(
input: (typeof rotateKeysProcedureStep1)['_def']['_output_out'],
)
| 46 | } |
| 47 | |
| 48 | async function step2( |
| 49 | input: (typeof rotateKeysProcedureStep1)['_def']['_output_out'], |
| 50 | ): Promise<(typeof rotateKeysProcedureStep2)['_def']['_input_in']> { |
| 51 | const oldSymmetricKeyring = createSymmetricKeyring( |
| 52 | input.userEncryptedSymmetricKeyring, |
| 53 | ).unwrapSymmetric(derivedUserValues.masterKey, { |
| 54 | associatedData: { |
| 55 | context: 'UserSymmetricKeyring', |
| 56 | userId: authStore().userId, |
| 57 | }, |
| 58 | }); |
| 59 | const oldPrivateKeyring = createPrivateKeyring( |
| 60 | input.userEncryptedPrivateKeyring, |
| 61 | ).unwrapSymmetric(derivedUserValues.masterKey, { |
| 62 | associatedData: { |
| 63 | context: 'UserPrivateKeyring', |
| 64 | userId: authStore().userId, |
| 65 | }, |
| 66 | }); |
| 67 | const oldPublicKeyring = createKeyring(input.userPublicKeyring); |
| 68 | |
| 69 | const newSymmetricKeyring = oldSymmetricKeyring.addKey(); |
| 70 | |
| 71 | const newRawKeyPair = sodium.crypto_box_keypair(); |
| 72 | const newPrivateKeyring = oldPrivateKeyring.addKey( |
| 73 | newRawKeyPair.privateKey, |
| 74 | ); |
| 75 | const newPublicKeyring = oldPublicKeyring.addKey(newRawKeyPair.publicKey); |
| 76 | const newKeyPair = wrapKeyPair(newPublicKeyring, newPrivateKeyring); |
| 77 | |
| 78 | return { |
| 79 | userEncryptedSymmetricKeyring: newSymmetricKeyring.wrapSymmetric( |
| 80 | derivedUserValues.masterKey, |
| 81 | { |
| 82 | associatedData: { |
| 83 | context: 'UserSymmetricKeyring', |
| 84 | userId: authStore().userId, |
| 85 | }, |
| 86 | }, |
| 87 | ).wrappedValue, |
| 88 | userEncryptedPrivateKeyring: newPrivateKeyring.wrapSymmetric( |
| 89 | derivedUserValues.masterKey, |
| 90 | { |
| 91 | associatedData: { |
| 92 | context: 'UserPrivateKeyring', |
| 93 | userId: authStore().userId, |
| 94 | }, |
| 95 | }, |
| 96 | ).wrappedValue, |
| 97 | userPublicKeyring: newPublicKeyring.wrappedValue, |
| 98 | |
| 99 | userEncryptedDefaultNote: newSymmetricKeyring.encrypt( |
| 100 | oldSymmetricKeyring.decrypt(input.userEncryptedDefaultNote, { |
| 101 | associatedData: { |
| 102 | context: 'UserDefaultNote', |
| 103 | userId: authStore().userId, |
| 104 | }, |
| 105 | }), |
nothing calls this directly
no test coverage detected