add envelope encryption tests

matthiasgeihs · matthiasgeihs · commit 4062230d6d0f · 2025-06-10T00:34:03.000+08:00
diff --git a/packages/keyring-controller/src/KeyringController.test.ts b/packages/keyring-controller/src/KeyringController.test.ts
@@ -68,6 +68,11 @@ const uint8ArraySeed = new Uint8Array(
 const privateKey =
   '1e4e6a4c0c077f4ae8ddfbf372918e61dd0fb4a4cfa592cb16e7546d505e68fc';
 const password = 'password123';
+const password2 = 'password456';
+const mockEncryptionKey2 = JSON.stringify({
+  password: 'password2',
+  salt: 'salt2',
+});
 
 const commonConfig = { chain: Chain.Goerli, hardfork: Hardfork.Berlin };
 
@@ -795,6 +800,117 @@ describe('KeyringController', () => {
     );
   });
 
+  describe('envelope encryption', () => {
+    it('should create new vault with encryption key', async () => {
+      await withController(
+        { cacheEncryptionKey: true, skipVaultCreation: true },
+        async ({ controller }) => {
+          await controller.createNewVaultAndKeychain(
+            password,
+            MOCK_ENCRYPTION_KEY,
+          );
+
+          expect(controller.state.encryptionKey).toBeDefined();
+          // expect(controller.state.encryptionSalt).toBeDefined();
+          expect(controller.state.encryptedEncryptionKey).toBeDefined();
+        },
+      );
+    });
+
+    it('should unlock with password', async () => {
+      await withController(
+        { cacheEncryptionKey: true, skipVaultCreation: true },
+        async ({ controller }) => {
+          await controller.createNewVaultAndKeychain(
+            password,
+            MOCK_ENCRYPTION_KEY,
+          );
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+
+          await controller.setLocked();
+
+          expect(controller.isUnlocked()).toBe(false);
+          expect(controller.state.isUnlocked).toBe(false);
+
+          await controller.submitPassword(password);
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+        },
+      );
+    });
+
+    it('should lock and unlock after change password', async () => {
+      await withController(
+        { cacheEncryptionKey: true, skipVaultCreation: true },
+        async ({ controller }) => {
+          await controller.createNewVaultAndKeychain(
+            password,
+            MOCK_ENCRYPTION_KEY,
+          );
+
+          await controller.changePassword(password2);
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+
+          await controller.setLocked();
+
+          expect(controller.isUnlocked()).toBe(false);
+          expect(controller.state.isUnlocked).toBe(false);
+
+          await controller.submitPassword(password2);
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+        },
+      );
+    });
+
+    it('should lock and unlock after change password and key', async () => {
+      await withController(
+        { cacheEncryptionKey: true, skipVaultCreation: true },
+        async ({ controller }) => {
+          await controller.createNewVaultAndKeychain(
+            password,
+            MOCK_ENCRYPTION_KEY,
+          );
+
+          await controller.changePasswordAndEncryptionKey(
+            password2,
+            mockEncryptionKey2,
+          );
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+
+          await controller.setLocked();
+
+          expect(controller.isUnlocked()).toBe(false);
+          expect(controller.state.isUnlocked).toBe(false);
+
+          await controller.submitPassword(password2);
+
+          expect(controller.isUnlocked()).toBe(true);
+          expect(controller.state.isUnlocked).toBe(true);
+        },
+      );
+    });
+
+    it('should throw error if creating new vault with encryption key and cacheEncryptionKey is false', async () => {
+      await withController(
+        { cacheEncryptionKey: false, skipVaultCreation: true },
+        async ({ controller }) => {
+          await expect(
+            controller.createNewVaultAndKeychain(password, MOCK_ENCRYPTION_KEY),
+          ).rejects.toThrow(KeyringControllerError.CacheEncryptionKeyDisabled);
+        },
+      );
+    });
+  });
+
   describe('setLocked', () => {
     it('should set locked correctly', async () => {
       await withController(async ({ controller }) => {
