PS-813 Add memory storage to state service (#2892)

* Use abstract methods and generics in StorageService * Prepend `Abstract` to abstract classes * Create session browser storage service * Use memory storage service for state memory * Inject memory storage service * Maintain filename extensions to help ide formatting * Preserve state if it's still in memory * Use jslib's memory storage service * linter * Create prototypes on stored objects * standardize package scripts * Add type safety to `withPrototype` decorators * webpack notify manifest version * Fix desktop * linter * Fix script * Improve prototye application * do not change prototype if it already matches desired * fix error with object values prototype application * Handle null state * Apply prototypes to browser-specific state * Add angular language server to recommended extensions * Improve browser state service tests * Start testing state Service * Fix abstract returns * Move test setup files to not be picked up by default glob matchers * Add key generation service * Add low-dependency encrypt service * Back crypto service with encrypt service. We'll want to work items that don't require state over to encrypt service * Add new storage service and tests * Properly init more stored values * Fix reload issues when state service is recovering state from session storage Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com> Co-authored-by: Justin Baur <admin@justinbaur.com> * Simplify encrypt service * Do not log mac failures for local-backed session storage * `content` changed to `main` in #2245 * Fix CLI * Remove loggin * PR feedback * Merge remote-tracking branch 'origin/master' into add-memory-storage-to-state-service * Fix desktop * Fix decrypt method signature * Minify if not development * Key is required Co-authored-by: Thomas Avery <Thomas-Avery@users.noreply.github.com> Co-authored-by: Justin Baur <admin@justinbaur.com>
2025-12-16 00:03:56 +00:00 · 2022-06-27 13:38:12 -04:00
parent c044c5c770
commit 399b8c2b34
57 changed files with 1575 additions and 370 deletions
--- a/libs/common/src/services/encrypt.service.ts
+++ b/libs/common/src/services/encrypt.service.ts
@@ -0,0 +1,94 @@
+import { CryptoFunctionService } from "@bitwarden/common/abstractions/cryptoFunction.service";
+import { LogService } from "@bitwarden/common/abstractions/log.service";
+import { Utils } from "@bitwarden/common/misc/utils";
+import { EncString } from "@bitwarden/common/models/domain/encString";
+import { EncryptedObject } from "@bitwarden/common/models/domain/encryptedObject";
+import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetricCryptoKey";
+
+import { AbstractEncryptService } from "../abstractions/abstractEncrypt.service";
+
+export class EncryptService implements AbstractEncryptService {
+  constructor(
+    private cryptoFunctionService: CryptoFunctionService,
+    private logService: LogService,
+    private logMacFailures: boolean
+  ) {}
+
+  async encrypt(plainValue: string | ArrayBuffer, key: SymmetricCryptoKey): Promise<EncString> {
+    if (key == null) {
+      throw new Error("no encryption key provided.");
+    }
+
+    if (plainValue == null) {
+      return Promise.resolve(null);
+    }
+
+    let plainBuf: ArrayBuffer;
+    if (typeof plainValue === "string") {
+      plainBuf = Utils.fromUtf8ToArray(plainValue).buffer;
+    } else {
+      plainBuf = plainValue;
+    }
+
+    const encObj = await this.aesEncrypt(plainBuf, key);
+    const iv = Utils.fromBufferToB64(encObj.iv);
+    const data = Utils.fromBufferToB64(encObj.data);
+    const mac = encObj.mac != null ? Utils.fromBufferToB64(encObj.mac) : null;
+    return new EncString(encObj.key.encType, data, iv, mac);
+  }
+
+  async decryptToUtf8(encString: EncString, key: SymmetricCryptoKey): Promise<string> {
+    if (key?.macKey != null && encString?.mac == null) {
+      this.logService.error("mac required.");
+      return null;
+    }
+
+    if (key.encType !== encString.encryptionType) {
+      this.logService.error("encType unavailable.");
+      return null;
+    }
+
+    const fastParams = this.cryptoFunctionService.aesDecryptFastParameters(
+      encString.data,
+      encString.iv,
+      encString.mac,
+      key
+    );
+    if (fastParams.macKey != null && fastParams.mac != null) {
+      const computedMac = await this.cryptoFunctionService.hmacFast(
+        fastParams.macData,
+        fastParams.macKey,
+        "sha256"
+      );
+      const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
+      if (!macsEqual) {
+        this.logMacFailed("mac failed.");
+        return null;
+      }
+    }
+
+    return this.cryptoFunctionService.aesDecryptFast(fastParams);
+  }
+
+  private async aesEncrypt(data: ArrayBuffer, key: SymmetricCryptoKey): Promise<EncryptedObject> {
+    const obj = new EncryptedObject();
+    obj.key = key;
+    obj.iv = await this.cryptoFunctionService.randomBytes(16);
+    obj.data = await this.cryptoFunctionService.aesEncrypt(data, obj.iv, obj.key.encKey);
+
+    if (obj.key.macKey != null) {
+      const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
+      macData.set(new Uint8Array(obj.iv), 0);
+      macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
+      obj.mac = await this.cryptoFunctionService.hmac(macData.buffer, obj.key.macKey, "sha256");
+    }
+
+    return obj;
+  }
+
+  private logMacFailed(msg: string) {
+    if (this.logMacFailures) {
+      this.logService.error(msg);
+    }
+  }
+}