Add sdk integration

2026-02-10 05:30:01 +00:00 · 2025-03-11 16:41:11 +01:00
parent 240ec973ac
commit 09df264754
2 changed files with 51 additions and 5 deletions
--- a/libs/common/src/auth/opaque/default-opaque.service.ts
+++ b/libs/common/src/auth/opaque/default-opaque.service.ts
@@ -1,3 +1,11 @@
+import { firstValueFrom } from "rxjs";
+
+import { RotateableKeySet } from "@bitwarden/auth/common";
+import { SdkService } from "@bitwarden/common/platform/abstractions/sdk/sdk.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { Argon2Id, KeGroup, KeyExchange, OprfCS } from "@bitwarden/sdk-internal";
+
 import { KdfConfigService } from "../../../../key-management/src";
 import { UserKey } from "../../types/key";

@@ -11,20 +19,53 @@ export class DefaultOpaqueService implements OpaqueService {
  constructor(
    private opaqueApiService: OpaqueApiService,
    private kdfConfigService: KdfConfigService,
+    private sdkService: SdkService,
  ) {}

  async Register(masterPassword: string, userKey: UserKey) {
    const kdfConfig = await this.kdfConfigService.getKdfConfig(); // note: this doesn't take a UserId but probably should
+    const cryptoClient = (await firstValueFrom(this.sdkService.client$)).crypto();

-    const registrationStart = ""; // SDK call: kdfConfig => ClientRegistrationStartResult
+    const cipherConfiguration = {
+      oprf: "ristretto255" as OprfCS,
+      ke_group: "ristretto255" as KeGroup,
+      key_exchange: "triple-dh" as KeyExchange,
+      ksf: {
+        t_cost: 3,
+        m_cost: 64 * 1024,
+        p_cost: 4,
+      } as Argon2Id,
+    };
+
+    const registrationStart = cryptoClient.opaque_register_start(
+      Utils.fromUtf8ToArray(masterPassword),
+    );
    const registrationStartResponse = await this.opaqueApiService.RegistrationStart(
-      new RegistrationStartRequest(registrationStart, new CipherConfiguration(kdfConfig)),
+      new RegistrationStartRequest(
+        Utils.fromBufferToB64(new Uint8Array(registrationStart.registration_start_message)),
+        new CipherConfiguration(kdfConfig),
+      ),
+    );
+
+    const registrationFinish = cryptoClient.opaque_register_finish(
+      new Uint8Array(registrationStart.registration_start_state),
+      Utils.fromB64ToArray(registrationStartResponse.serverRegistrationStartResult),
+      Utils.fromUtf8ToArray(masterPassword),
+      cipherConfiguration,
+      userKey.key,
+    );
+    const keyset = new RotateableKeySet(
+      new EncString(registrationFinish.keyset.encapsulated_key),
+      new EncString(registrationFinish.keyset.public_key),
+      new EncString(registrationFinish.keyset.private_key),
    );

-    const registrationFinish = ""; // SDK call: (serverRegistrationStart.serverRegistrationStartResult, userKey) => ClientRegistrationFinishResult
    await this.opaqueApiService.RegistrationFinish(
      registrationStartResponse.credentialId,
-      new RegistrationFinishRequest(registrationFinish),
+      new RegistrationFinishRequest(
+        Utils.fromBufferToB64(new Uint8Array(registrationFinish.registration_finish_message)),
+        keyset,
+      ),
    );
  }

--- a/libs/common/src/auth/opaque/models/registration-finish.request.ts
+++ b/libs/common/src/auth/opaque/models/registration-finish.request.ts
@@ -1,3 +1,8 @@
+import { RotateableKeySet } from "@bitwarden/auth/common";
+
 export class RegistrationFinishRequest {
-  constructor(readonly clientRegistrationFinishResult: string) {}
+  constructor(
+    readonly clientRegistrationFinishResult: string,
+    readonly keySet: RotateableKeySet,
+  ) {}
 }