moved decryption logic to tests, normalized text encoding to NFC

ethankonk · ethankonk · commit 79ac0196d0c0 · 2026-02-26T11:41:36.000-05:00
diff --git a/export/index.template.html b/export/index.template.html
@@ -1315,10 +1315,12 @@ <h2>Message log</h2>
           const salt = crypto.getRandomValues(new Uint8Array(16));
           const iv = crypto.getRandomValues(new Uint8Array(12));
 
-          // Import passphrase as PBKDF2 key material
+          // Import passphrase as PBKDF2 key material.
+          // Normalize to NFC so the same visual passphrase always produces the
+          // same bytes regardless of OS/keyboard Unicode decomposition form.
           const keyMaterial = await crypto.subtle.importKey(
             "raw",
-            new TextEncoder().encode(passphrase),
+            new TextEncoder().encode(passphrase.normalize("NFC")),
             "PBKDF2",
             false,
             ["deriveBits", "deriveKey"]
@@ -1369,10 +1371,10 @@ <h2>Message log</h2>
           const iv = encryptedBuf.slice(16, 28);
           const ciphertext = encryptedBuf.slice(28);
 
-          // Import passphrase as PBKDF2 key material
+          // Import passphrase as PBKDF2 key material (NFC-normalized, matching encryptWithPassphrase).
           const keyMaterial = await crypto.subtle.importKey(
             "raw",
-            new TextEncoder().encode(passphrase),
+            new TextEncoder().encode(passphrase.normalize("NFC")),
             "PBKDF2",
             false,
             ["deriveBits", "deriveKey"]
@@ -1433,7 +1435,6 @@ <h2>Message log</h2>
           getSettings,
           setSettings,
           encryptWithPassphrase,
-          decryptWithPassphrase,
         };
       })();
     </script>
@@ -1547,10 +1548,7 @@ <h2>Message log</h2>
             TKHQ.sendMessageUp("ERROR", e.toString(), event.data["requestId"]);
           }
         }
-        if (
-          event.data &&
-          event.data["type"] == "CONFIRM_PASSPHRASE_EXPORT"
-        ) {
+        if (event.data && event.data["type"] == "CONFIRM_PASSPHRASE_EXPORT") {
           TKHQ.logMessage(`⬇️ Received message ${event.data["type"]}`);
           try {
             await onConfirmPassphraseExport(event.data["requestId"]);
diff --git a/export/index.test.js b/export/index.test.js
@@ -8,6 +8,41 @@ const html = fs
   .readFileSync(path.resolve(__dirname, "./index.template.html"), "utf8")
   .replace("${TURNKEY_SIGNER_ENVIRONMENT}", "prod");
 
+/**
+ * Mirror of the iframe's encryptWithPassphrase, used to verify round-trips in tests.
+ * Kept here rather than exported from TKHQ to avoid exposing decrypt on the global
+ * in production.
+ */
+async function decryptWithPassphrase(encryptedBuf, passphrase) {
+  const salt = encryptedBuf.slice(0, 16);
+  const iv = encryptedBuf.slice(16, 28);
+  const ciphertext = encryptedBuf.slice(28);
+
+  const keyMaterial = await crypto.webcrypto.subtle.importKey(
+    "raw",
+    new TextEncoder().encode(passphrase.normalize("NFC")),
+    "PBKDF2",
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+
+  const aesKey = await crypto.webcrypto.subtle.deriveKey(
+    { name: "PBKDF2", salt, iterations: 600000, hash: "SHA-256" },
+    keyMaterial,
+    { name: "AES-GCM", length: 256 },
+    false,
+    ["decrypt"]
+  );
+
+  const decrypted = await crypto.webcrypto.subtle.decrypt(
+    { name: "AES-GCM", iv },
+    aesKey,
+    ciphertext
+  );
+
+  return new Uint8Array(decrypted);
+}
+
 let dom;
 let TKHQ;
 
@@ -475,7 +510,7 @@ describe("TKHQ", () => {
     const encrypted = await TKHQ.encryptWithPassphrase(plaintext, passphrase);
 
     // Decrypt
-    const decrypted = await TKHQ.decryptWithPassphrase(encrypted, passphrase);
+    const decrypted = await decryptWithPassphrase(encrypted, passphrase);
 
     // Verify
     const decryptedText = new TextDecoder().decode(decrypted);
@@ -494,7 +529,7 @@ describe("TKHQ", () => {
 
     // Attempting to decrypt with wrong passphrase should throw
     await expect(
-      TKHQ.decryptWithPassphrase(encrypted, wrongPassphrase)
+      decryptWithPassphrase(encrypted, wrongPassphrase)
     ).rejects.toThrow();
   });
 
@@ -511,8 +546,8 @@ describe("TKHQ", () => {
     );
 
     // But both should decrypt to the same plaintext
-    const decrypted1 = await TKHQ.decryptWithPassphrase(encrypted1, passphrase);
-    const decrypted2 = await TKHQ.decryptWithPassphrase(encrypted2, passphrase);
+    const decrypted1 = await decryptWithPassphrase(encrypted1, passphrase);
+    const decrypted2 = await decryptWithPassphrase(encrypted2, passphrase);
 
     expect(new TextDecoder().decode(decrypted1)).toBe("same plaintext");
     expect(new TextDecoder().decode(decrypted2)).toBe("same plaintext");
@@ -547,7 +582,7 @@ describe("TKHQ", () => {
     );
 
     // Decrypt
-    const decrypted = await TKHQ.decryptWithPassphrase(
+    const decrypted = await decryptWithPassphrase(
       encryptedFromBase64,
       passphrase
     );
