Firstly, don't initialize textsecure.nativclient unless the browser
supports it. The mimetype-check trick is hewn from nacl-common.js.
Secondly, nativeclient crypto functions will all automatically wait for
the module to load before sending messages, so we needn't register any
onload callbacks outside nativeclient.js. (Previously, if you wanted to
do crypto with native client, you would have to register a call back and
wait for the module to load.) Now that the native client crypto is
encapsulated behind a nice interface, it can handle all that
onload-callback jazz internally: if the module isn't loaded when you
call a nativeclient function, return a promise that waits for the load
callback, and eventually resolves with the result of the requested
command. This removes the need for textsecure.registerOnLoadCallback.
Finally, although native client has its quirks, it's significantly
faster than the alternative (emscripten compiled js), so this commit
also lets the crypto backend use native client opportunistically, if
it's available, falling back to js if not, which should make us
compatible with older versions of chrome and chromium.
NB: this diff is best viewed with --ignore-whitespace
Distills crypto.js down to the hard cryptoey bones. It pulls from
webcrypto for aes and hmac, and from native client for curve25519 stuff
or potentially another object implementing the handful of needed
curve25519 functions.
Everything else formerly known as crypto, including session storage and
management, axolotl, etc.. is now protocol.js. The separation is not
quite perfect, but it's a big step.
nativeclient.js now enables talking to the native client module through
a high level interface as well as registering callbacks that will be
executed once the module is loaded. And it has tests!
Finally, this commit removes all references to the "testing_only"
object, preferring to run tests on textsecure.crypto instead.
When codes are sent they are formatted as xxx-xxx. Previously when I
would paste these from GVoice they failed validation thanks to the dash
and whatever whitespace I happened to grab.
Better load the functions defined in chromium.js before trying to use
them. Hmm.. also, options.js should probably wait for the DOM to load
before it tries to initialize things in it.
btoa expects a string argument, so when passing it the ArrayBuffer
object returned by getRandomBytes(), it's converted to a string by
calling .toString() on it. This always results in "[object ArrayBuffer]",
effectively resulting in a completely non-random password.
The details of the server API are now mostly relegated to api.js, and
accessed through the API container object, improving modularity and
readability, and setting us up to derive a FakeAPI for serverless
development.
lilia
Matt Corallo
Marco
Ventero