some ssss cleanup

This commit is contained in:
Bruno Windels 2020-09-17 12:33:57 +02:00
parent 8204e942d9
commit b7401a148c
4 changed files with 22 additions and 4 deletions

View File

@ -17,7 +17,7 @@ limitations under the License.
import {base64} from "../../../utils/base-encoding.js"; import {base64} from "../../../utils/base-encoding.js";
export class SecretStorage { export class SecretStorage {
constructor(key, storage, cryptoDriver) { constructor({key, storage, cryptoDriver}) {
this._key = key; this._key = key;
this._storage = storage; this._storage = storage;
this._cryptoDriver = cryptoDriver; this._cryptoDriver = cryptoDriver;
@ -36,13 +36,11 @@ export class SecretStorage {
throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`); throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`);
} }
let json;
if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") { if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") {
json = await this._decryptAESSecret(accountData.type, encryptedData); return await this._decryptAESSecret(accountData.type, encryptedData);
} else { } else {
throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`); throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`);
} }
return JSON.parse(json);
} }
async _decryptAESSecret(type, encryptedData) { async _decryptAESSecret(type, encryptedData) {

View File

@ -62,6 +62,9 @@ export async function readDefaultKeyDescription(storage) {
return; return;
} }
const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`); const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`);
if (!keyAccountData) {
return;
}
return new KeyDescription(id, keyAccountData); return new KeyDescription(id, keyAccountData);
} }

View File

@ -19,15 +19,26 @@ import {Key} from "./common.js";
const DEFAULT_ITERATIONS = 500000; const DEFAULT_ITERATIONS = 500000;
const DEFAULT_BITSIZE = 256; const DEFAULT_BITSIZE = 256;
/**
* @param {KeyDescription} keyDescription
* @param {string} passphrase
* @param {CryptoDriver} cryptoDriver
* @return {Key}
*/
export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) { export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) {
const {passphraseParams} = keyDescription; const {passphraseParams} = keyDescription;
if (!passphraseParams) { if (!passphraseParams) {
throw new Error("not a passphrase key"); throw new Error("not a passphrase key");
} }
if (passphraseParams.algorithm !== "m.pbkdf2") {
throw new Error(`Unsupported passphrase algorithm: ${passphraseParams.algorithm}`);
}
// TODO: we should we move this to platform specific code
const textEncoder = new TextEncoder(); const textEncoder = new TextEncoder();
const keyBits = await cryptoDriver.derive.pbkdf2( const keyBits = await cryptoDriver.derive.pbkdf2(
textEncoder.encode(passphrase), textEncoder.encode(passphrase),
passphraseParams.iterations || DEFAULT_ITERATIONS, passphraseParams.iterations || DEFAULT_ITERATIONS,
// salt is just a random string, not encoded in any way
textEncoder.encode(passphraseParams.salt), textEncoder.encode(passphraseParams.salt),
"SHA-512", "SHA-512",
passphraseParams.bits || DEFAULT_BITSIZE); passphraseParams.bits || DEFAULT_BITSIZE);

View File

@ -18,6 +18,12 @@ import {Key} from "./common.js";
const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01]; const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01];
/**
* @param {Olm} olm
* @param {KeyDescription} keyDescription
* @param {string} recoveryKey
* @return {Key}
*/
export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) { export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) {
const result = base58.decode(recoveryKey.replace(/ /g, '')); const result = base58.decode(recoveryKey.replace(/ /g, ''));