Replace uses of encstring with unsigned shared key

2026-03-01 19:11:22 +00:00 · 2025-12-12 15:55:43 +01:00
parent 3735f1c106
commit 9afce480de
42 changed files with 183 additions and 157 deletions
--- a/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
+++ b/libs/auth/src/common/abstractions/auth-request.service.abstraction.ts
@@ -5,6 +5,7 @@ import { AuthRequestResponse } from "@bitwarden/common/auth/models/response/auth
 import { AuthRequestPushNotification } from "@bitwarden/common/models/response/notification.response";
 import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey, MasterKey } from "@bitwarden/common/types/key";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 export abstract class AuthRequestServiceAbstraction {
  /** Emits an auth request id when an auth request has been approved. */
@@ -93,7 +94,7 @@ export abstract class AuthRequestServiceAbstraction {
   * @returns The decrypted `UserKey`.
   */
  abstract decryptPubKeyEncryptedUserKey(
-    pubKeyEncryptedUserKey: string,
+    pubKeyEncryptedUserKey: UnsignedSharedKey,
    privateKey: ArrayBuffer,
  ): Promise<UserKey>;
  /**
--- a/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
+++ b/libs/auth/src/common/login-strategies/webauthn-login.strategy.ts
@@ -6,7 +6,6 @@ import { Jsonify } from "type-fest";
 import { AuthResult } from "@bitwarden/common/auth/models/domain/auth-result";
 import { WebAuthnLoginTokenRequest } from "@bitwarden/common/auth/models/request/identity-token/webauthn-login-token.request";
 import { IdentityTokenResponse } from "@bitwarden/common/auth/models/response/identity-token.response";
-import { EncString } from "@bitwarden/common/key-management/crypto/models/enc-string";
 import { UserId } from "@bitwarden/common/types/guid";
 import { UserKey } from "@bitwarden/common/types/key";

@@ -89,7 +88,7 @@ export class WebAuthnLoginStrategy extends LoginStrategy {

      // decrypt user key with private key
      const userKey = await this.encryptService.decapsulateKeyUnsigned(
-        new EncString(webAuthnPrfOption.encryptedUserKey.encryptedString),
+        webAuthnPrfOption.encryptedUserKey,
        privateKey,
      );

--- a/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request.service.spec.ts
@@ -16,6 +16,7 @@ import { UserId } from "@bitwarden/common/types/guid";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 import { newGuid } from "@bitwarden/guid";
 import { KeyService } from "@bitwarden/key-management";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { DefaultAuthRequestApiService } from "./auth-request-api.service";
 import { AuthRequestService } from "./auth-request.service";
@@ -89,9 +90,9 @@ describe("AuthRequestService", () => {

  describe("approveOrDenyAuthRequest", () => {
    beforeEach(() => {
-      encryptService.encapsulateKeyUnsigned.mockResolvedValue({
-        encryptedString: "ENCRYPTED_STRING",
-      } as EncString);
+      encryptService.encapsulateKeyUnsigned.mockResolvedValue(
+        "ENCRYPTED_STRING" as UnsignedSharedKey,
+      );
      appIdService.getAppId.mockResolvedValue("APP_ID");
    });
    it("should throw if auth request is missing id or key", async () => {
@@ -221,7 +222,7 @@ describe("AuthRequestService", () => {

      // Act
      const result = await sut.decryptPubKeyEncryptedUserKey(
-        mockPubKeyEncryptedUserKey,
+        mockPubKeyEncryptedUserKey as UnsignedSharedKey,
        mockPrivateKey,
      );

--- a/libs/auth/src/common/services/auth-request/auth-request.service.ts
+++ b/libs/auth/src/common/services/auth-request/auth-request.service.ts
@@ -25,6 +25,7 @@ import {
 import { UserId } from "@bitwarden/common/types/guid";
 import { MasterKey, UserKey } from "@bitwarden/common/types/key";
 import { KeyService } from "@bitwarden/key-management";
+import { UnsignedSharedKey } from "@bitwarden/sdk-internal";

 import { AuthRequestApiServiceAbstraction } from "../../abstractions/auth-request-api.service";
 import { AuthRequestServiceAbstraction } from "../../abstractions/auth-request.service.abstraction";
@@ -143,7 +144,7 @@ export class AuthRequestService implements AuthRequestServiceAbstraction {
    const encryptedKey = await this.encryptService.encapsulateKeyUnsigned(keyToEncrypt, pubKey);

    const response = new PasswordlessAuthRequest(
-      encryptedKey.encryptedString,
+      encryptedKey,
      undefined,
      await this.appIdService.getAppId(),
      approve,
@@ -186,11 +187,11 @@ export class AuthRequestService implements AuthRequestServiceAbstraction {

  // Decryption helpers
  async decryptPubKeyEncryptedUserKey(
-    pubKeyEncryptedUserKey: string,
+    pubKeyEncryptedUserKey: UnsignedSharedKey,
    privateKey: Uint8Array,
  ): Promise<UserKey> {
    const decryptedUserKey = await this.encryptService.decapsulateKeyUnsigned(
-      new EncString(pubKeyEncryptedUserKey),
+      pubKeyEncryptedUserKey,
      privateKey,
    );