[PM-18697] Remove old symmetric key representations in symmetriccryptokey (#13598)

* Remove AES128CBC-HMAC encryption * Increase test coverage * Refactor symmetric keys and increase test coverage * Re-add type 0 encryption * Fix ts strict warning * Remove old symmetric key representations in symmetriccryptokey * Fix desktop build * Fix test * Fix build * Update libs/common/src/key-management/crypto/services/web-crypto-function.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/node/src/services/node-crypto-function.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Undo changes * Remove cast * Undo changes to tests * Fix linting * Undo removing new Uint8Array in aesDecryptFastParameters * Fix merge conflicts * Fix test * Fix another test * Fix test --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-12-06 00:13:28 +00:00 · 2025-04-21 16:57:26 +02:00
parent a250395e6d
commit 43b1f55360
12 changed files with 111 additions and 106 deletions
--- a/libs/node/src/services/node-crypto-function.service.ts
+++ b/libs/node/src/services/node-crypto-function.service.ts
@@ -3,6 +3,7 @@ import * as crypto from "crypto";
 import * as forge from "node-forge";

 import { CryptoFunctionService } from "@bitwarden/common/key-management/crypto/abstractions/crypto-function.service";
+import { EncryptionType } from "@bitwarden/common/platform/enums";
 import { Utils } from "@bitwarden/common/platform/misc/utils";
 import {
  CbcDecryptParameters,
@@ -172,24 +173,33 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
    mac: string | null,
    key: SymmetricCryptoKey,
  ): CbcDecryptParameters<Uint8Array> {
-    const p = {} as CbcDecryptParameters<Uint8Array>;
-    p.encKey = key.encKey;
-    p.data = Utils.fromB64ToArray(data);
-    p.iv = Utils.fromB64ToArray(iv);
+    const dataBytes = Utils.fromB64ToArray(data);
+    const ivBytes = Utils.fromB64ToArray(iv);
+    const macBytes = mac != null ? Utils.fromB64ToArray(mac) : null;

-    const macData = new Uint8Array(p.iv.byteLength + p.data.byteLength);
-    macData.set(new Uint8Array(p.iv), 0);
-    macData.set(new Uint8Array(p.data), p.iv.byteLength);
-    p.macData = macData;
+    const innerKey = key.inner();

-    if (key.macKey != null) {
-      p.macKey = key.macKey;
+    if (innerKey.type === EncryptionType.AesCbc256_B64) {
+      return {
+        iv: ivBytes,
+        data: dataBytes,
+        encKey: innerKey.encryptionKey,
+      } as CbcDecryptParameters<Uint8Array>;
+    } else if (innerKey.type === EncryptionType.AesCbc256_HmacSha256_B64) {
+      const macData = new Uint8Array(ivBytes.byteLength + dataBytes.byteLength);
+      macData.set(new Uint8Array(ivBytes), 0);
+      macData.set(new Uint8Array(dataBytes), ivBytes.byteLength);
+      return {
+        iv: ivBytes,
+        data: dataBytes,
+        mac: macBytes,
+        macData: macData,
+        encKey: innerKey.encryptionKey,
+        macKey: innerKey.authenticationKey,
+      } as CbcDecryptParameters<Uint8Array>;
+    } else {
+      throw new Error("Unsupported encryption type");
    }
-    if (mac != null) {
-      p.mac = Utils.fromB64ToArray(mac);
-    }
-
-    return p;
  }

  async aesDecryptFast({