Stowage/tutanota
2
0
Fork 0
mirror of https://github.com/tutao/tutanota.git synced 2025-12-08 06:09:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
tutanota/test/tests/api/worker/crypto/CryptoFacadeTest.ts

1967 lines
75 KiB
TypeScript
Raw Normal View History

Switch to @tutao/otest from ospec
2023-06-29 18:26:45 +02:00
import o from "@tutao/otest"
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
import {
arrayEquals,
assertNotNull,
hexToUint8Array,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
KeyVersion,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
neverNull,
stringToUtf8Uint8Array,
uint8ArrayToBase64,
utf8Uint8ArrayToString,
Versioned,
} from "@tutao/tutanota-utils"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { CryptoFacade } from "../../../../../src/common/api/worker/crypto/CryptoFacade.js"
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
import {
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asCryptoProtoocolVersion,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
BucketPermissionType,
CryptoProtocolVersion,
EncryptionAuthStatus,
GroupType,
PermissionType,
Add user group key rotation tutadb#1844
2024-09-02 19:57:57 +02:00
PublicKeyIdentifierType,
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
} from "../../../../../src/common/api/common/TutanotaConstants.js"
Fix tests
2022-04-19 16:51:08 +02:00
import {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
BirthdayTypeRef,
Fix tests
2022-04-19 16:51:08 +02:00
ContactTypeRef,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
FileTypeRef,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
InternalRecipientKeyData,
do not remove session key from session key cache for MailDetails and MailBody entities, fixes tutadb 1320
2023-01-17 15:42:18 +01:00
Mail,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
MailDetailsBlobTypeRef,
fixes after Willow's review
2023-01-12 16:48:28 +01:00
MailTypeRef,
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
} from "../../../../../src/common/api/entities/tutanota/TypeRefs.js"
Fix tests
2022-04-19 16:51:08 +02:00
import {
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
BucketKey,
BucketKeyTypeRef,
Fix tests
2022-04-19 16:51:08 +02:00
BucketPermissionTypeRef,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
BucketTypeRef,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
createBucket,
createBucketKey,
createBucketPermission,
createGroup,
createInstanceSessionKey,
createKeyPair,
createPermission,
createTypeInfo,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
CustomerAccountTerminationRequestTypeRef,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Group,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
GroupMembershipTypeRef,
Fix tests
2022-04-19 16:51:08 +02:00
GroupTypeRef,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
InstanceSessionKey,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
InstanceSessionKeyTypeRef,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
KeyPair,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
KeyPairTypeRef,
Fix tests
2022-04-19 16:51:08 +02:00
PermissionTypeRef,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
TypeInfoTypeRef,
Fix tests
2022-04-19 16:51:08 +02:00
UpdatePermissionKeyData,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
User,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
UserTypeRef,
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
} from "../../../../../src/common/api/entities/sys/TypeRefs.js"
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
import { spy } from "@tutao/tutanota-test-utils"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { RestClient } from "../../../../../src/common/api/worker/rest/RestClient.js"
import { EntityClient } from "../../../../../src/common/api/common/EntityClient.js"
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
import {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Aes256Key,
aes256RandomKey,
Introduce domain configs to support 2FA across domains #5638
2023-09-26 18:03:30 +02:00
aesDecrypt,
Add native AES-256 implementation to Android and iOS We need to start using AES-256 in order to be PQ-safe, and a native implementation should be used when possible. tutadb#1613
2023-09-13 11:42:57 +02:00
aesEncrypt,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
AesKey,
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
bitArrayToUint8Array,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
decryptKey,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
EccKeyPair,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
EccPublicKey,
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
ENABLE_MAC,
encryptKey,
encryptRsaKey,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
generateEccKeyPair,
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
IV_BYTE_LENGTH,
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
KeyPairType,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
kyberPrivateKeyToBytes,
kyberPublicKeyToBytes,
fix CryptoFacadeTest after removing UserIdReturnType UserIdReturnType is no longer needed as it is no longer used (except for in CryptoFacadeTest)
2024-01-30 18:18:19 +01:00
pqKeyPairsToPublicKeys,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
PQPublicKeys,
Run prettier on the whole project
2022-12-27 15:37:40 +01:00
random,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
RsaKeyPair,
RsaPublicKey,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
rsaPublicKeyToHex,
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
} from "@tutao/tutanota-crypto"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { InstanceMapper } from "../../../../../src/common/api/worker/crypto/InstanceMapper.js"
import type { TypeModel } from "../../../../../src/common/api/common/EntityTypes.js"
import { IServiceExecutor } from "../../../../../src/common/api/common/ServiceRequest.js"
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
import { matchers, object, verify, when } from "testdouble"
enforce constraint that the client only accepts rsa keys in version 0 make convertToVersionedPublicKeys part of PublicKeyProvider and private tutadb#1926
2025-01-22 15:19:22 +01:00
import { UpdatePermissionKeyService } from "../../../../../src/common/api/entities/sys/Services.js"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { getListId, isSameId } from "../../../../../src/common/api/common/utils/EntityUtils.js"
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
import { HttpMethod, resolveTypeReference } from "../../../../../src/common/api/common/EntityFunctions.js"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { UserFacade } from "../../../../../src/common/api/worker/facades/UserFacade.js"
import { SessionKeyNotFoundError } from "../../../../../src/common/api/common/error/SessionKeyNotFoundError.js"
import { OwnerEncSessionKeysUpdateQueue } from "../../../../../src/common/api/worker/crypto/OwnerEncSessionKeysUpdateQueue.js"
import { WASMKyberFacade } from "../../../../../src/common/api/worker/facades/KyberFacade.js"
import { PQFacade } from "../../../../../src/common/api/worker/facades/PQFacade.js"
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
import { encodePQMessage, PQBucketKeyEncapsulation } from "../../../../../src/common/api/worker/facades/PQMessage.js"
Enforce providing initializer when creating instances Thanks @charlag for the solution for tests! tutanota#6118
2023-11-09 17:04:42 +01:00
import { createTestEntity } from "../../../TestUtils.js"
make PQKeyPairs a type, fix type checks
2023-12-18 17:30:21 +01:00
import { RSA_TEST_KEYPAIR } from "../facades/RsaPqPerformanceTest.js"
Move files to new folder structure Co-authored-by: @rih-tutao
2024-07-01 17:56:41 +02:00
import { DefaultEntityRestCache } from "../../../../../src/common/api/worker/rest/DefaultEntityRestCache.js"
Fix Tests for Fallback Adapt the tests to work with the new format of loading the fallback and the wasm files. This commit also fixes the ESBuild function to correctly resolve the fallback and generate it. Remove the hardcoded make command and add the option to use a provided command instead of make. Also adds the possibility to provide env vars and a working dir for Wasm generation.
2024-04-23 11:06:40 +02:00
import { loadLibOQSWASM } from "../WASMTestUtils.js"
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
import { AsymmetricCryptoFacade } from "../../../../../src/common/api/worker/crypto/AsymmetricCryptoFacade.js"
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
import { KeyVerificationFacade } from "../../../../../src/common/api/worker/facades/lazy/KeyVerificationFacade"
import { KeyLoaderFacade, parseKeyVersion } from "../../../../../src/common/api/worker/facades/KeyLoaderFacade.js"
import { PublicKeyProvider } from "../../../../../src/common/api/worker/facades/PublicKeyProvider.js"
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
import { KeyRotationFacade } from "../../../../../src/common/api/worker/facades/KeyRotationFacade.js"
fixes after Willow's review
2023-01-12 16:48:28 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const { captor, anything, argThat } = matchers
imported new tutanota client
2017-08-15 13:54:22 +02:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const kyberFacade = new WASMKyberFacade(await loadLibOQSWASM())
const pqFacade: PQFacade = new PQFacade(kyberFacade)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
let asymmetricCryptoFacade: AsymmetricCryptoFacade
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
let publicKeyProvider: PublicKeyProvider
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
/**
* Helper to have all the mocked items available in the test case.
*/
type TestUser = {
user: User
name: string
userGroup: Group
mailGroup: Group
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
userGroupKey: AesKey
mailGroupKey: AesKey
}
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
const senderAddress = "hello@tutao.de"
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
async function prepareBucketKeyInstance(
bucketEncMailSessionKey: Uint8Array,
fileSessionKeys: Array<AesKey>,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
bk: AesKey,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
pubEncBucketKey: Uint8Array,
recipientUser: TestUser,
instanceMapper: InstanceMapper,
mailLiteral: Record<string, any>,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
senderPubEccKey: Versioned<EccPublicKey> | undefined,
recipientKeyVersion: NumberString,
protocolVersion: CryptoProtocolVersion,
asymmetricCryptoFacade: AsymmetricCryptoFacade,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
) {
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const mailInstanceSessionKey = createTestEntity(InstanceSessionKeyTypeRef, {
typeInfo: createTestEntity(TypeInfoTypeRef, {
application: MailTypeModel.app,
typeId: String(MailTypeModel.id),
}),
symEncSessionKey: bucketEncMailSessionKey,
instanceList: "mailListId",
instanceId: "mailId",
})
const FileTypeModel = await resolveTypeReference(FileTypeRef)
const bucketEncSessionKeys = fileSessionKeys.map((fileSessionKey, index) => {
return createTestEntity(InstanceSessionKeyTypeRef, {
typeInfo: createTestEntity(TypeInfoTypeRef, {
application: FileTypeModel.app,
typeId: String(FileTypeModel.id),
}),
symEncSessionKey: encryptKey(bk, fileSessionKey),
instanceList: "fileListId",
instanceId: "fileId" + (index + 1),
})
})
bucketEncSessionKeys.push(mailInstanceSessionKey)
const bucketKey = createTestEntity(BucketKeyTypeRef, {
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
pubEncBucketKey,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
keyGroup: recipientUser.userGroup._id,
bucketEncSessionKeys: bucketEncSessionKeys,
recipientKeyVersion,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
senderKeyVersion: senderPubEccKey != null ? senderPubEccKey.version.toString() : "0",
protocolVersion,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketKey.keyGroup),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketKey.recipientKeyVersion),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asCryptoProtoocolVersion(bucketKey.protocolVersion),
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderPubEccKey?.object ?? null })
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const BucketKeyModel = await resolveTypeReference(BucketKeyTypeRef)
const bucketKeyLiteral = await instanceMapper.encryptAndMapToLiteral(BucketKeyModel, bucketKey, null)
Object.assign(mailLiteral, { bucketKey: bucketKeyLiteral })
return { MailTypeModel, bucketKey }
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
}
o.spec("CryptoFacadeTest", function () {
Introduce domain configs to support 2FA across domains #5638
2023-09-26 18:03:30 +02:00
let restClient: RestClient
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
Changes after review
2021-12-15 16:07:07 +01:00
let instanceMapper = new InstanceMapper()
Use generated service interfaces
2022-03-09 17:43:29 +01:00
let serviceExecutor: IServiceExecutor
let entityClient: EntityClient
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
let ownerEncSessionKeysUpdateQueue: OwnerEncSessionKeysUpdateQueue
Use generated service interfaces
2022-03-09 17:43:29 +01:00
let crypto: CryptoFacade
Extract UserFacade from LoginFacade, #3888 LoginFacade had multiple responsibilities and thus was causing a lot of circular dependencies. We extracted all the user state into its own class which is then used from most places. LoginFacade now has only login-related functions. We kept entityEventsReceived() in LoginFacade to not introduce circular dependency between UserFacade and EntityClient. Co-authored-by: tih<tih@tutao.de>
2022-04-12 14:23:38 +02:00
let userFacade: UserFacade
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
let keyLoaderFacade: KeyLoaderFacade
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
let keyVerificationFacade: KeyVerificationFacade
enforce updating _ownerEncSessionKey for Files if needed #6275 We assumed that _ownerEncSessionKey is written for a File when we download it. This is not always the case as the UpdateSessionKeysService might not have been invoked or the invocation might have failed.
2024-01-31 18:55:21 +01:00
let cache: DefaultEntityRestCache
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
let asymmetricCryptoFacade: AsymmetricCryptoFacade
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
let keyRotationFacade: KeyRotationFacade
splitted SearchFacade and refactored worker to use locator
2017-11-23 13:30:17 +01:00
o.before(function () {
Introduce domain configs to support 2FA across domains #5638
2023-09-26 18:03:30 +02:00
restClient = object()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
when(restClient.request(anything(), anything(), anything())).thenResolve(undefined)
Extract UserFacade from LoginFacade, #3888 LoginFacade had multiple responsibilities and thus was causing a lot of circular dependencies. We extracted all the user state into its own class which is then used from most places. LoginFacade now has only login-related functions. We kept entityEventsReceived() in LoginFacade to not introduce circular dependency between UserFacade and EntityClient. Co-authored-by: tih<tih@tutao.de>
2022-04-12 14:23:38 +02:00
userFacade = object()
enforce updating _ownerEncSessionKey for Files if needed #6275 We assumed that _ownerEncSessionKey is written for a File when we download it. This is not always the case as the UpdateSessionKeysService might not have been invoked or the invocation might have failed.
2024-01-31 18:55:21 +01:00
cache = object()
splitted SearchFacade and refactored worker to use locator
2017-11-23 13:30:17 +01:00
})
Use generated service interfaces
2022-03-09 17:43:29 +01:00
o.beforeEach(function () {
serviceExecutor = object()
entityClient = object()
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asymmetricCryptoFacade = object()
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
ownerEncSessionKeysUpdateQueue = object()
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
keyVerificationFacade = object()
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
publicKeyProvider = object()
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
keyLoaderFacade = object()
keyRotationFacade = object()
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
crypto = new CryptoFacade(
userFacade,
entityClient,
restClient,
serviceExecutor,
instanceMapper,
ownerEncSessionKeysUpdateQueue,
cache,
keyLoaderFacade,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asymmetricCryptoFacade,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
async () => keyVerificationFacade,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
publicKeyProvider,
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
() => keyRotationFacade,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o("resolve session key: unencrypted instance", async function () {
const dummyDate = new Date().getTime().toString()
const customerAccountTerminationRequestLiteral = {
_format: 0,
terminationDate: dummyDate,
terminationRequestDate: dummyDate,
customer: "customerId",
imported new tutanota client
2017-08-15 13:54:22 +02:00
}
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const CustomerAccountTerminationTypeModel = await resolveTypeReference(CustomerAccountTerminationRequestTypeRef)
o(await crypto.resolveSessionKey(CustomerAccountTerminationTypeModel, customerAccountTerminationRequestLiteral)).equals(null)
imported new tutanota client
2017-08-15 13:54:22 +02:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o("resolve session key: _ownerEncSessionKey instance.", async function () {
const recipientUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientUser, userFacade, keyLoaderFacade)
imported new tutanota client
2017-08-15 13:54:22 +02:00
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const sk = aes256RandomKey()
update sys model, finish MailDetails migration * stop setting the offline db version to 0 for old databases all offline dbs in use now have this field set to 1 already or are outdated and there is no migration that we need to run anymore. * use raw key for desktop offline db instead of passphrase. this will recreate the offline DB for desktop clients. * update minimum compatible model versions for the offline migrator * remove old offline migrations. the remaining ones are the ones added with the lastNonOutdatedClientVersion (3.118.12 since ~120 days) or later, so no client that uses an offline db from before that would be able to log in and an offline db left by such a client will not be migrated due to being outdated. In order to finish the migration to MailDetails we need to delete all mails (with and without mailDetails) and mailBodies. This is needed as we do no longer store the mailBodies directly on the mail, and we currently do not support updating specific ranges of mails that exist in the offline storage. Therefore, deleting only those mails that have no mailDetails set is not possible, as available offline ranges for mails might be broken afterward. includes sys model 94 for supportInfo on customerInfo. @co-authored-by: jhm@tutao.de
2024-02-01 13:54:19 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const mail = createMailLiteral(recipientUser.mailGroupKey, sk, subject, confidential, senderName, recipientUser.name, recipientUser.mailGroup._id)
imported new tutanota client
2017-08-15 13:54:22 +02:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const sessionKey: AesKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
imported new tutanota client
2017-08-15 13:54:22 +02:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o(sessionKey).deepEquals(sk)
imported new tutanota client
2017-08-15 13:54:22 +02:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o("resolve session key: _ownerEncSessionKey instance, fetches correct version.", async function () {
const recipientUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientUser, userFacade, keyLoaderFacade)
imported new tutanota client
2017-08-15 13:54:22 +02:00
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const sk = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const groupKey_v1 = aes256RandomKey()
when(keyLoaderFacade.loadSymGroupKey(recipientUser.mailGroup._id, 1)).thenResolve(groupKey_v1)
const mail = createMailLiteral(groupKey_v1, sk, subject, confidential, senderName, recipientUser.name, recipientUser.mailGroup._id)
mail._ownerKeyVersion = "1"
Use generated service interfaces
2022-03-09 17:43:29 +01:00
Fix tests
2022-04-19 16:51:08 +02:00
const MailTypeModel = await resolveTypeReference(MailTypeRef)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const sessionKey: AesKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
Use generated service interfaces
2022-03-09 17:43:29 +01:00
Convert codebase to Typescript, close #3746 close #3594 Co-authored-by: jom <jom@tutao.de> Co-authored-by: thp <thp@tutao.de> Co-authored-by: vis <vis@tutao.de>
2022-01-07 15:58:30 +01:00
o(sessionKey).deepEquals(sk)
imported new tutanota client
2017-08-15 13:54:22 +02:00
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const protocolVersion = CryptoProtocolVersion.TUTA_CRYPT
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o("resolve session key: rsa public key decryption of session key.", async function () {
[test] Fix tests Fix time difference in test. Do not break process.env.TZ. Increase timeout for CryptoFacadeTest. Run integration tests only when -i is passed.
2021-01-25 12:50:28 +01:00
o.timeout(500) // in CI or with debugging it can take a while
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const recipientUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientUser, userFacade, keyLoaderFacade)
[test] Fix tests Fix time difference in test. Do not break process.env.TZ. Increase timeout for CryptoFacadeTest. Run integration tests only when -i is passed.
2021-01-25 12:50:28 +01:00
imported new tutanota client
2017-08-15 13:54:22 +02:00
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
let sk = aes256RandomKey()
let bk = aes256RandomKey()
make PQKeyPairs a type, fix type checks
2023-12-18 17:30:21 +01:00
let privateKey = RSA_TEST_KEYPAIR.privateKey
let publicKey = RSA_TEST_KEYPAIR.publicKey
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const keyPair = createTestEntity(KeyPairTypeRef, {
Use generated service interfaces
2022-03-09 17:43:29 +01:00
_id: "keyPairId",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
symEncPrivRsaKey: encryptRsaKey(recipientUser.userGroupKey, privateKey),
make PQKeyPairs a type, fix type checks
2023-12-18 17:30:21 +01:00
pubRsaKey: hexToUint8Array(rsaPublicKeyToHex(RSA_TEST_KEYPAIR.publicKey)),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
recipientUser.userGroup.currentKeys = keyPair
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mail = createMailLiteral(null, sk, subject, confidential, senderName, recipientUser.name, recipientUser.mailGroup._id)
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const bucket = createTestEntity(BucketTypeRef, {
Run prettier on the whole project
2022-12-27 15:37:40 +01:00
bucketPermissions: "bucketPermissionListId",
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const permission = createTestEntity(PermissionTypeRef, {
Use generated service interfaces
2022-03-09 17:43:29 +01:00
_id: ["permissionListId", "permissionId"],
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_ownerGroup: recipientUser.userGroup._id,
Use generated service interfaces
2022-03-09 17:43:29 +01:00
bucketEncSessionKey: encryptKey(bk, sk),
bucket,
type: PermissionType.Public,
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = object<Uint8Array>()
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const bucketPermission = createTestEntity(BucketPermissionTypeRef, {
Use generated service interfaces
2022-03-09 17:43:29 +01:00
_id: ["bucketPermissionListId", "bucketPermissionId"],
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_ownerGroup: recipientUser.userGroup._id,
Use generated service interfaces
2022-03-09 17:43:29 +01:00
type: BucketPermissionType.Public,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
group: recipientUser.userGroup._id,
Use generated service interfaces
2022-03-09 17:43:29 +01:00
pubEncBucketKey,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion: protocolVersion,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
pubKeyVersion: "0",
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
Extract UserFacade from LoginFacade, #3888 LoginFacade had multiple responsibilities and thus was causing a lot of circular dependencies. We extracted all the user state into its own class which is then used from most places. LoginFacade now has only login-related functions. We kept entityEventsReceived() in LoginFacade to not introduce circular dependency between UserFacade and EntityClient. Co-authored-by: tih<tih@tutao.de>
2022-04-12 14:23:38 +02:00
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketPermission.group),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketPermission.pubKeyVersion!),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion,
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: null })
Use generated service interfaces
2022-03-09 17:43:29 +01:00
when(entityClient.loadAll(BucketPermissionTypeRef, getListId(bucketPermission))).thenResolve([bucketPermission])
when(entityClient.loadAll(PermissionTypeRef, getListId(permission))).thenResolve([permission])
Run prettier on the whole project
2022-12-27 15:37:40 +01:00
when(
serviceExecutor.post(
UpdatePermissionKeyService,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
argThat((p: UpdatePermissionKeyData) => {
Run prettier on the whole project
2022-12-27 15:37:40 +01:00
return isSameId(p.permission, permission._id) && isSameId(p.bucketPermission, bucketPermission._id)
}),
),
).thenResolve(undefined)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
Fix tests
2022-04-19 16:51:08 +02:00
const MailTypeModel = await resolveTypeReference(MailTypeRef)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
const sessionKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
o(sessionKey).deepEquals(sk)
imported new tutanota client
2017-08-15 13:54:22 +02:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o("resolve session key: pq public key decryption of session key.", async function () {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o.timeout(500) // in CI or with debugging it can take a while
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const recipientTestUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientTestUser, userFacade, keyLoaderFacade)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
let pqKeyPairs = await pqFacade.generateKeyPairs()
const senderIdentityKeyPair = generateEccKeyPair()
// configure test mail
let sk = aes256RandomKey()
let bk = aes256RandomKey()
const mail = createMailLiteral(null, sk, subject, confidential, senderName, recipientTestUser.name, recipientTestUser.mailGroup._id)
const bucket = createBucket({
bucketPermissions: "bucketPermissionListId",
})
const permission = createPermission({
_format: "",
listElementApplication: null,
listElementTypeId: null,
ops: null,
symEncSessionKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
symKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_id: ["permissionListId", "permissionId"],
_ownerGroup: recipientTestUser.mailGroup._id,
bucketEncSessionKey: encryptKey(bk, sk),
bucket,
type: PermissionType.Public,
_ownerEncSessionKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
_ownerKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_permissions: "p_id",
group: null,
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = await pqFacade.encapsulateAndEncode(
senderIdentityKeyPair,
generateEccKeyPair(),
pqKeyPairsToPublicKeys(pqKeyPairs),
bitArrayToUint8Array(bk),
)
const protocolVersion = CryptoProtocolVersion.RSA
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const bucketPermission = createBucketPermission({
_id: ["bucketPermissionListId", "bucketPermissionId"],
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
_format: "",
_permissions: "",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_ownerGroup: recipientTestUser.mailGroup._id,
type: BucketPermissionType.Public,
group: recipientTestUser.userGroup._id,
pubEncBucketKey,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
senderKeyVersion: "0",
ownerEncBucketKey: null,
ownerKeyVersion: null,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
pubKeyVersion: "0",
symEncBucketKey: null,
symKeyVersion: null,
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketPermission.group),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketPermission.pubKeyVersion!),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion,
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderIdentityKeyPair.publicKey })
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(userFacade.createAuthHeaders()).thenReturn({})
when(restClient.request(anything(), HttpMethod.PUT, anything())).thenResolve(undefined)
when(entityClient.loadAll(BucketPermissionTypeRef, getListId(bucketPermission))).thenResolve([bucketPermission])
when(entityClient.loadAll(PermissionTypeRef, getListId(permission))).thenResolve([permission])
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const sessionKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
o(sessionKey).deepEquals(sk)
})
o("resolve session key: pq public key decryption of session key, fetches correct recipient key version", async function () {
o.timeout(500) // in CI or with debugging it can take a while
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
const recipientTestUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientTestUser, userFacade, keyLoaderFacade)
const pqKeyPairs_v1 = await pqFacade.generateKeyPairs()
const senderIdentityKeyPair = generateEccKeyPair()
// configure test mail
const sk = aes256RandomKey()
const bk = aes256RandomKey()
const mail = createMailLiteral(null, sk, subject, confidential, senderName, recipientTestUser.name, recipientTestUser.mailGroup._id)
const bucket = createBucket({
bucketPermissions: "bucketPermissionListId",
})
const permission = createPermission({
_format: "",
listElementApplication: null,
listElementTypeId: null,
ops: null,
symEncSessionKey: null,
symKeyVersion: null,
_id: ["permissionListId", "permissionId"],
_ownerGroup: recipientTestUser.mailGroup._id,
bucketEncSessionKey: encryptKey(bk, sk),
bucket,
type: PermissionType.Public,
_ownerEncSessionKey: null,
_ownerKeyVersion: null,
_permissions: "p_id",
group: null,
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = await pqFacade.encapsulateAndEncode(
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
senderIdentityKeyPair,
generateEccKeyPair(),
pqKeyPairsToPublicKeys(pqKeyPairs_v1),
bitArrayToUint8Array(bk),
)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const protocolVersion = CryptoProtocolVersion.RSA
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const bucketPermission = createBucketPermission({
_id: ["bucketPermissionListId", "bucketPermissionId"],
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_format: "",
_permissions: "",
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
_ownerGroup: recipientTestUser.mailGroup._id,
type: BucketPermissionType.Public,
group: recipientTestUser.userGroup._id,
pubEncBucketKey,
senderKeyVersion: "0",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
ownerEncBucketKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
ownerKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
protocolVersion: "0",
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
pubKeyVersion: "1",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
symEncBucketKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
symKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketPermission.group),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketPermission.pubKeyVersion!),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion,
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderIdentityKeyPair.publicKey })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
when(userFacade.createAuthHeaders()).thenReturn({})
when(restClient.request(anything(), HttpMethod.PUT, anything())).thenResolve(undefined)
when(entityClient.loadAll(BucketPermissionTypeRef, getListId(bucketPermission))).thenResolve([bucketPermission])
when(entityClient.loadAll(PermissionTypeRef, getListId(permission))).thenResolve([permission])
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const sessionKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
o(sessionKey).deepEquals(sk)
})
o("resolve session key: pq public key decryption of session key using bucketKey", async function () {
o.timeout(500) // in CI or with debugging it can take a while
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
const recipientTestUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientTestUser, userFacade, keyLoaderFacade)
const pqKeyPairs_v1 = await pqFacade.generateKeyPairs()
const senderIdentityKeyPair = generateEccKeyPair()
// configure test mail
const sk = aes256RandomKey()
const bk = aes256RandomKey()
const mail = createMailLiteral(null, sk, subject, confidential, senderName, recipientTestUser.name, recipientTestUser.mailGroup._id)
const bucketEncMailSessionKey = encryptKey(bk, sk)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = await pqFacade.encapsulateAndEncode(
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
senderIdentityKeyPair,
generateEccKeyPair(),
pqKeyPairsToPublicKeys(pqKeyPairs_v1),
bitArrayToUint8Array(bk),
)
Object.assign(mail, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
const senderKeyVersion = 1
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
await prepareBucketKeyInstance(
bucketEncMailSessionKey,
[],
bk,
pubEncBucketKey,
recipientTestUser,
instanceMapper,
mail,
{
object: senderIdentityKeyPair.publicKey,
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
version: senderKeyVersion,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
},
"1",
protocolVersion,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
asymmetricCryptoFacade,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.decryptSymKeyWithKeyPair(
{
keyPairType: pqKeyPairs_v1.keyPairType,
eccKeyPair: pqKeyPairs_v1.eccKeyPair,
kyberKeyPair: pqKeyPairs_v1.kyberKeyPair,
},
protocolVersion,
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderIdentityKeyPair.publicKey })
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(userFacade.createAuthHeaders()).thenReturn({})
when(restClient.request(anything(), HttpMethod.PUT, anything())).thenResolve(undefined)
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
when(
asymmetricCryptoFacade.authenticateSender(
{
identifier: senderAddress,
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
},
senderIdentityKeyPair.publicKey,
senderKeyVersion,
),
).thenResolve(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_SUCCEEDED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const sessionKey = neverNull(await crypto.resolveSessionKey(MailTypeModel, mail))
o(sessionKey).deepEquals(sk)
})
enforce updating _ownerEncSessionKey for Files if needed #6275 We assumed that _ownerEncSessionKey is written for a File when we download it. This is not always the case as the UpdateSessionKeysService might not have been invoked or the invocation might have failed.
2024-01-31 18:55:21 +01:00
o("enforceSessionKeyUpdateIfNeeded: _ownerEncSessionKey already defined", async function () {
const files = [createTestEntity(FileTypeRef, { _ownerEncSessionKey: new Uint8Array() })]
await crypto.enforceSessionKeyUpdateIfNeeded({}, files)
verify(ownerEncSessionKeysUpdateQueue.postUpdateSessionKeysService(anything()), { times: 0 })
verify(cache.deleteFromCacheIfExists(anything(), anything(), anything()), { times: 0 })
})
o("enforceSessionKeyUpdateIfNeeded: _ownerEncSessionKey missing", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const files = [
createTestEntity(FileTypeRef, { _id: ["listId", "1"], _ownerEncSessionKey: new Uint8Array() }),
createTestEntity(FileTypeRef, { _id: ["listId", "2"], _ownerEncSessionKey: null }),
]
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
const mail = createTestEntity(MailTypeRef, testData.mailLiteral)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
// const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
enforce updating _ownerEncSessionKey for Files if needed #6275 We assumed that _ownerEncSessionKey is written for a File when we download it. This is not always the case as the UpdateSessionKeysService might not have been invoked or the invocation might have failed.
2024-01-31 18:55:21 +01:00
const updatedFiles = await crypto.enforceSessionKeyUpdateIfNeeded(mail, files)
verify(ownerEncSessionKeysUpdateQueue.postUpdateSessionKeysService(anything()), { times: 1 })
verify(cache.deleteFromCacheIfExists(FileTypeRef, "listId", "2"))
})
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
o("encryptBucketKeyForInternalRecipient with existing PQKeys for sender and recipient", async function () {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
let recipientMailAddress = "bob@tutanota.com"
let senderGroupKey = aes256RandomKey()
let bk = aes256RandomKey()
const recipientKeyPairs = await pqFacade.generateKeyPairs()
const recipientKeyPair = createKeyPair({
_id: "recipientKeyPairId",
pubEccKey: recipientKeyPairs.eccKeyPair.publicKey,
symEncPrivEccKey: null,
pubKyberKey: kyberPublicKeyToBytes(recipientKeyPairs.kyberKeyPair.publicKey),
symEncPrivKyberKey: null,
pubRsaKey: null,
symEncPrivRsaKey: null,
})
const senderKeyPairs = await pqFacade.generateKeyPairs()
const senderKeyPair = createKeyPair({
_id: "senderKeyPairId",
pubRsaKey: null,
symEncPrivRsaKey: null,
pubEccKey: senderKeyPairs.eccKeyPair.publicKey,
symEncPrivEccKey: aesEncrypt(senderGroupKey, senderKeyPairs.eccKeyPair.privateKey),
pubKyberKey: kyberPublicKeyToBytes(senderKeyPairs.kyberKeyPair.publicKey),
symEncPrivKyberKey: aesEncrypt(senderGroupKey, kyberPrivateKeyToBytes(senderKeyPairs.kyberKeyPair.privateKey)),
})
const senderUserGroup = createGroup({
_format: "",
_ownerGroup: "",
_permissions: "",
admin: "admin1",
adminGroupEncGKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
adminGroupKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
archives: [],
customer: "customer1",
enabled: false,
external: false,
groupInfo: ["", ""],
invitations: "",
members: "",
storageCounter: "counter1",
type: "",
user: "user1",
_id: "userGroupId",
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
currentKeys: senderKeyPair,
groupKeyVersion: "0",
formerGroupKeys: null,
pubAdminGroupEncGKey: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(keyLoaderFacade.loadCurrentKeyPair(senderUserGroup._id)).thenResolve({ version: 0, object: senderKeyPairs })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const notFoundRecipients = []
const pqEncapsulation: PQBucketKeyEncapsulation = {
kyberCipherText: new Uint8Array([1]),
kekEncBucketKey: new Uint8Array([2]),
}
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const encodedPqMessage: Uint8Array = encodePQMessage({
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
senderIdentityPubKey: senderKeyPair.pubEccKey!,
ephemeralPubKey: senderKeyPair.pubEccKey!,
encapsulation: pqEncapsulation,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const recipientPublicKeys: Versioned<PQPublicKeys> = {
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
version: 0,
object: {
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
keyPairType: KeyPairType.TUTA_CRYPT,
eccPublicKey: recipientKeyPair.pubEccKey!,
kyberPublicKey: {
raw: recipientKeyPair.pubKyberKey!,
},
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
},
}
Cleanup after reviewing key verification branch Co-authored-by: mab <mab@tutao.de>
2025-03-13 17:00:34 +01:00
when(
publicKeyProvider.loadCurrentPubKey({
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
identifier: recipientMailAddress,
}),
).thenResolve(recipientPublicKeys)
when(
publicKeyProvider.loadPubKey(
{
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
identifier: recipientMailAddress,
},
0,
),
).thenResolve({
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
version: 0,
object: {
keyPairType: KeyPairType.TUTA_CRYPT,
eccPublicKey: senderKeyPair.pubEccKey!,
kyberPublicKey: { raw: senderKeyPair.pubKyberKey! },
},
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
when(entityClient.load(GroupTypeRef, senderUserGroup._id)).thenResolve(senderUserGroup)
Cleanup after reviewing key verification branch Co-authored-by: mab <mab@tutao.de>
2025-03-13 17:00:34 +01:00
when(keyLoaderFacade.getCurrentSymGroupKey(senderUserGroup._id)).thenResolve({
object: senderGroupKey,
version: 0,
})
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
when(asymmetricCryptoFacade.asymEncryptSymKey(bk, recipientPublicKeys, senderUserGroup._id)).thenResolve({
recipientKeyVersion: recipientPublicKeys.version,
senderKeyVersion: parseKeyVersion(senderUserGroup.groupKeyVersion),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
pubEncSymKeyBytes: encodedPqMessage,
cryptoProtocolVersion: CryptoProtocolVersion.TUTA_CRYPT,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const internalRecipientKeyData = (await crypto.encryptBucketKeyForInternalRecipient(
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
senderUserGroup._id,
bk,
recipientMailAddress,
notFoundRecipients,
)) as InternalRecipientKeyData
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o(internalRecipientKeyData!.recipientKeyVersion).equals("0")
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
o(internalRecipientKeyData.protocolVersion).equals(CryptoProtocolVersion.TUTA_CRYPT)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(internalRecipientKeyData!.mailAddress).equals(recipientMailAddress)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
o(internalRecipientKeyData!.pubEncBucketKey).deepEquals(encodedPqMessage)
enforce constraint that the client only accepts rsa keys in version 0 make convertToVersionedPublicKeys part of PublicKeyProvider and private tutadb#1926
2025-01-22 15:19:22 +01:00
verify(publicKeyProvider, { times: 0 })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
o("encryptBucketKeyForInternalRecipient with existing PQKeys for sender", async () => {
let recipientMailAddress = "bob@tutanota.com"
let senderGroupKey = aes256RandomKey()
let bk = aes256RandomKey()
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
let senderMailAddress = "alice@tutanota.com"
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const senderKeyPair: KeyPair = object()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const senderAsymmetricKeyPair: Versioned<RsaKeyPair> = object()
const senderPublicKey: Versioned<RsaPublicKey> = object()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const senderUserGroup = createGroup({
_id: "userGroupId",
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
currentKeys: senderKeyPair,
groupKeyVersion: "0",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
_permissions: "",
admin: null,
adminGroupEncGKey: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
adminGroupKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
archives: [],
customer: null,
enabled: false,
external: false,
groupInfo: ["", ""],
invitations: "",
members: "",
storageCounter: null,
type: "",
user: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
formerGroupKeys: null,
pubAdminGroupEncGKey: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
when(keyLoaderFacade.loadCurrentKeyPair(senderUserGroup._id)).thenResolve(senderAsymmetricKeyPair)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const notFoundRecipients = []
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const recipientPublicKeys: Versioned<RsaPublicKey> = {
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
version: 0,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
object: object(),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
}
Cleanup after reviewing key verification branch Co-authored-by: mab <mab@tutao.de>
2025-03-13 17:00:34 +01:00
when(
publicKeyProvider.loadCurrentPubKey({
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
identifier: recipientMailAddress,
}),
).thenResolve(recipientPublicKeys)
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const senderPublicKeys: Versioned<PQPublicKeys> = {
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
version: 0,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
object: object(),
}
when(
publicKeyProvider.loadCurrentPubKey({
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
identifier: senderMailAddress,
}),
).thenResolve(senderPublicKeys)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
when(entityClient.load(GroupTypeRef, senderUserGroup._id)).thenResolve(senderUserGroup)
Cleanup after reviewing key verification branch Co-authored-by: mab <mab@tutao.de>
2025-03-13 17:00:34 +01:00
when(keyLoaderFacade.getCurrentSymGroupKey(senderUserGroup._id)).thenResolve({
object: senderGroupKey,
version: 0,
})
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = object<Uint8Array>()
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
when(asymmetricCryptoFacade.asymEncryptSymKey(bk, recipientPublicKeys, senderUserGroup._id)).thenResolve({
recipientKeyVersion: recipientPublicKeys.version,
senderKeyVersion: parseKeyVersion(senderUserGroup.groupKeyVersion),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
pubEncSymKeyBytes: pubEncBucketKey,
cryptoProtocolVersion: CryptoProtocolVersion.RSA,
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
const internalRecipientKeyData = (await crypto.encryptBucketKeyForInternalRecipient(
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
senderUserGroup._id,
bk,
recipientMailAddress,
notFoundRecipients,
)) as InternalRecipientKeyData
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
o(internalRecipientKeyData!.recipientKeyVersion).equals("0")
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(internalRecipientKeyData!.mailAddress).equals(recipientMailAddress)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
o(internalRecipientKeyData.protocolVersion).equals(CryptoProtocolVersion.RSA)
o(internalRecipientKeyData.pubEncBucketKey).deepEquals(pubEncBucketKey)
enforce constraint that the client only accepts rsa keys in version 0 make convertToVersionedPublicKeys part of PublicKeyProvider and private tutadb#1926
2025-01-22 15:19:22 +01:00
verify(publicKeyProvider, { times: 0 })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
o("authenticateSender | sender is authenticated for correct SenderIdentityKey", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
const senderKeyVersion = "0"
when(
asymmetricCryptoFacade.authenticateSender(
{
identifier: senderAddress,
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
},
testData.senderIdentityKeyPair.publicKey,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(senderKeyVersion),
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
),
).thenResolve(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_SUCCEEDED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
Show pq padlock symbol for sent mail, tutadb 1788 (#6699) * Show pq padlock symbol for sent mail, tutadb 1788 To show the pq padlock symbol for the sender we introduced another enum value for the encryptionAuthStatus on Mail instances which is only set for the sent mail. It is only set in case the mail is confidential and all recipients support the TutaCrypt protocol. * clean up outdated invitations from offlince cache see the fix for tutadb#1800 --------- Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: vaf <vaf@tutao.de>
2024-05-06 11:08:05 +02:00
o(actualAutStatus).deepEquals(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_SUCCEEDED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
o("authenticateSender | sender is authenticated for correct SenderIdentityKey from system@tutanota.de", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest([], false)
Object.assign(testData.mailLiteral, { body: "bodyId" })
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
const senderKeyVersion = "0"
const senderIdentifier = "system@tutanota.de"
when(
asymmetricCryptoFacade.authenticateSender(
{
identifier: senderIdentifier,
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
},
testData.senderIdentityKeyPair.publicKey,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(senderKeyVersion),
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
),
).thenResolve(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_SUCCEEDED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
Show pq padlock symbol for sent mail, tutadb 1788 (#6699) * Show pq padlock symbol for sent mail, tutadb 1788 To show the pq padlock symbol for the sender we introduced another enum value for the encryptionAuthStatus on Mail instances which is only set for the sent mail. It is only set in case the mail is confidential and all recipients support the TutaCrypt protocol. * clean up outdated invitations from offlince cache see the fix for tutadb#1800 --------- Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: vaf <vaf@tutao.de>
2024-05-06 11:08:05 +02:00
o(actualAutStatus).deepEquals(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_SUCCEEDED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
o("authenticateSender | sender is not authenticated for incorrect SenderIdentityKey", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
const senderKeyVersion = "0"
when(
asymmetricCryptoFacade.authenticateSender(
{
identifier: senderAddress,
identifierType: PublicKeyIdentifierType.MAIL_ADDRESS,
},
testData.senderIdentityKeyPair.publicKey,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(senderKeyVersion),
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
),
).thenResolve(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_FAILED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
Show pq padlock symbol for sent mail, tutadb 1788 (#6699) * Show pq padlock symbol for sent mail, tutadb 1788 To show the pq padlock symbol for the sender we introduced another enum value for the encryptionAuthStatus on Mail instances which is only set for the sent mail. It is only set in case the mail is confidential and all recipients support the TutaCrypt protocol. * clean up outdated invitations from offlince cache see the fix for tutadb#1800 --------- Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: vaf <vaf@tutao.de>
2024-05-06 11:08:05 +02:00
o(actualAutStatus).deepEquals(EncryptionAuthStatus.TUTACRYPT_AUTHENTICATION_FAILED)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
o("authenticateSender | no authentication needed for sender with RSAKeypair", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()), { times: 1 })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
o(actualAutStatus).deepEquals(EncryptionAuthStatus.RSA_NO_AUTHENTICATION)
})
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
o("authenticateSender | RSA was used despite recipient having tutacrypt", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
when(keyLoaderFacade.loadCurrentKeyPair(anything())).thenResolve({
version: 1,
object: {
keyPairType: KeyPairType.TUTA_CRYPT,
kyberKeyPair: object(),
eccKeyPair: object(),
},
})
when(keyRotationFacade.getGroupIdsThatPerformedKeyRotations()).thenResolve([])
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()), { times: 1 })
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
o(actualAutStatus).deepEquals(EncryptionAuthStatus.RSA_DESPITE_TUTACRYPT)
})
o("authenticateSender | RSA was used right after a key rotation", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
when(keyLoaderFacade.loadCurrentKeyPair(anything())).thenResolve({
version: 1,
object: {
keyPairType: KeyPairType.TUTA_CRYPT,
kyberKeyPair: object(),
eccKeyPair: object(),
},
})
when(keyRotationFacade.getGroupIdsThatPerformedKeyRotations()).thenResolve([testData.userGroupId])
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()), { times: 1 })
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
o(actualAutStatus).deepEquals(EncryptionAuthStatus.RSA_NO_AUTHENTICATION)
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o("authenticateSender | no authentication needed for secure external recipient", async function () {
o.timeout(500) // in CI or with debugging it can take a while
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const file1SessionKey = aes256RandomKey()
const file2SessionKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await prepareConfidentialMailToExternalRecipient([file1SessionKey, file2SessionKey])
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(mailSessionKey).deepEquals(testData.sk)
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()), { times: 1 })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
o(actualAutStatus).deepEquals(EncryptionAuthStatus.AES_NO_AUTHENTICATION)
})
o("authenticateSender | no authentication needed for secure external sender", async function () {
//o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareConfidentialReplyFromExternalUser()
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const externalUser = testData.externalUser
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(mailSessionKey).deepEquals(testData.sk)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const mailCaptor = matchers.captor()
const userCaptor = matchers.captor()
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
verify(keyLoaderFacade.loadSymGroupKey(externalUser.userGroup._id, parseKeyVersion(externalUser.mailGroup.adminGroupKeyVersion!), userCaptor.capture()))
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
verify(keyLoaderFacade.loadSymGroupKey(externalUser.mailGroup._id, testData.recipientKeyVersion, mailCaptor.capture()))
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
o(userCaptor.value.version).equals(parseKeyVersion(externalUser.userGroup.groupKeyVersion))
o(mailCaptor.value.version).equals(parseKeyVersion(externalUser.mailGroup.groupKeyVersion))
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()), { times: 1 })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value as Array<InstanceSessionKey>
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
const mailInstanceSessionKey = updatedInstanceSessionKeys.find((instanceSessionKey) =>
isSameId([instanceSessionKey.instanceList, instanceSessionKey.instanceId], testData.mailLiteral._id),
)
const actualAutStatus = utf8Uint8ArrayToString(aesDecrypt(testData.sk, neverNull(mailInstanceSessionKey).encryptionAuthStatus!))
o(actualAutStatus).deepEquals(EncryptionAuthStatus.AES_NO_AUTHENTICATION)
})
fixes after review with armhub, test cases for instance migration #2015
2020-04-29 15:55:56 +02:00
o.spec("instance migrations", function () {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o.beforeEach(function () {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
when(entityClient.update(anything())).thenResolve(undefined)
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
o("contact migration without birthday", async function () {
Enforce providing initializer when creating instances Thanks @charlag for the solution for tests! tutanota#6118
2023-11-09 17:04:42 +01:00
const contact = createTestEntity(ContactTypeRef)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
o(migratedContact.birthdayIso).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 0 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
Use generated service interfaces
2022-03-09 17:43:29 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration without existing birthday", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
birthdayIso: "2019-05-01",
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(migratedContact.birthdayIso).equals("2019-05-01")
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 0 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
Use generated service interfaces
2022-03-09 17:43:29 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration without existing birthday and oldBirthdayDate", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
_id: ["listid", "id"],
birthdayIso: "2019-05-01",
oldBirthdayDate: new Date(2000, 4, 1),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
o(migratedContact.birthdayIso).equals("2019-05-01")
o(migratedContact.oldBirthdayAggregate).equals(null)
o(migratedContact.oldBirthdayDate).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 1 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
Use generated service interfaces
2022-03-09 17:43:29 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration with existing birthday and oldBirthdayAggregate", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
_id: ["listid", "id"],
birthdayIso: "2019-05-01",
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
oldBirthdayAggregate: createTestEntity(BirthdayTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
day: "01",
month: "05",
year: "2000",
}),
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
Use generated service interfaces
2022-03-09 17:43:29 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(migratedContact.birthdayIso).equals("2019-05-01")
o(migratedContact.oldBirthdayAggregate).equals(null)
o(migratedContact.oldBirthdayDate).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 1 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration from oldBirthdayAggregate", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
_id: ["listid", "id"],
oldBirthdayDate: new Date(1800, 4, 1),
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
oldBirthdayAggregate: createTestEntity(BirthdayTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
day: "01",
month: "05",
year: "2000",
}),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(migratedContact.birthdayIso).equals("2000-05-01")
o(migratedContact.oldBirthdayAggregate).equals(null)
o(migratedContact.oldBirthdayDate).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 1 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration from oldBirthdayDate", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
_id: ["listid", "id"],
birthdayIso: null,
oldBirthdayDate: new Date(1800, 4, 1),
oldBirthdayAggregate: null,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(migratedContact.birthdayIso).equals("1800-05-01")
o(migratedContact.oldBirthdayAggregate).equals(null)
o(migratedContact.oldBirthdayDate).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 1 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o("contact migration from oldBirthdayAggregate without year", async function () {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const contact = createTestEntity(ContactTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
_id: ["listid", "id"],
birthdayIso: null,
oldBirthdayDate: null,
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
oldBirthdayAggregate: createTestEntity(BirthdayTypeRef, {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
day: "01",
month: "05",
year: null,
}),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
fixes after Willow's review
2023-01-12 16:48:28 +01:00
const migratedContact = await crypto.applyMigrationsForInstance(contact)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(migratedContact.birthdayIso).equals("--05-01")
o(migratedContact.oldBirthdayAggregate).equals(null)
o(migratedContact.oldBirthdayDate).equals(null)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
verify(entityClient.update(anything()), { times: 1 })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o("resolve session key: rsa public key decryption of mail session key using BucketKey aggregated type - Mail referencing MailBody", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
})
o("resolve session key: rsa public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsDraft", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { mailDetailsDraft: ["draftDetailsListId", "draftDetailsId"] })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
})
o(
"resolve session key: rsa public key decryption of mail session key using BucketKey aggregated type - already decoded/decrypted Mail referencing MailDetailsDraft",
async function () {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o.timeout(500) // in CI or with debugging it can take a while
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, {
mailDetailsDraft: ["draftDetailsListId", "draftDetailsId"],
})
const mailInstance = await instanceMapper.decryptAndMapToInstance<Mail>(testData.MailTypeModel, testData.mailLiteral, testData.sk)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// do not use testdouble here because it's hard to not break the function itself and then verify invocations
const decryptAndMapToInstance = (instanceMapper.decryptAndMapToInstance = spy(instanceMapper.decryptAndMapToInstance))
const convertBucketKeyToInstanceIfNecessary = (crypto.convertBucketKeyToInstanceIfNecessary = spy(crypto.convertBucketKeyToInstanceIfNecessary))
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, mailInstance))
o(decryptAndMapToInstance.invocations.length).equals(0)
o(convertBucketKeyToInstanceIfNecessary.invocations.length).equals(1)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(sessionKey).deepEquals(testData.sk)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
},
)
o("resolve session key: rsa public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsBlob", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(sessionKey).deepEquals(testData.sk)
})
o(
"resolve session key: rsa public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsBlob with attachments",
async function () {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o.timeout(500) // in CI or with debugging it can take a while
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const file1SessionKey = aes256RandomKey()
const file2SessionKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await prepareRsaPubEncBucketKeyResolveSessionKeyTest([file1SessionKey, file2SessionKey])
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
fixes after Willow's review
2023-01-12 16:48:28 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(mailSessionKey).deepEquals(testData.sk)
fixes after Willow's review
2023-01-12 16:48:28 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(testData.bucketKey.bucketEncSessionKeys.length).equals(3) //mail, file1, file2
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
for (const isk of testData.bucketKey.bucketEncSessionKeys) {
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const expectedSessionKey = decryptKey(testData.bk, isk.symEncSessionKey)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
updatedInstanceSessionKeys.some((updatedKey) => {
let updatedSessionKey = decryptKey(testData.mailGroupKey, updatedKey.symEncSessionKey)
return (
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
updatedKey.instanceId === isk.instanceId &&
updatedKey.instanceList === isk.instanceList &&
updatedKey.typeInfo.application === isk.typeInfo.application &&
updatedKey.typeInfo.typeId === isk.typeInfo.typeId &&
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
arrayEquals(updatedSessionKey, expectedSessionKey)
)
}),
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
).equals(true)
}
},
)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// ------------
fixes after Willow's review
2023-01-12 16:48:28 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o("resolve session key: pq public key decryption of mail session key using BucketKey aggregated type - Mail referencing MailBody", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { body: "bodyId" })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(sessionKey).deepEquals(testData.sk)
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o("resolve session key: pq public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsDraft", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { mailDetailsDraft: ["draftDetailsListId", "draftDetailsId"] })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
})
o(
"resolve session key: pq public key decryption of mail session key using BucketKey aggregated type - already decoded/decrypted Mail referencing MailDetailsDraft",
async function () {
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o.timeout(500) // in CI or with debugging it can take a while
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, {
mailDetailsDraft: ["draftDetailsListId", "draftDetailsId"],
})
const mailInstance = await instanceMapper.decryptAndMapToInstance<Mail>(testData.MailTypeModel, testData.mailLiteral, testData.sk)
// do not use testdouble here because it's hard to not break the function itself and then verify invocations
const decryptAndMapToInstance = (instanceMapper.decryptAndMapToInstance = spy(instanceMapper.decryptAndMapToInstance))
const convertBucketKeyToInstanceIfNecessary = (crypto.convertBucketKeyToInstanceIfNecessary = spy(crypto.convertBucketKeyToInstanceIfNecessary))
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, mailInstance))
// TODO is it ok to remove this: decryptAndMapToInstance is now called when resolving the session key
// o(decryptAndMapToInstance.invocations.length).equals(0)
o(convertBucketKeyToInstanceIfNecessary.invocations.length).equals(1)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
fixes after Willow's review
2023-01-12 16:48:28 +01:00
o(sessionKey).deepEquals(testData.sk)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
},
)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o("resolve session key: pq public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsBlob", async function () {
o.timeout(500) // in CI or with debugging it can take a while
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest()
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
const sessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(sessionKey).deepEquals(testData.sk)
fixes after Willow's review
2023-01-12 16:48:28 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
o(
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
"resolve session key: pq public key decryption of session key using BucketKey aggregated type - Mail referencing MailDetailsBlob with attachments",
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
async function () {
o.timeout(500) // in CI or with debugging it can take a while
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const file1SessionKey = aes256RandomKey()
const file2SessionKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await preparePqPubEncBucketKeyResolveSessionKeyTest([file1SessionKey, file2SessionKey])
fixes after Willow's review
2023-01-12 16:48:28 +01:00
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(mailSessionKey).deepEquals(testData.sk)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
o(testData.bucketKey.bucketEncSessionKeys.length).equals(3) //mail, file1, file2
const updatedInstanceSessionKeysCaptor = captor()
process shared group key rotation, handle group key updates as member of a shared group rotated by the owner, tutadb#1793
2024-06-10 14:05:35 +02:00
verify(ownerEncSessionKeysUpdateQueue.updateInstanceSessionKeys(updatedInstanceSessionKeysCaptor.capture(), anything()))
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const updatedInstanceSessionKeys = updatedInstanceSessionKeysCaptor.value
o(updatedInstanceSessionKeys.length).equals(testData.bucketKey.bucketEncSessionKeys.length)
for (const isk of testData.bucketKey.bucketEncSessionKeys) {
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const expectedSessionKey = decryptKey(testData.bk, isk.symEncSessionKey)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
if (
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
!updatedInstanceSessionKeys.some((updatedKey) => {
const updatedSessionKey = decryptKey(testData.mailGroupKey, updatedKey.symEncSessionKey)
return (
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
updatedKey.instanceId === isk.instanceId &&
updatedKey.instanceList === isk.instanceList &&
updatedKey.typeInfo.application === isk.typeInfo.application &&
updatedKey.typeInfo.typeId === isk.typeInfo.typeId &&
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
arrayEquals(updatedSessionKey, expectedSessionKey)
)
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
) {
console.log("===============================")
updatedInstanceSessionKeys.some((updatedKey) => {
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const updatedSessionKey = decryptKey(testData.mailGroupKey, updatedKey.symEncSessionKey)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
console.log(">>>>>>>>>>>>>>>>>>>>>>>")
console.log("1 ", updatedKey.instanceId, isk.instanceId)
console.log("2 ", updatedKey.instanceList, isk.instanceList)
console.log("3 ", updatedKey.typeInfo.application, isk.typeInfo.application)
console.log("4 ", updatedKey.typeInfo.typeId, isk.typeInfo.typeId)
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
console.log("5 ", updatedSessionKey, expectedSessionKey)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
}
o(
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
updatedInstanceSessionKeys.some((updatedKey) => {
const updatedSessionKey = decryptKey(testData.mailGroupKey, updatedKey.symEncSessionKey)
return (
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
updatedKey.instanceId === isk.instanceId &&
updatedKey.instanceList === isk.instanceList &&
updatedKey.typeInfo.application === isk.typeInfo.application &&
updatedKey.typeInfo.typeId === isk.typeInfo.typeId &&
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
arrayEquals(updatedSessionKey, expectedSessionKey)
)
}),
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
).equals(true)
}
},
)
o(
"resolve session key: external user key decryption of session key using BucketKey aggregated type encrypted with MailGroupKey - Mail referencing MailDetailsBlob with attachments",
async function () {
o.timeout(500) // in CI or with debugging it can take a while
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const file1SessionKey = aes256RandomKey()
const file2SessionKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await prepareConfidentialMailToExternalRecipient([file1SessionKey, file2SessionKey])
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
o(mailSessionKey).deepEquals(testData.sk)
},
)
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
o(
"resolve session key: external user key decryption of session key using BucketKey aggregated type encrypted with UserGroupKey - Mail referencing MailDetailsBlob with attachments",
async function () {
o.timeout(500) // in CI or with debugging it can take a while
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const file1SessionKey = aes256RandomKey()
const file2SessionKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const testData = await prepareConfidentialMailToExternalRecipient([file1SessionKey, file2SessionKey], true)
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
Object.assign(testData.mailLiteral, { mailDetails: ["mailDetailsArchiveId", "mailDetailsId"] })
const mailSessionKey = neverNull(await crypto.resolveSessionKey(testData.MailTypeModel, testData.mailLiteral))
o(mailSessionKey).deepEquals(testData.sk)
},
)
remove CryptoFacade.sessionKeyCache tutadb#1571
2023-08-08 14:52:14 +02:00
o("resolve session key: MailDetailsBlob", async function () {
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
const gk = aes256RandomKey()
const sk = aes256RandomKey()
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const ownerGroup = "mailGroupId"
when(keyLoaderFacade.getCurrentSymGroupKey(ownerGroup)).thenResolve({ object: gk, version: 0 })
when(userFacade.hasGroup(ownerGroup)).thenReturn(true)
remove CryptoFacade.sessionKeyCache tutadb#1571
2023-08-08 14:52:14 +02:00
when(userFacade.isFullyLoggedIn()).thenReturn(true)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const MailDetailsBlobTypeModel = await resolveTypeReference(MailDetailsBlobTypeRef)
const mailDetailsBlobLiteral = {
_id: ["mailDetailsArchiveId", "mailDetailsId"],
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
_ownerGroup: ownerGroup,
remove CryptoFacade.sessionKeyCache tutadb#1571
2023-08-08 14:52:14 +02:00
_ownerEncSessionKey: encryptKey(gk, sk),
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
}
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(keyLoaderFacade.loadSymGroupKey(ownerGroup, 0)).thenResolve(gk)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const mailDetailsBlobSessionKey = neverNull(await crypto.resolveSessionKey(MailDetailsBlobTypeModel, mailDetailsBlobLiteral))
o(mailDetailsBlobSessionKey).deepEquals(sk)
})
remove CryptoFacade.sessionKeyCache tutadb#1571
2023-08-08 14:52:14 +02:00
o("resolve session key: MailDetailsBlob - session key not found", async function () {
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const MailDetailsBlobTypeModel = await resolveTypeReference(MailDetailsBlobTypeRef)
const mailDetailsBlobLiteral = {
_id: ["mailDetailsArchiveId", "mailDetailsId"],
_permissions: "permissionListId",
}
when(entityClient.loadAll(PermissionTypeRef, "permissionListId")).thenResolve([])
try {
await crypto.resolveSessionKey(MailDetailsBlobTypeModel, mailDetailsBlobLiteral)
o(true).equals(false) // let the test fails if there is no exception
} catch (error) {
o(error.constructor).equals(SessionKeyNotFoundError)
}
})
/**
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
* Prepares the environment to test receiving rsa asymmetric encrypted emails that have been sent with the simplified permission system.
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
* - Creates key pair for the recipient user
* - Creates group, bucket and session keys
* - Creates mail literal and encrypts all encrypted attributes of the mail
* - Create BucketKey object on the mail
*
* @param fileSessionKeys List of session keys for the attachments. When the list is empty there are no attachments
*/
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
async function prepareRsaPubEncBucketKeyResolveSessionKeyTest(fileSessionKeys: Array<Aes256Key> = []): Promise<{
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
mailLiteral: Record<string, any>
bucketKey: BucketKey
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
sk: Aes256Key
bk: Aes256Key
mailGroupKey: Aes256Key
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
MailTypeModel: TypeModel
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
userGroupId: Id
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
}> {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// configure test user
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const recipientUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientUser, userFacade, keyLoaderFacade)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
make PQKeyPairs a type, fix type checks
2023-12-18 17:30:21 +01:00
let privateKey = RSA_TEST_KEYPAIR.privateKey
let publicKey = RSA_TEST_KEYPAIR.publicKey
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const keyPair = createTestEntity(KeyPairTypeRef, {
_id: "keyPairId",
symEncPrivRsaKey: encryptRsaKey(recipientUser.userGroupKey, privateKey),
make PQKeyPairs a type, fix type checks
2023-12-18 17:30:21 +01:00
pubRsaKey: hexToUint8Array(rsaPublicKeyToHex(publicKey)),
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
recipientUser.userGroup.currentKeys = keyPair
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// configure mail
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
let sk = aes256RandomKey()
let bk = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailLiteral = createMailLiteral(null, sk, subject, confidential, senderName, recipientUser.name, recipientUser.mailGroup._id)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = new Uint8Array([1, 2, 3, 4])
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const bucketEncMailSessionKey = encryptKey(bk, sk)
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const mailInstanceSessionKey = createInstanceSessionKey({
typeInfo: createTypeInfo({
application: MailTypeModel.app,
typeId: String(MailTypeModel.id),
}),
symEncSessionKey: bucketEncMailSessionKey,
instanceList: "mailListId",
instanceId: "mailId",
encryptionAuthStatus: null,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
symKeyVersion: "0",
fixes after review with armhub, test cases for instance migration #2015
2020-04-29 15:55:56 +02:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const FileTypeModel = await resolveTypeReference(FileTypeRef)
const bucketEncSessionKeys = fileSessionKeys.map((fileSessionKey, index) => {
return createInstanceSessionKey({
typeInfo: createTypeInfo({
application: FileTypeModel.app,
typeId: String(FileTypeModel.id),
}),
symEncSessionKey: encryptKey(bk, fileSessionKey),
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
symKeyVersion: "0",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
instanceList: "fileListId",
instanceId: "fileId" + (index + 1),
encryptionAuthStatus: null,
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
bucketEncSessionKeys.push(mailInstanceSessionKey)
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const protocolVersion = CryptoProtocolVersion.RSA
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const bucketKey = createBucketKey({
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
pubEncBucketKey,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
keyGroup: recipientUser.userGroup._id,
bucketEncSessionKeys: bucketEncSessionKeys,
groupEncBucketKey: null,
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
protocolVersion,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
senderKeyVersion: null,
recipientKeyVersion: "0",
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
when(keyLoaderFacade.loadCurrentKeyPair(recipientUser.userGroup._id)).thenResolve({
object: {
keyPairType: KeyPairType.RSA,
publicKey: RSA_TEST_KEYPAIR.publicKey,
privateKey: RSA_TEST_KEYPAIR.privateKey,
},
version: 0,
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const BucketKeyModel = await resolveTypeReference(BucketKeyTypeRef)
const bucketKeyLiteral = await instanceMapper.encryptAndMapToLiteral(BucketKeyModel, bucketKey, null)
Object.assign(mailLiteral, { bucketKey: bucketKeyLiteral })
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketKey.keyGroup),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketKey.recipientKeyVersion),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asCryptoProtoocolVersion(bucketKey.protocolVersion),
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: null })
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
return {
mailLiteral,
bucketKey,
sk,
bk,
mailGroupKey: recipientUser.mailGroupKey,
MailTypeModel,
Deprecate RSA encryption for mails We still use the keys, but we show a warning if we detect that TutaCrypt keys should have been used instead. In practice, this means that if we have TutaCrypt keys at all, the sender should have used those. However, in order to prevent unnecessary warnings when doing a key rotation, we consider it normal to receive RSA encrypted mails in the same session where we did the key rotation. There is a corner case when we show a warning even though the RSA encryption was legitimate, and that is if we decrypt an old RSA mail after rotating to TutaCrypt keys. We don't expect this to occur very often. Co-authored-by: hec <hec@tutao.de> Co-authored-by: mab <mab@tutao.de> tutadb#1932
2025-01-28 18:46:02 +01:00
userGroupId: recipientUser.userGroup._id,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
}
}
/**
* Prepares the environment to test receiving pq asymmetric encrypted emails that have been sent with the simplified permission system.
* - Creates key pair for the recipient user
* - Creates group, bucket and session keys
* - Creates mail literal and encrypts all encrypted attributes of the mail
* - Create BucketKey object on the mail
*
* @param fileSessionKeys List of session keys for the attachments. When the list is empty there are no attachments
*/
async function preparePqPubEncBucketKeyResolveSessionKeyTest(
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
fileSessionKeys: Array<AesKey> = [],
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
confidential: boolean = true,
): Promise<{
mailLiteral: Record<string, any>
bucketKey: BucketKey
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
sk: AesKey
bk: AesKey
mailGroupKey: AesKey
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
MailTypeModel: TypeModel
senderIdentityKeyPair: EccKeyPair
}> {
// create test user
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const recipientUser = createTestUser("Bob", entityClient)
configureLoggedInUser(recipientUser, userFacade, keyLoaderFacade)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
let pqKeyPairs = await pqFacade.generateKeyPairs()
const recipientKeyPair = createKeyPair({
_id: "keyPairId",
pubEccKey: pqKeyPairs.eccKeyPair.publicKey,
symEncPrivEccKey: aesEncrypt(recipientUser.userGroupKey, pqKeyPairs.eccKeyPair.privateKey),
pubKyberKey: kyberPublicKeyToBytes(pqKeyPairs.kyberKeyPair.publicKey),
symEncPrivKyberKey: aesEncrypt(recipientUser.userGroupKey, kyberPrivateKeyToBytes(pqKeyPairs.kyberKeyPair.privateKey)),
pubRsaKey: null,
symEncPrivRsaKey: null,
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
recipientUser.userGroup.currentKeys = recipientKeyPair
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const senderIdentityKeyPair = generateEccKeyPair()
// create test mail
let subject = "this is our subject"
let senderName = "TutanotaTeam"
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
let sk = aes256RandomKey()
let bk = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailLiteral = createMailLiteral(
recipientUser.mailGroupKey,
sk,
subject,
confidential,
senderName,
recipientUser.name,
recipientUser.mailGroup._id,
)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
// @ts-ignore
mailLiteral._ownerEncSessionKey = null
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
const pubEncBucketKey = await pqFacade.encapsulateAndEncode(
senderIdentityKeyPair,
generateEccKeyPair(),
pqKeyPairsToPublicKeys(pqKeyPairs),
bitArrayToUint8Array(bk),
)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const bucketEncMailSessionKey = encryptKey(bk, sk)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const { MailTypeModel, bucketKey } = await prepareBucketKeyInstance(
bucketEncMailSessionKey,
fileSessionKeys,
bk,
pubEncBucketKey,
recipientUser,
instanceMapper,
mailLiteral,
Introduce key verification (squash)
2025-02-10 13:15:28 +01:00
undefined,
"0",
CryptoProtocolVersion.TUTA_CRYPT,
asymmetricCryptoFacade,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
when(
asymmetricCryptoFacade.decryptSymKeyWithKeyPair(
{
keyPairType: pqKeyPairs.keyPairType,
eccKeyPair: pqKeyPairs.eccKeyPair,
kyberKeyPair: pqKeyPairs.kyberKeyPair,
},
CryptoProtocolVersion.TUTA_CRYPT,
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderIdentityKeyPair.publicKey })
when(
asymmetricCryptoFacade.loadKeyPairAndDecryptSymKey(
assertNotNull(bucketKey.keyGroup),
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
parseKeyVersion(bucketKey.recipientKeyVersion),
Allow admin to decrypt user group key via pubAdminEncGKey Extract AsymmetricCryptoFacade to encapsulate choice of encryption algorithm. Remove unauthenticated asymmetric decryption because it was only used in a deprecated case and is the same implementation as with authentication. Enforce the correct protocol version and that it matches the algorithm of recipient's key pair. Use existing method to decrypt via adminEncGKey when changing the admin flag. Add cryptoWrapper dependency to make testing easier. Minimize what re need to expose from PqFacade. Enforce PqKeyPairs type in key rotation facade.
2024-09-05 13:11:59 +02:00
asCryptoProtoocolVersion(bucketKey.protocolVersion),
pubEncBucketKey,
),
).thenResolve({ decryptedAesKey: bk, senderIdentityPubKey: senderIdentityKeyPair.publicKey })
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
return {
mailLiteral,
bucketKey,
sk,
bk,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
mailGroupKey: recipientUser.mailGroupKey,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
MailTypeModel,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
senderIdentityKeyPair,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
}
}
Use generated service interfaces
2022-03-09 17:43:29 +01:00
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
/**
* Prepares the environment to test receiving symmetric encrypted emails (mails sent from internal to external user) that have been sent with the simplified permission system.
* - Creates group, bucket and session keys
* - Creates mail literal and encrypts all encrypted attributes of the mail
* - Create BucketKey object on the mail
*
* @param fileSessionKeys List of session keys for the attachments. When the list is empty there are no attachments
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
* @param externalUserGroupEncBucketKey for legacy external user group to encrypt bucket key
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
*/
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
async function prepareConfidentialMailToExternalRecipient(
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
fileSessionKeys: Array<AesKey> = [],
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
externalUserGroupEncBucketKey = false,
): Promise<{
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
mailLiteral: Record<string, any>
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
bucketKey: BucketKey
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
sk: AesKey
bk: AesKey
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
MailTypeModel: TypeModel
}> {
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// create user
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const externalUser = createTestUser("Bob", entityClient)
configureLoggedInUser(externalUser, userFacade, keyLoaderFacade)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// create test mail
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
let subject = "this is our subject"
let confidential = true
let senderName = "TutanotaTeam"
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
let sk = aes256RandomKey()
let bk = aes256RandomKey()
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailLiteral = createMailLiteral(null, sk, subject, confidential, senderName, externalUser.name, externalUser.mailGroup._id)
fixes after review with armhub, test cases for instance migration #2015
2020-04-29 15:55:56 +02:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const groupKeyToEncryptBucketKey = externalUserGroupEncBucketKey ? externalUser.userGroupKey : externalUser.mailGroupKey
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
const groupEncBucketKey = encryptKey(groupKeyToEncryptBucketKey, bk)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
const bucketEncMailSessionKey = encryptKey(bk, sk)
const MailTypeModel = await resolveTypeReference(MailTypeRef)
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const mailInstanceSessionKey = createTestEntity(InstanceSessionKeyTypeRef, {
typeInfo: createTestEntity(TypeInfoTypeRef, {
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
application: MailTypeModel.app,
typeId: String(MailTypeModel.id),
}),
symEncSessionKey: bucketEncMailSessionKey,
instanceList: "mailListId",
instanceId: "mailId",
})
const FileTypeModel = await resolveTypeReference(FileTypeRef)
const bucketEncSessionKeys = fileSessionKeys.map((fileSessionKey, index) => {
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
return createTestEntity(InstanceSessionKeyTypeRef, {
typeInfo: createTestEntity(TypeInfoTypeRef, {
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
application: FileTypeModel.app,
typeId: String(FileTypeModel.id),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
}),
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
symEncSessionKey: encryptKey(bk, fileSessionKey),
instanceList: "fileListId",
instanceId: "fileId" + (index + 1),
Use generated service interfaces
2022-03-09 17:43:29 +01:00
})
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
bucketEncSessionKeys.push(mailInstanceSessionKey)
Use generated service interfaces
2022-03-09 17:43:29 +01:00
Disallow `Partial` instance initializers Co-authored-by: @paw-hub, @mpfau, @vaf-hub tutanota#6118
2023-11-10 16:59:39 +01:00
const bucketKey = createTestEntity(BucketKeyTypeRef, {
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
pubEncBucketKey: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
keyGroup: externalUserGroupEncBucketKey ? externalUser.userGroup._id : null,
handle userGroupEncBucketKey for external users in CryptoFacade, see server issue 1313
2023-01-26 16:34:37 +01:00
groupEncBucketKey: groupEncBucketKey,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
bucketEncSessionKeys: bucketEncSessionKeys,
})
const BucketKeyModel = await resolveTypeReference(BucketKeyTypeRef)
const bucketKeyLiteral = await instanceMapper.encryptAndMapToLiteral(BucketKeyModel, bucketKey, null)
fixes after Willow's review
2023-01-12 16:48:28 +01:00
Object.assign(mailLiteral, { bucketKey: bucketKeyLiteral })
Use generated service interfaces
2022-03-09 17:43:29 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
return {
mailLiteral,
bucketKey,
sk,
bk,
MailTypeModel,
}
}
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
/**
* Prepares the environment to test receiving symmetric encrypted emails from an external sender(mails sent from external to internal user) that have been sent with the simplified permission system.
* - Creates group, bucket and session keys
* - Creates mail literal and encrypts all encrypted attributes of the mail
* - Create BucketKey object on the mail
*
* @param fileSessionKeys List of session keys for the attachments. When the list is empty there are no attachments
*/
async function prepareConfidentialReplyFromExternalUser(): Promise<{
mailLiteral: Record<string, any>
bucketKey: BucketKey
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
sk: AesKey
bk: AesKey
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
MailTypeModel: TypeModel
internalUser: TestUser
externalUser: TestUser
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
recipientKeyVersion: KeyVersion
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
}> {
// Setup test users and groups
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const internalUser = createTestUser("Alice", entityClient)
const externalUser = createTestUser("Bob", entityClient)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
// Setup relationship between internal and external user
externalUser.userGroup.admin = internalUser.userGroup._id
externalUser.userGroup.adminGroupEncGKey = encryptKey(internalUser.userGroupKey, externalUser.userGroupKey)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
externalUser.userGroup.adminGroupKeyVersion = "0"
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
externalUser.mailGroup.admin = externalUser.userGroup._id
externalUser.mailGroup.adminGroupEncGKey = encryptKey(externalUser.userGroupKey, externalUser.mailGroupKey)
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
externalUser.mailGroup.adminGroupKeyVersion = "4"
const recipientKeyVersion = "5"
externalUser.userGroup.groupKeyVersion = "7"
externalUser.mailGroup.groupKeyVersion = "8"
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
configureLoggedInUser(internalUser, userFacade, keyLoaderFacade)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
when(keyLoaderFacade.loadSymGroupKey(externalUser.mailGroup._id, parseKeyVersion(recipientKeyVersion), anything())).thenResolve(
externalUser.mailGroupKey,
)
when(keyLoaderFacade.loadSymGroupKey(externalUser.userGroup._id, parseKeyVersion(externalUser.mailGroup.adminGroupKeyVersion), anything())).thenResolve(
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
externalUser.userGroupKey,
)
// setup test mail (confidential reply from external)
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
let subject = "this is our subject"
let confidential = true
make aes256 the default tutadb#1566
2023-12-05 14:03:33 +01:00
let sk = aes256RandomKey()
let bk = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const mailLiteral = createMailLiteral(null, sk, subject, confidential, externalUser.name, internalUser.name, internalUser.mailGroup._id)
const keyGroup = externalUser.mailGroup._id
const groupEncBucketKey = encryptKey(externalUser.mailGroupKey, bk)
const bucketEncMailSessionKey = encryptKey(bk, sk)
const MailTypeModel = await resolveTypeReference(MailTypeRef)
const mailInstanceSessionKey = createTestEntity(InstanceSessionKeyTypeRef, {
typeInfo: createTestEntity(TypeInfoTypeRef, {
application: MailTypeModel.app,
typeId: String(MailTypeModel.id),
}),
symEncSessionKey: bucketEncMailSessionKey,
instanceList: "mailListId",
instanceId: "mailId",
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const bucketEncSessionKeys = new Array<InstanceSessionKey>()
bucketEncSessionKeys.push(mailInstanceSessionKey)
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
const bucketKey = createTestEntity(BucketKeyTypeRef, {
pubEncBucketKey: null,
keyGroup: keyGroup,
groupEncBucketKey: groupEncBucketKey,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
recipientKeyVersion,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
bucketEncSessionKeys: bucketEncSessionKeys,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
protocolVersion: CryptoProtocolVersion.SYMMETRIC_ENCRYPTION,
senderKeyVersion: null,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
})
const BucketKeyModel = await resolveTypeReference(BucketKeyTypeRef)
const bucketKeyLiteral = await instanceMapper.encryptAndMapToLiteral(BucketKeyModel, bucketKey, null)
Object.assign(mailLiteral, { bucketKey: bucketKeyLiteral })
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
return {
mailLiteral,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
bucketKey,
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
sk,
bk,
MailTypeModel,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
internalUser,
externalUser,
add constraints for key versions only accepting non-negative integers extract PublicKeyProvider to enforce constraints in a central place use type system and checkKeyVersionConstraints function to enforce constraints everywhere tutadb#1933
2025-01-20 13:40:57 +01:00
recipientKeyVersion: parseKeyVersion(recipientKeyVersion),
add MailDetails feature, #4719 server issues: 1276, 1271, 1279, 1272, 1270, 1258, 1254, 1253, 1242, 1241
2022-11-03 19:03:54 +01:00
}
}
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
export function createMailLiteral(
ownerGroupKey: AesKey | null,
sessionKey,
subject,
confidential,
senderName,
recipientName,
ownerGroupId: string,
): Record<string, any> {
return {
_format: "0",
_area: "0",
_owner: "ownerId",
_ownerGroup: ownerGroupId,
_ownerEncSessionKey: ownerGroupKey ? encryptKey(ownerGroupKey, sessionKey) : null,
_id: ["mailListId", "mailId"],
_permissions: "permissionListId",
receivedDate: new Date(1470039025474).getTime().toString(),
sentDate: new Date(1470039021474).getTime().toString(),
state: "",
trashed: false,
unread: true,
subject: uint8ArrayToBase64(aesEncrypt(sessionKey, stringToUtf8Uint8Array(subject), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC)),
replyType: "",
confidential: uint8ArrayToBase64(
aesEncrypt(sessionKey, stringToUtf8Uint8Array(confidential ? "1" : "0"), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC),
),
sender: {
_id: "senderId",
Add authentication when decrypting group key via pubAdminEncGKey
2024-09-16 11:21:45 +02:00
address: senderAddress,
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
name: uint8ArrayToBase64(aesEncrypt(sessionKey, stringToUtf8Uint8Array(senderName), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC)),
},
bccRecipients: [],
ccRecipients: [],
toRecipients: [
{
_id: "recipientId",
address: "support@yahoo.com",
name: uint8ArrayToBase64(
aesEncrypt(sessionKey, stringToUtf8Uint8Array(recipientName), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC),
),
},
],
replyTos: [],
bucketKey: null,
attachmentCount: "0",
authStatus: "0",
listUnsubscribe: uint8ArrayToBase64(aesEncrypt(sessionKey, stringToUtf8Uint8Array(""), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC)),
method: uint8ArrayToBase64(aesEncrypt(sessionKey, stringToUtf8Uint8Array(""), random.generateRandomData(IV_BYTE_LENGTH), true, ENABLE_MAC)),
phishingStatus: "0",
recipientCount: "0",
}
}
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
export function createTestUser(name: string, entityClient: EntityClient): TestUser {
const userGroupKey = aes256RandomKey()
const mailGroupKey = aes256RandomKey()
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const userGroup = createTestEntity(GroupTypeRef, {
_id: "userGroup" + name,
type: GroupType.User,
currentKeys: null,
groupKeyVersion: "0",
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const mailGroup = createTestEntity(GroupTypeRef, {
_id: "mailGroup" + name,
type: GroupType.Mail,
currentKeys: null,
groupKeyVersion: "0",
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const userGroupMembership = createTestEntity(GroupMembershipTypeRef, {
group: userGroup._id,
})
const mailGroupMembership = createTestEntity(GroupMembershipTypeRef, {
group: mailGroup._id,
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
const user = createTestEntity(UserTypeRef, {
userGroup: userGroupMembership,
memberships: [mailGroupMembership],
})
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(entityClient.load(GroupTypeRef, userGroup._id)).thenResolve(userGroup)
when(entityClient.load(GroupTypeRef, mailGroup._id)).thenResolve(mailGroup)
return {
user,
userGroup,
mailGroup,
userGroupKey,
mailGroupKey,
name,
add tuta-crypt hybrid post-quantum encryption support tutadb#1639
2023-12-18 11:36:38 +01:00
}
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
}
/**
* Helper function to mock the user facade so that the given test user is considered as logged in user.
*/
export function configureLoggedInUser(testUser: TestUser, userFacade: UserFacade, keyLoaderFacade: KeyLoaderFacade) {
when(userFacade.getLoggedInUser()).thenReturn(testUser.user)
Cleanup after reviewing key verification branch Co-authored-by: mab <mab@tutao.de>
2025-03-13 17:00:34 +01:00
when(keyLoaderFacade.getCurrentSymGroupKey(testUser.mailGroup._id)).thenResolve({
object: testUser.mailGroupKey,
version: 0,
})
when(keyLoaderFacade.getCurrentSymGroupKey(testUser.userGroup._id)).thenResolve({
object: testUser.userGroupKey,
version: 0,
})
Support group key rotation (#6588) * Allow groups to have multiple key versions tutadb#1628 * Adapt to model changes * Fix CommonMailUtilsTest * Remove symEncBucketKey from SecureExternalRecipientKeyData * Remove deprecated types Also fix tests that relied on them as dummy types * Add userKeyVersion to RecoverCode * Remove clientKey Seems to be unused. * Remove CreateFolderService Unused. * Remove symEncSessionKey from DraftCreateData Unused. * Remove symEncShareBucketKey from MailBox Unused. * Add userKeyVersion to TutanotaProperties * Remove PasswordRetrievalService type The service itself had been long gone. * Remove userKeyVersion from CustomerAccountCreateData CreateMailGroupData * Fix customer account creation Set the key version that we actually need there: the *system* admin pub key version. The sender key version is not needed, because the system admin only has RSA keys. Also, this is a new customer, so that would be version zero anyway. * Fix resolving bucket key with group reference Get the right versions along the way. * Use current group key when encrypting instance session keys * Remove left-over key getting Also document a couple of current key usages * Pass group key providers to EntityClient instead of group key * Fix types and do not provide sender key version for rsa Fix resolveServiceSessionKey * Rename constant to avoid confusion There is another constant with the same name. * Use TutanotaModelV69 * Introduce client side mechanism to handle key rotation requests see tutadb 1771 * Do not export 128-bit key generator It is only needed for tests within the package. * Remove group key version when creating user area groups Plus some minor clarity improvements. * Fix version handling when updating drafts and sending to secure external * Remove versions when creating external users They are zero. * Fix changing the admin flag * Remove (almost) all local admin related code * Improve readability * Default to user key version zero when loading entropy * Decrypt current groupKey with correct userGroupKey version * Fix system application offline migrations * Fix tutanota application offline migrations * Improve offline migration functions * Use AesKey type * Minor improvements from review * Use AesKey type instead of Aes128Key where possible * Model update after rebase * Fix getting user group key Should never try to get from the cache like a normal group key. * Fix getting former group key Start ID was off-by-one. * Minor changes from review. We just checked all usages of all public methods of KeyLoaderFacade to make sure we're using the correct versions where we need them. * More minor changes from review. * Pass ownerKeyProvider instead of ownerKey when updating with the EntityClient * Pass ownerKeyProvider only when necessary * Document ownerKeyProvider parameter * Fix offline database migration * Fix unlocking the indexer data --------- Co-authored-by: vaf <vaf@tutao.de> Co-authored-by: bedhub <bedhub@users.noreply.github.com> Co-authored-by: bed <bed@tutao.de>
2024-04-17 10:34:33 +02:00
when(userFacade.hasGroup(testUser.userGroup._id)).thenReturn(true)
when(userFacade.hasGroup(testUser.mailGroup._id)).thenReturn(true)
when(userFacade.getCurrentUserGroupKey()).thenReturn({ object: testUser.userGroupKey, version: 0 })
when(userFacade.isLeader()).thenReturn(true)
when(userFacade.isFullyLoggedIn()).thenReturn(true)
when(keyLoaderFacade.loadSymGroupKey(testUser.mailGroup._id, 0)).thenResolve(testUser.mailGroupKey)
when(keyLoaderFacade.loadSymGroupKey(testUser.userGroup._id, 0)).thenResolve(testUser.userGroupKey)
}
Reference in a new issue Copy permalink