| blob | 69728ac62c431f1c5a91d2857285da99510a7e70 |
1 import type { PrivateKeyReference } from '@proton/crypto';
2 import { CryptoProxy } from '@proton/crypto';
4 import type { Address as tsAddress, User as tsUser } from '../../lib/interfaces';
5 import { getDecryptedAddressKeysHelper, getDecryptedUserKeysHelper } from '../../lib/keys';
6 import { upgradeV2KeysHelper } from '../../lib/keys/upgradeKeysV2';
7 import { Modulus } from '../authentication/login.data';
8 import { getAddressKey, getUserKey } from './keyDataHelper';
10 const DEFAULT_EMAIL = 'test@test.com';
11 const DEFAULT_KEYPASSWORD = '1';
13 const getKey = async (email = DEFAULT_EMAIL, keyPassword = DEFAULT_KEYPASSWORD) => {
14 const privateKey = await CryptoProxy.generateKey({
15 userIDs: [{ name: email, email }],
16 });
18 return {
19 privateKey,
20 privateKeyArmored: await CryptoProxy.exportPrivateKey({
21 privateKey,
22 passphrase: keyPassword,
23 }),
24 };
25 };
27 describe('upgrade keys v2', () => {
28 describe('do v2 upgrade', () => {
29 it('should upgrade v2 keys', async () => {
30 const keyPassword = DEFAULT_KEYPASSWORD;
31 const [userKey1, userKey2] = await Promise.all([
32 getUserKey('a', keyPassword, 2),
33 getUserKey('b', keyPassword, 2),
34 ]);
35 const User = {
36 Keys: [userKey1.Key, userKey2.Key],
37 } as tsUser;
38 const keys = await Promise.all([
39 getAddressKey('c', userKey1.key.privateKey, 'test@test.com', 2),
40 getAddressKey('d', userKey1.key.privateKey, 'test@test.com', 2),
41 getAddressKey('e', userKey2.key.privateKey, 'test2@test.com', 2),
42 ]);
44 const Addresses = [
45 {
46 Email: 'test@test.com',
47 Keys: [keys[0].Key, keys[1].Key],
48 },
49 {
50 Email: 'test2@test.com',
51 Keys: [keys[2].Key],
52 },
53 ] as tsAddress[];
54 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve({ Modulus }), Promise.resolve());
55 const newKeyPassword = await upgradeV2KeysHelper({
56 user: User,
57 addresses: Addresses,
58 loginPassword: keyPassword,
59 keyPassword,
60 clearKeyPassword: keyPassword,
61 isOnePasswordMode: true,
62 api,
63 preAuthKTVerify: () => async () => {},
64 keyMigrationKTVerifier: async () => {},
65 });
66 if (!newKeyPassword) {
67 throw new Error('Missing new password');
68 }
69 expect(api.calls.all().length).toBe(2);
70 const newKeysArgs = api.calls.all()[1].args[0];
71 const decryptedUserKeys = await getDecryptedUserKeysHelper(
72 { ...User, Keys: newKeysArgs.data.UserKeys },
73 newKeyPassword
74 );
75 const decryptedAddressesKeys = await getDecryptedAddressKeysHelper(
76 newKeysArgs.data.AddressKeys,
77 User,
78 decryptedUserKeys,
79 ''
80 );
81 expect(decryptedUserKeys.every((key) => key.privateKey.isPrivate())).toBe(true);
82 expect(decryptedUserKeys.length).toBe(2 as any);
83 expect(decryptedAddressesKeys.every((key) => key.privateKey.isPrivate())).toBe(true);
84 expect(decryptedAddressesKeys.length).toBe(3 as any);
85 expect(newKeysArgs).toEqual({
86 url: 'core/v4/keys/private/upgrade',
87 method: 'post',
88 data: jasmine.objectContaining({
89 KeySalt: jasmine.any(String),
90 Auth: jasmine.any(Object),
91 UserKeys: jasmine.any(Array),
92 AddressKeys: jasmine.any(Array),
93 SignedKeyLists: jasmine.any(Object),
94 }),
95 });
96 expect(newKeyPassword).toEqual(jasmine.any(String));
97 });
98 });
100 describe('do legacy upgrade', () => {
101 it('should upgrade v2 keys', async () => {
102 const keyPassword = DEFAULT_KEYPASSWORD;
103 const [userKey1, userKey2, addressKey1, addressKey2, addressKey3] = await Promise.all([
104 getKey(),
105 getKey(),
106 getKey(),
107 getKey(),
108 getKey(),
109 ]);
110 const User = {
111 Keys: [
112 {
113 ID: 'a',
114 PrivateKey: userKey1.privateKeyArmored,
115 Version: 2,
116 },
117 {
118 ID: 'b',
119 PrivateKey: userKey2.privateKeyArmored,
120 Version: 2,
121 },
122 ],
123 } as tsUser;
124 const Addresses = [
125 {
126 Email: 'test@test.com',
127 Keys: [
128 {
129 ID: 'c',
130 PrivateKey: addressKey1.privateKeyArmored,
131 Version: 2,
132 },
133 {
134 ID: 'd',
135 PrivateKey: addressKey2.privateKeyArmored,
136 Version: 2,
137 },
138 ],
139 },
140 {
141 Email: 'test2@test.com',
142 Keys: [
143 {
144 ID: 'e',
145 PrivateKey: addressKey3.privateKeyArmored,
146 Version: 2,
147 },
148 ],
149 },
150 ] as tsAddress[];
151 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve({ Modulus }), Promise.resolve());
152 const newKeyPassword = await upgradeV2KeysHelper({
153 user: User,
154 addresses: Addresses,
155 loginPassword: keyPassword,
156 keyPassword,
157 clearKeyPassword: keyPassword,
158 isOnePasswordMode: true,
159 api,
160 preAuthKTVerify: () => async () => {},
161 keyMigrationKTVerifier: async () => {},
162 });
163 if (!newKeyPassword) {
164 throw new Error('Missing new password');
165 }
166 expect(api.calls.all().length).toBe(2);
167 const newKeysArgs = api.calls.all()[1].args[0];
168 const decryptedKeys: PrivateKeyReference[] = await Promise.all(
169 newKeysArgs.data.Keys.map(({ PrivateKey }: any) => {
170 return CryptoProxy.importPrivateKey({ armoredKey: PrivateKey, passphrase: newKeyPassword });
171 })
172 );
173 expect(decryptedKeys.every((key) => key.isPrivate())).toBe(true);
174 expect(decryptedKeys.length).toBe(5);
175 expect(newKeysArgs.data.Keys[0].PrivateKey);
176 expect(newKeysArgs).toEqual({
177 url: 'core/v4/keys/private/upgrade',
178 method: 'post',
179 data: jasmine.objectContaining({
180 KeySalt: jasmine.any(String),
181 Auth: jasmine.any(Object),
182 Keys: jasmine.any(Array),
183 }),
184 });
185 expect(newKeyPassword).toEqual(jasmine.any(String));
186 });
188 it('should upgrade v2 keys in two password mode', async () => {
189 const keyPassword = DEFAULT_KEYPASSWORD;
190 const [userKey1, userKey2, addressKey1, addressKey2] = await Promise.all([
191 getKey(),
192 getKey(),
193 getKey(),
194 getKey(),
195 ]);
196 const User = {
197 Keys: [
198 {
199 ID: 'a',
200 PrivateKey: userKey1.privateKeyArmored,
201 Version: 2,
202 },
203 {
204 ID: 'b',
205 PrivateKey: userKey2.privateKeyArmored,
206 Version: 2,
207 },
208 ],
209 } as tsUser;
210 const Addresses = [
211 {
212 Email: 'test@test.com',
213 Keys: [
214 {
215 ID: 'c',
216 PrivateKey: addressKey1.privateKeyArmored,
217 Version: 2,
218 },
219 {
220 ID: 'd',
221 PrivateKey: addressKey2.privateKeyArmored,
222 Version: 2,
223 },
224 ],
225 },
226 ] as tsAddress[];
227 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve());
228 const newKeyPassword = await upgradeV2KeysHelper({
229 user: User,
230 addresses: Addresses,
231 loginPassword: '123',
232 keyPassword,
233 clearKeyPassword: keyPassword,
234 isOnePasswordMode: false,
235 api,
236 preAuthKTVerify: () => async () => {},
237 keyMigrationKTVerifier: async () => {},
238 });
239 expect(api.calls.all().length).toBe(1);
240 if (!newKeyPassword) {
241 throw new Error('Missing password');
242 }
243 const newKeysArgs = api.calls.all()[0].args[0];
244 const decryptedKeys: PrivateKeyReference[] = await Promise.all(
245 newKeysArgs.data.Keys.map(({ PrivateKey }: any) => {
246 return CryptoProxy.importPrivateKey({ armoredKey: PrivateKey, passphrase: newKeyPassword });
247 })
248 );
249 expect(decryptedKeys.length).toBe(4);
250 expect(decryptedKeys.every((key) => key.isPrivate())).toBe(true);
251 expect(newKeysArgs.data.Keys[0].PrivateKey);
252 expect(newKeysArgs).toEqual({
253 url: 'core/v4/keys/private/upgrade',
254 method: 'post',
255 data: jasmine.objectContaining({
256 KeySalt: jasmine.any(String),
257 Keys: jasmine.any(Array),
258 }),
259 });
260 expect(newKeyPassword).toEqual(jasmine.any(String));
261 });
263 it('should upgrade v2 and v3 keys mixed', async () => {
264 const keyPassword = DEFAULT_KEYPASSWORD;
265 const [userKey1, userKey2, addressKey1, addressKey2] = await Promise.all([
266 getKey(),
267 getKey(),
268 getKey(),
269 getKey(),
270 ]);
271 const User = {
272 Keys: [
273 {
274 ID: 'a',
275 PrivateKey: userKey1.privateKeyArmored,
276 Version: 3,
277 },
278 {
279 ID: 'b',
280 PrivateKey: userKey2.privateKeyArmored,
281 Version: 2,
282 },
283 ],
284 } as tsUser;
285 const Addresses = [
286 {
287 Email: 'test@test.com',
288 Keys: [
289 {
290 ID: 'c',
291 PrivateKey: addressKey1.privateKeyArmored,
292 Version: 3,
293 },
294 {
295 ID: 'd',
296 PrivateKey: addressKey2.privateKeyArmored,
297 Version: 2,
298 },
299 ],
300 },
301 ] as tsAddress[];
302 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve());
303 const newKeyPassword = await upgradeV2KeysHelper({
304 user: User,
305 addresses: Addresses,
306 loginPassword: '123',
307 keyPassword,
308 clearKeyPassword: keyPassword,
309 isOnePasswordMode: false,
310 api,
311 preAuthKTVerify: () => async () => {},
312 keyMigrationKTVerifier: async () => {},
313 });
314 if (!newKeyPassword) {
315 throw new Error('Missing password');
316 }
317 expect(api.calls.all().length).toBe(1);
318 const newKeysArgs = api.calls.all()[0].args[0];
319 const decryptedKeys: PrivateKeyReference[] = await Promise.all(
320 newKeysArgs.data.Keys.map(({ PrivateKey }: any) => {
321 return CryptoProxy.importPrivateKey({ armoredKey: PrivateKey, passphrase: newKeyPassword });
322 })
323 );
324 expect(decryptedKeys.length).toBe(4);
325 expect(decryptedKeys.every((key) => key.isPrivate())).toBe(true);
326 expect(newKeysArgs.data.Keys[0].PrivateKey);
327 expect(newKeysArgs).toEqual({
328 url: 'core/v4/keys/private/upgrade',
329 method: 'post',
330 data: jasmine.objectContaining({
331 KeySalt: jasmine.any(String),
332 Keys: jasmine.any(Array),
333 }),
334 });
335 expect(newKeyPassword).toEqual(jasmine.any(String));
336 });
337 });
339 describe('do not upgrade', () => {
340 it('should not upgrade if the v2 keys cannot be decrypted', async () => {
341 const email = 'test@test.com';
342 const keyPassword = '1';
343 const [userKey1, addressKey1, addressKey2] = await Promise.all([
344 getKey(),
345 getKey(),
346 getKey('test@test.com', '123'),
347 ]);
348 const User = {
349 Keys: [
350 {
351 ID: 'a',
352 PrivateKey: userKey1.privateKeyArmored,
353 Version: 3,
354 },
355 ],
356 } as tsUser;
357 const Addresses = [
358 {
359 Email: email,
360 Keys: [
361 {
362 ID: 'b',
363 PrivateKey: addressKey1.privateKeyArmored,
364 Version: 3,
365 },
366 {
367 ID: 'c',
368 PrivateKey: addressKey2.privateKeyArmored,
369 Version: 2,
370 },
371 ],
372 },
373 ] as tsAddress[];
374 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve());
375 const newKeyPassword = await upgradeV2KeysHelper({
376 user: User,
377 addresses: Addresses,
378 loginPassword: keyPassword,
379 keyPassword,
380 clearKeyPassword: keyPassword,
381 isOnePasswordMode: false,
382 api,
383 preAuthKTVerify: () => async () => {},
384 keyMigrationKTVerifier: async () => {},
385 });
386 expect(api.calls.all().length).toBe(0);
387 expect(newKeyPassword).toBeUndefined();
388 });
390 it('should not upgrade if there are no v2 keys', async () => {
391 const email = 'test@test.com';
392 const keyPassword = '1';
393 const [userKey1, addressKey1, addressKey2] = await Promise.all([getKey(), getKey(), getKey()]);
394 const User = {
395 Keys: [
396 {
397 ID: 'a',
398 PrivateKey: userKey1.privateKeyArmored,
399 Version: 3,
400 },
401 ],
402 } as tsUser;
403 const Addresses = [
404 {
405 Email: email,
406 Keys: [
407 {
408 ID: 'c',
409 PrivateKey: addressKey1.privateKeyArmored,
410 Version: 3,
411 },
412 {
413 ID: 'd',
414 PrivateKey: addressKey2.privateKeyArmored,
415 Version: 3,
416 },
417 ],
418 },
419 ] as tsAddress[];
420 const api = jasmine.createSpy('api').and.returnValues(Promise.resolve({ Modulus }), Promise.resolve());
421 const newKeyPassword = await upgradeV2KeysHelper({
422 user: User,
423 addresses: Addresses,
424 loginPassword: keyPassword,
425 keyPassword,
426 clearKeyPassword: keyPassword,
427 isOnePasswordMode: true,
428 api,
429 preAuthKTVerify: () => async () => {},
430 keyMigrationKTVerifier: async () => {},
431 });
432 expect(api.calls.all().length).toBe(0);
433 expect(newKeyPassword).toBeUndefined();
434 });
435 });
436 });