Skip to content

refactor(encryptor): align Encryptor methods to match @metamask/browser-passworder #9203

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
May 8, 2024
Merged

refactor(encryptor): align Encryptor methods to match @metamask/browser-passworder #9203

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
49680c3
refactor(encryptor): adapt types + use types from browser-passworder
ccharly Apr 11, 2024
ec2c924
refactor(encryptor): *DERIVATION_PARAMS* -> *DERIVATION_OPTIONS*
ccharly Apr 11, 2024
34edb69
refactor(encryptor): align Encryptor to match browser-passworder inte…
ccharly Apr 10, 2024
6969f85
feat(encryptor): abstract underlying encryption library + fix key par…
ccharly Apr 11, 2024
d0cb1f0
refactor(encryptor): export generateSalt
ccharly Apr 11, 2024
94e91f9
fix(encryptor): prevent mocks from being discarded
ccharly Apr 12, 2024
95f93b0
feat(encryptor): checks for more preconditions in encryption lib layer
ccharly Apr 12, 2024
d78d73f
feat(encryptor): add exportable attribute for EncryptionKey + keyFrom…
ccharly Apr 12, 2024
2d91d00
feat(encryptor): add {import,export}Key methods
ccharly Apr 12, 2024
634c5b6
refactor(encryptor): use same test style for it.each
ccharly Apr 12, 2024
ff818df
chore: lint
ccharly Apr 12, 2024
1f127f8
chore: lint
ccharly Apr 26, 2024
7528425
docs: remove @throws on Encryptor's constructor
ccharly Apr 29, 2024
0b623e4
Merge branch 'main' into refactor/implements-generic-encryptor
ccharly Apr 30, 2024
1db90f9
Merge branch 'main' into refactor/implements-generic-encryptor
gantunesr Apr 30, 2024
559aa30
Merge branch 'main' into refactor/implements-generic-encryptor
ccharly May 6, 2024
b2c95b4
refactor(encryptor): remove @ts-expect-error for crypto.getRandomValues
ccharly May 6, 2024
5b232e0
chore(encryptor): wording
ccharly May 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
222 changes: 182 additions & 40 deletions app/core/Encryptor/Encryptor.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import { NativeModules } from 'react-native';
import { Encryptor } from './Encryptor';
import { ENCRYPTION_LIBRARY, LEGACY_DERIVATION_PARAMS } from './constants';
import { ENCRYPTION_LIBRARY, LEGACY_DERIVATION_OPTIONS } from './constants';

const Aes = NativeModules.Aes;
const AesForked = NativeModules.AesForked;
Expand All @@ -9,14 +9,12 @@ describe('Encryptor', () => {
let encryptor: Encryptor;

beforeEach(() => {
encryptor = new Encryptor({ derivationParams: LEGACY_DERIVATION_PARAMS });
encryptor = new Encryptor({
keyDerivationOptions: LEGACY_DERIVATION_OPTIONS,
});
});

describe('encrypt', () => {
afterEach(() => {
jest.clearAllMocks();
});

it('should encrypt an object correctly', async () => {
const password = 'testPassword';
const objectToEncrypt = { key: 'value' };
Expand All @@ -41,45 +39,36 @@ describe('Encryptor', () => {
pbkdf2AesForkedSpy: jest.SpyInstance;

beforeEach(() => {
decryptAesSpy = jest
.spyOn(Aes, 'decrypt')
.mockResolvedValue('{"mockData": "mockedPlainText"}');
pbkdf2AesSpy = jest
.spyOn(Aes, 'pbkdf2')
.mockResolvedValue('mockedAesKey');
decryptAesForkedSpy = jest
.spyOn(AesForked, 'decrypt')
.mockResolvedValue('{"mockData": "mockedPlainText"}');
pbkdf2AesForkedSpy = jest
.spyOn(AesForked, 'pbkdf2')
.mockResolvedValue('mockedAesForkedKey');
decryptAesSpy = jest.spyOn(Aes, 'decrypt');
pbkdf2AesSpy = jest.spyOn(Aes, 'pbkdf2');
decryptAesForkedSpy = jest.spyOn(AesForked, 'decrypt');
pbkdf2AesForkedSpy = jest.spyOn(AesForked, 'pbkdf2');
});

afterEach(() => {
decryptAesSpy.mockRestore();
pbkdf2AesSpy.mockRestore();
decryptAesForkedSpy.mockRestore();
pbkdf2AesForkedSpy.mockRestore();
jest.clearAllMocks();
});

it.each([
{
lib: ENCRYPTION_LIBRARY.original,
expectedKey: 'mockedAesKey',
expectedPBKDF2Args: ['testPassword', 'mockedSalt', 5000, 256],
description:
'with original library and legacy iterations number for key generation',
},
{
lib: 'random-lib', // Assuming not using "original" should lead to AesForked
expectedKey: 'mockedAesForkedKey',
expectedPBKDF2Args: ['testPassword', 'mockedSalt'],
description:
'with library different to "original" and legacy iterations number for key generation',
},
[
'with original library and legacy iterations number for key generation',
{
lib: ENCRYPTION_LIBRARY.original,
expectedKeyValue: 'mockedKey',
expectedPBKDF2Args: ['testPassword', 'mockedSalt', 5000, 256],
},
],
[
'with library different to "original" and legacy iterations number for key generation',
{
lib: 'random-lib', // Assuming not using "original" should lead to AesForked
expectedKeyValue: 'mockedKeyForked',
expectedPBKDF2Args: ['testPassword', 'mockedSalt'],
},
],
])(
'decrypts a string correctly $description',
async ({ lib, expectedKey, expectedPBKDF2Args }) => {
'decrypts a string correctly %s',
async (_, { lib, expectedKeyValue, expectedPBKDF2Args }) => {
const password = 'testPassword';
const mockVault = {
cipher: 'mockedCipher',
Expand All @@ -98,7 +87,11 @@ describe('Encryptor', () => {
lib === ENCRYPTION_LIBRARY.original
? decryptAesSpy
: decryptAesForkedSpy,
).toHaveBeenCalledWith(mockVault.cipher, expectedKey, mockVault.iv);
).toHaveBeenCalledWith(
mockVault.cipher,
expectedKeyValue,
mockVault.iv,
);
expect(
lib === ENCRYPTION_LIBRARY.original
? pbkdf2AesSpy
Expand All @@ -117,7 +110,7 @@ describe('Encryptor', () => {
iv: 'mockedIV',
salt: 'mockedSalt',
lib: 'original',
keyMetadata: LEGACY_DERIVATION_PARAMS,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
}),
),
).toBe(true);
Expand All @@ -136,4 +129,153 @@ describe('Encryptor', () => {
).toBe(false);
});
});

describe('keyFromPassword', () => {
it.each([
[
'exportable with original lib',
{
lib: ENCRYPTION_LIBRARY.original,
exportable: true,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
[
'non-exportable with original lib',
{
lib: ENCRYPTION_LIBRARY.original,
exportable: false,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
[
'exportable with random lib',
{
lib: 'random-lib',
exportable: true,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
[
'non-exportable with random lib',
{
lib: 'random-lib',
exportable: false,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
])(
'generates a key with the right attributes: %s',
async (_, { lib, exportable, keyMetadata }) => {
const key = await encryptor.keyFromPassword(
'mockPassword',
encryptor.generateSalt(),
exportable,
keyMetadata,
lib,
);

expect(key.key).not.toBe(undefined);
expect(key.lib).toBe(lib);
expect(key.exportable).toBe(exportable);
expect(key.keyMetadata).toBe(keyMetadata);
},
);
});

describe('exportKey', () => {
it('exports a key', async () => {
const key = await encryptor.keyFromPassword(
'mockPassword',
encryptor.generateSalt(),
true,
);

const exportedKey = await encryptor.exportKey(key);
expect(exportedKey).not.toBe(undefined);
});

it('does not export a key if not exportable', async () => {
const key = await encryptor.keyFromPassword(
'mockPassword',
encryptor.generateSalt(),
false,
);

expect(async () => await encryptor.exportKey(key)).rejects.toThrow(
'Key is not exportable',
);
});
});

describe('importKey', () => {
const serializeKey = (data: object) =>
Buffer.from(JSON.stringify(data)).toString('base64');

it('imports a key', async () => {
const testKey = await encryptor.keyFromPassword(
'mockPassword',
encryptor.generateSalt(),
true,
);
const exportedKey = await encryptor.exportKey(testKey);

const key = await encryptor.importKey(exportedKey);
expect(key).toStrictEqual(testKey);
});

it.each([
'',
'{}',
Buffer.from('').toString('base64'),
Buffer.from('{ not: json }').toString('base64'),
])('does not import a bad serialized key: %s', async (badFormattedKey) => {
expect(
async () => await encryptor.importKey(badFormattedKey),
).rejects.toThrow('Invalid exported key serialization format');
});

it.each([
[
'missing lib',
{
exportable: true,
key: 'a-key',
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
[
'missing key',
{
lib: ENCRYPTION_LIBRARY.original,
exportable: true,
keyMetadata: LEGACY_DERIVATION_OPTIONS,
},
],
[
'missing keyMetadata',
{
lib: ENCRYPTION_LIBRARY.original,
exportable: true,
key: 'a-key',
},
],
[
'invalid keyMetadata',
{
lib: ENCRYPTION_LIBRARY.original,
exportable: true,
key: 'a-key',
keyMatadata: {},
},
],
])(
'does not import a bad structured key: %s',
async (_, badStructuredKey) => {
expect(
async () => await encryptor.importKey(serializeKey(badStructuredKey)),
).rejects.toThrow('Invalid exported key structure');
},
);
});
});
Loading