[PM-19731] Refactor encrypt service to expose key wrapping (#14080)

* Refactor encrypt service to expose key wrapping * Fix build * Undo ts strict removal * Fix wrong method being used to encrypt key material * Rename parameters and remove todo * Add summary to encrypt * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/abstractions/encrypt.service.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Update libs/common/src/key-management/crypto/services/encrypt.service.implementation.ts Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com> * Add tests for unhappy paths * Add test coverage * Add links --------- Co-authored-by: Thomas Avery <43214426+Thomas-Avery@users.noreply.github.com>
2025-12-16 00:03:56 +00:00 · 2025-04-22 15:56:39 +02:00
parent 2aeca29b20
commit e231286f37
21 changed files with 272 additions and 55 deletions
--- a/libs/common/src/tools/send/services/send.service.spec.ts
+++ b/libs/common/src/tools/send/services/send.service.spec.ts
@@ -479,7 +479,7 @@ describe("SendService", () => {
    beforeEach(() => {
      encryptService.decryptToBytes.mockResolvedValue(new Uint8Array(32));
      encryptedKey = new EncString("Re-encrypted Send Key");
-      encryptService.encrypt.mockResolvedValue(encryptedKey);
+      encryptService.wrapSymmetricKey.mockResolvedValue(encryptedKey);
    });

    it("returns re-encrypted user sends", async () => {
--- a/libs/common/src/tools/send/services/send.service.ts
+++ b/libs/common/src/tools/send/services/send.service.ts
@@ -81,6 +81,7 @@ export class SendService implements InternalSendServiceAbstraction {
    if (key == null) {
      key = await this.keyService.getUserKey();
    }
+    // Key is not a SymmetricCryptoKey, but key material used to derive the cryptoKey
    send.key = await this.encryptService.encrypt(model.key, key);
    send.name = await this.encryptService.encrypt(model.name, model.cryptoKey);
    send.notes = await this.encryptService.encrypt(model.notes, model.cryptoKey);
@@ -287,8 +288,10 @@ export class SendService implements InternalSendServiceAbstraction {
  ) {
    const requests = await Promise.all(
      sends.map(async (send) => {
-        const sendKey = await this.encryptService.decryptToBytes(send.key, originalUserKey);
-        send.key = await this.encryptService.encrypt(sendKey, rotateUserKey);
+        const sendKey = new SymmetricCryptoKey(
+          await this.encryptService.decryptToBytes(send.key, originalUserKey),
+        );
+        send.key = await this.encryptService.wrapSymmetricKey(sendKey, rotateUserKey);
        return new SendWithIdRequest(send);
      }),
    );