More
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
/** Careful when adding add other imports! */
|
||||
import * as libsodium from "./libsodium";
|
||||
import type { EncryptBytes, EncryptJSON } from "./types";
|
||||
import type { DecryptB64, EncryptBytes, EncryptJSON } from "./types";
|
||||
|
||||
export const _encryptAssociatedData = libsodium.encryptChaChaOneShot;
|
||||
|
||||
@@ -29,41 +29,31 @@ export const _encryptMetadata = async ({ jsonValue, keyB64 }: EncryptJSON) => {
|
||||
|
||||
export const _decryptAssociatedData = libsodium.decryptChaChaOneShot;
|
||||
|
||||
export const decryptThumbnailI = decryptAssociatedDataI;
|
||||
export const _decryptThumbnail = _decryptAssociatedData;
|
||||
|
||||
export const decryptFileEmbeddingI = async (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
decryptAssociatedDataI(
|
||||
await libsodium.fromB64(encryptedDataB64),
|
||||
export const _decryptFileEmbedding = async ({
|
||||
encryptedDataB64,
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
}: DecryptB64) =>
|
||||
_decryptAssociatedData({
|
||||
encryptedData: await libsodium.fromB64(encryptedDataB64),
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
);
|
||||
});
|
||||
|
||||
export const decryptMetadataI = async (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
export const _decryptMetadata = async (r: DecryptB64) =>
|
||||
JSON.parse(
|
||||
new TextDecoder().decode(
|
||||
await decryptMetadataBytesI(
|
||||
encryptedDataB64,
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
),
|
||||
),
|
||||
new TextDecoder().decode(await _decryptMetadataBytes(r)),
|
||||
) as unknown;
|
||||
|
||||
export const decryptMetadataBytesI = async (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
await decryptAssociatedDataI(
|
||||
await libsodium.fromB64(encryptedDataB64),
|
||||
export const _decryptMetadataBytes = async ({
|
||||
encryptedDataB64,
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
}: DecryptB64) =>
|
||||
await _decryptAssociatedData({
|
||||
encryptedData: await libsodium.fromB64(encryptedDataB64),
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
);
|
||||
});
|
||||
|
||||
@@ -50,8 +50,12 @@
|
||||
import { assertionFailed } from "../assert";
|
||||
import { inWorker } from "../env";
|
||||
import * as ei from "./ente-impl";
|
||||
import * as libsodium from "./libsodium";
|
||||
import type { EncryptBytes } from "./types";
|
||||
import type {
|
||||
DecryptB64,
|
||||
DecryptBytes,
|
||||
EncryptBytes,
|
||||
EncryptJSON,
|
||||
} from "./types";
|
||||
import { sharedCryptoWorker } from "./worker";
|
||||
|
||||
/**
|
||||
@@ -96,8 +100,8 @@ export const encryptThumbnail = (r: EncryptBytes) =>
|
||||
*
|
||||
* Use {@link decryptFileEmbedding} to decrypt the result.
|
||||
*/
|
||||
export const encryptFileEmbedding = async (data: Uint8Array, keyB64: string) =>
|
||||
assertInWorker(ei.encryptFileEmbeddingI(data, keyB64));
|
||||
export const encryptFileEmbedding = async (r: EncryptBytes) =>
|
||||
assertInWorker(ei._encryptFileEmbedding(r));
|
||||
|
||||
/**
|
||||
* Encrypt the metadata associated with an Ente object (file, collection or
|
||||
@@ -113,15 +117,9 @@ export const encryptFileEmbedding = async (data: Uint8Array, keyB64: string) =>
|
||||
* encrypted bytes, it returns their base64 string representation.
|
||||
*
|
||||
* Use {@link decryptMetadata} to decrypt the result.
|
||||
*
|
||||
* @param metadata The JSON value to encrypt. It can be an arbitrary JSON value,
|
||||
* but since TypeScript currently doesn't have a native JSON type, it is typed
|
||||
* as an unknown.
|
||||
*
|
||||
* @returns The encrypted data and decryption header, both as base64 strings.
|
||||
*/
|
||||
export const encryptMetadata = async (metadata: unknown, keyB64: string) =>
|
||||
assertInWorker(ei.encryptMetadataI(metadata, keyB64));
|
||||
export const encryptMetadata = async (r: EncryptJSON) =>
|
||||
assertInWorker(ei._encryptMetadata(r));
|
||||
|
||||
/**
|
||||
* Decrypt arbitrary data associated with an Ente object (file, collection or
|
||||
@@ -130,53 +128,25 @@ export const encryptMetadata = async (metadata: unknown, keyB64: string) =>
|
||||
* This is the sibling of {@link encryptAssociatedData}.
|
||||
*
|
||||
* See {@link decryptChaChaOneShot} for the implementation details.
|
||||
*
|
||||
* @param encryptedData A {@link Uint8Array} containing the bytes to decrypt.
|
||||
*
|
||||
* @param headerB64 A base64 string containing the decryption header that was
|
||||
* produced during encryption.
|
||||
*
|
||||
* @param keyB64 A base64 string containing the encryption key. This is expected
|
||||
* to be the key of the object to which {@link encryptedDataB64} is associated.
|
||||
*
|
||||
* @returns The decrypted bytes.
|
||||
*/
|
||||
export const decryptAssociatedData = (
|
||||
encryptedData: Uint8Array,
|
||||
headerB64: string,
|
||||
keyB64: string,
|
||||
) => libsodium.decryptChaChaOneShot;
|
||||
export const decryptAssociatedData = (r: DecryptBytes) =>
|
||||
assertInWorker(ei._decryptAssociatedData(r));
|
||||
|
||||
/**
|
||||
* Decrypt the thumbnail for a file.
|
||||
*
|
||||
* This is just an alias for {@link decryptAssociatedData}.
|
||||
* This is the sibling of {@link encryptThumbnail}.
|
||||
*/
|
||||
export const decryptThumbnail = decryptAssociatedData;
|
||||
export const decryptThumbnail = (r: DecryptBytes) =>
|
||||
assertInWorker(ei._decryptThumbnail(r));
|
||||
|
||||
/**
|
||||
* Decrypt the embedding associated with a file using the file's key.
|
||||
*
|
||||
* This is the sibling of {@link encryptFileEmbedding}.
|
||||
*
|
||||
* @param encryptedDataB64 A base64 string containing the encrypted embedding.
|
||||
*
|
||||
* @param headerB64 A base64 string containing the decryption header produced
|
||||
* during encryption.
|
||||
*
|
||||
* @param keyB64 A base64 string containing the encryption key. This is expected
|
||||
* to be the key of the file with which {@link encryptedDataB64} is associated.
|
||||
*
|
||||
* @returns The decrypted metadata JSON object.
|
||||
*/
|
||||
export const decryptFileEmbedding = async (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
assertInWorker(
|
||||
ei.decryptFileEmbeddingI(encryptedDataB64, decryptionHeaderB64, keyB64),
|
||||
);
|
||||
export const decryptFileEmbedding = async (r: DecryptB64) =>
|
||||
assertInWorker(ei._decryptFileEmbedding(r));
|
||||
|
||||
/**
|
||||
* Decrypt the metadata associated with an Ente object (file, collection or
|
||||
@@ -184,49 +154,20 @@ export const decryptFileEmbedding = async (
|
||||
*
|
||||
* This is the sibling of {@link encryptMetadata}.
|
||||
*
|
||||
* @param encryptedDataB64 base64 encoded string containing the encrypted data.
|
||||
*
|
||||
* @param headerB64 base64 encoded string containing the decryption header
|
||||
* produced during encryption.
|
||||
*
|
||||
* @param keyB64 base64 encoded string containing the encryption key. This is
|
||||
* expected to be the key of the object with which {@link encryptedDataB64} is
|
||||
* associated.
|
||||
*
|
||||
* @returns The decrypted JSON value. Since TypeScript does not have a native
|
||||
* JSON type, we need to return it as an `unknown`.
|
||||
*/
|
||||
export const decryptMetadata = async (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
export const decryptMetadata = (r: DecryptB64) =>
|
||||
inWorker()
|
||||
? ei.decryptMetadataI(encryptedDataB64, decryptionHeaderB64, keyB64)
|
||||
: sharedCryptoWorker().then((w) =>
|
||||
w.decryptMetadata(encryptedDataB64, decryptionHeaderB64, keyB64),
|
||||
);
|
||||
? ei._decryptMetadata(r)
|
||||
: sharedCryptoWorker().then((w) => w.decryptMetadata(r));
|
||||
|
||||
/**
|
||||
* A variant of {@link decryptMetadata} that does not attempt to parse the
|
||||
* decrypted data as a JSON string and instead just returns the raw decrypted
|
||||
* bytes that we got.
|
||||
*/
|
||||
export const decryptMetadataBytes = (
|
||||
encryptedDataB64: string,
|
||||
decryptionHeaderB64: string,
|
||||
keyB64: string,
|
||||
) =>
|
||||
export const decryptMetadataBytes = (r: DecryptB64) =>
|
||||
inWorker()
|
||||
? ei.decryptMetadataBytesI(
|
||||
encryptedDataB64,
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
)
|
||||
: sharedCryptoWorker().then((w) =>
|
||||
w.decryptMetadataBytes(
|
||||
encryptedDataB64,
|
||||
decryptionHeaderB64,
|
||||
keyB64,
|
||||
),
|
||||
);
|
||||
? ei._decryptMetadataBytes(r)
|
||||
: sharedCryptoWorker().then((w) => w.decryptMetadataBytes(r));
|
||||
|
||||
@@ -68,28 +68,6 @@ export interface EncryptedB64 {
|
||||
decryptionHeaderB64: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* A decryption request with the encrypted data as a base64 encoded string.
|
||||
*/
|
||||
export interface DecryptB64 {
|
||||
/**
|
||||
* A base64 string containing the data to decrypt.
|
||||
*/
|
||||
encryptedDataB64: string;
|
||||
/**
|
||||
* A base64 string containing the decryption header that was produced during
|
||||
* encryption.
|
||||
*
|
||||
* The header contains a random nonce and other libsodium metadata. It does
|
||||
* not need to be kept secret.
|
||||
*/
|
||||
decryptionHeaderB64: string;
|
||||
/**
|
||||
* A base64 string containing the encryption key.
|
||||
*/
|
||||
keyB64: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* A decryption request with the encrypted data as bytes.
|
||||
*/
|
||||
@@ -111,3 +89,25 @@ export interface DecryptBytes {
|
||||
*/
|
||||
keyB64: string;
|
||||
}
|
||||
|
||||
/**
|
||||
* A decryption request with the encrypted data as a base64 encoded string.
|
||||
*/
|
||||
export interface DecryptB64 {
|
||||
/**
|
||||
* A base64 string containing the data to decrypt.
|
||||
*/
|
||||
encryptedDataB64: string;
|
||||
/**
|
||||
* A base64 string containing the decryption header that was produced during
|
||||
* encryption.
|
||||
*
|
||||
* The header contains a random nonce and other libsodium metadata. It does
|
||||
* not need to be kept secret.
|
||||
*/
|
||||
decryptionHeaderB64: string;
|
||||
/**
|
||||
* A base64 string containing the encryption key.
|
||||
*/
|
||||
keyB64: string;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user