alee/relicario
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

fix(core,wasm): correct QR version comment, expect msg, zeroize image_secret in closure

Browse Source
This commit is contained in:
adlee-was-taken
2026-05-03 21:09:02 -04:00
parent 4851857070
commit f17944a404
2 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
crates/relicario-core/src/recovery_qr.rs
View File

@@ -104,7 +104,7 @@ pub fn unwrap_recovery_qr_with_params(
format!("unsupported version 0x{:02x}", payload_bytes[4]) format!("unsupported version 0x{:02x}", payload_bytes[4])
)); ));
} }
let kdf_salt: &[u8; 32] = payload_bytes[5..37].try_into().unwrap(); let kdf_salt: &[u8; 32] = payload_bytes[5..37].try_into().expect("slice length validated above");
let wrap_nonce = &payload_bytes[37..61]; let wrap_nonce = &payload_bytes[37..61];
let ciphertext = &payload_bytes[61..109]; let ciphertext = &payload_bytes[61..109];
@@ -122,7 +122,7 @@ pub fn unwrap_recovery_qr_with_params(
pub fn recovery_qr_to_svg(payload: &RecoveryQrPayload) -> String { pub fn recovery_qr_to_svg(payload: &RecoveryQrPayload) -> String {
use qrcode::{QrCode, EcLevel}; use qrcode::{QrCode, EcLevel};
let code = QrCode::with_error_correction_level(payload.bytes.as_ref(), EcLevel::M) let code = QrCode::with_error_correction_level(payload.bytes.as_ref(), EcLevel::M)
.expect("109-byte payload always fits QR version 6"); .expect("109 bytes fits well within QR v40 capacity at EcLevel::M");
code.render::<qrcode::render::svg::Color>() code.render::<qrcode::render::svg::Color>()
.min_dimensions(140, 140) .min_dimensions(140, 140)
.build() .build()

7
crates/relicario-wasm/src/lib.rs
View File

@@ -498,11 +498,8 @@ pub fn wasm_generate_recovery_qr(
handle: &SessionHandle, handle: &SessionHandle,
passphrase: &str, passphrase: &str,
) -> Result<String, JsError> { ) -> Result<String, JsError> {
let image_secret_bytes = session::with_image_secret(handle.0, |s| s.to_vec()) let payload = session::with_image_secret(handle.0, |s| generate_recovery_qr(passphrase, s))
.ok_or_else(|| JsError::new("invalid or locked session handle"))?; .ok_or_else(|| JsError::new("invalid or locked session handle"))?
let image_secret: &[u8; 32] = image_secret_bytes.as_slice().try_into()
.map_err(|_| JsError::new("image_secret must be 32 bytes"))?;
let payload = generate_recovery_qr(passphrase, image_secret)
.map_err(|e| JsError::new(&e.to_string()))?; .map_err(|e| JsError::new(&e.to_string()))?;
Ok(recovery_qr_to_svg(&payload)) Ok(recovery_qr_to_svg(&payload))
} }