bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-16 08:13:42 +00:00
Code Issues Releases Wiki Activity

[EC-364] Expose key getters on CryptoService (#3170)

Browse Source 
* Move resolveLegacyKey to encryptService for utf8 decryption

* Deprecate account.keys.legacyEtmKey

Includes migration to tidy up leftover data

* Use new IEncrypted interface
This commit is contained in:
Thomas Rittson
2022-08-04 07:09:36 +10:00
committed by GitHub
parent 6b1652e34c
commit 83c0456340
11 changed files with 110 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libs/common/src/services/encrypt.service.ts
View File

@@ -6,6 +6,7 @@ import { EncryptedObject } from "@bitwarden/common/models/domain/encryptedObject
import { SymmetricCryptoKey } from "@bitwarden/common/models/domain/symmetricCryptoKey";
import { AbstractEncryptService } from "../abstractions/abstractEncrypt.service";
import { EncryptionType } from "../enums/encryptionType";
import { IEncrypted } from "../interfaces/IEncrypted";
import { EncArrayBuffer } from "../models/domain/encArrayBuffer";
@@ -63,9 +64,11 @@ export class EncryptService implements AbstractEncryptService {
async decryptToUtf8(encString: EncString, key: SymmetricCryptoKey): Promise<string> {
if (key == null) {
throw new Error("No encryption key provided.");
throw new Error("No key provided for decryption.");
}
key = this.resolveLegacyKey(key, encString);
if (key.macKey != null && encString?.mac == null) {
this.logService.error("mac required.");
return null;
@@ -107,6 +110,8 @@ export class EncryptService implements AbstractEncryptService {
throw new Error("Nothing provided for decryption.");
}
key = this.resolveLegacyKey(key, encThing);
if (key.macKey != null && encThing.macBytes == null) {
return null;
}
@@ -165,4 +170,19 @@ export class EncryptService implements AbstractEncryptService {
this.logService.error(msg);
}
}
/**
* Transform into new key for the old encrypt-then-mac scheme if required, otherwise return the current key unchanged
* @param encThing The encrypted object (e.g. encString or encArrayBuffer) that you want to decrypt
*/
resolveLegacyKey(key: SymmetricCryptoKey, encThing: IEncrypted): SymmetricCryptoKey {
if (
encThing.encryptionType === EncryptionType.AesCbc128_HmacSha256_B64 &&
key.encType === EncryptionType.AesCbc256_B64
) {
return new SymmetricCryptoKey(key.key, EncryptionType.AesCbc128_HmacSha256_B64);
}
return key;
}
}