only one nonce

1 year ago · 52d2f67e21
2 changed files with 50 additions and 30 deletions
--- a/plugins/plugins/core/components/qdn-action-encryption.js
+++ b/plugins/plugins/core/components/qdn-action-encryption.js
@ -127,6 +127,10 @@ export const encryptDataGroup = ({ data64, publicKeys }) => {
        // Encrypt the data with the symmetric key.
        const encryptedData = nacl.secretbox(Uint8ArrayData, nonce, messageKey);

+        // Generate a keyNonce outside of the loop.
+        const keyNonce = new Uint8Array(24);
+        window.crypto.getRandomValues(keyNonce);
+
        // Encrypt the symmetric key for each recipient.
        let encryptedKeys = [];
        publicKeysDuplicateFree.forEach((recipientPublicKey) => {
@ -136,20 +140,15 @@ export const encryptDataGroup = ({ data64, publicKeys }) => {
            const convertedPublicKey = ed2curve.convertPublicKey(publicKeyUnit8Array)

            const sharedSecret = new Uint8Array(32)
-            nacl.lowlevel.crypto_scalarmult(sharedSecret, convertedPrivateKey, convertedPublicKey)
-
+            // the length of the sharedSecret will be 32 + 16 
+            // When you're encrypting data using nacl.secretbox, it's adding an authentication tag to the result, which is 16 bytes long. This tag is used for verifying the integrity and authenticity of the data when it is decrypted

-            const keyNonce = new Uint8Array(24);
-            window.crypto.getRandomValues(keyNonce);
+            nacl.lowlevel.crypto_scalarmult(sharedSecret, convertedPrivateKey, convertedPublicKey)

            // Encrypt the symmetric key with the shared secret.
            const encryptedKey = nacl.secretbox(messageKey, keyNonce, sharedSecret);

-            encryptedKeys.push({
-                recipientPublicKey,
-                keyNonce,
-                encryptedKey
-            });
+            encryptedKeys.push(encryptedKey);
        });

        const str = "qortalEncryptedData";
@ -158,11 +157,11 @@ export const encryptDataGroup = ({ data64, publicKeys }) => {

        // Combine all data into a single Uint8Array.
        // Calculate size of combinedData
-        let combinedDataSize = strUint8Array.length + nonce.length + encryptedData.length + 4;
+        let combinedDataSize = strUint8Array.length + nonce.length + keyNonce.length + encryptedData.length + 4;
        let encryptedKeysSize = 0;

        encryptedKeys.forEach((key) => {
-            encryptedKeysSize += key.keyNonce.length + key.encryptedKey.length;
+            encryptedKeysSize += key.length;
        });

        combinedDataSize += encryptedKeysSize;
@ -171,24 +170,43 @@ export const encryptDataGroup = ({ data64, publicKeys }) => {

        combinedData.set(strUint8Array);
        combinedData.set(nonce, strUint8Array.length);
-        combinedData.set(encryptedData, strUint8Array.length + nonce.length);
+        combinedData.set(keyNonce, strUint8Array.length + nonce.length);
+        combinedData.set(encryptedData, strUint8Array.length + nonce.length + keyNonce.length);

        // Initialize offset for encryptedKeys
-        let encryptedKeysOffset = strUint8Array.length + nonce.length + encryptedData.length;
+        let encryptedKeysOffset = strUint8Array.length + nonce.length + encryptedData.length + keyNonce.length;
        encryptedKeys.forEach((key) => {
-            combinedData.set(key.keyNonce, encryptedKeysOffset);
-            encryptedKeysOffset += key.keyNonce.length;
-
-            combinedData.set(key.encryptedKey, encryptedKeysOffset);
-            encryptedKeysOffset += key.encryptedKey.length;
+            combinedData.set(key, encryptedKeysOffset);
+            encryptedKeysOffset += key.length;
        });
        const countArray = new Uint8Array(new Uint32Array([publicKeysDuplicateFree.length]).buffer);
        combinedData.set(countArray, combinedData.length - 4);
        const uint8arrayToData64 = uint8ArrayToBase64(combinedData)
-
        return uint8arrayToData64;

    } catch (error) {
        throw new Error("Error in encrypting data")
    }
 }
+
+
+export function uint8ArrayStartsWith(uint8Array, string) {
+    const stringEncoder = new TextEncoder();
+    const stringUint8Array = stringEncoder.encode(string);
+
+    if (uint8Array.length < stringUint8Array.length) {
+        return false;
+    }
+
+    for (let i = 0; i < stringUint8Array.length; i++) {
+        if (uint8Array[i] !== stringUint8Array[i]) {
+            return false;
+        }
+    }
+
+    return true;
+}
+
+export function decryptDeprecatedSingle() {
+
+}
--- a/plugins/plugins/core/qdn/browser/browser.src.js
+++ b/plugins/plugins/core/qdn/browser/browser.src.js
@ -24,7 +24,7 @@ import { QORT_DECIMALS } from '../../../../../crypto/api/constants';
 import nacl from '../../../../../crypto/api/deps/nacl-fast.js'
 import ed2curve from '../../../../../crypto/api/deps/ed2curve.js'
 import { mimeToExtensionMap } from '../../components/qdn-action-constants';
-import { base64ToUint8Array, encryptData, encryptDataGroup, fileToBase64, uint8ArrayToBase64 } from '../../components/qdn-action-encryption';
+import { base64ToUint8Array, encryptData, encryptDataGroup, fileToBase64, uint8ArrayStartsWith, uint8ArrayToBase64 } from '../../components/qdn-action-encryption';
 const parentEpml = new Epml({ type: 'WINDOW', source: window.parent });

 class WebBrowser extends LitElement {
@ -585,6 +585,8 @@ class WebBrowser extends LitElement {

 					try {
 						const uint8Array = base64ToUint8Array(encryptedData)
+						const startsWithQortalEncryptedData = uint8ArrayStartsWith(uint8Array, "qortalEncryptedData");
+						const startsWithQortalGroupEncryptedData = uint8ArrayStartsWith(uint8Array, "qortalGroupEncryptedData");
 						const combinedData = uint8Array
 						const str = "qortalEncryptedData";
 						const strEncoder = new TextEncoder();
@ -642,7 +644,6 @@ class WebBrowser extends LitElement {
 						response = JSON.stringify(data);
 						break
 					}
-
 					const { encryptedData: data64EncryptedData } = data
 					try {
 						const allCombined = base64ToUint8Array(data64EncryptedData);
@ -655,19 +656,24 @@ class WebBrowser extends LitElement {
 						const nonceEndPosition = nonceStartPosition + 24; // Nonce is 24 bytes
 						const nonce = allCombined.slice(nonceStartPosition, nonceEndPosition);

+						// Extract the shared keyNonce
+						const keyNonceStartPosition = nonceEndPosition;
+						const keyNonceEndPosition = keyNonceStartPosition + 24; // Nonce is 24 bytes
+						const keyNonce = allCombined.slice(keyNonceStartPosition, keyNonceEndPosition);
+
 						// Calculate count first
 						const countStartPosition = allCombined.length - 4; // 4 bytes before the end, since count is stored in Uint32 (4 bytes)
 						const countArray = allCombined.slice(countStartPosition, countStartPosition + 4);
 						const count = new Uint32Array(countArray.buffer)[0];

 						// Then use count to calculate encryptedData
-						const encryptedDataStartPosition = nonceEndPosition; // start position of encryptedData
-						const encryptedDataEndPosition = allCombined.length - ((count * (24 + 32 + 16)) + 4);
+						const encryptedDataStartPosition = keyNonceEndPosition; // start position of encryptedData
+						const encryptedDataEndPosition = allCombined.length - ((count * (32 + 16)) + 4);
 						const encryptedData = allCombined.slice(encryptedDataStartPosition, encryptedDataEndPosition);

 						// Extract the encrypted keys
-						const combinedKeys = allCombined.slice(encryptedDataEndPosition, encryptedDataEndPosition + (count * (24 + 48)));
-
+						// 32+16 = 48
+						const combinedKeys = allCombined.slice(encryptedDataEndPosition, encryptedDataEndPosition + (count * 48));
 						const privateKey = window.parent.reduxStore.getState().app.selectedAddress.keyPair.privateKey
 						const publicKey = window.parent.reduxStore.getState().app.selectedAddress.keyPair.publicKey

@ -679,15 +685,12 @@ class WebBrowser extends LitElement {

 						const convertedPrivateKey = ed2curve.convertSecretKey(privateKey)
 						const convertedPublicKey = ed2curve.convertPublicKey(publicKey)
-
 						const sharedSecret = new Uint8Array(32)
 						nacl.lowlevel.crypto_scalarmult(sharedSecret, convertedPrivateKey, convertedPublicKey)
 						for (let i = 0; i < count; i++) {
-							const keyNonce = combinedKeys.slice(i * (24 + 48), i * (24 + 48) + 24);
-							const encryptedKey = combinedKeys.slice(i * (24 + 48) + 24, (i + 1) * (24 + 48));
+							const encryptedKey = combinedKeys.slice(i * 48, (i + 1) * 48);
 							// Decrypt the symmetric key.
 							const decryptedKey = nacl.secretbox.open(encryptedKey, keyNonce, sharedSecret);
-
 							// If decryption was successful, decryptedKey will not be null.
 							if (decryptedKey) {
 								// Decrypt the data using the symmetric key.
@ -934,7 +937,6 @@ class WebBrowser extends LitElement {
 					return;

 				case actions.PUBLISH_QDN_RESOURCE: {
-					console.log({ data })
 					// optional fields: encrypt:boolean recipientPublicKey:string
 					const requiredFields = ['service', 'name'];
 					const missingFields = [];