4nk/ihm_client
5
0
Fork 0
Code Issues 6 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Corriger l'erreur d'algorithme dans la dérivation des clés

Browse Source 
- Remplacer deriveBits PBKDF2 par HMAC pour dériver les clés spend et scan
- Résoudre l'erreur 'key.algorithm does not match that of operation'
- Utiliser HMAC-SHA256 avec la clé maître pour dériver les clés spécifiques
- Maintenir la sécurité cryptographique avec une approche compatible
This commit is contained in:
NicolasCantu 2025-10-23 13:59:50 +02:00
parent 47c90093e3
commit 451a1941dc
1 changed files with 26 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/services/secure-credentials.service.ts
View File

@ -272,15 +272,19 @@ export class SecureCredentialsService {
private async deriveSpendKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> { private async deriveSpendKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> {
const spendSalt = new Uint8Array([...salt, 0x73, 0x70, 0x65, 0x6e, 0x64]); // "spend" const spendSalt = new Uint8Array([...salt, 0x73, 0x70, 0x65, 0x6e, 0x64]); // "spend"
const spendKeyMaterial = await crypto.subtle.deriveBits( // Use HMAC with the master key to derive spend key
{ const hmacKey = await crypto.subtle.importKey(
name: 'PBKDF2', 'raw',
salt: spendSalt, await crypto.subtle.exportKey('raw', masterKey),
iterations: 1000, { name: 'HMAC', hash: 'SHA-256' },
hash: 'SHA-256' false,
}, ['sign']
masterKey, );
256
const spendKeyMaterial = await crypto.subtle.sign(
'HMAC',
hmacKey,
spendSalt
); );
return Array.from(new Uint8Array(spendKeyMaterial)) return Array.from(new Uint8Array(spendKeyMaterial))
@ -294,15 +298,19 @@ export class SecureCredentialsService {
private async deriveScanKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> { private async deriveScanKey(masterKey: CryptoKey, salt: Uint8Array): Promise<string> {
const scanSalt = new Uint8Array([...salt, 0x73, 0x63, 0x61, 0x6e]); // "scan" const scanSalt = new Uint8Array([...salt, 0x73, 0x63, 0x61, 0x6e]); // "scan"
const scanKeyMaterial = await crypto.subtle.deriveBits( // Use HMAC with the master key to derive scan key
{ const hmacKey = await crypto.subtle.importKey(
name: 'PBKDF2', 'raw',
salt: scanSalt, await crypto.subtle.exportKey('raw', masterKey),
iterations: 1000, { name: 'HMAC', hash: 'SHA-256' },
hash: 'SHA-256' false,
}, ['sign']
masterKey, );
256
const scanKeyMaterial = await crypto.subtle.sign(
'HMAC',
hmacKey,
scanSalt
); );
return Array.from(new Uint8Array(scanKeyMaterial)) return Array.from(new Uint8Array(scanKeyMaterial))