feat: add decryptWithPasswordBase64 method and test wallet decryption

2025-10-26 02:44:33 +01:00 · 2025-10-26 02:44:33 +01:00 · 6a36fde154
commit 6a36fde154
parent b8b28c1f5d
2 changed files with 104 additions and 0 deletions
--- a/src/pages/wallet-setup/wallet-setup.ts
+++ b/src/pages/wallet-setup/wallet-setup.ts
@ -398,6 +398,47 @@ document.addEventListener('DOMContentLoaded', async () => {
                securityMode: finalVerification.security_mode,
                hasDeviceInClear: !!finalVerification.device // DEVRAIT ÊTRE FALSE
            });
+
+            // TEST: Déchiffrer le wallet pour valider que ça fonctionne
+            console.log('🔐 TEST: Attempting to decrypt wallet to validate encryption...');
+            try {
+                const pbkdf2KeyTest = await secureCredentialsService.retrievePBKDF2Key(currentMode as any);
+                if (!pbkdf2KeyTest) {
+                    console.error('❌ TEST: Failed to retrieve PBKDF2 key for decryption test');
+                } else {
+                    console.log('✅ TEST: PBKDF2 key retrieved for decryption test');
+                    
+                    // Déchiffrer le wallet chiffré (format base64)
+                    const decryptedWallet = await encryptionService.decryptWithPasswordBase64(
+                        finalVerification.encrypted_wallet,
+                        pbkdf2KeyTest
+                    );
+                    const parsedWallet = JSON.parse(decryptedWallet);
+                    console.log('✅ TEST: Wallet decrypted successfully:', {
+                        hasScanSk: !!parsedWallet.scan_sk,
+                        hasSpendKey: !!parsedWallet.spend_key,
+                        network: parsedWallet.network,
+                        state: parsedWallet.state,
+                        created_at: parsedWallet.created_at
+                    });
+
+                    // Déchiffrer le device chiffré (format base64)
+                    const decryptedDevice = await encryptionService.decryptWithPasswordBase64(
+                        finalVerification.encrypted_device,
+                        pbkdf2KeyTest
+                    );
+                    const parsedDevice = JSON.parse(decryptedDevice);
+                    console.log('✅ TEST: Device decrypted successfully:', {
+                        hasSpWallet: !!parsedDevice.sp_wallet,
+                        network: parsedDevice.network
+                    });
+
+                    console.log('✅ TEST: Full decryption test passed - wallet and device decrypt correctly');
+                }
+            } catch (decryptError) {
+                console.error('❌ TEST: Decryption test failed:', decryptError);
+                console.error('❌ This indicates an issue with encryption/decryption logic');
+            }
        } else {
            console.error('❌ Final wallet verification failed - wallet not found in IndexedDB');
            throw new Error('Wallet verification failed - wallet not found');
--- a/src/services/credentials/encryption.service.ts
+++ b/src/services/credentials/encryption.service.ts
@ -152,6 +152,69 @@ export class EncryptionService {
    };
  }

+  /**
+   * Déchiffre des données avec PBKDF2 + AES-GCM (format base64 de encryptWithPassword)
+   */
+  async decryptWithPasswordBase64(encryptedDataBase64: string, password: string): Promise<string> {
+    try {
+      // Décoder la base64
+      const encrypted = atob(encryptedDataBase64);
+      const combined = new Uint8Array(encrypted.length);
+      for (let i = 0; i < encrypted.length; i++) {
+        combined[i] = encrypted.charCodeAt(i);
+      }
+
+      // Extraire salt (16 bytes), iv (12 bytes) et données chiffrées
+      const salt = combined.slice(0, 16);
+      const iv = combined.slice(16, 28);
+      const encryptedData = combined.slice(28);
+
+      // Dériver la clé avec PBKDF2
+      const keyMaterial = await crypto.subtle.importKey(
+        'raw',
+        new TextEncoder().encode(password),
+        'PBKDF2',
+        false,
+        ['deriveBits']
+      );
+
+      const derivedKey = await crypto.subtle.deriveBits(
+        {
+          name: 'PBKDF2',
+          salt: salt,
+          iterations: 100000,
+          hash: 'SHA-256'
+        },
+        keyMaterial,
+        256
+      );
+
+      const cryptoKey = await crypto.subtle.importKey(
+        'raw',
+        derivedKey,
+        { name: 'AES-GCM' },
+        false,
+        ['decrypt']
+      );
+
+      // Déchiffrer
+      const decrypted = await crypto.subtle.decrypt(
+        { name: 'AES-GCM', iv: iv },
+        cryptoKey,
+        encryptedData
+      );
+
+      return new TextDecoder().decode(decrypted);
+    } catch (error) {
+      secureLogger.error('Failed to decrypt with password base64', {
+        component: 'EncryptionService',
+        operation: 'decryptWithPasswordBase64',
+        error: error instanceof Error ? error.message : String(error)
+      });
+      throw error;
+    }
+  }
+
  /**
   * Déchiffre des données avec PBKDF2 + AES-GCM
   */