mirror of
https://github.com/bitwarden/browser
synced 2025-12-13 14:53:33 +00:00
[PM-23386] Fix fix usages of encrypt service (#15476)
* Fix incorrect usages of encrypt service * Add docs * Fix types
This commit is contained in:
Bernd Schoolmann
GitHub
@@ -296,10 +296,18 @@ export class TokenService implements TokenServiceAbstraction {
|
|||||||
return await this.encryptService.encryptString(accessToken, accessTokenKey);
|
return await this.encryptService.encryptString(accessToken, accessTokenKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Decrypts the access token using the provided access token key.
|
||||||
|
*
|
||||||
|
* @param accessTokenKey - the key used to decrypt the access token
|
||||||
|
* @param encryptedAccessToken - the encrypted access token to decrypt
|
||||||
|
* @returns the decrypted access token
|
||||||
|
* @throws Error if the access token key is not provided or the decryption fails
|
||||||
|
*/
|
||||||
private async decryptAccessToken(
|
private async decryptAccessToken(
|
||||||
accessTokenKey: AccessTokenKey,
|
accessTokenKey: AccessTokenKey,
|
||||||
encryptedAccessToken: EncString,
|
encryptedAccessToken: EncString,
|
||||||
): Promise<string | null> {
|
): Promise<string> {
|
||||||
if (!accessTokenKey) {
|
if (!accessTokenKey) {
|
||||||
throw new Error(
|
throw new Error(
|
||||||
"decryptAccessToken: Access token key required. Cannot decrypt access token.",
|
"decryptAccessToken: Access token key required. Cannot decrypt access token.",
|
||||||
|
|||||||
@@ -87,12 +87,16 @@ export abstract class EncryptService {
|
|||||||
* Decrypts an EncString to a string
|
* Decrypts an EncString to a string
|
||||||
* @param encString - The EncString containing the encrypted string.
|
* @param encString - The EncString containing the encrypted string.
|
||||||
* @param key - The key to decrypt the value with
|
* @param key - The key to decrypt the value with
|
||||||
|
* @returns The decrypted string
|
||||||
|
* @throws Error if decryption fails
|
||||||
*/
|
*/
|
||||||
abstract decryptString(encString: EncString, key: SymmetricCryptoKey): Promise<string>;
|
abstract decryptString(encString: EncString, key: SymmetricCryptoKey): Promise<string>;
|
||||||
/**
|
/**
|
||||||
* Decrypts an EncString to a Uint8Array
|
* Decrypts an EncString to a Uint8Array
|
||||||
* @param encString - The EncString containing the encrypted bytes.
|
* @param encString - The EncString containing the encrypted bytes.
|
||||||
* @param key - The key to decrypt the value with
|
* @param key - The key to decrypt the value with
|
||||||
|
* @returns The decrypted bytes as a Uint8Array
|
||||||
|
* @throws Error if decryption fails
|
||||||
* @deprecated Bytes are not the right abstraction to encrypt in. Use e.g. key wrapping or file encryption instead
|
* @deprecated Bytes are not the right abstraction to encrypt in. Use e.g. key wrapping or file encryption instead
|
||||||
*/
|
*/
|
||||||
abstract decryptBytes(encString: EncString, key: SymmetricCryptoKey): Promise<Uint8Array>;
|
abstract decryptBytes(encString: EncString, key: SymmetricCryptoKey): Promise<Uint8Array>;
|
||||||
@@ -100,6 +104,8 @@ export abstract class EncryptService {
|
|||||||
* Decrypts an EncArrayBuffer to a Uint8Array
|
* Decrypts an EncArrayBuffer to a Uint8Array
|
||||||
* @param encBuffer - The EncArrayBuffer containing the encrypted file bytes.
|
* @param encBuffer - The EncArrayBuffer containing the encrypted file bytes.
|
||||||
* @param key - The key to decrypt the value with
|
* @param key - The key to decrypt the value with
|
||||||
|
* @returns The decrypted file bytes as a Uint8Array
|
||||||
|
* @throws Error if decryption fails
|
||||||
*/
|
*/
|
||||||
abstract decryptFileData(encBuffer: EncArrayBuffer, key: SymmetricCryptoKey): Promise<Uint8Array>;
|
abstract decryptFileData(encBuffer: EncArrayBuffer, key: SymmetricCryptoKey): Promise<Uint8Array>;
|
||||||
|
|
||||||
@@ -139,6 +145,8 @@ export abstract class EncryptService {
|
|||||||
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
||||||
* @param decapsulationKeyPcks8 - The private key in PKCS8 format
|
* @param decapsulationKeyPcks8 - The private key in PKCS8 format
|
||||||
* @param wrappingKey - The symmetric key to wrap the private key with
|
* @param wrappingKey - The symmetric key to wrap the private key with
|
||||||
|
* @returns The unwrapped private key as a Uint8Array
|
||||||
|
* @throws Error if unwrapping fails
|
||||||
*/
|
*/
|
||||||
abstract unwrapDecapsulationKey(
|
abstract unwrapDecapsulationKey(
|
||||||
wrappedDecapsulationKey: EncString,
|
wrappedDecapsulationKey: EncString,
|
||||||
@@ -149,6 +157,8 @@ export abstract class EncryptService {
|
|||||||
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
||||||
* @param encapsulationKeySpki - The public key in SPKI format
|
* @param encapsulationKeySpki - The public key in SPKI format
|
||||||
* @param wrappingKey - The symmetric key to wrap the public key with
|
* @param wrappingKey - The symmetric key to wrap the public key with
|
||||||
|
* @returns The unwrapped public key as a Uint8Array
|
||||||
|
* @throws Error if unwrapping fails
|
||||||
*/
|
*/
|
||||||
abstract unwrapEncapsulationKey(
|
abstract unwrapEncapsulationKey(
|
||||||
wrappedEncapsulationKey: EncString,
|
wrappedEncapsulationKey: EncString,
|
||||||
@@ -159,6 +169,8 @@ export abstract class EncryptService {
|
|||||||
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
* @see {@link https://en.wikipedia.org/wiki/Key_wrap}
|
||||||
* @param keyToBeWrapped - The symmetric key to wrap
|
* @param keyToBeWrapped - The symmetric key to wrap
|
||||||
* @param wrappingKey - The symmetric key to wrap the encapsulated key with
|
* @param wrappingKey - The symmetric key to wrap the encapsulated key with
|
||||||
|
* @returns The unwrapped symmetric key as a SymmetricCryptoKey
|
||||||
|
* @throws Error if unwrapping fails
|
||||||
*/
|
*/
|
||||||
abstract unwrapSymmetricKey(
|
abstract unwrapSymmetricKey(
|
||||||
keyToBeUnwrapped: EncString,
|
keyToBeUnwrapped: EncString,
|
||||||
@@ -182,6 +194,8 @@ export abstract class EncryptService {
|
|||||||
* @see {@link https://en.wikipedia.org/wiki/Key_encapsulation_mechanism}
|
* @see {@link https://en.wikipedia.org/wiki/Key_encapsulation_mechanism}
|
||||||
* @param encryptedSharedKey - The encrypted shared symmetric key
|
* @param encryptedSharedKey - The encrypted shared symmetric key
|
||||||
* @param decapsulationKey - The key to decapsulate with (private key)
|
* @param decapsulationKey - The key to decapsulate with (private key)
|
||||||
|
* @return The decapsulated symmetric key
|
||||||
|
* @throws Error if decapsulation fails
|
||||||
*/
|
*/
|
||||||
abstract decapsulateKeyUnsigned(
|
abstract decapsulateKeyUnsigned(
|
||||||
encryptedSharedKey: EncString,
|
encryptedSharedKey: EncString,
|
||||||
|
|||||||
@@ -74,11 +74,9 @@ export class BitwardenJsonImporter extends BaseImporter implements Importer {
|
|||||||
keyForDecryption = await this.keyService.getUserKey();
|
keyForDecryption = await this.keyService.getUserKey();
|
||||||
}
|
}
|
||||||
const encKeyValidation = new EncString(results.encKeyValidation_DO_NOT_EDIT);
|
const encKeyValidation = new EncString(results.encKeyValidation_DO_NOT_EDIT);
|
||||||
const encKeyValidationDecrypt = await this.encryptService.decryptString(
|
try {
|
||||||
encKeyValidation,
|
await this.encryptService.decryptString(encKeyValidation, keyForDecryption);
|
||||||
keyForDecryption,
|
} catch {
|
||||||
);
|
|
||||||
if (encKeyValidationDecrypt === null) {
|
|
||||||
this.result.success = false;
|
this.result.success = false;
|
||||||
this.result.errorMessage = this.i18nService.t("importEncKeyError");
|
this.result.errorMessage = this.i18nService.t("importEncKeyError");
|
||||||
return;
|
return;
|
||||||
|
|||||||
Reference in New Issue
Block a user