mirror of
https://github.com/bitwarden/browser
synced 2026-02-17 18:09:17 +00:00
Fix failing crypto tests (#5948)
* Change everything to Uint8Array related to https://github.com/jestjs/jest/issues/14379 * Work on failing type tests * Revert changes to custom matcher setup * Remove last BufferArrays from tests * Fix custom matcher type errors in vscode * Remove errant `.buffer` calls on Uint8Arrays * Encryption Pair should serialize Array Buffer and Uint8Array * Fix EncArrayBuffer encryption --------- Co-authored-by: Thomas Rittson <trittson@bitwarden.com>
This commit is contained in:
Matt Gibson
GitHub
@@ -11,34 +11,34 @@ import { CsprngArray } from "@bitwarden/common/types/csprng";
|
||||
|
||||
export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
pbkdf2(
|
||||
password: string | ArrayBuffer,
|
||||
salt: string | ArrayBuffer,
|
||||
password: string | Uint8Array,
|
||||
salt: string | Uint8Array,
|
||||
algorithm: "sha256" | "sha512",
|
||||
iterations: number
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
const len = algorithm === "sha256" ? 32 : 64;
|
||||
const nodePassword = this.toNodeValue(password);
|
||||
const nodeSalt = this.toNodeValue(salt);
|
||||
return new Promise<ArrayBuffer>((resolve, reject) => {
|
||||
return new Promise<Uint8Array>((resolve, reject) => {
|
||||
crypto.pbkdf2(nodePassword, nodeSalt, iterations, len, algorithm, (error, key) => {
|
||||
if (error != null) {
|
||||
reject(error);
|
||||
} else {
|
||||
resolve(this.toArrayBuffer(key));
|
||||
resolve(this.toUint8Buffer(key));
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
async argon2(
|
||||
password: string | ArrayBuffer,
|
||||
salt: string | ArrayBuffer,
|
||||
password: string | Uint8Array,
|
||||
salt: string | Uint8Array,
|
||||
iterations: number,
|
||||
memory: number,
|
||||
parallelism: number
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
const nodePassword = this.toNodeValue(password);
|
||||
const nodeSalt = this.toNodeBuffer(this.toArrayBuffer(salt));
|
||||
const nodeSalt = this.toNodeBuffer(this.toUint8Buffer(salt));
|
||||
|
||||
const hash = await argon2.hash(nodePassword, {
|
||||
salt: nodeSalt,
|
||||
@@ -49,29 +49,29 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
parallelism: parallelism,
|
||||
type: argon2.argon2id,
|
||||
});
|
||||
return this.toArrayBuffer(hash);
|
||||
return this.toUint8Buffer(hash);
|
||||
}
|
||||
|
||||
// ref: https://tools.ietf.org/html/rfc5869
|
||||
async hkdf(
|
||||
ikm: ArrayBuffer,
|
||||
salt: string | ArrayBuffer,
|
||||
info: string | ArrayBuffer,
|
||||
ikm: Uint8Array,
|
||||
salt: string | Uint8Array,
|
||||
info: string | Uint8Array,
|
||||
outputByteSize: number,
|
||||
algorithm: "sha256" | "sha512"
|
||||
): Promise<ArrayBuffer> {
|
||||
const saltBuf = this.toArrayBuffer(salt);
|
||||
): Promise<Uint8Array> {
|
||||
const saltBuf = this.toUint8Buffer(salt);
|
||||
const prk = await this.hmac(ikm, saltBuf, algorithm);
|
||||
return this.hkdfExpand(prk, info, outputByteSize, algorithm);
|
||||
}
|
||||
|
||||
// ref: https://tools.ietf.org/html/rfc5869
|
||||
async hkdfExpand(
|
||||
prk: ArrayBuffer,
|
||||
info: string | ArrayBuffer,
|
||||
prk: Uint8Array,
|
||||
info: string | Uint8Array,
|
||||
outputByteSize: number,
|
||||
algorithm: "sha256" | "sha512"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
const hashLen = algorithm === "sha256" ? 32 : 64;
|
||||
if (outputByteSize > 255 * hashLen) {
|
||||
throw new Error("outputByteSize is too large.");
|
||||
@@ -80,7 +80,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
if (prkArr.length < hashLen) {
|
||||
throw new Error("prk is too small.");
|
||||
}
|
||||
const infoBuf = this.toArrayBuffer(info);
|
||||
const infoBuf = this.toUint8Buffer(info);
|
||||
const infoArr = new Uint8Array(infoBuf);
|
||||
let runningOkmLength = 0;
|
||||
let previousT = new Uint8Array(0);
|
||||
@@ -91,39 +91,39 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
t.set(previousT);
|
||||
t.set(infoArr, previousT.length);
|
||||
t.set([i + 1], t.length - 1);
|
||||
previousT = new Uint8Array(await this.hmac(t.buffer, prk, algorithm));
|
||||
previousT = await this.hmac(t, prk, algorithm);
|
||||
okm.set(previousT, runningOkmLength);
|
||||
runningOkmLength += previousT.length;
|
||||
if (runningOkmLength >= outputByteSize) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
return okm.slice(0, outputByteSize).buffer;
|
||||
return okm.slice(0, outputByteSize);
|
||||
}
|
||||
|
||||
hash(
|
||||
value: string | ArrayBuffer,
|
||||
value: string | Uint8Array,
|
||||
algorithm: "sha1" | "sha256" | "sha512" | "md5"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
const nodeValue = this.toNodeValue(value);
|
||||
const hash = crypto.createHash(algorithm);
|
||||
hash.update(nodeValue);
|
||||
return Promise.resolve(this.toArrayBuffer(hash.digest()));
|
||||
return Promise.resolve(this.toUint8Buffer(hash.digest()));
|
||||
}
|
||||
|
||||
hmac(
|
||||
value: ArrayBuffer,
|
||||
key: ArrayBuffer,
|
||||
value: Uint8Array,
|
||||
key: Uint8Array,
|
||||
algorithm: "sha1" | "sha256" | "sha512"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
const nodeValue = this.toNodeBuffer(value);
|
||||
const nodeKey = this.toNodeBuffer(key);
|
||||
const hmac = crypto.createHmac(algorithm, nodeKey);
|
||||
hmac.update(nodeValue);
|
||||
return Promise.resolve(this.toArrayBuffer(hmac.digest()));
|
||||
return Promise.resolve(this.toUint8Buffer(hmac.digest()));
|
||||
}
|
||||
|
||||
async compare(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
|
||||
async compare(a: Uint8Array, b: Uint8Array): Promise<boolean> {
|
||||
const key = await this.randomBytes(32);
|
||||
const mac1 = await this.hmac(a, key, "sha256");
|
||||
const mac2 = await this.hmac(b, key, "sha256");
|
||||
@@ -143,24 +143,24 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
}
|
||||
|
||||
hmacFast(
|
||||
value: ArrayBuffer,
|
||||
key: ArrayBuffer,
|
||||
value: Uint8Array,
|
||||
key: Uint8Array,
|
||||
algorithm: "sha1" | "sha256" | "sha512"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
return this.hmac(value, key, algorithm);
|
||||
}
|
||||
|
||||
compareFast(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
|
||||
compareFast(a: Uint8Array, b: Uint8Array): Promise<boolean> {
|
||||
return this.compare(a, b);
|
||||
}
|
||||
|
||||
aesEncrypt(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
|
||||
aesEncrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
|
||||
const nodeData = this.toNodeBuffer(data);
|
||||
const nodeIv = this.toNodeBuffer(iv);
|
||||
const nodeKey = this.toNodeBuffer(key);
|
||||
const cipher = crypto.createCipheriv("aes-256-cbc", nodeKey, nodeIv);
|
||||
const encBuf = Buffer.concat([cipher.update(nodeData), cipher.final()]);
|
||||
return Promise.resolve(this.toArrayBuffer(encBuf));
|
||||
return Promise.resolve(this.toUint8Buffer(encBuf));
|
||||
}
|
||||
|
||||
aesDecryptFastParameters(
|
||||
@@ -168,70 +168,70 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
iv: string,
|
||||
mac: string,
|
||||
key: SymmetricCryptoKey
|
||||
): DecryptParameters<ArrayBuffer> {
|
||||
const p = new DecryptParameters<ArrayBuffer>();
|
||||
): DecryptParameters<Uint8Array> {
|
||||
const p = new DecryptParameters<Uint8Array>();
|
||||
p.encKey = key.encKey;
|
||||
p.data = Utils.fromB64ToArray(data).buffer;
|
||||
p.iv = Utils.fromB64ToArray(iv).buffer;
|
||||
p.data = Utils.fromB64ToArray(data);
|
||||
p.iv = Utils.fromB64ToArray(iv);
|
||||
|
||||
const macData = new Uint8Array(p.iv.byteLength + p.data.byteLength);
|
||||
macData.set(new Uint8Array(p.iv), 0);
|
||||
macData.set(new Uint8Array(p.data), p.iv.byteLength);
|
||||
p.macData = macData.buffer;
|
||||
p.macData = macData;
|
||||
|
||||
if (key.macKey != null) {
|
||||
p.macKey = key.macKey;
|
||||
}
|
||||
if (mac != null) {
|
||||
p.mac = Utils.fromB64ToArray(mac).buffer;
|
||||
p.mac = Utils.fromB64ToArray(mac);
|
||||
}
|
||||
|
||||
return p;
|
||||
}
|
||||
|
||||
async aesDecryptFast(parameters: DecryptParameters<ArrayBuffer>): Promise<string> {
|
||||
async aesDecryptFast(parameters: DecryptParameters<Uint8Array>): Promise<string> {
|
||||
const decBuf = await this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey);
|
||||
return Utils.fromBufferToUtf8(decBuf);
|
||||
}
|
||||
|
||||
aesDecrypt(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
|
||||
aesDecrypt(data: Uint8Array, iv: Uint8Array, key: Uint8Array): Promise<Uint8Array> {
|
||||
const nodeData = this.toNodeBuffer(data);
|
||||
const nodeIv = this.toNodeBuffer(iv);
|
||||
const nodeKey = this.toNodeBuffer(key);
|
||||
const decipher = crypto.createDecipheriv("aes-256-cbc", nodeKey, nodeIv);
|
||||
const decBuf = Buffer.concat([decipher.update(nodeData), decipher.final()]);
|
||||
return Promise.resolve(this.toArrayBuffer(decBuf));
|
||||
return Promise.resolve(this.toUint8Buffer(decBuf));
|
||||
}
|
||||
|
||||
rsaEncrypt(
|
||||
data: ArrayBuffer,
|
||||
publicKey: ArrayBuffer,
|
||||
data: Uint8Array,
|
||||
publicKey: Uint8Array,
|
||||
algorithm: "sha1" | "sha256"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
if (algorithm === "sha256") {
|
||||
throw new Error("Node crypto does not support RSA-OAEP SHA-256");
|
||||
}
|
||||
|
||||
const pem = this.toPemPublicKey(publicKey);
|
||||
const decipher = crypto.publicEncrypt(pem, this.toNodeBuffer(data));
|
||||
return Promise.resolve(this.toArrayBuffer(decipher));
|
||||
return Promise.resolve(this.toUint8Buffer(decipher));
|
||||
}
|
||||
|
||||
rsaDecrypt(
|
||||
data: ArrayBuffer,
|
||||
privateKey: ArrayBuffer,
|
||||
data: Uint8Array,
|
||||
privateKey: Uint8Array,
|
||||
algorithm: "sha1" | "sha256"
|
||||
): Promise<ArrayBuffer> {
|
||||
): Promise<Uint8Array> {
|
||||
if (algorithm === "sha256") {
|
||||
throw new Error("Node crypto does not support RSA-OAEP SHA-256");
|
||||
}
|
||||
|
||||
const pem = this.toPemPrivateKey(privateKey);
|
||||
const decipher = crypto.privateDecrypt(pem, this.toNodeBuffer(data));
|
||||
return Promise.resolve(this.toArrayBuffer(decipher));
|
||||
return Promise.resolve(this.toUint8Buffer(decipher));
|
||||
}
|
||||
|
||||
rsaExtractPublicKey(privateKey: ArrayBuffer): Promise<ArrayBuffer> {
|
||||
rsaExtractPublicKey(privateKey: Uint8Array): Promise<Uint8Array> {
|
||||
const privateKeyByteString = Utils.fromBufferToByteString(privateKey);
|
||||
const privateKeyAsn1 = forge.asn1.fromDer(privateKeyByteString);
|
||||
const forgePrivateKey: any = forge.pki.privateKeyFromAsn1(privateKeyAsn1);
|
||||
@@ -239,11 +239,11 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
const publicKeyAsn1 = forge.pki.publicKeyToAsn1(forgePublicKey);
|
||||
const publicKeyByteString = forge.asn1.toDer(publicKeyAsn1).data;
|
||||
const publicKeyArray = Utils.fromByteStringToArray(publicKeyByteString);
|
||||
return Promise.resolve(publicKeyArray.buffer);
|
||||
return Promise.resolve(publicKeyArray);
|
||||
}
|
||||
|
||||
async rsaGenerateKeyPair(length: 1024 | 2048 | 4096): Promise<[ArrayBuffer, ArrayBuffer]> {
|
||||
return new Promise<[ArrayBuffer, ArrayBuffer]>((resolve, reject) => {
|
||||
async rsaGenerateKeyPair(length: 1024 | 2048 | 4096): Promise<[Uint8Array, Uint8Array]> {
|
||||
return new Promise<[Uint8Array, Uint8Array]>((resolve, reject) => {
|
||||
forge.pki.rsa.generateKeyPair(
|
||||
{
|
||||
bits: length,
|
||||
@@ -265,7 +265,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
const privateKeyByteString = forge.asn1.toDer(privateKeyPkcs8).getBytes();
|
||||
const privateKey = Utils.fromByteStringToArray(privateKeyByteString);
|
||||
|
||||
resolve([publicKey.buffer, privateKey.buffer]);
|
||||
resolve([publicKey, privateKey]);
|
||||
}
|
||||
);
|
||||
});
|
||||
@@ -277,13 +277,13 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
if (error != null) {
|
||||
reject(error);
|
||||
} else {
|
||||
resolve(this.toArrayBuffer(bytes) as CsprngArray);
|
||||
resolve(this.toUint8Buffer(bytes) as CsprngArray);
|
||||
}
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
private toNodeValue(value: string | ArrayBuffer): string | Buffer {
|
||||
private toNodeValue(value: string | Uint8Array): string | Buffer {
|
||||
let nodeValue: string | Buffer;
|
||||
if (typeof value === "string") {
|
||||
nodeValue = value;
|
||||
@@ -293,21 +293,21 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
return nodeValue;
|
||||
}
|
||||
|
||||
private toNodeBuffer(value: ArrayBuffer): Buffer {
|
||||
return Buffer.from(new Uint8Array(value) as any);
|
||||
private toNodeBuffer(value: Uint8Array): Buffer {
|
||||
return Buffer.from(value);
|
||||
}
|
||||
|
||||
private toArrayBuffer(value: Buffer | string | ArrayBuffer): ArrayBuffer {
|
||||
let buf: ArrayBuffer;
|
||||
private toUint8Buffer(value: Buffer | string | Uint8Array): Uint8Array {
|
||||
let buf: Uint8Array;
|
||||
if (typeof value === "string") {
|
||||
buf = Utils.fromUtf8ToArray(value).buffer;
|
||||
buf = Utils.fromUtf8ToArray(value);
|
||||
} else {
|
||||
buf = new Uint8Array(value).buffer;
|
||||
buf = value;
|
||||
}
|
||||
return buf;
|
||||
}
|
||||
|
||||
private toPemPrivateKey(key: ArrayBuffer): string {
|
||||
private toPemPrivateKey(key: Uint8Array): string {
|
||||
const byteString = Utils.fromBufferToByteString(key);
|
||||
const asn1 = forge.asn1.fromDer(byteString);
|
||||
const privateKey = forge.pki.privateKeyFromAsn1(asn1);
|
||||
@@ -316,7 +316,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
|
||||
return forge.pki.privateKeyInfoToPem(privateKeyInfo);
|
||||
}
|
||||
|
||||
private toPemPublicKey(key: ArrayBuffer): string {
|
||||
private toPemPublicKey(key: Uint8Array): string {
|
||||
const byteString = Utils.fromBufferToByteString(key);
|
||||
const asn1 = forge.asn1.fromDer(byteString);
|
||||
const publicKey = forge.pki.publicKeyFromAsn1(asn1);
|
||||
|
||||
Reference in New Issue
Block a user