feat: add working encryption for groups & communities

Author: Bilb

CMakeLists.txt

@@ -41,7 +41,6 @@ file(GLOB SOURCE_FILES src/*.cpp src/groups/*.cpp src/multi_encrypt/*.cpp)
 
 add_subdirectory(libsession-util)
 
-
 if(MSVC)
   # Windows is horrible
   add_compile_definitions(NOMINMAX)

include/groups/meta_group_wrapper.hpp

@@ -80,6 +80,7 @@ class MetaGroupWrapper : public Napi::ObjectWrap<MetaGroupWrapper> {
     Napi::Value keysNeedsRekey(const Napi::CallbackInfo& info);
     Napi::Value keyRekey(const Napi::CallbackInfo& info);
     Napi::Value keyGetAll(const Napi::CallbackInfo& info);
+    Napi::Value keyGetEncryptionKeyHex(const Napi::CallbackInfo& info);
     Napi::Value loadKeyMessage(const Napi::CallbackInfo& info);
     Napi::Value keyGetCurrentGen(const Napi::CallbackInfo& info);
     Napi::Value activeHashes(const Napi::CallbackInfo& info);

include/multi_encrypt/multi_encrypt.hpp

@@ -8,6 +8,7 @@
 #include <vector>
 
 #include "../utilities.hpp"
+#include "oxen/log.hpp"
 #include "session/attachments.hpp"
 #include "session/config/user_profile.hpp"
 #include "session/multi_encrypt.hpp"
@@ -17,62 +18,92 @@ namespace session::nodeapi {
 
 inline std::vector<unsigned char> extractPlaintext(
         const Napi::Object& obj, const std::string identifier) {
+
     assertIsUInt8Array(obj.Get("plaintext"), identifier);
     auto plaintext = toCppBuffer(obj.Get("plaintext"), identifier);
+
     return plaintext;
 }
 
 inline std::chrono::milliseconds extractSentTimestampMs(
         const Napi::Object& obj, const std::string identifier) {
     assertIsNumber(obj.Get("sentTimestampMs"), identifier);
     auto sentTimestampMs = toCppMs(obj.Get("sentTimestampMs"), identifier);
+
     return sentTimestampMs;
 }
 
-inline std::span<const unsigned char> extractSenderEd25519PrivkeyAsSpan(
+inline std::span<const unsigned char> extractSenderEd25519SeedAsSpan(
         const Napi::Object& obj, const std::string identifier) {
-    assertIsString(obj.Get("senderEd25519Privkey"));
-    auto ed25519PrivkeyHex = toCppString(obj.Get("senderEd25519Privkey"), identifier);
-    return from_hex_to_span(ed25519PrivkeyHex);
+
+    assertIsUInt8Array(
+            obj.Get("senderEd25519Seed"), "extractSenderEd25519SeedAsSpan.senderEd25519Seed");
+
+    auto senderEd25519Seed = toCppBuffer(obj.Get("senderEd25519Seed"), identifier);
+    assert_length(senderEd25519Seed, 32, identifier);
+
+    return senderEd25519Seed;
 }
 
 inline session::array_uc33 extractRecipientPubkeyAsArray(
         const Napi::Object& obj, const std::string identifier) {
     assertIsString(obj.Get("recipientPubkey"));
     auto recipientPubkeyHex = toCppString(obj.Get("recipientPubkey"), identifier);
+    assert_length(recipientPubkeyHex, 66, identifier);
+
     return from_hex_to_array<33>(recipientPubkeyHex);
 }
 
 inline session::array_uc32 extractCommunityPubkeyAsArray(
         const Napi::Object& obj, const std::string identifier) {
     assertIsString(obj.Get("communityPubkey"));
     auto communityPubkeyHex = toCppString(obj.Get("communityPubkey"), identifier);
+    assert_length(communityPubkeyHex, 64, identifier);
+
     return from_hex_to_array<32>(communityPubkeyHex);
 }
 
 inline session::array_uc33 extractGroupEd25519PubkeyAsArray(
         const Napi::Object& obj, const std::string identifier) {
     assertIsString(obj.Get("groupEd25519Pubkey"));
-    auto communityPubkeyHex = toCppString(obj.Get("groupEd25519Pubkey"), identifier);
-    return from_hex_to_array<33>(communityPubkeyHex);
+    std::string groupEd25519PubkeyHex = toCppString(obj.Get("groupEd25519Pubkey"), identifier);
+
+    assert_length(groupEd25519PubkeyHex, 66, identifier);
+    auto arr = from_hex_to_array<33>(groupEd25519PubkeyHex);
+
+    return arr;
 }
 
-inline cleared_uc32 extractGroupEncPrivKeyAsArray(
+inline cleared_uc32 extractGroupEncKeyAsArray(
         const Napi::Object& obj, const std::string identifier) {
-    assertIsString(obj.Get("groupEncPrivKey"));
-    auto groupEncPrivKeyHex = toCppString(obj.Get("groupEncPrivKey"), identifier);
-    auto arr = from_hex_to_array<32>(groupEncPrivKeyHex);
+    assertIsString(obj.Get("groupEncKey"));
+
+    auto groupEncKeyHex = toCppString(obj.Get("groupEncKey"), identifier);
+    assert_length(groupEncKeyHex, 64, identifier);
+
+    auto arr = from_hex_to_array<32>(groupEncKeyHex);
     cleared_uc32 result;
+
     std::copy(arr.begin(), arr.end(), result.begin());
+
     return result;
 }
 
-inline std::span<const unsigned char> extractProRotatingEd25519PrivkeyAsSpan(
+inline std::optional<std::span<const unsigned char>> extractProRotatingEd25519PrivKeyAsSpan(
         const Napi::Object& obj, const std::string identifier) {
-    assertIsStringOrNull(obj.Get("proRotatingEd25519Privkey"));
-    auto proRotatingEd25519PrivkeyHex =
-            maybeNonemptyString(obj.Get("proRotatingEd25519Privkey"), identifier);
-    return from_hex_to_span(proRotatingEd25519PrivkeyHex.value_or(""));
+    assertIsStringOrNull(obj.Get("proRotatingEd25519PrivKey"));
+    auto proRotatingEd25519PrivKeyHex =
+            maybeNonemptyString(obj.Get("proRotatingEd25519PrivKey"), identifier);
+
+    if (proRotatingEd25519PrivKeyHex.has_value() && proRotatingEd25519PrivKeyHex.value().size()) {
+        assert_length(*proRotatingEd25519PrivKeyHex, 64, identifier);
+
+        auto ret = from_hex_to_span(*proRotatingEd25519PrivKeyHex);
+
+        return ret;
+    }
+
+    return std::nullopt;
 }
 
 class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
@@ -313,9 +344,9 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
             // {
             //   "plaintext": Uint8Array,
             //   "sentTimestampMs": Number,
-            //   "senderEd25519Privkey": Hexstring,
+            //   "senderEd25519Seed": Hexstring,
             //   "recipientPubkey": Hexstring,
-            //   "proRotatingEd25519Privkey": Hexstring | null,
+            //   "proRotatingEd25519PrivKey": Hexstring | null,
             // }
             //
 
@@ -337,12 +368,11 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
 
                 ready_to_send[i] = session::encode_for_1o1(
                         extractPlaintext(obj, "encryptFor1o1.obj.plaintext"),
-                        extractSenderEd25519PrivkeyAsSpan(
-                                obj, "encryptFor1o1.obj.senderEd25519Privkey"),
+                        extractSenderEd25519SeedAsSpan(obj, "encryptFor1o1.obj.senderEd25519Seed"),
                         extractSentTimestampMs(obj, "encryptFor1o1.obj.sentTimestampMs"),
                         extractRecipientPubkeyAsArray(obj, "encryptFor1o1.obj.recipientPubkey"),
-                        extractProRotatingEd25519PrivkeyAsSpan(
-                                obj, "encryptFor1o1.obj.proRotatingEd25519Privkey"));
+                        extractProRotatingEd25519PrivKeyAsSpan(
+                                obj, "encryptFor1o1.obj.proRotatingEd25519PrivKey"));
             }
 
             auto ret = Napi::Object::New(info.Env());
@@ -358,11 +388,11 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
             // properties:
             // {
             //   "plaintext": Uint8Array,
-            //   "senderEd25519Privkey": Hexstring,
+            //   "senderEd25519Seed": Hexstring,
             //   "sentTimestampMs": Number,
             //   "recipientPubkey": Hexstring,
             //   "communityPubkey": Hexstring,
-            //   "proRotatingEd25519Privkey": Hexstring | null,
+            //   "proRotatingEd25519PrivKey": Hexstring | null,
             // }
             //
 
@@ -385,15 +415,15 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
 
                 ready_to_send[i] = session::encode_for_community_inbox(
                         extractPlaintext(obj, "encryptForCommunityInbox.obj.plaintext"),
-                        extractSenderEd25519PrivkeyAsSpan(
-                                obj, "encryptForCommunityInbox.obj.senderEd25519Privkey"),
+                        extractSenderEd25519SeedAsSpan(
+                                obj, "encryptForCommunityInbox.obj.senderEd25519Seed"),
                         extractSentTimestampMs(obj, "encryptForCommunityInbox.obj.sentTimestampMs"),
                         extractRecipientPubkeyAsArray(
                                 obj, "encryptForCommunityInbox.obj.recipientPubkey"),
                         extractCommunityPubkeyAsArray(
                                 obj, "encryptForCommunityInbox.obj.communityPubkey"),
-                        extractProRotatingEd25519PrivkeyAsSpan(
-                                obj, "encryptForCommunityInbox.obj.proRotatingEd25519Privkey"));
+                        extractProRotatingEd25519PrivKeyAsSpan(
+                                obj, "encryptForCommunityInbox.obj.proRotatingEd25519PrivKey"));
             }
 
             auto ret = Napi::Object::New(info.Env());
@@ -409,7 +439,7 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
             // properties:
             // {
             //   "plaintext": Uint8Array,
-            //   "proRotatingEd25519Privkey": Hexstring | null,
+            //   "proRotatingEd25519PrivKey": Hexstring | null,
             // }
             //
 
@@ -431,8 +461,8 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
 
                 ready_to_send[i] = session::encode_for_community(
                         extractPlaintext(obj, "encryptForCommunity.obj.plaintext"),
-                        extractProRotatingEd25519PrivkeyAsSpan(
-                                obj, "encryptForCommunity.obj.proRotatingEd25519Privkey"));
+                        extractProRotatingEd25519PrivKeyAsSpan(
+                                obj, "encryptForCommunity.obj.proRotatingEd25519PrivKey"));
             }
 
             auto ret = Napi::Object::New(info.Env());
@@ -448,11 +478,11 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
             // properties:
             // {
             //   "plaintext": Uint8Array,
-            //   "senderEd25519Privkey": Hexstring,
+            //   "senderEd25519Seed": Uint8Array, 32 bytes
             //   "sentTimestampMs": Number,
             //   "groupEd25519Pubkey": Hexstring,
-            //   "groupEncPrivKey": Hexstring,
-            //   "proRotatingEd25519Privkey": Hexstring | null,
+            //   "groupEncKey": Hexstring,
+            //   "proRotatingEd25519PrivKey": Hexstring | null,
             // }
             //
 
@@ -472,16 +502,28 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
                 }
                 auto obj = itemValue.As<Napi::Object>();
 
+                auto plaintext = extractPlaintext(obj, "encryptForGroup.obj.plaintext");
+                auto senderEd25519Seed = extractSenderEd25519SeedAsSpan(
+                        obj, "encryptForGroup.obj.senderEd25519Seed");
+
+                auto sentTimestampMs =
+                        extractSentTimestampMs(obj, "encryptForGroup.obj.sentTimestampMs");
+
+                auto groupEd25519Pubkey = extractGroupEd25519PubkeyAsArray(
+                        obj, "encryptForGroup.obj.recipientPubkey");
+
+                auto groupEncKey =
+                        extractGroupEncKeyAsArray(obj, "encryptForGroup.obj.groupEncKey");
+                auto proRotatingEd25519PrivKey = extractProRotatingEd25519PrivKeyAsSpan(
+                        obj, "encryptForGroup.obj.proRotatingEd25519PrivKey");
+
                 ready_to_send[i] = session::encode_for_group(
-                        extractPlaintext(obj, "encryptForGroup.obj.plaintext"),
-                        extractSenderEd25519PrivkeyAsSpan(
-                                obj, "encryptForGroup.obj.senderEd25519Privkey"),
-                        extractSentTimestampMs(obj, "encryptForGroup.obj.sentTimestampMs"),
-                        extractGroupEd25519PubkeyAsArray(
-                                obj, "encryptForGroup.obj.recipientPubkey"),
-                        extractGroupEncPrivKeyAsArray(obj, "encryptForGroup.obj.groupEncPrivKey"),
-                        extractProRotatingEd25519PrivkeyAsSpan(
-                                obj, "encryptForGroup.obj.proRotatingEd25519Privkey"));
+                        plaintext,
+                        senderEd25519Seed,
+                        sentTimestampMs,
+                        groupEd25519Pubkey,
+                        groupEncKey,
+                        proRotatingEd25519PrivKey);
             }
 
             auto ret = Napi::Object::New(info.Env());

include/utilities.hpp

@@ -10,6 +10,7 @@
 #include <unordered_set>
 #include <vector>
 
+#include "oxenc/hex.h"
 #include "session/config/namespaces.hpp"
 #include "session/config/profile_pic.hpp"
 #include "session/types.hpp"
@@ -357,6 +358,34 @@ template <std::size_t N>
 std::array<uint8_t, N> spanToArray(std::span<const unsigned char> span);
 
 template <std::size_t N>
-std::array<uint8_t, N> from_hex_to_array(std::string_view x);
+std::array<uint8_t, N> from_hex_to_array(std::string x) {
+    std::string as_hex = oxenc::from_hex(x);
+    if (as_hex.size() != N) {
+        throw std::invalid_argument(
+                std::format(
+                        "from_hex_to_array: Decoded hex size mismatch: expected {}, got {}",
+                        N,
+                        as_hex.size()));
+    }
+
+    std::array<uint8_t, N> result;
+    std::memcpy(result.data(), as_hex.data(), N);
+    return result;
+}
+
+// Concept to match containers with a size() method
+template <typename T>
+concept HasSize = requires(T t) {
+    {t.size()}->std::convertible_to<size_t>;
+};
+
+template <HasSize T>
+void assert_length(const T& x, size_t n, std::string_view base_identifier) {
+    if (x.size() != n) {
+        throw std::invalid_argument(
+                std::format(
+                        "assert_length: expected {}, got {} for {}", n, x.size(), base_identifier));
+    }
+}
 
 }  // namespace session::nodeapi

src/addon.cpp

@@ -32,7 +32,7 @@ Napi::Object InitAll(Napi::Env env, Napi::Object exports) {
                                                         .As<Napi::Object>()
                                                         .Get("log")
                                                         .As<Napi::Function>();
-                    Napi::String jsStr = Napi::String::New(env, "libsession-util: " + *msg);
+                    Napi::String jsStr = Napi::String::New(env, "libsession: " + *msg);
                     consoleLog.Call({jsStr});
                     delete msg;
                 });

src/groups/meta_group_wrapper.cpp

@@ -139,6 +139,7 @@ void MetaGroupWrapper::Init(Napi::Env env, Napi::Object exports) {
                     InstanceMethod("keysNeedsRekey", &MetaGroupWrapper::keysNeedsRekey),
                     InstanceMethod("keyRekey", &MetaGroupWrapper::keyRekey),
                     InstanceMethod("keyGetAll", &MetaGroupWrapper::keyGetAll),
+                    InstanceMethod("keyGetEncryptionKeyHex", &MetaGroupWrapper::keyGetEncryptionKeyHex),
                     InstanceMethod("activeHashes", &MetaGroupWrapper::activeHashes),
                     InstanceMethod("loadKeyMessage", &MetaGroupWrapper::loadKeyMessage),
                     InstanceMethod("keyGetCurrentGen", &MetaGroupWrapper::keyGetCurrentGen),
@@ -743,6 +744,10 @@ Napi::Value MetaGroupWrapper::keyGetAll(const Napi::CallbackInfo& info) {
     return wrapResult(info, [&] { return meta_group->keys->group_keys(); });
 }
 
+Napi::Value MetaGroupWrapper::keyGetEncryptionKeyHex(const Napi::CallbackInfo& info) {
+    return wrapResult(info, [&] { return to_hex(meta_group->keys->group_enc_key()); });
+}
+
 Napi::Value MetaGroupWrapper::loadKeyMessage(const Napi::CallbackInfo& info) {
     return wrapResult(info, [&] {
         assertInfoLength(info, 3);

src/utilities.cpp

@@ -200,7 +200,7 @@ std::optional<session::config::profile_pic> maybeNonemptyProfilePic(
         // when the `x` obj is provided (i.e. not null), it should have those 2 fields set.
         // They can be empty (meaning to remove the profile pic), but not undefined/null, as the
         // object itself should have been undefined/null
-        throw new std::invalid_argument{"maybeNonemptyProfilePic with invalid input"};
+        throw std::invalid_argument{"maybeNonemptyProfilePic with invalid input"};
     }
     return session::config::profile_pic{*url, *key};
 
@@ -343,8 +343,4 @@ std::array<uint8_t, N> spanToArray(std::span<const unsigned char> span) {
     return result;
 }
 
-template <std::size_t N>
-std::array<uint8_t, N> from_hex_to_array(std::string_view x) {
-    return spanToArray<N>(session::to_span(oxenc::from_hex(x)));
-}
 }  // namespace session::nodeapi

types/groups/groupkeys.d.ts

@@ -6,6 +6,7 @@ declare module 'libsession_util_nodejs' {
     keysNeedsRekey: () => boolean;
     keyRekey: () => Uint8Array;
     keyGetAll: () => Array<Uint8Array>;
+    keyGetEncryptionKeyHex: () => string;
     loadKeyMessage: (hash: string, data: Uint8Array, timestampMs: number) => boolean;
     keysAdmin: () => boolean;
     keyGetCurrentGen: () => number;

types/groups/metagroup.d.ts

@@ -164,6 +164,7 @@ declare module 'libsession_util_nodejs' {
     | MakeActionCall<MetaGroupWrapper, 'keysNeedsRekey'>
     | MakeActionCall<MetaGroupWrapper, 'keyRekey'>
     | MakeActionCall<MetaGroupWrapper, 'keyGetAll'>
+    | MakeActionCall<MetaGroupWrapper, 'keyGetEncryptionKeyHex'>
     | MakeActionCall<MetaGroupWrapper, 'loadKeyMessage'>
     | MakeActionCall<MetaGroupWrapper, 'keysAdmin'>
     | MakeActionCall<MetaGroupWrapper, 'keyGetCurrentGen'>