bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-17 16:53:34 +00:00
Code Issues Releases Wiki Activity

add storage for master key encrypted user symmetric key

Browse Source
This commit is contained in:
Jacob Fink
2023-05-23 16:57:31 -04:00
parent 702dfb7eaf
commit bc4b3f3d74
3 changed files with 57 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libs/common/src/platform/abstractions/state.service.ts
View File

@@ -78,10 +78,12 @@ export abstract class StateService<T extends Account = Account> {
setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>; setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;
// new keys // new keys
getMasterKey: (options?: StorageOptions) => Promise<MasterKey>;
setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
getUserSymKey: (options?: StorageOptions) => Promise<UserSymKey>; getUserSymKey: (options?: StorageOptions) => Promise<UserSymKey>;
setUserSymKey: (value: UserSymKey, options?: StorageOptions) => Promise<void>; setUserSymKey: (value: UserSymKey, options?: StorageOptions) => Promise<void>;
getMasterKey: (options?: StorageOptions) => Promise<MasterKey>;
setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
getUserSymKeyMasterKey: (options?: StorageOptions) => Promise<string>;
setUserSymKeyMasterKey: (value: string, options?: StorageOptions) => Promise<void>;
getUserSymKeyAuto: (options?: StorageOptions) => Promise<string>; getUserSymKeyAuto: (options?: StorageOptions) => Promise<string>;
setUserSymKeyAuto: (value: string, options?: StorageOptions) => Promise<void>; setUserSymKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
getUserSymKeyBiometric: (options?: StorageOptions) => Promise<string>; getUserSymKeyBiometric: (options?: StorageOptions) => Promise<string>;

3
libs/common/src/platform/models/domain/account.ts
View File

@@ -100,8 +100,9 @@ export class AccountData {
export class AccountKeys { export class AccountKeys {
// new keys // new keys
masterKey?: MasterKey;
userSymKey?: UserSymKey; userSymKey?: UserSymKey;
masterKey?: MasterKey;
userSymKeyMasterKey?: string;
userSymKeyAuto?: string; userSymKeyAuto?: string;
userSymKeyBiometric?: string; userSymKeyBiometric?: string;
// end new keys // end new keys

68
libs/common/src/platform/services/state.service.ts
View File

@@ -557,23 +557,6 @@ export class StateService<
} }
} }
async getMasterKey(options?: StorageOptions): Promise<MasterKey> {
const account = await this.getAccount(
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
return account?.keys?.masterKey;
}
async setMasterKey(value: MasterKey, options?: StorageOptions): Promise<void> {
const account = await this.getAccount(
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
account.keys.masterKey = value;
await this.saveAccount(
account,
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
}
/** /**
* User's symmetric key used to encrypt/decrypt data * User's symmetric key used to encrypt/decrypt data
*/ */
@@ -607,6 +590,57 @@ export class StateService<
} }
} }
/**
* User's master key derived from MP, saved only if we decrypted with MP
*/
async getMasterKey(options?: StorageOptions): Promise<MasterKey> {
const account = await this.getAccount(
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
return account?.keys?.masterKey;
}
/**
* User's master key derived from MP, saved only if we decrypted with MP
*/
async setMasterKey(value: MasterKey, options?: StorageOptions): Promise<void> {
const account = await this.getAccount(
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
account.keys.masterKey = value;
await this.saveAccount(
account,
this.reconcileOptions(options, await this.defaultInMemoryOptions())
);
}
/**
* The master key encrypted User symmetric key, saved on every auth
* so we can unlock with MP offline
*/
async getUserSymKeyMasterKey(options?: StorageOptions): Promise<string> {
// TODO: defaultOnDiskOptions? Other's are saved in secure storage
return (
await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
)?.keys.userSymKeyMasterKey;
}
/**
* The master key encrypted User symmetric key, saved on every auth
* so we can unlock with MP offline
*/
async setUserSymKeyMasterKey(value: string, options?: StorageOptions): Promise<void> {
// TODO: defaultOnDiskOptions? Other's are saved in secure storage
const account = await this.getAccount(
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
account.keys.userSymKeyMasterKey = value;
await this.saveAccount(
account,
this.reconcileOptions(options, await this.defaultOnDiskOptions())
);
}
/** /**
* User's symmetric key when using the "never" option of vault timeout * User's symmetric key when using the "never" option of vault timeout
*/ */