Restrict secret keys to 128 or 256 bits

This commit is contained in:
Rodolphe Bréard 2023-08-25 10:11:50 +02:00
parent faa8056d2d
commit 72bc29ba66
4 changed files with 11 additions and 0 deletions

View file

@ -12,6 +12,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Changed
- Secret keys are now restricted to 128 bits (16 bytes) or 256 bits (32 bytes)
## [0.2.0] - 2023-08-11
### Added

View file

@ -35,6 +35,7 @@
"cancel": "@:invariants.controls.cancel",
"error": {
"invalidBase64": "The key must be a valid base64 string.",
"invalidKeyLength": "The key's length must be either 128 bits (16 bytes) or 256 bits (32 bytes).",
"invalidSeparator": "The separator must be a single character.",
"cameraNotAllowed": "Camera access permission was not granted.",
"cameraNotFound": "No camera detected.",

View file

@ -35,6 +35,7 @@
"cancel": "@:invariants.controls.cancel",
"error": {
"invalidBase64": "La clé doit être une chaîne de caractère en base64.",
"invalidKeyLength": "La longueur de la clé doit être de 128 bits (16 bytes) ou de 256 bits (32 bytes).",
"invalidSeparator": "La séparateur doit être un unique caractère.",
"cameraNotAllowed": "L'accès à la caméra n'a pas été autorisé.",
"cameraNotFound": "Aucune caméra détectée.",

View file

@ -15,6 +15,7 @@ const separator = ref('+');
const domainName = ref('');
const privateKey = ref('');
const errorMessageId = ref('');
const authorizedKeyLengths = [16, 32];
const base64Decode = (str_b64) => {
try {
@ -47,6 +48,9 @@ const addAccount = () => {
throw new Error('addAccount.error.invalidSeparator');
}
const key = base64Decode(privateKey.value);
if (!authorizedKeyLengths.includes(key.length)) {
throw new Error('addAccount.error.invalidKeyLength');
}
const hash = sha256(`${localPart.value}@${domainName.value}`);
const newAccount = {
id: base32Encode(hash, 'RFC4648', { padding: false }).toLowerCase(),