[PM-27239] Tde registration encryption v2 (#17831)

* tmp * Implement TDE v2 registration via SDK * Undo encstring test string change * Add feature flag * Add tests * Continue tests * Cleanup * Cleanup * run prettier * Update to apply new sdk changes * Fix build * Update package lock * Fix tests --------- Co-authored-by: Bernd Schoolmann <quexten@fedora-2.fritz.box>
2026-02-18 18:33:50 +00:00 · 2025-12-23 16:27:25 +01:00
parent 505d2fff00
commit d28019c195
7 changed files with 501 additions and 21 deletions
--- a/libs/common/src/enums/feature-flag.enum.ts
+++ b/libs/common/src/enums/feature-flag.enum.ts
@@ -44,6 +44,7 @@ export enum FeatureFlag {
  NoLogoutOnKdfChange = "pm-23995-no-logout-on-kdf-change",
  DataRecoveryTool = "pm-28813-data-recovery-tool",
  ConsolidatedSessionTimeoutComponent = "pm-26056-consolidated-session-timeout-component",
+  PM27279_V2RegistrationTdeJit = "pm-27279-v2-registration-tde-jit",

  /* Tools */
  DesktopSendUIRefresh = "desktop-send-ui-refresh",
@@ -154,6 +155,7 @@ export const DefaultFeatureFlagValue = {
  [FeatureFlag.NoLogoutOnKdfChange]: FALSE,
  [FeatureFlag.DataRecoveryTool]: FALSE,
  [FeatureFlag.ConsolidatedSessionTimeoutComponent]: FALSE,
+  [FeatureFlag.PM27279_V2RegistrationTdeJit]: FALSE,

  /* Platform */
  [FeatureFlag.IpcChannelFramework]: FALSE,
--- a/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts
+++ b/libs/common/src/key-management/device-trust/abstractions/device-trust.service.abstraction.ts
@@ -39,6 +39,7 @@ export abstract class DeviceTrustServiceAbstraction {

  /** Retrieves the device key if it exists from state or secure storage if supported for the active user. */
  abstract getDeviceKey(userId: UserId): Promise<DeviceKey | null>;
+  abstract setDeviceKey(userId: UserId, deviceKey: DeviceKey | null): Promise<void>;
  abstract decryptUserKeyWithDeviceKey(
    userId: UserId,
    encryptedDevicePrivateKey: EncString,
--- a/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
+++ b/libs/common/src/key-management/device-trust/services/device-trust.service.implementation.ts
@@ -356,7 +356,7 @@ export class DeviceTrustService implements DeviceTrustServiceAbstraction {
    }
  }

-  private async setDeviceKey(userId: UserId, deviceKey: DeviceKey | null): Promise<void> {
+  async setDeviceKey(userId: UserId, deviceKey: DeviceKey | null): Promise<void> {
    if (!userId) {
      throw new Error("UserId is required. Cannot set device key.");
    }