store the iv directly

magiclabs · Dec 6, 2023 · 3bb68d2 · 3bb68d2
1 parent 02ff552
commit 3bb68d2
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 13 deletions.
diff --git a/packages/@magic-sdk/provider/src/util/device-share-web-crypto.ts b/packages/@magic-sdk/provider/src/util/device-share-web-crypto.ts
@@ -47,9 +47,9 @@ async function getOrCreateInitVector() {
     return undefined;
   }
   const { crypto } = window;
-  const existingIvString = (await getItem(INITIALIZATION_VECTOR_KEY)) as string;
-  if (existingIvString) {
-    return new Uint8Array(JSON.parse(existingIvString));
+  const existingIv = (await getItem(INITIALIZATION_VECTOR_KEY)) as Uint8Array;
+  if (existingIv) {
+    return existingIv;
   }
 
   const iv = crypto.getRandomValues(new Uint8Array(12)); // 12 bytes for AES-GCM
@@ -106,14 +106,9 @@ export async function encryptAndPersistDeviceShare(deviceShareBase64: string, ne
 
 export async function getDecryptedDeviceShare(networkHash: string): Promise<string | undefined> {
   const encryptedDeviceShare = await getItem<string>(`${DEVICE_SHARE_KEY}_${networkHash}`);
-  const ivString = (await getItem(INITIALIZATION_VECTOR_KEY)) as string; // use existing encryption key and initialization vector
+  const iv = (await getItem(INITIALIZATION_VECTOR_KEY)) as Uint8Array; // use existing encryption key and initialization vector
   const encryptionKey = (await getItem(ENCRYPTION_KEY_KEY)) as CryptoKey;
 
-  if (!ivString) {
-    return undefined;
-  }
-  const iv = new Uint8Array(JSON.parse(ivString));
-
   if (!iv || !encryptedDeviceShare || !encryptionKey || !isWebCryptoSupported()) {
     return undefined;
   }

diff --git a/packages/@magic-sdk/provider/test/spec/util/device-share-web-crypto.spec.ts b/packages/@magic-sdk/provider/test/spec/util/device-share-web-crypto.spec.ts
@@ -18,7 +18,7 @@ const FAKE_ENCRYPTED_DEVICE_SHARE = 'FakeEncryptedDeviceShare';
 const FAKE_DECRYPTED_DEVICE_SHARE = 'FakeDecryptedDeviceShare';
 
 const FAKE_ENCRYPTION_KEY = 'fake encryption key';
-const FAKE_IV_STRING = '[24,252,88,58,36,159,217,125,152,115,39,254]';
+const FAKE_IV = new Uint8Array(JSON.parse('[24,252,88,58,36,159,217,125,152,115,39,254]'));
 
 beforeAll(() => {
   jest.spyOn(storage, 'getItem').mockImplementation(async (key: string) => FAKE_STORE[key]);
@@ -72,7 +72,7 @@ test('encryptAndPersistDeviceShare should persist encrypted device share when st
     encrypt: (input) => Promise.resolve(base64ToArrayBuffer(FAKE_ENCRYPTED_DEVICE_SHARE)),
   };
 
-  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV_STRING;
+  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV;
   FAKE_STORE[ENCRYPTION_KEY_KEY] = FAKE_ENCRYPTION_KEY;
 
   await encryptAndPersistDeviceShare(FAKE_PLAINTEXT_SHARE, FAKE_NETWORK_HASH);
@@ -97,7 +97,7 @@ test('getDecryptedDeviceShare should return undefined if store has existing iv a
   };
 
   FAKE_STORE[`${DEVICE_SHARE_KEY}_${FAKE_NETWORK_HASH}`] = null;
-  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV_STRING;
+  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV;
   FAKE_STORE[ENCRYPTION_KEY_KEY] = FAKE_ENCRYPTION_KEY;
 
   const res = await getDecryptedDeviceShare(FAKE_NETWORK_HASH);
@@ -111,7 +111,7 @@ test('getDecryptedDeviceShare returns decrypted device share if iv encryption ke
   };
 
   FAKE_STORE[`${DEVICE_SHARE_KEY}_${FAKE_NETWORK_HASH}`] = FAKE_ENCRYPTED_DEVICE_SHARE;
-  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV_STRING;
+  FAKE_STORE[INITIALIZATION_VECTOR_KEY] = FAKE_IV;
   FAKE_STORE[ENCRYPTION_KEY_KEY] = FAKE_ENCRYPTION_KEY;
 
   const res = await getDecryptedDeviceShare(FAKE_NETWORK_HASH);