Fix separate key storage for non desktop (#409)

* Handle non-desktop, non-split key storage * Reset vaultTimeoutService on clear. Fixes issues where unlock was required after login * Specify electron as desktop client * Use ElelectronCryptoService to handle desktop-specific tasks * Linter fixes
2025-12-12 06:13:38 +00:00 · 2021-06-15 09:55:57 -05:00
parent d63ee1858d
commit 1f83c3c1ba
3 changed files with 86 additions and 50 deletions
--- a/electron/src/services/electronCrypto.service.ts
+++ b/electron/src/services/electronCrypto.service.ts
@@ -0,0 +1,66 @@
+import { CryptoFunctionService } from 'jslib-common/abstractions/cryptoFunction.service';
+import { LogService } from 'jslib-common/abstractions/log.service';
+import { PlatformUtilsService } from 'jslib-common/abstractions/platformUtils.service';
+import { KeySuffixOptions, StorageService } from 'jslib-common/abstractions/storage.service';
+import { SymmetricCryptoKey } from 'jslib-common/models/domain/symmetricCryptoKey';
+import { CryptoService, Keys } from 'jslib-common/services/crypto.service';
+
+export class ElectronCryptoService extends CryptoService {
+
+    constructor(storageService: StorageService, secureStorageService: StorageService,
+        cryptoFunctionService: CryptoFunctionService, platformUtilService: PlatformUtilsService,
+        logService: LogService) {
+        super(storageService, secureStorageService, cryptoFunctionService, platformUtilService, logService);
+    }
+
+    async hasKeyStored(keySuffix: KeySuffixOptions): Promise<boolean> {
+        await this.upgradeSecurelyStoredKey();
+        return super.hasKeyStored(keySuffix);
+    }
+
+    protected async storeKey(key: SymmetricCryptoKey) {
+        if (await this.shouldStoreKey('auto')) {
+            await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'auto' });
+        } else {
+            this.clearStoredKey('auto');
+        }
+
+        if (await this.shouldStoreKey('biometric')) {
+            await this.secureStorageService.save(Keys.key, key.keyB64, { keySuffix: 'biometric' });
+        } else {
+            this.clearStoredKey('biometric');
+        }
+    }
+
+    protected async retrieveKeyFromStorage(keySuffix: KeySuffixOptions) {
+        await this.upgradeSecurelyStoredKey();
+        return super.retrieveKeyFromStorage(keySuffix);
+    }
+
+    /**
+     * @deprecated 4 Jun 2021 This is temporary upgrade method to move from a single shared stored key to
+     * multiple, unique stored keys for each use, e.g. never logout vs. biometric authentication.
+     */
+    private async upgradeSecurelyStoredKey() {
+        // attempt key upgrade, but if we fail just delete it. Keys will be stored property upon unlock anyway.
+        const key = await this.secureStorageService.get<string>(Keys.key);
+
+        if (key == null) {
+            return;
+        }
+
+        try {
+            if (await this.shouldStoreKey('auto')) {
+                await this.secureStorageService.save(Keys.key, key, { keySuffix: 'auto' });
+            }
+            if (await this.shouldStoreKey('biometric')) {
+                await this.secureStorageService.save(Keys.key, key, { keySuffix: 'biometric' });
+            }
+        } catch (e) {
+            this.logService.error(`Encountered error while upgrading obsolete Bitwarden secure storage item:`);
+            this.logService.error(e);
+        }
+
+        await this.secureStorageService.remove(Keys.key);
+    }
+}