[PM-17984] Remove AES128CBC-HMAC encryption (#13304)

* Remove AES128CBC-HMAC encryption

* Increase test coverage

libs/common/src/platform/models/domain/enc-array-buffer.spec.ts

@@ -5,28 +5,28 @@ import { EncArrayBuffer } from "./enc-array-buffer";
 
 describe("encArrayBuffer", () => {
   describe("parses the buffer", () => {
-    test.each([
-      [EncryptionType.AesCbc128_HmacSha256_B64, "AesCbc128_HmacSha256_B64"],
-      [EncryptionType.AesCbc256_HmacSha256_B64, "AesCbc256_HmacSha256_B64"],
-    ])("with %c%s", (encType: EncryptionType) => {
-      const iv = makeStaticByteArray(16, 10);
-      const mac = makeStaticByteArray(32, 20);
-      // We use the minimum data length of 1 to test the boundary of valid lengths
-      const data = makeStaticByteArray(1, 100);
+    test.each([[EncryptionType.AesCbc256_HmacSha256_B64, "AesCbc256_HmacSha256_B64"]])(
+      "with %c%s",
+      (encType: EncryptionType) => {
+        const iv = makeStaticByteArray(16, 10);
+        const mac = makeStaticByteArray(32, 20);
+        // We use the minimum data length of 1 to test the boundary of valid lengths
+        const data = makeStaticByteArray(1, 100);
 
-      const array = new Uint8Array(1 + iv.byteLength + mac.byteLength + data.byteLength);
-      array.set([encType]);
-      array.set(iv, 1);
-      array.set(mac, 1 + iv.byteLength);
-      array.set(data, 1 + iv.byteLength + mac.byteLength);
+        const array = new Uint8Array(1 + iv.byteLength + mac.byteLength + data.byteLength);
+        array.set([encType]);
+        array.set(iv, 1);
+        array.set(mac, 1 + iv.byteLength);
+        array.set(data, 1 + iv.byteLength + mac.byteLength);
 
-      const actual = new EncArrayBuffer(array);
+        const actual = new EncArrayBuffer(array);
 
-      expect(actual.encryptionType).toEqual(encType);
-      expect(actual.ivBytes).toEqualBuffer(iv);
-      expect(actual.macBytes).toEqualBuffer(mac);
-      expect(actual.dataBytes).toEqualBuffer(data);
-    });
+        expect(actual.encryptionType).toEqual(encType);
+        expect(actual.ivBytes).toEqualBuffer(iv);
+        expect(actual.macBytes).toEqualBuffer(mac);
+        expect(actual.dataBytes).toEqualBuffer(data);
+      },
+    );
 
     it("with AesCbc256_B64", () => {
       const encType = EncryptionType.AesCbc256_B64;
@@ -50,7 +50,6 @@ describe("encArrayBuffer", () => {
 
   describe("throws if the buffer has an invalid length", () => {
     test.each([
-      [EncryptionType.AesCbc128_HmacSha256_B64, 50, "AesCbc128_HmacSha256_B64"],
       [EncryptionType.AesCbc256_HmacSha256_B64, 50, "AesCbc256_HmacSha256_B64"],
       [EncryptionType.AesCbc256_B64, 18, "AesCbc256_B64"],
     ])("with %c%c%s", (encType: EncryptionType, minLength: number) => {

libs/common/src/platform/models/domain/enc-array-buffer.ts

@@ -20,7 +20,6 @@ export class EncArrayBuffer implements Encrypted {
     const encType = encBytes[0];
 
     switch (encType) {
-      case EncryptionType.AesCbc128_HmacSha256_B64:
       case EncryptionType.AesCbc256_HmacSha256_B64: {
         const minimumLength = ENC_TYPE_LENGTH + IV_LENGTH + MAC_LENGTH + MIN_DATA_LENGTH;
         if (encBytes.length < minimumLength) {

libs/common/src/platform/models/domain/enc-string.spec.ts

@@ -60,9 +60,7 @@ describe("EncString", () => {
 
       const cases = [
         "aXY=|Y3Q=", // AesCbc256_B64 w/out header
-        "aXY=|Y3Q=|cnNhQ3Q=", // AesCbc128_HmacSha256_B64 w/out header
         "0.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_B64 with header
-        "1.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc128_HmacSha256_B64
         "2.QmFzZTY0UGFydA==|QmFzZTY0UGFydA==|QmFzZTY0UGFydA==", // AesCbc256_HmacSha256_B64
         "3.QmFzZTY0UGFydA==", // Rsa2048_OaepSha256_B64
         "4.QmFzZTY0UGFydA==", // Rsa2048_OaepSha1_B64

libs/common/src/platform/models/domain/enc-string.ts

@@ -89,7 +89,6 @@ export class EncString implements Encrypted {
     }
 
     switch (encType) {
-      case EncryptionType.AesCbc128_HmacSha256_B64:
       case EncryptionType.AesCbc256_HmacSha256_B64:
         this.iv = encPieces[0];
         this.data = encPieces[1];
@@ -132,10 +131,7 @@ export class EncString implements Encrypted {
       }
     } else {
       encPieces = encryptedString.split("|");
-      encType =
-        encPieces.length === 3
-          ? EncryptionType.AesCbc128_HmacSha256_B64
-          : EncryptionType.AesCbc256_B64;
+      encType = EncryptionType.AesCbc256_B64;
     }
 
     return {

libs/common/src/platform/models/domain/symmetric-crypto-key.spec.ts

@@ -27,21 +27,6 @@ describe("SymmetricCryptoKey", () => {
       });
     });
 
-    it("AesCbc128_HmacSha256_B64", () => {
-      const key = makeStaticByteArray(32);
-      const cryptoKey = new SymmetricCryptoKey(key, EncryptionType.AesCbc128_HmacSha256_B64);
-
-      expect(cryptoKey).toEqual({
-        encKey: key.slice(0, 16),
-        encKeyB64: "AAECAwQFBgcICQoLDA0ODw==",
-        encType: 1,
-        key: key,
-        keyB64: "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=",
-        macKey: key.slice(16, 32),
-        macKeyB64: "EBESExQVFhcYGRobHB0eHw==",
-      });
-    });
-
     it("AesCbc256_HmacSha256_B64", () => {
       const key = makeStaticByteArray(64);
       const cryptoKey = new SymmetricCryptoKey(key);

libs/common/src/platform/models/domain/symmetric-crypto-key.ts

@@ -38,9 +38,6 @@ export class SymmetricCryptoKey {
     if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) {
       this.encKey = key;
       this.macKey = null;
-    } else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) {
-      this.encKey = key.slice(0, 16);
-      this.macKey = key.slice(16, 32);
     } else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) {
       this.encKey = key.slice(0, 32);
       this.macKey = key.slice(32, 64);