클라이언트 승인 대기 페이지 구현

2025-12-16 23:18:48 +00:00 · 2024-12-31 21:58:13 +09:00
parent ccad4fbd8b
commit e5cbd46b35
13 changed files with 243 additions and 59 deletions
--- a/src/routes/(fullscreen)/key/export/+page.svelte
+++ b/src/routes/(fullscreen)/key/export/+page.svelte
@@ -11,7 +11,7 @@
    requestClientRegistration,
    storeClientKeys,
    requestTokenUpgrade,
-    requestInitialMekRegistration,
+    requestInitialMasterKeyRegistration,
  } from "./service";

  import IconKey from "~icons/material-symbols/key";
@@ -72,11 +72,7 @@
        throw new Error("Failed to upgrade token");

      if (
-        !(await requestInitialMekRegistration(
-          data.mekDraft,
-          $clientKeyStore.encryptKey,
-          $clientKeyStore.signKey,
-        ))
+        !(await requestInitialMasterKeyRegistration(data.masterKeyWrapped, $clientKeyStore.signKey))
      )
        throw new Error("Failed to register initial MEK");

--- a/src/routes/(fullscreen)/key/export/service.ts
+++ b/src/routes/(fullscreen)/key/export/service.ts
@@ -1,6 +1,6 @@
 import { callAPI } from "$lib/hooks";
-import { storeRSAKey } from "$lib/indexedDB";
-import { encodeToBase64, encryptRSAPlaintext, signRequest } from "$lib/modules/crypto";
+import { storeClientKey } from "$lib/indexedDB";
+import { encodeToBase64, signRequest } from "$lib/modules/crypto";
 import type { ClientKeys } from "$lib/stores";

 export { requestTokenUpgrade } from "$lib/services/auth";
@@ -35,18 +35,16 @@ export const exportClientKeys = (
 };

 export const storeClientKeys = async (clientKeys: ClientKeys) => {
-  await storeRSAKey(clientKeys.encryptKey, "encrypt");
-  await storeRSAKey(clientKeys.decryptKey, "decrypt");
-  await storeRSAKey(clientKeys.signKey, "sign");
-  await storeRSAKey(clientKeys.verifyKey, "verify");
+  await storeClientKey(clientKeys.encryptKey, "encrypt");
+  await storeClientKey(clientKeys.decryptKey, "decrypt");
+  await storeClientKey(clientKeys.signKey, "sign");
+  await storeClientKey(clientKeys.verifyKey, "verify");
 };

-export const requestInitialMekRegistration = async (
-  mekDraft: ArrayBuffer,
-  encryptKey: CryptoKey,
+export const requestInitialMasterKeyRegistration = async (
+  masterKeyWrapped: ArrayBuffer,
  signKey: CryptoKey,
 ) => {
-  const mekDraftEncrypted = await encryptRSAPlaintext(mekDraft, encryptKey);
  const res = await callAPI("/api/mek/register/initial", {
    method: "POST",
    headers: {
@@ -54,7 +52,7 @@ export const requestInitialMekRegistration = async (
    },
    body: await signRequest(
      {
-        mek: encodeToBase64(mekDraftEncrypted),
+        mek: encodeToBase64(masterKeyWrapped),
      },
      signKey,
    ),
--- a/src/routes/(fullscreen)/key/generate/+page.svelte
+++ b/src/routes/(fullscreen)/key/generate/+page.svelte
@@ -5,7 +5,7 @@
  import { gotoStateful } from "$lib/hooks";
  import { clientKeyStore } from "$lib/stores";
  import Order from "./Order.svelte";
-  import { generateClientKeys, generateMekDraft } from "./service";
+  import { generateClientKeys, generateInitialMasterKey } from "./service";

  import IconKey from "~icons/material-symbols/key";

@@ -34,13 +34,13 @@
  const generate = async () => {
    // TODO: Loading indicator

-    const clientKeys = await generateClientKeys();
-    const { mekDraft } = await generateMekDraft();
+    const { encryptKey, ...clientKeys } = await generateClientKeys();
+    const { masterKeyWrapped } = await generateInitialMasterKey(encryptKey);

    await gotoStateful("/key/export", {
      ...clientKeys,
      redirectPath: data.redirectPath,
-      mekDraft,
+      masterKeyWrapped,
    });
  };

--- a/src/routes/(fullscreen)/key/generate/service.ts
+++ b/src/routes/(fullscreen)/key/generate/service.ts
@@ -4,9 +4,9 @@ import {
  exportRSAKeyToBase64,
  generateAESKey,
  makeAESKeyNonextractable,
-  exportAESKey,
+  wrapAESKeyUsingRSA,
 } from "$lib/modules/crypto";
-import { clientKeyStore, mekStore } from "$lib/stores";
+import { clientKeyStore } from "$lib/stores";

 export const generateClientKeys = async () => {
  const encKeyPair = await generateRSAKeyPair("encryption");
@@ -20,6 +20,7 @@ export const generateClientKeys = async () => {
  });

  return {
+    encryptKey: encKeyPair.publicKey,
    encryptKeyBase64: await exportRSAKeyToBase64(encKeyPair.publicKey),
    decryptKeyBase64: await exportRSAKeyToBase64(encKeyPair.privateKey),
    signKeyBase64: await exportRSAKeyToBase64(sigKeyPair.privateKey),
@@ -27,16 +28,10 @@ export const generateClientKeys = async () => {
  };
 };

-export const generateMekDraft = async () => {
-  const mek = await generateAESKey();
-  const mekSecured = await makeAESKeyNonextractable(mek);
-
-  mekStore.update((meks) => {
-    meks.set(0, mekSecured);
-    return meks;
-  });
-
+export const generateInitialMasterKey = async (encryptKey: CryptoKey) => {
+  const masterKey = await generateAESKey();
  return {
-    mekDraft: await exportAESKey(mek),
+    masterKey: await makeAESKeyNonextractable(masterKey),
+    masterKeyWrapped: await wrapAESKeyUsingRSA(masterKey, encryptKey),
  };
 };