siftlode/frontend
npeter83 40ddaa2c92 fix(e2ee): stop reusing the AES-GCM nonce in setup; drop redundant key_check oracle
setup() encrypted BOTH the wrapped private key AND the key_check under the same
wrapKey with the SAME wrapIv — a GCM nonce-reuse bug (leaks keystream + enables
GHASH/tag forgery, which matters under E2EE's malicious-server threat model).
Fixes:
- setup() gives key_check its own independent nonce (checkIv).
- unlock() no longer decrypts key_check to verify the passphrase — that was
  redundant (a wrong passphrase already fails the wrapped_private_key GCM auth
  tag) AND was the second consumer of the reused nonce.

Backward-compatible: the uploaded bundle shape is unchanged, and existing users'
bundles still unlock (unlock only presence-checks key_check now; the private-key
decrypt path with wrap_iv is untouched). Also removed the unused, architecturally
ineffective lock() export (re-unlocks from IndexedDB on next mount; the meaningful
primitive is clearDevice). Re-review clean; tsc green.
2026-07-11 20:16:14 +02:00
..
public fix(share): let link-preview crawlers fetch /watch/ pages (robots.txt) 2026-07-07 22:56:38 +02:00
src fix(e2ee): stop reusing the AES-GCM nonce in setup; drop redundant key_check oracle 2026-07-11 20:16:14 +02:00
index.html feat(share): rich link previews (Open Graph) for /watch pages 2026-07-07 20:19:30 +02:00
package-lock.json feat(plex): P2 player — rich full-page HLS/direct player + watch-state 2026-07-05 04:28:00 +02:00
package.json feat(plex): P2 player — rich full-page HLS/direct player + watch-state 2026-07-05 04:28:00 +02:00
postcss.config.js feat: M4 (part 2) — React reader UI with theming 2026-06-11 02:19:47 +02:00
tailwind.config.js feat: M4 (part 2) — React reader UI with theming 2026-06-11 02:19:47 +02:00
tsconfig.json feat: M4 (part 2) — React reader UI with theming 2026-06-11 02:19:47 +02:00
vite.config.ts fix(dev): vite proxy to 127.0.0.1 + throttle error notifications 2026-06-11 22:00:57 +02:00