* split PublicKeyProvider into PublicIdentityKeyProvider and PublicEncryptionKeyProvider
* move database queries to new IdentityKeyTrustDatabase
* only have one function loading public identity key and directly load from server if not in trust db (and add to trust db in this case) in PublicIdentityKeyProvider
* KeyVerificationFacade.verify() only needs to be called once to get a valid verification state
* introduce Not_Supported as source of trust (for web client)
* introduce Not_Supported verification state (e.g. for web client and when loading via group id)
* and handle Not_Supported verification state in the RecipientsModel (presentable state is none because verification was not available)
Whenever we request a public encryption key from the server we now verify them with trusted identity keys.
Co-authored-by: mab <mab@tutao.de>
Co-authored-by: bedhub <bedhub@users.noreply.github.com>
tuta#2106
* display own identity key and default sender
* support scanning identity keys using qr codes
* service to request identity keys
* rework key verification database for identity keys
Co-authored-by: bedhub <bedhub@users.noreply.github.com>
Co-authored-by: mab <mab@tutao.de>
We implement three patch operation types (replace for values and One
and ZeroOrOne associations, additem and removeitem for Any associations)
on attributes to do PATCH requests instead of doing PUT requests to
minimize the request payload by sending only the changed fields. The
payload format is specified in the fast-sync design documentation.
Co-authored-by: das <das@tutao.de>
Co-authored-by: jomapp <17314077+jomapp@users.noreply.github.com>
Co-authored-by: abp <abp@tutao.de>
We observed clients that managed to get stuck with a missing server
model, which made login from stored credentials impossible and required
getting a new session.
The reason was that only the service executor, rest client and event bus
client cared to update the server model if they were missing.
However, the offline database also stores data in the server's model and
thus requires it to read any data. Since logging in will hit
the cache before requesting the server, a corrupted or missing server
model causes us to not be able to log in.
This commit gives the responsibility of acquiring the models to
ServerModelInfo.resolveServerTypeReference if they are missing or out
of date to avoid situations where we call resolveServerTypeReference
without first checking if the model is initialized.
Additionally, we show a dialog to the user if the models cannot be
initialized instead of an uncaught error.
We considered having the error handler try to repeat model
initialization, but since the original request already failed at that
point, getting back to a normal state would require an extra manual
retry.
fix#9004
Co-authored-by: nig <nig@tutao.de>
Co-authored-by: sug <sug@tutao.de>
Co-authored-by: kib <104761667+kibibytium@users.noreply.github.com>
Passing instances explicitly avoids the situations where some of them
might not be initialized.
We also simplified the entity handling by converting entity updates to
data with resolved types early so that the listening code doesn't have
to deal with it.
We did fix some of the bad test practices, e.g. setting/restoring env
incorrectly. This matters now because accessors for type model
initializers check env.mode.
Co-authored-by: paw <paw-hub@users.noreply.github.com>
Refactor our instance deserialization/serialization pipeline, both on
TypeScript and on Rust [sdk] to use typeId and attributeIds instead of
typeNames and attributeNames. We furthermore ignore cardinalities
on associations until the instance layer and always
store associations as arrays. This commit introduces **eventual
consistency** on the client, i.e. we are from now on always storing data
in the newest schema format (activeApplicationVersionsForWritingSum)
which ensures that all data is already available on the client after
updating the client to a newer version. This removes the need for
offline migrations on the client and also removes backward migrations
on the server. Furthermore, the server model types are now available
on the client, retrievable through the ApplicationTypesFacade. This is
our first step towards FastSync.
Co-authored-by: nig <nig@tutao.de>
Co-authored-by: abp <abp@tutao.de>
Co-authored-by: jomapp <17314077+jomapp@users.noreply.github.com>
Co-authored-by: map <mpfau@users.noreply.github.com>
Co-authored-by: sug <sug@tutao.de>
Co-authored-by: Kinan <104761667+kibibytium@users.noreply.github.com>
For recipients that have been displayed as verified in the mail editor
and lose the status before sending, the verification shield icon will
be replaced by a failure icon.
Co-authored-by: mab <mab@tutao.de>
We still use the keys, but we show a warning if we detect that TutaCrypt
keys should have been used instead.
In practice, this means that if we have TutaCrypt keys at all, the
sender should have used those. However, in order to prevent unnecessary
warnings when doing a key rotation, we consider it normal to receive RSA
encrypted mails in the same session where we did the key rotation.
There is a corner case when we show a warning even though the RSA
encryption was legitimate, and that is if we decrypt an old RSA mail
after rotating to TutaCrypt keys. We don't expect this to occur very
often.
Co-authored-by: hec <hec@tutao.de>
Co-authored-by: mab <mab@tutao.de>
tutadb#1932
These groups have been deleted and are no longer supported.
It doesn't make sense talking about "global admins" anymore, so we just
refer to them as "admins".
tutadb#1919
Co-authored-by: Vitor Sakaguti <vis@tutao.de>
extract PublicKeyProvider to enforce constraints in a central place
use type system and checkKeyVersionConstraints function to enforce constraints everywhere
tutadb#1933
Extract AsymmetricCryptoFacade to encapsulate choice of encryption
algorithm.
Remove unauthenticated asymmetric decryption because it was only used
in a deprecated case and is the same implementation as with
authentication.
Enforce the correct protocol version and that it matches the algorithm
of recipient's key pair.
Use existing method to decrypt via adminEncGKey when changing the admin
flag.
Add cryptoWrapper dependency to make testing easier.
Minimize what re need to expose from PqFacade.
Enforce PqKeyPairs type in key rotation facade.
Adapt the tests to work with the new format of loading the fallback and
the wasm files. This commit also fixes the ESBuild function to correctly
resolve the fallback and generate it.
Remove the hardcoded make command and add the option to use a provided
command instead of make. Also adds the possibility to provide env vars
and a working dir for Wasm generation.
* Show pq padlock symbol for sent mail, tutadb 1788
To show the pq padlock symbol for the sender we introduced another enum value for the encryptionAuthStatus on Mail instances which is only set for the sent mail. It is only set in case the mail is confidential and all recipients support the TutaCrypt protocol.
* clean up outdated invitations from offlince cache
see the fix for tutadb#1800
---------
Co-authored-by: bedhub <bedhub@users.noreply.github.com>
Co-authored-by: vaf <vaf@tutao.de>
* Allow groups to have multiple key versions
tutadb#1628
* Adapt to model changes
* Fix CommonMailUtilsTest
* Remove symEncBucketKey from SecureExternalRecipientKeyData
* Remove deprecated types
Also fix tests that relied on them as dummy types
* Add userKeyVersion to RecoverCode
* Remove clientKey
Seems to be unused.
* Remove CreateFolderService
Unused.
* Remove symEncSessionKey from DraftCreateData
Unused.
* Remove symEncShareBucketKey from MailBox
Unused.
* Add userKeyVersion to TutanotaProperties
* Remove PasswordRetrievalService type
The service itself had been long gone.
* Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData
* Fix customer account creation
Set the key version that we actually need there: the *system* admin pub
key version.
The sender key version is not needed, because the system admin only has
RSA keys. Also, this is a new customer, so that would be version zero
anyway.
* Fix resolving bucket key with group reference
Get the right versions along the way.
* Use current group key when encrypting instance session keys
* Remove left-over key getting
Also document a couple of current key usages
* Pass group key providers to EntityClient instead of group key
* Fix types and do not provide sender key version for rsa
Fix resolveServiceSessionKey
* Rename constant to avoid confusion
There is another constant with the same name.
* Use TutanotaModelV69
* Introduce client side mechanism to handle key rotation requests
see tutadb 1771
* Do not export 128-bit key generator
It is only needed for tests within the package.
* Remove group key version when creating user area groups
Plus some minor clarity improvements.
* Fix version handling when updating drafts and sending to secure external
* Remove versions when creating external users
They are zero.
* Fix changing the admin flag
* Remove (almost) all local admin related code
* Improve readability
* Default to user key version zero when loading entropy
* Decrypt current groupKey with correct userGroupKey version
* Fix system application offline migrations
* Fix tutanota application offline migrations
* Improve offline migration functions
* Use AesKey type
* Minor improvements from review
* Use AesKey type instead of Aes128Key where possible
* Model update after rebase
* Fix getting user group key
Should never try to get from the cache like a normal group key.
* Fix getting former group key
Start ID was off-by-one.
* Minor changes from review.
We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them.
* More minor changes from review.
* Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient
* Pass ownerKeyProvider only when necessary
* Document ownerKeyProvider parameter
* Fix offline database migration
* Fix unlocking the indexer data
---------
Co-authored-by: vaf <vaf@tutao.de>
Co-authored-by: bedhub <bedhub@users.noreply.github.com>
Co-authored-by: bed <bed@tutao.de>
We assumed that _ownerEncSessionKey is written for a File
when we download it. This is not always the case as the
UpdateSessionKeysService might not have been invoked or
the invocation might have failed.
* stop setting the offline db version to 0 for old databases
all offline dbs in use now have this field set to 1 already or are
outdated and there is no migration that we need to run anymore.
* use raw key for desktop offline db instead of passphrase. this will
recreate the offline DB for desktop clients.
* update minimum compatible model versions for the offline migrator
* remove old offline migrations. the remaining ones are the ones added
with the lastNonOutdatedClientVersion (3.118.12 since ~120 days) or
later, so no client that uses an offline db from before that would be
able to log in and an offline db left by such a client will not be
migrated due to being outdated.
In order to finish the migration to MailDetails we need to delete all
mails (with and without mailDetails) and mailBodies.
This is needed as we do no longer store the mailBodies directly on the
mail, and we currently do not support updating specific ranges of mails
that exist in the offline storage.
Therefore, deleting only those mails that have no mailDetails set is not
possible, as available offline ranges for mails might be broken
afterward.
includes sys model 94 for supportInfo on customerInfo.
@co-authored-by: jhm@tutao.de
Introduces a new package in order to avoid tutanota-crypto depending
on the whole tutanota-utils. With this package we can have one canonical
CryptoError.
We add another entry point to tutanota-crypto in order to be able to
import only error classes from any chunk.
We've adjusted moduleResolution for tsconfig to support export maps
for our new entry point.
We've updated @rollup/plugin-typescript to add support for export maps.
We have reorganized utils to adjust the chunking. Error utils are now
a part of the main chunk.
We have moved ServiceWorkerClient into the main chunk because we need
to handle the errors and also because it is anyway invoked only after
the other initialization is done.
close#6342
