reduce diff

cryptomator · May 30, 2024 · c2fe768 · c2fe768
1 parent ea77daf
commit c2fe768
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 12 deletions.
diff --git a/frontend/src/common/vaultFormat8.ts b/frontend/src/common/vaultFormat8.ts
@@ -139,27 +139,27 @@ export class VaultFormat8 implements AccessTokenProducing, VaultTemplateProducin
     }
   }
 
-  public static async verifyAndRecover(vaultMetadataToken: string, recoveryKey: string) {
+  public static async recoverAndVerify(vaultMetadataToken: string, recoveryKey: string) {
     //basic validation
     const vaultMetadata = JWT.parse(vaultMetadataToken);
 
+    const vault = await this.recover(recoveryKey);
+
     const sigSeparatorIndex = vaultMetadataToken.lastIndexOf('.');
     const headerPlusPayload = vaultMetadataToken.slice(0,sigSeparatorIndex);
     const signature = vaultMetadataToken.slice(sigSeparatorIndex + 1,vaultMetadataToken.length);
-
     const message = new TextEncoder().encode(headerPlusPayload);
-    const key = await this.transcodeKey(recoveryKey);
     var digest = await crypto.subtle.sign(
       VaultFormat8.MASTERKEY_KEY_DESIGNATION,
-      key,
+      vault.masterKey,
       message
     );
     const base64urlDigest = base64url.stringify(new Uint8Array(digest), { pad: false });
     if (!(signature === base64urlDigest)) {
       throw new Error('Recovery key does not match vault file.');
     }
 
-    return new VaultFormat8(key);
+    return vault;
   }
 
   /**
@@ -169,10 +169,6 @@ export class VaultFormat8 implements AccessTokenProducing, VaultTemplateProducin
    * @throws Error, if passing a malformed recovery key
    */
   public static async recover(recoveryKey: string): Promise<VaultFormat8> {
-    return new VaultFormat8(await this.transcodeKey(recoveryKey));
-  }
-
-  public static async transcodeKey(recoveryKey: string): Promise<CryptoKey> {
     // decode and check recovery key:
     const decoded = wordEncoder.decode(recoveryKey);
     if (decoded.length !== 66) {
@@ -186,13 +182,14 @@ export class VaultFormat8 implements AccessTokenProducing, VaultTemplateProducin
     }
 
     // construct new VaultKeys from recovered key
-    return crypto.subtle.importKey(
+    const key = crypto.subtle.importKey(
       'raw',
       decodedKey,
       VaultFormat8.MASTERKEY_KEY_DESIGNATION,
       true,
       ['sign']
     );
+    return new VaultFormat8(await key);
   }
 
   /** @inheritdoc */

diff --git a/frontend/test/common/vaultFormat8.spec.ts b/frontend/test/common/vaultFormat8.spec.ts
@@ -95,7 +95,7 @@ describe('Vault Format 8', () => {
       `;
     const vaultMetadata = 'eyJraWQiOiJtYXN0ZXJrZXlmaWxlOm1hc3RlcmtleS5jcnlwdG9tYXRvciIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJmb3JtYXQiOjgsInNob3J0ZW5pbmdUaHJlc2hvbGQiOjIyMCwianRpIjoiZmI0N2IyMDYtM2FjMS00Y2RkLThkNTMtYWE0OWM4NjY4Nzk5IiwiY2lwaGVyQ29tYm8iOiJTSVZfQ1RSTUFDIn0.oSMdTtcC6LtoC37knQpNoPo3biUNFCRfxownXIFf_GM';
 
-    const recovered = await VaultFormat8.verifyAndRecover(vaultMetadata, recoveryKey);
+    const recovered = await VaultFormat8.recoverAndVerify(vaultMetadata, recoveryKey);
   });
 
   it('verifyAndRecover() fails for not-matching, but valid key-metadata-pair', async () => {
@@ -105,7 +105,7 @@ describe('Vault Format 8', () => {
       obesity site tactical root rumour theology glory consist comic terribly substance
       `;
     const vaultMetdataB = 'eyJraWQiOiJtYXN0ZXJrZXlmaWxlOm1hc3RlcmtleS5jcnlwdG9tYXRvciIsInR5cCI6IkpXVCIsImFsZyI6IkhTMjU2In0.eyJmb3JtYXQiOjgsInNob3J0ZW5pbmdUaHJlc2hvbGQiOjIyMCwianRpIjoiYzU2YmJlNTMtMTYxYS00YjRkLWEyYjktMzE0ODMxYzAxNWJjIiwiY2lwaGVyQ29tYm8iOiJTSVZfR0NNIn0.zPCDsnrBEOT1-X7MVmcMEuP2eqOiqS63V9oM_CcNppg';
-    const keyDoesNotCorrespondToSignature = VaultFormat8.verifyAndRecover(vaultMetdataB, recoveryKeyA);
+    const keyDoesNotCorrespondToSignature = VaultFormat8.recoverAndVerify(vaultMetdataB, recoveryKeyA);
 
     expect(keyDoesNotCorrespondToSignature).to.be.rejectedWith(Error, /Recovery key does not match vault file/);
   });