diff --git a/crates/relicario-core/src/recovery_qr.rs b/crates/relicario-core/src/recovery_qr.rs index 15becad..1b5bdbc 100644 --- a/crates/relicario-core/src/recovery_qr.rs +++ b/crates/relicario-core/src/recovery_qr.rs @@ -104,7 +104,7 @@ pub fn unwrap_recovery_qr_with_params( format!("unsupported version 0x{:02x}", payload_bytes[4]) )); } - let kdf_salt: &[u8; 32] = payload_bytes[5..37].try_into().unwrap(); + let kdf_salt: &[u8; 32] = payload_bytes[5..37].try_into().expect("slice length validated above"); let wrap_nonce = &payload_bytes[37..61]; let ciphertext = &payload_bytes[61..109]; @@ -122,7 +122,7 @@ pub fn unwrap_recovery_qr_with_params( pub fn recovery_qr_to_svg(payload: &RecoveryQrPayload) -> String { use qrcode::{QrCode, EcLevel}; let code = QrCode::with_error_correction_level(payload.bytes.as_ref(), EcLevel::M) - .expect("109-byte payload always fits QR version 6"); + .expect("109 bytes fits well within QR v40 capacity at EcLevel::M"); code.render::() .min_dimensions(140, 140) .build() diff --git a/crates/relicario-wasm/src/lib.rs b/crates/relicario-wasm/src/lib.rs index c23c1fa..5ddb7be 100644 --- a/crates/relicario-wasm/src/lib.rs +++ b/crates/relicario-wasm/src/lib.rs @@ -498,11 +498,8 @@ pub fn wasm_generate_recovery_qr( handle: &SessionHandle, passphrase: &str, ) -> Result { - let image_secret_bytes = session::with_image_secret(handle.0, |s| s.to_vec()) - .ok_or_else(|| JsError::new("invalid or locked session handle"))?; - let image_secret: &[u8; 32] = image_secret_bytes.as_slice().try_into() - .map_err(|_| JsError::new("image_secret must be 32 bytes"))?; - let payload = generate_recovery_qr(passphrase, image_secret) + let payload = session::with_image_secret(handle.0, |s| generate_recovery_qr(passphrase, s)) + .ok_or_else(|| JsError::new("invalid or locked session handle"))? .map_err(|e| JsError::new(&e.to_string()))?; Ok(recovery_qr_to_svg(&payload)) }