Added function to decrypt fido2 key value

2026-02-09 21:20:27 +00:00 · 2025-04-14 22:43:17 -04:00
parent 66aef73664
commit 0d21db1484
3 changed files with 23 additions and 3 deletions
--- a/libs/common/src/vault/models/view/fido2-credential.view.ts
+++ b/libs/common/src/vault/models/view/fido2-credential.view.ts
@@ -45,7 +45,6 @@ export class Fido2CredentialView extends ItemView {
    view.keyType = obj.keyType as "public-key";
    view.keyAlgorithm = obj.keyAlgorithm as "ECDSA";
    view.keyCurve = obj.keyCurve as "P-256";
-    view.keyValue = obj.keyValue;
    view.rpId = obj.rpId;
    view.userHandle = obj.userHandle;
    view.userName = obj.userName;
--- a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts
@@ -181,7 +181,7 @@ describe("DefaultCipherEncryptionService", () => {
        keyType: "keyType",
        keyAlgorithm: "keyAlgorithm",
        keyCurve: "keyCurve",
-        keyValue: "keyValue",
+        keyValue: "decrypted-key-value",
        rpId: "rpId",
        userHandle: "userHandle",
        userName: "userName",
@@ -194,6 +194,9 @@ describe("DefaultCipherEncryptionService", () => {

      mockSdkClient.vault().ciphers().decrypt.mockReturnValue(sdkCipherView);
      mockSdkClient.vault().ciphers().decrypt_fido2_credentials.mockReturnValue(fido2Credentials);
+      mockSdkClient.vault().ciphers().decrypt_key = jest
+        .fn()
+        .mockReturnValue("decrypted-key-value");

      jest.spyOn(CipherView, "fromSdkCipherView").mockReturnValue(expectedCipherView);
      jest
@@ -207,6 +210,10 @@ describe("DefaultCipherEncryptionService", () => {
      expect(mockSdkClient.vault().ciphers().decrypt_fido2_credentials).toHaveBeenCalledWith(
        sdkCipherView,
      );
+      expect(mockSdkClient.vault().ciphers().decrypt_key).toHaveBeenCalledWith(
+        sdkCipherView,
+        fido2CredentialView.keyValue,
+      );
      expect(Fido2CredentialView.fromSdkFido2CredentialView).toHaveBeenCalledTimes(1);
    });

--- a/libs/common/src/vault/services/default-cipher-encryption.service.ts
+++ b/libs/common/src/vault/services/default-cipher-encryption.service.ts
@@ -44,7 +44,21 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService {
              .decrypt_fido2_credentials(sdkCipherView);

            clientCipherView.login.fido2Credentials = fido2CredentialViews
-              .map((f) => Fido2CredentialView.fromSdkFido2CredentialView(f))
+              .map((f) => {
+                const view = Fido2CredentialView.fromSdkFido2CredentialView(f);
+
+                if (view) {
+                  // TEMPORARY: Manually decrypt the keyValue for Fido2 credentials since don't currently use
+                  // the SDK for Fido2 Authentication.
+                  const decryptedKeyValue = ref.value
+                    .vault()
+                    .ciphers()
+                    .decrypt_key(sdkCipherView, view.keyValue);
+                  view.keyValue = decryptedKeyValue;
+                }
+
+                return view;
+              })
              .filter((view): view is Fido2CredentialView => view !== undefined);
          }