bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 16:23:44 +00:00
Code Issues Releases Wiki Activity

Begin refactor of crypto service to support new key structure

Browse Source
This commit is contained in:
Jacob Fink
2023-05-25 12:23:21 -04:00
parent bc4b3f3d74
commit 4ce2a17ea4
4 changed files with 730 additions and 488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/desktop/src/platform/services/electron-crypto.service.ts
View File

@@ -21,8 +21,8 @@ export class ElectronCryptoService extends CryptoService {
super(cryptoFunctionService, encryptService, platformUtilsService, logService, stateService); super(cryptoFunctionService, encryptService, platformUtilsService, logService, stateService);
} }
protected override async storeKey(key: SymmetricCryptoKey, userId?: string) { protected override async storeAdditionalKeys(key: SymmetricCryptoKey, userId?: string) {
await super.storeKey(key, userId); await super.storeAdditionalKeys(key, userId);
const storeBiometricKey = await this.shouldStoreKey(KeySuffixOptions.Biometric, userId); const storeBiometricKey = await this.shouldStoreKey(KeySuffixOptions.Biometric, userId);

115
libs/common/src/platform/abstractions/crypto.service.ts
View File

@@ -5,82 +5,85 @@ import { KdfConfig } from "../../auth/models/domain/kdf-config";
import { KeySuffixOptions, KdfType, HashPurpose } from "../../enums"; import { KeySuffixOptions, KdfType, HashPurpose } from "../../enums";
import { EncArrayBuffer } from "../models/domain/enc-array-buffer"; import { EncArrayBuffer } from "../models/domain/enc-array-buffer";
import { EncString } from "../models/domain/enc-string"; import { EncString } from "../models/domain/enc-string";
import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key"; import {
MasterKey,
PinKey,
SymmetricCryptoKey,
UserSymKey,
} from "../models/domain/symmetric-crypto-key";
export abstract class CryptoService { export abstract class CryptoService {
setKey: (key: SymmetricCryptoKey) => Promise<any>; // TODO: Update logic for this method
getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
setUserKey: (key: SymmetricCryptoKey) => Promise<void>;
getUserKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<UserSymKey>;
getUserKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<UserSymKey>;
hasUserKey: () => Promise<boolean>;
hasUserKeyInMemory: (userId?: string) => Promise<boolean>;
hasUserKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>;
makeUserSymKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
clearUserKey: (clearSecretStorage?: boolean, userId?: string) => Promise<void>;
clearUserKeyFromStorage: (keySuffix: KeySuffixOptions) => Promise<void>;
setMasterKey: (key: MasterKey, userId?: string) => Promise<void>;
getMasterKey: (userId?: string) => Promise<MasterKey>;
makeMasterKey: (
password: string,
email: string,
kdf: KdfType,
KdfConfig: KdfConfig
) => Promise<MasterKey>;
encryptUserSymKeyWithMasterKey: (
masterKey: MasterKey,
userSymKey?: UserSymKey
) => Promise<[UserSymKey, EncString]>;
hashPassword: (password: string, key: MasterKey, hashPurpose?: HashPurpose) => Promise<string>;
setKeyHash: (keyHash: string) => Promise<void>; setKeyHash: (keyHash: string) => Promise<void>;
setEncKey: (encKey: string) => Promise<void>; getKeyHash: () => Promise<string>;
setEncPrivateKey: (encPrivateKey: string) => Promise<void>; clearKeyHash: () => Promise<void>;
compareAndUpdateKeyHash: (masterPassword: string, key: MasterKey) => Promise<boolean>;
setOrgKeys: ( setOrgKeys: (
orgs: ProfileOrganizationResponse[], orgs: ProfileOrganizationResponse[],
providerOrgs: ProfileProviderOrganizationResponse[] providerOrgs: ProfileProviderOrganizationResponse[]
) => Promise<void>; ) => Promise<void>;
getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>;
getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<void>;
setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>; setProviderKeys: (orgs: ProfileProviderResponse[]) => Promise<void>;
getKey: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>; getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>;
getKeyFromStorage: (keySuffix: KeySuffixOptions, userId?: string) => Promise<SymmetricCryptoKey>; getProviderKeys: () => Promise<Map<string, SymmetricCryptoKey>>;
getKeyHash: () => Promise<string>; clearProviderKeys: (memoryOnly?: boolean) => Promise<void>;
compareAndUpdateKeyHash: (masterPassword: string, key: SymmetricCryptoKey) => Promise<boolean>;
getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
getPublicKey: () => Promise<ArrayBuffer>; getPublicKey: () => Promise<ArrayBuffer>;
makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
setPrivateKey: (encPrivateKey: string) => Promise<void>;
getPrivateKey: () => Promise<ArrayBuffer>; getPrivateKey: () => Promise<ArrayBuffer>;
getFingerprint: (fingerprintMaterial: string, publicKey?: ArrayBuffer) => Promise<string[]>; getFingerprint: (fingerprintMaterial: string, publicKey?: ArrayBuffer) => Promise<string[]>;
getOrgKeys: () => Promise<Map<string, SymmetricCryptoKey>>; makeKeyPair: (key?: UserSymKey) => Promise<[string, EncString]>;
getOrgKey: (orgId: string) => Promise<SymmetricCryptoKey>; clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<void[]>;
getProviderKey: (providerId: string) => Promise<SymmetricCryptoKey>; makePinKey: (pin: string, salt: string, kdf: KdfType, kdfConfig: KdfConfig) => Promise<PinKey>;
getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>; clearPinProtectedKey: () => Promise<void>;
hasKey: () => Promise<boolean>; decryptUserSymKeyWithPin: (
hasKeyInMemory: (userId?: string) => Promise<boolean>;
hasKeyStored: (keySuffix?: KeySuffixOptions, userId?: string) => Promise<boolean>;
hasEncKey: () => Promise<boolean>;
clearKey: (clearSecretStorage?: boolean, userId?: string) => Promise<any>;
clearKeyHash: () => Promise<any>;
clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
clearKeyPair: (memoryOnly?: boolean, userId?: string) => Promise<any>;
clearOrgKeys: (memoryOnly?: boolean, userId?: string) => Promise<any>;
clearProviderKeys: (memoryOnly?: boolean) => Promise<any>;
clearPinProtectedKey: () => Promise<any>;
clearKeys: (userId?: string) => Promise<any>;
toggleKey: () => Promise<any>;
makeKey: (
password: string,
salt: string,
kdf: KdfType,
kdfConfig: KdfConfig
) => Promise<SymmetricCryptoKey>;
makeKeyFromPin: (
pin: string, pin: string,
salt: string, salt: string,
kdf: KdfType, kdf: KdfType,
kdfConfig: KdfConfig, kdfConfig: KdfConfig,
protectedKeyCs?: EncString protectedKeyCs?: EncString
) => Promise<SymmetricCryptoKey>; ) => Promise<UserSymKey>;
makeShareKey: () => Promise<[EncString, SymmetricCryptoKey]>;
makeKeyPair: (key?: SymmetricCryptoKey) => Promise<[string, EncString]>;
makePinKey: (
pin: string,
salt: string,
kdf: KdfType,
kdfConfig: KdfConfig
) => Promise<SymmetricCryptoKey>;
makeSendKey: (keyMaterial: ArrayBuffer) => Promise<SymmetricCryptoKey>; makeSendKey: (keyMaterial: ArrayBuffer) => Promise<SymmetricCryptoKey>;
hashPassword: ( clearKeys: (userId?: string) => Promise<any>;
password: string,
key: SymmetricCryptoKey,
hashPurpose?: HashPurpose
) => Promise<string>;
makeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, EncString]>;
remakeEncKey: (
key: SymmetricCryptoKey,
encKey?: SymmetricCryptoKey
) => Promise<[SymmetricCryptoKey, EncString]>;
encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncString>;
encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer) => Promise<EncString>; rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer) => Promise<EncString>;
rsaDecrypt: (encValue: string, privateKeyValue?: ArrayBuffer) => Promise<ArrayBuffer>; rsaDecrypt: (encValue: string, privateKeyValue?: ArrayBuffer) => Promise<ArrayBuffer>;
randomNumber: (min: number, max: number) => Promise<number>;
// deprecate
encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncString>;
encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<EncArrayBuffer>;
decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>; decryptToBytes: (encString: EncString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>;
decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>; decryptToUtf8: (encString: EncString, key?: SymmetricCryptoKey) => Promise<string>;
decryptFromBytes: (encBuffer: EncArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>; decryptFromBytes: (encBuffer: EncArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>;
randomNumber: (min: number, max: number) => Promise<number>; setEncKey: (encKey: string) => Promise<void>;
validateKey: (key: SymmetricCryptoKey) => Promise<boolean>; getEncKey: (key?: SymmetricCryptoKey) => Promise<SymmetricCryptoKey>;
hasEncKey: () => Promise<boolean>;
clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise<any>;
toggleKey: () => Promise<any>;
} }

1
libs/common/src/platform/models/domain/symmetric-crypto-key.ts
View File

@@ -80,3 +80,4 @@ export class SymmetricCryptoKey {
export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">; export type DeviceKey = Opaque<SymmetricCryptoKey, "DeviceKey">;
export type UserSymKey = Opaque<SymmetricCryptoKey, "UserSymKey">; export type UserSymKey = Opaque<SymmetricCryptoKey, "UserSymKey">;
export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">; export type MasterKey = Opaque<SymmetricCryptoKey, "MasterKey">;
export type PinKey = Opaque<SymmetricCryptoKey, "PinKey">;

1098
libs/common/src/platform/services/crypto.service.ts
View File

File diff suppressed because it is too large Load Diff