fix(model-client): sha256 computations were wrong in Chrome

Replaced it js-sha256 with @aws-crypto/sha256-js.
Also added consistency checks on server and client side to ensure
both side compute the same hash value.

see emn178/js-sha256#40

Author: slisson

kotlin-js-store/yarn.lock

@@ -2,6 +2,39 @@
 # yarn lockfile v1
 
 
+"@aws-crypto/sha256-js@^5.0.0":
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/@aws-crypto/sha256-js/-/sha256-js-5.0.0.tgz#fec6d5a9a097e812207eacaaa707bfa9191b3ad8"
+  integrity sha512-g+u9iKkaQVp9Mjoxq1IJSHj9NHGZF441+R/GIH0dn7u4mix5QQ4VqgpppHrNm1LzjUzb0BpcFGsBXP6cOVf+ZQ==
+  dependencies:
+    "@aws-crypto/util" "^5.0.0"
+    "@aws-sdk/types" "^3.222.0"
+    tslib "^1.11.1"
+
+"@aws-crypto/util@^5.0.0":
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/@aws-crypto/util/-/util-5.0.0.tgz#afa286af897ea2bd9fab194b4a6be9cc562db23a"
+  integrity sha512-1GYqLdYRe96idcCltlqxdJ68OWE6ADT8qGLmVi7PVHKl8AxD2EWSbJSSevPq2eTx6vaPZpkr1RoZ3lcw/uGoEA==
+  dependencies:
+    "@aws-sdk/types" "^3.222.0"
+    "@aws-sdk/util-utf8-browser" "^3.0.0"
+    tslib "^1.11.1"
+
+"@aws-sdk/types@^3.222.0":
+  version "3.398.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.398.0.tgz#8ce02559536670f9188cddfce32e9dd12b4fe965"
+  integrity sha512-r44fkS+vsEgKCuEuTV+TIk0t0m5ZlXHNjSDYEUvzLStbbfUFiNus/YG4UCa0wOk9R7VuQI67badsvvPeVPCGDQ==
+  dependencies:
+    "@smithy/types" "^2.2.2"
+    tslib "^2.5.0"
+
+"@aws-sdk/util-utf8-browser@^3.0.0":
+  version "3.259.0"
+  resolved "https://registry.yarnpkg.com/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz#3275a6f5eb334f96ca76635b961d3c50259fd9ff"
+  integrity sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw==
+  dependencies:
+    tslib "^2.3.1"
+
 "@colors/[email protected]":
   version "1.5.0"
   resolved "https://registry.yarnpkg.com/@colors/colors/-/colors-1.5.0.tgz#bb504579c1cae923e6576a4f5da43d25f97bdbd9"
@@ -78,6 +111,13 @@
 "@modelix/ts-model-api@file:../../ts-model-api":
   version "1.3.2-kernelf.4.dirty-SNAPSHOT"
 
+"@smithy/types@^2.2.2":
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/@smithy/types/-/types-2.2.2.tgz#bd8691eb92dd07ac33b83e0e1c45f283502b1bf7"
+  integrity sha512-4PS0y1VxDnELGHGgBWlDksB2LJK8TG8lcvlWxIsgR+8vROI7Ms8h1P4FQUx+ftAX2QZv5g1CJCdhdRmQKyonyw==
+  dependencies:
+    tslib "^2.5.0"
+
 "@socket.io/component-emitter@~3.1.0":
   version "3.1.0"
   resolved "https://registry.yarnpkg.com/@socket.io/component-emitter/-/component-emitter-3.1.0.tgz#96116f2a912e0c02817345b3c10751069920d553"
@@ -2045,6 +2085,16 @@ tr46@~0.0.3:
   resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a"
   integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==
 
+tslib@^1.11.1:
+  version "1.14.1"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00"
+  integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==
+
+tslib@^2.3.1, tslib@^2.5.0:
+  version "2.6.2"
+  resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae"
+  integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q==
+
 type-check@~0.3.2:
   version "0.3.2"
   resolved "https://registry.yarnpkg.com/type-check/-/type-check-0.3.2.tgz#5884cab512cf1d355e3fb784f30804b2b520db72"

model-client/build.gradle.kts

@@ -20,7 +20,13 @@ val kotlinxSerializationVersion: String by rootProject
 kotlin {
     jvm()
     js(IR) {
-        // browser {}
+        browser {
+            testTask {
+                useMocha {
+                    timeout = "30s"
+                }
+            }
+        }
         nodejs {
             testTask {
                 useMocha {

model-client/src/commonMain/kotlin/org/modelix/model/client2/ModelClientV2.kt

@@ -134,14 +134,15 @@ class ModelClientV2(
         require(version is CLVersion)
         require(baseVersion is CLVersion?)
         version.write()
-        val objects = version.computeDelta(baseVersion).values.filterNotNull().toSet()
+        val objects = version.computeDelta(baseVersion)
         val response = httpClient.post {
             url {
                 takeFrom(baseUrl)
                 appendPathSegments("repositories", branch.repositoryId.id, "branches", branch.branchName)
             }
             contentType(ContentType.Application.Json)
-            val body = VersionDelta(version.getContentHash(), null, objects)
+            val body = VersionDelta(version.getContentHash(), null, objectsMap = objects)
+            body.checkObjectHashes()
             setBody(body)
         }
         val mergedVersionDelta = response.body<VersionDelta>()
@@ -192,13 +193,13 @@ class ModelClientV2(
         return if (baseVersion == null) {
             CLVersion(
                 delta.versionHash,
-                store.also { it.keyValueStore.putAll(delta.objects.associateBy { HashUtil.sha256(it) }) },
+                store.also { it.keyValueStore.putAll(delta.getAllObjects()) },
             )
         } else if (delta.versionHash == baseVersion.hash) {
             baseVersion
         } else {
             require(baseVersion.store == store) { "baseVersion was not created by this client" }
-            store.keyValueStore.putAll(delta.objects.associateBy { HashUtil.sha256(it) })
+            store.keyValueStore.putAll(delta.getAllObjects())
             CLVersion(
                 delta.versionHash,
                 baseVersion.store,
@@ -275,3 +276,9 @@ abstract class ModelClientV2Builder {
 }
 
 expect class ModelClientV2PlatformSpecificBuilder() : ModelClientV2Builder
+
+fun VersionDelta.checkObjectHashes() {
+    HashUtil.checkObjectHashes(objectsMap)
+}
+
+fun VersionDelta.getAllObjects(): Map<String, String> = objectsMap + objects.associateBy { HashUtil.sha256(it) }

model-client/src/commonTest/kotlin/org/modelix/model/HashUtilsTest.kt

@@ -6,7 +6,7 @@ plugins {
 kotlin {
     jvm()
     js(IR) {
-        // browser {}
+        browser {}
         nodejs {
             testTask {
                 useMocha {
@@ -34,8 +34,8 @@ kotlin {
         }
         val commonTest by getting {
             dependencies {
-//                kotlin("test-common")
-//                kotlin("test-annotations-common")
+                kotlin("test-common")
+                kotlin("test-annotations-common")
             }
         }
         val jvmMain by getting {
@@ -62,20 +62,21 @@ kotlin {
         }
         val jvmTest by getting {
             dependencies {
-//                implementation(kotlin("test"))
+                implementation(kotlin("test"))
             }
         }
         val jsMain by getting {
             dependencies {
 //                implementation(kotlin("stdlib-js"))
 //                implementation(npm("uuid", "^8.3.0"))
 //                implementation(npm("js-sha256", "^0.9.0"))
+                implementation(npm("@aws-crypto/sha256-js", "^5.0.0"))
 //                implementation(npm("js-base64", "^3.4.5"))
             }
         }
         val jsTest by getting {
             dependencies {
-//                implementation(kotlin("test-js"))
+                implementation(kotlin("test-js"))
             }
         }
     }

model-client/src/commonTest/kotlin/org/modelix/model/StringUtilsTest.kt

@@ -285,10 +285,13 @@ class CLVersion : IVersion {
     }
 }
 
-fun CLVersion.computeDelta(baseVersion: CLVersion?): Map<String, String?> {
-    return computeDelta(store.keyValueStore, this.getContentHash(), baseVersion?.getContentHash())
+fun CLVersion.computeDelta(baseVersion: CLVersion?): Map<String, String> {
+    return computeDelta(store.keyValueStore, this.getContentHash(), baseVersion?.getContentHash()).filterNotNullValues()
 }
 
+@Suppress("UNCHECKED_CAST")
+fun <K, V> Map<K, V?>.filterNotNullValues(): Map<K, V> = filterValues { it != null } as Map<K, V>
+
 private fun computeDelta(keyValueStore: IKeyValueStore, versionHash: String, baseVersionHash: String?): Map<String, String?> {
     val changedNodeIds = HashSet<Long>()
     val oldAndNewEntries: Map<String, String?> = trackAccessedEntries(keyValueStore) { store ->

model-datastructure/build.gradle.kts

@@ -18,9 +18,12 @@ package org.modelix.model.persistent
 object HashUtil {
     val HASH_PATTERN = Regex("""[a-zA-Z0-9\-_]{5}\*[a-zA-Z0-9\-_]{38}""")
 
-    fun sha256asByteArray(input: ByteArray?): ByteArray = PlatformSpecificHashUtil.sha256asByteArray(input)
-    fun sha256(input: ByteArray?): String = PlatformSpecificHashUtil.sha256(input)
-    fun sha256(input: String): String = PlatformSpecificHashUtil.sha256(input)
+    fun sha256asByteArray(input: String): ByteArray = PlatformSpecificHashUtil.sha256asByteArray(input)
+
+    fun sha256(input: String): String {
+        val base64 = PlatformSpecificHashUtil.base64encode(sha256asByteArray(input))
+        return base64.substring(0, 5) + "*" + base64.substring(5)
+    }
 
     fun isSha256(value: String?): Boolean {
         return if (value == null || value.length != 44) {
@@ -35,8 +38,16 @@ object HashUtil {
         return HASH_PATTERN.findAll(input).map { it.groupValues.first() }.asIterable()
     }
 
-    fun base64encode(input: String): String = PlatformSpecificHashUtil.base64encode(input)
-    fun base64encode(input: ByteArray): String = PlatformSpecificHashUtil.base64encode(input)
-    fun base64decode(input: String): String = PlatformSpecificHashUtil.base64decode(input)
-    fun stringToUTF8ByteArray(input: String): ByteArray = PlatformSpecificHashUtil.stringToUTF8ByteArray(input)
+    fun checkObjectHashes(entries: Map<String, String?>) {
+        for (entry in entries) {
+            val value = entry.value ?: continue
+            if (!isSha256(entry.key)) continue
+            val computedHash = sha256(value)
+            val providedHash = entry.key
+            require(computedHash == providedHash) {
+                val bytes = value.encodeToByteArray(throwOnInvalidSequence = true)
+                "Provided hash $providedHash doesn't match the computed hash $computedHash for value: $value\n    Value as ByteArray$bytes"
+            }
+        }
+    }
 }

model-datastructure/src/commonMain/kotlin/org/modelix/model/lazy/CLVersion.kt

@@ -1,11 +1,6 @@
 package org.modelix.model.persistent
 
 expect object PlatformSpecificHashUtil {
-    fun sha256asByteArray(input: ByteArray?): ByteArray
-    fun sha256(input: ByteArray?): String
-    fun sha256(input: String): String
-    fun base64encode(input: String): String
+    fun sha256asByteArray(input: String): ByteArray
     fun base64encode(input: ByteArray): String
-    fun base64decode(input: String): String
-    fun stringToUTF8ByteArray(input: String): ByteArray
 }

model-datastructure/src/commonMain/kotlin/org/modelix/model/persistent/HashUtil.kt

@@ -0,0 +1,59 @@
+/*
+ * Copyright (c) 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import org.modelix.model.persistent.HashUtil
+import kotlin.test.Test
+import kotlin.test.assertEquals
+
+class HashUtilsTest {
+
+    @Test
+    fun testKnownIssue1() {
+        val res = HashUtil.sha256("courses/2/Xsmvf*PD7Sfna8J23fw4VWAT-g9KiXvRfUjYgCYGkZP8")
+        assertEquals("hgopc*4n9Ddc5-Di5f9i0gXA_LsGwuBN9ir-fmJTsvp4", res)
+    }
+
+    @Test
+    fun testKnownIssue2() {
+        val res = HashUtil.sha256("100000016/mps%3A96533389-8d4c-46f2-b150-8d89155f7fca%2F4128798754188010580/100000015/rooms/100000017,100000018,100000019/%23mpsNodeId%23=5042850610501964316,maximumCapacity=30,name=Marie,number=1.311/")
+        assertEquals("wViE7*Dr2QLdMzP6YhAFA-8aKgx3USS1butvAODA22y0", res)
+    }
+
+    @Test
+    fun testKnownIssue4() {
+        val input = "L/10000002a/hCo9C*azyKaBGRwpGmcmCzK4zNpVvpJtdvaNh_Ai7Ljo"
+        val res = HashUtil.sha256(input)
+        assertEquals("CgU1o*tzhHi3xPr2AA-ucivjYQ2qx0fzC9V8ZIa9w0UM", res)
+    }
+
+    @Test
+    fun unicodeString() {
+        val res = HashUtil.sha256("⊣ⵊⰵ₪┨₩⛎⋪⯏⋂⇤⅐\u244F⪶⸎⡚⚅⑼➐≘⍗⚬☄⦍≧⯢⻱\u2029\u20C3⒋Ⱍ⑊⨩ⱡ⡉⩓⽄◳┸⇅⻖⸙⍹\u200B⯴⺁⎾ℤ\u2432␞⊘╻⼒")
+        assertEquals("_KlSg*f0Y4i8Z8GRd672y1SoNwHPm22crM-NYrYUdIiQ", res)
+    }
+
+    @Test
+    fun testSha256EmptyString() {
+        val res = HashUtil.sha256("")
+        assertEquals("47DEQ*pj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU", res)
+    }
+
+    @Test
+    fun testSha256AsciiString() {
+        val res = HashUtil.sha256("""!"#${'$'}%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~""")
+        assertEquals("TlD0a*IifAn-A7RlySVGi9Xb6YeBMJ9vp7JiPUGtZH-U", res)
+    }
+}