diff options
author | Florian Dold <florian@dold.me> | 2021-10-21 18:51:19 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-10-21 18:51:19 +0200 |
commit | 3740010117df56c0ab8cfa97c983d9cf0143daf1 (patch) | |
tree | e290a211f9e76af226e69a30012f3d2079b93829 /packages/anastasis-core/src/crypto.ts | |
parent | 0ee669f52341a8331394a1e9892264c0ef0bb7d7 (diff) | |
download | wallet-core-3740010117df56c0ab8cfa97c983d9cf0143daf1.tar.xz |
anastasis: make recovery work, at least for security questions
Diffstat (limited to 'packages/anastasis-core/src/crypto.ts')
-rw-r--r-- | packages/anastasis-core/src/crypto.ts | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/packages/anastasis-core/src/crypto.ts b/packages/anastasis-core/src/crypto.ts index 8df893f4b..da8338636 100644 --- a/packages/anastasis-core/src/crypto.ts +++ b/packages/anastasis-core/src/crypto.ts @@ -185,6 +185,7 @@ async function anastasisDecrypt( export const asOpaque = (x: string): OpaqueData => x; const asEncryptedKeyShare = (x: OpaqueData): EncryptedKeyShare => x as string; const asEncryptedTruth = (x: OpaqueData): EncryptedTruth => x as string; +const asKeyShare = (x: OpaqueData): KeyShare => x as string; export async function encryptKeyshare( keyShare: KeyShare, @@ -198,6 +199,17 @@ export async function encryptKeyshare( ); } +export async function decryptKeyShare( + encKeyShare: EncryptedKeyShare, + userId: UserIdentifier, + answerSalt?: string, +): Promise<KeyShare> { + const s = answerSalt ?? "eks"; + return asKeyShare( + await anastasisDecrypt(asOpaque(userId), asOpaque(encKeyShare), s), + ); +} + export async function encryptTruth( nonce: EncryptionNonce, truthEncKey: TruthKey, @@ -226,6 +238,20 @@ export interface CoreSecretEncResult { encMasterKeys: EncryptedMasterKey[]; } +export async function coreSecretRecover(args: { + encryptedMasterKey: OpaqueData; + policyKey: PolicyKey; + encryptedCoreSecret: OpaqueData; +}): Promise<OpaqueData> { + const masterKey = await anastasisDecrypt( + asOpaque(args.policyKey), + args.encryptedMasterKey, + "emk", + ); + console.log("recovered master key", masterKey); + return await anastasisDecrypt(masterKey, args.encryptedCoreSecret, "cse"); +} + export async function coreSecretEncrypt( policyKeys: PolicyKey[], coreSecret: OpaqueData, |