Clean up local admin handling code

libs/electron-updater.mjs

@@ -11584,46 +11584,54 @@ const coerce$1 = (version, options) => {
 };
 var coerce_1 = coerce$1;
 
-class LRUCache {
-  constructor () {
-    this.max = 1000;
-    this.map = new Map();
-  }
+var lrucache;
+var hasRequiredLrucache;
+
+function requireLrucache () {
+	if (hasRequiredLrucache) return lrucache;
+	hasRequiredLrucache = 1;
+	class LRUCache {
+	  constructor () {
+	    this.max = 1000;
+	    this.map = new Map();
+	  }
 
-  get (key) {
-    const value = this.map.get(key);
-    if (value === undefined) {
-      return undefined
-    } else {
-      // Remove the key from the map and add it to the end
-      this.map.delete(key);
-      this.map.set(key, value);
-      return value
-    }
-  }
+	  get (key) {
+	    const value = this.map.get(key);
+	    if (value === undefined) {
+	      return undefined
+	    } else {
+	      // Remove the key from the map and add it to the end
+	      this.map.delete(key);
+	      this.map.set(key, value);
+	      return value
+	    }
+	  }
 
-  delete (key) {
-    return this.map.delete(key)
-  }
+	  delete (key) {
+	    return this.map.delete(key)
+	  }
 
-  set (key, value) {
-    const deleted = this.delete(key);
+	  set (key, value) {
+	    const deleted = this.delete(key);
 
-    if (!deleted && value !== undefined) {
-      // If cache is full, delete the least recently used item
-      if (this.map.size >= this.max) {
-        const firstKey = this.map.keys().next().value;
-        this.delete(firstKey);
-      }
+	    if (!deleted && value !== undefined) {
+	      // If cache is full, delete the least recently used item
+	      if (this.map.size >= this.max) {
+	        const firstKey = this.map.keys().next().value;
+	        this.delete(firstKey);
+	      }
 
-      this.map.set(key, value);
-    }
+	      this.map.set(key, value);
+	    }
 
-    return this
-  }
-}
+	    return this
+	  }
+	}
 
-var lrucache = LRUCache;
+	lrucache = LRUCache;
+	return lrucache;
+}
 
 var range;
 var hasRequiredRange;
@@ -11845,7 +11853,7 @@ function requireRange () {
 
 	range = Range;
 
-	const LRU = lrucache;
+	const LRU = requireLrucache();
 	const cache = new LRU();
 
 	const parseOptions = parseOptions_1;

packages/tutanota-crypto/lib/encryption/KeyEncryption.ts

@@ -11,6 +11,15 @@ import type { PQKeyPairs } from "./PQKeyPairs.js"
 
 export type EncryptedKeyPairs = EncryptedPqKeyPairs | EncryptedRsaKeyPairs | EncryptedRsaEccKeyPairs
 
+export type AbstractEncryptedKeyPair = {
+	pubEccKey: null | Uint8Array
+	pubKyberKey: null | Uint8Array
+	pubRsaKey: null | Uint8Array
+	symEncPrivEccKey: null | Uint8Array
+	symEncPrivKyberKey: null | Uint8Array
+	symEncPrivRsaKey: null | Uint8Array
+}
+
 export type EncryptedPqKeyPairs = {
 	pubEccKey: Uint8Array
 	pubKyberKey: Uint8Array
@@ -38,6 +47,17 @@ export type EncryptedRsaEccKeyPairs = {
 	symEncPrivRsaKey: Uint8Array
 }
 
+export function isEncryptedPqKeyPairs(keyPair: AbstractEncryptedKeyPair): keyPair is EncryptedPqKeyPairs {
+	return (
+		keyPair.pubEccKey != null &&
+		keyPair.pubKyberKey != null &&
+		keyPair.symEncPrivEccKey != null &&
+		keyPair.symEncPrivKyberKey != null &&
+		keyPair.pubRsaKey == null &&
+		keyPair.symEncPrivRsaKey == null
+	)
+}
+
 export function encryptKey(encryptionKey: AesKey, keyToBeEncrypted: AesKey): Uint8Array {
 	const keyLength = getKeyLengthBytes(encryptionKey)
 	if (keyLength === KEY_LENGTH_BYTES_AES_128) {

packages/tutanota-crypto/lib/index.ts

@@ -45,10 +45,12 @@ export {
 } from "./hashes/Argon2id/Argon2id.js"
 export { KeyLength, EntropySource, HkdfKeyDerivationDomains } from "./misc/Constants.js"
 export {
+	AbstractEncryptedKeyPair,
 	EncryptedKeyPairs,
 	EncryptedPqKeyPairs,
 	EncryptedRsaKeyPairs,
 	EncryptedRsaEccKeyPairs,
+	isEncryptedPqKeyPairs,
 	encryptKey,
 	decryptKey,
 	encryptRsaKey,

packages/tutanota-crypto/lib/misc/Constants.ts

@@ -2,6 +2,12 @@ export enum KeyLength {
 	b128 = "128",
 	b256 = "256",
 }
+
 export type EntropySource = "mouse" | "touch" | "key" | "random" | "static" | "time" | "accel"
 
-export type HkdfKeyDerivationDomains = "userGroupKeyDistributionKey" | "adminGroupKeyRotationHash"
+export type HkdfKeyDerivationDomains =
+	| "userGroupKeyDistributionKey"
+	| "adminGroupKeyRotationHash"
+	| "adminGroupDistributionKeyPairKey"
+	| "multiAdminKeyRotationPubDistKeyHash"
+	| "multiAdminKeyRotationNewAdminSymKeyHash"

packages/tutanota-crypto/lib/misc/Utils.ts

@@ -16,6 +16,7 @@ export function padAes(bytes: Uint8Array): Uint8Array {
 	padding.fill(paddingLength)
 	return concat(bytes, padding)
 }
+
 export function unpadAes(bytes: Uint8Array): Uint8Array {
 	let paddingLength = bytes[bytes.byteLength - 1]
 
@@ -38,6 +39,7 @@ export function createAuthVerifier(passwordKey: AesKey): Uint8Array {
 	// TODO Compatibility Test
 	return sha256Hash(bitArrayToUint8Array(passwordKey))
 }
+
 export function createAuthVerifierAsBase64Url(passwordKey: AesKey): Base64Url {
 	return base64ToBase64Url(uint8ArrayToBase64(createAuthVerifier(passwordKey)))
 }
@@ -101,10 +103,12 @@ export function base64ToKey(base64: Base64): BitArray {
 	}
 }
 
-export function uint8ArrayToKey(array: Uint8Array): BitArray {
+export function uint8ArrayToKey(array: Uint8Array): AesKey {
 	return base64ToKey(uint8ArrayToBase64(array))
 }
+
 export function keyToUint8Array(key: BitArray): Uint8Array {
 	return base64ToUint8Array(keyToBase64(key))
 }
+
 export const fixedIv: Uint8Array = hexToUint8Array("88888888888888888888888888888888")

schemas/sys.json

@@ -465,6 +465,86 @@
 					"info": "AddValue PlanConfiguration/unlimitedLabels/2494."
 				}
 			]
+		},
+		{
+			"version": 116,
+			"changes": [
+				{
+					"name": "AddValue",
+					"sourceType": "EncryptedKeyHash",
+					"info": "AddValue EncryptedKeyHash/encryptingKeyVersion/2504."
+				},
+				{
+					"name": "RenameAttribute",
+					"sourceType": "EncryptedKeyHash",
+					"info": "RenameAttribute EncryptedKeyHash: userGroup -> encryptingGroup."
+				},
+				{
+					"name": "RenameAttribute",
+					"sourceType": "EncryptedKeyHash",
+					"info": "RenameAttribute EncryptedKeyHash: version -> hashedKeyVersion."
+				},
+				{
+					"name": "RenameAttribute",
+					"sourceType": "EncryptedKeyHash",
+					"info": "RenameAttribute EncryptedKeyHash: authKeyEncAdminRotationHash -> encryptingKeyEncKeyHash."
+				},
+				{
+					"name": "RenameAttribute",
+					"sourceType": "KeyRotation",
+					"info": "RenameAttribute KeyRotation: adminGroupKeyAuthenticationData -> userEncAdminPubKeyHash."
+				},
+				{
+					"name": "AddAssociation",
+					"sourceType": "KeyRotation",
+					"info": "AddAssociation KeyRotation/distEncAdminGroupSymKey/AGGREGATION/2505."
+				},
+				{
+					"name": "AddAssociation",
+					"sourceType": "KeyRotation",
+					"info": "AddAssociation KeyRotation/userEncAdminSymKeyHash/AGGREGATION/2506."
+				},
+				{
+					"name": "AddAssociation",
+					"sourceType": "KeyRotation",
+					"info": "AddAssociation KeyRotation/adminEncDistKeyHash/AGGREGATION/2507."
+				},
+				{
+					"name": "AddAssociation",
+					"sourceType": "KeyRotation",
+					"info": "AddAssociation KeyRotation/adminDistKeyPair/AGGREGATION/2508."
+				},
+				{
+					"name": "AddValue",
+					"sourceType": "UserGroupKeyRotationData",
+					"info": "AddValue UserGroupKeyRotationData/userGroupEncAdminGroupKey/2529."
+				},
+				{
+					"name": "AddValue",
+					"sourceType": "PubEncKeyData",
+					"info": "AddValue PubEncKeyData/senderIdentifier/2530."
+				},
+				{
+					"name": "AddValue",
+					"sourceType": "PubEncKeyData",
+					"info": "AddValue PubEncKeyData/senderIdentifierType/2531."
+				}
+			]
+		},
+		{
+			"version": 117,
+			"changes": [
+				{
+					"name": "RemoveAssociation",
+					"sourceType": "Group",
+					"info": "RemoveAssociation Group/administratedGroups."
+				},
+				{
+					"name": "RemoveAssociation",
+					"sourceType": "GroupInfo",
+					"info": "RemoveAssociation GroupInfo/localAdmin."
+				}
+			]
 		}
 	]
 }

src/common/api/common/TutanotaConstants.ts

@@ -1230,6 +1230,7 @@ export const DEFAULT_ERROR = "defaultError"
 export enum PublicKeyIdentifierType {
 	MAIL_ADDRESS = "0",
 	GROUP_ID = "1",
+	KEY_ROTATION_ID = "2",
 }
 
 export function asPublicKeyIdentifier(maybe: NumberString): PublicKeyIdentifierType {

src/common/api/entities/sys/ModelInfo.ts

@@ -1,6 +1,6 @@
 const modelInfo = {
-	version: 115,
-	compatibleSince: 114,
+	version: 117,
+	compatibleSince: 117,
 }
 
 export default modelInfo

src/common/api/entities/sys/Services.ts

@@ -1,4 +1,6 @@
+import { AdminGroupKeyRotationGetOutTypeRef } from "./TypeRefs.js"
 import { AdminGroupKeyRotationPostInTypeRef } from "./TypeRefs.js"
+import { AdminGroupKeyRotationPutInTypeRef } from "./TypeRefs.js"
 import { AffiliatePartnerKpiServiceGetOutTypeRef } from "./TypeRefs.js"
 import { AlarmServicePostTypeRef } from "./TypeRefs.js"
 import { AppStoreSubscriptionGetInTypeRef } from "./TypeRefs.js"
@@ -37,7 +39,6 @@ import { GroupKeyRotationInfoGetOutTypeRef } from "./TypeRefs.js"
 import { GroupKeyRotationPostInTypeRef } from "./TypeRefs.js"
 import { InvoiceDataGetInTypeRef } from "./TypeRefs.js"
 import { InvoiceDataGetOutTypeRef } from "./TypeRefs.js"
-import { LocalAdminRemovalPostInTypeRef } from "./TypeRefs.js"
 import { LocationServiceGetReturnTypeRef } from "./TypeRefs.js"
 import { MailAddressAliasGetInTypeRef } from "./TypeRefs.js"
 import { MailAddressAliasServiceReturnTypeRef } from "./TypeRefs.js"
@@ -93,9 +94,9 @@ import { VersionReturnTypeRef } from "./TypeRefs.js"
 export const AdminGroupKeyRotationService = Object.freeze({
 	app: "sys",
 	name: "AdminGroupKeyRotationService",
-	get: null,
+	get: { data: null, return: AdminGroupKeyRotationGetOutTypeRef },
 	post: { data: AdminGroupKeyRotationPostInTypeRef, return: null },
-	put: null,
+	put: { data: AdminGroupKeyRotationPutInTypeRef, return: null },
 	delete: null,
 } as const)
 
@@ -297,15 +298,6 @@ export const InvoiceDataService = Object.freeze({
 	delete: null,
 } as const)
 
-export const LocalAdminRemovalService = Object.freeze({
-	app: "sys",
-	name: "LocalAdminRemovalService",
-	get: null,
-	post: { data: LocalAdminRemovalPostInTypeRef, return: null },
-	put: null,
-	delete: null,
-} as const)
-
 export const LocationService = Object.freeze({
 	app: "sys",
 	name: "LocationService",