Switch to X25519 + ML-KEM-768 encryption

2026-05-27 20:40:24 +02:00 · 2026-05-27 20:40:24 +02:00 · a660ba32bd
commit a660ba32bd
parent 9e6d128839
9 changed files with 180 additions and 76 deletions
--- a/webroot/login/index.html
+++ b/webroot/login/index.html
@ -6,6 +6,7 @@
    <title>Miarven - Login</title>
    <link rel="stylesheet" href="../style.css">
    <link rel="icon" type="image/svg+xml" href="../favicon.svg">
+    <script src="../crypto-pq.js"></script>
    <style>
        html {
            font-size: max(17px, calc(100vw / 100));
@ -321,7 +322,7 @@
    formLogin.addEventListener('submit', async (e) => {
        e.preventDefault();
        try {
-
+            await updateProtocolAndUrl(loginHost.value);
            let res = await Auth(loginUsername.value, loginPassword.value);
            
            if (res.startsWith("success:"))
@ -375,14 +376,18 @@
                container.className = 'auth-container show-register';
                return;
            }
+
+            await updateProtocolAndUrl(registerHost.value);
+
            let dataarray = keyDataFromServerJson(await fetchAsync(`${url}/createaccount?step=init`));
-            var sharedkey = await calcCommunicationKeyClient(dataarray[0], dataarray[1], dataarray[2]);
-            sharedpvkey = sharedkey[1];
-            createId = dataarray[3];
+            var sharedkey = await calcHybridSharedKeyClient(dataarray[0], dataarray[1]);
+            sharedpvkey = sharedkey[2];
+            createId = dataarray[2];
            const captchaimage = await fetch(`${url}/createaccount?step=register`, {
                method: 'POST',
                body: JSON.stringify({
-                    pubClient: sharedkey[0],
+                    pubX25519: sharedkey[0],
+                    ciphertextMlKem: sharedkey[1],
                    idKey: createId,
                    username: await encrypt(registerUsername.value, sharedpvkey),
                    password: await encrypt(await hashSHA3_512(registerPassword.value), sharedpvkey)