Sterister
e6fdf31b49
Some checks failed
Test / test (push) Has been cancelled
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Docker build and publish / docker (push) Has been cancelled
Publish / publish (push) Has been cancelled
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
46 lines
1.9 KiB
TypeScript
46 lines
1.9 KiB
TypeScript
/**
|
|
* Encoding helpers shared by the setup, request, and guardian modules.
|
|
* Kept as a tiny standalone module so individual flows don't carry
|
|
* private base64 helpers; consistent encoding across send/receive
|
|
* sides.
|
|
*/
|
|
|
|
/** Base64url (no padding) — used for both `recoveryKey → passphrase` and arbitrary share bytes. */
|
|
export function bytesToBase64Url(bytes: Uint8Array): string {
|
|
let bin = '';
|
|
for (let i = 0; i < bytes.length; i++) bin += String.fromCharCode(bytes[i]!);
|
|
return btoa(bin).replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
|
|
}
|
|
|
|
export function base64UrlToBytes(s: string): Uint8Array {
|
|
const padded = s.replace(/-/g, '+').replace(/_/g, '/');
|
|
const padding = padded.length % 4 === 0 ? 0 : 4 - (padded.length % 4);
|
|
const bin = atob(padded + '='.repeat(padding));
|
|
const out = new Uint8Array(bin.length);
|
|
for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
|
|
return out;
|
|
}
|
|
|
|
/**
|
|
* Convert a `recoveryKey` (32 random bytes) to the passphrase that
|
|
* `Shade.exportBackup` / `Shade.importBackup` expect. We use base64url
|
|
* because:
|
|
* - it's a string, satisfying the export/import API,
|
|
* - 32 bytes encodes to 43 characters, comfortably above the 12-char
|
|
* minimum the exportBackup helper enforces,
|
|
* - the encoding is deterministic so split + reconstruct + decode
|
|
* yields the identical passphrase the original device used.
|
|
*
|
|
* The HKDF inside `exportBackup` is a deterministic KDF that's
|
|
* cryptographically appropriate for a 32-byte uniformly-random IKM
|
|
* (this is exactly the standard HKDF use case). The fact that the
|
|
* passphrase API was designed for human-typed passwords does not
|
|
* weaken the construction here.
|
|
*/
|
|
export function recoveryKeyToBackupPassphrase(key: Uint8Array): string {
|
|
if (key.length !== 32) {
|
|
throw new Error(`recoveryKey must be 32 bytes (got ${key.length})`);
|
|
}
|
|
return `shade-rk:${bytesToBase64Url(key)}`;
|
|
}
|