From b7401a148c4dc817e8c10bdecdc42b87c770d86e Mon Sep 17 00:00:00 2001 From: Bruno Windels Date: Thu, 17 Sep 2020 12:33:57 +0200 Subject: [PATCH] some ssss cleanup --- src/matrix/e2ee/ssss/SecretStorage.js | 6 ++---- src/matrix/e2ee/ssss/common.js | 3 +++ src/matrix/e2ee/ssss/passphrase.js | 11 +++++++++++ src/matrix/e2ee/ssss/recoveryKey.js | 6 ++++++ 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/src/matrix/e2ee/ssss/SecretStorage.js b/src/matrix/e2ee/ssss/SecretStorage.js index 067ba310..572b06e9 100644 --- a/src/matrix/e2ee/ssss/SecretStorage.js +++ b/src/matrix/e2ee/ssss/SecretStorage.js @@ -17,7 +17,7 @@ limitations under the License. import {base64} from "../../../utils/base-encoding.js"; export class SecretStorage { - constructor(key, storage, cryptoDriver) { + constructor({key, storage, cryptoDriver}) { this._key = key; this._storage = storage; this._cryptoDriver = cryptoDriver; @@ -36,13 +36,11 @@ export class SecretStorage { throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`); } - let json; if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") { - json = await this._decryptAESSecret(accountData.type, encryptedData); + return await this._decryptAESSecret(accountData.type, encryptedData); } else { throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`); } - return JSON.parse(json); } async _decryptAESSecret(type, encryptedData) { diff --git a/src/matrix/e2ee/ssss/common.js b/src/matrix/e2ee/ssss/common.js index 6aab70d2..6c708fed 100644 --- a/src/matrix/e2ee/ssss/common.js +++ b/src/matrix/e2ee/ssss/common.js @@ -62,6 +62,9 @@ export async function readDefaultKeyDescription(storage) { return; } const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`); + if (!keyAccountData) { + return; + } return new KeyDescription(id, keyAccountData); } diff --git a/src/matrix/e2ee/ssss/passphrase.js b/src/matrix/e2ee/ssss/passphrase.js index 1577c167..1e3935a4 100644 --- a/src/matrix/e2ee/ssss/passphrase.js +++ b/src/matrix/e2ee/ssss/passphrase.js @@ -19,15 +19,26 @@ import {Key} from "./common.js"; const DEFAULT_ITERATIONS = 500000; const DEFAULT_BITSIZE = 256; +/** + * @param {KeyDescription} keyDescription + * @param {string} passphrase + * @param {CryptoDriver} cryptoDriver + * @return {Key} + */ export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) { const {passphraseParams} = keyDescription; if (!passphraseParams) { throw new Error("not a passphrase key"); } + if (passphraseParams.algorithm !== "m.pbkdf2") { + throw new Error(`Unsupported passphrase algorithm: ${passphraseParams.algorithm}`); + } + // TODO: we should we move this to platform specific code const textEncoder = new TextEncoder(); const keyBits = await cryptoDriver.derive.pbkdf2( textEncoder.encode(passphrase), passphraseParams.iterations || DEFAULT_ITERATIONS, + // salt is just a random string, not encoded in any way textEncoder.encode(passphraseParams.salt), "SHA-512", passphraseParams.bits || DEFAULT_BITSIZE); diff --git a/src/matrix/e2ee/ssss/recoveryKey.js b/src/matrix/e2ee/ssss/recoveryKey.js index 4cbe0f4b..002e294f 100644 --- a/src/matrix/e2ee/ssss/recoveryKey.js +++ b/src/matrix/e2ee/ssss/recoveryKey.js @@ -18,6 +18,12 @@ import {Key} from "./common.js"; const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01]; +/** + * @param {Olm} olm + * @param {KeyDescription} keyDescription + * @param {string} recoveryKey + * @return {Key} + */ export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) { const result = base58.decode(recoveryKey.replace(/ /g, ''));