Skip to content

Commit

Permalink
fix: at_auth changes for at_chops major version uptake
Browse files Browse the repository at this point in the history
  • Loading branch information
murali-shris committed Dec 18, 2024
1 parent 9cd552d commit c0afe61
Show file tree
Hide file tree
Showing 5 changed files with 52 additions and 38 deletions.
2 changes: 2 additions & 0 deletions packages/at_auth/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
## 2.1.0
- feat: at_chops uptake for faster AES encryption/decryption
## 2.0.10
- fix: Replace legacy IVs with random IVs for encrypting "defaultEncryptionPrivateKey" and "selfEncryptionKey" in APKAM flow
## 2.0.9
Expand Down
32 changes: 17 additions & 15 deletions packages/at_auth/lib/src/at_auth_impl.dart
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ class AtAuthImpl implements AtAuth {
if (atAuthRequest.atKeysFilePath != null) {
atAuthKeys = await _prepareAtAuthKeysFromFilePath(atAuthRequest);
} else if (atAuthRequest.encryptedKeysMap != null) {
atAuthKeys = _decryptAtKeysWithSelfEncKey(
atAuthKeys = await _decryptAtKeysWithSelfEncKey(
atAuthRequest.encryptedKeysMap!, PkamAuthMode.keysFile);
} else {
atAuthKeys = atAuthRequest.atAuthKeys;
Expand Down Expand Up @@ -228,35 +228,37 @@ class AtAuthImpl implements AtAuth {
return enrollmentIdFromServer!;
}

AtAuthKeys _decryptAtKeysWithSelfEncKey(
Map<String, dynamic> jsonData, PkamAuthMode authMode) {
Future<AtAuthKeys> _decryptAtKeysWithSelfEncKey(
Map<String, dynamic> jsonData, PkamAuthMode authMode) async {
var securityKeys = AtAuthKeys();
String decryptionKey = jsonData[auth_constants.defaultSelfEncryptionKey]!;
var atChops =
AtChopsImpl(AtChopsKeys()..selfEncryptionKey = AESKey(decryptionKey));
securityKeys.defaultEncryptionPublicKey = atChops
.decryptString(jsonData[auth_constants.defaultEncryptionPublicKey]!,
securityKeys.defaultEncryptionPublicKey = (await atChops.decryptString(
jsonData[auth_constants.defaultEncryptionPublicKey]!,
EncryptionKeyType.aes256,
keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy())
keyName: 'selfEncryptionKey',
iv: AtChopsUtil.generateIVLegacy()))
.result;
securityKeys.defaultEncryptionPrivateKey = atChops
.decryptString(jsonData[auth_constants.defaultEncryptionPrivateKey]!,
securityKeys.defaultEncryptionPrivateKey = (await atChops.decryptString(
jsonData[auth_constants.defaultEncryptionPrivateKey]!,
EncryptionKeyType.aes256,
keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy())
keyName: 'selfEncryptionKey',
iv: AtChopsUtil.generateIVLegacy()))
.result;
securityKeys.defaultSelfEncryptionKey = decryptionKey;
securityKeys.apkamPublicKey = atChops
.decryptString(
securityKeys.apkamPublicKey = (await atChops.decryptString(
jsonData[auth_constants.apkamPublicKey]!, EncryptionKeyType.aes256,
keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy())
keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy()))
.result;
// pkam private key will not be saved in keyfile if auth mode is sim/any other secure element.
// decrypt the private key only when auth mode is keysFile
if (authMode == PkamAuthMode.keysFile) {
securityKeys.apkamPrivateKey = atChops
.decryptString(jsonData[auth_constants.apkamPrivateKey]!,
securityKeys.apkamPrivateKey = (await atChops.decryptString(
jsonData[auth_constants.apkamPrivateKey]!,
EncryptionKeyType.aes256,
keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy())
keyName: 'selfEncryptionKey',
iv: AtChopsUtil.generateIVLegacy()))
.result;
}
securityKeys.apkamSymmetricKey = jsonData[auth_constants.apkamSymmetricKey];
Expand Down
28 changes: 15 additions & 13 deletions packages/at_auth/lib/src/enroll/at_enrollment_impl.dart
Original file line number Diff line number Diff line change
Expand Up @@ -115,22 +115,24 @@ class AtEnrollmentImpl implements AtEnrollmentBase {
InitialisationVector encryptionPrivateKeyIV =
AtChopsUtil.generateRandomIV(16);
// Fetch the encryptionPrivateKey from the atChops and encrypt with APKAM Symmetric key.
String encryptedDefaultEncryptionPrivateKey = atLookUp.atChops
?.encryptString(
atLookUp.atChops!.atChopsKeys.atEncryptionKeyPair!.atPrivateKey
.privateKey,
EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey',
iv: encryptionPrivateKeyIV)
.result;
String encryptedDefaultEncryptionPrivateKey = (await atLookUp.atChops
?.encryptString(
atLookUp.atChops!.atChopsKeys.atEncryptionKeyPair!.atPrivateKey
.privateKey,
EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey',
iv: encryptionPrivateKeyIV))
?.result;

InitialisationVector selfEncryptionKeyIV = AtChopsUtil.generateRandomIV(16);
// Fetch the selfEncryptionKey from the atChops and encrypt with APKAM Symmetric key.
String encryptedDefaultSelfEncryptionKey = atLookUp.atChops
?.encryptString(atLookUp.atChops!.atChopsKeys.selfEncryptionKey!.key,
EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey', iv: selfEncryptionKeyIV)
.result;
String encryptedDefaultSelfEncryptionKey = (await atLookUp.atChops
?.encryptString(
atLookUp.atChops!.atChopsKeys.selfEncryptionKey!.key,
EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey',
iv: selfEncryptionKeyIV))
?.result;

String command = 'enroll:approve:${jsonEncode({
'enrollmentId': enrollmentRequestDecision.enrollmentId,
Expand Down
12 changes: 10 additions & 2 deletions packages/at_auth/pubspec.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: at_auth
description: Package that implements common logic for onboarding/authenticating an atsign to a secondary server
version: 2.0.10
version: 2.1.0
homepage: https://atsign.com/
repository: https://github.com/atsign-foundation/at_libraries

Expand All @@ -9,14 +9,22 @@ environment:

dependencies:
args: ^2.4.1
at_commons: ^5.1.1
at_commons: ^5.1.2
at_lookup: ^3.0.49
at_chops: ^2.2.0
at_utils: ^3.0.19
meta: ^1.8.0
at_demo_data: ^1.0.3
crypton: ^2.2.1

dependency_overrides:
at_chops:
git:
url: https://github.com/atsign-foundation/at_libraries.git
path: packages/at_chops
ref: at_chops_faster_aes


dev_dependencies:
lints: ^5.0.0
test: ^1.25.8
Expand Down
16 changes: 8 additions & 8 deletions packages/at_auth/test/enrollment_test.dart
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ void main() {
any(
that: startsWith(
'keys:get:keyName:123.${AtConstants.defaultEncryptionPrivateKey}')),
auth: true)).thenAnswer((_) => Future.value(jsonEncode({
'value': atChopsImpl
.encryptString(encryptionPrivateKey, EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey', iv: iv)
auth: true)).thenAnswer((_) async => Future.value(jsonEncode({
'value': (await atChopsImpl.encryptString(
encryptionPrivateKey, EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey', iv: iv))
.result
})));

Expand All @@ -73,10 +73,10 @@ void main() {
any(
that: startsWith(
'keys:get:keyName:123.${AtConstants.defaultSelfEncryptionKey}')),
auth: true)).thenAnswer((_) => Future.value(jsonEncode({
'value': atChopsImpl
.encryptString(selfEncryptionKey, EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey', iv: iv)
auth: true)).thenAnswer((_) async => Future.value(jsonEncode({
'value': (await atChopsImpl.encryptString(
selfEncryptionKey, EncryptionKeyType.aes256,
keyName: 'apkamSymmetricKey', iv: iv))
.result
})));
when(() => mockAtLookUp.pkamAuthenticate(enrollmentId: '123'))
Expand Down

0 comments on commit c0afe61

Please sign in to comment.