bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-19 17:53:39 +00:00
Code Issues Releases Wiki Activity

[PM-24107] Migrate KM's usage of getUserKey from the key service (#17117)

Browse Source 
* Remove internal use of getUserKey in the key service

* Move ownership of RotateableKeySet and remove usage of getUserKey

* Add input validation to createKeySet
This commit is contained in:
Thomas Avery
2025-11-13 10:07:13 -06:00
committed by GitHub
parent 42a79e65cf
commit cfe2458935
23 changed files with 488 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
libs/key-management/src/key.service.spec.ts
View File

@@ -1357,6 +1357,51 @@ describe("keyService", () => {
});
});
describe("encryptUserKeyWithMasterKey", () => {
const mockMasterKey = makeSymmetricCryptoKey<MasterKey>(32);
const mockUserKey = makeSymmetricCryptoKey<UserKey>(64);
test.each([null as unknown as MasterKey, undefined as unknown as MasterKey])(
"throws when the provided master key is %s",
async (key) => {
await expect(keyService.encryptUserKeyWithMasterKey(key, mockUserKey)).rejects.toThrow(
"masterKey is required.",
);
},
);
test.each([null as unknown as UserKey, undefined as unknown as UserKey])(
"throws when the provided userKey key is %s",
async (key) => {
await expect(keyService.encryptUserKeyWithMasterKey(mockMasterKey, key)).rejects.toThrow(
"userKey is required.",
);
},
);
it("throws with invalid master key size", async () => {
const invalidMasterKey = new SymmetricCryptoKey(new Uint8Array(78)) as MasterKey;
await expect(
keyService.encryptUserKeyWithMasterKey(invalidMasterKey, mockUserKey),
).rejects.toThrow("Invalid key size.");
});
it("encrypts the user key with the master key", async () => {
const mockEncryptedUserKey = makeEncString("encryptedUserKey");
encryptService.wrapSymmetricKey.mockResolvedValue(mockEncryptedUserKey);
const stretchedMasterKey = new SymmetricCryptoKey(new Uint8Array(64));
keyGenerationService.stretchKey.mockResolvedValue(stretchedMasterKey);
const result = await keyService.encryptUserKeyWithMasterKey(mockMasterKey, mockUserKey);
expect(encryptService.wrapSymmetricKey).toHaveBeenCalledWith(mockUserKey, stretchedMasterKey);
expect(result[0]).toBe(mockUserKey);
expect(result[1]).toBe(mockEncryptedUserKey);
});
});
describe("makeKeyPair", () => {
test.each([null as unknown as SymmetricCryptoKey, undefined as unknown as SymmetricCryptoKey])(
"throws when the provided key is %s",