vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

RSA HMAC cipher string types are deprecated

This commit is contained in:
Kyle Spearrin 2018-11-26 15:29:54 -05:00
parent 0ae636aa53
commit 64a6015a67
2 changed files with 5 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/abstractions/crypto.service.ts
View File

@ -36,7 +36,7 @@ export abstract class CryptoService {
remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>; remakeEncKey: (key: SymmetricCryptoKey) => Promise<[SymmetricCryptoKey, CipherString]>;
encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<CipherString>; encrypt: (plainValue: string | ArrayBuffer, key?: SymmetricCryptoKey) => Promise<CipherString>;
encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>; encryptToBytes: (plainValue: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>;
rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer, key?: SymmetricCryptoKey) => Promise<CipherString>; rsaEncrypt: (data: ArrayBuffer, publicKey?: ArrayBuffer) => Promise<CipherString>;
decryptToBytes: (cipherString: CipherString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>; decryptToBytes: (cipherString: CipherString, key?: SymmetricCryptoKey) => Promise<ArrayBuffer>;
decryptToUtf8: (cipherString: CipherString, key?: SymmetricCryptoKey) => Promise<string>; decryptToUtf8: (cipherString: CipherString, key?: SymmetricCryptoKey) => Promise<string>;
decryptFromBytes: (encBuf: ArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>; decryptFromBytes: (encBuf: ArrayBuffer, key: SymmetricCryptoKey) => Promise<ArrayBuffer>;

32
src/services/crypto.service.ts
View File

@ -308,8 +308,7 @@ export class CryptoService implements CryptoServiceAbstraction {
async makeShareKey(): Promise<[CipherString, SymmetricCryptoKey]> { async makeShareKey(): Promise<[CipherString, SymmetricCryptoKey]> {
const shareKey = await this.cryptoFunctionService.randomBytes(64); const shareKey = await this.cryptoFunctionService.randomBytes(64);
const publicKey = await this.getPublicKey(); const publicKey = await this.getPublicKey();
const encKey = await this.getEncKey(); const encShareKey = await this.rsaEncrypt(shareKey, publicKey);
const encShareKey = await this.rsaEncrypt(shareKey, publicKey, encKey);
return [encShareKey, new SymmetricCryptoKey(shareKey)]; return [encShareKey, new SymmetricCryptoKey(shareKey)];
} }
@ -380,7 +379,7 @@ export class CryptoService implements CryptoServiceAbstraction {
return encBytes.buffer; return encBytes.buffer;
} }
async rsaEncrypt(data: ArrayBuffer, publicKey?: ArrayBuffer, key?: SymmetricCryptoKey): Promise<CipherString> { async rsaEncrypt(data: ArrayBuffer, publicKey?: ArrayBuffer): Promise<CipherString> {
if (publicKey == null) { if (publicKey == null) {
publicKey = await this.getPublicKey(); publicKey = await this.getPublicKey();
} }
@ -388,15 +387,8 @@ export class CryptoService implements CryptoServiceAbstraction {
throw new Error('Public key unavailable.'); throw new Error('Public key unavailable.');
} }
let type = EncryptionType.Rsa2048_OaepSha1_B64;
const encBytes = await this.cryptoFunctionService.rsaEncrypt(data, publicKey, 'sha1'); const encBytes = await this.cryptoFunctionService.rsaEncrypt(data, publicKey, 'sha1');
let mac: string = null; return new CipherString(EncryptionType.Rsa2048_OaepSha1_B64, Utils.fromBufferToB64(encBytes));
if (key != null && key.macKey != null) {
type = EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64;
const macBytes = await this.cryptoFunctionService.hmac(encBytes, key.macKey, 'sha256');
mac = Utils.fromBufferToB64(macBytes);
}
return new CipherString(type, Utils.fromBufferToB64(encBytes), null, mac);
} }
async decryptToBytes(cipherString: CipherString, key?: SymmetricCryptoKey): Promise<ArrayBuffer> { async decryptToBytes(cipherString: CipherString, key?: SymmetricCryptoKey): Promise<ArrayBuffer> {
@ -591,15 +583,9 @@ export class CryptoService implements CryptoServiceAbstraction {
switch (encType) { switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64: case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_B64: case EncryptionType.Rsa2048_OaepSha1_B64:
if (encPieces.length !== 1) { // HmacSha256 types are deprecated
throw new Error('Invalid cipher format.');
}
break;
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64: case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64: case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
if (encPieces.length !== 2) {
throw new Error('Invalid cipher format.');
}
break; break;
default: default:
throw new Error('encType unavailable.'); throw new Error('encType unavailable.');
@ -610,16 +596,6 @@ export class CryptoService implements CryptoServiceAbstraction {
} }
const data = Utils.fromB64ToArray(encPieces[0]).buffer; const data = Utils.fromB64ToArray(encPieces[0]).buffer;
const key = await this.getEncKey();
if (key != null && key.macKey != null && encPieces.length > 1) {
const mac = Utils.fromB64ToArray(encPieces[1]).buffer;
const computedMac = await this.cryptoFunctionService.hmac(data, key.macKey, 'sha256');
const macsEqual = await this.cryptoFunctionService.compare(mac, computedMac);
if (!macsEqual) {
throw new Error('MAC failed.');
}
}
const privateKey = await this.getPrivateKey(); const privateKey = await this.getPrivateKey();
if (privateKey == null) { if (privateKey == null) {
throw new Error('No private key.'); throw new Error('No private key.');