Page MenuHomePhabricator

[web][native] Encrypt QR auth messages with AES
ClosedPublic

Authored by bartek on Mar 14 2024, 10:42 AM.
Tags
None
Referenced Files
F3396196: D11332.id38255.diff
Sun, Dec 1, 11:02 AM
F3396120: D11332.diff
Sun, Dec 1, 10:32 AM
Unknown Object (File)
Fri, Nov 29, 7:53 AM
Unknown Object (File)
Fri, Nov 29, 6:39 AM
Unknown Object (File)
Sun, Nov 10, 2:03 PM
Unknown Object (File)
Oct 27 2024, 8:20 AM
Unknown Object (File)
Oct 22 2024, 3:04 PM
Unknown Object (File)
Oct 22 2024, 3:04 PM
Subscribers

Details

Summary

Refactored functions for composing and parsing Tunnelbroker QR auth messages to use AES-256 encryption, instead of plaintext JSON stringify/parse.

This required separating them for web/native, due to platform-specific implementations of AES encryption. Also needed to implement some minor helpers for web that were already present on native.

Depends on D11331

Test Plan

Still able to perform QR code auth on both web and native. Added unit tests for helpers on web.

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

bartek held this revision as a draft.
bartek published this revision for review.Mar 18 2024, 12:33 AM

Exciting!!

lib/components/qr-auth-handler.react.js
23–33 ↗(On Diff #38131)

Would be good to make all of these props read-only

kamil added inline comments.
native/qr-code/qr-code-utils.js
49 ↗(On Diff #38131)

shouldn't we reject here?

This revision is now accepted and ready to land.Mar 19 2024, 5:57 AM
native/qr-code/qr-code-utils.js
49 ↗(On Diff #38131)

I think not. We intentionally return null to ignore such messages. This simplifies backward compatibility when adding more message types in the future