diff --git a/packages/seedless-onboarding-controller/CHANGELOG.md b/packages/seedless-onboarding-controller/CHANGELOG.md index 42c836905c9..c8f111d13ca 100644 --- a/packages/seedless-onboarding-controller/CHANGELOG.md +++ b/packages/seedless-onboarding-controller/CHANGELOG.md @@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Add `SecretMetadata.compareByTimestamp` static method for comparing metadata by timestamp ([#7284](https://github.com/MetaMask/core/pull/7284)) - Add `SecretMetadata.matchesType` static method for checking if metadata matches a given type ([#7284](https://github.com/MetaMask/core/pull/7284)) - Re-export `EncAccountDataType` from `@metamask/toprf-secure-backup` ([#7284](https://github.com/MetaMask/core/pull/7284)) +- Add third generic type parameter `EncryptionResult` to `SeedlessOnboardingController` and `SeedlessOnboardingControllerOptions`, constrained by `EncryptionResultConstraint` and defaulting to `DefaultEncryptionResult`, so the vault `encryptor` matches the full `Encryptor` typing from `@metamask/keyring-controller` ([#8411](https://github.com/MetaMask/core/pull/8411)) ### Changed @@ -32,6 +33,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Use `SecretMetadata.matchesType` for filtering - **BREAKING:** Change `SecretMetadata.fromRawMetadata` signature to require `storageMetadata` parameter ([#7284](https://github.com/MetaMask/core/pull/7284)) - **BREAKING:** Remove `version` getter from `SecretMetadata`; use `storageVersion` instead ([#7284](https://github.com/MetaMask/core/pull/7284)) +- **BREAKING:** Remove `VaultEncryptor` type alias; use `Encryptor` from `@metamask/keyring-controller` with encryption key, key derivation params, and encryption result types ([#8411](https://github.com/MetaMask/core/pull/8411)) +- **BREAKING:** `SeedlessOnboardingControllerOptions` no longer supplies default type parameters for `EncryptionKey` and `SupportedKeyDerivationParams`; pass both explicitly when referencing the type ([#8411](https://github.com/MetaMask/core/pull/8411)) ### Fixed diff --git a/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.test.ts b/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.test.ts index db91ff5246c..afed752a698 100644 --- a/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.test.ts +++ b/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.test.ts @@ -16,6 +16,10 @@ import { keyFromPassword as keyFromPasswordBrowserPassworder, encryptWithKey as encryptWithKeyBrowserPassworder, } from '@metamask/browser-passworder'; +import { + DefaultEncryptionResult, + Encryptor, +} from '@metamask/keyring-controller'; import { EncAccountDataType, TOPRFError, @@ -59,10 +63,7 @@ import { getInitialSeedlessOnboardingControllerStateWithDefaults, SeedlessOnboardingController, } from './SeedlessOnboardingController'; -import type { - SeedlessOnboardingControllerState, - VaultEncryptor, -} from './types'; +import type { SeedlessOnboardingControllerState } from './types'; import type { MockKeyringControllerMessenger, RootMessenger, @@ -132,9 +133,14 @@ type WithControllerCallback = }: { controller: SeedlessOnboardingController< EKey, - SupportedKeyDerivationOptions + SupportedKeyDerivationOptions, + DefaultEncryptionResult + >; + encryptor: Encryptor< + EKey, + SupportedKeyDerivationOptions, + DefaultEncryptionResult >; - encryptor: VaultEncryptor; initialState: SeedlessOnboardingControllerState; messenger: SeedlessOnboardingControllerMessenger; baseMessenger: RootMessenger; @@ -146,7 +152,11 @@ type WithControllerCallback = }) => Promise | ReturnValue; type WithControllerOptions = Partial< - SeedlessOnboardingControllerOptions + SeedlessOnboardingControllerOptions< + EKey, + SupportedKeyDerivationParams, + DefaultEncryptionResult + > >; type WithControllerArgs = @@ -163,9 +173,10 @@ type WithControllerArgs = * * @returns The default vault encryptor for the Seedless Onboarding Controller. */ -function getDefaultSeedlessOnboardingVaultEncryptor(): VaultEncryptor< +function getDefaultSeedlessOnboardingVaultEncryptor(): Encryptor< EncryptionKey | webcrypto.CryptoKey, - KeyDerivationOptions + KeyDerivationOptions, + DefaultEncryptionResult > { return { encrypt, diff --git a/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts b/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts index 12401bd3deb..3d6c6a1c5d7 100644 --- a/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts +++ b/packages/seedless-onboarding-controller/src/SeedlessOnboardingController.ts @@ -6,6 +6,11 @@ import type { StateMetadata, } from '@metamask/base-controller'; import type * as encryptionUtils from '@metamask/browser-passworder'; +import type { + DefaultEncryptionResult, + EncryptionResultConstraint, + Encryptor, +} from '@metamask/keyring-controller'; import type { Messenger } from '@metamask/messenger'; import type { AuthenticateResult, @@ -60,7 +65,6 @@ import type { SeedlessOnboardingControllerState, AuthenticatedUserDetails, SocialBackupsMetadata, - VaultEncryptor, RefreshJWTToken, RevokeRefreshToken, RenewRefreshToken, @@ -146,8 +150,10 @@ export type SeedlessOnboardingControllerMessenger = Messenger< * @param encryptor - The encryptor to use for encrypting and decrypting seedless onboarding vault. */ export type SeedlessOnboardingControllerOptions< - EncryptionKey = encryptionUtils.EncryptionKey, - SupportedKeyDerivationParams = encryptionUtils.KeyDerivationOptions, + EncryptionKey, + SupportedKeyDerivationParams, + EncryptionResult extends + EncryptionResultConstraint = DefaultEncryptionResult, > = { messenger: SeedlessOnboardingControllerMessenger; @@ -161,7 +167,11 @@ export type SeedlessOnboardingControllerOptions< * * @default browser-passworder @link https://github.com/MetaMask/browser-passworder */ - encryptor: VaultEncryptor; + encryptor: Encryptor< + EncryptionKey, + SupportedKeyDerivationParams, + EncryptionResult + >; /** * A function to get a new jwt token using refresh token. @@ -377,14 +387,17 @@ const seedlessOnboardingMetadata: StateMetadata = DefaultEncryptionResult, > extends BaseController< typeof controllerName, SeedlessOnboardingControllerState, SeedlessOnboardingControllerMessenger > { - readonly #vaultEncryptor: VaultEncryptor< + readonly #vaultEncryptor: Encryptor< EncryptionKey, - SupportedKeyDerivationOptions + SupportedKeyDerivationOptions, + EncryptionResult >; readonly #controllerOperationMutex = new Mutex(); @@ -451,7 +464,8 @@ export class SeedlessOnboardingController< passwordOutdatedCacheTTL = PASSWORD_OUTDATED_CACHE_TTL_MS, }: SeedlessOnboardingControllerOptions< EncryptionKey, - SupportedKeyDerivationOptions + SupportedKeyDerivationOptions, + EncryptionResult >) { super({ name: controllerName, diff --git a/packages/seedless-onboarding-controller/src/types.ts b/packages/seedless-onboarding-controller/src/types.ts index 763deb5b88e..39033b6feef 100644 --- a/packages/seedless-onboarding-controller/src/types.ts +++ b/packages/seedless-onboarding-controller/src/types.ts @@ -1,4 +1,3 @@ -import type { Encryptor } from '@metamask/keyring-controller'; import type { KeyPair, NodeAuthTokens } from '@metamask/toprf-secure-backup'; import type { MutexInterface } from 'async-mutex'; @@ -179,12 +178,6 @@ export type SeedlessOnboardingControllerState = migrationVersion: number; }; -/** - * Encryptor interface for encrypting and decrypting seedless onboarding vault. - */ -export type VaultEncryptor = - Encryptor; - /** * Additional key deriver for the TOPRF client. * diff --git a/packages/seedless-onboarding-controller/tests/mocks/vaultEncryptor.ts b/packages/seedless-onboarding-controller/tests/mocks/vaultEncryptor.ts index 8b607eb2d1c..8e6d0f53e7c 100644 --- a/packages/seedless-onboarding-controller/tests/mocks/vaultEncryptor.ts +++ b/packages/seedless-onboarding-controller/tests/mocks/vaultEncryptor.ts @@ -1,16 +1,21 @@ import type { EncryptionKey, - EncryptionResult, KeyDerivationOptions, } from '@metamask/browser-passworder'; +import { + DefaultEncryptionResult, + Encryptor, +} from '@metamask/keyring-controller'; import type { Json } from '@metamask/utils'; import { webcrypto } from 'node:crypto'; -import type { VaultEncryptor } from '../../src/types'; - export default class MockVaultEncryptor implements - VaultEncryptor + Encryptor< + EncryptionKey | webcrypto.CryptoKey, + KeyDerivationOptions, + DefaultEncryptionResult + > { defaultDerivationParams: KeyDerivationOptions = { algorithm: 'PBKDF2', @@ -123,7 +128,7 @@ export default class MockVaultEncryptor async encryptWithKey( encryptionKey: EncryptionKey | webcrypto.CryptoKey, data: unknown, - ): Promise { + ): Promise> { const dataString = JSON.stringify(data); const dataBuffer = Buffer.from(dataString); const vector = webcrypto.getRandomValues(new Uint8Array(16)); @@ -141,7 +146,7 @@ export default class MockVaultEncryptor const buffer = new Uint8Array(encBuff); const vectorStr = Buffer.from(vector).toString('base64'); const vaultStr = Buffer.from(buffer).toString('base64'); - const encryptionResult: EncryptionResult = { + const encryptionResult: DefaultEncryptionResult = { data: vaultStr, iv: vectorStr, }; @@ -155,9 +160,9 @@ export default class MockVaultEncryptor async decryptWithKey( encryptionKey: EncryptionKey | webcrypto.CryptoKey, - payload: EncryptionResult, + payload: DefaultEncryptionResult, ): Promise { - let encData: EncryptionResult; + let encData: DefaultEncryptionResult; if (typeof payload === 'string') { encData = JSON.parse(payload); } else {