From 0d21db1484a32a7e90663f2f89c9b43ad646bd83 Mon Sep 17 00:00:00 2001 From: gbubemismith Date: Mon, 14 Apr 2025 22:43:17 -0400 Subject: [PATCH] Added function to decrypt fido2 key value --- .../vault/models/view/fido2-credential.view.ts | 1 - .../default-cipher-encryption.service.spec.ts | 9 ++++++++- .../default-cipher-encryption.service.ts | 16 +++++++++++++++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/libs/common/src/vault/models/view/fido2-credential.view.ts b/libs/common/src/vault/models/view/fido2-credential.view.ts index fcdffb1cd51..bf1d324d22d 100644 --- a/libs/common/src/vault/models/view/fido2-credential.view.ts +++ b/libs/common/src/vault/models/view/fido2-credential.view.ts @@ -45,7 +45,6 @@ export class Fido2CredentialView extends ItemView { view.keyType = obj.keyType as "public-key"; view.keyAlgorithm = obj.keyAlgorithm as "ECDSA"; view.keyCurve = obj.keyCurve as "P-256"; - view.keyValue = obj.keyValue; view.rpId = obj.rpId; view.userHandle = obj.userHandle; view.userName = obj.userName; diff --git a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts index 513984a463b..bd1be096feb 100644 --- a/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts +++ b/libs/common/src/vault/services/default-cipher-encryption.service.spec.ts @@ -181,7 +181,7 @@ describe("DefaultCipherEncryptionService", () => { keyType: "keyType", keyAlgorithm: "keyAlgorithm", keyCurve: "keyCurve", - keyValue: "keyValue", + keyValue: "decrypted-key-value", rpId: "rpId", userHandle: "userHandle", userName: "userName", @@ -194,6 +194,9 @@ describe("DefaultCipherEncryptionService", () => { mockSdkClient.vault().ciphers().decrypt.mockReturnValue(sdkCipherView); mockSdkClient.vault().ciphers().decrypt_fido2_credentials.mockReturnValue(fido2Credentials); + mockSdkClient.vault().ciphers().decrypt_key = jest + .fn() + .mockReturnValue("decrypted-key-value"); jest.spyOn(CipherView, "fromSdkCipherView").mockReturnValue(expectedCipherView); jest @@ -207,6 +210,10 @@ describe("DefaultCipherEncryptionService", () => { expect(mockSdkClient.vault().ciphers().decrypt_fido2_credentials).toHaveBeenCalledWith( sdkCipherView, ); + expect(mockSdkClient.vault().ciphers().decrypt_key).toHaveBeenCalledWith( + sdkCipherView, + fido2CredentialView.keyValue, + ); expect(Fido2CredentialView.fromSdkFido2CredentialView).toHaveBeenCalledTimes(1); }); diff --git a/libs/common/src/vault/services/default-cipher-encryption.service.ts b/libs/common/src/vault/services/default-cipher-encryption.service.ts index a08f17459ab..ae1b274c618 100644 --- a/libs/common/src/vault/services/default-cipher-encryption.service.ts +++ b/libs/common/src/vault/services/default-cipher-encryption.service.ts @@ -44,7 +44,21 @@ export class DefaultCipherEncryptionService implements CipherEncryptionService { .decrypt_fido2_credentials(sdkCipherView); clientCipherView.login.fido2Credentials = fido2CredentialViews - .map((f) => Fido2CredentialView.fromSdkFido2CredentialView(f)) + .map((f) => { + const view = Fido2CredentialView.fromSdkFido2CredentialView(f); + + if (view) { + // TEMPORARY: Manually decrypt the keyValue for Fido2 credentials since don't currently use + // the SDK for Fido2 Authentication. + const decryptedKeyValue = ref.value + .vault() + .ciphers() + .decrypt_key(sdkCipherView, view.keyValue); + view.keyValue = decryptedKeyValue; + } + + return view; + }) .filter((view): view is Fido2CredentialView => view !== undefined); }