WIP: TutaCrypt authentication in rust

vaf-hub · vaf-hub · commit 1a118fcdfba7 · 2025-02-10T09:59:02.000+01:00
diff --git a/src/common/api/worker/crypto/CryptoFacade.ts b/src/common/api/worker/crypto/CryptoFacade.ts
@@ -258,7 +258,7 @@ export class CryptoFacade {
 	public async resolveWithBucketKey(bucketKey: BucketKey, instance: Record<string, any>, typeModel: TypeModel): Promise<ResolvedSessionKeys> {
 		const instanceElementId = this.getElementIdFromInstance(instance)
 		let decryptedBucketKey: AesKey
-		let unencryptedSenderAuthStatus: EncryptionAuthStatus | null = null
+		let encryptionAuthStatus: EncryptionAuthStatus | null = null
 		let pqMessageSenderKey: EccPublicKey | null = null
 		if (bucketKey.keyGroup && bucketKey.pubEncBucketKey) {
 			// bucket key is encrypted with public key for internal recipient
@@ -284,7 +284,7 @@ export class CryptoFacade {
 			}
 
 			decryptedBucketKey = await this.resolveWithGroupReference(keyGroup, groupKeyVersion, bucketKey.groupEncBucketKey)
-			unencryptedSenderAuthStatus = EncryptionAuthStatus.AES_NO_AUTHENTICATION
+			encryptionAuthStatus = EncryptionAuthStatus.AES_NO_AUTHENTICATION
 		} else {
 			throw new SessionKeyNotFoundError(`encrypted bucket key not set on instance ${typeModel.name}`)
 		}
@@ -294,7 +294,7 @@ export class CryptoFacade {
 			instanceElementId,
 			instance,
 			typeModel,
-			unencryptedSenderAuthStatus,
+			encryptionAuthStatus,
 			pqMessageSenderKey,
 		)
 
@@ -508,9 +508,9 @@ export class CryptoFacade {
 		pqMessageSenderKey: Uint8Array | null,
 		pqMessageSenderKeyVersion: KeyVersion | null,
 		instance: Record<string, any>,
-		resolvedSessionKeyForInstance: number[],
+		resolvedSessionKeyForInstance: AesKey,
 		instanceSessionKeyWithOwnerEncSessionKey: InstanceSessionKey,
-		decryptedSessionKey: number[],
+		decryptedSessionKey: AesKey,
 		keyGroup: Id | null,
 	) {
 		// we only authenticate mail instances
diff --git a/tuta-sdk/rust/sdk/src/crypto/crypto_facade.rs b/tuta-sdk/rust/sdk/src/crypto/crypto_facade.rs
@@ -3,6 +3,7 @@ use crate::crypto::aes::Iv;
 use crate::crypto::asymmetric_crypto_facade::AsymmetricCryptoFacade;
 use crate::crypto::asymmetric_crypto_facade::{AsymmetricCryptoError, DecapsulatedAesKey};
 use crate::crypto::key::{GenericAesKey, KeyLoadError};
+use crate::crypto::public_key_provider::PublicKeyIdentifier;
 use crate::crypto::randomizer_facade::RandomizerFacade;
 use crate::crypto::rsa::RSAEncryptionError;
 use crate::crypto::tuta_crypt::PQError;
@@ -12,12 +13,14 @@ use crate::entities::entity_facade::{
 	BUCKET_KEY_FIELD, ID_FIELD, OWNER_ENC_SESSION_KEY_FIELD, OWNER_GROUP_FIELD,
 	OWNER_KEY_VERSION_FIELD,
 };
-use crate::entities::generated::sys::BucketKey;
+use crate::entities::generated::sys::{BucketKey, InstanceSessionKey};
 use crate::instance_mapper::InstanceMapper;
 #[cfg_attr(test, mockall_double::double)]
 use crate::key_loader_facade::KeyLoaderFacade;
 use crate::metamodel::TypeModel;
-use crate::tutanota_constants::{CryptoProtocolVersion, EncryptionAuthStatus};
+use crate::tutanota_constants::{
+	CryptoProtocolVersion, EncryptionAuthStatus, PublicKeyIdentifierType,
+};
 use crate::util::{convert_version_to_u64, ArrayCastingError};
 use crate::GeneratedId;
 use crate::IdTupleGenerated;
@@ -145,7 +148,7 @@ impl CryptoFacade {
 			});
 		};
 
-		let mut _auth_status: Option<EncryptionAuthStatus> = None; // TODO: implement
+		let mut encryption_auth_status: Option<EncryptionAuthStatus> = None; // TODO: implement
 		let DecapsulatedAesKey {
 			decrypted_aes_key: decrypted_bucket_key,
 			sender_identity_pub_key: _sender_identity_key,
@@ -163,7 +166,7 @@ impl CryptoFacade {
 		} else if let Some(_group_enc_bucket_key) = &bucket_key.groupEncBucketKey {
 			// TODO: to be used with secure external
 			let _key_group = bucket_key.keyGroup.as_ref().unwrap_or(owner_group);
-			_auth_status = Some(EncryptionAuthStatus::AESNoAuthentication);
+			encryption_auth_status = Some(EncryptionAuthStatus::AESNoAuthentication);
 			todo!("secure external resolveWithGroupReference")
 		} else {
 			return Err(SessionKeyResolutionError {
@@ -174,6 +177,21 @@ impl CryptoFacade {
 			});
 		};
 
+		// we can only authenticate once we have the session key
+		// because we need to check if the confidential flag is set, which is encrypted still
+		// we need to do it here at the latest because we must write the flag when updating the session key on the instance
+		// self.authenticateMainInstance(
+		// 	typeModel,
+		// 	encryptionAuthStatus,
+		// 	pqMessageSenderKey,
+		// 	bucketKey.protocolVersion == CryptoProtocolVersion.TUTA_CRYPT ? parseKeyVersion(bucketKey.senderKeyVersion ?? "0") : null,
+		// 	instance,
+		// 	resolvedSessionKeyForInstance,
+		// 	instanceSessionKeyWithOwnerEncSessionKey,
+		// 	decryptedSessionKey,
+		// 	bucketKey.keyGroup,
+		// ).await?;
+
 		let mut session_key_for_this_instance = None;
 
 		for instance_session_key in bucket_key.bucketEncSessionKeys {
@@ -208,6 +226,83 @@ impl CryptoFacade {
 			owner_key_version: versioned_owner_group_key.version,
 		})
 	}
+
+	async fn authenticate_main_instance(
+		type_model: TypeModel,
+		encryption_auth_status: Option<EncryptionAuthStatus>,
+		pq_message_sender_key: Option<&[u8]>,
+		pq_message_sender_key_version: Option<u64>,
+		entity: &ParsedEntity,
+		resolved_session_key_for_instance: GenericAesKey,
+		instance_session_key_with_owner_enc_session_key: InstanceSessionKey,
+		decrypted_session_key: GenericAesKey,
+		key_group: Option<GeneratedId>,
+	) -> () {
+		// we only authenticate mail instances
+
+		// TODO type_model.is_same_type_by_attr()
+		// const isMailInstance = isSameTypeRefByAttr(MailTypeRef, typeModel.app, typeModel.name)
+		// if (isMailInstance) {
+		// if (!encryptionAuthStatus) {
+		// if (!pqMessageSenderKey) {
+		// // This message was encrypted with RSA. We check if TutaCrypt could have been used instead.
+		// const recipientGroup = assertNotNull(
+		// keyGroup,
+		// "trying to authenticate an asymmetrically encrypted message, but we can't determine the recipient's group ID",
+		// )
+		// const currentKeyPair = await this.keyLoaderFacade.loadCurrentKeyPair(recipientGroup)
+		// encryptionAuthStatus = EncryptionAuthStatus.RSA_NO_AUTHENTICATION
+		// if (isPqKeyPairs(currentKeyPair.object)) {
+		// const keyRotationFacade = this.keyRotationFacade()
+		// const rotatedGroups = await keyRotationFacade.getGroupIdsThatPerformedKeyRotations()
+		// if (!rotatedGroups.includes(recipientGroup)) {
+		// encryptionAuthStatus = EncryptionAuthStatus::RsaDespiteTutacrypt
+		// }
+		// }
+		// } else {
+		// const mail = this.isLiteralInstance(instance)
+		// ? ((await this.instanceMapper.decryptAndMapToInstance(typeModel, instance, resolvedSessionKeyForInstance)) as Mail)
+		// : (instance as Mail)
+		// const senderMailAddress = mail.confidential ? mail.sender.address : SYSTEM_GROUP_MAIL_ADDRESS
+		// encryptionAuthStatus = await this.tryAuthenticateSenderOfMainInstance(
+		// senderMailAddress,
+		// pqMessageSenderKey,
+		// // must not be null if this is a TutaCrypt message with a pqMessageSenderKey
+		// assertNotNull(pqMessageSenderKeyVersion),
+		// )
+		// }
+		// }
+		// instanceSessionKeyWithOwnerEncSessionKey.encryptionAuthStatus = aesEncrypt(decryptedSessionKey, stringToUtf8Uint8Array(encryptionAuthStatus))
+		// }
+	}
+
+	async fn try_authenticate_sender_of_main_instance(
+		&self,
+		sender_mail_address: String,
+		pq_message_sender_key: &[u8],
+		pq_message_sender_key_version: u64,
+	) -> EncryptionAuthStatus {
+		let result = self
+			.asymmetric_crypto_facade
+			.authenticate_sender(
+				PublicKeyIdentifier {
+					identifier: sender_mail_address,
+					identifier_type: PublicKeyIdentifierType::MailAddress,
+				},
+				pq_message_sender_key,
+				pq_message_sender_key_version,
+			)
+			.await;
+		match result {
+			Err(_e) => {
+				// TODO log the error
+				// we do not want to fail mail decryption here, e.g. in case an alias was removed we would get a permanent NotFoundError.
+				// in those cases we will just show a warning banner but still want to display the mail
+				EncryptionAuthStatus::TutacryptAuthenticationFailed
+			},
+			Ok(encryption_auth_status) => encryption_auth_status,
+		}
+	}
 }
 
 /// Resolves the id field of an entity into a generated id
diff --git a/tuta-sdk/rust/sdk/src/metamodel.rs b/tuta-sdk/rust/sdk/src/metamodel.rs
@@ -156,4 +156,8 @@ impl TypeModel {
 			self.encrypted
 		}
 	}
+
+	pub fn is_same_type_by_attr(&self, app: &str, name: &str) -> bool {
+		self.app == app && self.name == name
+	}
 }
diff --git a/tuta-sdk/rust/sdk/src/tutanota_constants.rs b/tuta-sdk/rust/sdk/src/tutanota_constants.rs
@@ -72,6 +72,9 @@ pub enum EncryptionAuthStatus {
 
 	/// The entity was sent by the user and doesn't need authenticated.
 	TutacryptSender = 4,
+
+	/// the entity was encrypted with RSA although TutaCrypt keys were available.
+	RsaDespiteTutacrypt = 5,
 }
 
 /// Used for identifying the protocol version used for encrypting a session key.

Original file line number	Diff line number	Diff line change
`@@ -156,4 +156,8 @@ impl TypeModel {`
`156`	`156`	`self.encrypted`
`157`	`157`	`}`
`158`	`158`	`}`
	`159`	`+`
	`160`	`+ pub fn is_same_type_by_attr(&self, app: &str, name: &str) -> bool {`
	`161`	`+ self.app == app && self.name == name`
	`162`	`+ }`
`159`	`163`	`}`
Original file line number	Diff line number	Diff line change
`@@ -72,6 +72,9 @@ pub enum EncryptionAuthStatus {`
`72`	`72`
`73`	`73`	`/// The entity was sent by the user and doesn't need authenticated.`
`74`	`74`	`TutacryptSender = 4,`
	`75`	`+`
	`76`	`+ /// the entity was encrypted with RSA although TutaCrypt keys were available.`
	`77`	`+ RsaDespiteTutacrypt = 5,`
`75`	`78`	`}`
`76`	`79`
`77`	`80`	`/// Used for identifying the protocol version used for encrypting a session key.`