Source: keychain/master-key-manager.ts

  1. /**
  2.  * @author Erik Haßlmeyer <erik.hasslmeyer@refinio.net>
  3.  * @copyright REFINIO GmbH 2022
  4.  * @license CC-BY-NC-SA-2.5; portions MIT License
  5.  * @version 0.0.1
  6.  */
  8. import type {Salt, SymmetricKey} from '../crypto/encryption';
  9. import {
  10.     createRandomSalt,
  11.     createSymmetricKey,
  12.     deriveSymmetricKeyFromSecret,
  13.     ensureSalt,
  14.     ensureSymmetricKey,
  15.     symmetricDecryptWithEmbeddedNonce,
  16.     symmetricEncryptAndEmbedNonce
  17. } from '../crypto/encryption';
  18. import {createError} from '../errors';
  19. import {STORAGE} from '../storage-base-common';
  20. import {readPrivateBinaryRaw, writePrivateBinaryRaw} from '../system/storage-base';
  21. import {deleteFile} from '../system/storage-base-delete-file';
  23. /**
  24.  * This class encapsulates the master key in such a way that it is harder to be leaked.
  25.  *
  26.  * The reason why it is a class and not a simple module is, so that we can move it to another
  27.  * file without exposing the functions to other modules except the keychain. Other files can use
  28.  * it, but they won't be able to decrypt stuff because they don't have access to the object that
  29.  * holds the real master key.
  30.  *
  31.  * The master key is stored in a file that is encrypted. The encryption is done by another key
  32.  * that is derived from the secret that is supplied by the user. This derivation needs a salt,
  33.  * that also stored in a file. So the loading process of the master key works like this:
  34.  * 1) load the salt file
  35.  * 2) derive a symmetric encryption key from the secret and the salt
  36.  * 3) load the master key file
  37.  * 4) decrypt the master key with the derived symmetric key and store it in memory until it is
  38.  * unloaded
  39.  */
  40. export class MasterKeyManager {
  41.     #masterKey: SymmetricKey | null = null;
  42.     readonly #masterKeyFileName: string;
  43.     readonly #saltFileName: string;
  45.     /**
  46.      * Constructs a new master key manager.
  47.      *
  48.      * @param {string} masterKeyFileName - File that stores the encrypted master key
  49.      * @param {string} saltFileName - File that stores the salt for deriving the encryption key
  50.      * from the secret
  51.      */
  52.     constructor(masterKeyFileName: string, saltFileName: string) {
  53.         this.#masterKeyFileName = masterKeyFileName;
  54.         this.#saltFileName = saltFileName;
  55.     }
  57.     // ######## loading / unloading of master key ########
  59.     /**
  60.      * Loads the stored master key or create a new one if none was previously created.
  61.      *
  62.      * This will calculate a derived key from the secret and then:
  63.      * - master-key file missing: create a new master-key + file encrypted with this derived key
  64.      * - master-key file exists: load the master-key from file and decrypt it with this derived key
  65.      *
  66.      * Function will throw if the secret does not match the already existing master-key file.
  67.      *
  68.      * @param {string} secret
  69.      * @returns {Promise<void>}
  70.      */
  71.     public async loadOrCreateMasterKey(secret: string): Promise<void> {
  72.         if (this.#masterKey !== null) {
  73.             throw createError('KEYMKM-HASKEY');
  74.         }
  76.         try {
  77.             this.#masterKey = await MasterKeyManager.loadAndDecodeMasterKey(
  78.                 secret,
  79.                 this.#masterKeyFileName,
  80.                 this.#saltFileName
  81.             );
  82.         } catch (e) {
  83.             if (e.name !== 'FileNotFoundError') {
  84.                 throw e;
  85.             }
  87.             const masterKey = createSymmetricKey();
  88.             await MasterKeyManager.writeAndEncodeMasterKey(
  89.                 secret,
  90.                 masterKey,
  91.                 this.#masterKeyFileName,
  92.                 this.#saltFileName
  93.             );
  94.             this.#masterKey = masterKey;
  95.         }
  96.     }
  98.     /**
  99.      * Purges the memory from memory.
  100.      */
  101.     public unloadMasterKey(): void {
  102.         if (this.#masterKey === null) {
  103.             return;
  104.         }
  106.         this.#masterKey.fill(0);
  107.         this.#masterKey = null;
  108.     }
  110.     /**
  111.      * Ensures, that the master is loaded, if not it throws.
  112.      */
  113.     public ensureMasterKeyLoaded(): void {
  114.         if (this.#masterKey === null) {
  115.             throw createError('KEYMKM-NOKEY');
  116.         }
  117.     }
  119.     /**
  120.      * Changes the secret needed to unlock the master-key.
  121.      *
  122.      * This can be done with or without a loaded master key. Throws if the oldSecret is wrong.
  123.      *
  124.      * @param {string} oldSecret
  125.      * @param {string} newSecret
  126.      * @returns {Promise<void>}
  127.      */
  128.     public async changeSecret(oldSecret: string, newSecret: string): Promise<void> {
  129.         const masterKey = await MasterKeyManager.loadAndDecodeMasterKey(
  130.             oldSecret,
  131.             this.#masterKeyFileName,
  132.             this.#saltFileName
  133.         );
  134.         await MasterKeyManager.writeAndEncodeMasterKey(
  135.             newSecret,
  136.             masterKey,
  137.             this.#masterKeyFileName,
  138.             this.#saltFileName
  139.         );
  140.     }
  142.     // ######## encryption / decryption with master key ########
  144.     /**
  145.      * Encrypt data with the master key.
  146.      *
  147.      * Only works if the master key was previously set.
  148.      *
  149.      * @param {Uint8Array} data
  150.      * @returns {Uint8Array}
  151.      */
  152.     public encryptDataWithMasterKey(data: Uint8Array): Uint8Array {
  153.         if (this.#masterKey === null) {
  154.             throw createError('KEYMKM-NOKEYENC');
  155.         }
  157.         return symmetricEncryptAndEmbedNonce(data, this.#masterKey);
  158.     }
  160.     /**
  161.      * Decrypt data with the master key.
  162.      *
  163.      * Only works if the master key was previously set.
  164.      *
  165.      * @param {Uint8Array} cypherAndNonce - The data to decrypt
  166.      * @returns {Uint8Array}
  167.      */
  168.     public decryptDataWithMasterKey(cypherAndNonce: Uint8Array): Uint8Array {
  169.         if (this.#masterKey === null) {
  170.             throw createError('KEYMKM-NOKEYDEC');
  171.         }
  173.         return symmetricDecryptWithEmbeddedNonce(cypherAndNonce, this.#masterKey);
  174.     }
  176.     // ######## private section ########
  178.     private static async writeAndEncodeMasterKey(
  179.         secret: string,
  180.         masterKey: SymmetricKey,
  181.         masterKeyFileName: string,
  182.         saltFileName: string
  183.     ): Promise<void> {
  184.         const salt = await MasterKeyManager.createSaltFile(saltFileName);
  185.         const derivedKey = await deriveSymmetricKeyFromSecret(secret, salt);
  186.         const masterKeyEncrypted = symmetricEncryptAndEmbedNonce(masterKey, derivedKey);
  187.         await deleteFile(masterKeyFileName, STORAGE.PRIVATE);
  188.         await writePrivateBinaryRaw(masterKeyFileName, masterKeyEncrypted.buffer);
  189.     }
  191.     private static async loadAndDecodeMasterKey(
  192.         secret: string,
  193.         masterKeyFileName: string,
  194.         saltFileName: string
  195.     ): Promise<SymmetricKey> {
  196.         const salt = await MasterKeyManager.loadSaltFile(saltFileName);
  197.         const derivedKey = await deriveSymmetricKeyFromSecret(secret, salt);
  198.         const masterKeyEncrypted = new Uint8Array(await readPrivateBinaryRaw(masterKeyFileName));
  199.         return ensureSymmetricKey(
  200.             symmetricDecryptWithEmbeddedNonce(masterKeyEncrypted, derivedKey)
  201.         );
  202.     }
  204.     private static async createSaltFile(saltFileName: string): Promise<Salt> {
  205.         const salt = createRandomSalt();
  206.         await deleteFile(saltFileName, STORAGE.PRIVATE);
  207.         await writePrivateBinaryRaw(saltFileName, salt.buffer);
  208.         return salt;
  209.     }
  211.     private static async loadSaltFile(saltFileName: string): Promise<Salt> {
  212.         const salt = new Uint8Array(await readPrivateBinaryRaw(saltFileName));
  213.         return ensureSalt(salt);
  214.     }
  215. }