Files
Termix/src/backend/utils/user-crypto.ts
T
2026-07-15 15:06:38 +08:00

848 lines
22 KiB
TypeScript

import crypto from "crypto";
import { getDb } from "../database/db/index.js";
import { settings } from "../database/db/schema.js";
import { eq } from "drizzle-orm";
import { databaseLogger } from "./logger.js";
import { SystemCrypto } from "./system-crypto.js";
interface KEKSalt {
salt: string;
iterations: number;
algorithm: string;
createdAt: string;
}
interface EncryptedDEK {
data: string;
iv: string;
tag: string;
algorithm: string;
createdAt: string;
}
interface UserSession {
dataKey: Buffer;
expiresAt: number;
lastActivity?: number;
}
class UserCrypto {
private static instance: UserCrypto;
private userSessions: Map<string, UserSession> = new Map();
private sessionExpiredCallback?: (userId: string) => void;
private static readonly PBKDF2_ITERATIONS = 100000;
private static readonly KEK_LENGTH = 32;
private static readonly DEK_LENGTH = 32;
private constructor() {
setInterval(
() => {
this.cleanupExpiredSessions();
},
5 * 60 * 1000,
);
}
static getInstance(): UserCrypto {
if (!this.instance) {
this.instance = new UserCrypto();
}
return this.instance;
}
setSessionExpiredCallback(callback: (userId: string) => void): void {
this.sessionExpiredCallback = callback;
}
async setupUserEncryption(userId: string, password: string): Promise<void> {
const kekSalt = await this.generateKEKSalt();
await this.storeKEKSalt(userId, kekSalt);
const KEK = this.deriveKEK(password, kekSalt);
const DEK = crypto.randomBytes(UserCrypto.DEK_LENGTH);
const encryptedDEK = this.encryptDEK(DEK, KEK);
await this.storeEncryptedDEK(userId, encryptedDEK);
KEK.fill(0);
DEK.fill(0);
}
async setupOIDCUserEncryption(
userId: string,
sessionDurationMs: number,
): Promise<void> {
const existingEncryptedDEK = await this.getEncryptedDEK(userId);
let DEK: Buffer;
if (existingEncryptedDEK) {
DEK = await this.decryptSystemWrappedDEK(
existingEncryptedDEK,
userId,
"oidc",
`user_encrypted_dek_${userId}`,
);
} else {
DEK = crypto.randomBytes(UserCrypto.DEK_LENGTH);
const systemKey = await this.deriveOIDCSystemKey(userId);
try {
const encryptedDEK = this.encryptDEK(DEK, systemKey);
await this.storeEncryptedDEK(userId, encryptedDEK);
const storedEncryptedDEK = await this.getEncryptedDEK(userId);
if (
storedEncryptedDEK &&
storedEncryptedDEK.data !== encryptedDEK.data
) {
DEK.fill(0);
DEK = this.decryptDEK(storedEncryptedDEK, systemKey);
} else if (!storedEncryptedDEK) {
throw new Error("Failed to store and retrieve user encryption key.");
}
} finally {
systemKey.fill(0);
}
}
const now = Date.now();
this.userSessions.set(userId, {
dataKey: Buffer.from(DEK),
expiresAt: now + sessionDurationMs,
});
DEK.fill(0);
}
async authenticateUser(
userId: string,
password: string,
sessionDurationMs: number,
): Promise<boolean> {
try {
const kekSalt = await this.getKEKSalt(userId);
if (!kekSalt) return false;
const KEK = this.deriveKEK(password, kekSalt);
const encryptedDEK = await this.getEncryptedDEK(userId);
if (!encryptedDEK) {
KEK.fill(0);
return false;
}
const DEK = this.decryptDEK(encryptedDEK, KEK);
KEK.fill(0);
if (!DEK || DEK.length === 0) {
databaseLogger.error("DEK is empty or invalid after decryption", {
operation: "user_crypto_auth_debug",
userId,
dekLength: DEK ? DEK.length : 0,
});
return false;
}
const now = Date.now();
const oldSession = this.userSessions.get(userId);
if (oldSession) {
oldSession.dataKey.fill(0);
}
this.userSessions.set(userId, {
dataKey: Buffer.from(DEK),
expiresAt: now + sessionDurationMs,
});
DEK.fill(0);
return true;
} catch (error) {
databaseLogger.warn("User authentication failed", {
operation: "user_crypto_auth_failed",
userId,
error: error instanceof Error ? error.message : "Unknown",
});
return false;
}
}
async authenticateOIDCUser(
userId: string,
sessionDurationMs: number,
): Promise<boolean> {
try {
const oidcEncryptedDEK = await this.getOIDCEncryptedDEK(userId);
if (oidcEncryptedDEK) {
const DEK = await this.decryptSystemWrappedDEK(
oidcEncryptedDEK,
userId,
"oidc",
`user_encrypted_dek_oidc_${userId}`,
);
if (!DEK || DEK.length === 0) {
databaseLogger.error(
"Failed to decrypt OIDC DEK for dual-auth user",
{
operation: "oidc_auth_dual_decrypt_failed",
userId,
},
);
return false;
}
const now = Date.now();
const oldSession = this.userSessions.get(userId);
if (oldSession) {
oldSession.dataKey.fill(0);
}
this.userSessions.set(userId, {
dataKey: Buffer.from(DEK),
expiresAt: now + sessionDurationMs,
});
DEK.fill(0);
return true;
}
const kekSalt = await this.getKEKSalt(userId);
const encryptedDEK = await this.getEncryptedDEK(userId);
if (!kekSalt || !encryptedDEK) {
await this.setupOIDCUserEncryption(userId, sessionDurationMs);
return true;
}
const DEK = await this.decryptSystemWrappedDEK(
encryptedDEK,
userId,
"oidc",
`user_encrypted_dek_${userId}`,
);
if (!DEK || DEK.length === 0) {
await this.setupOIDCUserEncryption(userId, sessionDurationMs);
return true;
}
const now = Date.now();
const oldSession = this.userSessions.get(userId);
if (oldSession) {
oldSession.dataKey.fill(0);
}
this.userSessions.set(userId, {
dataKey: Buffer.from(DEK),
expiresAt: now + sessionDurationMs,
});
DEK.fill(0);
return true;
} catch (error) {
databaseLogger.error("OIDC authentication failed", error, {
operation: "oidc_auth_error",
userId,
error: error instanceof Error ? error.message : "Unknown",
});
await this.setupOIDCUserEncryption(userId, sessionDurationMs);
return true;
}
}
async setupWebAuthnUserEncryption(userId: string): Promise<void> {
const existingDEK = this.getUserDataKey(userId);
if (!existingDEK) {
throw new Error(
"Cannot enable WebAuthn encryption - user session not active. Please log in first.",
);
}
const systemKey = await this.deriveWebAuthnSystemKey(userId);
const encryptedDEK = this.encryptDEK(existingDEK, systemKey);
systemKey.fill(0);
await this.storeWebAuthnEncryptedDEK(userId, encryptedDEK);
}
async authenticateWebAuthnUser(
userId: string,
sessionDurationMs: number,
): Promise<boolean> {
try {
const encryptedDEK = await this.getWebAuthnEncryptedDEK(userId);
if (!encryptedDEK) {
return false;
}
const DEK = await this.decryptSystemWrappedDEK(
encryptedDEK,
userId,
"webauthn",
`user_encrypted_dek_webauthn_${userId}`,
);
if (!DEK || DEK.length === 0) {
return false;
}
const oldSession = this.userSessions.get(userId);
if (oldSession) {
oldSession.dataKey.fill(0);
}
this.userSessions.set(userId, {
dataKey: Buffer.from(DEK),
expiresAt: Date.now() + sessionDurationMs,
});
DEK.fill(0);
return true;
} catch (error) {
databaseLogger.warn("WebAuthn authentication failed", {
operation: "webauthn_auth_failed",
userId,
error: error instanceof Error ? error.message : "Unknown",
});
return false;
}
}
getUserDataKey(userId: string): Buffer | null {
const session = this.userSessions.get(userId);
if (!session) {
return null;
}
const now = Date.now();
if (now > session.expiresAt) {
this.userSessions.delete(userId);
session.dataKey.fill(0);
if (this.sessionExpiredCallback) {
this.sessionExpiredCallback(userId);
}
return null;
}
return session.dataKey;
}
restoreUserDataKey(userId: string, dataKey: Buffer, expiresAt: number): void {
const oldSession = this.userSessions.get(userId);
if (oldSession) {
oldSession.dataKey.fill(0);
}
this.userSessions.set(userId, {
dataKey: Buffer.from(dataKey),
expiresAt,
lastActivity: Date.now(),
});
}
logoutUser(userId: string): void {
const session = this.userSessions.get(userId);
if (session) {
session.dataKey.fill(0);
this.userSessions.delete(userId);
}
}
isUserUnlocked(userId: string): boolean {
return this.getUserDataKey(userId) !== null;
}
async changeUserPassword(
userId: string,
oldPassword: string,
newPassword: string,
): Promise<boolean> {
try {
const isValid = await this.validatePassword(userId, oldPassword);
if (!isValid) return false;
const kekSalt = await this.getKEKSalt(userId);
if (!kekSalt) return false;
const oldKEK = this.deriveKEK(oldPassword, kekSalt);
const encryptedDEK = await this.getEncryptedDEK(userId);
if (!encryptedDEK) return false;
const DEK = this.decryptDEK(encryptedDEK, oldKEK);
const newKekSalt = await this.generateKEKSalt();
const newKEK = this.deriveKEK(newPassword, newKekSalt);
const newEncryptedDEK = this.encryptDEK(DEK, newKEK);
await this.storeKEKSalt(userId, newKekSalt);
await this.storeEncryptedDEK(userId, newEncryptedDEK);
const { saveMemoryDatabaseToFile } =
await import("../database/db/index.js");
await saveMemoryDatabaseToFile();
oldKEK.fill(0);
newKEK.fill(0);
DEK.fill(0);
return true;
} catch (error) {
databaseLogger.error("Password change failed", error, {
operation: "password_change_error",
userId,
error: error instanceof Error ? error.message : "Unknown error",
});
return false;
}
}
async resetUserPasswordWithPreservedDEK(
userId: string,
newPassword: string,
): Promise<boolean> {
try {
const existingDEK = this.getUserDataKey(userId);
if (!existingDEK) {
return false;
}
const newKekSalt = await this.generateKEKSalt();
const newKEK = this.deriveKEK(newPassword, newKekSalt);
const newEncryptedDEK = this.encryptDEK(existingDEK, newKEK);
await this.storeKEKSalt(userId, newKekSalt);
await this.storeEncryptedDEK(userId, newEncryptedDEK);
const { saveMemoryDatabaseToFile } =
await import("../database/db/index.js");
await saveMemoryDatabaseToFile();
newKEK.fill(0);
const session = this.userSessions.get(userId);
if (session) {
session.lastActivity = Date.now();
}
return true;
} catch (error) {
databaseLogger.error("Password reset with preserved DEK failed", error, {
operation: "password_reset_preserve_error",
userId,
error: error instanceof Error ? error.message : "Unknown error",
});
return false;
}
}
async convertToOIDCEncryption(userId: string): Promise<void> {
try {
const existingEncryptedDEK = await this.getEncryptedDEK(userId);
const existingKEKSalt = await this.getKEKSalt(userId);
if (!existingEncryptedDEK && !existingKEKSalt) {
databaseLogger.warn("No existing encryption to convert for user", {
operation: "convert_to_oidc_encryption_skip",
userId,
});
return;
}
const existingDEK = this.getUserDataKey(userId);
if (!existingDEK) {
throw new Error(
"Cannot convert to OIDC encryption - user session not active. Please log in with password first.",
);
}
const systemKey = await this.deriveOIDCSystemKey(userId);
const oidcEncryptedDEK = this.encryptDEK(existingDEK, systemKey);
systemKey.fill(0);
const key = `user_encrypted_dek_oidc_${userId}`;
const value = JSON.stringify(oidcEncryptedDEK);
const { getDb } = await import("../database/db/index.js");
const { settings } = await import("../database/db/schema.js");
const { eq } = await import("drizzle-orm");
const existing = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (existing.length > 0) {
await getDb()
.update(settings)
.set({ value })
.where(eq(settings.key, key));
} else {
await getDb().insert(settings).values({ key, value });
}
databaseLogger.info(
"Converted user encryption to dual-auth (password + OIDC)",
{
operation: "convert_to_oidc_encryption_preserved",
userId,
},
);
const { saveMemoryDatabaseToFile } =
await import("../database/db/index.js");
await saveMemoryDatabaseToFile();
} catch (error) {
databaseLogger.error("Failed to convert to OIDC encryption", error, {
operation: "convert_to_oidc_encryption_error",
userId,
error: error instanceof Error ? error.message : "Unknown error",
});
throw error;
}
}
private async validatePassword(
userId: string,
password: string,
): Promise<boolean> {
try {
const kekSalt = await this.getKEKSalt(userId);
if (!kekSalt) return false;
const KEK = this.deriveKEK(password, kekSalt);
const encryptedDEK = await this.getEncryptedDEK(userId);
if (!encryptedDEK) return false;
const DEK = this.decryptDEK(encryptedDEK, KEK);
KEK.fill(0);
DEK.fill(0);
return true;
} catch {
return false;
}
}
private cleanupExpiredSessions(): void {
const now = Date.now();
const expiredUsers: string[] = [];
for (const [userId, session] of this.userSessions.entries()) {
if (now > session.expiresAt) {
session.dataKey.fill(0);
expiredUsers.push(userId);
}
}
expiredUsers.forEach((userId) => {
this.userSessions.delete(userId);
});
}
private async generateKEKSalt(): Promise<KEKSalt> {
return {
salt: crypto.randomBytes(32).toString("hex"),
iterations: UserCrypto.PBKDF2_ITERATIONS,
algorithm: "pbkdf2-sha256",
createdAt: new Date().toISOString(),
};
}
private deriveKEK(password: string, kekSalt: KEKSalt): Buffer {
return crypto.pbkdf2Sync(
password,
Buffer.from(kekSalt.salt, "hex"),
kekSalt.iterations,
UserCrypto.KEK_LENGTH,
"sha256",
);
}
private async deriveOIDCSystemKey(userId: string): Promise<Buffer> {
if (process.env.OIDC_SYSTEM_SECRET) {
return crypto.pbkdf2Sync(
process.env.OIDC_SYSTEM_SECRET,
Buffer.from(userId, "utf8"),
100000,
UserCrypto.KEK_LENGTH,
"sha256",
);
}
const systemSecret = await SystemCrypto.getInstance().getEncryptionKey();
return Buffer.from(
crypto.hkdfSync(
"sha256",
systemSecret,
Buffer.from(userId, "utf8"),
Buffer.from("termix:oidc-user-kek", "utf8"),
UserCrypto.KEK_LENGTH,
),
);
}
private async deriveWebAuthnSystemKey(userId: string): Promise<Buffer> {
const configuredSecret =
process.env.WEBAUTHN_SYSTEM_SECRET || process.env.OIDC_SYSTEM_SECRET;
if (configuredSecret) {
return crypto.pbkdf2Sync(
configuredSecret,
Buffer.from(`webauthn:${userId}`, "utf8"),
100000,
UserCrypto.KEK_LENGTH,
"sha256",
);
}
const systemSecret = await SystemCrypto.getInstance().getEncryptionKey();
return Buffer.from(
crypto.hkdfSync(
"sha256",
systemSecret,
Buffer.from(userId, "utf8"),
Buffer.from("termix:webauthn-user-kek", "utf8"),
UserCrypto.KEK_LENGTH,
),
);
}
private deriveLegacySystemKey(
userId: string,
type: "oidc" | "webauthn",
): Buffer {
const secret =
type === "oidc"
? "termix-oidc-system-secret-default"
: "termix-webauthn-system-secret-default";
const salt = Buffer.from(
type === "oidc" ? userId : `webauthn:${userId}`,
"utf8",
);
return crypto.pbkdf2Sync(
secret,
salt,
100000,
UserCrypto.KEK_LENGTH,
"sha256",
);
}
private async decryptSystemWrappedDEK(
encryptedDEK: EncryptedDEK,
userId: string,
type: "oidc" | "webauthn",
settingKey: string,
): Promise<Buffer> {
const systemKey =
type === "oidc"
? await this.deriveOIDCSystemKey(userId)
: await this.deriveWebAuthnSystemKey(userId);
try {
return this.decryptDEK(encryptedDEK, systemKey);
} catch {
const legacyKey = this.deriveLegacySystemKey(userId, type);
try {
const dek = this.decryptDEK(encryptedDEK, legacyKey);
const value = JSON.stringify(this.encryptDEK(dek, systemKey));
await getDb()
.update(settings)
.set({ value })
.where(eq(settings.key, settingKey));
databaseLogger.info("Migrated legacy system-wrapped user key", {
operation: "user_key_wrap_migrated",
userId,
type,
});
return dek;
} finally {
legacyKey.fill(0);
}
} finally {
systemKey.fill(0);
}
}
private encryptDEK(dek: Buffer, kek: Buffer): EncryptedDEK {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv("aes-256-gcm", kek, iv);
let encrypted = cipher.update(dek);
encrypted = Buffer.concat([encrypted, cipher.final()]);
const tag = cipher.getAuthTag();
return {
data: encrypted.toString("hex"),
iv: iv.toString("hex"),
tag: tag.toString("hex"),
algorithm: "aes-256-gcm",
createdAt: new Date().toISOString(),
};
}
private decryptDEK(encryptedDEK: EncryptedDEK, kek: Buffer): Buffer {
const decipher = crypto.createDecipheriv(
"aes-256-gcm",
kek,
Buffer.from(encryptedDEK.iv, "hex"),
);
decipher.setAuthTag(Buffer.from(encryptedDEK.tag, "hex"));
let decrypted = decipher.update(Buffer.from(encryptedDEK.data, "hex"));
decrypted = Buffer.concat([decrypted, decipher.final()]);
return decrypted;
}
private async storeKEKSalt(userId: string, kekSalt: KEKSalt): Promise<void> {
const key = `user_kek_salt_${userId}`;
const value = JSON.stringify(kekSalt);
const existing = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (existing.length > 0) {
await getDb()
.update(settings)
.set({ value })
.where(eq(settings.key, key));
} else {
await getDb().insert(settings).values({ key, value });
}
}
private async getKEKSalt(userId: string): Promise<KEKSalt | null> {
try {
const key = `user_kek_salt_${userId}`;
const result = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (result.length === 0) {
return null;
}
return JSON.parse(result[0].value);
} catch {
return null;
}
}
private async storeEncryptedDEK(
userId: string,
encryptedDEK: EncryptedDEK,
): Promise<void> {
const key = `user_encrypted_dek_${userId}`;
const value = JSON.stringify(encryptedDEK);
const existing = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (existing.length > 0) {
await getDb()
.update(settings)
.set({ value })
.where(eq(settings.key, key));
} else {
await getDb().insert(settings).values({ key, value });
}
}
private async getEncryptedDEK(userId: string): Promise<EncryptedDEK | null> {
try {
const key = `user_encrypted_dek_${userId}`;
const result = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (result.length === 0) {
return null;
}
return JSON.parse(result[0].value);
} catch {
return null;
}
}
private async getOIDCEncryptedDEK(
userId: string,
): Promise<EncryptedDEK | null> {
try {
const key = `user_encrypted_dek_oidc_${userId}`;
const result = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (result.length === 0) {
return null;
}
return JSON.parse(result[0].value);
} catch {
return null;
}
}
private async storeWebAuthnEncryptedDEK(
userId: string,
encryptedDEK: EncryptedDEK,
): Promise<void> {
const key = `user_encrypted_dek_webauthn_${userId}`;
const value = JSON.stringify(encryptedDEK);
const existing = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (existing.length > 0) {
await getDb()
.update(settings)
.set({ value })
.where(eq(settings.key, key));
} else {
await getDb().insert(settings).values({ key, value });
}
}
private async getWebAuthnEncryptedDEK(
userId: string,
): Promise<EncryptedDEK | null> {
try {
const key = `user_encrypted_dek_webauthn_${userId}`;
const result = await getDb()
.select()
.from(settings)
.where(eq(settings.key, key));
if (result.length === 0) {
return null;
}
return JSON.parse(result[0].value);
} catch {
return null;
}
}
}
export { UserCrypto, type KEKSalt, type EncryptedDEK };