mirror of
https://github.com/bitwarden/browser
synced 2026-02-28 18:43:26 +00:00
9c1e2ebd67
* Use typescript-strict-plugin to iteratively turn on strict * Add strict testing to pipeline Can be executed locally through either `npm run test:types` for full type checking including spec files, or `npx tsc-strict` for only tsconfig.json included files. * turn on strict for scripts directory * Use plugin for all tsconfigs in monorepo vscode is capable of executing tsc with plugins, but uses the most relevant tsconfig to do so. If the plugin is not a part of that config, it is skipped and developers get no feedback of strict compile time issues. These updates remedy that at the cost of slightly more complex removal of the plugin when the time comes. * remove plugin from configs that extend one that already has it * Update workspace settings to honor strict plugin * Apply strict-plugin to native message test runner * Update vscode workspace to use root tsc version * `./node_modules/.bin/update-strict-comments` 🤖 This is a one-time operation. All future files should adhere to strict type checking. * Add fixme to `ts-strict-ignore` comments * `update-strict-comments` 🤖 repeated for new merge files
92 lines
3.4 KiB
TypeScript
92 lines
3.4 KiB
TypeScript
// FIXME: Update this file to be type safe and remove this and next line
|
|
// @ts-strict-ignore
|
|
import { KdfConfig, PBKDF2KdfConfig, Argon2KdfConfig, KdfType } from "@bitwarden/key-management";
|
|
|
|
import { CsprngArray } from "../../types/csprng";
|
|
import { CryptoFunctionService } from "../abstractions/crypto-function.service";
|
|
import { KeyGenerationService as KeyGenerationServiceAbstraction } from "../abstractions/key-generation.service";
|
|
import { Utils } from "../misc/utils";
|
|
import { SymmetricCryptoKey } from "../models/domain/symmetric-crypto-key";
|
|
|
|
export class KeyGenerationService implements KeyGenerationServiceAbstraction {
|
|
constructor(private cryptoFunctionService: CryptoFunctionService) {}
|
|
|
|
async createKey(bitLength: 256 | 512): Promise<SymmetricCryptoKey> {
|
|
const key = await this.cryptoFunctionService.aesGenerateKey(bitLength);
|
|
return new SymmetricCryptoKey(key);
|
|
}
|
|
|
|
async createKeyWithPurpose(
|
|
bitLength: 128 | 192 | 256 | 512,
|
|
purpose: string,
|
|
salt?: string,
|
|
): Promise<{ salt: string; material: CsprngArray; derivedKey: SymmetricCryptoKey }> {
|
|
if (salt == null) {
|
|
const bytes = await this.cryptoFunctionService.randomBytes(32);
|
|
salt = Utils.fromBufferToUtf8(bytes);
|
|
}
|
|
const material = await this.cryptoFunctionService.aesGenerateKey(bitLength);
|
|
const key = await this.cryptoFunctionService.hkdf(material, salt, purpose, 64, "sha256");
|
|
return { salt, material, derivedKey: new SymmetricCryptoKey(key) };
|
|
}
|
|
|
|
async deriveKeyFromMaterial(
|
|
material: CsprngArray,
|
|
salt: string,
|
|
purpose: string,
|
|
): Promise<SymmetricCryptoKey> {
|
|
const key = await this.cryptoFunctionService.hkdf(material, salt, purpose, 64, "sha256");
|
|
return new SymmetricCryptoKey(key);
|
|
}
|
|
|
|
async deriveKeyFromPassword(
|
|
password: string | Uint8Array,
|
|
salt: string | Uint8Array,
|
|
kdfConfig: KdfConfig,
|
|
): Promise<SymmetricCryptoKey> {
|
|
let key: Uint8Array = null;
|
|
if (kdfConfig.kdfType == null || kdfConfig.kdfType === KdfType.PBKDF2_SHA256) {
|
|
if (kdfConfig.iterations == null) {
|
|
kdfConfig.iterations = PBKDF2KdfConfig.ITERATIONS.defaultValue;
|
|
}
|
|
|
|
key = await this.cryptoFunctionService.pbkdf2(password, salt, "sha256", kdfConfig.iterations);
|
|
} else if (kdfConfig.kdfType == KdfType.Argon2id) {
|
|
if (kdfConfig.iterations == null) {
|
|
kdfConfig.iterations = Argon2KdfConfig.ITERATIONS.defaultValue;
|
|
}
|
|
|
|
if (kdfConfig.memory == null) {
|
|
kdfConfig.memory = Argon2KdfConfig.MEMORY.defaultValue;
|
|
}
|
|
|
|
if (kdfConfig.parallelism == null) {
|
|
kdfConfig.parallelism = Argon2KdfConfig.PARALLELISM.defaultValue;
|
|
}
|
|
|
|
const saltHash = await this.cryptoFunctionService.hash(salt, "sha256");
|
|
key = await this.cryptoFunctionService.argon2(
|
|
password,
|
|
saltHash,
|
|
kdfConfig.iterations,
|
|
kdfConfig.memory * 1024, // convert to KiB from MiB
|
|
kdfConfig.parallelism,
|
|
);
|
|
} else {
|
|
throw new Error("Unknown Kdf.");
|
|
}
|
|
return new SymmetricCryptoKey(key);
|
|
}
|
|
|
|
async stretchKey(key: SymmetricCryptoKey): Promise<SymmetricCryptoKey> {
|
|
const newKey = new Uint8Array(64);
|
|
const encKey = await this.cryptoFunctionService.hkdfExpand(key.key, "enc", 32, "sha256");
|
|
const macKey = await this.cryptoFunctionService.hkdfExpand(key.key, "mac", 32, "sha256");
|
|
|
|
newKey.set(new Uint8Array(encKey));
|
|
newKey.set(new Uint8Array(macKey), 32);
|
|
|
|
return new SymmetricCryptoKey(newKey);
|
|
}
|
|
}
|