Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2025-01-07 19:07:45 +01:00
Code Issues Projects Releases Wiki Activity

use org key or user key for encrypting attachments

Browse Source
This commit is contained in:
Jacob Fink 2023-06-26 23:08:25 -04:00
parent 31a1491c81
commit f1761c6afc
No known key found for this signature in database
GPG Key ID: C2F7ACF05859D008
3 changed files with 27 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libs/common/src/platform/abstractions/crypto.service.ts
View File

@ -204,7 +204,7 @@ export abstract class CryptoService {
* Uses the org key to derive a new symmetric key for encrypting data * Uses the org key to derive a new symmetric key for encrypting data
* @param orgKey The organization's symmetric key * @param orgKey The organization's symmetric key
*/ */
makeOrgDataEncKey: (orgKey: OrgKey) => Promise<[SymmetricCryptoKey, EncString]>; makeDataEncKey: <T extends UserKey | OrgKey>(key: T) => Promise<[SymmetricCryptoKey, EncString]>;
/** /**
* Clears the user's stored organization keys * Clears the user's stored organization keys
* @param memoryOnly Clear only the in-memory keys * @param memoryOnly Clear only the in-memory keys

10
libs/common/src/platform/services/crypto.service.ts
View File

@ -336,13 +336,15 @@ export class CryptoService implements CryptoServiceAbstraction {
return result; return result;
} }
async makeOrgDataEncKey(orgKey: OrgKey): Promise<[SymmetricCryptoKey, EncString]> { async makeDataEncKey<T extends OrgKey | UserKey>(
if (orgKey == null) { key: T
throw new Error("No Org Key provided"); ): Promise<[SymmetricCryptoKey, EncString]> {
if (key == null) {
throw new Error("No key provided");
} }
const newSymKey = await this.cryptoFunctionService.randomBytes(64); const newSymKey = await this.cryptoFunctionService.randomBytes(64);
return this.buildProtectedSymmetricKey(orgKey, newSymKey); return this.buildProtectedSymmetricKey(key, newSymKey);
} }
async clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void> { async clearOrgKeys(memoryOnly?: boolean, userId?: string): Promise<void> {

29
libs/common/src/vault/services/cipher.service.ts
View File

@ -13,7 +13,11 @@ import { Utils } from "../../platform/misc/utils";
import Domain from "../../platform/models/domain/domain-base"; import Domain from "../../platform/models/domain/domain-base";
import { EncArrayBuffer } from "../../platform/models/domain/enc-array-buffer"; import { EncArrayBuffer } from "../../platform/models/domain/enc-array-buffer";
import { EncString } from "../../platform/models/domain/enc-string"; import { EncString } from "../../platform/models/domain/enc-string";
import { SymmetricCryptoKey } from "../../platform/models/domain/symmetric-crypto-key"; import {
OrgKey,
SymmetricCryptoKey,
UserKey,
} from "../../platform/models/domain/symmetric-crypto-key";
import { CipherService as CipherServiceAbstraction } from "../abstractions/cipher.service"; import { CipherService as CipherServiceAbstraction } from "../abstractions/cipher.service";
import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service"; import { CipherFileUploadService } from "../abstractions/file-upload/cipher-file-upload.service";
import { CipherType } from "../enums/cipher-type"; import { CipherType } from "../enums/cipher-type";
@ -633,11 +637,14 @@ export class CipherService implements CipherServiceAbstraction {
data: ArrayBuffer, data: ArrayBuffer,
admin = false admin = false
): Promise<Cipher> { ): Promise<Cipher> {
const orgKey = await this.cryptoService.getOrgKey(cipher.organizationId); let encKey: UserKey | OrgKey;
const encFileName = await this.cryptoService.encrypt(filename, orgKey); encKey = await this.cryptoService.getOrgKey(cipher.organizationId);
encKey ||= (await this.cryptoService.getKeyForUserEncryption()) as UserKey;
const dataEncKey = await this.cryptoService.makeOrgDataEncKey(orgKey); const dataEncKey = await this.cryptoService.makeDataEncKey(encKey);
const encData = await this.cryptoService.encryptToBytes(data, dataEncKey[0]);
const encFileName = await this.encryptService.encrypt(filename, encKey);
const encData = await this.encryptService.encryptToBytes(data, dataEncKey[0]);
const response = await this.cipherFileUploadService.upload( const response = await this.cipherFileUploadService.upload(
cipher, cipher,
@ -946,11 +953,15 @@ export class CipherService implements CipherServiceAbstraction {
const encBuf = await EncArrayBuffer.fromResponse(attachmentResponse); const encBuf = await EncArrayBuffer.fromResponse(attachmentResponse);
const decBuf = await this.cryptoService.decryptFromBytes(encBuf, null); const decBuf = await this.cryptoService.decryptFromBytes(encBuf, null);
const orgKey = await this.cryptoService.getOrgKey(organizationId);
const encFileName = await this.cryptoService.encrypt(attachmentView.fileName, orgKey);
const dataEncKey = await this.cryptoService.makeOrgDataEncKey(orgKey); let encKey: UserKey | OrgKey;
const encData = await this.cryptoService.encryptToBytes(decBuf, dataEncKey[0]); encKey = await this.cryptoService.getOrgKey(organizationId);
encKey ||= (await this.cryptoService.getKeyForUserEncryption()) as UserKey;
const dataEncKey = await this.cryptoService.makeDataEncKey(encKey);
const encFileName = await this.encryptService.encrypt(attachmentView.fileName, encKey);
const encData = await this.encryptService.encryptToBytes(decBuf, dataEncKey[0]);
const fd = new FormData(); const fd = new FormData();
try { try {