This repository has been archived by the owner on Oct 7, 2024. It is now read-only.
Prefer cached encryptionKey for encryption when possible
#307
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -78,6 +78,18 @@ async function initializeKeyringController({ | |
| return keyringController; | ||
| } | ||
|
|
||
| /** | ||
| * Delete the encryption key and salt from the `memStore` of the given keyring controller. | ||
| * | ||
| * @param keyringController - The keyring controller to delete the encryption key and salt from. | ||
| */ | ||
| function deleteEncryptionKeyAndSalt(keyringController: KeyringController) { | ||
| const keyringControllerState = keyringController.memStore.getState(); | ||
| delete keyringControllerState.encryptionKey; | ||
| delete keyringControllerState.encryptionSalt; | ||
| keyringController.memStore.updateState(keyringControllerState); | ||
| } | ||
|
|
||
| describe('KeyringController', () => { | ||
| afterEach(() => { | ||
| sinon.restore(); | ||
|
|
@@ -199,83 +211,86 @@ describe('KeyringController', () => { | |
| }); | ||
|
|
||
| describe('when `cacheEncryptionKey` is enabled', () => { | ||
| describe('when `encryptionKey` is set', () => { | ||
| it('should save an up to date encryption salt to the `memStore`', async () => { | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: true, | ||
| }, | ||
| }); | ||
| const vaultEncryptionKey = '🔑'; | ||
| const vaultEncryptionSalt = '🧂'; | ||
| const vault = JSON.stringify({ salt: vaultEncryptionSalt }); | ||
| keyringController.store.updateState({ vault }); | ||
|
|
||
| await keyringController.unlockKeyrings( | ||
| undefined, | ||
| vaultEncryptionKey, | ||
| vaultEncryptionSalt, | ||
| ); | ||
|
|
||
| expect(keyringController.memStore.getState().encryptionKey).toBe( | ||
| vaultEncryptionKey, | ||
| ); | ||
| expect(keyringController.memStore.getState().encryptionSalt).toBe( | ||
| vaultEncryptionSalt, | ||
| ); | ||
|
|
||
| const response = await keyringController.persistAllKeyrings(); | ||
|
|
||
| expect(response).toBe(true); | ||
| expect(keyringController.memStore.getState().encryptionKey).toBe( | ||
| vaultEncryptionKey, | ||
| ); | ||
| expect(keyringController.memStore.getState().encryptionSalt).toBe( | ||
| vaultEncryptionSalt, | ||
| ); | ||
| }); | ||
| }); | ||
|
|
||
| describe('when `encryptionKey` is not set and `password` is set', () => { | ||
| it('should save an up to date encryption salt to the `memStore` when `password` is set through `createNewVaultAndKeychain`', async () => { | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: true, | ||
| }, | ||
| }); | ||
| await keyringController.createNewVaultAndKeychain(PASSWORD); | ||
| deleteEncryptionKeyAndSalt(keyringController); | ||
|
|
||
| const response = await keyringController.persistAllKeyrings(); | ||
|
|
||
| expect(response).toBe(true); | ||
| expect(keyringController.memStore.getState().encryptionKey).toBe( | ||
| MOCK_HARDCODED_KEY, | ||
| ); | ||
| expect(keyringController.memStore.getState().encryptionSalt).toBe( | ||
| MOCK_ENCRYPTION_SALT, | ||
| ); | ||
| }); | ||
|
|
||
| it('should save an up to date encryption salt to the `memStore` when `password` is set through `submitPassword`', async () => { | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: true, | ||
| }, | ||
| }); | ||
| await keyringController.submitPassword(PASSWORD); | ||
| deleteEncryptionKeyAndSalt(keyringController); | ||
|
|
||
| const response = await keyringController.persistAllKeyrings(); | ||
|
|
||
| expect(response).toBe(true); | ||
| expect(keyringController.memStore.getState().encryptionKey).toBe( | ||
| MOCK_HARDCODED_KEY, | ||
| ); | ||
| expect(keyringController.memStore.getState().encryptionSalt).toBe( | ||
| MOCK_ENCRYPTION_SALT, | ||
| ); | ||
| }); | ||
| }); | ||
| }); | ||
| }); | ||
|
|
@@ -836,29 +851,92 @@ describe('KeyringController', () => { | |
| }); | ||
|
|
||
| describe('with old vault format', () => { | ||
| describe(`with cacheEncryptionKey = true and encryptionKey is unset`, () => { | ||
|
There was a problem hiding this comment. Nit: Is there a test case for when cacheEncryptionKey = true and encryptionKey is set? There was a problem hiding this comment. Added in fe45b61! The test checks that the vault is not being updated |
||
| it('should update the vault', async () => { | ||
| const mockEncryptor = new MockEncryptor(); | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: true, | ||
| encryptor: mockEncryptor, | ||
| }, | ||
| }); | ||
| deleteEncryptionKeyAndSalt(keyringController); | ||
| const initialVault = keyringController.store.getState().vault; | ||
| const updatedVaultMock = | ||
| '{"vault": "updated_vault_detail", "salt": "salt"}'; | ||
| const mockEncryptionResult = { | ||
| data: '0x1234', | ||
| iv: 'an iv', | ||
| }; | ||
| sinon.stub(mockEncryptor, 'updateVault').resolves(updatedVaultMock); | ||
| sinon | ||
| .stub(mockEncryptor, 'encryptWithKey') | ||
| .resolves(mockEncryptionResult); | ||
|
|
||
| await keyringController.unlockKeyrings(PASSWORD); | ||
| const updatedVault = keyringController.store.getState().vault; | ||
|
|
||
| expect(initialVault).not.toBe(updatedVault); | ||
| expect(updatedVault).toBe( | ||
| JSON.stringify({ | ||
| ...mockEncryptionResult, | ||
| salt: MOCK_ENCRYPTION_SALT, | ||
| }), | ||
| ); | ||
| }); | ||
| }); | ||
|
|
||
| describe(`with cacheEncryptionKey = true and encryptionKey is set`, () => { | ||
| it('should not update the vault', async () => { | ||
| const mockEncryptor = new MockEncryptor(); | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: true, | ||
| encryptor: mockEncryptor, | ||
| }, | ||
| }); | ||
| const initialVault = keyringController.store.getState().vault; | ||
| const updatedVaultMock = | ||
| '{"vault": "updated_vault_detail", "salt": "salt"}'; | ||
| const mockEncryptionResult = { | ||
| data: '0x1234', | ||
| iv: 'an iv', | ||
| }; | ||
| sinon.stub(mockEncryptor, 'updateVault').resolves(updatedVaultMock); | ||
| sinon | ||
| .stub(mockEncryptor, 'encryptWithKey') | ||
| .resolves(mockEncryptionResult); | ||
|
|
||
| await keyringController.unlockKeyrings(PASSWORD); | ||
| const updatedVault = keyringController.store.getState().vault; | ||
|
|
||
| expect(initialVault).not.toBe(updatedVault); | ||
| }); | ||
| }); | ||
|
|
||
| describe(`with cacheEncryptionKey = false`, () => { | ||
| it('should update the vault', async () => { | ||
| const mockEncryptor = new MockEncryptor(); | ||
| const keyringController = await initializeKeyringController({ | ||
| password: PASSWORD, | ||
| constructorOptions: { | ||
| cacheEncryptionKey: false, | ||
| encryptor: mockEncryptor, | ||
| }, | ||
| }); | ||
| const initialVault = keyringController.store.getState().vault; | ||
| const updatedVaultMock = | ||
| '{"vault": "updated_vault_detail", "salt": "salt"}'; | ||
| sinon.stub(mockEncryptor, 'updateVault').resolves(updatedVaultMock); | ||
| sinon.stub(mockEncryptor, 'encrypt').resolves(updatedVaultMock); | ||
|
|
||
| await keyringController.unlockKeyrings(PASSWORD); | ||
| const updatedVault = keyringController.store.getState().vault; | ||
|
|
||
| expect(initialVault).not.toBe(updatedVault); | ||
| expect(updatedVault).toBe(updatedVaultMock); | ||
| }); | ||
| }); | ||
| }); | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah I see; this method is needed because this kinda isn't a real use-case. Or it is, but only as part of the initial unlock/vault creation, it's never a use case when calling
persistAllKeyringsdirectly.Makes sense. Seems like a bit of a code smell that this condition is possible only when this external method is called in a certain way internally, but that problem will go away soon hopefully when we merge this into core.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A nicer way to test this would be to test it as part of
createNewVaultAndKeychain(and the other methods that trigger this condition), but given that this is to be deleted soon I don't think it'd be worth the effort 😅