From 9f88d68231ceeb2aa8a70501c2d1a74e88f36056 Mon Sep 17 00:00:00 2001 From: Bernd Schoolmann Date: Thu, 24 Apr 2025 20:43:02 +0200 Subject: [PATCH] tmp --- .../services/local-backed-session-storage.service.ts | 2 +- apps/cli/src/commands/edit.command.ts | 2 +- apps/cli/src/vault/create.command.ts | 2 +- .../src/native-message.service.ts | 2 +- .../src/platform/services/electron-key.service.ts | 2 +- .../src/services/biometric-message-handler.service.ts | 2 +- .../src/services/duckduckgo-message-handler.service.ts | 2 +- .../organization-user-reset-password.service.ts | 2 +- .../organization-invite/accept-organization.service.ts | 2 +- .../organizations/organization-plans.component.ts | 2 +- ...nization-self-hosting-license-uploader.component.ts | 2 +- .../providers/services/web-provider.service.ts | 2 +- .../app/secrets-manager/projects/project.service.ts | 2 +- .../service-accounts/access/access.service.ts | 6 +++--- .../service-accounts/service-account.service.ts | 2 +- .../settings/services/sm-porting-api.service.ts | 8 ++++---- .../crypto/abstractions/encrypt.service.ts | 10 +++++----- libs/key-management/src/key.service.spec.ts | 6 ++++-- 18 files changed, 30 insertions(+), 28 deletions(-) diff --git a/apps/browser/src/platform/services/local-backed-session-storage.service.ts b/apps/browser/src/platform/services/local-backed-session-storage.service.ts index c2996d687bd..5bec69ec886 100644 --- a/apps/browser/src/platform/services/local-backed-session-storage.service.ts +++ b/apps/browser/src/platform/services/local-backed-session-storage.service.ts @@ -139,7 +139,7 @@ export class LocalBackedSessionStorageService } const valueJson = JSON.stringify(value); - const encValue = await this.encryptService.encrypt(valueJson, await this.sessionKey.get()); + const encValue = await this.encryptService.encryptString(valueJson, await this.sessionKey.get()); await this.localStorage.save(this.sessionStorageKey(key), encValue.encryptedString); } diff --git a/apps/cli/src/commands/edit.command.ts b/apps/cli/src/commands/edit.command.ts index 2d4a854135d..2f815dc94a4 100644 --- a/apps/cli/src/commands/edit.command.ts +++ b/apps/cli/src/commands/edit.command.ts @@ -204,7 +204,7 @@ export class EditCommand { (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage), ); const request = new CollectionRequest(); - request.name = (await this.encryptService.encrypt(req.name, orgKey)).encryptedString; + request.name = (await this.encryptService.encryptString(req.name, orgKey)).encryptedString; request.externalId = req.externalId; request.groups = groups; request.users = users; diff --git a/apps/cli/src/vault/create.command.ts b/apps/cli/src/vault/create.command.ts index 713471356c9..5b34d2cb507 100644 --- a/apps/cli/src/vault/create.command.ts +++ b/apps/cli/src/vault/create.command.ts @@ -227,7 +227,7 @@ export class CreateCommand { (u) => new SelectionReadOnlyRequest(u.id, u.readOnly, u.hidePasswords, u.manage), ); const request = new CollectionRequest(); - request.name = (await this.encryptService.encrypt(req.name, orgKey)).encryptedString; + request.name = (await this.encryptService.encryptString(req.name, orgKey)).encryptedString; request.externalId = req.externalId; request.groups = groups; request.users = users; diff --git a/apps/desktop/native-messaging-test-runner/src/native-message.service.ts b/apps/desktop/native-messaging-test-runner/src/native-message.service.ts index f04c5ce54fa..4d59dcf5339 100644 --- a/apps/desktop/native-messaging-test-runner/src/native-message.service.ts +++ b/apps/desktop/native-messaging-test-runner/src/native-message.service.ts @@ -220,7 +220,7 @@ export default class NativeMessageService { const sharedKey = await this.getSharedKeyForKey(key); - return this.encryptService.encrypt(commandDataString, sharedKey); + return this.encryptService.encryptString(commandDataString, sharedKey); } private async decryptResponsePayload( diff --git a/apps/desktop/src/platform/services/electron-key.service.ts b/apps/desktop/src/platform/services/electron-key.service.ts index d272a9a9bd3..5ecde57ec5b 100644 --- a/apps/desktop/src/platform/services/electron-key.service.ts +++ b/apps/desktop/src/platform/services/electron-key.service.ts @@ -110,7 +110,7 @@ export class ElectronKeyService extends DefaultKeyService { // Set a key half if it doesn't exist const keyBytes = await this.cryptoFunctionService.randomBytes(32); clientKeyHalf = Utils.fromBufferToUtf8(keyBytes) as CsprngString; - const encKey = await this.encryptService.encrypt(clientKeyHalf, userKey); + const encKey = await this.encryptService.encryptString(clientKeyHalf, userKey); await this.biometricStateService.setEncryptedClientKeyHalf(encKey, userId); } diff --git a/apps/desktop/src/services/biometric-message-handler.service.ts b/apps/desktop/src/services/biometric-message-handler.service.ts index 398c8b9ecc9..bb5e509960b 100644 --- a/apps/desktop/src/services/biometric-message-handler.service.ts +++ b/apps/desktop/src/services/biometric-message-handler.service.ts @@ -350,7 +350,7 @@ export class BiometricMessageHandlerService { throw new Error("Session secret is missing"); } - const encrypted = await this.encryptService.encrypt( + const encrypted = await this.encryptService.encryptString( JSON.stringify(message), SymmetricCryptoKey.fromString(sessionSecret), ); diff --git a/apps/desktop/src/services/duckduckgo-message-handler.service.ts b/apps/desktop/src/services/duckduckgo-message-handler.service.ts index deffc7f27f7..5a29baec026 100644 --- a/apps/desktop/src/services/duckduckgo-message-handler.service.ts +++ b/apps/desktop/src/services/duckduckgo-message-handler.service.ts @@ -168,7 +168,7 @@ export class DuckDuckGoMessageHandlerService { payload: DecryptedCommandData, key: SymmetricCryptoKey, ): Promise { - return await this.encryptService.encrypt(JSON.stringify(payload), key); + return await this.encryptService.encryptString(JSON.stringify(payload), key); } private async decryptPayload(message: EncryptedMessage): Promise { diff --git a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts index 78d2d8fd165..ecf4d26eb52 100644 --- a/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts +++ b/apps/web/src/app/admin-console/organizations/members/services/organization-user-reset-password/organization-user-reset-password.service.ts @@ -112,7 +112,7 @@ export class OrganizationUserResetPasswordService if (orgSymKey == null) { throw new Error("No org key found"); } - const decPrivateKey = await this.encryptService.decryptToBytes( + const decPrivateKey = await this.encryptService.unwrapDecapsulationKey( new EncString(response.encryptedPrivateKey), orgSymKey, ); diff --git a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts index b6a7719c548..c68b174166d 100644 --- a/apps/web/src/app/auth/organization-invite/accept-organization.service.ts +++ b/apps/web/src/app/auth/organization-invite/accept-organization.service.ts @@ -145,7 +145,7 @@ export class AcceptOrganizationInviteService { const [encryptedOrgKey, orgKey] = await this.keyService.makeOrgKey(); const [orgPublicKey, encryptedOrgPrivateKey] = await this.keyService.makeKeyPair(orgKey); - const collection = await this.encryptService.encrypt( + const collection = await this.encryptService.encryptString( this.i18nService.t("defaultCollection"), orgKey, ); diff --git a/apps/web/src/app/billing/organizations/organization-plans.component.ts b/apps/web/src/app/billing/organizations/organization-plans.component.ts index e373b0d4dee..aad3b8df763 100644 --- a/apps/web/src/app/billing/organizations/organization-plans.component.ts +++ b/apps/web/src/app/billing/organizations/organization-plans.component.ts @@ -626,7 +626,7 @@ export class OrganizationPlansComponent implements OnInit, OnDestroy { if (this.createOrganization) { const orgKey = await this.keyService.makeOrgKey(); const key = orgKey[0].encryptedString; - const collection = await this.encryptService.encrypt( + const collection = await this.encryptService.encryptString( this.i18nService.t("defaultCollection"), orgKey[1], ); diff --git a/apps/web/src/app/billing/shared/self-hosting-license-uploader/organization-self-hosting-license-uploader.component.ts b/apps/web/src/app/billing/shared/self-hosting-license-uploader/organization-self-hosting-license-uploader.component.ts index c8d5eac2099..222aff3fec6 100644 --- a/apps/web/src/app/billing/shared/self-hosting-license-uploader/organization-self-hosting-license-uploader.component.ts +++ b/apps/web/src/app/billing/shared/self-hosting-license-uploader/organization-self-hosting-license-uploader.component.ts @@ -51,7 +51,7 @@ export class OrganizationSelfHostingLicenseUploaderComponent extends AbstractSel const orgKey = await this.keyService.makeOrgKey(); const key = orgKey[0].encryptedString; - const collection = await this.encryptService.encrypt( + const collection = await this.encryptService.encryptString( this.i18nService.t("defaultCollection"), orgKey[1], ); diff --git a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts index 844c6b779a9..418b7020ff9 100644 --- a/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts +++ b/bitwarden_license/bit-web/src/app/admin-console/providers/services/web-provider.service.ts @@ -74,7 +74,7 @@ export class WebProviderService { const [publicKey, encryptedPrivateKey] = await this.keyService.makeKeyPair(organizationKey); - const encryptedCollectionName = await this.encryptService.encrypt( + const encryptedCollectionName = await this.encryptService.encryptString( this.i18nService.t("defaultCollection"), organizationKey, ); diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts index 82e2809dfc8..3d2a569ef74 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/projects/project.service.ts @@ -93,7 +93,7 @@ export class ProjectService { ): Promise { const orgKey = await this.getOrganizationKey(organizationId); const request = new ProjectRequest(); - request.name = await this.encryptService.encrypt(projectView.name, orgKey); + request.name = await this.encryptService.encryptStringprojectView.name, orgKey); return request; } diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts index b0df36644d1..2e50ec5af7e 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/access/access.service.ts @@ -102,12 +102,12 @@ export class AccessService { const organizationKey = await this.getOrganizationKey(organizationId); const accessTokenRequest = new AccessTokenRequest(); const [name, encryptedPayload, key] = await Promise.all([ - await this.encryptService.encrypt(accessTokenView.name, organizationKey), - await this.encryptService.encrypt( + await this.encryptService.encryptString(accessTokenView.name, organizationKey), + await this.encryptService.encryptString( JSON.stringify({ encryptionKey: organizationKey.keyB64 }), encryptionKey, ), - await this.encryptService.encrypt(encryptionKey.keyB64, organizationKey), + await this.encryptService.encryptString(encryptionKey.keyB64, organizationKey), ]); accessTokenRequest.name = name; diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts index 082d2de066a..fc7e4aeb472 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/service-accounts/service-account.service.ts @@ -130,7 +130,7 @@ export class ServiceAccountService { serviceAccountView: ServiceAccountView, ) { const request = new ServiceAccountRequest(); - request.name = await this.encryptService.encrypt(serviceAccountView.name, organizationKey); + request.name = await this.encryptService.encryptStringserviceAccountView.name, organizationKey); return request; } diff --git a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts index 279c610ea6c..41088c1bfa1 100644 --- a/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts +++ b/bitwarden_license/bit-web/src/app/secrets-manager/settings/services/sm-porting-api.service.ts @@ -86,7 +86,7 @@ export class SecretsManagerPortingApiService { importData.projects.map(async (p: any) => { const project = new SecretsManagerImportedProjectRequest(); project.id = p.id; - project.name = await this.encryptService.encrypt(p.name, orgKey); + project.name = await this.encryptService.encryptString(p.name, orgKey); return project; }), ); @@ -96,9 +96,9 @@ export class SecretsManagerPortingApiService { const secret = new SecretsManagerImportedSecretRequest(); [secret.key, secret.value, secret.note] = await Promise.all([ - this.encryptService.encrypt(s.key, orgKey), - this.encryptService.encrypt(s.value, orgKey), - this.encryptService.encrypt(s.note, orgKey), + this.encryptService.encryptString(s.key, orgKey), + this.encryptService.encryptString(s.value, orgKey), + this.encryptService.encryptString(s.note, orgKey), ]); secret.id = s.id; diff --git a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts index 0297325da3b..595d8eadea3 100644 --- a/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts +++ b/libs/common/src/key-management/crypto/abstractions/encrypt.service.ts @@ -45,11 +45,11 @@ export abstract class EncryptService { * @deprecated * @returns The decrypted Uint8Array */ - abstract decryptToBytes( - encThing: Encrypted, - key: SymmetricCryptoKey, - decryptTrace?: string, - ): Promise; + // abstract decryptToBytes( + // encThing: Encrypted, + // key: SymmetricCryptoKey, + // decryptTrace?: string, + // ): Promise; /** * @deprecated Replaced by BulkEncryptService, remove once the feature is tested and the featureflag PM-4154-multi-worker-encryption-service is removed * @param items The items to decrypt diff --git a/libs/key-management/src/key.service.spec.ts b/libs/key-management/src/key.service.spec.ts index b824cf96aff..6a476f7106e 100644 --- a/libs/key-management/src/key.service.spec.ts +++ b/libs/key-management/src/key.service.spec.ts @@ -552,9 +552,11 @@ describe("keyService", () => { } encryptService.unwrapDecapsulationKey.mockImplementation((encryptedPrivateKey, userKey) => { - // TOOD: Branch between provider and private key? return Promise.resolve(fakePrivateKeyDecryption(encryptedPrivateKey, userKey)); }); + encryptService.unwrapSymmetricKey.mockImplementation((encryptedPrivateKey, userKey) => { + return Promise.resolve(new SymmetricCryptoKey(new Uint8Array(64))); + }); encryptService.decapsulateKeyUnsigned.mockImplementation((data, privateKey) => { return Promise.resolve(new SymmetricCryptoKey(fakeOrgKeyDecryption(data, privateKey))); @@ -646,7 +648,7 @@ describe("keyService", () => { const org2Key = decryptionKeys!.orgKeys![org2Id]; expect(org2Key).not.toBeNull(); - expect(org2Key.keyB64).toContain("provider1Key"); + expect(org2Key.toEncoded()).toHaveLength(64); }); it("returns a stream that pays attention to updates of all data", async () => {