2019-12-05 23:20:30 +08:00
|
|
|
|
/*
|
|
|
|
|
Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
import Modal from './Modal';
|
2019-12-20 09:19:56 +08:00
|
|
|
|
import * as sdk from './index';
|
2019-12-21 05:13:46 +08:00
|
|
|
|
import {MatrixClientPeg} from './MatrixClientPeg';
|
2019-12-20 10:08:43 +08:00
|
|
|
|
import { deriveKey } from 'matrix-js-sdk/src/crypto/key_passphrase';
|
|
|
|
|
import { decodeRecoveryKey } from 'matrix-js-sdk/src/crypto/recoverykey';
|
2019-12-11 23:05:03 +08:00
|
|
|
|
import { _t } from './languageHandler';
|
2020-01-30 22:18:12 +08:00
|
|
|
|
import SettingsStore from './settings/SettingsStore';
|
2020-03-03 00:28:10 +08:00
|
|
|
|
import {encodeBase64} from "matrix-js-sdk/src/crypto/olmlib";
|
2019-12-05 23:20:30 +08:00
|
|
|
|
|
2019-12-11 22:28:02 +08:00
|
|
|
|
// This stores the secret storage private keys in memory for the JS SDK. This is
|
|
|
|
|
// only meant to act as a cache to avoid prompting the user multiple times
|
2019-12-11 23:05:03 +08:00
|
|
|
|
// during the same single operation. Use `accessSecretStorage` below to scope a
|
|
|
|
|
// single secret storage operation, as it will clear the cached keys once the
|
|
|
|
|
// operation ends.
|
|
|
|
|
let secretStorageKeys = {};
|
2020-01-30 22:18:12 +08:00
|
|
|
|
let secretStorageBeingAccessed = false;
|
|
|
|
|
|
|
|
|
|
function isCachingAllowed() {
|
|
|
|
|
return (
|
|
|
|
|
secretStorageBeingAccessed ||
|
|
|
|
|
SettingsStore.getValue("keepSecretStoragePassphraseForSession")
|
|
|
|
|
);
|
|
|
|
|
}
|
2019-12-11 22:28:02 +08:00
|
|
|
|
|
2020-01-31 18:35:05 +08:00
|
|
|
|
export class AccessCancelledError extends Error {
|
|
|
|
|
constructor() {
|
|
|
|
|
super("Secret storage access canceled");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-06 23:51:02 +08:00
|
|
|
|
async function confirmToDismiss(name) {
|
|
|
|
|
let description;
|
|
|
|
|
if (name === "m.cross_signing.user_signing") {
|
|
|
|
|
description = _t("If you cancel now, you won't complete verifying the other user.");
|
|
|
|
|
} else if (name === "m.cross_signing.self_signing") {
|
|
|
|
|
description = _t("If you cancel now, you won't complete verifying your other session.");
|
|
|
|
|
} else {
|
|
|
|
|
description = _t("If you cancel now, you won't complete your secret storage operation.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const QuestionDialog = sdk.getComponent("dialogs.QuestionDialog");
|
|
|
|
|
const [sure] = await Modal.createDialog(QuestionDialog, {
|
|
|
|
|
title: _t("Cancel entering passphrase?"),
|
|
|
|
|
description,
|
|
|
|
|
danger: true,
|
|
|
|
|
cancelButton: _t("Enter passphrase"),
|
|
|
|
|
button: _t("Cancel"),
|
|
|
|
|
}).finished;
|
|
|
|
|
return sure;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async function getSecretStorageKey({ keys: keyInfos }, ssssItemName) {
|
2019-12-05 23:20:30 +08:00
|
|
|
|
const keyInfoEntries = Object.entries(keyInfos);
|
|
|
|
|
if (keyInfoEntries.length > 1) {
|
|
|
|
|
throw new Error("Multiple storage key requests not implemented");
|
|
|
|
|
}
|
|
|
|
|
const [name, info] = keyInfoEntries[0];
|
2019-12-11 22:28:02 +08:00
|
|
|
|
|
|
|
|
|
// Check the in-memory cache
|
2020-01-30 22:18:12 +08:00
|
|
|
|
if (isCachingAllowed() && secretStorageKeys[name]) {
|
2019-12-11 22:28:02 +08:00
|
|
|
|
return [name, secretStorageKeys[name]];
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-07 01:54:00 +08:00
|
|
|
|
const inputToKey = async ({ passphrase, recoveryKey }) => {
|
|
|
|
|
if (passphrase) {
|
|
|
|
|
return deriveKey(
|
|
|
|
|
passphrase,
|
|
|
|
|
info.passphrase.salt,
|
|
|
|
|
info.passphrase.iterations,
|
|
|
|
|
);
|
|
|
|
|
} else {
|
|
|
|
|
return decodeRecoveryKey(recoveryKey);
|
|
|
|
|
}
|
|
|
|
|
};
|
2019-12-05 23:20:30 +08:00
|
|
|
|
const AccessSecretStorageDialog =
|
|
|
|
|
sdk.getComponent("dialogs.secretstorage.AccessSecretStorageDialog");
|
|
|
|
|
const { finished } = Modal.createTrackedDialog("Access Secret Storage dialog", "",
|
2019-12-07 01:54:00 +08:00
|
|
|
|
AccessSecretStorageDialog,
|
2020-02-06 20:11:24 +08:00
|
|
|
|
/* props= */
|
2019-12-07 01:54:00 +08:00
|
|
|
|
{
|
|
|
|
|
keyInfo: info,
|
|
|
|
|
checkPrivateKey: async (input) => {
|
|
|
|
|
const key = await inputToKey(input);
|
2020-03-31 05:28:01 +08:00
|
|
|
|
return await MatrixClientPeg.get().checkSecretStorageKey(key, info);
|
2019-12-07 01:54:00 +08:00
|
|
|
|
},
|
|
|
|
|
},
|
2020-02-06 20:11:24 +08:00
|
|
|
|
/* className= */ null,
|
|
|
|
|
/* isPriorityModal= */ false,
|
|
|
|
|
/* isStaticModal= */ false,
|
|
|
|
|
/* options= */ {
|
|
|
|
|
onBeforeClose: async (reason) => {
|
2020-02-06 23:51:02 +08:00
|
|
|
|
if (reason === "backgroundClick") {
|
|
|
|
|
return confirmToDismiss(ssssItemName);
|
2020-02-06 20:11:24 +08:00
|
|
|
|
}
|
2020-02-06 23:51:02 +08:00
|
|
|
|
return true;
|
2020-02-06 20:11:24 +08:00
|
|
|
|
},
|
|
|
|
|
},
|
2019-12-05 23:20:30 +08:00
|
|
|
|
);
|
|
|
|
|
const [input] = await finished;
|
|
|
|
|
if (!input) {
|
2020-01-31 18:35:05 +08:00
|
|
|
|
throw new AccessCancelledError();
|
2019-12-05 23:20:30 +08:00
|
|
|
|
}
|
2019-12-07 01:54:00 +08:00
|
|
|
|
const key = await inputToKey(input);
|
2019-12-11 22:28:02 +08:00
|
|
|
|
|
|
|
|
|
// Save to cache to avoid future prompts in the current session
|
2020-01-30 22:18:12 +08:00
|
|
|
|
if (isCachingAllowed()) {
|
2019-12-12 23:34:01 +08:00
|
|
|
|
secretStorageKeys[name] = key;
|
|
|
|
|
}
|
2019-12-11 22:28:02 +08:00
|
|
|
|
|
2019-12-05 23:20:30 +08:00
|
|
|
|
return [name, key];
|
2019-12-12 23:34:01 +08:00
|
|
|
|
}
|
2019-12-11 23:05:03 +08:00
|
|
|
|
|
2020-03-03 00:28:10 +08:00
|
|
|
|
const onSecretRequested = async function({
|
|
|
|
|
user_id: userId,
|
|
|
|
|
device_id: deviceId,
|
|
|
|
|
request_id: requestId,
|
|
|
|
|
name,
|
|
|
|
|
device_trust: deviceTrust,
|
|
|
|
|
}) {
|
|
|
|
|
console.log("onSecretRequested", userId, deviceId, requestId, name, deviceTrust);
|
|
|
|
|
const client = MatrixClientPeg.get();
|
|
|
|
|
if (userId !== client.getUserId()) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
if (!deviceTrust || !deviceTrust.isVerified()) {
|
|
|
|
|
console.log(`CrossSigningManager: Ignoring request from untrusted device ${deviceId}`);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-03-25 22:06:47 +08:00
|
|
|
|
if (name.startsWith("m.cross_signing")) {
|
|
|
|
|
const callbacks = client.getCrossSigningCacheCallbacks();
|
|
|
|
|
if (!callbacks.getCrossSigningKeyCache) return;
|
|
|
|
|
/* Explicit enumeration here is deliberate – never share the master key! */
|
|
|
|
|
if (name === "m.cross_signing.self_signing") {
|
|
|
|
|
const key = await callbacks.getCrossSigningKeyCache("self_signing");
|
|
|
|
|
if (!key) {
|
|
|
|
|
console.log(
|
2020-03-26 00:08:26 +08:00
|
|
|
|
`self_signing requested by ${deviceId}, but not found in cache`,
|
2020-03-25 22:06:47 +08:00
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return key && encodeBase64(key);
|
|
|
|
|
} else if (name === "m.cross_signing.user_signing") {
|
|
|
|
|
const key = await callbacks.getCrossSigningKeyCache("user_signing");
|
|
|
|
|
if (!key) {
|
|
|
|
|
console.log(
|
2020-03-26 00:08:26 +08:00
|
|
|
|
`user_signing requested by ${deviceId}, but not found in cache`,
|
2020-03-25 22:06:47 +08:00
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
return key && encodeBase64(key);
|
2020-03-24 23:49:51 +08:00
|
|
|
|
}
|
2020-03-25 22:06:47 +08:00
|
|
|
|
} else if (name === "m.megolm_backup.v1") {
|
|
|
|
|
const key = await client._crypto.getSessionBackupPrivateKey();
|
2020-03-24 23:49:51 +08:00
|
|
|
|
if (!key) {
|
2020-03-25 22:06:47 +08:00
|
|
|
|
console.log(
|
2020-03-26 00:08:26 +08:00
|
|
|
|
`session backup key requested by ${deviceId}, but not found in cache`,
|
2020-03-25 22:06:47 +08:00
|
|
|
|
);
|
2020-03-24 23:49:51 +08:00
|
|
|
|
}
|
2020-03-03 00:28:10 +08:00
|
|
|
|
return key && encodeBase64(key);
|
|
|
|
|
}
|
|
|
|
|
console.warn("onSecretRequested didn't recognise the secret named ", name);
|
|
|
|
|
};
|
|
|
|
|
|
2019-12-11 23:05:03 +08:00
|
|
|
|
export const crossSigningCallbacks = {
|
|
|
|
|
getSecretStorageKey,
|
2020-03-03 00:28:10 +08:00
|
|
|
|
onSecretRequested,
|
2019-12-11 23:05:03 +08:00
|
|
|
|
};
|
|
|
|
|
|
2020-03-20 04:42:16 +08:00
|
|
|
|
export async function promptForBackupPassphrase() {
|
|
|
|
|
let key;
|
|
|
|
|
|
|
|
|
|
const RestoreKeyBackupDialog = sdk.getComponent('dialogs.keybackup.RestoreKeyBackupDialog');
|
|
|
|
|
const { finished } = Modal.createTrackedDialog('Restore Backup', '', RestoreKeyBackupDialog, {
|
2020-04-10 00:30:10 +08:00
|
|
|
|
showSummary: false, keyCallback: k => key = k,
|
2020-03-24 03:04:59 +08:00
|
|
|
|
}, null, /* priority = */ false, /* static = */ true);
|
2020-03-20 04:42:16 +08:00
|
|
|
|
|
|
|
|
|
const success = await finished;
|
|
|
|
|
if (!success) throw new Error("Key backup prompt cancelled");
|
|
|
|
|
|
|
|
|
|
return key;
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-11 23:05:03 +08:00
|
|
|
|
/**
|
|
|
|
|
* This helper should be used whenever you need to access secret storage. It
|
|
|
|
|
* ensures that secret storage (and also cross-signing since they each depend on
|
|
|
|
|
* each other in a cycle of sorts) have been bootstrapped before running the
|
|
|
|
|
* provided function.
|
|
|
|
|
*
|
|
|
|
|
* Bootstrapping secret storage may take one of these paths:
|
|
|
|
|
* 1. Create secret storage from a passphrase and store cross-signing keys
|
|
|
|
|
* in secret storage.
|
|
|
|
|
* 2. Access existing secret storage by requesting passphrase and accessing
|
|
|
|
|
* cross-signing keys as needed.
|
|
|
|
|
* 3. All keys are loaded and there's nothing to do.
|
|
|
|
|
*
|
|
|
|
|
* Additionally, the secret storage keys are cached during the scope of this function
|
|
|
|
|
* to ensure the user is prompted only once for their secret storage
|
2020-01-03 21:45:52 +08:00
|
|
|
|
* passphrase. The cache is then cleared once the provided function completes.
|
2019-12-11 23:05:03 +08:00
|
|
|
|
*
|
|
|
|
|
* @param {Function} [func] An operation to perform once secret storage has been
|
|
|
|
|
* bootstrapped. Optional.
|
2020-03-25 22:21:17 +08:00
|
|
|
|
* @param {bool} [forceReset] Reset secret storage even if it's already set up
|
2019-12-11 23:05:03 +08:00
|
|
|
|
*/
|
2020-03-25 22:21:17 +08:00
|
|
|
|
export async function accessSecretStorage(func = async () => { }, forceReset = false) {
|
2019-12-11 23:05:03 +08:00
|
|
|
|
const cli = MatrixClientPeg.get();
|
2020-01-30 22:18:12 +08:00
|
|
|
|
secretStorageBeingAccessed = true;
|
2019-12-11 23:05:03 +08:00
|
|
|
|
try {
|
2020-03-25 22:21:17 +08:00
|
|
|
|
if (!await cli.hasSecretStorageKey() || forceReset) {
|
2019-12-11 23:05:03 +08:00
|
|
|
|
// This dialog calls bootstrap itself after guiding the user through
|
|
|
|
|
// passphrase creation.
|
|
|
|
|
const { finished } = Modal.createTrackedDialogAsync('Create Secret Storage dialog', '',
|
|
|
|
|
import("./async-components/views/dialogs/secretstorage/CreateSecretStorageDialog"),
|
2020-02-07 22:55:01 +08:00
|
|
|
|
{
|
2020-03-25 22:21:17 +08:00
|
|
|
|
force: forceReset,
|
2020-02-07 22:55:01 +08:00
|
|
|
|
},
|
|
|
|
|
null, /* priority = */ false, /* static = */ true,
|
2019-12-11 23:05:03 +08:00
|
|
|
|
);
|
|
|
|
|
const [confirmed] = await finished;
|
|
|
|
|
if (!confirmed) {
|
|
|
|
|
throw new Error("Secret storage creation canceled");
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
const InteractiveAuthDialog = sdk.getComponent("dialogs.InteractiveAuthDialog");
|
|
|
|
|
await cli.bootstrapSecretStorage({
|
|
|
|
|
authUploadDeviceSigningKeys: async (makeRequest) => {
|
|
|
|
|
const { finished } = Modal.createTrackedDialog(
|
|
|
|
|
'Cross-signing keys dialog', '', InteractiveAuthDialog,
|
|
|
|
|
{
|
2020-01-31 23:04:51 +08:00
|
|
|
|
title: _t("Setting up keys"),
|
2019-12-11 23:05:03 +08:00
|
|
|
|
matrixClient: MatrixClientPeg.get(),
|
|
|
|
|
makeRequest,
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
const [confirmed] = await finished;
|
|
|
|
|
if (!confirmed) {
|
|
|
|
|
throw new Error("Cross-signing key upload auth canceled");
|
|
|
|
|
}
|
|
|
|
|
},
|
2020-03-20 04:42:16 +08:00
|
|
|
|
getBackupPassphrase: promptForBackupPassphrase,
|
2019-12-11 23:05:03 +08:00
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// `return await` needed here to ensure `finally` block runs after the
|
|
|
|
|
// inner operation completes.
|
|
|
|
|
return await func();
|
|
|
|
|
} finally {
|
|
|
|
|
// Clear secret storage key cache now that work is complete
|
2020-01-30 22:18:12 +08:00
|
|
|
|
secretStorageBeingAccessed = false;
|
|
|
|
|
if (!isCachingAllowed()) {
|
|
|
|
|
secretStorageKeys = {};
|
|
|
|
|
}
|
2019-12-11 23:05:03 +08:00
|
|
|
|
}
|
|
|
|
|
}
|