Verified Commit 60b131d9 authored by Samuel Elliott's avatar Samuel Elliott
Browse files

Use Uint8Arrays instead of Buffers in encryption

parent 661b7fb6
......@@ -43,7 +43,7 @@ test('decrypt', async () => {
const data = await decrypt(ENCRYPTED, KEYPAIR_BOB);
expect(data.toString()).toBe(INPUT_STRING);
expect(data.sender_public_key).toStrictEqual(Buffer.from(KEYPAIR_ALICE.publicKey));
expect(data.sender_public_key).toStrictEqual(KEYPAIR_ALICE.publicKey);
});
test('decrypt stream', async () => {
......@@ -59,7 +59,7 @@ test('decrypt stream', async () => {
});
expect(result.toString()).toBe(INPUT_STRING);
expect(stream.sender_public_key).toStrictEqual(Buffer.from(KEYPAIR_ALICE.publicKey));
expect(stream.sender_public_key).toStrictEqual(KEYPAIR_ALICE.publicKey);
});
test('decrypt with wrong keypair fails', async () => {
......
......@@ -60,7 +60,7 @@ test('dearmoring and decryption', async () => {
const decrypted = await dearmorAndDecrypt(encrypted, KEYPAIR_BOB);
expect(decrypted.toString()).toBe(INPUT_STRING);
expect(decrypted.sender_public_key).toStrictEqual(Buffer.from(KEYPAIR_ALICE.publicKey));
expect(decrypted.sender_public_key).toStrictEqual(KEYPAIR_ALICE.publicKey);
});
test('streaming dearmoring and decryption', async () => {
......@@ -80,7 +80,7 @@ test('streaming dearmoring and decryption', async () => {
expect(result.join('')).toBe(INPUT_STRING);
expect(stream.info.message_type).toBe(MessageType.ENCRYPTED_MESSAGE);
expect(stream.info.app_name).toBe(null);
expect(stream.sender_public_key).toStrictEqual(Buffer.from(KEYPAIR_ALICE.publicKey));
expect(stream.sender_public_key).toStrictEqual(KEYPAIR_ALICE.publicKey);
});
test('dearmor and decrypt with wrong keypair fails', async () => {
......
......@@ -103,7 +103,7 @@ export default class EncryptedMessageHeader extends Header {
/**
* Decrypts and returns the payload key and recipient.
*/
decryptPayloadKey(keypair: tweetnacl.BoxKeyPair): [Buffer, EncryptedMessageRecipient] {
decryptPayloadKey(keypair: tweetnacl.BoxKeyPair): [Uint8Array, EncryptedMessageRecipient] {
// 5. Precompute the ephemeral shared secret using crypto_box_beforenm with the ephemeral public key and
// the recipient's private key.
const shared_secret = tweetnacl.box.before(this.public_key, keypair.secretKey);
......@@ -131,7 +131,7 @@ export default class EncryptedMessageHeader extends Header {
throw new Error('keypair is not an intended recipient');
}
decryptSender(payload_key: Buffer): Buffer {
decryptSender(payload_key: Uint8Array): Uint8Array {
const sender_public_key = tweetnacl.secretbox.open(
this.sender_secretbox, EncryptedMessageHeader.SENDER_KEY_SECRETBOX_NONCE, payload_key
);
......@@ -140,6 +140,6 @@ export default class EncryptedMessageHeader extends Header {
throw new Error('Failed to decrypt sender public key');
}
return Buffer.from(sender_public_key);
return sender_public_key;
}
}
......@@ -148,7 +148,7 @@ export class EncryptStream extends Transform {
}
export interface DecryptResult extends Buffer {
sender_public_key: Buffer | null;
sender_public_key: Uint8Array | null;
}
export async function decrypt(encrypted: Uint8Array, keypair: tweetnacl.BoxKeyPair): Promise<DecryptResult> {
......@@ -198,7 +198,7 @@ export async function decrypt(encrypted: Uint8Array, keypair: tweetnacl.BoxKeyPa
export class DecryptStream extends Transform {
private decoder = new msgpack.Decoder(undefined!, undefined);
private header_data: [EncryptedMessageHeader, Buffer, EncryptedMessageRecipient, Buffer] | null = null;
private header_data: [EncryptedMessageHeader, Uint8Array, EncryptedMessageRecipient, Uint8Array] | null = null;
private last_payload: EncryptedMessagePayload | null = null;
private payload_index = BigInt(-1);
private i = 0;
......
......@@ -80,13 +80,6 @@ export default class EncryptedMessagePayload {
return EncryptedMessagePayload.encodePayload(this.final, this.authenticators, this.payload_secretbox);
}
/**
* @param int $mode
* @param string $public_key
* @param string $sender
* @param string[] $authenticators
* @return [string, string]
*/
static encodePayload(final: boolean, authenticators: Uint8Array[], payload_secretbox: Uint8Array): Buffer {
const data = [
final,
......@@ -107,7 +100,9 @@ export default class EncryptedMessagePayload {
return new this(final, authenticators, payload_secretbox);
}
decrypt(header: EncryptedMessageHeader, recipient: EncryptedMessageRecipient, payload_key: Buffer, index: bigint) {
decrypt(
header: EncryptedMessageHeader, recipient: EncryptedMessageRecipient, payload_key: Uint8Array, index: bigint
) {
if (!recipient.mac_key) {
throw new Error('Recipient doesn\'t have a MAC key set');
}
......
......@@ -65,7 +65,7 @@ export default class EncryptedMessageRecipient {
*/
decryptPayloadKey(
ephemeral_public_key: Uint8Array, recipient_private_key: Uint8Array, secret: Uint8Array | null = null
): Buffer | null {
): Uint8Array | null {
const payload_key = secret ? tweetnacl.box.open.after(
this.encrypted_payload_key, this.recipient_index, secret
) : tweetnacl.box.open(
......@@ -74,7 +74,7 @@ export default class EncryptedMessageRecipient {
if (!payload_key) return null;
return Buffer.from(payload_key);
return payload_key;
}
generateMacKeyForSender(
......
......@@ -54,7 +54,7 @@ export class DearmorAndDecryptStream extends Pumpify {
get info(): ArmorHeaderInfo {
return this.dearmor.info;
}
get sender_public_key(): Buffer {
get sender_public_key(): Uint8Array {
return this.decrypt.sender_public_key;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment