passwd-sso-cli 0.4.17 → 0.4.19
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -206,6 +206,8 @@ async function forkDaemon(socketPath) {
|
|
|
206
206
|
}
|
|
207
207
|
// Send secret key bytes (not derived CryptoKey) — child will derive encryption key
|
|
208
208
|
const secretHex = hexEncode(secretBytes);
|
|
209
|
+
// Zero source bytes immediately — hex string is immutable in V8 but source array can be wiped
|
|
210
|
+
secretBytes.fill(0);
|
|
209
211
|
const userId = getUserId();
|
|
210
212
|
// Reconstruct args for child: remove --eval, add internal daemon flag.
|
|
211
213
|
// Preserve tsx loader flags (--require, --import) so .ts files work in child.
|
|
@@ -253,6 +255,8 @@ function runDaemonChild() {
|
|
|
253
255
|
const { hexDecode, deriveEncryptionKey } = await import("../lib/crypto.js");
|
|
254
256
|
const secretBytes = hexDecode(msg.secretHex);
|
|
255
257
|
const key = await deriveEncryptionKey(secretBytes);
|
|
258
|
+
// Zero secret bytes after key derivation — key material no longer needed in raw form
|
|
259
|
+
secretBytes.fill(0);
|
|
256
260
|
setEncryptionKey(key, msg.userId ?? undefined);
|
|
257
261
|
// Acknowledge to parent
|
|
258
262
|
process.send("ready");
|
package/dist/lib/crypto.js
CHANGED
|
@@ -55,6 +55,11 @@ export async function deriveEncryptionKey(secretKey) {
|
|
|
55
55
|
return crypto.subtle.deriveKey({
|
|
56
56
|
name: "HKDF",
|
|
57
57
|
hash: "SHA-256",
|
|
58
|
+
// Risk-accepted: zero salt. The IKM (secretKey) is a 256-bit random value
|
|
59
|
+
// wrapped by PBKDF2(600k iterations), providing full entropy. RFC 5869 §3.1
|
|
60
|
+
// notes that a zero salt defaults to HashLen zeros and is acceptable when
|
|
61
|
+
// the IKM is already uniformly random. Domain separation relies on the
|
|
62
|
+
// distinct `info` parameter (HKDF_ENC_INFO vs HKDF_AUTH_INFO).
|
|
58
63
|
salt: new ArrayBuffer(32),
|
|
59
64
|
info: textEncode(HKDF_ENC_INFO),
|
|
60
65
|
}, hkdfKey, { name: "AES-GCM", length: AES_KEY_LENGTH }, false, ["encrypt", "decrypt"]);
|
|
@@ -64,6 +69,7 @@ export async function deriveAuthKey(secretKey) {
|
|
|
64
69
|
return crypto.subtle.deriveKey({
|
|
65
70
|
name: "HKDF",
|
|
66
71
|
hash: "SHA-256",
|
|
72
|
+
// See deriveEncryptionKey for zero-salt risk acceptance rationale
|
|
67
73
|
salt: new ArrayBuffer(32),
|
|
68
74
|
info: textEncode(HKDF_AUTH_INFO),
|
|
69
75
|
}, hkdfKey, { name: "HMAC", hash: "SHA-256", length: AES_KEY_LENGTH }, true, ["sign"]);
|