Rocket.Chat.ReactNative/app/sagas/encryption.js

123 lines
3.9 KiB
JavaScript
Raw Normal View History

[NEW] E2E Encryption (#2394) * Add E2EKey to Subscription Model * Install react-native-simple-crypto * Install bytebuffer * Add translations * CreateChannel Encrypted toggle * Request E2E_Enabled setting * Add some E2E API methods * POC E2E Encryption * Garbage remove * Remove keys cleaner * Android cast JWK -> PKCS1 * Initialize E2E when Login Success * Add some translations * Add e2e property to Message model * Send Encrypted messages * (iOS) PKCS1 -> JWK & e2e.setUserPublicAndPrivateKeys * (Android) PKCS1 -> JWK & e2e.setUserPublicAndPrivateKeys * Create an encrypted channel * Fix app crashing on RoomsList * Create room key * Set Room E2E Key (Android) * Edit room encrypted * Show encrypted icon on messages * logEvents * Decrypt pending subscriptions & messages * Handle user cancel e2e password entry * E2ESavePasswordView * Update Snapshot * Add encrypted props to message on Send * Thread messages encryption * E2E -> Encryption * Share Extension: Share encrypted text * (POC) Search messages on Encrypted room * Provide room key to new users * Request roomKey on stream-notify-room-users * Add e2eKeyId to Room Model * (WIP) E2E Encryption Screens * Remove encryption subscription file * Move E2E_Enable to Server Model * Encryption List Banner * Move Encryption init to Sagas * Show banner only when enabled * Use RocketChat/react-native-simple-crypto * Search on WM only when is an Encrypted channel * (WIP) Encryption Banner * Encryption banner * Patch -> Fork * Improve send encrypted message * Update simple-crypto * Not decrypt already decrypted messages * Add comments * Change eslint disable to inline * Improve code * Remove comment * Some fixes * (WIP) Encryption Screens * Improve sub find * Resend an encrypted message * Fix comment * Code improvements * Hide e2e buttons on features if it is not enabled * InApp notifications of a encrypted room * Encryption stop logic * Edit encrypted message * DB batch on decryptPending * Encryption ready client * Comments * Handle getRoomInstance errors * Multiple messages decrypt * Remove unnecessary try/catch * Fix decrypt all messages history * Just add a questionmark * Fix some subscriptions missing decrypt * Disable request key logic * Fix unicode emojis * Fix e2ekey request * roomId -> subscription * Decrypt subscription after merge * E2ERoom -> EncryptionRoom * Fix infinite loading * Handle import key errors * Handle request key errors * Move e2eRequestRoomKey to Rocket.Chat * WIP handshake when key should be requested * Add search messages explanation * Remove some TODO and update comments * Improvements * Dont show message hash to user * Handle key request & prevent multiple calls * Request E2EKey on decryptSubscription that doesn't exists on database yet * Insert decrypted subscription * Fix crash after login * Decrypt sub when receive the key * Decrypt pending messages of a room * Encrypted as a switch * Buffer to Base64 URI Safe * Add a relevant comment * Prevent import key without a privateKey * Prevent create a new instance when client is not ready * Update simple-crypto & remove replace trick * More comments * Remove useless comment * Remove useless try/catch * I18n all E2E screens * E2ESavePassword -> E2ESaveYourPassword * Prevent multiple views on message when is not encrypted * Fix encryption toggle not working sometimes * follow some suggestions * dont rotate icons * remove unnecessary condition * remove unreachable event * create channel comment * disable no-bitwise rule for entire file * loadKeys -> persistKeys * getMasterKey -> generateMasterKey * explicit difference between E2EKey & e2eKeyId * roomId -> rid * group columns * Remove server selector * missing log events * remove comment * use stored public key * update simple-crypto & remove base64-js patch * add some logs * remove unreachable condition * log errors * handle errors on provide key directly on subscription * Downgrade RocketChat/react-native-simple-crypto * improve get room instance * migration of older apps * check encrypted status before send a message * wait client ready * use our own base64-js * add more jest tests * explain return * remove unncessary stop * thrown error to caller * remove superfluous checks * use Encryption property * change ready state logic * ready -> establishing * encryption.room -> encryptionRoom * EncryptionRoom -> Room * add documentation * wait establishing before provide a room key * remove superfluous condition * improve error handling logic * fallback e2ekey set * remove no longer necessary check * remove e.g. * improve getRoomInstance * import from index * use batch * fix a comment * decrypt tmsg * dont show hash when message is encrypted * Fix detox * Apply suggestions from code review Co-authored-by: Diego Mello <diegolmello@gmail.com>
2020-09-11 14:31:38 +00:00
import EJSON from 'ejson';
import { takeLatest, select, put } from 'redux-saga/effects';
import { ENCRYPTION } from '../actions/actionsTypes';
import { encryptionSetBanner } from '../actions/encryption';
import { Encryption } from '../lib/encryption';
import Navigation from '../lib/Navigation';
import {
E2E_PUBLIC_KEY,
E2E_PRIVATE_KEY,
E2E_BANNER_TYPE,
E2E_RANDOM_PASSWORD_KEY
} from '../lib/encryption/constants';
import database from '../lib/database';
import RocketChat from '../lib/rocketchat';
import UserPreferences from '../lib/userPreferences';
import { getUserSelector } from '../selectors/login';
import { showErrorAlert } from '../utils/info';
import I18n from '../i18n';
import log from '../utils/log';
const getServer = state => state.share.server || state.server.server;
const handleEncryptionInit = function* handleEncryptionInit() {
try {
const server = yield select(getServer);
const user = yield select(getUserSelector);
// Fetch server info to check E2E enable
const serversDB = database.servers;
const serversCollection = serversDB.collections.get('servers');
const serverInfo = yield serversCollection.find(server);
// If E2E is disabled on server, skip
if (!serverInfo?.E2E_Enable) {
return;
}
// Fetch stored private e2e key for this server
const storedPrivateKey = yield UserPreferences.getStringAsync(`${ server }-${ E2E_PRIVATE_KEY }`);
// Fetch server stored e2e keys
const keys = yield RocketChat.e2eFetchMyKeys();
// A private key was received from the server, but it's not saved locally yet
// Show the banner asking for the password
if (!storedPrivateKey && keys?.privateKey) {
yield put(encryptionSetBanner(E2E_BANNER_TYPE.REQUEST_PASSWORD));
return;
}
// If the user has a private key stored, but never entered the password
const storedRandomPassword = yield UserPreferences.getStringAsync(`${ server }-${ E2E_RANDOM_PASSWORD_KEY }`);
if (storedRandomPassword) {
yield put(encryptionSetBanner(E2E_BANNER_TYPE.SAVE_PASSWORD));
}
// Fetch stored public e2e key for this server
let storedPublicKey = yield UserPreferences.getStringAsync(`${ server }-${ E2E_PUBLIC_KEY }`);
// Prevent parse undefined
if (storedPublicKey) {
storedPublicKey = EJSON.parse(storedPublicKey);
}
if (storedPublicKey && storedPrivateKey) {
// Persist these keys
yield Encryption.persistKeys(server, storedPublicKey, storedPrivateKey);
} else {
// Create new keys since the user doesn't have any
yield Encryption.createKeys(user.id, server);
yield put(encryptionSetBanner(E2E_BANNER_TYPE.SAVE_PASSWORD));
}
// Decrypt all pending messages/subscriptions
Encryption.initialize();
} catch (e) {
log(e);
}
};
const handleEncryptionStop = function* handleEncryptionStop() {
// Hide encryption banner
yield put(encryptionSetBanner());
// Stop Encryption client
Encryption.stop();
};
const handleEncryptionDecodeKey = function* handleEncryptionDecodeKey({ password }) {
try {
const server = yield select(getServer);
const user = yield select(getUserSelector);
// Fetch server stored e2e keys
const keys = yield RocketChat.e2eFetchMyKeys();
const publicKey = EJSON.parse(keys?.publicKey);
// Decode the current server key
const privateKey = yield Encryption.decodePrivateKey(keys?.privateKey, password, user.id);
// Persist these decrypted keys
yield Encryption.persistKeys(server, publicKey, privateKey);
// Decrypt all pending messages/subscriptions
Encryption.initialize();
// Hide encryption banner
yield put(encryptionSetBanner());
Navigation.back();
} catch {
// Can't decrypt user private key
showErrorAlert(I18n.t('Encryption_error_desc'), I18n.t('Encryption_error_title'));
}
};
const root = function* root() {
yield takeLatest(ENCRYPTION.INIT, handleEncryptionInit);
yield takeLatest(ENCRYPTION.STOP, handleEncryptionStop);
yield takeLatest(ENCRYPTION.DECODE_KEY, handleEncryptionDecodeKey);
};
export default root;