diff options
| author | metamuffin <metamuffin@disroot.org> | 2023-10-29 16:52:30 +0100 |
|---|---|---|
| committer | metamuffin <metamuffin@disroot.org> | 2023-10-29 16:52:30 +0100 |
| commit | e28eedd42b9d289238d87b0858a6cfa879fc772e (patch) | |
| tree | d46cc40f63331fae926b3821b5b5ba1934708a3d /client-web/source | |
| parent | 695e497e86d47b14622299d5f2d47d14e0118d4f (diff) | |
| download | keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.bz2 keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.zst | |
use pbkdf2 for room hash roo0.2.3
Diffstat (limited to 'client-web/source')
| -rw-r--r-- | client-web/source/index.ts | 2 | ||||
| -rw-r--r-- | client-web/source/protocol/crypto.ts | 26 |
2 files changed, 20 insertions, 8 deletions
diff --git a/client-web/source/index.ts b/client-web/source/index.ts index 594fabb..65b734c 100644 --- a/client-web/source/index.ts +++ b/client-web/source/index.ts @@ -14,7 +14,7 @@ import { SignalingConnection } from "./protocol/mod.ts"; import { Room } from "./room.ts" import { control_bar, info_br } from "./menu.ts"; -export const VERSION = "0.2.2" +export const VERSION = "0.2.3" export interface ClientConfig { appearance?: { diff --git a/client-web/source/protocol/crypto.ts b/client-web/source/protocol/crypto.ts index c541188..784bd49 100644 --- a/client-web/source/protocol/crypto.ts +++ b/client-web/source/protocol/crypto.ts @@ -9,8 +9,11 @@ import { log } from "../logger.ts"; const IV_LENGTH = 12 +const CRYPTO_SALT = base64_to_buf("keksmeet/cryptosaltAAA==") +const HASH_SALT = base64_to_buf("keksmeet/roomhashsaltA==") + export async function crypto_seeded_key(seed: string): Promise<CryptoKey> { - log("crypto", "importing seed…") + log("crypto", "deriving crytographic key...") const seed_key = await window.crypto.subtle.importKey( "raw", new TextEncoder().encode(seed), @@ -18,10 +21,8 @@ export async function crypto_seeded_key(seed: string): Promise<CryptoKey> { false, ["deriveKey"] ) - const salt = base64_to_buf("thisisagoodsaltAAAAAAA==") // valid "unique" 16-byte base-64 string - log("crypto", "deriving key…") const key = await window.crypto.subtle.deriveKey( - { name: "PBKDF2", salt, iterations: 250000, hash: "SHA-256" }, + { name: "PBKDF2", salt: CRYPTO_SALT, iterations: 250000, hash: "SHA-512" }, seed_key, { name: "AES-GCM", length: 256 }, false, @@ -32,9 +33,20 @@ export async function crypto_seeded_key(seed: string): Promise<CryptoKey> { } export async function crypto_hash(input: string): Promise<string> { - const buf = new TextEncoder().encode("also-a-very-good-salt" + input) - const h = await window.crypto.subtle.digest({ name: "SHA-512" }, buf) - const hex = buf_to_hex(new Uint8Array(h)) + log("crypto", "deriving room hash...") + const seed_key = await window.crypto.subtle.importKey( + "raw", + new TextEncoder().encode(input), + "PBKDF2", + false, + ["deriveBits"] + ) + const key = await window.crypto.subtle.deriveBits( + { name: "PBKDF2", salt: HASH_SALT, iterations: 250000, hash: "SHA-512" }, + seed_key, + 512 + ) + const hex = buf_to_hex(new Uint8Array(key.slice(0, 256 / 8))) return hex } |