forked from mystiq/hydrogen-web
some ssss cleanup
This commit is contained in:
Bruno Windels
parent
8204e942d9
commit
b7401a148c
4 changed files with 22 additions and 4 deletions
|
|
@ -17,7 +17,7 @@ limitations under the License.
|
|||
import {base64} from "../../../utils/base-encoding.js";
|
||||
|
||||
export class SecretStorage {
|
||||
constructor(key, storage, cryptoDriver) {
|
||||
constructor({key, storage, cryptoDriver}) {
|
||||
this._key = key;
|
||||
this._storage = storage;
|
||||
this._cryptoDriver = cryptoDriver;
|
||||
|
|
@ -36,13 +36,11 @@ export class SecretStorage {
|
|||
throw new Error(`Secret ${accountData.type} is not encrypted for key ${this._key.id}`);
|
||||
}
|
||||
|
||||
let json;
|
||||
if (this._key.algorithm === "m.secret_storage.v1.aes-hmac-sha2") {
|
||||
json = await this._decryptAESSecret(accountData.type, encryptedData);
|
||||
return await this._decryptAESSecret(accountData.type, encryptedData);
|
||||
} else {
|
||||
throw new Error(`Unsupported algorithm for key ${this._key.id}: ${this._key.algorithm}`);
|
||||
}
|
||||
return JSON.parse(json);
|
||||
}
|
||||
|
||||
async _decryptAESSecret(type, encryptedData) {
|
||||
|
|
|
|||
|
|
@ -62,6 +62,9 @@ export async function readDefaultKeyDescription(storage) {
|
|||
return;
|
||||
}
|
||||
const keyAccountData = await txn.accountData.get(`m.secret_storage.key.${id}`);
|
||||
if (!keyAccountData) {
|
||||
return;
|
||||
}
|
||||
return new KeyDescription(id, keyAccountData);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,15 +19,26 @@ import {Key} from "./common.js";
|
|||
const DEFAULT_ITERATIONS = 500000;
|
||||
const DEFAULT_BITSIZE = 256;
|
||||
|
||||
/**
|
||||
* @param {KeyDescription} keyDescription
|
||||
* @param {string} passphrase
|
||||
* @param {CryptoDriver} cryptoDriver
|
||||
* @return {Key}
|
||||
*/
|
||||
export async function keyFromPassphrase(keyDescription, passphrase, cryptoDriver) {
|
||||
const {passphraseParams} = keyDescription;
|
||||
if (!passphraseParams) {
|
||||
throw new Error("not a passphrase key");
|
||||
}
|
||||
if (passphraseParams.algorithm !== "m.pbkdf2") {
|
||||
throw new Error(`Unsupported passphrase algorithm: ${passphraseParams.algorithm}`);
|
||||
}
|
||||
// TODO: we should we move this to platform specific code
|
||||
const textEncoder = new TextEncoder();
|
||||
const keyBits = await cryptoDriver.derive.pbkdf2(
|
||||
textEncoder.encode(passphrase),
|
||||
passphraseParams.iterations || DEFAULT_ITERATIONS,
|
||||
// salt is just a random string, not encoded in any way
|
||||
textEncoder.encode(passphraseParams.salt),
|
||||
"SHA-512",
|
||||
passphraseParams.bits || DEFAULT_BITSIZE);
|
||||
|
|
|
|||
|
|
@ -18,6 +18,12 @@ import {Key} from "./common.js";
|
|||
|
||||
const OLM_RECOVERY_KEY_PREFIX = [0x8B, 0x01];
|
||||
|
||||
/**
|
||||
* @param {Olm} olm
|
||||
* @param {KeyDescription} keyDescription
|
||||
* @param {string} recoveryKey
|
||||
* @return {Key}
|
||||
*/
|
||||
export function keyFromRecoveryKey(olm, keyDescription, recoveryKey) {
|
||||
const result = base58.decode(recoveryKey.replace(/ /g, ''));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue