fix(crypto): use zero salt for deterministic key derivation

Previously, a random salt was used, leading to non-deterministic master key derivation. This change ensures that the master key derivation is deterministic by using a zero-filled salt.

Author: teycir

lib/crypto.ts

@@ -48,8 +48,8 @@ async function deriveMasterKey(keyA: CryptoKey, keyB: CryptoKey): Promise<Crypto
     ['deriveBits']
   );
 
-  // Derive 256-bit key using HKDF
-  const salt = crypto.getRandomValues(new Uint8Array(32));
+  // Derive 256-bit key using HKDF with zero salt for deterministic derivation
+  const salt = new Uint8Array(32); // Zero-filled salt
   const derivedBits = await crypto.subtle.deriveBits(
     {
       name: 'HKDF',

tests/unit/crypto-fix.test.ts

@@ -0,0 +1,38 @@
+import { describe, it, expect } from '@jest/globals';
+import { encryptData, decryptData } from '../../lib/crypto';
+
+describe('Crypto - Encryption/Decryption', () => {
+  it('should encrypt and decrypt text successfully', async () => {
+    const originalText = 'This is a secret message';
+    
+    const encrypted = await encryptData(originalText);
+    expect(encrypted.keyA).toBeTruthy();
+    expect(encrypted.keyB).toBeTruthy();
+    expect(encrypted.iv).toBeTruthy();
+    expect(encrypted.encryptedBlob).toBeTruthy();
+    
+    const decrypted = await decryptData(encrypted.encryptedBlob, {
+      keyA: encrypted.keyA,
+      keyB: encrypted.keyB,
+      iv: encrypted.iv,
+    });
+    
+    const decryptedText = new TextDecoder().decode(decrypted);
+    expect(decryptedText).toBe(originalText);
+  });
+
+  it('should fail with wrong keys', async () => {
+    const originalText = 'Secret';
+    const encrypted = await encryptData(originalText);
+    
+    const wrongEncrypted = await encryptData('Different');
+    
+    await expect(
+      decryptData(encrypted.encryptedBlob, {
+        keyA: wrongEncrypted.keyA,
+        keyB: encrypted.keyB,
+        iv: encrypted.iv,
+      })
+    ).rejects.toThrow();
+  });
+});