Merge pull request #1640 from session-foundation/fix-attachment-decrypt-legacy

fix: add supersuper fileserver for testing

Author: Bilb

ts/session/apis/file_server_api/FileServerApi.ts

@@ -35,7 +35,11 @@ export const uploadFileToFsWithOnionV4 = async (
   }
 
   // TODO: remove this once QA is done
-  const target = process.env.POTATO_FS ? 'POTATO' : 'DEFAULT';
+  const target = process.env.POTATO_FS
+    ? 'POTATO'
+    : process.env.SUPER_DUPER_FS
+      ? 'SUPER_DUPER'
+      : 'DEFAULT';
 
   const result = await OnionSending.sendBinaryViaOnionV4ToFileServer({
     abortSignal: new AbortController().signal,

ts/session/apis/file_server_api/FileServerTarget.ts

@@ -14,8 +14,9 @@ type FileServerConfigType = {
 
 // not exported/included in the SERVER_HOSTS as this is for testing only
 const POTATO_FS_HOST = 'potatofiles.getsession.org';
+const SUPER_DUPER_FS_HOST = 'superduperfiles.oxen.io';
 
-const FILE_SERVERS: Record<'DEFAULT' | 'POTATO', FileServerConfigType> = {
+const FILE_SERVERS: Record<'DEFAULT' | 'POTATO' | 'SUPER_DUPER', FileServerConfigType> = {
   DEFAULT: {
     url: `http://${SERVER_HOSTS.DEFAULT_FILE_SERVER}`,
     xPk: '09324794aa9c11948189762d198c618148e9136ac9582068180661208927ef34',
@@ -24,11 +25,16 @@ const FILE_SERVERS: Record<'DEFAULT' | 'POTATO', FileServerConfigType> = {
   },
   POTATO: {
     url: `http://${POTATO_FS_HOST}`,
-    // potato has different keys than the default
     edPk: 'ff86dcd4b26d1bfec944c59859494248626d6428efc12168749d65a1b92f5e28',
     xPk: 'fc097b06821c98a2db75ce02e521cef5fd9d3446e42e81d843c4c8c4e9260f48',
     extraFeatures: [FS_FEATURES.fsExtend],
   },
+  SUPER_DUPER: {
+    url: `http://${SUPER_DUPER_FS_HOST}`,
+    edPk: '929e33ded05e653fec04b49645117f51851f102a947e04806791be416ed76602',
+    xPk: '16d6c60aebb0851de7e6f4dc0a4734671dbf80f73664c008596511454cb6576d',
+    extraFeatures: [FS_FEATURES.fsExtend],
+  },
 };
 
 const FILE_SERVER_TARGETS = Object.keys(FILE_SERVERS) as Array<FILE_SERVER_TARGET_TYPE>;
@@ -55,6 +61,11 @@ function fileUrlToFileTarget(url: string): FILE_SERVER_TARGET_TYPE {
           return 'POTATO';
         }
         break;
+      case 'SUPER_DUPER':
+        if (parsedUrl.host.includes(SUPER_DUPER_FS_HOST)) {
+          return 'SUPER_DUPER';
+        }
+        break;
       case 'DEFAULT':
         if (parsedUrl.host.includes(SERVER_HOSTS.DEFAULT_FILE_SERVER)) {
           return 'DEFAULT';

ts/session/utils/Attachments.ts

@@ -23,11 +23,6 @@ type UploadParams = {
    * Explicit padding is only needed for the legacy encryption, as libsession deterministic encryption already pads the data.
    */
   shouldPad?: boolean;
-  /**
-   * When using the deterministic encryption, this is the seed used to generate the encryption key (libsession encrypt)
-   * When not using the deterministic encryption, this is used as the encryption key (legacy encrypt)
-   */
-  encryptionKey: Uint8Array;
 };
 
 export interface RawPreview {
@@ -80,17 +75,18 @@ async function uploadToFileServer(params: UploadParams): Promise<AttachmentPoint
       'Using deterministic encryption for attachment upload: ',
       attachment.fileName
     );
+    const seed = await UserUtils.getUserEd25519Seed();
     const encryptedContent = await MultiEncryptWrapperActions.attachmentEncrypt({
       allowLarge: false,
-      seed: params.encryptionKey,
+      seed,
       data: new Uint8Array(attachment.data),
       domain: 'attachment',
     });
     pointer.key = encryptedContent.encryptionKey;
     attachmentData = encryptedContent.encryptedData;
   } else {
     // this is the legacy attachment encryption
-    pointer.key = new Uint8Array(params.encryptionKey);
+    pointer.key = new Uint8Array(crypto.randomBytes(64));
     const iv = new Uint8Array(crypto.randomBytes(16));
 
     const dataToEncrypt = !shouldPad ? attachment.data : addAttachmentPadding(attachment.data);
@@ -115,15 +111,10 @@ async function uploadToFileServer(params: UploadParams): Promise<AttachmentPoint
 export async function uploadAttachmentsToFileServer(
   attachments: Array<Attachment>
 ): Promise<Array<AttachmentPointerWithUrl>> {
-  const encryptionKey = window.sessionFeatureFlags.useDeterministicEncryption
-    ? await UserUtils.getUserEd25519Seed()
-    : crypto.randomBytes(32);
-
   const promises = (attachments || []).map(async attachment =>
     uploadToFileServer({
       attachment,
       shouldPad: true,
-      encryptionKey,
     })
   );
 
@@ -140,13 +131,9 @@ export async function uploadLinkPreviewToFileServer(
     }
     return preview as any;
   }
-  const encryptionKey = window.sessionFeatureFlags.useDeterministicEncryption
-    ? await UserUtils.getUserEd25519Seed()
-    : crypto.randomBytes(32);
 
   const image = await uploadToFileServer({
     attachment: preview.image,
-    encryptionKey,
   });
   return {
     ...preview,

ts/util/crypto/attachmentsEncrypter.ts

@@ -103,10 +103,10 @@ export async function encryptAttachment(
   }
 
   if (keys.byteLength !== 64) {
-    throw new Error('Got invalid length attachment keys');
+    throw new Error(`Got invalid length attachment keys: ${keys.byteLength}`);
   }
   if (iv.byteLength !== 16) {
-    throw new Error('Got invalid length attachment iv');
+    throw new Error(`Got invalid length attachment iv: ${iv.byteLength}`);
   }
   const aesKey = keys.slice(0, 32);
   const macKey = keys.slice(32, 64);