diff --git a/packages/at_auth/CHANGELOG.md b/packages/at_auth/CHANGELOG.md index ca265d9a..0310a8c8 100644 --- a/packages/at_auth/CHANGELOG.md +++ b/packages/at_auth/CHANGELOG.md @@ -1,3 +1,5 @@ +## 2.1.0 +- feat: at_chops uptake for faster AES encryption/decryption ## 2.0.10 - fix: Replace legacy IVs with random IVs for encrypting "defaultEncryptionPrivateKey" and "selfEncryptionKey" in APKAM flow ## 2.0.9 diff --git a/packages/at_auth/lib/src/at_auth_impl.dart b/packages/at_auth/lib/src/at_auth_impl.dart index 98da2593..dc9ec109 100644 --- a/packages/at_auth/lib/src/at_auth_impl.dart +++ b/packages/at_auth/lib/src/at_auth_impl.dart @@ -51,7 +51,7 @@ class AtAuthImpl implements AtAuth { if (atAuthRequest.atKeysFilePath != null) { atAuthKeys = await _prepareAtAuthKeysFromFilePath(atAuthRequest); } else if (atAuthRequest.encryptedKeysMap != null) { - atAuthKeys = _decryptAtKeysWithSelfEncKey( + atAuthKeys = await _decryptAtKeysWithSelfEncKey( atAuthRequest.encryptedKeysMap!, PkamAuthMode.keysFile); } else { atAuthKeys = atAuthRequest.atAuthKeys; @@ -228,35 +228,37 @@ class AtAuthImpl implements AtAuth { return enrollmentIdFromServer!; } - AtAuthKeys _decryptAtKeysWithSelfEncKey( - Map jsonData, PkamAuthMode authMode) { + Future _decryptAtKeysWithSelfEncKey( + Map jsonData, PkamAuthMode authMode) async { var securityKeys = AtAuthKeys(); String decryptionKey = jsonData[auth_constants.defaultSelfEncryptionKey]!; var atChops = AtChopsImpl(AtChopsKeys()..selfEncryptionKey = AESKey(decryptionKey)); - securityKeys.defaultEncryptionPublicKey = atChops - .decryptString(jsonData[auth_constants.defaultEncryptionPublicKey]!, + securityKeys.defaultEncryptionPublicKey = (await atChops.decryptString( + jsonData[auth_constants.defaultEncryptionPublicKey]!, EncryptionKeyType.aes256, - keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy()) + keyName: 'selfEncryptionKey', + iv: AtChopsUtil.generateIVLegacy())) .result; - securityKeys.defaultEncryptionPrivateKey = atChops - .decryptString(jsonData[auth_constants.defaultEncryptionPrivateKey]!, + securityKeys.defaultEncryptionPrivateKey = (await atChops.decryptString( + jsonData[auth_constants.defaultEncryptionPrivateKey]!, EncryptionKeyType.aes256, - keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy()) + keyName: 'selfEncryptionKey', + iv: AtChopsUtil.generateIVLegacy())) .result; securityKeys.defaultSelfEncryptionKey = decryptionKey; - securityKeys.apkamPublicKey = atChops - .decryptString( + securityKeys.apkamPublicKey = (await atChops.decryptString( jsonData[auth_constants.apkamPublicKey]!, EncryptionKeyType.aes256, - keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy()) + keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy())) .result; // pkam private key will not be saved in keyfile if auth mode is sim/any other secure element. // decrypt the private key only when auth mode is keysFile if (authMode == PkamAuthMode.keysFile) { - securityKeys.apkamPrivateKey = atChops - .decryptString(jsonData[auth_constants.apkamPrivateKey]!, + securityKeys.apkamPrivateKey = (await atChops.decryptString( + jsonData[auth_constants.apkamPrivateKey]!, EncryptionKeyType.aes256, - keyName: 'selfEncryptionKey', iv: AtChopsUtil.generateIVLegacy()) + keyName: 'selfEncryptionKey', + iv: AtChopsUtil.generateIVLegacy())) .result; } securityKeys.apkamSymmetricKey = jsonData[auth_constants.apkamSymmetricKey]; diff --git a/packages/at_auth/lib/src/enroll/at_enrollment_impl.dart b/packages/at_auth/lib/src/enroll/at_enrollment_impl.dart index 2ba7bf3f..80b80a71 100644 --- a/packages/at_auth/lib/src/enroll/at_enrollment_impl.dart +++ b/packages/at_auth/lib/src/enroll/at_enrollment_impl.dart @@ -115,22 +115,24 @@ class AtEnrollmentImpl implements AtEnrollmentBase { InitialisationVector encryptionPrivateKeyIV = AtChopsUtil.generateRandomIV(16); // Fetch the encryptionPrivateKey from the atChops and encrypt with APKAM Symmetric key. - String encryptedDefaultEncryptionPrivateKey = atLookUp.atChops - ?.encryptString( - atLookUp.atChops!.atChopsKeys.atEncryptionKeyPair!.atPrivateKey - .privateKey, - EncryptionKeyType.aes256, - keyName: 'apkamSymmetricKey', - iv: encryptionPrivateKeyIV) - .result; + String encryptedDefaultEncryptionPrivateKey = (await atLookUp.atChops + ?.encryptString( + atLookUp.atChops!.atChopsKeys.atEncryptionKeyPair!.atPrivateKey + .privateKey, + EncryptionKeyType.aes256, + keyName: 'apkamSymmetricKey', + iv: encryptionPrivateKeyIV)) + ?.result; InitialisationVector selfEncryptionKeyIV = AtChopsUtil.generateRandomIV(16); // Fetch the selfEncryptionKey from the atChops and encrypt with APKAM Symmetric key. - String encryptedDefaultSelfEncryptionKey = atLookUp.atChops - ?.encryptString(atLookUp.atChops!.atChopsKeys.selfEncryptionKey!.key, - EncryptionKeyType.aes256, - keyName: 'apkamSymmetricKey', iv: selfEncryptionKeyIV) - .result; + String encryptedDefaultSelfEncryptionKey = (await atLookUp.atChops + ?.encryptString( + atLookUp.atChops!.atChopsKeys.selfEncryptionKey!.key, + EncryptionKeyType.aes256, + keyName: 'apkamSymmetricKey', + iv: selfEncryptionKeyIV)) + ?.result; String command = 'enroll:approve:${jsonEncode({ 'enrollmentId': enrollmentRequestDecision.enrollmentId, diff --git a/packages/at_auth/pubspec.yaml b/packages/at_auth/pubspec.yaml index 5cae010c..50c43d0b 100644 --- a/packages/at_auth/pubspec.yaml +++ b/packages/at_auth/pubspec.yaml @@ -1,6 +1,6 @@ name: at_auth description: Package that implements common logic for onboarding/authenticating an atsign to a secondary server -version: 2.0.10 +version: 2.1.0 homepage: https://atsign.com/ repository: https://github.com/atsign-foundation/at_libraries @@ -9,7 +9,7 @@ environment: dependencies: args: ^2.4.1 - at_commons: ^5.1.1 + at_commons: ^5.1.2 at_lookup: ^3.0.49 at_chops: ^2.2.0 at_utils: ^3.0.19 @@ -17,6 +17,14 @@ dependencies: at_demo_data: ^1.0.3 crypton: ^2.2.1 +dependency_overrides: + at_chops: + git: + url: https://github.com/atsign-foundation/at_libraries.git + path: packages/at_chops + ref: at_chops_faster_aes + + dev_dependencies: lints: ^5.0.0 test: ^1.25.8 diff --git a/packages/at_auth/test/enrollment_test.dart b/packages/at_auth/test/enrollment_test.dart index 2622515d..86ed250a 100644 --- a/packages/at_auth/test/enrollment_test.dart +++ b/packages/at_auth/test/enrollment_test.dart @@ -61,10 +61,10 @@ void main() { any( that: startsWith( 'keys:get:keyName:123.${AtConstants.defaultEncryptionPrivateKey}')), - auth: true)).thenAnswer((_) => Future.value(jsonEncode({ - 'value': atChopsImpl - .encryptString(encryptionPrivateKey, EncryptionKeyType.aes256, - keyName: 'apkamSymmetricKey', iv: iv) + auth: true)).thenAnswer((_) async => Future.value(jsonEncode({ + 'value': (await atChopsImpl.encryptString( + encryptionPrivateKey, EncryptionKeyType.aes256, + keyName: 'apkamSymmetricKey', iv: iv)) .result }))); @@ -73,10 +73,10 @@ void main() { any( that: startsWith( 'keys:get:keyName:123.${AtConstants.defaultSelfEncryptionKey}')), - auth: true)).thenAnswer((_) => Future.value(jsonEncode({ - 'value': atChopsImpl - .encryptString(selfEncryptionKey, EncryptionKeyType.aes256, - keyName: 'apkamSymmetricKey', iv: iv) + auth: true)).thenAnswer((_) async => Future.value(jsonEncode({ + 'value': (await atChopsImpl.encryptString( + selfEncryptionKey, EncryptionKeyType.aes256, + keyName: 'apkamSymmetricKey', iv: iv)) .result }))); when(() => mockAtLookUp.pkamAuthenticate(enrollmentId: '123'))