Merge branch 'master' into intermediate-key
This commit is contained in:
commit
b632481317
|
@ -61,10 +61,19 @@ export default function Generate() {
|
|||
const cryptoWorker = await new CryptoWorker();
|
||||
const key: string = await cryptoWorker.generateMasterKey();
|
||||
const kekSalt: string = await cryptoWorker.generateSaltToDeriveKey();
|
||||
const kek: KEK = await cryptoWorker.deriveSensitiveKey(
|
||||
passphrase,
|
||||
kekSalt
|
||||
);
|
||||
let kek: KEK;
|
||||
try {
|
||||
kek = await cryptoWorker.deriveSensitiveKey(
|
||||
passphrase,
|
||||
kekSalt
|
||||
);
|
||||
} catch (e) {
|
||||
setFieldError(
|
||||
'confirm',
|
||||
constants.PASSWORD_GENERATION_FAILED
|
||||
);
|
||||
return;
|
||||
}
|
||||
const encryptedKeyAttributes: B64EncryptionResult = await cryptoWorker.encryptToB64(
|
||||
key,
|
||||
kek.key
|
||||
|
@ -118,8 +127,9 @@ export default function Generate() {
|
|||
'passphrase',
|
||||
`${constants.UNKNOWN_ERROR} ${e.message}`
|
||||
);
|
||||
} finally {
|
||||
setLoading(false);
|
||||
}
|
||||
setLoading(false);
|
||||
};
|
||||
|
||||
return (
|
||||
|
|
|
@ -275,21 +275,23 @@ export async function deriveKey(
|
|||
|
||||
export async function deriveSensitiveKey(passphrase: string, salt: string) {
|
||||
await sodium.ready;
|
||||
const key = await toB64(
|
||||
sodium.crypto_pwhash(
|
||||
sodium.crypto_secretbox_KEYBYTES,
|
||||
await fromString(passphrase),
|
||||
await fromB64(salt),
|
||||
sodium.crypto_pwhash_OPSLIMIT_SENSITIVE,
|
||||
sodium.crypto_pwhash_MEMLIMIT_SENSITIVE,
|
||||
sodium.crypto_pwhash_ALG_DEFAULT
|
||||
)
|
||||
);
|
||||
return {
|
||||
key: key,
|
||||
opsLimit: sodium.crypto_pwhash_OPSLIMIT_SENSITIVE,
|
||||
memLimit: sodium.crypto_pwhash_MEMLIMIT_SENSITIVE,
|
||||
};
|
||||
const minMemLimit = sodium.crypto_pwhash_MEMLIMIT_MIN;
|
||||
let opsLimit = sodium.crypto_pwhash_OPSLIMIT_SENSITIVE;
|
||||
let memLimit = sodium.crypto_pwhash_MEMLIMIT_SENSITIVE;
|
||||
while (memLimit > minMemLimit) {
|
||||
try {
|
||||
const key = await deriveKey(passphrase, salt, opsLimit, memLimit);
|
||||
return {
|
||||
key,
|
||||
opsLimit,
|
||||
memLimit,
|
||||
};
|
||||
} catch (e) {
|
||||
opsLimit = opsLimit * 2;
|
||||
memLimit = memLimit / 2;
|
||||
}
|
||||
}
|
||||
throw null;
|
||||
}
|
||||
|
||||
export async function deriveIntermediateKey(passphrase: string, salt: string) {
|
||||
|
|
|
@ -156,6 +156,7 @@ const englishConstants = {
|
|||
SESSION_EXPIRED: 'login',
|
||||
SYNC_FAILED:
|
||||
'failed to sync with remote server, please refresh page to try again',
|
||||
PASSWORD_GENERATION_FAILED: `your browser was unable to generate a strong enough password that meets ente's encryption standards, please try using the mobile app or another browser`,
|
||||
};
|
||||
|
||||
export default englishConstants;
|
||||
|
|
Loading…
Reference in a new issue