mirror of
https://github.com/vector-im/hydrogen-web.git
synced 2024-12-23 03:25:12 +01:00
some ssss cleanup
This commit is contained in:
parent
8204e942d9
commit
b7401a148c
@ -17,7 +17,7 @@ limitations under the License.
|
|||||||
import {base64} from "../../../utils/base-encoding.js";
|
import {base64} from "../../../utils/base-encoding.js";
|
||||||
|
|
||||||
export class SecretStorage {
|
export class SecretStorage {
|
||||||
constructor(key, storage, cryptoDriver) {
|
constructor({key, storage, cryptoDriver}) {
|
||||||
this._key = key;
|
this._key = key;
|
||||||
this._storage = storage;
|
this._storage = storage;
|
||||||
this._cryptoDriver = cryptoDriver;
|
this._cryptoDriver = cryptoDriver;
|
||||||
@ -36,13 +36,11 @@ export class SecretStorage {
|
|||||||
throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`);
|
throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`);
|
||||||
}
|
}
|
||||||
|
|
||||||
let json;
|
|
||||||
if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") {
|
if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") {
|
||||||
json = await this._decryptAESSecret(accountData.type, encryptedData);
|
return await this._decryptAESSecret(accountData.type, encryptedData);
|
||||||
} else {
|
} else {
|
||||||
throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`);
|
throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`);
|
||||||
}
|
}
|
||||||
return JSON.parse(json);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
async _decryptAESSecret(type, encryptedData) {
|
async _decryptAESSecret(type, encryptedData) {
|
||||||
|
@ -62,6 +62,9 @@ export async function readDefaultKeyDescription(storage) {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`);
|
const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`);
|
||||||
|
if (!keyAccountData) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
return new KeyDescription(id, keyAccountData);
|
return new KeyDescription(id, keyAccountData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -19,15 +19,26 @@ import {Key} from "./common.js";
|
|||||||
const DEFAULT_ITERATIONS = 500000;
|
const DEFAULT_ITERATIONS = 500000;
|
||||||
const DEFAULT_BITSIZE = 256;
|
const DEFAULT_BITSIZE = 256;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {KeyDescription} keyDescription
|
||||||
|
* @param {string} passphrase
|
||||||
|
* @param {CryptoDriver} cryptoDriver
|
||||||
|
* @return {Key}
|
||||||
|
*/
|
||||||
export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) {
|
export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) {
|
||||||
const {passphraseParams} = keyDescription;
|
const {passphraseParams} = keyDescription;
|
||||||
if (!passphraseParams) {
|
if (!passphraseParams) {
|
||||||
throw new Error("not a passphrase key");
|
throw new Error("not a passphrase key");
|
||||||
}
|
}
|
||||||
|
if (passphraseParams.algorithm !== "m.pbkdf2") {
|
||||||
|
throw new Error(`Unsupported passphrase algorithm: ${passphraseParams.algorithm}`);
|
||||||
|
}
|
||||||
|
// TODO: we should we move this to platform specific code
|
||||||
const textEncoder = new TextEncoder();
|
const textEncoder = new TextEncoder();
|
||||||
const keyBits = await cryptoDriver.derive.pbkdf2(
|
const keyBits = await cryptoDriver.derive.pbkdf2(
|
||||||
textEncoder.encode(passphrase),
|
textEncoder.encode(passphrase),
|
||||||
passphraseParams.iterations || DEFAULT_ITERATIONS,
|
passphraseParams.iterations || DEFAULT_ITERATIONS,
|
||||||
|
// salt is just a random string, not encoded in any way
|
||||||
textEncoder.encode(passphraseParams.salt),
|
textEncoder.encode(passphraseParams.salt),
|
||||||
"SHA-512",
|
"SHA-512",
|
||||||
passphraseParams.bits || DEFAULT_BITSIZE);
|
passphraseParams.bits || DEFAULT_BITSIZE);
|
||||||
|
@ -18,6 +18,12 @@ import {Key} from "./common.js";
|
|||||||
|
|
||||||
const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01];
|
const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01];
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {Olm} olm
|
||||||
|
* @param {KeyDescription} keyDescription
|
||||||
|
* @param {string} recoveryKey
|
||||||
|
* @return {Key}
|
||||||
|
*/
|
||||||
export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) {
|
export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) {
|
||||||
const result = base58.decode(recoveryKey.replace(/ /g, ''));
|
const result = base58.decode(recoveryKey.replace(/ /g, ''));
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user