Signal-Desktop/ts/textsecure/ProvisioningCipher.ts

// Copyright 2020-2022 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only

/* eslint-disable max-classes-per-file */

import type { KeyPairType } from './Types.d';
import * as Bytes from '../Bytes';
import {
  decryptAes256CbcPkcsPadding,
  deriveSecrets,
  verifyHmacSha256,
} from '../Crypto';
import { calculateAgreement, createKeyPair, generateKeyPair } from '../Curve';
import { SignalService as Proto } from '../protobuf';
import { strictAssert } from '../util/assert';
import { normalizeUuid } from '../util/normalizeUuid';

type ProvisionDecryptResult = {
  aciKeyPair: KeyPairType;
  pniKeyPair?: KeyPairType;
  number?: string;
  aci?: string;
  pni?: string;
  provisioningCode?: string;
  userAgent?: string;
  readReceipts?: boolean;
  profileKey?: Uint8Array;
};

class ProvisioningCipherInner {
  keyPair?: KeyPairType;

  async decrypt(
    provisionEnvelope: Proto.ProvisionEnvelope
  ): Promise<ProvisionDecryptResult> {
    strictAssert(
      provisionEnvelope.publicKey && provisionEnvelope.body,
      'Missing required fields in ProvisionEnvelope'
    );
    const masterEphemeral = provisionEnvelope.publicKey;
    const message = provisionEnvelope.body;
    if (new Uint8Array(message)[0] !== 1) {
      throw new Error('Bad version number on ProvisioningMessage');
    }

    const iv = message.slice(1, 16 + 1);
    const mac = message.slice(message.byteLength - 32, message.byteLength);
    const ivAndCiphertext = message.slice(0, message.byteLength - 32);
    const ciphertext = message.slice(16 + 1, message.byteLength - 32);

    if (!this.keyPair) {
      throw new Error('ProvisioningCipher.decrypt: No keypair!');
    }

    const ecRes = calculateAgreement(masterEphemeral, this.keyPair.privKey);
    const keys = deriveSecrets(
      ecRes,
      new Uint8Array(32),
      Bytes.fromString('TextSecure Provisioning Message')
    );
    verifyHmacSha256(ivAndCiphertext, keys[1], mac, 32);

    const plaintext = decryptAes256CbcPkcsPadding(keys[0], ciphertext, iv);
    const provisionMessage = Proto.ProvisionMessage.decode(plaintext);
    const aciPrivKey = provisionMessage.aciIdentityKeyPrivate;
    const pniPrivKey = provisionMessage.pniIdentityKeyPrivate;
    strictAssert(aciPrivKey, 'Missing aciKeyPrivate in ProvisionMessage');

    const aciKeyPair = createKeyPair(aciPrivKey);
    const pniKeyPair = pniPrivKey?.length
      ? createKeyPair(pniPrivKey)
      : undefined;

    const { aci, pni } = provisionMessage;
    strictAssert(aci, 'Missing aci in provisioning message');

    const ret: ProvisionDecryptResult = {
      aciKeyPair,
      pniKeyPair,
      number: provisionMessage.number,
      aci: normalizeUuid(aci, 'ProvisionMessage.aci'),
      pni: pni ? normalizeUuid(pni, 'ProvisionMessage.pni') : undefined,
      provisioningCode: provisionMessage.provisioningCode,
      userAgent: provisionMessage.userAgent,
      readReceipts: provisionMessage.readReceipts,
    };
    if (provisionMessage.profileKey) {
      ret.profileKey = provisionMessage.profileKey;
    }
    return ret;
  }

  async getPublicKey(): Promise<Uint8Array> {
    if (!this.keyPair) {
      this.keyPair = generateKeyPair();
    }

    if (!this.keyPair) {
      throw new Error('ProvisioningCipher.decrypt: No keypair!');
    }

    return this.keyPair.pubKey;
  }
}

export default class ProvisioningCipher {
  constructor() {
    const inner = new ProvisioningCipherInner();

    this.decrypt = inner.decrypt.bind(inner);
    this.getPublicKey = inner.getPublicKey.bind(inner);
  }

  decrypt: (
    provisionEnvelope: Proto.ProvisionEnvelope
  ) => Promise<ProvisionDecryptResult>;

  getPublicKey: () => Promise<Uint8Array>;
}
Remove unused `eslint-disable`s 2022-06-03 21:07:51 +00:00			`// Copyright 2020-2022 Signal Messenger, LLC`
Add license headers across the project 2020-10-30 20:34:04 +00:00			`// SPDX-License-Identifier: AGPL-3.0-only`

Migrate textsecure to eslint Co-authored-by: Chris Svenningsen <chris@carbonfive.com> 2020-09-24 21:53:21 +00:00			`/* eslint-disable max-classes-per-file */`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00
Prefer `import type` when importing types 2021-10-26 19:15:33 +00:00			`import type { KeyPairType } from './Types.d';`
Uint8Array migration 2021-09-24 00:49:05 +00:00			`import * as Bytes from '../Bytes';`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`import {`
			`decryptAes256CbcPkcsPadding,`
			`deriveSecrets,`
			`verifyHmacSha256,`
			`} from '../Crypto';`
			`import { calculateAgreement, createKeyPair, generateKeyPair } from '../Curve';`
More protobufjs use 2021-07-02 19:21:24 +00:00			`import { SignalService as Proto } from '../protobuf';`
More protobufjs migration 2021-07-09 19:36:10 +00:00			`import { strictAssert } from '../util/assert';`
			`import { normalizeUuid } from '../util/normalizeUuid';`
More protobufjs use 2021-07-02 19:21:24 +00:00
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`type ProvisionDecryptResult = {`
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`aciKeyPair: KeyPairType;`
			`pniKeyPair?: KeyPairType;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`number?: string;`
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`aci?: string;`
			`pni?: string;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`provisioningCode?: string;`
			`userAgent?: string;`
			`readReceipts?: boolean;`
Uint8Array migration 2021-09-24 00:49:05 +00:00			`profileKey?: Uint8Array;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`};`

			`class ProvisioningCipherInner {`
			`keyPair?: KeyPairType;`

			`async decrypt(`
More protobufjs use 2021-07-02 19:21:24 +00:00			`provisionEnvelope: Proto.ProvisionEnvelope`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`): Promise<ProvisionDecryptResult> {`
More protobufjs migration 2021-07-09 19:36:10 +00:00			`strictAssert(`
More protobufjs use 2021-07-02 19:21:24 +00:00			`provisionEnvelope.publicKey && provisionEnvelope.body,`
			`'Missing required fields in ProvisionEnvelope'`
			`);`
			`const masterEphemeral = provisionEnvelope.publicKey;`
			`const message = provisionEnvelope.body;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`if (new Uint8Array(message)[0] !== 1) {`
			`throw new Error('Bad version number on ProvisioningMessage');`
			`}`

			`const iv = message.slice(1, 16 + 1);`
			`const mac = message.slice(message.byteLength - 32, message.byteLength);`
			`const ivAndCiphertext = message.slice(0, message.byteLength - 32);`
			`const ciphertext = message.slice(16 + 1, message.byteLength - 32);`

			`if (!this.keyPair) {`
			`throw new Error('ProvisioningCipher.decrypt: No keypair!');`
			`}`

Uint8Array migration 2021-09-24 00:49:05 +00:00			`const ecRes = calculateAgreement(masterEphemeral, this.keyPair.privKey);`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`const keys = deriveSecrets(`
			`ecRes,`
Uint8Array migration 2021-09-24 00:49:05 +00:00			`new Uint8Array(32),`
			`Bytes.fromString('TextSecure Provisioning Message')`
More protobufjs use 2021-07-02 19:21:24 +00:00			`);`
Uint8Array migration 2021-09-24 00:49:05 +00:00			`verifyHmacSha256(ivAndCiphertext, keys[1], mac, 32);`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00
Uint8Array migration 2021-09-24 00:49:05 +00:00			`const plaintext = decryptAes256CbcPkcsPadding(keys[0], ciphertext, iv);`
			`const provisionMessage = Proto.ProvisionMessage.decode(plaintext);`
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`const aciPrivKey = provisionMessage.aciIdentityKeyPrivate;`
			`const pniPrivKey = provisionMessage.pniIdentityKeyPrivate;`
			`strictAssert(aciPrivKey, 'Missing aciKeyPrivate in ProvisionMessage');`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`const aciKeyPair = createKeyPair(aciPrivKey);`
			`const pniKeyPair = pniPrivKey?.length`
			`? createKeyPair(pniPrivKey)`
			`: undefined;`
More protobufjs migration 2021-07-09 19:36:10 +00:00
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`const { aci, pni } = provisionMessage;`
			`strictAssert(aci, 'Missing aci in provisioning message');`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00
			`const ret: ProvisionDecryptResult = {`
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`aciKeyPair,`
			`pniKeyPair,`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`number: provisionMessage.number,`
Handle PNI keys from ProvisionMessage 2022-03-01 23:01:21 +00:00			`aci: normalizeUuid(aci, 'ProvisionMessage.aci'),`
			`pni: pni ? normalizeUuid(pni, 'ProvisionMessage.pni') : undefined,`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`provisioningCode: provisionMessage.provisioningCode,`
			`userAgent: provisionMessage.userAgent,`
			`readReceipts: provisionMessage.readReceipts,`
			`};`
			`if (provisionMessage.profileKey) {`
Uint8Array migration 2021-09-24 00:49:05 +00:00			`ret.profileKey = provisionMessage.profileKey;`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`}`
			`return ret;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`}`
Migrate textsecure to eslint Co-authored-by: Chris Svenningsen <chris@carbonfive.com> 2020-09-24 21:53:21 +00:00
Uint8Array migration 2021-09-24 00:49:05 +00:00			`async getPublicKey(): Promise<Uint8Array> {`
decrypt/encrypt with libsignal-client, remove libsignal-protocol-javascript 2021-04-16 23:13:13 +00:00			`if (!this.keyPair) {`
			`this.keyPair = generateKeyPair();`
			`}`

			`if (!this.keyPair) {`
			`throw new Error('ProvisioningCipher.decrypt: No keypair!');`
			`}`

			`return this.keyPair.pubKey;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`}`
			`}`

			`export default class ProvisioningCipher {`
			`constructor() {`
			`const inner = new ProvisioningCipherInner();`

			`this.decrypt = inner.decrypt.bind(inner);`
			`this.getPublicKey = inner.getPublicKey.bind(inner);`
			`}`

			`decrypt: (`
More protobufjs use 2021-07-02 19:21:24 +00:00			`provisionEnvelope: Proto.ProvisionEnvelope`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`) => Promise<ProvisionDecryptResult>;`
Migrate textsecure to eslint Co-authored-by: Chris Svenningsen <chris@carbonfive.com> 2020-09-24 21:53:21 +00:00
Uint8Array migration 2021-09-24 00:49:05 +00:00			`getPublicKey: () => Promise<Uint8Array>;`
Moves libtextsecure to Typescript * Starting to work through lint errors * libsignal-protocol: Update changes for primary repo compatibility * Step 1: task_with_timeout rename * Step 2: Apply the changes to TaskWithTimeout.ts * Step 1: All to-be-converted libtextsecure/.js files moved Step 2: No Typescript errors! * Get libtextsecure tests passing again * TSLint errors down to 1 * Compilation succeeds, no lint errors or test failures * WebSocketResources - update import for case-sensitive filesystems * Fixes for lint-deps * Remove unnecessary @ts-ignore * Fix inability to message your own contact after link * Add log message for the end of migration 20 * lint fix 2020-04-13 17:37:29 +00:00			`}`