Add rust-crypto#createRecoveryKeyFromPassphrase implementation

Author: florianduros

spec/setupTests.ts

@@ -15,8 +15,13 @@ limitations under the License.
 */
 
 import DOMException from "domexception";
+import * as crypto from "crypto";
 
 global.DOMException = DOMException as typeof global.DOMException;
+// @ts-ignore
+// Set node crypto into global.crypto
+// Needed in `CryptoApi#createRecoveryKeyFromPassphrase` and `crypto/crypto.ts`
+global.crypto = crypto.webcrypto;
 
 jest.mock("../src/http-api/utils", () => ({
     ...jest.requireActual("../src/http-api/utils"),

spec/unit/rust-crypto/rust-crypto.spec.ts

@@ -356,6 +356,39 @@ describe("RustCrypto", () => {
             expect(res).toBe(null);
         });
     });
+
+    describe("createRecoveryKeyFromPassphrase", () => {
+        let rustCrypto: RustCrypto;
+
+        beforeEach(async () => {
+            rustCrypto = await makeTestRustCrypto();
+        });
+
+        it("should create a recovery key without password", async () => {
+            const recoveryKey = await rustCrypto.createRecoveryKeyFromPassphrase();
+
+            // Expected the encoded private key to have 59 chars
+            expect(recoveryKey.encodedPrivateKey?.length).toBe(59);
+            // Expect the private key to be an Uint8Array with a length of 32
+            expect(recoveryKey.privateKey).toBeInstanceOf(Uint8Array);
+            expect(recoveryKey.privateKey.length).toBe(32);
+            // Expect keyInfo to be empty
+            expect(Object.keys(recoveryKey.keyInfo!).length).toBe(0);
+        });
+
+        it("should create a recovery key with password", async () => {
+            const recoveryKey = await rustCrypto.createRecoveryKeyFromPassphrase("my password");
+
+            // Expected the encoded private key to have 59 chars
+            expect(recoveryKey.encodedPrivateKey?.length).toBe(59);
+            // Expect the private key to be an Uint8Array with a length of 32
+            expect(recoveryKey.privateKey).toBeInstanceOf(Uint8Array);
+            expect(recoveryKey.privateKey.length).toBe(32);
+            // Expect keyInfo.passphrase to be filled
+            expect(recoveryKey.keyInfo?.passphrase?.algorithm).toBe("m.pbkdf2");
+            expect(recoveryKey.keyInfo?.passphrase?.iterations).toBe(500000);
+        });
+    });
 });
 
 /** build a basic RustCrypto instance for testing

src/crypto-api.ts

@@ -18,6 +18,7 @@ import type { IMegolmSessionData } from "./@types/crypto";
 import { Room } from "./models/room";
 import { DeviceMap } from "./models/device";
 import { UIAuthCallback } from "./interactive-auth";
+import { AddSecretStorageKeyOpts } from "./secret-storage";
 
 /** Types of cross-signing key */
 export enum CrossSigningKey {
@@ -26,6 +27,16 @@ export enum CrossSigningKey {
     UserSigning = "user_signing",
 }
 
+/**
+ * Recovery key created by {@link CryptoApi#createRecoveryKeyFromPassphrase}
+ */
+export interface IRecoveryKey {
+    keyInfo?: AddSecretStorageKeyOpts;
+    /* Generated private key Uint8Array(32) */
+    privateKey: Uint8Array;
+    encodedPrivateKey?: string;
+}
+
 /**
  * Public interface to the cryptography parts of the js-sdk
  *
@@ -201,6 +212,18 @@ export interface CryptoApi {
      * @returns The current status of cross-signing keys: whether we have public and private keys cached locally, and whether the private keys are in secret storage.
      */
     getCrossSigningStatus(): Promise<CrossSigningStatus>;
+
+    /**
+     * Create a recovery key from a user-supplied passphrase.
+     *
+     * @param password - Passphrase string that can be entered by the user
+     *     when restoring the backup as an alternative to entering the recovery key.
+     *     Optional.
+     * @returns Object with encoded private
+     *     recovery key which should be disposed of after displaying to the user,
+     *     and raw private key to avoid round tripping if needed.
+     */
+    createRecoveryKeyFromPassphrase(password?: string): Promise<IRecoveryKey>;
 }
 
 /**

src/crypto/api.ts

@@ -16,10 +16,10 @@ limitations under the License.
 
 import { DeviceInfo } from "./deviceinfo";
 import { IKeyBackupInfo } from "./keybackup";
-import type { AddSecretStorageKeyOpts } from "../secret-storage";
+import { IRecoveryKey } from "../crypto-api";
 
 /* re-exports for backwards compatibility. */
-export { CrossSigningKey } from "../crypto-api";
+export { CrossSigningKey, IRecoveryKey } from "../crypto-api";
 
 export type {
     ImportRoomKeyProgressData as IImportOpts,
@@ -66,12 +66,6 @@ export interface IEncryptedEventInfo {
     mismatchedSender: boolean;
 }
 
-export interface IRecoveryKey {
-    keyInfo?: AddSecretStorageKeyOpts;
-    privateKey: Uint8Array;
-    encodedPrivateKey?: string;
-}
-
 export interface ICreateSecretStorageOpts {
     /**
      * Function called to await a secret storage key creation flow.

src/rust-crypto/rust-crypto.ts

@@ -41,9 +41,11 @@ import { deviceKeysToDeviceMap, rustDeviceToJsDevice } from "./device-converter"
 import { IDownloadKeyResult, IQueryKeysRequest } from "../client";
 import { Device, DeviceMap } from "../models/device";
 import { ServerSideSecretStorage } from "../secret-storage";
-import { CrossSigningKey } from "../crypto/api";
+import { CrossSigningKey, IRecoveryKey } from "../crypto/api";
 import { CrossSigningIdentity } from "./CrossSigningIdentity";
 import { secretStorageContainsCrossSigningKeys } from "./secret-storage";
+import { keyFromPassphrase } from "../crypto/key_passphrase";
+import { encodeRecoveryKey } from "../crypto/recoverykey";
 
 /**
  * An implementation of {@link CryptoBackend} using the Rust matrix-sdk-crypto.
@@ -405,6 +407,36 @@ export class RustCrypto implements CryptoBackend {
         };
     }
 
+    /**
+     * Implementation of {@link CryptoApi#createRecoveryKeyFromPassphrase}
+     */
+    public async createRecoveryKeyFromPassphrase(password?: string): Promise<IRecoveryKey> {
+        let privateKey: Uint8Array;
+
+        const keyInfo: Partial<IRecoveryKey["keyInfo"]> = {};
+        if (password) {
+            // Get the private key from the passphrase
+            const derivation = await keyFromPassphrase(password);
+            keyInfo.passphrase = {
+                algorithm: "m.pbkdf2",
+                iterations: derivation.iterations,
+                salt: derivation.salt,
+            };
+            privateKey = derivation.key;
+        } else {
+            // Using the navigator crypto API to generate the private key
+            privateKey = new Uint8Array(32);
+            global.crypto.getRandomValues(privateKey);
+        }
+
+        const encodedPrivateKey = encodeRecoveryKey(privateKey);
+        return {
+            keyInfo: keyInfo as IRecoveryKey["keyInfo"],
+            encodedPrivateKey,
+            privateKey,
+        };
+    }
+
     ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
     //
     // SyncCryptoCallbacks implementation