From 4a3adaa34711c6f7dcbdc918e5f4e157a1de09a3 Mon Sep 17 00:00:00 2001 From: Tuan Dang Date: Sun, 19 Feb 2023 10:54:54 +0700 Subject: [PATCH 1/3] Begin in-memory privat key storage --- frontend/src/helpers/key.ts | 4 ++- frontend/src/services/KeyService.ts | 53 ++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/frontend/src/helpers/key.ts b/frontend/src/helpers/key.ts index 60a1179279..05562628d8 100644 --- a/frontend/src/helpers/key.ts +++ b/frontend/src/helpers/key.ts @@ -82,4 +82,6 @@ let privateKey; return privateKey; } -export { decryptPrivateKeyHelper }; \ No newline at end of file +export { + decryptPrivateKeyHelper +}; \ No newline at end of file diff --git a/frontend/src/services/KeyService.ts b/frontend/src/services/KeyService.ts index 4d3f950e08..0213cbc088 100644 --- a/frontend/src/services/KeyService.ts +++ b/frontend/src/services/KeyService.ts @@ -1,9 +1,17 @@ -import { decryptPrivateKeyHelper } from '@app/helpers/key'; +import { + decryptAssymmetric, + encryptAssymmetric} from '@app/components/utilities/cryptography/crypto'; +import { + decryptPrivateKeyHelper +} from '@app/helpers/key'; /** * Class to handle key actions + * TODO: in future, all private key-related encryption operations + * must pass through this class */ class KeyService { + private static privateKey: string = ''; /** Return the user's decrypted private key * @param {Object} obj @@ -51,6 +59,49 @@ class KeyService { protectedKeyTag }); } + + /** + * Return [plaintext] encrypted by the user's private key + * @param {Object} obj + * @param {String} obj.plaintext - plaintext to encrypt + */ + static encryptWithPrivateKey({ + plaintext, + publicKey, + }: { + plaintext: string; + publicKey: string; + }) { + return encryptAssymmetric({ + plaintext, + publicKey, + privateKey: KeyService.privateKey + }); + } + + /** + * Return [ciphertext] decrypted by the user's private key + * @param {Object} obj + * @param {String} obj.ciphertext - ciphertext to decrypt + * @param {String} obj.ciphertext - iv of ciphertext + * @param {String} obj.ciphertext - tag of ciphertext + */ + static decryptWithPrivateKey({ + ciphertext, + nonce, + publicKey + }: { + ciphertext: string; + nonce: string; + publicKey: string; + }) { + return decryptAssymmetric({ + ciphertext, + nonce, + publicKey, + privateKey: KeyService.privateKey + }); + } } export default KeyService; \ No newline at end of file From 1ff2c61b3a7f2711c9e6ec0d883d11f31d65f2c7 Mon Sep 17 00:00:00 2001 From: Tuan Dang Date: Tue, 21 Feb 2023 12:31:19 +0700 Subject: [PATCH 2/3] Remove storage of protected key --- frontend/src/components/signup/UserInfoStep.tsx | 3 --- frontend/src/components/utilities/attemptLogin.ts | 3 --- frontend/src/components/utilities/attemptLoginMfa.ts | 3 --- .../components/utilities/cryptography/changePassword.ts | 3 --- frontend/src/helpers/key.ts | 3 +++ frontend/src/pages/signupinvite.tsx | 3 --- frontend/src/services/KeyService.ts | 4 ++++ frontend/src/services/index.ts | 7 +++++++ 8 files changed, 14 insertions(+), 15 deletions(-) create mode 100644 frontend/src/services/index.ts diff --git a/frontend/src/components/signup/UserInfoStep.tsx b/frontend/src/components/signup/UserInfoStep.tsx index a7aad081cb..32504cb2cd 100644 --- a/frontend/src/components/signup/UserInfoStep.tsx +++ b/frontend/src/components/signup/UserInfoStep.tsx @@ -166,9 +166,6 @@ export default function UserInfoStep({ SecurityClient.setToken(response.token); saveTokenToLocalStorage({ - protectedKey, - protectedKeyIV, - protectedKeyTag, publicKey, encryptedPrivateKey, iv: encryptedPrivateKeyIV, diff --git a/frontend/src/components/utilities/attemptLogin.ts b/frontend/src/components/utilities/attemptLogin.ts index 464a4a4fe6..e92a65e777 100644 --- a/frontend/src/components/utilities/attemptLogin.ts +++ b/frontend/src/components/utilities/attemptLogin.ts @@ -97,9 +97,6 @@ const attemptLogin = async ( }); saveTokenToLocalStorage({ - protectedKey, - protectedKeyIV, - protectedKeyTag, publicKey, encryptedPrivateKey, iv, diff --git a/frontend/src/components/utilities/attemptLoginMfa.ts b/frontend/src/components/utilities/attemptLoginMfa.ts index 8bec76b86b..58d3b23309 100644 --- a/frontend/src/components/utilities/attemptLoginMfa.ts +++ b/frontend/src/components/utilities/attemptLoginMfa.ts @@ -70,9 +70,6 @@ const attemptLoginMfa = async ({ }); saveTokenToLocalStorage({ - protectedKey, - protectedKeyIV, - protectedKeyTag, publicKey, encryptedPrivateKey, iv, diff --git a/frontend/src/components/utilities/cryptography/changePassword.ts b/frontend/src/components/utilities/cryptography/changePassword.ts index aeb138ec6a..e5b8fffb5d 100644 --- a/frontend/src/components/utilities/cryptography/changePassword.ts +++ b/frontend/src/components/utilities/cryptography/changePassword.ts @@ -117,9 +117,6 @@ const changePassword = async ( }); saveTokenToLocalStorage({ - protectedKey, - protectedKeyIV, - protectedKeyTag, encryptedPrivateKey, iv: encryptedPrivateKeyIV, tag: encryptedPrivateKeyTag diff --git a/frontend/src/helpers/key.ts b/frontend/src/helpers/key.ts index 05562628d8..57485a35a2 100644 --- a/frontend/src/helpers/key.ts +++ b/frontend/src/helpers/key.ts @@ -1,6 +1,8 @@ import Aes256Gcm from '@app/components/utilities/cryptography/aes-256-gcm'; import { deriveArgonKey } from '@app/components/utilities/cryptography/crypto'; +import { KeyService } from '../services'; + /** * @param {Object} obj * @param {Number} obj.encryptionVersion @@ -79,6 +81,7 @@ let privateKey; throw new Error('Failed to decrypt private key'); } + KeyService.setPrivateKey(privateKey); return privateKey; } diff --git a/frontend/src/pages/signupinvite.tsx b/frontend/src/pages/signupinvite.tsx index 0e5db027a1..abe5d37709 100644 --- a/frontend/src/pages/signupinvite.tsx +++ b/frontend/src/pages/signupinvite.tsx @@ -152,9 +152,6 @@ export default function SignupInvite() { SecurityClient.setToken(jwtToken); saveTokenToLocalStorage({ - protectedKey, - protectedKeyIV, - protectedKeyTag, publicKey, encryptedPrivateKey, iv: encryptedPrivateKeyIV, diff --git a/frontend/src/services/KeyService.ts b/frontend/src/services/KeyService.ts index 0213cbc088..004b92c719 100644 --- a/frontend/src/services/KeyService.ts +++ b/frontend/src/services/KeyService.ts @@ -12,6 +12,10 @@ import { */ class KeyService { private static privateKey: string = ''; + + static setPrivateKey(privateKey: string) { + KeyService.privateKey = privateKey; + } /** Return the user's decrypted private key * @param {Object} obj diff --git a/frontend/src/services/index.ts b/frontend/src/services/index.ts new file mode 100644 index 0000000000..35214c8a92 --- /dev/null +++ b/frontend/src/services/index.ts @@ -0,0 +1,7 @@ +import KeyService from './KeyService'; +import ProjectService from './ProjectService'; + +export { + KeyService, + ProjectService +} From baaa92427f6cb509ab5c35371cf45e8bceae6ce5 Mon Sep 17 00:00:00 2001 From: Tuan Dang Date: Tue, 21 Feb 2023 12:43:17 +0700 Subject: [PATCH 3/3] Remove dependency cycle --- frontend/src/helpers/key.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/frontend/src/helpers/key.ts b/frontend/src/helpers/key.ts index 57485a35a2..05562628d8 100644 --- a/frontend/src/helpers/key.ts +++ b/frontend/src/helpers/key.ts @@ -1,8 +1,6 @@ import Aes256Gcm from '@app/components/utilities/cryptography/aes-256-gcm'; import { deriveArgonKey } from '@app/components/utilities/cryptography/crypto'; -import { KeyService } from '../services'; - /** * @param {Object} obj * @param {Number} obj.encryptionVersion @@ -81,7 +79,6 @@ let privateKey; throw new Error('Failed to decrypt private key'); } - KeyService.setPrivateKey(privateKey); return privateKey; }