read and prune
This commit is contained in:
@@ -6,7 +6,7 @@ import {
|
||||
import type { KeyAttributes, User } from "ente-accounts/services/user";
|
||||
import { LoadingButton } from "ente-base/components/mui/LoadingButton";
|
||||
import { ShowHidePasswordInputAdornment } from "ente-base/components/mui/PasswordInputAdornment";
|
||||
import { sharedCryptoWorker } from "ente-base/crypto";
|
||||
import { decryptBox, deriveKey } from "ente-base/crypto";
|
||||
import log from "ente-base/log";
|
||||
import { useFormik } from "formik";
|
||||
import { t } from "i18next";
|
||||
@@ -118,11 +118,10 @@ export const VerifyMasterPasswordForm: React.FC<
|
||||
password: string,
|
||||
setFieldError: (message: string) => void,
|
||||
) => {
|
||||
const cryptoWorker = await sharedCryptoWorker();
|
||||
let kek: string;
|
||||
if (srpAttributes) {
|
||||
try {
|
||||
kek = await cryptoWorker.deriveKey(
|
||||
kek = await deriveKey(
|
||||
password,
|
||||
srpAttributes.kekSalt,
|
||||
srpAttributes.opsLimit,
|
||||
@@ -135,7 +134,7 @@ export const VerifyMasterPasswordForm: React.FC<
|
||||
}
|
||||
} else if (keyAttributes) {
|
||||
try {
|
||||
kek = await cryptoWorker.deriveKey(
|
||||
kek = await deriveKey(
|
||||
password,
|
||||
keyAttributes.kekSalt,
|
||||
keyAttributes.opsLimit,
|
||||
@@ -175,7 +174,7 @@ export const VerifyMasterPasswordForm: React.FC<
|
||||
|
||||
let key: string;
|
||||
try {
|
||||
key = await cryptoWorker.decryptBox(
|
||||
key = await decryptBox(
|
||||
{
|
||||
encryptedData: keyAttributes.encryptedKey,
|
||||
nonce: keyAttributes.keyDecryptionNonce,
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
import * as bip39 from "bip39";
|
||||
import { getData } from "ente-accounts/services/accounts-db";
|
||||
import type { KeyAttributes } from "ente-accounts/services/user";
|
||||
import { savedKeyAttributes } from "ente-accounts/services/accounts-db";
|
||||
import {
|
||||
decryptBox,
|
||||
encryptBox,
|
||||
fromHex,
|
||||
sharedCryptoWorker,
|
||||
generateKey,
|
||||
toHex,
|
||||
} from "ente-base/crypto";
|
||||
import { ensureMasterKeyFromSession } from "ente-base/session";
|
||||
import { saveKeyAttributes } from "./accounts-db";
|
||||
import { putUserRecoveryKeyAttributes } from "./user";
|
||||
import { putUserRecoveryKeyAttributes, type KeyAttributes } from "./user";
|
||||
|
||||
// Mobile client library only supports English.
|
||||
bip39.setDefaultWordlist("english");
|
||||
@@ -67,7 +67,7 @@ export const recoveryKeyToMnemonic = async (recoveryKey: string) =>
|
||||
export const getUserRecoveryKey = async () => {
|
||||
const masterKey = await ensureMasterKeyFromSession();
|
||||
|
||||
const keyAttributes: KeyAttributes = getData("keyAttributes");
|
||||
const keyAttributes = savedKeyAttributes()!;
|
||||
const { recoveryKeyEncryptedWithMasterKey, recoveryKeyDecryptionNonce } =
|
||||
keyAttributes;
|
||||
|
||||
@@ -80,7 +80,7 @@ export const getUserRecoveryKey = async () => {
|
||||
masterKey,
|
||||
);
|
||||
} else {
|
||||
return createNewRecoveryKey(masterKey);
|
||||
return createNewRecoveryKey(masterKey, keyAttributes);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -93,19 +93,13 @@ export const getUserRecoveryKey = async () => {
|
||||
*
|
||||
* @returns a new base64 encoded recovery key.
|
||||
*/
|
||||
const createNewRecoveryKey = async (masterKey: string) => {
|
||||
const existingAttributes = getData("keyAttributes");
|
||||
|
||||
const cryptoWorker = await sharedCryptoWorker();
|
||||
const recoveryKey = await cryptoWorker.generateKey();
|
||||
const encryptedMasterKey = await cryptoWorker.encryptBox(
|
||||
masterKey,
|
||||
recoveryKey,
|
||||
);
|
||||
const encryptedRecoveryKey = await cryptoWorker.encryptBox(
|
||||
recoveryKey,
|
||||
masterKey,
|
||||
);
|
||||
const createNewRecoveryKey = async (
|
||||
masterKey: string,
|
||||
existingKeyAttributes: KeyAttributes,
|
||||
) => {
|
||||
const recoveryKey = await generateKey();
|
||||
const encryptedMasterKey = await encryptBox(masterKey, recoveryKey);
|
||||
const encryptedRecoveryKey = await encryptBox(recoveryKey, masterKey);
|
||||
|
||||
const recoveryKeyAttributes = {
|
||||
masterKeyEncryptedWithRecoveryKey: encryptedMasterKey.encryptedData,
|
||||
@@ -116,7 +110,7 @@ const createNewRecoveryKey = async (masterKey: string) => {
|
||||
|
||||
await putUserRecoveryKeyAttributes(recoveryKeyAttributes);
|
||||
|
||||
saveKeyAttributes({ ...existingAttributes, ...recoveryKeyAttributes });
|
||||
saveKeyAttributes({ ...existingKeyAttributes, ...recoveryKeyAttributes });
|
||||
|
||||
return recoveryKey;
|
||||
};
|
||||
|
||||
@@ -109,14 +109,17 @@ import type { CryptoWorker } from "./worker";
|
||||
let _comlinkWorker: ComlinkWorker<typeof CryptoWorker> | undefined;
|
||||
|
||||
/**
|
||||
* Lazily created, cached, instance of a CryptoWorker web worker.
|
||||
* Lazily created, cached, instance of a "shared" CryptoWorker web worker.
|
||||
*
|
||||
* Some code which needs to do operations in parallel (e.g. during the upload
|
||||
* flow) creates its own CryptoWorker web workers. But those are exceptions; the
|
||||
* rest of the code normally calls the functions in this file, and they all
|
||||
* implicitly use a default "shared" web worker (unless we're already running in
|
||||
* the context of a web worker).
|
||||
*/
|
||||
export const sharedCryptoWorker = () =>
|
||||
const sharedWorker = () =>
|
||||
(_comlinkWorker ??= createComlinkCryptoWorker()).remote;
|
||||
|
||||
/** A shorter alias of {@link sharedCryptoWorker} for use within this file. */
|
||||
const sharedWorker = sharedCryptoWorker;
|
||||
|
||||
/**
|
||||
* Create a new instance of a comlink worker that wraps a {@link CryptoWorker}
|
||||
* web worker.
|
||||
|
||||
Reference in New Issue
Block a user