Skip to content
This repository has been archived by the owner on Jul 21, 2023. It is now read-only.

Commit

Permalink
fix: Remove unreliable webkit-linux useragent check (#319)
Browse files Browse the repository at this point in the history
Closes #318
  • Loading branch information
MarcoPolo authored May 5, 2023
1 parent 3f6506c commit 8f8df5c
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 9 deletions.
23 changes: 16 additions & 7 deletions src/ciphers/aes-gcm.browser.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,6 @@ import { fromString } from 'uint8arrays/from-string'
import webcrypto from '../webcrypto.js'
import type { CreateOptions, AESCipher } from './interface.js'

export function isWebkitLinux (): boolean {
return typeof navigator !== 'undefined' && navigator.userAgent.includes('Safari') && navigator.userAgent.includes('Linux') && !navigator.userAgent.includes('Chrome')
}

// WebKit on Linux does not support deriving a key from an empty PBKDF2 key.
// So, as a workaround, we provide the generated key as a constant. We test that
// this generated key is accurate in test/workaround.spec.ts
Expand Down Expand Up @@ -46,8 +42,15 @@ export function create (opts?: CreateOptions): AESCipher {
}

let cryptoKey: CryptoKey
if (password.length === 0 && isWebkitLinux()) {
if (password.length === 0) {
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt'])
try {
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
const runtimeDerivedEmptyPassword = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey'])
cryptoKey = await crypto.subtle.deriveKey(deriveParams, runtimeDerivedEmptyPassword, { name: algorithm, length: keyLength }, true, ['encrypt'])
} catch {
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt'])
}
} else {
// Derive a key using PBKDF2.
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
Expand Down Expand Up @@ -77,8 +80,14 @@ export function create (opts?: CreateOptions): AESCipher {
}

let cryptoKey: CryptoKey
if (password.length === 0 && isWebkitLinux()) {
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['decrypt'])
if (password.length === 0) {
try {
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
const runtimeDerivedEmptyPassword = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey'])
cryptoKey = await crypto.subtle.deriveKey(deriveParams, runtimeDerivedEmptyPassword, { name: algorithm, length: keyLength }, true, ['decrypt'])
} catch {
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['decrypt'])
}
} else {
// Derive the key using PBKDF2.
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
Expand Down
4 changes: 2 additions & 2 deletions test/workaround.spec.ts
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@

/* eslint-env mocha */
import { isWebkitLinux, derivedEmptyPasswordKey } from '../src/ciphers/aes-gcm.browser.js'
import { derivedEmptyPasswordKey } from '../src/ciphers/aes-gcm.browser.js'
import { expect } from 'aegir/chai'

describe('Constant derived key is generated correctly', () => {
it('Generates correctly', async () => {
if (isWebkitLinux() || typeof crypto === 'undefined') {
if ((typeof navigator !== 'undefined' && navigator.userAgent.includes('Safari')) || typeof crypto === 'undefined') {
// WebKit Linux can't generate this. Hence the workaround.
return
}
Expand Down

0 comments on commit 8f8df5c

Please sign in to comment.