feat: Validate metadata signature

Signed-off-by: Louis Chemineau <[email protected]>

Author: artonge

__tests__/api-mock.ts

@@ -6,17 +6,22 @@
 import { afterAll, afterEach, beforeAll } from 'vitest'
 import { setupServer } from 'msw/node'
 import { http, HttpResponse } from 'msw'
-import { rootFolderMetadata, serverPublicKey, subfolderMetadata } from './consts.spec'
+import { rootFolderMetadata, rootFolderMetadataSignature, serverPublicKey, subfolderMetadata, subFolderMetadataSignature } from './consts.spec'
 
 export const restHandlers = [
 	http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/server-key', () => {
 		return HttpResponse.json({ ocs: { data: { 'public-key': serverPublicKey }}})
 	}),
 	http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/89', () => {
-		return HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(rootFolderMetadata) }}})
+		const response = HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(rootFolderMetadata) }}})
+		response.headers.set('x-nc-e2ee-signature', rootFolderMetadataSignature)
+		return response
 	}),
 	http.get('http://nextcloud.local//ocs/v2.php/apps/end_to_end_encryption/api/v2/meta-data/266', () => {
-		return HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(subfolderMetadata) }}})
+		const response = HttpResponse.json({ ocs: { data: { 'meta-data': JSON.stringify(subfolderMetadata) }}})
+		response.headers.set('x-nc-e2ee-signature', subFolderMetadataSignature)
+		return response
+	}),
 	}),
 ]
 

__tests__/consts.spec.ts

@@ -42,8 +42,7 @@ export const rootFolderMetadata: Metadata = {
 		}
 	],
 	version: "2.0"
-	}
-
+}
 
 export const subfolderMetadata: Metadata = {
 	metadata: {
@@ -100,6 +99,9 @@ export const subfolderMetadataInfo: MetadataInfo = {
 	folders: {},
 }
 
+export const rootFolderMetadataSignature = 'MIIGRwYJKoZIhvcNAQcCoIIGODCCBjQCAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIIDljCCA5IwggJ6oAMCAQICAQAwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluMB4XDTI0MTIwOTE0MDUyNloXDTQ0MTIwNDE0MDUyNlowYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeXvO0LbjPLsodlvj1T1ZJUv+8Z6WB+kJpMCoCvJTR5K7BhUXWhz9MffBW45VRzP8Gp3WZaipcrKQDV+e7RlBaEfmGt8pmJL8qynhb9+FrGwS/90A0up0za5eNIYLLoQCVZffSXxZiT6x8G/YlPMjPPZLVrAGvsYQx/Z9+75gAyYgYzkeyFtWxdMY6cKdvvUgzJFgiuQNljDyGOOcGmSycPT7GoiopIVfp9atND051CykpA7lKxDcmHamODJx7P5O9EJE3cp8gy0ti1HZjMhxB8sjJLYsGkYpXqq7BrEH9qRKw+aSob3H7iITdYO7DQ8jrT7cgdYqF+Qxk4Oi7oayQIDAQABo1MwUTAdBgNVHQ4EFgQUIE5oxSwfwd1WerGGGU1xShi9uOUwHwYDVR0jBBgwFoAUIE5oxSwfwd1WerGGGU1xShi9uOUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAYPEs9q5ZBuv8XOhscFq+uBGqqwD3z6YuslINR37HKJK4BozLo/4NDejgVzaHZAMUAMTmHWiPC7gHoqo7oiYdLZ9btMsRdHMVKpNxFGbD5hfGETeHBuec9IU51yf/WMQq2EJfy0VJrz/Krn5yV/grUS7OaA1aZgiaxHPIQNaxA2nhmGQ8vrHzqpN2I6VSkfxEyPgHUPbm8RYY71MxeIGTWwsi5NbpdEM8DVtWilfdtAVTIWJzGmDPV2rpnuKZ+sLmaA9JO6cvrSgnl2nph2ErxUtZWOEPCIdnGnCGp+hYMSP45GpwhDsXVHMLUjk6HK5+gy9sJpHC5tAKGKL3dqzujGCAncwggJzAgEBMGcwYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluAgEAMAsGCWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNTAxMDYxNTQ2MDFaMC8GCSqGSIb3DQEJBDEiBCCpdJLz0yOHEULuBasTHkUkYKrK9Ky+EF2TAqZ7pCMMzzB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQBkAvlIcwtgxb8jAXQybclAdybuyAg8cRzQ30pnu4le+YO52VcYv6CgJCPrPUyWkXXBVm4WEZOj+KMzDLJZ0Js+Sa7dJ1fQ11Nsp8wUcbxHTfcbscRelBl2nvBH0HnWMCgBwemrIXiAwo+OAT0D16Ae9KDXPqD6War14n3WgHIu7aOw4LbzgRXJAwu/xyjhNZgww9J0uw5q0a1sCQcmlvcHJoaTcxBX4At4Xn23ButPSIPy8MrDPG5yuoZ+3rMTeANOt7sTvWq/Md+cVDZVweZACeM92s1OJSNZCDd+pz2BsW70b3gdVO2ZlzP5fWNEX8gp2CATKPukPNyYtZts3ab8'
+export const subFolderMetadataSignature = 'MIIGRwYJKoZIhvcNAQcCoIIGODCCBjQCAQExDTALBglghkgBZQMEAgEwCwYJKoZIhvcNAQcBoIIDljCCA5IwggJ6oAMCAQICAQAwDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluMB4XDTI0MTIwOTE0MDUyNloXDTQ0MTIwNDE0MDUyNlowYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeXvO0LbjPLsodlvj1T1ZJUv+8Z6WB+kJpMCoCvJTR5K7BhUXWhz9MffBW45VRzP8Gp3WZaipcrKQDV+e7RlBaEfmGt8pmJL8qynhb9+FrGwS/90A0up0za5eNIYLLoQCVZffSXxZiT6x8G/YlPMjPPZLVrAGvsYQx/Z9+75gAyYgYzkeyFtWxdMY6cKdvvUgzJFgiuQNljDyGOOcGmSycPT7GoiopIVfp9atND051CykpA7lKxDcmHamODJx7P5O9EJE3cp8gy0ti1HZjMhxB8sjJLYsGkYpXqq7BrEH9qRKw+aSob3H7iITdYO7DQ8jrT7cgdYqF+Qxk4Oi7oayQIDAQABo1MwUTAdBgNVHQ4EFgQUIE5oxSwfwd1WerGGGU1xShi9uOUwHwYDVR0jBBgwFoAUIE5oxSwfwd1WerGGGU1xShi9uOUwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAYPEs9q5ZBuv8XOhscFq+uBGqqwD3z6YuslINR37HKJK4BozLo/4NDejgVzaHZAMUAMTmHWiPC7gHoqo7oiYdLZ9btMsRdHMVKpNxFGbD5hfGETeHBuec9IU51yf/WMQq2EJfy0VJrz/Krn5yV/grUS7OaA1aZgiaxHPIQNaxA2nhmGQ8vrHzqpN2I6VSkfxEyPgHUPbm8RYY71MxeIGTWwsi5NbpdEM8DVtWilfdtAVTIWJzGmDPV2rpnuKZ+sLmaA9JO6cvrSgnl2nph2ErxUtZWOEPCIdnGnCGp+hYMSP45GpwhDsXVHMLUjk6HK5+gy9sJpHC5tAKGKL3dqzujGCAncwggJzAgEBMGcwYjELMAkGA1UEBhMCREUxGzAZBgNVBAgMEkJhZGVuLVd1ZXJ0dGVtYmVyZzESMBAGA1UEBwwJU3R1dHRnYXJ0MRIwEAYDVQQKDAlOZXh0Y2xvdWQxDjAMBgNVBAMMBWFkbWluAgEAMAsGCWCGSAFlAwQCAaCB5DAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNTAxMDYxNTQ2MDJaMC8GCSqGSIb3DQEJBDEiBCCsLZHhyxF1QrRfETdlWXaBeOGstvE8lCaWf55+Vxq55TB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgBZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDANBggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0BAQEFAASCAQBQudMzoqI/cvG6fXMOaQnXiZG0pyAEQBsmW+sdtmfrRHAIV2vo24l1M3CZJCKF/8+xxq6Z3CzG1RXfseFPTPC4nKHYMVIDd7tn7zTamEeP1WYBuLtjuGApSIkoqFAaid3/qz5OCEDagS4G7E0xrQ1oxCc560d976Oh4+WzFzNh4Ssc1rO42tdK3VLr8FWVpoZKMl+mM3zpbClYE9KSybLSxZKInh33F3p5c7te42OfTt+e3llP4ehcgma94fjqy3YVAvHFxYVWFVblG2M/07Frtq09r21UK4i2rCqqbrBmVyxoxtWM9KPlq37ALAwZf2iwaX/6hTdsbF9T27hpXZb6'
+
 export const encryptedFileContent = 'O13d2Y5O7qYDTerGfZyRwHKWcEktQQiJBm5rWzY='
 
 export const propFindResponse = `<?xml version="1.0"?>

src/models.ts

@@ -18,6 +18,7 @@ export type Metadata = {
 		// The metadata-key is encrypted with RSA/ECB/OAEPWithSHA-256AndMGF1Padding
 		encryptedMetadataKey: string, // Base64 encoded. Example:: "KS9P5Et+i94PAdpTtR9pyyuTlV6/3e3E/Zzwu8ua1j/e6uHUfQDxpXsksgX95Q/Hin0caoYfwwyWVs2/wtdkHttBdjywzcNfz5yDblrdKAYoyeuCavNatA3OuFDJVcMiisiskD6GMz6o3V21ZqpHwTry05dv4jZMs88lzTOLeDJ7bmmv5Pjyfbg8lxk6oW85LJkUku3+szv+kz+as18Pk+Oe1MylLP+Zktw+1Pckem32h19MacefZI/tkZLmdmjPtKNQGqlefeTXHKnIOzykdPjBG9CJ7zS0MPN7nv0ZgXeSoEi6fUHwkzmg8GxGSjLoL6L7BhLxw7Z8YWZ1MAYyCA=="
 	}[],
+	filedrop?: Record<string, FileDropEntry>,
 	version: '2.0',
 }
 
@@ -41,3 +42,15 @@ export type PrivateKeyInfo = {
 	iv: Uint8Array,
 	salt: Uint8Array,
 }
+
+type FileDropEntry = {
+	ciphertext: string, // encrypted metadata (AES/GCM/NoPadding, 128 bit key size) of folder (see below for the plaintext structure). first gzipped, then encrypted, then base64 encoded."
+	nonce: string,
+	authenticationTag: string,
+	users: [
+		{
+			userId: string
+			encryptedFiledropKey: string, // The metadata-key is encrypted with RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+		}
+	],
+}

src/services/api.ts

@@ -9,8 +9,8 @@ import axios from '@nextcloud/axios'
 import type { OCSResponse } from '@nextcloud/typings/ocs'
 
 import type { Metadata, PrivateKeyInfo } from '../models.ts'
-import { base64ToBuffer, pemToBuffer } from './utils.ts'
-import { loadServerPublicKey, verifyCertificateSignature } from './crypto.ts'
+import { base64ToBuffer, pemToBuffer, stringToBuffer } from './utils.ts'
+import { loadServerPublicKey, verifyCertificateSignature, verifyCMSSignature } from './crypto.ts'
 
 // API: https://github.com/nextcloud/end_to_end_encryption/blob/master/doc/api.md
 
@@ -43,13 +43,34 @@ export async function getMetadata(fileId: string, serverPublicKey: CryptoKey): P
 
 	const metadata = JSON.parse(response.data.ocs.data['meta-data']) as Metadata
 
+	verifyMetadataSignature(metadata, response.headers['x-nc-e2ee-signature'])
+
 	if (metadata.users !== undefined) {
 		await verifyUserCertificates(metadata, serverPublicKey)
 	}
 
 	return metadata
 }
 
+async function verifyMetadataSignature(metadata: Metadata, signature: string): Promise<void> {
+	const signedData = JSON.stringify(metadata, (key, value) => {
+		if (key === 'filedrop') {
+			return undefined
+		}
+		return value
+	})
+
+	const verificationResult = await verifyCMSSignature(
+		stringToBuffer(btoa(signedData)),
+		base64ToBuffer(signature),
+		metadata.users ?? [],
+	)
+
+	if (!verificationResult) {
+		throw new Error('Metadata signature verification failed')
+	}
+}
+
 async function verifyUserCertificates(metadata: Metadata, serverPublicKey: CryptoKey): Promise<void> {
 	if (metadata.users === undefined) {
 		throw new Error('Cannot verify certificates of subfolders metadata')
@@ -71,5 +92,6 @@ export async function getServerPublicKey(): Promise<CryptoKey> {
 		generateOcsUrl(Url.ServerKey),
 		{ headers: { 'X-E2EE-SUPPORTED': 'true' } },
 	)
+
 	return await loadServerPublicKey(pemToBuffer(response.data.ocs.data['public-key']))
 }

src/services/crypto.ts

@@ -99,12 +99,60 @@ export async function sha256Hash(buffer: Uint8Array): Promise<string> {
 export async function verifyCertificateSignature(certificate: string, publicKey: CryptoKey): Promise<boolean> {
 	let cert = new x509.X509Certificate(certificate)
 
-	const verificationResult = await self.crypto.subtle.verify(
-		cert.signatureAlgorithm,
-		publicKey,
-		cert.signature,
-		new Uint8Array(cert.tbs),
+	return cert.verify({ publicKey }, getPatchedCrypto())
+}
+
+export async function verifyCMSSignature(signedData: Uint8Array, cmsBuffer: Uint8Array, users: {userId: string, certificate: string}[]): Promise<boolean> {
+	// Parse the CMS buffer
+	const cmsContent = ContentInfo.fromBER(cmsBuffer)
+	const originalSignedData = new SignedData({ schema: cmsContent.content });
+
+	// Get the signer certificate from the users array
+	const commonNameOID = '2.5.4.3'
+	const signerInfo = originalSignedData.signerInfos[0]
+	const signerUserId = signerInfo.sid.issuer.typesAndValues.find(({type}) => type === commonNameOID).value.valueBlock.value
+	const signer = users.find(({userId}) => userId === signerUserId)
+	if (signer === undefined) {
+		throw new Error('Signer not found in the users array')
+	}
+
+	const asn1Cert = fromBER(pemToBuffer(signer.certificate))
+	const certificate = new Certificate({ schema: asn1Cert.result })
+
+	const verificationResult = await originalSignedData.verify(
+		{
+			signer: 0,
+			trustedCerts: [certificate],
+			data: signedData as unknown as ArrayBuffer,
+			checkChain: true,
+		},
+		getPatchedCryptoEngine()
 	)
 
 	return verificationResult
+
 }
+
+class CustomCryptoEngine extends pkijs.CryptoEngine {
+	verify(algorithm: globalThis.AlgorithmIdentifier | RsaPssParams | EcdsaParams, key: CryptoKey, signature: BufferSource, data: ArrayBuffer): Promise<boolean> {
+		return super.verify(algorithm, key, signature, new Uint8Array(data))
+	}
+}
+
+// Return a patched crypto engine because pkijs' default engine does not give the correct data type to the subtle.verify method
+function getPatchedCryptoEngine() {
+	return new CustomCryptoEngine({ crypto: self.crypto })
+}
+
+// Return a patched crypto because x509's default does not give the correct data type to the subtle.verify method
+function getPatchedCrypto(): Crypto {
+	return {
+		...self.crypto,
+		subtle: {
+			...self.crypto.subtle,
+			async verify(algorithm: globalThis.AlgorithmIdentifier | RsaPssParams | EcdsaParams, key: CryptoKey, signature: ArrayBuffer, data: ArrayBuffer): Promise<boolean> {
+				return self.crypto.subtle.verify(algorithm, key, new Uint8Array(signature), new Uint8Array(data))
+			}
+		},
+	}
+}