Merge branch 'master' into intermediate-key

2021-04-03 10:09:02 +05:30 · 2021-04-03 10:09:02 +05:30 · b632481317
parent cddff63a31 dc7da9119d
commit b632481317
3 changed files with 33 additions and 20 deletions
--- a/src/pages/generate/index.tsx
+++ b/src/pages/generate/index.tsx
@ -61,10 +61,19 @@ export default function Generate() {
                const cryptoWorker = await new CryptoWorker();
                const key: string = await cryptoWorker.generateMasterKey();
                const kekSalt: string = await cryptoWorker.generateSaltToDeriveKey();
-                const kek: KEK = await cryptoWorker.deriveSensitiveKey(
-                    passphrase,
-                    kekSalt
-                );
+                let kek: KEK;
+                try {
+                    kek = await cryptoWorker.deriveSensitiveKey(
+                        passphrase,
+                        kekSalt
+                    );
+                } catch (e) {
+                    setFieldError(
+                        'confirm',
+                        constants.PASSWORD_GENERATION_FAILED
+                    );
+                    return;
+                }
                const encryptedKeyAttributes: B64EncryptionResult = await cryptoWorker.encryptToB64(
                    key,
                    kek.key
@ -118,8 +127,9 @@ export default function Generate() {
                'passphrase',
                `${constants.UNKNOWN_ERROR} ${e.message}`
            );
+        } finally {
+            setLoading(false);
        }
-        setLoading(false);
    };

    return (
--- a/src/utils/crypto/libsodium.ts
+++ b/src/utils/crypto/libsodium.ts
@ -275,21 +275,23 @@ export async function deriveKey(

 export async function deriveSensitiveKey(passphrase: string, salt: string) {
    await sodium.ready;
-    const key = await toB64(
-        sodium.crypto_pwhash(
-            sodium.crypto_secretbox_KEYBYTES,
-            await fromString(passphrase),
-            await fromB64(salt),
-            sodium.crypto_pwhash_OPSLIMIT_SENSITIVE,
-            sodium.crypto_pwhash_MEMLIMIT_SENSITIVE,
-            sodium.crypto_pwhash_ALG_DEFAULT
-        )
-    );
-    return {
-        key: key,
-        opsLimit: sodium.crypto_pwhash_OPSLIMIT_SENSITIVE,
-        memLimit: sodium.crypto_pwhash_MEMLIMIT_SENSITIVE,
-    };
+    const minMemLimit = sodium.crypto_pwhash_MEMLIMIT_MIN;
+    let opsLimit = sodium.crypto_pwhash_OPSLIMIT_SENSITIVE;
+    let memLimit = sodium.crypto_pwhash_MEMLIMIT_SENSITIVE;
+    while (memLimit > minMemLimit) {
+        try {
+            const key = await deriveKey(passphrase, salt, opsLimit, memLimit);
+            return {
+                key,
+                opsLimit,
+                memLimit,
+            };
+        } catch (e) {
+            opsLimit = opsLimit * 2;
+            memLimit = memLimit / 2;
+        }
+    }
+    throw null;
 }

 export async function deriveIntermediateKey(passphrase: string, salt: string) {
--- a/src/utils/strings/englishConstants.tsx
+++ b/src/utils/strings/englishConstants.tsx
@ -156,6 +156,7 @@ const englishConstants = {
    SESSION_EXPIRED: 'login',
    SYNC_FAILED:
        'failed to sync with remote server, please refresh page to try again',
+    PASSWORD_GENERATION_FAILED: `your browser was unable to generate a strong enough password  that meets ente's encryption standards, please try using the mobile app or another browser`,
 };

 export default englishConstants;