use 512 bit keys for HMAC-SHA256 as per spec

overheadhunter · overheadhunter · commit 27a944dcada3 · 2025-07-08T10:58:37.000+02:00
see encryption-alliance/unified-vault-format#31
diff --git a/frontend/src/common/universalVaultFormat.ts b/frontend/src/common/universalVaultFormat.ts
@@ -439,7 +439,7 @@ export class UniversalVaultFormat implements AccessTokenProducing, VaultTemplate
   public async computeRootDirIdHash(rootDirId: Uint8Array): Promise<string> {
     const textencoder = new TextEncoder();
     const initialSeed = await crypto.subtle.importKey('raw', this.metadata.initialSeed, { name: 'HKDF' }, false, ['deriveKey']);
-    const hmacKey = await crypto.subtle.deriveKey({ name: 'HKDF', hash: 'SHA-512', salt: this.metadata.kdfSalt, info: textencoder.encode('hmac') }, initialSeed, { name: 'HMAC', hash: 'SHA-256', length: 256 }, false, ['sign']);
+    const hmacKey = await crypto.subtle.deriveKey({ name: 'HKDF', hash: 'SHA-512', salt: this.metadata.kdfSalt, info: textencoder.encode('hmac') }, initialSeed, { name: 'HMAC', hash: 'SHA-256', length: 512 }, false, ['sign']);
     const rootDirHash = await crypto.subtle.sign('HMAC', hmacKey, rootDirId);
     return base32.stringify(new Uint8Array(rootDirHash).slice(0, 20));
   }
diff --git a/frontend/test/common/universalVaultFormat.spec.ts b/frontend/test/common/universalVaultFormat.spec.ts
@@ -292,11 +292,11 @@ describe('UVF', () => {
         const rootDirId = base64.parse('5WEGzwKkAHPwVSjT2Brr3P3zLz7oMiNpMn/qBvht7eM=');
         const hash = await uvf.computeRootDirIdHash(rootDirId);
         expect(hash).to.have.a.lengthOf(32);
-        expect(hash).to.eq('RKHZLENL3PQIW6GZHE3KRRRGLFBHWHRU');
+        expect(hash).to.eq('RZK7ZH7KBXULNEKBMGX3CU42PGUIAIX4');
       });
 
       it('encryptFile() creates some ciphertext', async () => {
-        const rootDirId = base64.parse('24UBEDeGu5taq7U4GqyA0MXUXb9HTYS6p3t9vvHGJAc=');
+        const rootDirId = base64.parse('5WEGzwKkAHPwVSjT2Brr3P3zLz7oMiNpMn/qBvht7eM=');
         const fileContent = await uvf.encryptFile(rootDirId, uvf.metadata.initialSeedId);
         expect(fileContent).to.have.a.lengthOf(128);
         expect(fileContent.slice(0, 4)).to.eql(new Uint8Array([0x75, 0x76, 0x66, 0x01])); // magic bytes

Original file line number	Diff line number	Diff line change
`@@ -439,7 +439,7 @@ export class UniversalVaultFormat implements AccessTokenProducing, VaultTemplate`
`439`	`439`	`public async computeRootDirIdHash(rootDirId: Uint8Array): Promise<string> {`
`440`	`440`	`const textencoder = new TextEncoder();`
`441`	`441`	`const initialSeed = await crypto.subtle.importKey('raw', this.metadata.initialSeed, { name: 'HKDF' }, false, ['deriveKey']);`
`442`		`- const hmacKey = await crypto.subtle.deriveKey({ name: 'HKDF', hash: 'SHA-512', salt: this.metadata.kdfSalt, info: textencoder.encode('hmac') }, initialSeed, { name: 'HMAC', hash: 'SHA-256', length: 256 }, false, ['sign']);`
	`442`	`+ const hmacKey = await crypto.subtle.deriveKey({ name: 'HKDF', hash: 'SHA-512', salt: this.metadata.kdfSalt, info: textencoder.encode('hmac') }, initialSeed, { name: 'HMAC', hash: 'SHA-256', length: 512 }, false, ['sign']);`
`443`	`443`	`const rootDirHash = await crypto.subtle.sign('HMAC', hmacKey, rootDirId);`
`444`	`444`	`return base32.stringify(new Uint8Array(rootDirHash).slice(0, 20));`
`445`	`445`	`}`