keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity

Fix now-broken test cases and change lots of things over to promises

Browse Source
pull/749/head
Matt Corallo 11 years ago
parent 41d50d7480
commit 3fffbad11a
4 changed files with 140 additions and 138 deletions
Show Stats Download Patch File Download Diff File

11
js/crypto.js
Unescape Escape View File

@ -1,15 +1,26 @@
function HmacSHA256(key, input) { function HmacSHA256(key, input) {
input = assertIsArrayBuffer(input);
key = assertIsArrayBuffer(key);
return window.crypto.subtle.sign({name: "HMAC", hash: "SHA-256"}, key, input); return window.crypto.subtle.sign({name: "HMAC", hash: "SHA-256"}, key, input);
} }
function encryptAESCTR(input, key, counter) { function encryptAESCTR(input, key, counter) {
input = assertIsArrayBuffer(input);
key = assertIsArrayBuffer(key);
counter = assertIsArrayBuffer(counter);
return window.crypto.subtle.encrypt({name: "AES-CTR", counter: counter}, key, input); return window.crypto.subtle.encrypt({name: "AES-CTR", counter: counter}, key, input);
} }
function decryptAESCTR(input, key, counter) { function decryptAESCTR(input, key, counter) {
input = assertIsArrayBuffer(input);
key = assertIsArrayBuffer(key);
counter = assertIsArrayBuffer(counter);
return window.crypto.subtle.decrypt({name: "AES-CTR", counter: counter}, key, input); return window.crypto.subtle.decrypt({name: "AES-CTR", counter: counter}, key, input);
} }
function decryptAESCBC(input, key, iv) { function decryptAESCBC(input, key, iv) {
input = assertIsArrayBuffer(input);
key = assertIsArrayBuffer(key);
iv = assertIsArrayBuffer(iv);
return window.crypto.subtle.decrypt({name: "AES-CBC", iv: iv}, key, input); return window.crypto.subtle.decrypt({name: "AES-CBC", iv: iv}, key, input);
} }

195
js/helpers.js
Unescape Escape View File

@ -97,12 +97,13 @@ var USE_NACL = false;
*** Type conversion utilities *** *** Type conversion utilities ***
*********************************/ *********************************/
function intToArrayBuffer(nInt) { function intToArrayBuffer(nInt) {
return new ArrayBuffer([ var res = new ArrayBuffer(4);
(nInt >> 24) && 0xFF, var thing = new Uint8Array(res);
(nInt >> 16) && 0xFF, thing[0] = (nInt >> 24) & 0xff;
(nInt >> 8) && 0xFF, thing[1] = (nInt >> 16) & 0xff;
nInt && 0xFF thing[2] = (nInt >> 8 ) & 0xff;
]); thing[3] = (nInt >> 0 ) & 0xff;
return res;
} }
// Strings/arrays // Strings/arrays
@ -160,6 +161,12 @@ function toArrayBuffer(thing) {
return res; return res;
} }
function assertIsArrayBuffer(thing) {
if (thing !== Object(thing) || thing.__proto__ != StaticArrayBufferProto)
console.log("WARNING: Needed a ArrayBuffer");
return toArrayBuffer(thing);
}
function ensureStringed(thing) { function ensureStringed(thing) {
if (getStringable(thing)) if (getStringable(thing))
return getString(thing); return getString(thing);
@ -433,7 +440,7 @@ function getRandomBytes(size) {
var crypto_tests = {}; var crypto_tests = {};
(function(crypto, $, undefined) { (function(crypto, $, undefined) {
crypto_tests.privToPub = function(privKey, isIdentity, callback) { crypto_tests.privToPub = function(privKey, isIdentity) {
if (privKey.byteLength != 32) if (privKey.byteLength != 32)
throw new Error("Invalid private key"); throw new Error("Invalid private key");
@ -448,12 +455,14 @@ var crypto_tests = {};
} }
if (USE_NACL) { if (USE_NACL) {
postNaclMessage({command: "bytesToPriv", priv: privKey}, function(message) { return new Promise(function(resolve) {
var priv = message.res; postNaclMessage({command: "bytesToPriv", priv: privKey}, function(message) {
if (!isIdentity) var priv = message.res;
new Uint8Array(priv)[0] |= 0x01; if (!isIdentity)
postNaclMessage({command: "privToPub", priv: priv}, function(message) { new Uint8Array(priv)[0] |= 0x01;
callback({ pubKey: prependVersion(message.res), privKey: priv }); postNaclMessage({command: "privToPub", priv: priv}, function(message) {
resolve({ pubKey: prependVersion(message.res), privKey: priv });
});
}); });
}); });
} else { } else {
@ -466,21 +475,21 @@ var crypto_tests = {};
priv[0] |= 0x0001; priv[0] |= 0x0001;
//TODO: fscking type conversion //TODO: fscking type conversion
callback({ pubKey: prependVersion(toArrayBuffer(curve25519(priv))), privKey: privKey}); return new Promise(function(resolve) { resolve({ pubKey: prependVersion(toArrayBuffer(curve25519(priv))), privKey: privKey}); });
} }
} }
var privToPub = function(privKey, isIdentity, callback) { return crypto_tests.privToPub(privKey, isIdentity, callback); } var privToPub = function(privKey, isIdentity, callback) { return crypto_tests.privToPub(privKey, isIdentity, callback); }
crypto_tests.createNewKeyPair = function(isIdentity, callback) { crypto_tests.createNewKeyPair = function(isIdentity) {
return privToPub(getRandomBytes(32), isIdentity, callback); return privToPub(getRandomBytes(32), isIdentity);
} }
var createNewKeyPair = function(isIdentity, callback) { return crypto_tests.createNewKeyPair(isIdentity, callback); } var createNewKeyPair = function(isIdentity) { return crypto_tests.createNewKeyPair(isIdentity); }
var crypto_storage = {}; var crypto_storage = {};
crypto_storage.getNewPubKeySTORINGPrivKey = function(keyName, isIdentity, callback) { crypto_storage.getNewPubKeySTORINGPrivKey = function(keyName, isIdentity, callback) {
createNewKeyPair(isIdentity, function(keyPair) { createNewKeyPair(isIdentity).then(function(keyPair) {
storage.putEncrypted("25519Key" + keyName, keyPair); storage.putEncrypted("25519Key" + keyName, keyPair);
callback(keyPair.pubKey); callback(keyPair.pubKey);
}); });
@ -525,7 +534,7 @@ var crypto_tests = {};
*****************************/ *****************************/
//TODO: Think about replacing CryptoJS stuff with optional NaCL-based implementations //TODO: Think about replacing CryptoJS stuff with optional NaCL-based implementations
// Probably means all of the low-level crypto stuff here needs pulled out into its own file // Probably means all of the low-level crypto stuff here needs pulled out into its own file
crypto_tests.ECDHE = function(pubKey, privKey, callback) { crypto_tests.ECDHE = function(pubKey, privKey) {
if (privKey !== undefined) { if (privKey !== undefined) {
privKey = toArrayBuffer(privKey); privKey = toArrayBuffer(privKey);
if (privKey.byteLength != 32) if (privKey.byteLength != 32)
@ -545,15 +554,17 @@ var crypto_tests = {};
throw new Error("Invalid public key"); throw new Error("Invalid public key");
} }
if (USE_NACL) { return new Promise(function(resolve) {
postNaclMessage({command: "ECDHE", priv: privKey, pub: pubKey}, function(message) { if (USE_NACL) {
callback(message.res); postNaclMessage({command: "ECDHE", priv: privKey, pub: pubKey}, function(message) {
}); resolve(message.res);
} else { });
callback(toArrayBuffer(curve25519(new Uint16Array(privKey), new Uint16Array(pubKey)))); } else {
} resolve(toArrayBuffer(curve25519(new Uint16Array(privKey), new Uint16Array(pubKey))));
}
});
} }
var ECDHE = function(pubKey, privKey, callback) { return crypto_tests.ECDHE(pubKey, privKey, callback); } var ECDHE = function(pubKey, privKey) { return crypto_tests.ECDHE(pubKey, privKey); }
crypto_tests.HKDF = function(input, salt, info) { crypto_tests.HKDF = function(input, salt, info) {
// Specific implementation of RFC 5869 that only returns exactly 64 bytes // Specific implementation of RFC 5869 that only returns exactly 64 bytes
@ -589,7 +600,7 @@ var crypto_tests = {};
if (version === undefined) if (version === undefined)
version = 1; version = 1;
HmacSHA256(key, String.fromCharCode(version) + getString(data)).then(function(calculated_mac) { return HmacSHA256(key, String.fromCharCode(version) + getString(data)).then(function(calculated_mac) {
var macString = getString(mac); var macString = getString(mac);
if (calculated_mac.substring(0, macString.length) != macString) if (calculated_mac.substring(0, macString.length) != macString)
@ -607,33 +618,32 @@ var crypto_tests = {};
/****************************** /******************************
*** Ratchet implementation *** *** Ratchet implementation ***
******************************/ ******************************/
var calculateRatchet = function(session, remoteKey, sending, callback) { var calculateRatchet = function(session, remoteKey, sending) {
var ratchet = session.currentRatchet; var ratchet = session.currentRatchet;
ECDHE(remoteKey, ratchet.ephemeralKeyPair.privKey, function(sharedSecret) { return ECDHE(remoteKey, ratchet.ephemeralKeyPair.privKey).then(function(sharedSecret) {
HKDF(sharedSecret, ratchet.rootKey, "WhisperRatchet").then(function(masterKey) { return HKDF(sharedSecret, ratchet.rootKey, "WhisperRatchet").then(function(masterKey) {
if (sending) if (sending)
session[getString(ratchet.ephemeralKeyPair.pubKey)] = { messageKeys: {}, chainKey: { counter: -1, key: masterKey[1] } }; session[getString(ratchet.ephemeralKeyPair.pubKey)] = { messageKeys: {}, chainKey: { counter: -1, key: masterKey[1] } };
else else
session[getString(remoteKey)] = { messageKeys: {}, chainKey: { counter: -1, key: masterKey[1] } }; session[getString(remoteKey)] = { messageKeys: {}, chainKey: { counter: -1, key: masterKey[1] } };
ratchet.rootKey = masterKey[0]; ratchet.rootKey = masterKey[0];
callback();
}); });
}); });
} }
var initSession = function(isInitiator, ourEphemeralKey, encodedNumber, theirIdentityPubKey, theirEphemeralPubKey, callback) { var initSession = function(isInitiator, ourEphemeralKey, encodedNumber, theirIdentityPubKey, theirEphemeralPubKey) {
var ourIdentityPrivKey = crypto_storage.getIdentityPrivKey(); var ourIdentityPrivKey = crypto_storage.getIdentityPrivKey();
var sharedSecret; var sharedSecret;
ECDHE(theirEphemeralPubKey, ourIdentityPrivKey, function(ecRes) { return ECDHE(theirEphemeralPubKey, ourIdentityPrivKey).then(function(ecRes) {
sharedSecret = getString(ecRes); sharedSecret = getString(ecRes);
function finishInit() { function finishInit() {
ECDHE(theirEphemeralPubKey, ourEphemeralKey.privKey, function(ecRes) { return ECDHE(theirEphemeralPubKey, ourEphemeralKey.privKey).then(function(ecRes) {
sharedSecret += getString(ecRes); sharedSecret += getString(ecRes);
HKDF(sharedSecret, '', "WhisperText").then(function(masterKey) { return HKDF(toArrayBuffer(sharedSecret), '', "WhisperText").then(function(masterKey) {
var session = {currentRatchet: { rootKey: masterKey[0], lastRemoteEphemeralKey: theirEphemeralPubKey }, var session = {currentRatchet: { rootKey: masterKey[0], lastRemoteEphemeralKey: theirEphemeralPubKey },
oldRatchetList: [] oldRatchetList: []
}; };
@ -641,50 +651,42 @@ var crypto_tests = {};
// If we're initiating we go ahead and set our first sending ephemeral key now, // If we're initiating we go ahead and set our first sending ephemeral key now,
// otherwise we figure it out when we first maybeStepRatchet with the remote's ephemeral key // otherwise we figure it out when we first maybeStepRatchet with the remote's ephemeral key
if (isInitiator) { if (isInitiator) {
createNewKeyPair(false, function(ourSendingEphemeralKey) { return createNewKeyPair(false).then(function(ourSendingEphemeralKey) {
session.currentRatchet.ephemeralKeyPair = ourSendingEphemeralKey; session.currentRatchet.ephemeralKeyPair = ourSendingEphemeralKey;
calculateRatchet(session, theirEphemeralPubKey, true, function() { return calculateRatchet(session, theirEphemeralPubKey, true).then(function() {
crypto_storage.saveSession(encodedNumber, session); crypto_storage.saveSession(encodedNumber, session);
callback();
}); });
}); });
} else { } else {
session.currentRatchet.ephemeralKeyPair = ourEphemeralKey; session.currentRatchet.ephemeralKeyPair = ourEphemeralKey;
crypto_storage.saveSession(encodedNumber, session); crypto_storage.saveSession(encodedNumber, session);
callback();
} }
}); });
}); });
} }
if (isInitiator) { if (isInitiator)
ECDHE(theirIdentityPubKey, ourEphemeralKey.privKey, function(ecRes) { return ECDHE(theirIdentityPubKey, ourEphemeralKey.privKey).then(function(ecRes) {
sharedSecret = sharedSecret + getString(ecRes); sharedSecret = sharedSecret + getString(ecRes);
finishInit(); }).then(finishInit);
}); else
} else { return ECDHE(theirIdentityPubKey, ourEphemeralKey.privKey).then(function(ecRes) {
ECDHE(theirIdentityPubKey, ourEphemeralKey.privKey, function(ecRes) {
sharedSecret = getString(ecRes) + sharedSecret; sharedSecret = getString(ecRes) + sharedSecret;
finishInit(); }).then(finishInit);
});
}
}); });
} }
var initSessionFromPreKeyWhisperMessage = function(encodedNumber, message, callback) { var initSessionFromPreKeyWhisperMessage = function(encodedNumber, message) {
//TODO: Check remote identity key matches known-good key //TODO: Check remote identity key matches known-good key
var preKeyPair = crypto_storage.getAndRemovePreKeyPair(message.preKeyId); var preKeyPair = crypto_storage.getAndRemovePreKeyPair(message.preKeyId);
if (preKeyPair === undefined) { if (preKeyPair === undefined) {
if (crypto_storage.getSession(encodedNumber) !== undefined) if (crypto_storage.getSession(encodedNumber) !== undefined)
callback(); return new Promise(function(resolve) { resolve() });
else else
throw new Error("Missing preKey for PreKeyWhisperMessage"); throw new Error("Missing preKey for PreKeyWhisperMessage");
} else { } else
initSession(false, preKeyPair, encodedNumber, message.identityKey, message.baseKey, function() { return initSession(false, preKeyPair, encodedNumber, message.identityKey, message.baseKey);
callback();
});
}
} }
var fillMessageKeys = function(chain, counter) { var fillMessageKeys = function(chain, counter) {
@ -693,28 +695,25 @@ var crypto_tests = {};
if (chain.chainKey.counter < counter) { if (chain.chainKey.counter < counter) {
return HmacSHA256(chain.chainKey.key, String.fromCharCode(1)).then(function(mac) { return HmacSHA256(chain.chainKey.key, String.fromCharCode(1)).then(function(mac) {
HmacSHA256(chain.chainKey.key, String.fromCharCode(2)).then(function(key) { return HmacSHA256(chain.chainKey.key, String.fromCharCode(2)).then(function(key) {
chain.messageKeys[chain.chainKey.counter + 1] = mac; chain.messageKeys[chain.chainKey.counter + 1] = mac;
chain.chainKey.key = key chain.chainKey.key = key
chain.chainKey.counter += 1; chain.chainKey.counter += 1;
fillMessageKeys(chain, counter);//XXX: return? return fillMessageKeys(chain, counter);
}); });
}); });
} else { } else
return new Promise(function(resolve) { resolve() }); return new Promise(function(resolve) { resolve() });
}
} }
var maybeStepRatchet = function(session, remoteKey, previousCounter, callback) { var maybeStepRatchet = function(session, remoteKey, previousCounter) {
if (session[getString(remoteKey)] !== undefined) { if (session[getString(remoteKey)] !== undefined)
callback(); return new Promise(function(resolve) { resolve() });
return;
}
var ratchet = session.currentRatchet; var ratchet = session.currentRatchet;
var finish = function() { var finish = function() {
calculateRatchet(session, remoteKey, false, function() { return calculateRatchet(session, remoteKey, false).then(function() {
// Now swap the ephemeral key and calculate the new sending chain // Now swap the ephemeral key and calculate the new sending chain
var previousRatchet = getString(ratchet.ephemeralKeyPair.pubKey); var previousRatchet = getString(ratchet.ephemeralKeyPair.pubKey);
if (session[previousRatchet] !== undefined) { if (session[previousRatchet] !== undefined) {
@ -725,11 +724,10 @@ var crypto_tests = {};
// it should be changed upstream to something more reasonable. // it should be changed upstream to something more reasonable.
ratchet.previousCounter = 4294967295; ratchet.previousCounter = 4294967295;
createNewKeyPair(false, function(keyPair) { return createNewKeyPair(false).then(function(keyPair) {
ratchet.ephemeralKeyPair = keyPair; ratchet.ephemeralKeyPair = keyPair;
calculateRatchet(session, remoteKey, true, function() { return calculateRatchet(session, remoteKey, true).then(function() {
ratchet.lastRemoteEphemeralKey = remoteKey; ratchet.lastRemoteEphemeralKey = remoteKey;
callback();
}); });
}); });
}); });
@ -737,19 +735,18 @@ var crypto_tests = {};
var previousRatchet = session[getString(ratchet.lastRemoteEphemeralKey)]; var previousRatchet = session[getString(ratchet.lastRemoteEphemeralKey)];
if (previousRatchet !== undefined) { if (previousRatchet !== undefined) {
fillMessageKeys(previousRatchet, previousCounter).then(function() { return fillMessageKeys(previousRatchet, previousCounter).then(function() {
if (!objectContainsKeys(previousRatchet.messageKeys)) if (!objectContainsKeys(previousRatchet.messageKeys))
delete session[getString(ratchet.lastRemoteEphemeralKey)]; delete session[getString(ratchet.lastRemoteEphemeralKey)];
else else
session.oldRatchetList[session.oldRatchetList.length] = { added: new Date().getTime(), ephemeralKey: ratchet.lastRemoteEphemeralKey }; session.oldRatchetList[session.oldRatchetList.length] = { added: new Date().getTime(), ephemeralKey: ratchet.lastRemoteEphemeralKey };
finish(); }).then(finish);
});
} else } else
finish(); return finish();
} }
// returns decrypted protobuf // returns decrypted protobuf
var decryptWhisperMessage = function(encodedNumber, messageBytes, callback) { var decryptWhisperMessage = function(encodedNumber, messageBytes) {
var session = crypto_storage.getSession(encodedNumber); var session = crypto_storage.getSession(encodedNumber);
if (session === undefined) if (session === undefined)
throw new Error("No session currently open with " + encodedNumber); throw new Error("No session currently open with " + encodedNumber);
@ -762,22 +759,21 @@ var crypto_tests = {};
var message = decodeWhisperMessageProtobuf(messageProto); var message = decodeWhisperMessageProtobuf(messageProto);
maybeStepRatchet(session, message.ephemeralKey, message.previousCounter, function() { return maybeStepRatchet(session, message.ephemeralKey, message.previousCounter).then(function() {
var chain = session[getString(message.ephemeralKey)]; var chain = session[getString(message.ephemeralKey)];
fillMessageKeys(chain, message.counter).then(function() { return fillMessageKeys(chain, message.counter).then(function() {
HKDF(chain.messageKeys[message.counter], '', "WhisperMessageKeys").then(function(keys) { return HKDF(chain.messageKeys[message.counter], '', "WhisperMessageKeys").then(function(keys) {
delete chain.messageKeys[message.counter]; delete chain.messageKeys[message.counter];
verifyMACWithVersionByte(messageProto, keys[1], mac, (2 << 4) | 2); verifyMACWithVersionByte(messageProto, keys[1], mac, (2 << 4) | 2);
var iv = getString(intToArrayBuffer(message.counter)); var iv = getString(intToArrayBuffer(message.counter));
decryptAESCTR(message.ciphertext, keys[0], iv).then(function(plaintext) { return decryptAESCTR(message.ciphertext, keys[0], iv).then(function(plaintext) {
//TODO: removeOldChains(session); //TODO: removeOldChains(session);
delete session['pendingPreKey']; delete session['pendingPreKey'];
crypto_storage.saveSession(encodedNumber, session); crypto_storage.saveSession(encodedNumber, session);
callback(decodePushMessageContentProtobuf(plaintext)); return decodePushMessageContentProtobuf(getString(plaintext));
}); });
}); });
}); });
@ -802,10 +798,10 @@ var crypto_tests = {};
var ivAndCipherText = decodedMessage.subarray(1, decodedMessage.length - 10); var ivAndCipherText = decodedMessage.subarray(1, decodedMessage.length - 10);
var mac = decodedMessage.subarray(decodedMessage.length - 10, decodedMessage.length); var mac = decodedMessage.subarray(decodedMessage.length - 10, decodedMessage.length);
verifyMACWithVersionByte(ivAndCipherText, mac_key, mac); return verifyMACWithVersionByte(ivAndCipherText, mac_key, mac).then(function() {
return decryptAESCBC(ciphertext, aes_key, iv);
return decryptAESCBC(ciphertext, aes_key, iv); });
} };
crypto.handleIncomingPushMessageProto = function(proto, callback) { crypto.handleIncomingPushMessageProto = function(proto, callback) {
switch(proto.type) { switch(proto.type) {
@ -813,7 +809,7 @@ var crypto_tests = {};
callback({message: decodePushMessageContentProtobuf(getString(proto.message)), pushMessage:proto}); callback({message: decodePushMessageContentProtobuf(getString(proto.message)), pushMessage:proto});
break; break;
case 1: //TYPE_MESSAGE_CIPHERTEXT case 1: //TYPE_MESSAGE_CIPHERTEXT
decryptWhisperMessage(proto.source, getString(proto.message), function(result) { decryptWhisperMessage(proto.source, getString(proto.message)).then(function(result) {
callback({message: result, pushMessage: proto}); callback({message: result, pushMessage: proto});
}); });
break; break;
@ -821,8 +817,8 @@ var crypto_tests = {};
if (proto.message.readUint8() != (2 << 4 | 2)) if (proto.message.readUint8() != (2 << 4 | 2))
throw new Error("Bad version byte"); throw new Error("Bad version byte");
var preKeyProto = decodePreKeyWhisperMessageProtobuf(getString(proto.message)); var preKeyProto = decodePreKeyWhisperMessageProtobuf(getString(proto.message));
initSessionFromPreKeyWhisperMessage(proto.source, preKeyProto, function() { initSessionFromPreKeyWhisperMessage(proto.source, preKeyProto).then(function() {
decryptWhisperMessage(proto.source, getString(preKeyProto.message), function(result) { decryptWhisperMessage(proto.source, getString(preKeyProto.message)).then(function(result) {
callback({message: result, pushMessage: proto}); callback({message: result, pushMessage: proto});
}); });
}); });
@ -834,29 +830,28 @@ var crypto_tests = {};
crypto.encryptMessageFor = function(deviceObject, pushMessageContent, callback) { crypto.encryptMessageFor = function(deviceObject, pushMessageContent, callback) {
var session = crypto_storage.getSession(deviceObject.encodedNumber); var session = crypto_storage.getSession(deviceObject.encodedNumber);
var doEncryptPushMessageContent = function(callback) { var doEncryptPushMessageContent = function() {
var msg = new WhisperMessageProtobuf(); var msg = new WhisperMessageProtobuf();
var plaintext = toArrayBuffer(pushMessageContent.encode()); var plaintext = toArrayBuffer(pushMessageContent.encode());
msg.ephemeralKey = toArrayBuffer(session.currentRatchet.ephemeralKeyPair.pubKey); msg.ephemeralKey = toArrayBuffer(session.currentRatchet.ephemeralKeyPair.pubKey);
var chain = session[getString(msg.ephemeralKey)]; var chain = session[getString(msg.ephemeralKey)];
fillMessageKeys(chain, chain.counter + 1).then(function() { return fillMessageKeys(chain, chain.chainKey.counter + 1).then(function() {
HKDF(chain.messageKeys[chain.chainKey.counter], '', "WhisperMessageKeys").then(function(keys) { return HKDF(chain.messageKeys[chain.chainKey.counter], '', "WhisperMessageKeys").then(function(keys) {
delete chain.messageKeys[chain.chainKey.counter]; delete chain.messageKeys[chain.chainKey.counter];
msg.counter = chain.chainKey.counter; msg.counter = chain.chainKey.counter;
msg.previousCounter = session.currentRatchet.previousCounter; msg.previousCounter = session.currentRatchet.previousCounter;
var iv = intToArrayBuffer(chain.counter); var iv = intToArrayBuffer(chain.chainKey.counter);
encryptAESCTR(plaintext, keys[0], iv).then(function(ciphertext) { return encryptAESCTR(plaintext, keys[0], iv).then(function(ciphertext) {
msg.ciphertext = ciphertext; msg.ciphertext = ciphertext;
var encodedMsg = getString(msg.encode()); var encodedMsg = getString(msg.encode());
calculateMACWithVersionByte(encodedMsg, keys[1], (2 << 4) | 2).then(function(mac) { return calculateMACWithVersionByte(encodedMsg, keys[1], (2 << 4) | 2).then(function(mac) {
var result = String.fromCharCode((2 << 4) | 2) + encodedMsg + mac.substring(0, 8); var result = String.fromCharCode((2 << 4) | 2) + encodedMsg + getString(mac).substring(0, 8);
crypto_storage.saveSession(deviceObject.encodedNumber, session); crypto_storage.saveSession(deviceObject.encodedNumber, session);
callback(result); return result;
}); });
}); });
}); });
@ -869,13 +864,13 @@ var crypto_tests = {};
preKeyMsg.registrationId = deviceObject.registrationId; preKeyMsg.registrationId = deviceObject.registrationId;
if (session === undefined) { if (session === undefined) {
createNewKeyPair(false, function(baseKey) { createNewKeyPair(false).then(function(baseKey) {
preKeyMsg.baseKey = toArrayBuffer(baseKey.pubKey); preKeyMsg.baseKey = toArrayBuffer(baseKey.pubKey);
initSession(true, baseKey, deviceObject.encodedNumber, deviceObject.identityKey, deviceObject.publicKey, function() { initSession(true, baseKey, deviceObject.encodedNumber, deviceObject.identityKey, deviceObject.publicKey).then(function() {
//TODO: Delete preKey info on first message received back //TODO: Delete preKey info on first message received back
session = crypto_storage.getSession(deviceObject.encodedNumber); session = crypto_storage.getSession(deviceObject.encodedNumber);
session.pendingPreKey = baseKey.pubKey; session.pendingPreKey = baseKey.pubKey;
doEncryptPushMessageContent(function(message) { doEncryptPushMessageContent().then(function(message) {
preKeyMsg.message = toArrayBuffer(message); preKeyMsg.message = toArrayBuffer(message);
var result = String.fromCharCode((2 << 4) | 2) + getString(preKeyMsg.encode()); var result = String.fromCharCode((2 << 4) | 2) + getString(preKeyMsg.encode());
callback({type: 3, body: result}); callback({type: 3, body: result});
@ -883,7 +878,7 @@ var crypto_tests = {};
}); });
}); });
} else } else
doEncryptPushMessageContent(function(message) { doEncryptPushMessageContent().then(function(message) {
if (session.pendingPreKey !== undefined) { if (session.pendingPreKey !== undefined) {
preKeyMsg.baseKey = toArrayBuffer(session.pendingPreKey); preKeyMsg.baseKey = toArrayBuffer(session.pendingPreKey);
preKeyMsg.message = toArrayBuffer(message); preKeyMsg.message = toArrayBuffer(message);

52
js/test.js
Unescape Escape View File

@ -140,7 +140,7 @@ registerOnLoadFunction(function() {
var bob_pub = hexToArrayBuffer("05de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f"); var bob_pub = hexToArrayBuffer("05de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f");
var shared_sec = hexToArrayBuffer("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"); var shared_sec = hexToArrayBuffer("4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742");
crypto_tests.privToPub(alice_priv, true, function(aliceKeyPair) { crypto_tests.privToPub(alice_priv, true).then(function(aliceKeyPair) {
var target = new Uint8Array(alice_priv.slice(0)); var target = new Uint8Array(alice_priv.slice(0));
target[0] &= 248; target[0] &= 248;
target[31] &= 127; target[31] &= 127;
@ -148,7 +148,7 @@ registerOnLoadFunction(function() {
if (String.fromCharCode.apply(null, new Uint8Array(aliceKeyPair.privKey)) != String.fromCharCode.apply(null, target)) if (String.fromCharCode.apply(null, new Uint8Array(aliceKeyPair.privKey)) != String.fromCharCode.apply(null, target))
callback(false); callback(false);
crypto_tests.privToPub(bob_priv, true, function(bobKeyPair) { crypto_tests.privToPub(bob_priv, true).then(function(bobKeyPair) {
var target = new Uint8Array(bob_priv.slice(0)); var target = new Uint8Array(bob_priv.slice(0));
target[0] &= 248; target[0] &= 248;
target[31] &= 127; target[31] &= 127;
@ -162,11 +162,11 @@ registerOnLoadFunction(function() {
if (String.fromCharCode.apply(null, new Uint8Array(bobKeyPair.pubKey)) != String.fromCharCode.apply(null, new Uint8Array(bob_pub))) if (String.fromCharCode.apply(null, new Uint8Array(bobKeyPair.pubKey)) != String.fromCharCode.apply(null, new Uint8Array(bob_pub)))
callback(false); callback(false);
crypto_tests.ECDHE(bobKeyPair.pubKey, aliceKeyPair.privKey, function(ss) { crypto_tests.ECDHE(bobKeyPair.pubKey, aliceKeyPair.privKey).then(function(ss) {
if (String.fromCharCode.apply(null, new Uint16Array(ss)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec))) if (String.fromCharCode.apply(null, new Uint16Array(ss)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec)))
callback(false); callback(false);
crypto_tests.ECDHE(aliceKeyPair.pubKey, bobKeyPair.privKey, function(ss) { crypto_tests.ECDHE(aliceKeyPair.pubKey, bobKeyPair.privKey).then(function(ss) {
if (String.fromCharCode.apply(null, new Uint16Array(ss)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec))) if (String.fromCharCode.apply(null, new Uint16Array(ss)) != String.fromCharCode.apply(null, new Uint16Array(shared_sec)))
callback(false); callback(false);
else else
@ -303,17 +303,17 @@ registerOnLoadFunction(function() {
} }
var privKeyQueue = []; var privKeyQueue = [];
crypto_tests.createNewKeyPair = function(isIdentity, callback) { crypto_tests.createNewKeyPair = function(isIdentity) {
if (privKeyQueue.length == 0 || isIdentity) if (privKeyQueue.length == 0 || isIdentity)
stepDone(false); stepDone(false);
else { else {
var privKey = privKeyQueue.shift(); var privKey = privKeyQueue.shift();
crypto_tests.privToPub(privKey, false, function(keyPair) { return crypto_tests.privToPub(privKey, false).then(function(keyPair) {
var a = btoa(getString(keyPair.privKey)); var b = btoa(getString(privKey)); var a = btoa(getString(keyPair.privKey)); var b = btoa(getString(privKey));
if (getString(keyPair.privKey) != getString(privKey)) if (getString(keyPair.privKey) != getString(privKey))
stepDone(false); stepDone(false);
else else
callback(keyPair); return keyPair;
}); });
} }
} }
@ -338,9 +338,9 @@ registerOnLoadFunction(function() {
} }
if (data.ourIdentityKey !== undefined) if (data.ourIdentityKey !== undefined)
crypto_tests.privToPub(data.ourIdentityKey, true, function(keyPair) { crypto_tests.privToPub(data.ourIdentityKey, true).then(function(keyPair) {
storage.putEncrypted("25519KeyidentityKey", keyPair); storage.putEncrypted("25519KeyidentityKey", keyPair);
crypto_tests.privToPub(data.ourPreKey, false, function(keyPair) { crypto_tests.privToPub(data.ourPreKey, false).then(function(keyPair) {
storage.putEncrypted("25519KeypreKey" + data.preKeyId, keyPair); storage.putEncrypted("25519KeypreKey" + data.preKeyId, keyPair);
postLocalKeySetup(); postLocalKeySetup();
}); });
@ -384,7 +384,7 @@ registerOnLoadFunction(function() {
privKeyQueue.push(data.ourEphemeralKey); privKeyQueue.push(data.ourEphemeralKey);
if (data.ourIdentityKey !== undefined) if (data.ourIdentityKey !== undefined)
crypto_tests.privToPub(data.ourIdentityKey, true, function(keyPair) { crypto_tests.privToPub(data.ourIdentityKey, true).then(function(keyPair) {
storage.putEncrypted("25519KeyidentityKey", keyPair); storage.putEncrypted("25519KeyidentityKey", keyPair);
postLocalKeySetup(); postLocalKeySetup();
}); });
@ -435,37 +435,37 @@ registerOnLoadFunction(function() {
var input = getString(hexToArrayBuffer('752cff52e4b90768558e5369e75d97c69643509a5e5904e0a386cbe4d0970ef73f918f675945a9aefe26daea27587e8dc909dd56fd0468805f834039b345f855cfe19c44b55af241fff3ffcd8045cd5c288e6c4e284c3720570b58e4d47b8feeedc52fd1401f698a209fccfa3b4c0d9a797b046a2759f82a54c41ccd7b5f592b')); var input = getString(hexToArrayBuffer('752cff52e4b90768558e5369e75d97c69643509a5e5904e0a386cbe4d0970ef73f918f675945a9aefe26daea27587e8dc909dd56fd0468805f834039b345f855cfe19c44b55af241fff3ffcd8045cd5c288e6c4e284c3720570b58e4d47b8feeedc52fd1401f698a209fccfa3b4c0d9a797b046a2759f82a54c41ccd7b5f592b'));
var mac = getString(hexToArrayBuffer('05d1243e6465ed9620c9aec1c351a186')); var mac = getString(hexToArrayBuffer('05d1243e6465ed9620c9aec1c351a186'));
HmacSHA256(key, input).then(function(result) { HmacSHA256(key, input).then(function(result) {
callback(result.substring(0, mac.length) === mac) callback(getString(result).substring(0, mac.length) === mac)
}); });
}, "HMAC SHA-256", true); }, "HMAC SHA-256", true);
TEST(function(callback) { TEST(function(callback) {
var key = getString(hexToArrayBuffer('2b7e151628aed2a6abf7158809cf4f3c')); var key = hexToArrayBuffer('2b7e151628aed2a6abf7158809cf4f3c');
var counter = getString(hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff')); var counter = hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff');
var plaintext = getString(hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a')); var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a');
var ciphertext = getString(hexToArrayBuffer('874d6191b620e3261bef6864990db6ce')); var ciphertext = hexToArrayBuffer('874d6191b620e3261bef6864990db6ce');
encryptAESCTR(plaintext, key, counter).then(function(result) { encryptAESCTR(plaintext, key, counter).then(function(result) {
callback(result === ciphertext); callback(getString(result) === getString(ciphertext));
}); });
}, "Encrypt AES-CTR", true); }, "Encrypt AES-CTR", true);
TEST(function(callback) { TEST(function(callback) {
var key = getString(hexToArrayBuffer('2b7e151628aed2a6abf7158809cf4f3c')); var key = hexToArrayBuffer('2b7e151628aed2a6abf7158809cf4f3c');
var counter = getString(hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff')); var counter = hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff');
var plaintext = getString(hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a')); var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a');
var ciphertext = getString(hexToArrayBuffer('874d6191b620e3261bef6864990db6ce')); var ciphertext = hexToArrayBuffer('874d6191b620e3261bef6864990db6ce');
decryptAESCTR(ciphertext, key, counter).then(function(result) { decryptAESCTR(ciphertext, key, counter).then(function(result) {
callback(result === plaintext); callback(getString(result) === getString(plaintext));
}); });
}, "Decrypt AES-CTR", true); }, "Decrypt AES-CTR", true);
TEST(function(callback) { TEST(function(callback) {
var key = getString(hexToArrayBuffer('603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4')); var key = hexToArrayBuffer('603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4');
var iv = getString(hexToArrayBuffer('000102030405060708090a0b0c0d0e0f')); var iv = hexToArrayBuffer('000102030405060708090a0b0c0d0e0f');
var plaintext = getString(hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710')); var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710');
var ciphertext = getString(hexToArrayBuffer('f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b3f461796d6b0d6b2e0c2a72b4d80e644')); var ciphertext = hexToArrayBuffer('f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b3f461796d6b0d6b2e0c2a72b4d80e644');
decryptAESCBC(ciphertext, key, iv).then(function(result) { decryptAESCBC(ciphertext, key, iv).then(function(result) {
callback(result === plaintext); callback(getString(result) === getString(plaintext));
}); });
}, "Decrypt AES-CBC", true); }, "Decrypt AES-CBC", true);

20
js/webcrypto.js
Unescape Escape View File

@ -41,28 +41,24 @@ window.crypto.subtle = (function() {
var args = Array.prototype.slice.call(arguments); var args = Array.prototype.slice.call(arguments);
args.shift(); args.shift();
return new Promise(function(resolve) { return new Promise(function(resolve) {
resolve(implementation.apply(this, args)); resolve(toArrayBuffer(implementation.apply(this, args)));
}); });
} }
// public interface functions // public interface functions
function encrypt(algorithm, key, data) { function encrypt(algorithm, key, data) {
if (algorithm.name === "AES-CTR") { if (algorithm.name === "AES-CTR")
return promise(encryptAESCTR, data, key, algorithm.counter); return promise(encryptAESCTR, data, key, algorithm.counter);
}
}; };
function decrypt(algorithm, key, data) { function decrypt(algorithm, key, data) {
if (algorithm.name === "AES-CTR") { if (algorithm.name === "AES-CTR")
return promise(decryptAESCTR, data, key, algorithm.counter); return promise(decryptAESCTR, data, key, algorithm.counter);
} if (algorithm.name === "AES-CBC")
if (algorithm.name === "AES-CBC") { return promise(decryptAESCBC, data, key, algorithm.iv);
return promise(decryptAESCBC, data, key, algorithm.iv);
}
}; };
function sign(algorithm, key, data) { function sign(algorithm, key, data) {
if (algorithm.name === "HMAC" && algorithm.hash === "SHA-256") { if (algorithm.name === "HMAC" && algorithm.hash === "SHA-256")
return promise(HmacSHA256, key, data); return promise(HmacSHA256, key, data);
}
}; };
return { return {

Write Preview
Loading…
Cancel
Save