Merge pull request #21 from internxt/email_base64

[PB-5714] Email base64

Author: TamaraFinogina

src/email-crypto/converters.ts

@@ -1,31 +1,7 @@
-import { uint8ArrayToBase64, base64ToUint8Array, UTF8ToUint8, uint8ToUTF8 } from '../utils';
-import {
-  EmailBody,
-  HybridEncKey,
-  PwdProtectedKey,
-  User,
-  EmailPublicParameters,
-  HybridEncryptedEmail,
-  PwdProtectedEmail,
-  Email,
-} from '../types';
+import { UTF8ToUint8, uint8ToUTF8 } from '../utils';
+import { EmailBody, User, Email } from '../types';
 import { concatBytes } from '@noble/hashes/utils.js';
 
-/**
- * Converts a User type into a base64 string.
- *
- * @param user - The given user.
- * @returns The base64 representation of the user.
- */
-export function userToBase64(user: User): string {
-  try {
-    const json = JSON.stringify(user);
-    return btoa(json);
-  } catch (error) {
-    throw new Error('Failed to convert User to base64', { cause: error });
-  }
-}
-
 export function userToBytes(user: User): Uint8Array {
   try {
     const json = JSON.stringify(user);
@@ -44,22 +20,6 @@ export function recipientsToBytes(recipients: User[]): Uint8Array {
   }
 }
 
-/**
- * Converts a base64 string into a User type
- *
- * @param base64 - The base64 representation of the user.
- * @returns The User type.
- */
-export function base64ToUser(base64: string): User {
-  try {
-    const json = atob(base64);
-    const user: User = JSON.parse(json);
-    return user;
-  } catch (error) {
-    throw new Error('Failed to convert base64 to User', { cause: error });
-  }
-}
-
 /**
  * Converts an EmailBody type into a Uint8Array array.
  *
@@ -91,163 +51,6 @@ export function binaryToEmailBody(array: Uint8Array): EmailBody {
   }
 }
 
-/**
- * Converts a hybrid key of the type HybridEncKey into base64 string.
- *
- * @param encHybridKey - The HybridEncKey key.
- * @returns The resulting base64 key encoding.
- */
-export function encHybridKeyToBase64(encHybridKey: HybridEncKey): string {
-  try {
-    const json = JSON.stringify({
-      kyberCiphertext: uint8ArrayToBase64(encHybridKey.kyberCiphertext),
-      encryptedKey: uint8ArrayToBase64(encHybridKey.encryptedKey),
-    });
-    const base64 = btoa(json);
-    return base64;
-  } catch (error) {
-    throw new Error('Failed to convert hybrid key to base64', { cause: error });
-  }
-}
-
-/**
- * Converts a base64 string into a hybrid key of the type HybridEncKey.
- *
- * @param base - The base64 encoding of the hybrid key.
- * @returns The resulting HybridEncKey key.
- */
-export function base64ToEncHybridKey(base64: string): HybridEncKey {
-  try {
-    const json = atob(base64);
-    const obj = JSON.parse(json);
-    return {
-      encryptedKey: base64ToUint8Array(obj.encryptedKey),
-      kyberCiphertext: base64ToUint8Array(obj.kyberCiphertext),
-    };
-  } catch (error) {
-    throw new Error('Failed to convert base64 to hybrid key', { cause: error });
-  }
-}
-
-/**
- * Converts a password-protected key of the type PwdProtectedKey into base64 string.
- *
- * @param pwdProtectedKey - The password-protected key of the type PwdProtectedKey.
- * @returns The resulting base64 key encoding.
- */
-export function pwdProtectedKeyToBase64(pwdProtectedKey: PwdProtectedKey): string {
-  try {
-    const json = JSON.stringify({
-      encryptedKey: uint8ArrayToBase64(pwdProtectedKey.encryptedKey),
-      salt: uint8ArrayToBase64(pwdProtectedKey.salt),
-    });
-    const base64 = btoa(json);
-    return base64;
-  } catch (error) {
-    throw new Error('Failed to convert password-protected key to base64', { cause: error });
-  }
-}
-
-/**
- * Converts a base64 string into a password-protected key of the type PwdProtectedKey.
- *
- * @param base64 - The base64 string.
- * @returns The resulting PwdProtectedKey key.
- */
-export function base64ToPwdProtectedKey(base64: string): PwdProtectedKey {
-  try {
-    const json = atob(base64);
-    const obj = JSON.parse(json);
-    return {
-      encryptedKey: base64ToUint8Array(obj.encryptedKey),
-      salt: base64ToUint8Array(obj.salt),
-    };
-  } catch (error) {
-    throw new Error('Failed to convert base64 to password-protected key', { cause: error });
-  }
-}
-
-/**
- * Converts an email public parameters of type EmailPublicParameters into base64 string.
- *
- * @param params - The EmailPublicParameters email paramaters.
- * @returns The resulting base64 string encoding.
- */
-export function paramsToBase64(params: EmailPublicParameters): string {
-  try {
-    const json = JSON.stringify({
-      ...params,
-      sender: userToBase64(params.sender),
-      recipient: userToBase64(params.recipient),
-      recipients: params.recipients?.map(userToBase64),
-    });
-    const base64 = btoa(json);
-    return base64;
-  } catch (error) {
-    throw new Error('Failed to convert email public parameters to base64', { cause: error });
-  }
-}
-
-/**
- * Converts a base64 string into an email paramaters of the type EmailPublicParameters.
- *
- * @param base64 - The base64 string.
- * @returns The resulting EmailPublicParameters email parameters.
- */
-export function base64ToParams(base64: string): EmailPublicParameters {
-  try {
-    const json = atob(base64);
-    const obj = JSON.parse(json);
-    return {
-      ...obj,
-      sender: base64ToUser(obj.sender),
-      recipient: base64ToUser(obj.recipient),
-      recipients: obj.recipients?.map(base64ToUser),
-    };
-  } catch (error) {
-    throw new Error('Failed to convert base64 to email params', { cause: error });
-  }
-}
-
-/**
- * Converts an encrypted via hybrid encryption email into base64 string.
- *
- * @param email - The HybridEncryptedEmail encrypted via hybrid encryption email.
- * @returns The resulting base64 string encoding.
- */
-export function hybridEncyptedEmailToBase64(email: HybridEncryptedEmail): string {
-  try {
-    const json = JSON.stringify({
-      encryptedKey: encHybridKeyToBase64(email.encryptedKey),
-      enc: uint8ArrayToBase64(email.enc),
-      recipientEmail: email.recipientEmail,
-    });
-    const base64 = btoa(json);
-    return base64;
-  } catch (error) {
-    throw new Error('Failed to convert hybrid email to base64', { cause: error });
-  }
-}
-
-/**
- * Converts a pwd protected email into base64 string.
- *
- * @param email - The PwdProtectedEmail pwd protected email.
- * @returns The resulting base64 string encoding.
- */
-export function pwdProtectedEmailToBase64(email: PwdProtectedEmail): string {
-  try {
-    const json = JSON.stringify({
-      encryptedKey: pwdProtectedKeyToBase64(email.encryptedKey),
-      enc: uint8ArrayToBase64(email.enc),
-    });
-    const base64 = btoa(json);
-    return base64;
-  } catch (error) {
-    throw new Error('Failed to convert pwd protected email to base64', { cause: error });
-  }
-}
-
 /**
  * Converts an Email type into a Uint8Array array.
  *

src/email-crypto/core.ts

@@ -5,7 +5,7 @@ import { encapsulateKyber, decapsulateKyber } from '../post-quantum-crypto';
 import { deriveWrappingKey, wrapKey, unwrapKey, importWrappingKey } from '../key-wrapper';
 import { deriveSecretKey } from '../asymmetric-crypto';
 import { getKeyFromPassword, getKeyFromPasswordAndSalt } from '../derive-key';
-import { UTF8ToUint8, uint8ToUTF8, uuidToBytes } from '../utils';
+import { UTF8ToUint8, base64ToUint8Array, uint8ArrayToBase64, uint8ToUTF8, uuidToBytes } from '../utils';
 
 /**
  * Symmetrically encrypts an email with a randomly sampled key.
@@ -141,7 +141,10 @@ export async function encryptKeysHybrid(
     );
     const wrappingKey = await deriveWrappingKey(eccSecret, kyberSecret);
     const encryptedKey = await wrapKey(emailEncryptionKey, wrappingKey);
-    return { encryptedKey, kyberCiphertext };
+    const encryptedKeyBase64 = uint8ArrayToBase64(encryptedKey);
+    const kyberCiphertextBase64 = uint8ArrayToBase64(kyberCiphertext);
+
+    return { encryptedKey: encryptedKeyBase64, kyberCiphertext: kyberCiphertextBase64 };
   } catch (error) {
     throw new Error('Failed to encrypt email key using hybrid encryption', { cause: error });
   }
@@ -161,10 +164,12 @@ export async function decryptKeysHybrid(
   recipientPrivateKey: PrivateKeys,
 ): Promise<CryptoKey> {
   try {
+    const kyberCiphertext = base64ToUint8Array(encryptedKey.kyberCiphertext);
+    const encKey = base64ToUint8Array(encryptedKey.encryptedKey);
     const eccSecret = await deriveSecretKey(senderPublicKey.eccPublicKey, recipientPrivateKey.eccPrivateKey);
-    const kyberSecret = decapsulateKyber(encryptedKey.kyberCiphertext, recipientPrivateKey.kyberPrivateKey);
+    const kyberSecret = decapsulateKyber(kyberCiphertext, recipientPrivateKey.kyberPrivateKey);
     const wrappingKey = await deriveWrappingKey(eccSecret, kyberSecret);
-    const encryptionKey = await unwrapKey(encryptedKey.encryptedKey, wrappingKey);
+    const encryptionKey = await unwrapKey(encKey, wrappingKey);
     return encryptionKey;
   } catch (error) {
     throw new Error('Failed to decrypt email key encrypted via hybrid encryption', { cause: error });
@@ -183,7 +188,9 @@ export async function passwordProtectKey(emailEncryptionKey: CryptoKey, password
     const { key, salt } = await getKeyFromPassword(password);
     const wrappingKey = await importWrappingKey(key);
     const encryptedKey = await wrapKey(emailEncryptionKey, wrappingKey);
-    return { encryptedKey, salt };
+    const saltStr = uint8ArrayToBase64(salt);
+    const encryptedKeyStr = uint8ArrayToBase64(encryptedKey);
+    return { encryptedKey: encryptedKeyStr, salt: saltStr };
   } catch (error) {
     throw new Error('Failed to password-protect email key', { cause: error });
   }
@@ -201,9 +208,11 @@ export async function removePasswordProtection(
   password: string,
 ): Promise<CryptoKey> {
   try {
-    const key = await getKeyFromPasswordAndSalt(password, emailEncryptionKey.salt);
+    const salt = base64ToUint8Array(emailEncryptionKey.salt);
+    const encryptedKey = base64ToUint8Array(emailEncryptionKey.encryptedKey);
+    const key = await getKeyFromPasswordAndSalt(password, salt);
     const wrappingKey = await importWrappingKey(key);
-    const encryptionKey = await unwrapKey(emailEncryptionKey.encryptedKey, wrappingKey);
+    const encryptionKey = await unwrapKey(encryptedKey, wrappingKey);
     return encryptionKey;
   } catch (error) {
     throw new Error('Failed to remove password-protection from email key', { cause: error });

src/email-crypto/hybridEncyptedEmail.ts

@@ -1,3 +1,4 @@
+import { base64ToUint8Array, uint8ArrayToBase64 } from '../utils';
 import { PublicKeys, PrivateKeys, HybridEncryptedEmail, Email, UserWithPublicKeys } from '../types';
 import {
   encryptEmailContentSymmetrically,
@@ -24,7 +25,8 @@ export async function encryptEmailHybrid(
     const aux = getAux(email.params);
     const { enc, encryptionKey } = await encryptEmailContentSymmetrically(email.body, aux, email.id);
     const encryptedKey = await encryptKeysHybrid(encryptionKey, recipient.publicKeys, senderPrivateKey);
-    return { enc, encryptedKey, recipientEmail: recipient.email, params: email.params, id: email.id };
+    const encryptedText = uint8ArrayToBase64(enc);
+    return { enc: encryptedText, encryptedKey, recipientEmail: recipient.email, params: email.params, id: email.id };
   } catch (error) {
     throw new Error('Failed to encrypt email with hybrid encryption', { cause: error });
   }
@@ -46,11 +48,18 @@ export async function encryptEmailHybridForMultipleRecipients(
   try {
     const aux = getAux(email.params);
     const { enc, encryptionKey } = await encryptEmailContentSymmetrically(email.body, aux, email.id);
+    const encryptedText = uint8ArrayToBase64(enc);
 
     const encryptedEmails: HybridEncryptedEmail[] = [];
     for (const recipient of recipients) {
       const encryptedKey = await encryptKeysHybrid(encryptionKey, recipient.publicKeys, senderPrivateKey);
-      encryptedEmails.push({ enc, encryptedKey, recipientEmail: recipient.email, params: email.params, id: email.id });
+      encryptedEmails.push({
+        enc: encryptedText,
+        encryptedKey,
+        recipientEmail: recipient.email,
+        params: email.params,
+        id: email.id,
+      });
     }
     return encryptedEmails;
   } catch (error) {
@@ -74,7 +83,8 @@ export async function decryptEmailHybrid(
   try {
     const aux = getAux(encryptedEmail.params);
     const encryptionKey = await decryptKeysHybrid(encryptedEmail.encryptedKey, senderPublicKeys, recipientPrivateKeys);
-    const body = await decryptEmailSymmetrically(encryptedEmail.enc, encryptionKey, aux);
+    const enc = base64ToUint8Array(encryptedEmail.enc);
+    const body = await decryptEmailSymmetrically(enc, encryptionKey, aux);
     return { body, params: encryptedEmail.params, id: encryptedEmail.id };
   } catch (error) {
     throw new Error('Failed to decrypt email with hybrid encryption', { cause: error });

src/email-crypto/hybridEncyptedEmailAndSubject.ts

@@ -29,10 +29,11 @@ export async function encryptEmailAndSubjectHybrid(
       aux,
       email.id,
     );
+    const encryptedText = uint8ArrayToBase64(enc);
     const encSubjectStr = uint8ArrayToBase64(subjectEnc);
     const encryptedKey = await encryptKeysHybrid(encryptionKey, recipient.publicKeys, senderPrivateKey);
     const params = { ...email.params, subject: encSubjectStr };
-    return { enc, encryptedKey, recipientEmail: recipient.email, params, id: email.id };
+    return { enc: encryptedText, encryptedKey, recipientEmail: recipient.email, params, id: email.id };
   } catch (error) {
     throw new Error('Failed to encrypt the email and its subject with hybrid encryption', { cause: error });
   }
@@ -60,12 +61,13 @@ export async function encryptEmailAndSubjectHybridForMultipleRecipients(
       email.id,
     );
     const encSubjectStr = uint8ArrayToBase64(subjectEnc);
+    const encryptedText = uint8ArrayToBase64(enc);
 
     const encryptedEmails: HybridEncryptedEmail[] = [];
     for (const recipient of recipients) {
       const encryptedKey = await encryptKeysHybrid(encryptionKey, recipient.publicKeys, senderPrivateKey);
       const params = { ...email.params, subject: encSubjectStr };
-      encryptedEmails.push({ enc, encryptedKey, recipientEmail: recipient.email, params, id: email.id });
+      encryptedEmails.push({ enc: encryptedText, encryptedKey, recipientEmail: recipient.email, params, id: email.id });
     }
     return encryptedEmails;
   } catch (error) {
@@ -92,12 +94,8 @@ export async function decryptEmailAndSubjectHybrid(
     const aux = getAuxWithoutSubject(encryptedEmail.params);
     const encryptionKey = await decryptKeysHybrid(encryptedEmail.encryptedKey, senderPublicKeys, recipientPrivateKeys);
     const encSubject = base64ToUint8Array(encryptedEmail.params.subject);
-    const { body, subject } = await decryptEmailAndSubjectSymmetrically(
-      encryptedEmail.enc,
-      encSubject,
-      encryptionKey,
-      aux,
-    );
+    const enc = base64ToUint8Array(encryptedEmail.enc);
+    const { body, subject } = await decryptEmailAndSubjectSymmetrically(enc, encSubject, encryptionKey, aux);
     const params = { ...encryptedEmail.params, subject };
     return { body, params, id: encryptedEmail.id };
   } catch (error) {

src/email-crypto/pwdProtectedEmail.ts

@@ -1,4 +1,5 @@
 import { PwdProtectedEmail, Email } from '../types';
+import { base64ToUint8Array, uint8ArrayToBase64 } from '../utils';
 import {
   encryptEmailContentSymmetrically,
   decryptEmailSymmetrically,
@@ -21,8 +22,9 @@ export async function createPwdProtectedEmail(email: Email, password: string): P
     }
     const aux = getAux(email.params);
     const { enc, encryptionKey } = await encryptEmailContentSymmetrically(email.body, aux, email.id);
+    const encryptedText = uint8ArrayToBase64(enc);
     const encryptedKey = await passwordProtectKey(encryptionKey, password);
-    return { enc, encryptedKey, params: email.params, id: email.id };
+    return { enc: encryptedText, encryptedKey, params: email.params, id: email.id };
   } catch (error) {
     throw new Error('Failed to password-protect email', { cause: error });
   }
@@ -39,7 +41,8 @@ export async function decryptPwdProtectedEmail(encryptedEmail: PwdProtectedEmail
   try {
     const aux = getAux(encryptedEmail.params);
     const encryptionKey = await removePasswordProtection(encryptedEmail.encryptedKey, password);
-    const body = await decryptEmailSymmetrically(encryptedEmail.enc, encryptionKey, aux);
+    const enc = base64ToUint8Array(encryptedEmail.enc);
+    const body = await decryptEmailSymmetrically(enc, encryptionKey, aux);
     return { body, params: encryptedEmail.params, id: encryptedEmail.id };
   } catch (error) {
     throw new Error('Failed to decrypt password-protect email', { cause: error });