Embedded key fixes

index.html

@@ -37,7 +37,7 @@
       font-weight: bold;
       text-align: center;
     }
-    #clear {
+    #reset {
       color: white;
       width: 7em;
       font-size: 1em;
@@ -80,7 +80,7 @@ <h2>Init Recovery</h2>
   <form>
     <label>Embedded key</label>
     <input type="text" name="embedded-key" id="embedded-key" disabled/>
-    <button id="clear">Reset Key</button>
+    <button id="reset">Reset Key</button>
   </form>
   <br>
   <br>
@@ -116,7 +116,8 @@ <h2>Message log</h2>
   <script>
     window.TKHQ = function() {
       /** constant for LocalStorage */
-      var TURNKEY_EMBEDDED_KEY = "TURNKEY_EMBEDDED_KEY"
+      var TURNKEY_EMBEDDED_KEY = "TURNKEY_EMBEDDED_KEY";
+      var TURNKEY_EMBEDDED_KEY_TTL = 1000 * 60 * 60 * 48; // 48 hours in seconds
 
       /**
        * Creates a new public/private key pair and persists it in localStorage
@@ -136,9 +137,9 @@ <h2>Message log</h2>
       */
       var generateTargetKey = async function() {
         var p256key = await crypto.subtle.generateKey({
-          name: 'ECDSA',
+          name: 'ECDH',
           namedCurve: 'P-256',
-        }, true, ['sign',]);
+        }, true, ['deriveBits',]);
 
         return await crypto.subtle.exportKey("jwk", p256key.privateKey);
       }
@@ -147,7 +148,7 @@ <h2>Message log</h2>
        * Gets the current embedded private key JWK. Returns `null` if not found.
        */
       var getEmbeddedKey = function() {
-        var jwtKey = window.localStorage.getItem(TURNKEY_EMBEDDED_KEY)
+        var jwtKey = getItemWithExpiry(TURNKEY_EMBEDDED_KEY)
         if (!jwtKey) {
           return null
         } else {
@@ -156,13 +157,51 @@ <h2>Message log</h2>
       }
 
       var setEmbeddedKey = function(targetKey) {
-        return window.localStorage.setItem(TURNKEY_EMBEDDED_KEY, JSON.stringify(targetKey))
+        return setItemWithExpiry(TURNKEY_EMBEDDED_KEY, JSON.stringify(targetKey), TURNKEY_EMBEDDED_KEY_TTL);
       }
 
-      var clearEmbeddedKey = function() {
+      var resetEmbeddedKey = function() {
         window.localStorage.removeItem(TURNKEY_EMBEDDED_KEY)
       }
 
+      /**
+       * Set an item in localStorage with an expiration time.
+       */
+      var setItemWithExpiry = function(key, value, ttl) {
+        const now = new Date();
+        const item = {
+            value: value,
+            expiry: now.getTime() + ttl,
+        };
+        window.localStorage.setItem(key, JSON.stringify(item));
+      };
+
+      /**
+       * Get an item from localStorage. If it has expired, remove
+       * the item from localStorage and return null.
+       */
+      const getItemWithExpiry = (key) => {
+        const itemStr = window.localStorage.getItem(key);
+
+        if (!itemStr) {
+            return null;
+        }
+
+        const item = JSON.parse(itemStr);
+
+        if (!item.hasOwnProperty("expiry") || !item.hasOwnProperty("value")) {
+          window.localStorage.removeItem(key);
+          return null;
+        }
+
+        const now = new Date();
+        if (now.getTime() > item.expiry) {
+            window.localStorage.removeItem(key);
+            return null;
+        }
+        return item.value;
+      };
+
       /**
        * Takes a hex string (e.g. "e4567ab") and returns an array buffer (Uint8Array)
        * @param {string} hexString
@@ -707,9 +746,11 @@ <h2>Message log</h2>
       return {
         initEmbeddedKey,
         generateTargetKey,
+        setItemWithExpiry,
+        getItemWithExpiry,
         getEmbeddedKey,
         setEmbeddedKey,
-        clearEmbeddedKey,
+        resetEmbeddedKey,
         importRecoveryCredential,
         compressRawPublicKey,
         uncompressRawPublicKey,
@@ -759,6 +800,10 @@ <h2>Message log</h2>
           TKHQ.logMessage(`⬇️ Received message ${event.data["type"]}: ${event.data["value"]}`);
           onStampRequest(event.data["value"]);
         }
+        if (event.data && event.data["type"] == "RESET_EMBEDDED_KEY") {
+          TKHQ.logMessage(`⬇️ Received message ${event.data["type"]}`);
+          resetEmbeddedKey();
+        }
       }, false);
 
       /**
@@ -782,9 +827,9 @@ <h2>Message log</h2>
       }, false);
 
       /**
-       * DEBUG functionality only to clear the page's localStorage
+       * DEBUG functionality only to reset the page's localStorage
        */
-      document.getElementById("clear").addEventListener("click", TKHQ.clearEmbeddedKey);
+      document.getElementById("reset").addEventListener("click", TKHQ.resetEmbeddedKey);
     }, false);
 
     /**

index.test.js

@@ -28,15 +28,40 @@ describe("TKHQ", () => {
     TKHQ = dom.window.TKHQ
   })
 
-  it("gets, sets, and removes values in localStorage", async () => {
+  it("gets and sets items with expiry localStorage", async () => {
+    // Set a TTL of 1000ms
+    TKHQ.setItemWithExpiry("k", "v", 1000);
+    let item = JSON.parse(dom.window.localStorage.getItem("k"));
+    expect(item.value).toBe("v");
+    expect(item.expiry).toBeTruthy();
+
+    // Get item that has not expired yet
+    item = TKHQ.getItemWithExpiry("k");
+    expect(item).toBe("v");
+
+    // Set a TTL of 500ms
+    TKHQ.setItemWithExpiry("a", "b", 500);
+    setTimeout(() => {
+      const expiredItem = TKHQ.getItemWithExpiry("a");
+      expect(expiredItem).toBeNull();
+      done();
+    }, 600); // Wait for 600ms to ensure the item has expired
+
+    // Returns null if getItemWithExpiry is called for item without expiry
+    dom.window.localStorage.setItem("k", JSON.stringify({ value: "v" }));
+    item = TKHQ.getItemWithExpiry("k");
+    expect(item).toBeNull();
+  })
+
+  it("gets, sets and resets embedded key in localStorage", async () => {
     expect(TKHQ.getEmbeddedKey()).toBe(null);
 
     // Set a dummy "key"
     TKHQ.setEmbeddedKey({"foo": "bar"});
     expect(TKHQ.getEmbeddedKey()).toEqual({"foo": "bar"});
 
-    // Now clear and assert we're back to no embedded key
-    TKHQ.clearEmbeddedKey();
+    // Now reset and assert we're back to no embedded key
+    TKHQ.resetEmbeddedKey();
     expect(TKHQ.getEmbeddedKey()).toBe(null);
   })
 
@@ -56,6 +81,7 @@ describe("TKHQ", () => {
     expect(key.kty).toEqual("EC");
     expect(key.ext).toBe(true);
     expect(key.crv).toBe("P-256");
+    expect(key.key_ops).toContain("deriveBits");
   })
 
   it("imports recovery credentials without errors", async () => {