feat(encrypt): add functions to allow encryption and decryption of arbitrary data

[trueinsider]

Description

There is three new API functions:
getPublicKey -- provides the public key of the currently authenticated account
encrypt -- allows to encrypt arbitrary data
decrypt -- allows to decrypt previously encrypted data

Motivation and Context

To securely exchange messages in the decentralized applications context some kind of encryption is necessary.

How Has This Been Tested?

Tested in client connected to nos-local with the help of slightly modified template dApp. Also there is new tests added.

Types of changes

• Chore (tests, refactors, and fixes)
• New feature (adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• My code follows the code style of this project.
• The commit message follows our guidelines
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)
• I have read the CONTRIBUTING document.

[mhuggins]

Overall, this looks like a great addition. I also appreciate the thoroughness of the tests added, thank you for that!

I added a few comments that I'd like to have addressed before merging, I'm always open to discussion around any comments I left as well.

I'd like to verify some of the questions I left regarding passing a Buffer via IPC too. I'll circle back on that unless you beat me to it.

[mhuggins]

This documentation should be restructured a bit to clarify that it's a single object argument, and that recipientPublicKey and data are keys on the object. i.e.:

* `config` **object** - The config options to perform this operation.
* `config.recipientPublicKey` **string** - The public key of the recipient account.
* `config.data` **string | Buffer** - The data to encrypt.

[mhuggins]

Another thing worth mentioning is that I'm not confident passing a Buffer data type will work due to the way IPC is implemented. Per the electron documentation:

Arguments will be serialized in JSON internally and hence no functions or prototype chain will be included.

There is a JSON representation of a Buffer, but I doubt that electron elegantly parses and converts it back to a Buffer on the other end.

const buffer = Buffer.from("foo");
// <Buffer 66 6f 6f>

const serializedBuffer = JSON.stringify(buffer);
// '{"type":"Buffer","data":[102,111,111]}'

const deserializedBuffer = JSON.parse(serializedBuffer);
// { type: 'Buffer', data: [ 102, 111, 111 ] }

I will try to verify if this is accurate, but something that will need to be verified before accepting as is.

[trueinsider]

1. fixed
2. I believe this is not a concern anymore as electron seems to support Buffers

[mhuggins]

Can we just call this publicKey? I think you're making an assumption that the data being serialized will be sent to another address, when it could just be for storing something pertaining to the current account's address.

[trueinsider]

I called it recipientPublicKey to clarify that it's not your public key that you need to pass to the function.
The way ECIES/ECDH work is that when encrypting I take my private key and your public key
and when decrypting you take your private key and my public key.
That way we'll get same shared secret without exchanging our private keys.

If you want to just encrypt some data for yourself you don't need shared secret or public key, you can just use hash of your private key as encryption key. Of course, then you will need private key for decryption too.

[mhuggins]

Same here with calling this publicKey. The description for this field could be clarify which key by stating something like "the public key used to encrypt the data".

[trueinsider]

Answered above

[mhuggins]

Same concern here regarding Buffer.

[trueinsider]

I believe this is not a concern anymore as electron seems to support Buffers

[mhuggins]

I don't believe we'll be able to return a Buffer for the same reason, but will verify. If not, then we should just make this a string.

[trueinsider]

I believe this is not a concern anymore as electron seems to support Buffers

[mhuggins]

What factored into the decision to use AES-256-CBC above and prime256v1 here?

[trueinsider]

1. AES-256-CBC: no particular reason, it's good enough
2. prime256v1 = secp256r1: this is what used by NEO itself according to this: https://github.com/neo-project/neo/blob/master/neo/Wallets/KeyPair.cs#L26

[mhuggins]

I haven't taken a thorough look through the encryption/decryption logic yet. Adding a note here to ensure that happens before this PR is merged.

[mhuggins]

It looks like data is actually a string, not a Buffer. Is the documentation just incorrect?

[trueinsider]

documentation for result doesn't mention Buffer anywhere

[mhuggins]

All these tests show the happy path, which is great. Can you add a test for when decryption fails to ensure that onReject is called and onResolve is not called?

[trueinsider]

fixed

[mhuggins]

Same here, can a test be added for the unhappy path?

[trueinsider]

fixed

[mhuggins]

Did a little digging on the electron side, and buffers may actually be supported. I haven't tested yet. Also, I think the documentation you added for the return value is still wrong because it's returning a string, not a buffer.

[trueinsider]

I believe I've fixed all points of concern.
Also there is no Buffers in documentation for return values. But input parameters can take string or Buffer.

[mhuggins]

@trueinsider This is the return value of type Buffer I was referring to.

[trueinsider]

oh, you right. but it actually returns Buffer.

inside decrypt():

return aes256CbcDecrypt(ivBuffer, encryptionKey, dataBuffer);

and inside aes256CbcDecrypt():

return Buffer.concat([firstChunk, secondChunk]);

it's encrypt() that returns hex-encoded string and documentation of encrypt result doesn't mention Buffers. maybe I should return Buffers here too.

[trueinsider]

I think maybe I should rename these functions to encryptFor/decryptFrom and then make another pair to just encrypt/decrypt stuff for myself using my private key
Or change API in a way that if no public key is provided in the args then encryption will be using only private key
What do you think?

[trueinsider]

I was thinking, maybe I should do only getSharedSecret(publicKey) which will generate shared secret from provided public key and user's private key. That way we won't compromise private key and at the same time dApp developer could implement encryption/decryption that he wants/needs, not only hardcoded aes-256-cbc. And I can add encrypt/decrypt example in documentation on how to implement it using getSharedSecret() and aes-256-cbc.

And for encryption of user's own data I could implement getPrivateSecret() which will return sha512 hash of user's private key.

[codecov]

Codecov Report

Merging #241 into develop will increase coverage by 1.87%.
The diff coverage is 100%.

@@             Coverage Diff             @@
##           develop     #241      +/-   ##
===========================================
+ Coverage    53.44%   55.32%   +1.87%     
===========================================
  Files          207      220      +13     
  Lines         1783     1858      +75     
  Branches       249      250       +1     
===========================================
+ Hits           953     1028      +75     
  Misses         691      691              
  Partials       139      139

[mhuggins]

@trueinsider I'm communicating with the team regarding your last question here. I'll circle back with you and let you know what we settle on.

[DalderupMaurice]

Had a small discussing concluding that for the moment being - the additional feature is a too specific use-case. It's also no high risk of implementing it on a later stage, so we're happy to finalize this PR and potentially add in the additional feature later and keeping it simple to begin with. :)
cc FYI @mhuggins

[mhuggins]

I added a few commits at the end here as well as moving the documentation to nos/documentation via nos/documentation#10. I think this is good, but I want to check with @deanpress how he feels about merging this before/after having a security expert review it.

[mhuggins]

This change looks good to me, but I'm labeling with "don't merge" until we get a more in depth security review. At this point, no code changes are deemed needed prior to merging.

[DalderupMaurice]

no more 0.3.0? 🙈

[mhuggins]

@DalderupMaurice @deanpress since we're waiting on a review from @knaps, I can't guarantee it will happen before we're ready to release 0.3.0.

[knaps]

@mhuggins - I think you have the wrong person! I'm not a contributor to this project

[mhuggins]

Sorry about that!

[DalderupMaurice]

We currently use withInitialCall everywhere for the API, is this something we should address before merging? @mhuggins

[mhuggins]

That would potentially be safer here to ensure we don't inadvertently call the action twice (in case of a re-render for any reason).

[DalderupMaurice]

Would we maybe want the ability to choose the strength?
Having an optional parameter with 128 as default, and having return randomBytes(strength /8);

[DalderupMaurice]

Suggested change

	withCall(encryptActions, ({ recipientPublicKey, wif, data }) => ({
	withInitialCall(encryptActions, ({ recipientPublicKey, wif, data }) => ({

[DalderupMaurice]

Suggested change

	import { withCall, withData } from 'spunky';
	import { withData } from 'spunky';

[DalderupMaurice]

Suggested change

	import withInitialCall from 'shared/hocs/withInitialCall';

[DalderupMaurice]

Suggested change

	import withInitialCall from 'shared/hocs/withInitialCall';

[DalderupMaurice]

Suggested change

	import authActions from 'login/actions/authActions';
	import authActions from 'login/actions/authActions';
	import withInitialCall from 'shared/hocs/withInitialCall';

[DalderupMaurice]

Suggested change

	withCall(publicKeyActions, ({ wif }) => ({ wif })),
	withInitialCall(publicKeyActions, ({ wif }) => ({ wif })),

[DalderupMaurice]

Suggested change

	import { withCall, withData } from 'spunky';
	import { withData } from 'spunky';

[DalderupMaurice]

Suggested change

	withCall(decryptActions, ({ senderPublicKey, wif, iv, mac, data }) => ({
	withInitialCall(decryptActions, ({ senderPublicKey, wif, iv, mac, data }) => ({

[DalderupMaurice]

Suggested change

	import { withCall, withData } from 'spunky';
	import { withData } from 'spunky';

[DalderupMaurice]

I'll take these changes in a followup PR