIBUTES)
);
}
if (getData(LS_KEYS.SRP_SETUP_ATTRIBUTES)) {
const srpSetupAttributes: SRPSetupAttributes = getData(
LS_KEYS.SRP_SETUP_ATTRIBUTES
);
await configureSRP(srpSetupAttributes);
}
}
clearFiles();
setIsFirstLogin(true);
if (keyAttributes?.encryptedKey) {

27
apps/photos/src/services/userService.ts
View file

@ -33,6 +33,7 @@ import {
SRPAttributes,
UpdateSRPAndKeysRequest,
UpdateSRPAndKeysResponse,
GetSRPAttributesResponse,
} from 'types/user';
import { ServerErrorCodes } from 'utils/error';
import isElectron from 'is-electron';
@ -46,6 +47,7 @@ import { addLocalLog } from 'utils/logging';
import { setUserSRPSetupPending } from 'utils/storage';
import { convertBase64ToBuffer, convertBufferToBase64 } from 'utils/user';
import { setLocalMapEnabled } from 'utils/storage';
import ComlinkCryptoWorker from 'utils/comlink/ComlinkCryptoWorker';
const ENDPOINT = getEndpoint();
@ -486,7 +488,7 @@ export const getSRPAttributes = async (email: string) => {
const resp = await HTTPService.get(`${ENDPOINT}/users/srp/attributes`, {
email,
});
return resp.data as SRPAttributes;
return (resp.data as GetSRPAttributesResponse).attributes;
} catch (e) {
if (e.status?.toString() === ServerErrorCodes.NOT_FOUND) {
return null;
@ -613,12 +615,16 @@ export const loginViaSRP = async (
passphrase: string
) => {
try {
const loginSubKey = await generateLoginSubKey(
const cryptoWorker = await ComlinkCryptoWorker.getInstance();
const kek = await cryptoWorker.deriveKey(
passphrase,
srpAttributes.kekSalt,
srpAttributes.memLimit,
srpAttributes.opsLimit
srpAttributes.opsLimit,
srpAttributes.memLimit
);
const loginSubKey = await generateLoginSubKey(kek);
const srpClient = await generateSRPClient(
srpAttributes.srpSalt,
srpAttributes.srpUserID,
@ -640,7 +646,14 @@ export const loginViaSRP = async (
srpAttributes.srpUserID,
convertBufferToBase64(m1)
);
addLocalLog(() => `srp verify successful, ${verificationResponse}`);
addLocalLog(
() => `srp verify session successful, ${verificationResponse}`
);
srpClient.checkM2(convertBase64ToBuffer(verificationResponse.srpM2));
addLocalLog(() => `srp server verify successful`);
return verificationResponse;
} catch (e) {
logError(e, 'srp verify failed');
@ -651,7 +664,7 @@ export const loginViaSRP = async (
export const createSRPSession = async (srpUserID: string, srpA: string) => {
try {
const resp = await HTTPService.post(
`${ENDPOINT}/users/srp/exchange-ab`,
`${ENDPOINT}/users/srp/create-session`,
{
srpUserID,
srpA,
@ -691,7 +704,7 @@ export const verifySRPSession = async (
) => {
try {
const resp = await HTTPService.post(
`${ENDPOINT}/users/srp/verify`,
`${ENDPOINT}/users/srp/verify-session`,
{
sessionID,
srpUserID,

5
apps/photos/src/types/user/index.ts
View file

@ -59,6 +59,7 @@ export interface EmailVerificationResponse {
encryptedToken?: string;
token?: string;
twoFactorSessionID: string;
srpM2?: string;
}
export interface TwoFactorVerificationResponse {
@ -123,6 +124,10 @@ export interface SRPAttributes {
kekSalt: string;
}
export interface GetSRPAttributesResponse {
attributes: SRPAttributes;
}
export interface SRPSetupAttributes {
srpSalt: string;
srpVerifier: string;

31
apps/photos/src/utils/crypto/index.ts
View file

@ -19,9 +19,11 @@ const LOGIN_SUB_KEY_LENGTH = 32;
const LOGIN_SUB_KEY_ID = 1;
const LOGIN_SUB_KEY_CONTEXT = 'loginctx';
export async function generateKeyAttributes(
passphrase: string
): Promise<{ keyAttributes: KeyAttributes; masterKey: string }> {
export async function generateKeyAndSRPAttributes(passphrase: string): Promise<{
keyAttributes: KeyAttributes;
masterKey: string;
srpSetupAttributes: SRPSetupAttributes;
}> {
const cryptoWorker = await ComlinkCryptoWorker.getInstance();
const masterKey = await cryptoWorker.generateEncryptionKey();
const recoveryKey = await cryptoWorker.generateEncryptionKey();
@ -47,6 +49,10 @@ export async function generateKeyAttributes(
masterKey
);
const loginSubKey = await generateLoginSubKey(kek.key);
const srpSetupAttributes = await generateSRPSetupAttributes(loginSubKey);
const keyAttributes: KeyAttributes = {
kekSalt,
encryptedKey: masterKeyEncryptedWithKek.encryptedData,
@ -64,7 +70,11 @@ export async function generateKeyAttributes(
recoveryKeyDecryptionNonce: recoveryKeyEncryptedWithMasterKey.nonce,
};
return { keyAttributes, masterKey };
return {
keyAttributes,
masterKey,
srpSetupAttributes,
};
}
// We encrypt the masterKey, with an intermediate key derived from the
@ -251,19 +261,8 @@ export const isWeakPassword = (password: string) => {
return estimatePasswordStrength(password) === PasswordStrength.WEAK;
};
export const generateLoginSubKey = async (
password: string,
kekSalt: string,
memLimit: number,
opsLimit: number
) => {
export const generateLoginSubKey = async (kek: string) => {
const cryptoWorker = await ComlinkCryptoWorker.getInstance();
const kek = await cryptoWorker.deriveKey(
password,
kekSalt,
memLimit,
opsLimit
);
const loginSubKey = await cryptoWorker.generateSubKey(
kek,
LOGIN_SUB_KEY_LENGTH,