Add more helpers for managing secrets.

docs/demo/crypto.md

@@ -38,8 +38,8 @@
 </style>
 
 <script type="module">
-import {dec, domLoaded, enc, fromBase64, text, toBase64} from '../_static/tdoc/core.js';
-import {decrypt, deriveKey, encrypt, random} from '../_static/tdoc/crypto.js';
+import {domLoaded, text, toBase64} from '../_static/tdoc/core.js';
+import {decryptSecret, deriveKey, encryptSecret, random} from '../_static/tdoc/crypto.js';
 
 let keyCache = {};
 
@@ -55,25 +55,18 @@ const encIv = document.querySelector('#encrypt .iv pre');
 const encOutput = document.querySelector('#encrypt .output pre');
 
 async function encryptInput(key, plain) {
-    const {data, iv} = await encrypt(key, enc.encode(plain));
-    const iv64 = await toBase64(iv);
-    encIv.replaceChildren(text(iv64));
-    const data64 = await toBase64(data);
-    encOutput.replaceChildren(text(data64));
-    return {iv64, data64};
+    const msg = await encryptSecret(key, plain);
+    encIv.replaceChildren(text(msg.iv));
+    encOutput.replaceChildren(text(msg.data));
+    return msg;
 }
 
 const decOutput = document.querySelector('#decrypt .output pre');
 
-async function decryptInput(key, iv64, data64) {
+async function decryptInput(key, iv, data) {
     try {
-        const data = await decrypt(key, await fromBase64(iv64),
-                                   await fromBase64(data64));
-        if (data.byteLength > 0) {
-            decOutput.replaceChildren(text(dec.decode(data)));
-        } else {
-            decOutput.replaceChildren(text(" "));
-        }
+        const plain = await decryptSecret(key, {iv, data});
+        decOutput.replaceChildren(text(plain !== '' ? plain : " "));
         decOutput.classList.remove('error');
     } catch (e) {
         decOutput.replaceChildren(text(`Decryption failed: ${e.toString()}`));
@@ -105,10 +98,10 @@ async function run() {
             const key = await getKey(pwdValue, saltValue);
             if (enc) {
                 encPending = false;
-                const {iv64, data64} = await encryptInput(key, encInputValue);
-                decIvValue = decIv.value = iv64;
+                const {iv, data} = await encryptInput(key, encInputValue);
+                decIvValue = decIv.value = iv;
                 decInputValue = decInput.value =
-                    decInput.parentNode.dataset.text = data64;
+                    decInput.parentNode.dataset.text = data;
             }
             if (enc || dec) {
                 decPending = false;

tdoc/common/scripts/tdoc-worker.js

@@ -39,7 +39,7 @@ addEventListener('fetch', (e) => {
             headers.set('Cross-Origin-Embedder-Policy', 'require-corp');
             headers.set('Cross-Origin-Opener-Policy', 'same-origin');
             headers.set('Cross-Origin-Resource-Policy', 'cross-origin');
-            return new Response(resp.body, {status, statusText, headers});
+            return new Response(body, {status, statusText, headers});
         })());
         break;
     case 'sabayon':

tdoc/common/static/tdoc/core.js

@@ -61,6 +61,6 @@ export async function fromBase64(data) {
         const res = await fetch(`data:application/octet-stream;base64,${data}`);
         return new Uint8Array(await res.arrayBuffer());
     } catch (e) {
-        throw Error("Invalid base64 input");
+        throw new Error("Invalid base64 input");
     }
 }

tdoc/common/static/tdoc/crypto.js

@@ -1,7 +1,7 @@
 // Copyright 2024 Remy Blank <remy@c-space.org>
 // SPDX-License-Identifier: MIT
 
-import {enc} from './core.js';
+import {dec, enc, fromBase64, toBase64} from './core.js';
 
 // Return an Uint8Array of the given size, filled with random data.
 export function random(size) {
@@ -30,3 +30,24 @@ export async function encrypt(key, data) {
 export async function decrypt(key, iv, data) {
     return await crypto.subtle.decrypt({name: 'AES-GCM', iv}, key, data);
 }
+
+// Return the decryption key for the password contained in the given query
+// parameter and the given salt.
+export async function pageKey(name, salt) {
+    const params = new URLSearchParams(document.location.search);
+    const value = params.get(name);
+    if (value === null) throw new Error(`Missing page key: ${name}`);
+    return await deriveKey(value, salt);
+}
+
+// Encrypt a string secret.
+export async function encryptSecret(key, secret) {
+    const {data, iv} = await encrypt(key, enc.encode(secret));
+    return {data: await toBase64(data), iv: await toBase64(iv)};
+}
+
+// Decrypt a string secret.
+export async function decryptSecret(key, msg) {
+    return dec.decode(await decrypt(key, await fromBase64(msg.iv),
+                                    await fromBase64(msg.data)));
+}

tdoc/common/static/tdoc/exec.js

@@ -166,10 +166,10 @@ export class Executor {
     }
 
     // Run the code in the {exec} block.
-    async run(run_id) { throw Error("not implemented"); }
+    async run(run_id) { throw new Error("not implemented"); }
 
     // Stop the running code.
-    async stop(run_id) { throw Error("not implemented"); }
+    async stop(run_id) { throw new Error("not implemented"); }
 
     // Run the code in the {exec} block.
     async doRun() {