olcxjas-softworks/LarpixClient
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions 3

Add key mismatch error handling
All checks were successful
Android Build / publish (push) Successful in 28s
Details
Linux Build / publish (push) Successful in 50s
Details

Browse source
This commit is contained in:
olcxja 2026-05-30 11:05:10 +02:00
commit aa0351fb2d
8 changed files with 96 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

2
android/app/src/main/assets/public/blah/en-cat.json
View file

@ -125,6 +125,8 @@
"desc.no.dms": "no direct meowchats :c",
"action.dm.opening": "opening meowchat...",
"dm.open.failed": "failed to open meowchat :c",
"keys.local.server.mismatch": "this device has different nametags than server :c use the device u first logged in on",
"keys.server.decrypt.failed": "wrong password for ur secret nametag bundle :c",
"dm.messages.fetch.failed": "failed to fetch meows :c",
"messages.decrypt.failed": "failed to decrypt meow :c"
}

2
android/app/src/main/assets/public/blah/en-us.json
View file

@ -124,6 +124,8 @@
"desc.no.dms": "No direct messages",
"action.dm.opening": "Opening DM...",
"dm.open.failed": "Failed to open DM",
"keys.local.server.mismatch": "This device has different encryption keys than the server. Use the device where you first logged in, or restore server keys from backup.",
"keys.server.decrypt.failed": "Could not decrypt your account keys with this password.",
"dm.messages.fetch.failed": "Failed to fetch messages",
"messages.decrypt.failed": "Failed to decrypt message"
}

55
android/app/src/main/assets/public/main.js
View file

@ -297,6 +297,11 @@ async function deriveHybridKeyFromSetup(otherPublicKeysObj, ciphertextMlKemBase6
return aesKeyBytes;
}
function userPublicKeysFingerprint(pub) {
if (!pub) return "";
return `${pub.pubX25519 || ""}|${pub.pubMlKem || ""}`;
}
async function fetchDmKey(dmId) {
return await fetchEncrypted("dm/key/get", dmId);
}
@ -331,6 +336,7 @@ async function ensureDmRoomKey(dmId) {
const roomKey = await decryptAesGcmFromBase64(setupPayload.enc, aesKeyBytes);
const selfWrapped = await wrapRoomKeyForSelf(roomKey);
await unwrapRoomKeyForSelf(selfWrapped);
await updateDmKey(dmId, selfWrapped);
return roomKey;
}
@ -918,10 +924,12 @@ async function ensureUserKeys() {
const lsEncKey = `userKeys.enc.v1:${id}`;
const lsPubKey = `userKeys.pub.v1:${id}`;
let serverKeys = null;
let serverKeysRaw = "";
try { //1. check server
const serverKeysRaw = await fetchEncrypted("user/key/get");
serverKeysRaw = await fetchEncrypted("user/key/get");
if (serverKeysRaw && serverKeysRaw.trim() !== "" && serverKeysRaw.trim().startsWith("{")) {
const serverKeys = JSON.parse(serverKeysRaw);
serverKeys = JSON.parse(serverKeysRaw);
const serverEncPriv = serverKeys.string1;
const serverPub = serverKeys.string2;
if (serverEncPriv && serverPub) {
@ -935,7 +943,9 @@ async function ensureUserKeys() {
}
}
} catch (e) {
//ignore, fallback to local
if (serverKeys?.string1) {
throw new Error("error:keys.server.decrypt.failed");
}
}
//fallback to local
@ -943,30 +953,45 @@ async function ensureUserKeys() {
const localPub = localStorage.getItem(lsPubKey);
if (localEnc && localPub) {
try {
const localPubObj = JSON.parse(localPub);
if (serverKeys?.string2) {
const serverPubObj = JSON.parse(serverKeys.string2);
if (userPublicKeysFingerprint(localPubObj) !== userPublicKeysFingerprint(serverPubObj)) {
throw new Error("error:keys.local.server.mismatch");
}
}
userKeysEncrypted = localEnc;
userKeysPublic = JSON.parse(localPub);
userKeysPublic = localPubObj;
userKeysPrivate = await decryptJsonWithPassword(userKeysEncrypted, password);
//push keys to server
try {
await fetchEncrypted(
//push keys to server only when server has none yet
if (!serverKeys?.string1) {
const updateRes = await fetchEncrypted(
"user/key/update",
JSON.stringify({
string1: userKeysEncrypted,
string2: JSON.stringify(userKeysPublic)
})
);
} catch (e) {
if (updateRes === "error:keys.public.mismatch") {
throw new Error("error:keys.local.server.mismatch");
}
}
publishUserKeysGlobals();
return "success:keys.local";
} catch (e) {
if (e.message && e.message.startsWith("error:keys.")) {
throw e;
}
}
}
if (serverKeys?.string1) {
throw new Error("error:keys.server.decrypt.failed");
}
//new keys, encrypt private with user's password
const bundle = await generateUserKeysBundle();
userKeysPublic = bundle.pub;
@ -1777,8 +1802,8 @@ async function openDm(dmId, username, targetId) {
currentDmId = dmId;
let pfp = await getAvatarUrl(targetId, username);
let iconHtml = `<img src="${pfp}" style="width: 1.8rem; height: 1.8rem; border-radius: 0.4rem; margin-right: 0.5rem; object-fit: cover; border: var(--border-width) solid rgba(255, 255, 255, 0.2);">`;
await switchRoomContent(username.split(':')[0], chatScreen, false, iconHtml);
let iconHtml = `<img src="${pfp}" style="width: 2.3rem; border-radius: 0.65rem; margin-right: 0.38rem; object-fit: cover; border: var(--border-width) solid rgba(255, 255, 255, 0.2);">`;
await switchRoomContent(username.split(':')[0], chatScreen, true, iconHtml);
let msgContainer = document.getElementById("chat-messages");
if (msgContainer) {
@ -1796,7 +1821,11 @@ async function openDm(dmId, username, targetId) {
} catch (e) {
clearAction("dmopen");
console.error(e);
showBlahNotification("error:dm.open.failed");
if (e.message === "error:keys.local.server.mismatch" || e.message === "error:keys.server.decrypt.failed") {
showBlahNotification(e.message);
} else {
showBlahNotification("error:dm.open.failed");
}
}
}

6
android/app/src/main/assets/public/screens.js
View file

@ -136,8 +136,10 @@ var chatScreen = `
</div>
<div style="padding: 1rem; border-top: var(--border-width) solid var(--light-border-color); display: flex; gap: 0.5rem;">
<input type="text" id="chat-input" class="forminput" style="flex-grow: 1; margin: 0;" placeholder="{blah(placeholder.message.input)}">
<button class="submit-button" onclick="sendMessage()" style="margin: 0; padding: 0 1.5rem;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 -960 960 960" fill="var(--main-bg-color)" width="1.5rem"><path d="M120-160v-240l320-80-320-80v-240l760 320-760 320Z"/></svg>
<button class="submit-button" onclick="sendMessage()" style="margin: 0; padding: 0; aspect-ratio: 1;">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="-0.9 -0.5 15.6 16" fill="none" width="1.5rem">
<path stroke="var(--main-bg-color)" stroke-linecap="round" stroke-linejoin="round" d="m3.75 7.5 -1.875 5.625 11.25 -5.625L1.875 1.875l1.875 5.625zm0 0h3.75" stroke-width="1.1"></path>
</svg>
</button>
</div>
</div>

4
android/app/src/main/assets/public/style.css
View file

@ -148,7 +148,7 @@ indicator.active {
width: calc(var(--icon-button-height) - (var(--border-width) * 2));
height: calc(var(--icon-button-height) - (var(--border-width) * 2));
pointer-events: none !important;
border-radius: 0.6rem;
border-radius: 0.65rem;
}
roomcontent {
@ -605,7 +605,7 @@ space{
.room-pfp {
width: 2.2rem;
height: 2.2rem;
border-radius: 0.6rem;
border-radius: 0.65rem;
border: var(--border-width) solid rgba(255, 255, 255, 0.2);
object-fit: cover;
pointer-events: none;

2
webroot/blah/en-cat.json
View file

@ -125,6 +125,8 @@
"desc.no.dms": "no direct meowchats :c",
"action.dm.opening": "opening meowchat...",
"dm.open.failed": "failed to open meowchat :c",
"keys.local.server.mismatch": "this device has different nametags than server :c use the device u first logged in on",
"keys.server.decrypt.failed": "wrong password for ur secret nametag bundle :c",
"dm.messages.fetch.failed": "failed to fetch meows :c",
"messages.decrypt.failed": "failed to decrypt meow :c"
}

2
webroot/blah/en-us.json
View file

@ -124,6 +124,8 @@
"desc.no.dms": "No direct messages",
"action.dm.opening": "Opening DM...",
"dm.open.failed": "Failed to open DM",
"keys.local.server.mismatch": "This device has different encryption keys than the server. Use the device where you first logged in, or restore server keys from backup.",
"keys.server.decrypt.failed": "Could not decrypt your account keys with this password.",
"dm.messages.fetch.failed": "Failed to fetch messages",
"messages.decrypt.failed": "Failed to decrypt message"
}

51
webroot/main.js
View file

@ -297,6 +297,11 @@ async function deriveHybridKeyFromSetup(otherPublicKeysObj, ciphertextMlKemBase6
return aesKeyBytes;
}
function userPublicKeysFingerprint(pub) {
if (!pub) return "";
return `${pub.pubX25519 || ""}|${pub.pubMlKem || ""}`;
}
async function fetchDmKey(dmId) {
return await fetchEncrypted("dm/key/get", dmId);
}
@ -331,6 +336,7 @@ async function ensureDmRoomKey(dmId) {
const roomKey = await decryptAesGcmFromBase64(setupPayload.enc, aesKeyBytes);
const selfWrapped = await wrapRoomKeyForSelf(roomKey);
await unwrapRoomKeyForSelf(selfWrapped);
await updateDmKey(dmId, selfWrapped);
return roomKey;
}
@ -918,10 +924,12 @@ async function ensureUserKeys() {
const lsEncKey = `userKeys.enc.v1:${id}`;
const lsPubKey = `userKeys.pub.v1:${id}`;
let serverKeys = null;
let serverKeysRaw = "";
try { //1. check server
const serverKeysRaw = await fetchEncrypted("user/key/get");
serverKeysRaw = await fetchEncrypted("user/key/get");
if (serverKeysRaw && serverKeysRaw.trim() !== "" && serverKeysRaw.trim().startsWith("{")) {
const serverKeys = JSON.parse(serverKeysRaw);
serverKeys = JSON.parse(serverKeysRaw);
const serverEncPriv = serverKeys.string1;
const serverPub = serverKeys.string2;
if (serverEncPriv && serverPub) {
@ -935,7 +943,9 @@ async function ensureUserKeys() {
}
}
} catch (e) {
//ignore, fallback to local
if (serverKeys?.string1) {
throw new Error("error:keys.server.decrypt.failed");
}
}
//fallback to local
@ -943,30 +953,45 @@ async function ensureUserKeys() {
const localPub = localStorage.getItem(lsPubKey);
if (localEnc && localPub) {
try {
const localPubObj = JSON.parse(localPub);
if (serverKeys?.string2) {
const serverPubObj = JSON.parse(serverKeys.string2);
if (userPublicKeysFingerprint(localPubObj) !== userPublicKeysFingerprint(serverPubObj)) {
throw new Error("error:keys.local.server.mismatch");
}
}
userKeysEncrypted = localEnc;
userKeysPublic = JSON.parse(localPub);
userKeysPublic = localPubObj;
userKeysPrivate = await decryptJsonWithPassword(userKeysEncrypted, password);
//push keys to server
try {
await fetchEncrypted(
//push keys to server only when server has none yet
if (!serverKeys?.string1) {
const updateRes = await fetchEncrypted(
"user/key/update",
JSON.stringify({
string1: userKeysEncrypted,
string2: JSON.stringify(userKeysPublic)
})
);
} catch (e) {
if (updateRes === "error:keys.public.mismatch") {
throw new Error("error:keys.local.server.mismatch");
}
}
publishUserKeysGlobals();
return "success:keys.local";
} catch (e) {
if (e.message && e.message.startsWith("error:keys.")) {
throw e;
}
}
}
if (serverKeys?.string1) {
throw new Error("error:keys.server.decrypt.failed");
}
//new keys, encrypt private with user's password
const bundle = await generateUserKeysBundle();
userKeysPublic = bundle.pub;
@ -1796,7 +1821,11 @@ async function openDm(dmId, username, targetId) {
} catch (e) {
clearAction("dmopen");
console.error(e);
showBlahNotification("error:dm.open.failed");
if (e.message === "error:keys.local.server.mismatch" || e.message === "error:keys.server.decrypt.failed") {
showBlahNotification(e.message);
} else {
showBlahNotification("error:dm.open.failed");
}
}
}