Merge pull request #32 from session-foundation/feat/add-attach-deterministic-encryption

Bilb · web-flow · commit 70cc2781b87a · 2025-10-13T11:40:54.000+11:00
feat: add encryption/decrypt of attachments deterministic
diff --git a/include/multi_encrypt/multi_encrypt.hpp b/include/multi_encrypt/multi_encrypt.hpp
@@ -1,12 +1,13 @@
 #pragma once
 
 #include <napi.h>
-#include <span>
-#include <vector>
 
 #include <algorithm>
+#include <span>
+#include <vector>
 
 #include "../utilities.hpp"
+#include "session/attachments.hpp"
 #include "session/config/user_profile.hpp"
 #include "session/multi_encrypt.hpp"
 #include "session/random.hpp"
@@ -35,7 +36,14 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
                                 "multiDecryptEd25519",
                                 static_cast<napi_property_attributes>(
                                         napi_writable | napi_configurable)),
-
+                        StaticMethod<&MultiEncryptWrapper::attachmentDecrypt>(
+                                "attachmentDecrypt",
+                                static_cast<napi_property_attributes>(
+                                        napi_writable | napi_configurable)),
+                        StaticMethod<&MultiEncryptWrapper::attachmentEncrypt>(
+                                "attachmentEncrypt",
+                                static_cast<napi_property_attributes>(
+                                        napi_writable | napi_configurable)),
                 });
     }
 
@@ -83,8 +91,10 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
             }
             std::vector<unsigned char> random_nonce = session::random::random(24);
 
-            std::vector<std::span<const unsigned char>> messages_sv(messages.begin(), messages.end());
-            std::vector<std::span<const unsigned char>> recipients_sv(recipients.begin(), recipients.end());
+            std::vector<std::span<const unsigned char>> messages_sv(
+                    messages.begin(), messages.end());
+            std::vector<std::span<const unsigned char>> recipients_sv(
+                    recipients.begin(), recipients.end());
 
             // Note: this function needs the first 2 args to be vector of sv explicitly
             return session::encrypt_for_multiple_simple(
@@ -121,6 +131,99 @@ class MultiEncryptWrapper : public Napi::ObjectWrap<MultiEncryptWrapper> {
                     encoded, ed25519_secret_key, sender_ed25519_pubkey, domain);
         });
     };
+
+    static Napi::Value attachmentEncrypt(const Napi::CallbackInfo& info) {
+        return wrapResult(info, [&] {
+            assertInfoLength(info, 1);
+            assertIsObject(info[0]);
+            auto obj = info[0].As<Napi::Object>();
+
+            if (obj.IsEmpty())
+                throw std::invalid_argument("attachmentEncrypt received empty");
+
+            assertIsUInt8Array(obj.Get("seed"), "attachmentEncrypt.seed");
+            auto seed = toCppBuffer(obj.Get("seed"), "attachmentEncrypt.seed");
+
+            assertIsUInt8Array(obj.Get("data"), "attachmentEncrypt.data");
+            auto data = toCppBuffer(obj.Get("data"), "attachmentEncrypt.data");
+
+            assertIsString(obj.Get("domain"));
+            auto domain = toCppString(obj.Get("domain"), "attachmentEncrypt.domain");
+
+            assertIsBoolean(obj.Get("allowLarge"));
+
+            auto allow_large = toCppBoolean(obj.Get("allowLarge"), "attachmentEncrypt.allowLarge");
+
+            if (domain != "attachment" && domain != "profilePic") {
+                throw std::invalid_argument(
+                        "attachmentEncrypt.domain must be either 'attachment' or 'profilePic'");
+            }
+
+            session::attachment::Domain attachment_domain =
+                    domain == "attachment" ? session::attachment::Domain::ATTACHMENT
+                                           : session::attachment::Domain::PROFILE_PIC;
+
+            std::vector<std::byte> seed_bytes(
+                    reinterpret_cast<const std::byte*>(seed.data()),
+                    reinterpret_cast<const std::byte*>(seed.data() + seed.size()));
+
+            std::vector<std::byte> data_bytes(
+                    reinterpret_cast<const std::byte*>(data.data()),
+                    reinterpret_cast<const std::byte*>(data.data() + data.size()));
+            auto encrypted = session::attachment::encrypt(
+                    seed_bytes, data_bytes, attachment_domain, allow_large);
+
+            auto ret = Napi::Object::New(info.Env());
+            ret.Set("encryptedData", toJs(info.Env(), encrypted.first));
+            ret.Set("encryptionKey", toJs(info.Env(), encrypted.second));
+
+            return ret;
+        });
+    };
+
+    static Napi::Value attachmentDecrypt(const Napi::CallbackInfo& info) {
+        return wrapResult(info, [&] {
+            assertInfoLength(info, 1);
+            assertIsObject(info[0]);
+            auto obj = info[0].As<Napi::Object>();
+
+            if (obj.IsEmpty())
+                throw std::invalid_argument("attachmentDecrypt received empty");
+
+            assertIsUInt8Array(obj.Get("encryptedData"), "attachmentDecrypt.encryptedData");
+            auto encrypted_data =
+                    toCppBuffer(obj.Get("encryptedData"), "attachmentDecrypt.encryptedData");
+
+            assertIsUInt8Array(obj.Get("decryptionKey"), "attachmentDecrypt.decryptionKey");
+            auto decryption_key =
+                    toCppBuffer(obj.Get("decryptionKey"), "attachmentDecrypt.decryptionKey");
+
+            std::vector<std::byte> encrypted_data_bytes(
+                    reinterpret_cast<const std::byte*>(encrypted_data.data()),
+                    reinterpret_cast<const std::byte*>(
+                            encrypted_data.data() + encrypted_data.size()));
+
+            std::vector<std::byte> decryption_key_bytes(
+                    reinterpret_cast<const std::byte*>(decryption_key.data()),
+                    reinterpret_cast<const std::byte*>(
+                            decryption_key.data() + decryption_key.size()));
+
+            if (decryption_key_bytes.size() != session::attachment::ENCRYPT_KEY_SIZE) {
+                throw std::invalid_argument("Key size mismatch");
+            }
+
+            std::span<const std::byte, session::attachment::ENCRYPT_KEY_SIZE> decryption_key_span(
+                    decryption_key_bytes.data(), session::attachment::ENCRYPT_KEY_SIZE);
+
+            auto decrypted =
+                    session::attachment::decrypt(encrypted_data_bytes, decryption_key_span);
+
+            auto ret = Napi::Object::New(info.Env());
+            ret.Set("decryptedData", toJs(info.Env(), decrypted));
+
+            return ret;
+        });
+    };
 };
 
-}  // namespace session::nodeapi
+};  // namespace session::nodeapi
diff --git a/include/user_config.hpp b/include/user_config.hpp
@@ -20,7 +20,6 @@ class UserConfigWrapper : public ConfigBaseImpl, public Napi::ObjectWrap<UserCon
     Napi::Value getPriority(const Napi::CallbackInfo& info);
     Napi::Value getName(const Napi::CallbackInfo& info);
     Napi::Value getProfilePic(const Napi::CallbackInfo& info);
-    Napi::Value getProfilePicWithKeyHex(const Napi::CallbackInfo& info);
 
     void setPriority(const Napi::CallbackInfo& info);
     void setName(const Napi::CallbackInfo& info);
diff --git a/include/utilities.hpp b/include/utilities.hpp
@@ -145,6 +145,38 @@ struct toJs_impl<std::vector<unsigned char>> {
     }
 };
 
+// this wrap std::vector<std::byte> to Uint8array in the js world
+template <>
+struct toJs_impl<std::vector<std::byte>> {
+    auto operator()(const Napi::Env& env, std::vector<std::byte> b) const {
+        return Napi::Buffer<uint8_t>::Copy(
+            env,
+            reinterpret_cast<const unsigned char*>(b.data()),
+            b.size()
+        );
+    }
+};
+
+// this wrap std::array<std::byte> to Uint8array in the js world
+template <std::size_t N>
+struct toJs_impl<std::array<std::byte, N>> {
+    auto operator()(const Napi::Env& env, const std::array<std::byte, N>& b) const {
+        const auto* data_uchar = reinterpret_cast<const uint8_t*>(b.data());
+        return Napi::Buffer<uint8_t>::Copy(env, data_uchar, b.size());
+    }
+};
+
+// this wrap std::span<std::byte> to Uint8array in the js world
+template <>
+struct toJs_impl<std::span<std::byte>> {
+    auto operator()(const Napi::Env& env, std::span<std::byte> b) const {
+        auto data = b.data();
+        auto data_uchar = reinterpret_cast<const unsigned char*>(data, b.size());
+
+        return Napi::Buffer<uint8_t>::Copy(env, data_uchar, b.size());
+    }
+};
+
 template <typename T>
 struct toJs_impl<T, std::enable_if_t<std::is_base_of_v<Napi::Value, T>>> {
     auto operator()(const Napi::Env& env, const T& val) { return val; }
diff --git a/libsession-util b/libsession-util
@@ -1 +1 @@
-Subproject commit c73fd92eb71e8108cc435fc640fbcb8faceacbb0
+Subproject commit 1fdd145076cb932a78fdde6e37753bacc2848fff
diff --git a/package.json b/package.json
@@ -2,7 +2,7 @@
   "main": "index.js",
   "name": "libsession_util_nodejs",
   "description": "Wrappers for the Session Util Library",
-  "version": "0.5.8",
+  "version": "0.5.9",
   "license": "GPL-3.0",
   "author": {
     "name": "Oxen Project",
diff --git a/src/addon.cpp b/src/addon.cpp
@@ -14,7 +14,6 @@
 Napi::ThreadSafeFunction tsfn;
 
 Napi::Object InitAll(Napi::Env env, Napi::Object exports) {
-    using namespace session::nodeapi;
 
     tsfn = Napi::ThreadSafeFunction::New(
             env,
@@ -40,20 +39,20 @@ Napi::Object InitAll(Napi::Env env, Napi::Object exports) {
     });
     oxen::log::set_level_default(oxen::log::Level::info);
 
-    ConstantsWrapper::Init(env, exports);
+    session::nodeapi::ConstantsWrapper::Init(env, exports);
 
     // Group wrappers init
-    MetaGroupWrapper::Init(env, exports);
+    session::nodeapi::MetaGroupWrapper::Init(env, exports);
 
     // User wrappers init
-    UserConfigWrapper::Init(env, exports);
-    ContactsConfigWrapper::Init(env, exports);
-    UserGroupsWrapper::Init(env, exports);
-    ConvoInfoVolatileWrapper::Init(env, exports);
+    session::nodeapi::UserConfigWrapper::Init(env, exports);
+    session::nodeapi::ContactsConfigWrapper::Init(env, exports);
+    session::nodeapi::UserGroupsWrapper::Init(env, exports);
+    session::nodeapi::ConvoInfoVolatileWrapper::Init(env, exports);
 
     // Fully static wrappers init
-    MultiEncryptWrapper::Init(env, exports);
-    BlindingWrapper::Init(env, exports);
+    session::nodeapi::MultiEncryptWrapper::Init(env, exports);
+    session::nodeapi::BlindingWrapper::Init(env, exports);
 
     return exports;
 }
diff --git a/src/user_config.cpp b/src/user_config.cpp
@@ -20,8 +20,6 @@ void UserConfigWrapper::Init(Napi::Env env, Napi::Object exports) {
                     InstanceMethod("getPriority", &UserConfigWrapper::getPriority),
                     InstanceMethod("getName", &UserConfigWrapper::getName),
                     InstanceMethod("getProfilePic", &UserConfigWrapper::getProfilePic),
-                    InstanceMethod(
-                            "getProfilePicWithKeyHex", &UserConfigWrapper::getProfilePicWithKeyHex),
                     InstanceMethod(
                             "getProfileUpdatedSeconds",
                             &UserConfigWrapper::getProfileUpdatedSeconds),
@@ -143,18 +141,6 @@ Napi::Value UserConfigWrapper::getProfileUpdatedSeconds(const Napi::CallbackInfo
     });
 }
 
-Napi::Value UserConfigWrapper::getProfilePicWithKeyHex(const Napi::CallbackInfo& info) {
-    return wrapResult(info, [&]() -> std::optional<std::string> {
-        auto env = info.Env();
-        auto pic = config.get_profile_pic();
-        // if pic.key and url are set, return a combined string with both merged by a hash, and the
-        // key in hex
-        if (!pic.url.empty() && !pic.key.empty()) {
-            return std::string(pic.url + "#" + to_hex(pic.key));
-        }
-        return std::nullopt;
-    });
-}
 
 Napi::Value UserConfigWrapper::getEnableBlindedMsgRequest(const Napi::CallbackInfo& info) {
     return wrapResult(info, [&] {
diff --git a/types/multi_encrypt/multi_encrypt.d.ts b/types/multi_encrypt/multi_encrypt.d.ts
@@ -20,6 +20,22 @@ declare module 'libsession_util_nodejs' {
       senderEd25519Pubkey: Uint8Array;
       domain: EncryptionDomain;
     }) => Uint8Array | null;
+    /**
+     * Throws if the encryption fails
+     */
+    attachmentEncrypt: (opts: {
+      seed: Uint8Array;
+      data: Uint8Array;
+      domain: 'attachment' | 'profilePic';
+      allowLarge: boolean;
+    }) => { encryptedData: Uint8Array; encryptionKey: Uint8Array };
+    /**
+     *
+     * Throws if the decryption fails
+     */
+    attachmentDecrypt: (opts: { encryptedData: Uint8Array; decryptionKey: Uint8Array }) => {
+      decryptedData: Uint8Array;
+    };
   };
 
   export type MultiEncryptActionsCalls = MakeWrapperActionCalls<MultiEncryptWrapper>;
@@ -30,6 +46,8 @@ declare module 'libsession_util_nodejs' {
   export class MultiEncryptWrapperNode {
     public static multiEncrypt: MultiEncryptWrapper['multiEncrypt'];
     public static multiDecryptEd25519: MultiEncryptWrapper['multiDecryptEd25519'];
+    public static attachmentDecrypt: MultiEncryptWrapper['attachmentDecrypt'];
+    public static attachmentEncrypt: MultiEncryptWrapper['attachmentEncrypt'];
   }
 
   /**
@@ -39,5 +57,7 @@ declare module 'libsession_util_nodejs' {
    */
   export type MultiEncryptActionsType =
     | MakeActionCall<MultiEncryptWrapper, 'multiEncrypt'>
-    | MakeActionCall<MultiEncryptWrapper, 'multiDecryptEd25519'>;
+    | MakeActionCall<MultiEncryptWrapper, 'multiDecryptEd25519'>
+    | MakeActionCall<MultiEncryptWrapper, 'attachmentDecrypt'>
+    | MakeActionCall<MultiEncryptWrapper, 'attachmentEncrypt'>;
 }
diff --git a/types/user/userconfig.d.ts b/types/user/userconfig.d.ts
@@ -28,13 +28,6 @@ declare module 'libsession_util_nodejs' {
     setReuploadProfilePic: (pic: ProfilePicture) => void;
 
     getProfileUpdatedSeconds: () => number;
-    /**
-     * Returns the profile picture url and key merged as a url fragment, or null if not set.
-     * So this could return something like
-     * `http://filev2.getsession.org/file/1234#ba7e23ef3d4dc54b706d79c149ec571a4d64043e13771236afc030f6c8118575`
-     *
-     */
-    getProfilePicWithKeyHex: () => string | undefined;
 
     setEnableBlindedMsgRequest: (msgRequest: boolean) => void;
     getEnableBlindedMsgRequest: () => boolean | undefined;
@@ -61,7 +54,6 @@ declare module 'libsession_util_nodejs' {
     public setNewProfilePic: UserConfigWrapper['setNewProfilePic'];
     public setReuploadProfilePic: UserConfigWrapper['setReuploadProfilePic'];
     public getProfileUpdatedSeconds: UserConfigWrapper['getProfileUpdatedSeconds'];
-    public getProfilePicWithKeyHex: UserConfigWrapper['getProfilePicWithKeyHex'];
     public getEnableBlindedMsgRequest: UserConfigWrapper['getEnableBlindedMsgRequest'];
     public setEnableBlindedMsgRequest: UserConfigWrapper['setEnableBlindedMsgRequest'];
     public getNoteToSelfExpiry: UserConfigWrapper['getNoteToSelfExpiry'];
@@ -85,7 +77,6 @@ declare module 'libsession_util_nodejs' {
     | MakeActionCall<UserConfigWrapper, 'setNewProfilePic'>
     | MakeActionCall<UserConfigWrapper, 'setReuploadProfilePic'>
     | MakeActionCall<UserConfigWrapper, 'getProfileUpdatedSeconds'>
-    | MakeActionCall<UserConfigWrapper, 'getProfilePicWithKeyHex'>
     | MakeActionCall<UserConfigWrapper, 'getEnableBlindedMsgRequest'>
     | MakeActionCall<UserConfigWrapper, 'setEnableBlindedMsgRequest'>
     | MakeActionCall<UserConfigWrapper, 'getNoteToSelfExpiry'>
