mirror of
https://github.com/bitwarden/browser
synced 2025-12-17 16:53:34 +00:00
refactor crypto service to use crypto functions
This commit is contained in:
Kyle Spearrin
@@ -87,7 +87,7 @@ export class CipherString {
|
||||
}
|
||||
}
|
||||
|
||||
decrypt(orgId: string): Promise<string> {
|
||||
async decrypt(orgId: string): Promise<string> {
|
||||
if (this.decryptedValue) {
|
||||
return Promise.resolve(this.decryptedValue);
|
||||
}
|
||||
@@ -100,14 +100,12 @@ export class CipherString {
|
||||
throw new Error('window.bitwardenContainerService not initialized.');
|
||||
}
|
||||
|
||||
return cryptoService.getOrgKey(orgId).then((orgKey: any) => {
|
||||
return cryptoService.decrypt(this, orgKey);
|
||||
}).then((decValue: any) => {
|
||||
this.decryptedValue = decValue;
|
||||
return this.decryptedValue;
|
||||
}).catch(() => {
|
||||
try {
|
||||
const orgKey = await cryptoService.getOrgKey(orgId);
|
||||
this.decryptedValue = await cryptoService.decryptToUtf8(this, orgKey);
|
||||
} catch (e) {
|
||||
this.decryptedValue = '[error: cannot decrypt]';
|
||||
return this.decryptedValue;
|
||||
});
|
||||
}
|
||||
return this.decryptedValue;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
import { SymmetricCryptoKey } from './symmetricCryptoKey';
|
||||
|
||||
export class EncryptedObject {
|
||||
iv: Uint8Array;
|
||||
ct: Uint8Array;
|
||||
mac: Uint8Array;
|
||||
iv: ArrayBuffer;
|
||||
ct: ArrayBuffer;
|
||||
mac: ArrayBuffer;
|
||||
key: SymmetricCryptoKey;
|
||||
}
|
||||
|
||||
@@ -14,4 +14,3 @@ export { LoginUri } from './loginUri';
|
||||
export { PasswordHistory } from './passwordHistory';
|
||||
export { SecureNote } from './secureNote';
|
||||
export { SymmetricCryptoKey } from './symmetricCryptoKey';
|
||||
export { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';
|
||||
|
||||
@@ -1,80 +1,45 @@
|
||||
import * as forge from 'node-forge';
|
||||
|
||||
import { EncryptionType } from '../../enums/encryptionType';
|
||||
|
||||
import { SymmetricCryptoKeyBuffers } from './symmetricCryptoKeyBuffers';
|
||||
|
||||
import { UtilsService } from '../../services/utils.service';
|
||||
import { Utils } from '../../misc/utils';
|
||||
|
||||
export class SymmetricCryptoKey {
|
||||
key: string;
|
||||
keyB64: string;
|
||||
encKey: string;
|
||||
macKey: string;
|
||||
key: ArrayBuffer;
|
||||
encKey?: ArrayBuffer;
|
||||
macKey?: ArrayBuffer;
|
||||
encType: EncryptionType;
|
||||
keyBuf: SymmetricCryptoKeyBuffers;
|
||||
|
||||
constructor(keyBytes: string, b64KeyBytes?: boolean, encType?: EncryptionType) {
|
||||
if (b64KeyBytes) {
|
||||
keyBytes = forge.util.decode64(keyBytes);
|
||||
keyB64: string;
|
||||
|
||||
constructor(key: ArrayBuffer, encType?: EncryptionType) {
|
||||
if (key == null) {
|
||||
throw new Error('Must provide key');
|
||||
}
|
||||
|
||||
if (!keyBytes) {
|
||||
throw new Error('Must provide keyBytes');
|
||||
}
|
||||
|
||||
const buffer = (forge as any).util.createBuffer(keyBytes);
|
||||
if (!buffer || buffer.length() === 0) {
|
||||
throw new Error('Couldn\'t make buffer');
|
||||
}
|
||||
|
||||
const bufferLength: number = buffer.length();
|
||||
|
||||
if (encType == null) {
|
||||
if (bufferLength === 32) {
|
||||
if (key.byteLength === 32) {
|
||||
encType = EncryptionType.AesCbc256_B64;
|
||||
} else if (bufferLength === 64) {
|
||||
} else if (key.byteLength === 64) {
|
||||
encType = EncryptionType.AesCbc256_HmacSha256_B64;
|
||||
} else {
|
||||
throw new Error('Unable to determine encType.');
|
||||
}
|
||||
}
|
||||
|
||||
this.key = keyBytes;
|
||||
this.keyB64 = forge.util.encode64(keyBytes);
|
||||
this.key = key;
|
||||
this.keyB64 = Utils.fromBufferToB64(key);
|
||||
this.encType = encType;
|
||||
|
||||
if (encType === EncryptionType.AesCbc256_B64 && bufferLength === 32) {
|
||||
this.encKey = keyBytes;
|
||||
if (encType === EncryptionType.AesCbc256_B64 && key.byteLength === 32) {
|
||||
this.encKey = key;
|
||||
this.macKey = null;
|
||||
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && bufferLength === 32) {
|
||||
this.encKey = buffer.getBytes(16); // first half
|
||||
this.macKey = buffer.getBytes(16); // second half
|
||||
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && bufferLength === 64) {
|
||||
this.encKey = buffer.getBytes(32); // first half
|
||||
this.macKey = buffer.getBytes(32); // second half
|
||||
} else if (encType === EncryptionType.AesCbc128_HmacSha256_B64 && key.byteLength === 32) {
|
||||
this.encKey = key.slice(0, 16);
|
||||
this.macKey = key.slice(16, 32);
|
||||
} else if (encType === EncryptionType.AesCbc256_HmacSha256_B64 && key.byteLength === 64) {
|
||||
this.encKey = key.slice(0, 32);
|
||||
this.macKey = key.slice(32, 64);
|
||||
} else {
|
||||
throw new Error('Unsupported encType/key length.');
|
||||
}
|
||||
}
|
||||
|
||||
getBuffers(): SymmetricCryptoKeyBuffers {
|
||||
if (this.keyBuf) {
|
||||
return this.keyBuf;
|
||||
}
|
||||
|
||||
const key = UtilsService.fromB64ToArray(this.keyB64);
|
||||
const keys = new SymmetricCryptoKeyBuffers(key.buffer);
|
||||
|
||||
if (this.macKey) {
|
||||
keys.encKey = key.slice(0, key.length / 2).buffer;
|
||||
keys.macKey = key.slice(key.length / 2).buffer;
|
||||
} else {
|
||||
keys.encKey = key.buffer;
|
||||
keys.macKey = null;
|
||||
}
|
||||
|
||||
this.keyBuf = keys;
|
||||
return this.keyBuf;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
export class SymmetricCryptoKeyBuffers {
|
||||
key: ArrayBuffer;
|
||||
encKey?: ArrayBuffer;
|
||||
macKey?: ArrayBuffer;
|
||||
|
||||
constructor(key: ArrayBuffer) {
|
||||
this.key = key;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user