Fix failing crypto tests (#5948)

* Change everything to Uint8Array related to https://github.com/jestjs/jest/issues/14379 * Work on failing type tests * Revert changes to custom matcher setup * Remove last BufferArrays from tests * Fix custom matcher type errors in vscode * Remove errant `.buffer` calls on Uint8Arrays * Encryption Pair should serialize Array Buffer and Uint8Array * Fix EncArrayBuffer encryption --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
2025-12-15 07:43:35 +00:00 · 2023-08-03 22:13:33 -04:00
parent efb26e3e27
commit 36b7d30804
62 changed files with 401 additions and 424 deletions
--- a/apps/browser/src/background/nativeMessaging.background.ts
+++ b/apps/browser/src/background/nativeMessaging.background.ts
@@ -59,8 +59,8 @@ export class NativeMessagingBackground {
  private port: browser.runtime.Port | chrome.runtime.Port;

  private resolver: any = null;
-  private privateKey: ArrayBuffer = null;
-  private publicKey: ArrayBuffer = null;
+  private privateKey: Uint8Array = null;
+  private publicKey: Uint8Array = null;
  private secureSetupResolve: any = null;
  private sharedSecret: SymmetricCryptoKey;
  private appId: string;
@@ -129,7 +129,7 @@ export class NativeMessagingBackground {

            const encrypted = Utils.fromB64ToArray(message.sharedSecret);
            const decrypted = await this.cryptoFunctionService.rsaDecrypt(
-              encrypted.buffer,
+              encrypted,
              this.privateKey,
              EncryptionAlgorithm
            );
@@ -321,7 +321,7 @@ export class NativeMessagingBackground {

        if (message.response === "unlocked") {
          await this.cryptoService.setKey(
-            new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64).buffer)
+            new SymmetricCryptoKey(Utils.fromB64ToArray(message.keyB64))
          );

          // Verify key is correct by attempting to decrypt a secret
--- a/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts
+++ b/apps/browser/src/platform/services/local-backed-session-storage.service.spec.ts
@@ -21,9 +21,7 @@ describe("Browser Session Storage Service", () => {
  let localStorage: BrowserLocalStorageService;
  let sessionStorage: BrowserMemoryStorageService;

-  const key = new SymmetricCryptoKey(
-    Utils.fromUtf8ToArray("00000000000000000000000000000000").buffer
-  );
+  const key = new SymmetricCryptoKey(Utils.fromUtf8ToArray("00000000000000000000000000000000"));
  let getSessionKeySpy: jest.SpyInstance;
  const mockEnc = (input: string) => Promise.resolve(new EncString("ENCRYPTED" + input));

--- a/apps/cli/src/admin-console/commands/confirm.command.ts
+++ b/apps/cli/src/admin-console/commands/confirm.command.ts
@@ -51,7 +51,7 @@ export class ConfirmCommand {
      }
      const publicKeyResponse = await this.apiService.getUserPublicKey(orgUser.userId);
      const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);
-      const key = await this.cryptoService.rsaEncrypt(orgKey.key, publicKey.buffer);
+      const key = await this.cryptoService.rsaEncrypt(orgKey.key, publicKey);
      const req = new OrganizationUserConfirmRequest();
      req.key = key.encryptedString;
      await this.organizationUserService.postOrganizationUserConfirm(
--- a/apps/cli/src/commands/get.command.ts
+++ b/apps/cli/src/commands/get.command.ts
@@ -513,7 +513,7 @@ export class GetCommand extends DownloadCommand {
      try {
        const response = await this.apiService.getUserPublicKey(id);
        const pubKey = Utils.fromB64ToArray(response.publicKey);
-        fingerprint = await this.cryptoService.getFingerprint(id, pubKey.buffer);
+        fingerprint = await this.cryptoService.getFingerprint(id, pubKey);
      } catch {
        // eslint-disable-next-line
      }
--- a/apps/cli/src/platform/services/node-env-secure-storage.service.ts
+++ b/apps/cli/src/platform/services/node-env-secure-storage.service.ts
@@ -47,7 +47,7 @@ export class NodeEnvSecureStorageService implements AbstractStorageService {
      throw new Error("No session key available.");
    }
    const encValue = await this.cryptoService().encryptToBytes(
-      Utils.fromB64ToArray(plainValue).buffer,
+      Utils.fromB64ToArray(plainValue),
      sessionKey
    );
    if (encValue == null) {
@@ -81,7 +81,7 @@ export class NodeEnvSecureStorageService implements AbstractStorageService {
  private getSessionKey() {
    try {
      if (process.env.BW_SESSION != null) {
-        const sessionBuffer = Utils.fromB64ToArray(process.env.BW_SESSION).buffer;
+        const sessionBuffer = Utils.fromB64ToArray(process.env.BW_SESSION);
        if (sessionBuffer != null) {
          const sessionKey = new SymmetricCryptoKey(sessionBuffer);
          if (sessionBuffer != null) {
--- a/apps/cli/src/tools/send/commands/receive.command.ts
+++ b/apps/cli/src/tools/send/commands/receive.command.ts
@@ -121,7 +121,7 @@ export class SendReceiveCommand extends DownloadCommand {
    }
  }

-  private async getUnlockedPassword(password: string, keyArray: ArrayBuffer) {
+  private async getUnlockedPassword(password: string, keyArray: Uint8Array) {
    const passwordHash = await this.cryptoFunctionService.pbkdf2(
      password,
      keyArray,
@@ -134,7 +134,7 @@ export class SendReceiveCommand extends DownloadCommand {
  private async sendRequest(
    url: string,
    id: string,
-    key: ArrayBuffer
+    key: Uint8Array
  ): Promise<Response | SendAccessView> {
    try {
      const sendResponse = await this.sendApiService.postSendAccess(
--- a/apps/desktop/native-messaging-test-runner/src/native-message.service.ts
+++ b/apps/desktop/native-messaging-test-runner/src/native-message.service.ts
@@ -225,8 +225,8 @@ export default class NativeMessageService {
  }

  private async getSharedKeyForKey(key: string): Promise<SymmetricCryptoKey> {
-    const dataBuffer = Utils.fromB64ToArray(key).buffer;
-    const privKey = Utils.fromB64ToArray(config.testRsaPrivateKey).buffer;
+    const dataBuffer = Utils.fromB64ToArray(key);
+    const privKey = Utils.fromB64ToArray(config.testRsaPrivateKey);

    return new SymmetricCryptoKey(
      await this.nodeCryptoFunctionService.rsaDecrypt(dataBuffer, privKey, "sha1")
--- a/apps/desktop/src/auth/login/login-approval.component.ts
+++ b/apps/desktop/src/auth/login/login-approval.component.ts
@@ -68,7 +68,7 @@ export class LoginApprovalComponent implements OnInit, OnDestroy {
      const publicKey = Utils.fromB64ToArray(this.authRequestResponse.publicKey);
      this.email = await this.stateService.getEmail();
      this.fingerprintPhrase = (
-        await this.cryptoService.getFingerprint(this.email, publicKey.buffer)
+        await this.cryptoService.getFingerprint(this.email, publicKey)
      ).join("-");
      this.updateTimeText();

--- a/apps/desktop/src/platform/services/electron-state.service.ts
+++ b/apps/desktop/src/platform/services/electron-state.service.ts
@@ -98,7 +98,7 @@ export class ElectronStateService
      options
    );

-    return new SymmetricCryptoKey(Utils.fromB64ToArray(b64DeviceKey).buffer) as DeviceKey;
+    return new SymmetricCryptoKey(Utils.fromB64ToArray(b64DeviceKey)) as DeviceKey;
  }

  override async setDeviceKey(value: DeviceKey, options?: StorageOptions): Promise<void> {
--- a/apps/desktop/src/services/native-message-handler.service.ts
+++ b/apps/desktop/src/services/native-message-handler.service.ts
@@ -70,7 +70,7 @@ export class NativeMessageHandlerService {
    }

    try {
-      const remotePublicKey = Utils.fromB64ToArray(publicKey).buffer;
+      const remotePublicKey = Utils.fromB64ToArray(publicKey);
      const ddgEnabled = await this.stateService.getEnableDuckDuckGoBrowserIntegration();

      if (!ddgEnabled) {
--- a/apps/desktop/src/services/native-messaging.service.ts
+++ b/apps/desktop/src/services/native-messaging.service.ts
@@ -56,7 +56,7 @@ export class NativeMessagingService {

    // Request to setup secure encryption
    if ("command" in rawMessage && rawMessage.command === "setupEncryption") {
-      const remotePublicKey = Utils.fromB64ToArray(rawMessage.publicKey).buffer;
+      const remotePublicKey = Utils.fromB64ToArray(rawMessage.publicKey);

      // Validate the UserId to ensure we are logged into the same account.
      const accounts = await firstValueFrom(this.stateService.accounts$);
@@ -169,7 +169,7 @@ export class NativeMessagingService {
    ipcRenderer.send("nativeMessagingReply", { appId: appId, message: encrypted });
  }

-  private async secureCommunication(remotePublicKey: ArrayBuffer, appId: string) {
+  private async secureCommunication(remotePublicKey: Uint8Array, appId: string) {
    const secret = await this.cryptoFunctionService.randomBytes(64);
    this.sharedSecrets.set(appId, new SymmetricCryptoKey(secret));

--- a/apps/web/src/app/admin-console/organizations/manage/user-confirm.component.ts
+++ b/apps/web/src/app/admin-console/organizations/manage/user-confirm.component.ts
@@ -28,10 +28,7 @@ export class UserConfirmComponent implements OnInit {
  async ngOnInit() {
    try {
      if (this.publicKey != null) {
-        const fingerprint = await this.cryptoService.getFingerprint(
-          this.userId,
-          this.publicKey.buffer
-        );
+        const fingerprint = await this.cryptoService.getFingerprint(this.userId, this.publicKey);
        if (fingerprint != null) {
          this.fingerprint = fingerprint.join("-");
        }
--- a/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/components/bulk/bulk-confirm.component.ts
@@ -47,7 +47,7 @@ export class BulkConfirmComponent implements OnInit {

    for (const entry of response.data) {
      const publicKey = Utils.fromB64ToArray(entry.key);
-      const fingerprint = await this.cryptoService.getFingerprint(entry.userId, publicKey.buffer);
+      const fingerprint = await this.cryptoService.getFingerprint(entry.userId, publicKey);
      if (fingerprint != null) {
        this.publicKeys.set(entry.id, publicKey);
        this.fingerprints.set(entry.id, fingerprint.join("-"));
@@ -67,7 +67,7 @@ export class BulkConfirmComponent implements OnInit {
        if (publicKey == null) {
          continue;
        }
-        const encryptedKey = await this.cryptoService.rsaEncrypt(key.key, publicKey.buffer);
+        const encryptedKey = await this.cryptoService.rsaEncrypt(key.key, publicKey);
        userIdsWithKeys.push({
          id: user.id,
          key: encryptedKey.encryptedString,
--- a/apps/web/src/app/admin-console/organizations/members/people.component.ts
+++ b/apps/web/src/app/admin-console/organizations/members/people.component.ts
@@ -302,7 +302,7 @@ export class PeopleComponent

  async confirmUser(user: OrganizationUserView, publicKey: Uint8Array): Promise<void> {
    const orgKey = await this.cryptoService.getOrgKey(this.organization.id);
-    const key = await this.cryptoService.rsaEncrypt(orgKey.key, publicKey.buffer);
+    const key = await this.cryptoService.rsaEncrypt(orgKey.key, publicKey);
    const request = new OrganizationUserConfirmRequest();
    request.key = key.encryptedString;
    await this.organizationUserService.postOrganizationUserConfirm(
--- a/apps/web/src/app/admin-console/organizations/settings/account.component.ts
+++ b/apps/web/src/app/admin-console/organizations/settings/account.component.ts
@@ -61,7 +61,7 @@ export class AccountComponent {
  });

  protected organizationId: string;
-  protected publicKeyBuffer: ArrayBuffer;
+  protected publicKeyBuffer: Uint8Array;

  private destroy$ = new Subject<void>();

@@ -106,7 +106,7 @@ export class AccountComponent {
        this.org = orgResponse;

        // Public Key Buffer for Org Fingerprint Generation
-        this.publicKeyBuffer = Utils.fromB64ToArray(orgKeys?.publicKey)?.buffer;
+        this.publicKeyBuffer = Utils.fromB64ToArray(orgKeys?.publicKey);

        // Patch existing values
        this.formGroup.patchValue({
--- a/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
+++ b/apps/web/src/app/admin-console/organizations/users/enroll-master-password-reset.component.ts
@@ -59,7 +59,7 @@ export class EnrollMasterPasswordReset {

        // RSA Encrypt user's encKey.key with organization public key
        const encKey = await this.cryptoService.getEncKey();
-        const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+        const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
        keyString = encryptedKey.encryptedString;
        toastStringRef = "enrollPasswordResetSuccess";

--- a/apps/web/src/app/auth/accept-organization.component.ts
+++ b/apps/web/src/app/auth/accept-organization.component.ts
@@ -142,7 +142,7 @@ export class AcceptOrganizationComponent extends BaseAcceptComponent {

      // RSA Encrypt user's encKey.key with organization public key
      const encKey = await this.cryptoService.getEncKey();
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);

      // Add reset password key to accept request
      request.resetPasswordKey = encryptedKey.encryptedString;
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access-confirm.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access-confirm.component.ts
@@ -33,7 +33,7 @@ export class EmergencyAccessConfirmComponent implements OnInit {
      const publicKeyResponse = await this.apiService.getUserPublicKey(this.userId);
      if (publicKeyResponse != null) {
        const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);
-        const fingerprint = await this.cryptoService.getFingerprint(this.userId, publicKey.buffer);
+        const fingerprint = await this.cryptoService.getFingerprint(this.userId, publicKey);
        if (fingerprint != null) {
          this.fingerprint = fingerprint.join("-");
        }
--- a/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts
+++ b/apps/web/src/app/auth/settings/emergency-access/emergency-access.component.ts
@@ -309,13 +309,13 @@ export class EmergencyAccessComponent implements OnInit {
    try {
      this.logService.debug(
        "User's fingerprint: " +
-          (await this.cryptoService.getFingerprint(details.granteeId, publicKey.buffer)).join("-")
+          (await this.cryptoService.getFingerprint(details.granteeId, publicKey)).join("-")
      );
    } catch {
      // Ignore errors since it's just a debug message
    }

-    const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+    const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);
    const request = new EmergencyAccessConfirmRequest();
    request.key = encryptedKey.encryptedString;
    await this.apiService.postEmergencyAccessConfirm(details.id, request);
--- a/apps/web/src/app/common/base.people.component.ts
+++ b/apps/web/src/app/common/base.people.component.ts
@@ -374,7 +374,7 @@ export abstract class BasePeopleComponent<
      }

      try {
-        const fingerprint = await this.cryptoService.getFingerprint(user.userId, publicKey.buffer);
+        const fingerprint = await this.cryptoService.getFingerprint(user.userId, publicKey);
        this.logService.info(`User's fingerprint: ${fingerprint.join("-")}`);
      } catch (e) {
        this.logService.error(e);
--- a/apps/web/src/app/settings/change-password.component.ts
+++ b/apps/web/src/app/settings/change-password.component.ts
@@ -274,7 +274,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
      const publicKeyResponse = await this.apiService.getUserPublicKey(details.granteeId);
      const publicKey = Utils.fromB64ToArray(publicKeyResponse.publicKey);

-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);

      const updateRequest = new EmergencyAccessUpdateRequest();
      updateRequest.type = details.type;
@@ -299,7 +299,7 @@ export class ChangePasswordComponent extends BaseChangePasswordComponent {
      const publicKey = Utils.fromB64ToArray(response?.publicKey);

      // Re-enroll - encrypt user's encKey.key with organization public key
-      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey.buffer);
+      const encryptedKey = await this.cryptoService.rsaEncrypt(encKey.key, publicKey);

      // Create/Execute request
      const request = new OrganizationUserResetPasswordEnrollmentRequest();
--- a/apps/web/src/app/shared/components/account-fingerprint/account-fingerprint.component.ts
+++ b/apps/web/src/app/shared/components/account-fingerprint/account-fingerprint.component.ts
@@ -12,7 +12,7 @@ import { SharedModule } from "../../shared.module";
 })
 export class AccountFingerprintComponent implements OnInit {
  @Input() fingerprintMaterial: string;
-  @Input() publicKeyBuffer: ArrayBuffer;
+  @Input() publicKeyBuffer: Uint8Array;
  @Input() fingerprintLabel: string;

  protected fingerprint: string;
--- a/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
+++ b/apps/web/src/app/vault/components/vault-items/vault-items.stories.ts
@@ -277,7 +277,7 @@ function createCipherView(i: number, deleted = false): CipherView {
    view.attachments = [attachment];
  } else if (i % 5 === 0) {
    const attachment = new AttachmentView();
-    attachment.key = new SymmetricCryptoKey(new ArrayBuffer(32));
+    attachment.key = new SymmetricCryptoKey(new Uint8Array(32));
    view.attachments = [attachment];
  }