From 56c750d375220941f4a634b2cd6076feecfa165c Mon Sep 17 00:00:00 2001 From: Jacob Fink Date: Thu, 8 Jun 2023 13:13:00 -0400 Subject: [PATCH] finish migrate auto key if needed - migrate whenever retrieved from storage - add back the user symmetric key toggle --- .../platform/abstractions/crypto.service.ts | 6 ++- .../src/platform/services/crypto.service.ts | 41 +++++++++++-------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/libs/common/src/platform/abstractions/crypto.service.ts b/libs/common/src/platform/abstractions/crypto.service.ts index d2afdccc768..34545484f18 100644 --- a/libs/common/src/platform/abstractions/crypto.service.ts +++ b/libs/common/src/platform/abstractions/crypto.service.ts @@ -17,6 +17,11 @@ export abstract class CryptoService { getKeyForUserEncryption: (key?: SymmetricCryptoKey) => Promise; setUserKey: (key: UserSymKey) => Promise; + /** + * Gets the user key from memory and sets it again, + * kicking off a refresh of any additional keys that are needed. + */ + toggleKey: () => Promise; getUserKeyFromMemory: (userId?: string) => Promise; getUserKeyFromStorage: ( keySuffix: KeySuffixOptions.Auto | KeySuffixOptions.Biometric, @@ -117,5 +122,4 @@ export abstract class CryptoService { setEncKey: (encKey: string) => Promise; hasEncKey: () => Promise; clearEncKey: (memoryOnly?: boolean, userId?: string) => Promise; - toggleKey: () => Promise; } diff --git a/libs/common/src/platform/services/crypto.service.ts b/libs/common/src/platform/services/crypto.service.ts index e27d28ee520..6a724095943 100644 --- a/libs/common/src/platform/services/crypto.service.ts +++ b/libs/common/src/platform/services/crypto.service.ts @@ -69,6 +69,11 @@ export class CryptoService implements CryptoServiceAbstraction { await this.storeAdditionalKeys(key, userId); } + async toggleKey(): Promise { + const key = await this.getUserKeyFromMemory(); + await this.setUserKey(key); + } + /** * Retrieves the user's symmetric key * @param keySuffix The desired version of the user's key to retrieve @@ -948,15 +953,8 @@ export class CryptoService implements CryptoServiceAbstraction { let userKey: string; switch (keySuffix) { case KeySuffixOptions.Auto: { - // migrate if needed - const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId }); - if (oldAutoKey) { - await this.stateService.setUserSymKeyAuto(oldAutoKey, { userId: userId }); - await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); - userKey = oldAutoKey; - } else { - userKey = await this.stateService.getUserSymKeyAuto({ userId: userId }); - } + await this.migrateAutoKeyIfNeeded(userId); + userKey = await this.stateService.getUserSymKeyAuto({ userId: userId }); break; } case KeySuffixOptions.Biometric: { @@ -967,6 +965,23 @@ export class CryptoService implements CryptoServiceAbstraction { return new SymmetricCryptoKey(Utils.fromB64ToArray(userKey).buffer) as UserSymKey; } + private async migrateAutoKeyIfNeeded(userId?: string) { + const oldAutoKey = await this.stateService.getCryptoMasterKeyAuto({ userId: userId }); + if (oldAutoKey) { + // decrypt + const masterKey = new SymmetricCryptoKey( + Utils.fromB64ToArray(oldAutoKey).buffer + ) as MasterKey; + const userSymKey = await this.decryptUserSymKeyWithMasterKey( + masterKey, + new EncString(await this.stateService.getEncryptedCryptoSymmetricKey()) + ); + // migrate + await this.stateService.setUserSymKeyAuto(userSymKey.keyB64, { userId: userId }); + await this.stateService.setCryptoMasterKeyAuto(null, { userId: userId }); + } + } + private async stretchKey(key: SymmetricCryptoKey): Promise { const newKey = new Uint8Array(64); const encKey = await this.cryptoFunctionService.hkdfExpand(key.key, "enc", 32, "sha256"); @@ -1192,12 +1207,4 @@ export class CryptoService implements CryptoServiceAbstraction { await this.stateService.setEncryptedCryptoSymmetricKey(null, { userId: userId }); } } - - /** - * @deprecated we wouldn't be saving encrypted/decrypted versions of the user symmetric key - */ - async toggleKey(): Promise { - // const key = await this.getKey(); - // await this.setKey(key); - } }