[PM-3732] Use subtle to make aes keys (#6162)

* Provide `aesGenerateKey` to make aes keys * Use aesGenerateKey when generating a key data * Fix device test
2025-12-22 19:23:52 +00:00 · 2023-09-07 11:42:35 -04:00
parent 615248e04f
commit 0448910806
11 changed files with 67 additions and 17 deletions
--- a/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
+++ b/libs/common/src/auth/services/device-trust-crypto.service.spec.ts
@@ -168,16 +168,16 @@ describe("deviceTrustCryptoService", () => {
      it("creates a new non-null 64 byte device key, securely stores it, and returns it", async () => {
        const mockRandomBytes = new Uint8Array(deviceKeyBytesLength) as CsprngArray;

-        const cryptoFuncSvcRandomBytesSpy = jest
-          .spyOn(cryptoFunctionService, "randomBytes")
+        const cryptoFuncSvcGenerateKeySpy = jest
+          .spyOn(cryptoFunctionService, "aesGenerateKey")
          .mockResolvedValue(mockRandomBytes);

        // TypeScript will allow calling private methods if the object is of type 'any'
        // This is a hacky workaround, but it allows for cleaner tests
        const deviceKey = await (deviceTrustCryptoService as any).makeDeviceKey();

-        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledTimes(1);
-        expect(cryptoFuncSvcRandomBytesSpy).toHaveBeenCalledWith(deviceKeyBytesLength);
+        expect(cryptoFuncSvcGenerateKeySpy).toHaveBeenCalledTimes(1);
+        expect(cryptoFuncSvcGenerateKeySpy).toHaveBeenCalledWith(deviceKeyBytesLength * 8);

        expect(deviceKey).not.toBeNull();
        expect(deviceKey).toBeInstanceOf(SymmetricCryptoKey);