sign public encryption keys

implement PublicKeySignatueFacade to encode public encryption keys and sign them

sign public encryption keys where it is needed (e.g. key rotation, identity key pair creation)

add ecc keys to current rsa key pairs when creating identity key pairs

refactor GroupManagementFacade, extract loading keys via admin group key, extract creation of identity key pairs

#tutadb2083

Author: vaf-hub

app-ios/tutanotaTests/CompatibilityTestData.json

@@ -18,6 +18,7 @@ export type AbstractEncryptedKeyPair = {
 	symEncPrivEccKey: null | Uint8Array
 	symEncPrivKyberKey: null | Uint8Array
 	symEncPrivRsaKey: null | Uint8Array
+	signature: null | unknown
 }
 
 export type EncryptedPqKeyPairs = {
@@ -27,6 +28,7 @@ export type EncryptedPqKeyPairs = {
 	symEncPrivEccKey: Uint8Array
 	symEncPrivKyberKey: Uint8Array
 	symEncPrivRsaKey: null
+	signature: null | unknown
 }
 
 export type EncryptedRsaKeyPairs = {
@@ -36,6 +38,7 @@ export type EncryptedRsaKeyPairs = {
 	symEncPrivEccKey: null
 	symEncPrivKyberKey: null
 	symEncPrivRsaKey: Uint8Array
+	signature: null
 }
 
 export type EncryptedRsaX25519KeyPairs = {
@@ -45,6 +48,7 @@ export type EncryptedRsaX25519KeyPairs = {
 	symEncPrivEccKey: Uint8Array
 	symEncPrivKyberKey: null
 	symEncPrivRsaKey: Uint8Array
+	signature: null | unknown
 }
 
 export function isEncryptedPqKeyPairs(keyPair: AbstractEncryptedKeyPair): keyPair is EncryptedPqKeyPairs {

packages/tutanota-crypto/lib/encryption/KeyEncryption.ts

@@ -1,7 +1,7 @@
 // @ts-ignore[untyped-import]
 import { BigInteger, parseBigInt, RSAKey } from "../internal/crypto-jsbn-2012-08-09_1.js"
 import type { Base64, Hex } from "@tutao/tutanota-utils"
-import { base64ToHex, base64ToUint8Array, concat, int8ArrayToBase64, uint8ArrayToHex } from "@tutao/tutanota-utils"
+import { base64ToHex, base64ToUint8Array, concat, hexToUint8Array, int8ArrayToBase64, uint8ArrayToHex } from "@tutao/tutanota-utils"
 import type { RawRsaPublicKey, RsaPrivateKey, RsaPublicKey } from "./RsaKeyPair.js"
 import { CryptoError } from "../misc/CryptoError.js"
 import { sha256Hash } from "../hashes/Sha256.js"
@@ -308,7 +308,7 @@ export function i2osp(i: number): Uint8Array {
  * @returns The public key in a persistable array format
  * @private
  */
-function _publicKeyToArray(publicKey: RsaPublicKey): BigInteger[] {
+function _publicKeyToArray(publicKey: RawRsaPublicKey): BigInteger[] {
 	return [_base64ToBigInt(publicKey.modulus)]
 }
 
@@ -422,10 +422,14 @@ export function rsaPrivateKeyToHex(privateKey: RsaPrivateKey): Hex {
 	return _keyArrayToHex(_privateKeyToArray(privateKey))
 }
 
-export function rsaPublicKeyToHex(publicKey: RsaPublicKey): Hex {
+export function rsaPublicKeyToHex(publicKey: RawRsaPublicKey): Hex {
 	return _keyArrayToHex(_publicKeyToArray(publicKey))
 }
 
+export function rsaPublicKeyToBytes(rsaPublicKey: RawRsaPublicKey) {
+	return hexToUint8Array(rsaPublicKeyToHex(rsaPublicKey))
+}
+
 export function hexToRsaPrivateKey(privateKeyHex: Hex): RsaPrivateKey {
 	return _arrayToPrivateKey(_hexToKeyArray(privateKeyHex))
 }

packages/tutanota-crypto/lib/encryption/Rsa.ts

@@ -97,6 +97,7 @@ export {
 	rsaPublicKeyToHex,
 	rsaEncrypt,
 	extractRawPublicRsaKeyFromPrivateRsaKey,
+	rsaPublicKeyToBytes,
 } from "./encryption/Rsa.js"
 export { RsaKeyPair, RsaX25519KeyPair, RsaPrivateKey, RawRsaPublicKey, RsaPublicKey, RsaX25519PublicKey } from "./encryption/RsaKeyPair.js"
 export {
@@ -112,6 +113,7 @@ export {
 	isVersionedRsaX25519PublicKey,
 	isVersionedPqPublicKey,
 	isVersionedRsaOrRsaX25519PublicKey,
+	isRsaX25519PublicKey,
 } from "./encryption/AsymmetricKeyPair.js"
 export { PQKeyPairs, PQPublicKeys, pqKeyPairsToPublicKeys } from "./encryption/PQKeyPairs.js"
 export { sha1Hash } from "./hashes/Sha1.js"

packages/tutanota-crypto/lib/index.ts

@@ -143,6 +143,17 @@ export function assertNotNull<T>(value: T | null | undefined, message: string =
 	return value
 }
 
+/**
+ * throws if the value is not null.
+ * @param value the value to check
+ * @param message optional error message
+ */
+export function assertNull<T>(value: T | null | undefined, message: string = "not null") {
+	if (value != null) {
+		throw new Error("AssertNull failed : " + message)
+	}
+}
+
 /**
  * assertion function that only returns if the argument is non-null
  * (acts as a type guard)

packages/tutanota-utils/lib/Utils.ts

@@ -114,6 +114,7 @@ import { SyncTracker } from "../common/api/main/SyncTracker.js"
 import { KeyVerificationFacade } from "../common/api/worker/facades/lazy/KeyVerificationFacade"
 import { getEventWithDefaultTimes, setNextHalfHour } from "../common/api/common/utils/CommonCalendarUtils.js"
 import { PublicKeyProvider } from "../common/api/worker/facades/PublicKeyProvider"
+import { IdentityKeyCreator } from "../common/api/worker/facades/lazy/IdentityKeyCreator"
 
 assertMainOrNode()
 
@@ -170,6 +171,7 @@ class CalendarLocator {
 	themeController!: ThemeController
 	Const!: Record<string, any>
 	syncTracker!: SyncTracker
+	identityKeyCreator!: IdentityKeyCreator
 
 	private nativeInterfaces: NativeInterfaces | null = null
 	private entropyFacade!: EntropyFacade
@@ -579,6 +581,7 @@ class CalendarLocator {
 			workerFacade,
 			sqlCipherFacade,
 			contactFacade,
+			identityKeyCreator,
 		} = this.worker.getWorkerInterface()
 		this.loginFacade = loginFacade
 		this.customerFacade = customerFacade
@@ -599,6 +602,7 @@ class CalendarLocator {
 		this.contactFacade = contactFacade
 		this.serviceExecutor = serviceExecutor
 		this.sqlCipherFacade = sqlCipherFacade
+		this.identityKeyCreator = identityKeyCreator
 		this.logins = new LoginController(
 			this.loginFacade,
 			this.customerFacade,

src/calendar-app/calendarLocator.ts

@@ -77,6 +77,10 @@ export class CalendarWorkerImpl implements NativeInterface {
 				return locator.groupManagement()
 			},
 
+			async identityKeyCreator() {
+				return locator.identityKeyCreator()
+			},
+
 			async configFacade() {
 				return locator.configFacade()
 			},

src/calendar-app/workerUtils/worker/CalendarWorkerImpl.ts

@@ -84,6 +84,9 @@ import { InstancePipeline } from "../../../common/api/worker/crypto/InstancePipe
 import { ApplicationTypesFacade } from "../../../common/api/worker/facades/ApplicationTypesFacade"
 import { Ed25519Facade } from "../../../common/api/worker/facades/Ed25519Facade"
 import { RolloutFacade } from "../../../common/api/worker/facades/RolloutFacade"
+import { PublicKeySignatureFacade } from "../../../common/api/worker/facades/PublicKeySignatureFacade"
+import { AdminKeyLoaderFacade } from "../../../common/api/worker/facades/AdminKeyLoaderFacade"
+import { IdentityKeyCreator } from "../../../common/api/worker/facades/lazy/IdentityKeyCreator"
 
 assertWorkerOrNode()
 
@@ -105,9 +108,11 @@ export type CalendarWorkerLocatorType = {
 	blobAccessToken: BlobAccessTokenFacade
 	keyCache: KeyCache
 	keyLoader: KeyLoaderFacade
+	adminKeyLoader: AdminKeyLoaderFacade
 	publicKeyProvider: PublicKeyProvider
 	keyRotation: KeyRotationFacade
 	ed25519Facade: Ed25519Facade
+	publicKeySignatureFacade: PublicKeySignatureFacade
 	cryptoWrapper: CryptoWrapper
 	rolloutFacade: RolloutFacade
 
@@ -124,6 +129,7 @@ export type CalendarWorkerLocatorType = {
 
 	// management facades
 	groupManagement: lazyAsync<GroupManagementFacade>
+	identityKeyCreator: lazyAsync<IdentityKeyCreator>
 	userManagement: lazyAsync<UserManagementFacade>
 	recoverCode: lazyAsync<RecoverCodeFacade>
 	customer: lazyAsync<CustomerFacade>
@@ -233,15 +239,10 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 
 	locator.cryptoWrapper = new CryptoWrapper()
 
-	locator.keyLoader = new KeyLoaderFacade(locator.keyCache, locator.user, locator.cachingEntityClient, locator.cacheManagement)
-	const keyAuthenticationFacade = new KeyAuthenticationFacade(cryptoWrapper)
-	locator.publicKeyProvider = new PublicKeyProvider(locator.serviceExecutor, locator.cachingEntityClient, keyAuthenticationFacade, locator.keyLoader)
-
-	locator.keyVerification = lazyMemoized(async () => {
-		const { KeyVerificationFacade } = await import("../../../common/api/worker/facades/lazy/KeyVerificationFacade.js")
-		return new KeyVerificationFacade(locator.sqlCipherFacade, locator.ed25519Facade)
-	})
+	locator.publicKeySignatureFacade = new PublicKeySignatureFacade(locator.ed25519Facade, locator.cryptoWrapper)
 
+	const keyAuthenticationFacade = new KeyAuthenticationFacade(cryptoWrapper)
+	locator.keyLoader = new KeyLoaderFacade(locator.keyCache, locator.user, locator.cachingEntityClient, locator.cacheManagement, locator.cryptoWrapper)
 	const asymmetricCrypto = new AsymmetricCryptoFacade(
 		locator.rsa,
 		locator.pqFacade,
@@ -251,6 +252,21 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 		locator.keyVerification,
 		locator.publicKeyProvider,
 	)
+	locator.adminKeyLoader = new AdminKeyLoaderFacade(
+		locator.user,
+		locator.cachingEntityClient,
+		locator.keyLoader,
+		locator.cacheManagement,
+		asymmetricCrypto,
+		locator.cryptoWrapper,
+		keyAuthenticationFacade,
+	)
+	locator.publicKeyProvider = new PublicKeyProvider(locator.serviceExecutor, locator.cachingEntityClient, keyAuthenticationFacade, locator.keyLoader)
+
+	locator.keyVerification = lazyMemoized(async () => {
+		const { KeyVerificationFacade } = await import("../../../common/api/worker/facades/lazy/KeyVerificationFacade.js")
+		return new KeyVerificationFacade(locator.sqlCipherFacade, locator.ed25519Facade)
+	})
 
 	locator.crypto = new CryptoFacade(
 		locator.user,
@@ -280,6 +296,23 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 		return new CounterFacade(locator.serviceExecutor)
 	})
 
+	locator.identityKeyCreator = lazyMemoized(async () => {
+		const { IdentityKeyCreator } = await import("../../../common/api/worker/facades/lazy/IdentityKeyCreator.js")
+		return new IdentityKeyCreator(
+			locator.user,
+			locator.cachingEntityClient,
+			locator.serviceExecutor,
+			locator.keyLoader,
+			locator.adminKeyLoader,
+			await locator.cacheManagement(),
+			asymmetricCrypto,
+			locator.cryptoWrapper,
+			keyAuthenticationFacade,
+			locator.ed25519Facade,
+			locator.publicKeySignatureFacade,
+		)
+	})
+
 	locator.groupManagement = lazyMemoized(async () => {
 		const { GroupManagementFacade } = await import("../../../common/api/worker/facades/lazy/GroupManagementFacade.js")
 		return new GroupManagementFacade(
@@ -289,11 +322,10 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 			locator.serviceExecutor,
 			locator.pqFacade,
 			locator.keyLoader,
+			locator.adminKeyLoader,
 			await locator.cacheManagement(),
-			asymmetricCrypto,
 			cryptoWrapper,
-			keyAuthenticationFacade,
-			locator.ed25519Facade,
+			await locator.identityKeyCreator(),
 		)
 	})
 	locator.keyRotation = new KeyRotationFacade(
@@ -310,6 +342,8 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 		asymmetricCrypto,
 		keyAuthenticationFacade,
 		locator.publicKeyProvider,
+		locator.publicKeySignatureFacade,
+		locator.adminKeyLoader,
 	)
 	locator.rolloutFacade = new RolloutFacade(locator.serviceExecutor)
 
@@ -374,6 +408,8 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 			locator.pqFacade,
 			locator.keyLoader,
 			await locator.recoverCode(),
+			locator.adminKeyLoader,
+			await locator.identityKeyCreator(),
 		)
 	})
 	locator.customer = lazyMemoized(async () => {
@@ -438,7 +474,7 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 		const { MailAddressFacade } = await import("../../../common/api/worker/facades/lazy/MailAddressFacade.js")
 		return new MailAddressFacade(
 			locator.user,
-			await locator.groupManagement(),
+			locator.adminKeyLoader,
 			locator.serviceExecutor,
 			nonCachingEntityClient, // without cache
 		)
@@ -465,6 +501,7 @@ export async function initLocator(worker: CalendarWorkerImpl, browserData: Brows
 		(queuedBatch: QueuedBatch[]) => noOp,
 		locator.rolloutFacade,
 		locator.groupManagement,
+		locator.identityKeyCreator,
 		mainInterface.syncTracker,
 	)
 

src/calendar-app/workerUtils/worker/CalendarWorkerLocator.ts

@@ -1310,3 +1310,19 @@ export const enum RolloutType {
 	UserIdentityKeyCreation = "0",
 	SharedMailboxIdentityKeyCreation = "1",
 }
+
+/**
+ * The type of signature of a public encryption key, signed with an identity key pair.
+ */
+export enum PublicKeySignatureType {
+	RsaEcc = "0", // the signed public key is RSA ECC key
+	TutaCrypt = "1", // the signed public key is a TutaCrypt key
+	RsaFormerGroupKey = "2", // the signed public key is a former(!) group key Rsa only (only kept for decryption of existing data)
+}
+
+export function asPublicKeySignatureType(maybe: NumberString): PublicKeySignatureType {
+	if (Object.values(PublicKeySignatureType).includes(maybe as PublicKeySignatureType)) {
+		return maybe as PublicKeySignatureType
+	}
+	throw new Error("bad public key signature type")
+}