@metamask-previews/keyring-controller 22.0.2-preview-08a4995 → 22.0.2-preview-3636a128
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +8 -0
- package/dist/KeyringController.cjs +37 -7
- package/dist/KeyringController.cjs.map +1 -1
- package/dist/KeyringController.d.cts +11 -4
- package/dist/KeyringController.d.cts.map +1 -1
- package/dist/KeyringController.d.mts +11 -4
- package/dist/KeyringController.d.mts.map +1 -1
- package/dist/KeyringController.mjs +37 -7
- package/dist/KeyringController.mjs.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- Add method `exportEncryptionKey` ([#5984](https://github.com/MetaMask/core/pull/5984))
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
|
|
16
|
+
- Make salt optional with method `submitEncryptionKey` ([#5984](https://github.com/MetaMask/core/pull/5984))
|
|
17
|
+
|
|
10
18
|
## [22.0.2]
|
|
11
19
|
|
|
12
20
|
### Fixed
|
|
@@ -858,11 +858,12 @@ class KeyringController extends base_controller_1.BaseController {
|
|
|
858
858
|
});
|
|
859
859
|
}
|
|
860
860
|
/**
|
|
861
|
-
* Attempts to decrypt the current vault and load its keyrings,
|
|
862
|
-
*
|
|
861
|
+
* Attempts to decrypt the current vault and load its keyrings, using the
|
|
862
|
+
* given encryption key and salt. The optional salt can be used to check for
|
|
863
|
+
* consistency with the vault salt.
|
|
863
864
|
*
|
|
864
865
|
* @param encryptionKey - Key to unlock the keychain.
|
|
865
|
-
* @param encryptionSalt -
|
|
866
|
+
* @param encryptionSalt - Optional salt to unlock the keychain.
|
|
866
867
|
* @returns Promise resolving when the operation completes.
|
|
867
868
|
*/
|
|
868
869
|
async submitEncryptionKey(encryptionKey, encryptionSalt) {
|
|
@@ -886,6 +887,35 @@ class KeyringController extends base_controller_1.BaseController {
|
|
|
886
887
|
console.error('Failed to update vault during login:', error);
|
|
887
888
|
}
|
|
888
889
|
}
|
|
890
|
+
/**
|
|
891
|
+
* Exports the vault encryption key.
|
|
892
|
+
*
|
|
893
|
+
* @returns The vault encryption key.
|
|
894
|
+
*/
|
|
895
|
+
async exportEncryptionKey() {
|
|
896
|
+
__classPrivateFieldGet(this, _KeyringController_instances, "m", _KeyringController_assertIsUnlocked).call(this);
|
|
897
|
+
// There is a case where the controller is unlocked but the encryption key
|
|
898
|
+
// is not set, even when #cacheEncryptionKey is true. This happens when
|
|
899
|
+
// calling changePassword with the existing password. In this case, the
|
|
900
|
+
// encryption key is deleted, but the state is not recreated, because the
|
|
901
|
+
// session state does not change in this case, and #updateVault is not
|
|
902
|
+
// called in #persistOrRollback.
|
|
903
|
+
if (!this.state.encryptionKey) {
|
|
904
|
+
assertIsExportableKeyEncryptor(__classPrivateFieldGet(this, _KeyringController_encryptor, "f"));
|
|
905
|
+
assertIsValidPassword(__classPrivateFieldGet(this, _KeyringController_password, "f"));
|
|
906
|
+
const result = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithDetail(__classPrivateFieldGet(this, _KeyringController_password, "f"),
|
|
907
|
+
// Ignoring undefined. Assuming vault is set when unlocked.
|
|
908
|
+
this.state.vault);
|
|
909
|
+
if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
|
|
910
|
+
this.update((state) => {
|
|
911
|
+
state.encryptionKey = result.exportedKeyString;
|
|
912
|
+
state.encryptionSalt = result.salt;
|
|
913
|
+
});
|
|
914
|
+
}
|
|
915
|
+
return result.exportedKeyString;
|
|
916
|
+
}
|
|
917
|
+
return this.state.encryptionKey;
|
|
918
|
+
}
|
|
889
919
|
/**
|
|
890
920
|
* Attempts to decrypt the current vault and load its keyrings,
|
|
891
921
|
* using the given password.
|
|
@@ -1384,9 +1414,12 @@ async function _KeyringController_unlockKeyrings(password, encryptionKey, encryp
|
|
|
1384
1414
|
}
|
|
1385
1415
|
else {
|
|
1386
1416
|
const parsedEncryptedVault = JSON.parse(encryptedVault);
|
|
1387
|
-
if (encryptionSalt !== parsedEncryptedVault.salt) {
|
|
1417
|
+
if (encryptionSalt && encryptionSalt !== parsedEncryptedVault.salt) {
|
|
1388
1418
|
throw new Error(constants_1.KeyringControllerError.ExpiredCredentials);
|
|
1389
1419
|
}
|
|
1420
|
+
else {
|
|
1421
|
+
encryptionSalt = parsedEncryptedVault.salt;
|
|
1422
|
+
}
|
|
1390
1423
|
if (typeof encryptionKey !== 'string') {
|
|
1391
1424
|
throw new TypeError(constants_1.KeyringControllerError.WrongPasswordType);
|
|
1392
1425
|
}
|
|
@@ -1395,9 +1428,6 @@ async function _KeyringController_unlockKeyrings(password, encryptionKey, encryp
|
|
|
1395
1428
|
// This call is required on the first call because encryptionKey
|
|
1396
1429
|
// is not yet inside the memStore
|
|
1397
1430
|
updatedState.encryptionKey = encryptionKey;
|
|
1398
|
-
// we can safely assume that encryptionSalt is defined here
|
|
1399
|
-
// because we compare it with the salt from the vault
|
|
1400
|
-
// eslint-disable-next-line @typescript-eslint/no-non-null-assertion
|
|
1401
1431
|
updatedState.encryptionSalt = encryptionSalt;
|
|
1402
1432
|
}
|
|
1403
1433
|
}
|