add storage for master key encrypted user symmetric key

2025-02-13 00:51:45 +01:00 · 2023-05-23 16:57:31 -04:00 · 2023-05-23 16:57:31 -04:00 · bc4b3f3d74
commit bc4b3f3d74
parent 702dfb7eaf
3 changed files with 57 additions and 20 deletions
--- a/libs/common/src/platform/abstractions/state.service.ts
+++ b/libs/common/src/platform/abstractions/state.service.ts
@ -78,10 +78,12 @@ export abstract class StateService<T extends Account = Account> {
  setConvertAccountToKeyConnector: (value: boolean, options?: StorageOptions) => Promise<void>;

  // new keys
-  getMasterKey: (options?: StorageOptions) => Promise<MasterKey>;
-  setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
  getUserSymKey: (options?: StorageOptions) => Promise<UserSymKey>;
  setUserSymKey: (value: UserSymKey, options?: StorageOptions) => Promise<void>;
+  getMasterKey: (options?: StorageOptions) => Promise<MasterKey>;
+  setMasterKey: (value: MasterKey, options?: StorageOptions) => Promise<void>;
+  getUserSymKeyMasterKey: (options?: StorageOptions) => Promise<string>;
+  setUserSymKeyMasterKey: (value: string, options?: StorageOptions) => Promise<void>;
  getUserSymKeyAuto: (options?: StorageOptions) => Promise<string>;
  setUserSymKeyAuto: (value: string, options?: StorageOptions) => Promise<void>;
  getUserSymKeyBiometric: (options?: StorageOptions) => Promise<string>;
--- a/libs/common/src/platform/models/domain/account.ts
+++ b/libs/common/src/platform/models/domain/account.ts
@ -100,8 +100,9 @@ export class AccountData {

 export class AccountKeys {
  // new keys
-  masterKey?: MasterKey;
  userSymKey?: UserSymKey;
+  masterKey?: MasterKey;
+  userSymKeyMasterKey?: string;
  userSymKeyAuto?: string;
  userSymKeyBiometric?: string;
  // end new keys
--- a/libs/common/src/platform/services/state.service.ts
+++ b/libs/common/src/platform/services/state.service.ts
@ -557,23 +557,6 @@ export class StateService<
    }
  }

-  async getMasterKey(options?: StorageOptions): Promise<MasterKey> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultInMemoryOptions())
-    );
-    return account?.keys?.masterKey;
-  }
-  async setMasterKey(value: MasterKey, options?: StorageOptions): Promise<void> {
-    const account = await this.getAccount(
-      this.reconcileOptions(options, await this.defaultInMemoryOptions())
-    );
-    account.keys.masterKey = value;
-    await this.saveAccount(
-      account,
-      this.reconcileOptions(options, await this.defaultInMemoryOptions())
-    );
-  }
-
  /**
   * User's symmetric key used to encrypt/decrypt data
   */
@ -607,6 +590,57 @@ export class StateService<
    }
  }

+  /**
+   * User's master key derived from MP, saved only if we decrypted with MP
+   */
+  async getMasterKey(options?: StorageOptions): Promise<MasterKey> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    return account?.keys?.masterKey;
+  }
+
+  /**
+   * User's master key derived from MP, saved only if we decrypted with MP
+   */
+  async setMasterKey(value: MasterKey, options?: StorageOptions): Promise<void> {
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+    account.keys.masterKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultInMemoryOptions())
+    );
+  }
+
+  /**
+   * The master key encrypted User symmetric key, saved on every auth
+   * so we can unlock with MP offline
+   */
+  async getUserSymKeyMasterKey(options?: StorageOptions): Promise<string> {
+    // TODO: defaultOnDiskOptions? Other's are saved in secure storage
+    return (
+      await this.getAccount(this.reconcileOptions(options, await this.defaultOnDiskOptions()))
+    )?.keys.userSymKeyMasterKey;
+  }
+
+  /**
+   * The master key encrypted User symmetric key, saved on every auth
+   * so we can unlock with MP offline
+   */
+  async setUserSymKeyMasterKey(value: string, options?: StorageOptions): Promise<void> {
+    // TODO: defaultOnDiskOptions? Other's are saved in secure storage
+    const account = await this.getAccount(
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+    account.keys.userSymKeyMasterKey = value;
+    await this.saveAccount(
+      account,
+      this.reconcileOptions(options, await this.defaultOnDiskOptions())
+    );
+  }
+
  /**
   * User's symmetric key when using the "never" option of vault timeout
   */