Use a passed in key in derivation so we can validate other keys (#8954)
* Use a passed in key in derivation so we can validate other keys * Fix user key type tests
This commit is contained in:
parent
0ecde07525
commit
88eeebb084
|
@ -100,7 +100,7 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||||
USER_PRIVATE_KEY,
|
USER_PRIVATE_KEY,
|
||||||
{
|
{
|
||||||
encryptService: this.encryptService,
|
encryptService: this.encryptService,
|
||||||
cryptoService: this,
|
getUserKey: (userId) => this.getUserKey(userId),
|
||||||
},
|
},
|
||||||
);
|
);
|
||||||
this.activeUserPrivateKey$ = this.activeUserPrivateKeyState.state$; // may be null
|
this.activeUserPrivateKey$ = this.activeUserPrivateKeyState.state$; // may be null
|
||||||
|
@ -738,13 +738,23 @@ export class CryptoService implements CryptoServiceAbstraction {
|
||||||
// Can decrypt private key
|
// Can decrypt private key
|
||||||
const privateKey = await USER_PRIVATE_KEY.derive([userId, encPrivateKey], {
|
const privateKey = await USER_PRIVATE_KEY.derive([userId, encPrivateKey], {
|
||||||
encryptService: this.encryptService,
|
encryptService: this.encryptService,
|
||||||
cryptoService: this,
|
getUserKey: () => Promise.resolve(key),
|
||||||
});
|
});
|
||||||
|
|
||||||
|
if (privateKey == null) {
|
||||||
|
// failed to decrypt
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
// Can successfully derive public key
|
// Can successfully derive public key
|
||||||
await USER_PUBLIC_KEY.derive(privateKey, {
|
const publicKey = await USER_PUBLIC_KEY.derive(privateKey, {
|
||||||
cryptoFunctionService: this.cryptoFunctionService,
|
cryptoFunctionService: this.cryptoFunctionService,
|
||||||
});
|
});
|
||||||
|
|
||||||
|
if (publicKey == null) {
|
||||||
|
// failed to decrypt
|
||||||
|
return false;
|
||||||
|
}
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@ import { EncryptService } from "../../abstractions/encrypt.service";
|
||||||
import { EncryptionType } from "../../enums";
|
import { EncryptionType } from "../../enums";
|
||||||
import { Utils } from "../../misc/utils";
|
import { Utils } from "../../misc/utils";
|
||||||
import { EncString } from "../../models/domain/enc-string";
|
import { EncString } from "../../models/domain/enc-string";
|
||||||
import { CryptoService } from "../crypto.service";
|
|
||||||
|
|
||||||
import {
|
import {
|
||||||
USER_ENCRYPTED_PRIVATE_KEY,
|
USER_ENCRYPTED_PRIVATE_KEY,
|
||||||
|
@ -89,40 +88,37 @@ describe("Derived decrypted private key", () => {
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should derive decrypted private key", async () => {
|
it("should derive decrypted private key", async () => {
|
||||||
const cryptoService = mock<CryptoService>();
|
const getUserKey = jest.fn(async () => userKey);
|
||||||
cryptoService.getUserKey.mockResolvedValue(userKey);
|
|
||||||
const encryptService = mock<EncryptService>();
|
const encryptService = mock<EncryptService>();
|
||||||
encryptService.decryptToBytes.mockResolvedValue(decryptedPrivateKey);
|
encryptService.decryptToBytes.mockResolvedValue(decryptedPrivateKey);
|
||||||
|
|
||||||
const result = await sut.derive([userId, encryptedPrivateKey], {
|
const result = await sut.derive([userId, encryptedPrivateKey], {
|
||||||
encryptService,
|
encryptService,
|
||||||
cryptoService,
|
getUserKey,
|
||||||
});
|
});
|
||||||
|
|
||||||
expect(result).toEqual(decryptedPrivateKey);
|
expect(result).toEqual(decryptedPrivateKey);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should handle null input values", async () => {
|
it("should handle null input values", async () => {
|
||||||
const cryptoService = mock<CryptoService>();
|
const getUserKey = jest.fn(async () => userKey);
|
||||||
cryptoService.getUserKey.mockResolvedValue(userKey);
|
|
||||||
const encryptService = mock<EncryptService>();
|
const encryptService = mock<EncryptService>();
|
||||||
|
|
||||||
const result = await sut.derive([userId, null], {
|
const result = await sut.derive([userId, null], {
|
||||||
encryptService,
|
encryptService,
|
||||||
cryptoService,
|
getUserKey,
|
||||||
});
|
});
|
||||||
|
|
||||||
expect(result).toEqual(null);
|
expect(result).toEqual(null);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("should handle null user key", async () => {
|
it("should handle null user key", async () => {
|
||||||
const cryptoService = mock<CryptoService>();
|
const getUserKey = jest.fn(async () => null);
|
||||||
cryptoService.getUserKey.mockResolvedValue(null);
|
|
||||||
const encryptService = mock<EncryptService>();
|
const encryptService = mock<EncryptService>();
|
||||||
|
|
||||||
const result = await sut.derive([userId, encryptedPrivateKey], {
|
const result = await sut.derive([userId, encryptedPrivateKey], {
|
||||||
encryptService,
|
encryptService,
|
||||||
cryptoService,
|
getUserKey,
|
||||||
});
|
});
|
||||||
|
|
||||||
expect(result).toEqual(null);
|
expect(result).toEqual(null);
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
|
import { UserId } from "../../../types/guid";
|
||||||
import { UserPrivateKey, UserPublicKey, UserKey } from "../../../types/key";
|
import { UserPrivateKey, UserPublicKey, UserKey } from "../../../types/key";
|
||||||
import { CryptoFunctionService } from "../../abstractions/crypto-function.service";
|
import { CryptoFunctionService } from "../../abstractions/crypto-function.service";
|
||||||
import { EncryptService } from "../../abstractions/encrypt.service";
|
import { EncryptService } from "../../abstractions/encrypt.service";
|
||||||
import { EncString, EncryptedString } from "../../models/domain/enc-string";
|
import { EncString, EncryptedString } from "../../models/domain/enc-string";
|
||||||
import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
|
import { SymmetricCryptoKey } from "../../models/domain/symmetric-crypto-key";
|
||||||
import { CRYPTO_DISK, DeriveDefinition, CRYPTO_MEMORY, UserKeyDefinition } from "../../state";
|
import { CRYPTO_DISK, DeriveDefinition, CRYPTO_MEMORY, UserKeyDefinition } from "../../state";
|
||||||
import { CryptoService } from "../crypto.service";
|
|
||||||
|
|
||||||
export const USER_EVER_HAD_USER_KEY = new UserKeyDefinition<boolean>(
|
export const USER_EVER_HAD_USER_KEY = new UserKeyDefinition<boolean>(
|
||||||
CRYPTO_DISK,
|
CRYPTO_DISK,
|
||||||
|
@ -28,15 +28,15 @@ export const USER_PRIVATE_KEY = DeriveDefinition.fromWithUserId<
|
||||||
EncryptedString,
|
EncryptedString,
|
||||||
UserPrivateKey,
|
UserPrivateKey,
|
||||||
// TODO: update cryptoService to user key directly
|
// TODO: update cryptoService to user key directly
|
||||||
{ encryptService: EncryptService; cryptoService: CryptoService }
|
{ encryptService: EncryptService; getUserKey: (userId: UserId) => Promise<UserKey> }
|
||||||
>(USER_ENCRYPTED_PRIVATE_KEY, {
|
>(USER_ENCRYPTED_PRIVATE_KEY, {
|
||||||
deserializer: (obj) => new Uint8Array(Object.values(obj)) as UserPrivateKey,
|
deserializer: (obj) => new Uint8Array(Object.values(obj)) as UserPrivateKey,
|
||||||
derive: async ([userId, encPrivateKeyString], { encryptService, cryptoService }) => {
|
derive: async ([userId, encPrivateKeyString], { encryptService, getUserKey }) => {
|
||||||
if (encPrivateKeyString == null) {
|
if (encPrivateKeyString == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
const userKey = await cryptoService.getUserKey(userId);
|
const userKey = await getUserKey(userId);
|
||||||
if (userKey == null) {
|
if (userKey == null) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue