npm - @metamask-previews/keyring-controller - Versions diffs - 24.0.0-preview-7a813ba4 → 24.0.0-preview-afa0dd61 - Mend

@metamask-previews/keyring-controller 24.0.0-preview-7a813ba4 → 24.0.0-preview-afa0dd61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/CHANGELOG.md +20 -0
package/dist/KeyringController.cjs +35 -79
package/dist/KeyringController.cjs.map +1 -1
package/dist/KeyringController.d.cts +28 -29
package/dist/KeyringController.d.cts.map +1 -1
package/dist/KeyringController.d.mts +28 -29
package/dist/KeyringController.d.mts.map +1 -1
package/dist/KeyringController.mjs +35 -79
package/dist/KeyringController.mjs.map +1 -1
package/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+### Added
+- Added optional `EncryptionKey`, `SupportedKeyDerivationOptions` and `EncryptionResult` type parameters to the `KeyringController`, `ExportableKeyEncryptor` and `KeyringControllerOptions` types ([#7127](https://github.com/MetaMask/core/pull/7127))
+  - This type parameter allows specifying the encryption key, key derivation options and encryption result types supported by the injected encryptor, defaulting to `@metamask/browser-passworder` types.
+### Changed
+- **BREAKING:** The `KeyringController` constructor options now require an encryptor ([#7127](https://github.com/MetaMask/core/pull/7127))
+  - The `encryptor` constructor option was previously optional and defaulted to an instance of `@metamask/browser-passworder`.
+- **BREAKING:** The `GenericEncryptor` and `ExportableKeyEncryptor` types have been merged into a single `Encryptor` type ([#7127](https://github.com/MetaMask/core/pull/7127))
+### Removed
+- **BREAKING:** The `cacheEncryptionKey` parameter has been removed from the `KeyringController` constructor options ([#7127](https://github.com/MetaMask/core/pull/7127))
+  - This parameter was previously used to enable encryption key in-memory caching, but it is no longer needed as the controller now always uses the latest encryption key.
+### Fixed
+- Fixed incorrect type for `decryptWithKey` method of `ExportableKeyEncryptor` (now `Encryptor`) ([#7127](https://github.com/MetaMask/core/pull/7127))
 ## [24.0.0]
 ### Changed

package/dist/KeyringController.cjs CHANGED Viewed

@@ -36,12 +36,11 @@ var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
-var _KeyringController_instances, _KeyringController_controllerOperationMutex, _KeyringController_vaultOperationMutex, _KeyringController_keyringBuilders, _KeyringController_encryptor, _KeyringController_cacheEncryptionKey, _KeyringController_keyrings, _KeyringController_unsupportedKeyrings, _KeyringController_password, _KeyringController_registerMessageHandlers, _KeyringController_getKeyringById, _KeyringController_getKeyringByIdOrDefault, _KeyringController_getKeyringMetadata, _KeyringController_getKeyringBuilderForType, _KeyringController_createNewVaultWithKeyring, _KeyringController_verifySeedPhrase, _KeyringController_getUpdatedKeyrings, _KeyringController_getSerializedKeyrings, _KeyringController_getSessionState, _KeyringController_restoreSerializedKeyrings, _KeyringController_unlockKeyrings, _KeyringController_updateVault, _KeyringController_isNewEncryptionAvailable, _KeyringController_getAccountsFromKeyrings, _KeyringController_createKeyringWithFirstAccount, _KeyringController_newKeyring, _KeyringController_createKeyring, _KeyringController_clearKeyrings, _KeyringController_restoreKeyring, _KeyringController_destroyKeyring, _KeyringController_removeEmptyKeyrings, _KeyringController_assertNoDuplicateAccounts, _KeyringController_setUnlocked, _KeyringController_assertIsUnlocked, _KeyringController_persistOrRollback, _KeyringController_withRollback, _KeyringController_assertControllerMutexIsLocked, _KeyringController_withControllerLock, _KeyringController_withVaultLock;
+var _KeyringController_instances, _KeyringController_controllerOperationMutex, _KeyringController_vaultOperationMutex, _KeyringController_keyringBuilders, _KeyringController_encryptor, _KeyringController_keyrings, _KeyringController_unsupportedKeyrings, _KeyringController_password, _KeyringController_registerMessageHandlers, _KeyringController_getKeyringById, _KeyringController_getKeyringByIdOrDefault, _KeyringController_getKeyringMetadata, _KeyringController_getKeyringBuilderForType, _KeyringController_createNewVaultWithKeyring, _KeyringController_verifySeedPhrase, _KeyringController_getUpdatedKeyrings, _KeyringController_getSerializedKeyrings, _KeyringController_getSessionState, _KeyringController_restoreSerializedKeyrings, _KeyringController_unlockKeyrings, _KeyringController_updateVault, _KeyringController_isNewEncryptionAvailable, _KeyringController_getAccountsFromKeyrings, _KeyringController_createKeyringWithFirstAccount, _KeyringController_newKeyring, _KeyringController_createKeyring, _KeyringController_clearKeyrings, _KeyringController_restoreKeyring, _KeyringController_destroyKeyring, _KeyringController_removeEmptyKeyrings, _KeyringController_assertNoDuplicateAccounts, _KeyringController_setUnlocked, _KeyringController_assertIsUnlocked, _KeyringController_persistOrRollback, _KeyringController_withRollback, _KeyringController_assertControllerMutexIsLocked, _KeyringController_withControllerLock, _KeyringController_withVaultLock;
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.KeyringController = exports.getDefaultKeyringState = exports.keyringBuilderFactory = exports.SignTypedDataVersion = exports.AccountImportStrategy = exports.isCustodyKeyring = exports.KeyringTypes = void 0;
 const util_1 = require("@ethereumjs/util");
 const base_controller_1 = require("@metamask/base-controller");
-const encryptorUtils = __importStar(require("@metamask/browser-passworder"));
 const eth_hd_keyring_1 = require("@metamask/eth-hd-keyring");
 const eth_sig_util_1 = require("@metamask/eth-sig-util");
 const eth_simple_keyring_1 = __importDefault(require("@metamask/eth-simple-keyring"));
@@ -136,23 +135,6 @@ function assertHasUint8ArrayMnemonic(keyring) {
         throw new Error("Can't get mnemonic bytes from keyring");
     }
 }
-/**
- * Assert that the provided encryptor supports
- * encryption and encryption key export.
- *
- * @param encryptor - The encryptor to check.
- * @throws If the encryptor does not support key encryption.
- */
-function assertIsExportableKeyEncryptor(encryptor) {
-    if (!('importKey' in encryptor &&
-        typeof encryptor.importKey === 'function' &&
-        'decryptWithKey' in encryptor &&
-        typeof encryptor.decryptWithKey === 'function' &&
-        'encryptWithKey' in encryptor &&
-        typeof encryptor.encryptWithKey === 'function')) {
-        throw new Error(constants_1.KeyringControllerError.UnsupportedEncryptionKeyExport);
-    }
-}
 /**
  * Assert that the provided password is a valid non-empty string.
  *
@@ -259,7 +241,7 @@ class KeyringController extends base_controller_1.BaseController {
      * @param options.state - Initial state to set on this controller.
      */
     constructor(options) {
-        const { encryptor = encryptorUtils, keyringBuilders, messenger, state, } = options;
+        const { encryptor, keyringBuilders, messenger, state } = options;
         super({
             name,
             metadata: {
@@ -305,7 +287,6 @@ class KeyringController extends base_controller_1.BaseController {
         _KeyringController_vaultOperationMutex.set(this, new async_mutex_1.Mutex());
         _KeyringController_keyringBuilders.set(this, void 0);
         _KeyringController_encryptor.set(this, void 0);
-        _KeyringController_cacheEncryptionKey.set(this, void 0);
         _KeyringController_keyrings.set(this, void 0);
         _KeyringController_unsupportedKeyrings.set(this, void 0);
         _KeyringController_password.set(this, void 0);
@@ -315,12 +296,6 @@ class KeyringController extends base_controller_1.BaseController {
         __classPrivateFieldSet(this, _KeyringController_encryptor, encryptor, "f");
         __classPrivateFieldSet(this, _KeyringController_keyrings, [], "f");
         __classPrivateFieldSet(this, _KeyringController_unsupportedKeyrings, [], "f");
-        // This option allows the controller to cache an exported key
-        // for use in decrypting and encrypting data without password
-        __classPrivateFieldSet(this, _KeyringController_cacheEncryptionKey, Boolean(options.cacheEncryptionKey), "f");
-        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
-            assertIsExportableKeyEncryptor(encryptor);
-        }
         __classPrivateFieldGet(this, _KeyringController_instances, "m", _KeyringController_registerMessageHandlers).call(this);
     }
     /**
@@ -883,12 +858,10 @@ class KeyringController extends base_controller_1.BaseController {
             // We need to clear encryption key and salt from state
             // to force the controller to re-encrypt the vault using
             // the new password.
-            if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
-                this.update((state) => {
-                    delete state.encryptionKey;
-                    delete state.encryptionSalt;
-                });
-            }
+            this.update((state) => {
+                delete state.encryptionKey;
+                delete state.encryptionSalt;
+            });
         });
     }
     /**
@@ -1015,7 +988,7 @@ class KeyringController extends base_controller_1.BaseController {
     }
 }
 exports.KeyringController = KeyringController;
-_KeyringController_controllerOperationMutex = new WeakMap(), _KeyringController_vaultOperationMutex = new WeakMap(), _KeyringController_keyringBuilders = new WeakMap(), _KeyringController_encryptor = new WeakMap(), _KeyringController_cacheEncryptionKey = new WeakMap(), _KeyringController_keyrings = new WeakMap(), _KeyringController_unsupportedKeyrings = new WeakMap(), _KeyringController_password = new WeakMap(), _KeyringController_instances = new WeakSet(), _KeyringController_registerMessageHandlers = function _KeyringController_registerMessageHandlers() {
+_KeyringController_controllerOperationMutex = new WeakMap(), _KeyringController_vaultOperationMutex = new WeakMap(), _KeyringController_keyringBuilders = new WeakMap(), _KeyringController_encryptor = new WeakMap(), _KeyringController_keyrings = new WeakMap(), _KeyringController_unsupportedKeyrings = new WeakMap(), _KeyringController_password = new WeakMap(), _KeyringController_instances = new WeakSet(), _KeyringController_registerMessageHandlers = function _KeyringController_registerMessageHandlers() {
     this.messenger.registerActionHandler(`${name}:signMessage`, this.signMessage.bind(this));
     this.messenger.registerActionHandler(`${name}:signEip7702Authorization`, this.signEip7702Authorization.bind(this));
     this.messenger.registerActionHandler(`${name}:signPersonalMessage`, this.signPersonalMessage.bind(this));
@@ -1208,40 +1181,30 @@ async function _KeyringController_unlockKeyrings(password, encryptionKey, encryp
         }
         let vault;
         const updatedState = {};
-        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
-            assertIsExportableKeyEncryptor(__classPrivateFieldGet(this, _KeyringController_encryptor, "f"));
-            if (password) {
-                const result = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithDetail(password, encryptedVault);
-                vault = result.vault;
-                __classPrivateFieldSet(this, _KeyringController_password, password, "f");
-                updatedState.encryptionKey = result.exportedKeyString;
-                updatedState.encryptionSalt = result.salt;
+        if (password) {
+            const result = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithDetail(password, encryptedVault);
+            vault = result.vault;
+            __classPrivateFieldSet(this, _KeyringController_password, password, "f");
+            updatedState.encryptionKey = result.exportedKeyString;
+            updatedState.encryptionSalt = result.salt;
+        }
+        else {
+            const parsedEncryptedVault = JSON.parse(encryptedVault);
+            if (encryptionSalt && encryptionSalt !== parsedEncryptedVault.salt) {
+                throw new Error(constants_1.KeyringControllerError.ExpiredCredentials);
             }
             else {
-                const parsedEncryptedVault = JSON.parse(encryptedVault);
-                if (encryptionSalt && encryptionSalt !== parsedEncryptedVault.salt) {
-                    throw new Error(constants_1.KeyringControllerError.ExpiredCredentials);
-                }
-                else {
-                    encryptionSalt = parsedEncryptedVault.salt;
-                }
-                if (typeof encryptionKey !== 'string') {
-                    throw new TypeError(constants_1.KeyringControllerError.WrongPasswordType);
-                }
-                const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
-                vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithKey(key, parsedEncryptedVault);
-                // This call is required on the first call because encryptionKey
-                // is not yet inside the memStore
-                updatedState.encryptionKey = encryptionKey;
-                updatedState.encryptionSalt = encryptionSalt;
+                encryptionSalt = parsedEncryptedVault.salt;
             }
-        }
-        else {
-            if (typeof password !== 'string') {
+            if (typeof encryptionKey !== 'string') {
                 throw new TypeError(constants_1.KeyringControllerError.WrongPasswordType);
             }
-            vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decrypt(password, encryptedVault);
-            __classPrivateFieldSet(this, _KeyringController_password, password, "f");
+            const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
+            vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").decryptWithKey(key, parsedEncryptedVault);
+            // This call is required on the first call because encryptionKey
+            // is not yet inside the memStore
+            updatedState.encryptionKey = encryptionKey;
+            updatedState.encryptionSalt = encryptionSalt;
         }
         if (!isSerializedKeyringsArray(vault)) {
             throw new Error(constants_1.KeyringControllerError.VaultDataError);
@@ -1277,23 +1240,16 @@ async function _KeyringController_unlockKeyrings(password, encryptionKey, encryp
             throw new Error(constants_1.KeyringControllerError.NoHdKeyring);
         }
         const updatedState = {};
-        if (__classPrivateFieldGet(this, _KeyringController_cacheEncryptionKey, "f")) {
-            assertIsExportableKeyEncryptor(__classPrivateFieldGet(this, _KeyringController_encryptor, "f"));
-            if (useCachedKey) {
-                const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
-                const vaultJSON = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithKey(key, serializedKeyrings);
-                vaultJSON.salt = encryptionSalt;
-                updatedState.vault = JSON.stringify(vaultJSON);
-            }
-            else if (__classPrivateFieldGet(this, _KeyringController_password, "f")) {
-                const { vault: newVault, exportedKeyString } = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithDetail(__classPrivateFieldGet(this, _KeyringController_password, "f"), serializedKeyrings);
-                updatedState.vault = newVault;
-                updatedState.encryptionKey = exportedKeyString;
-            }
+        if (useCachedKey) {
+            const key = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").importKey(encryptionKey);
+            const vaultJSON = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithKey(key, serializedKeyrings);
+            vaultJSON.salt = encryptionSalt;
+            updatedState.vault = JSON.stringify(vaultJSON);
         }
-        else {
-            assertIsValidPassword(__classPrivateFieldGet(this, _KeyringController_password, "f"));
-            updatedState.vault = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encrypt(__classPrivateFieldGet(this, _KeyringController_password, "f"), serializedKeyrings);
+        else if (__classPrivateFieldGet(this, _KeyringController_password, "f")) {
+            const { vault: newVault, exportedKeyString } = await __classPrivateFieldGet(this, _KeyringController_encryptor, "f").encryptWithDetail(__classPrivateFieldGet(this, _KeyringController_password, "f"), serializedKeyrings);
+            updatedState.vault = newVault;
+            updatedState.encryptionKey = exportedKeyString;
         }
         if (!updatedState.vault) {
             throw new Error(constants_1.KeyringControllerError.MissingVaultData);