keejef
/
session-desktop
mirror of https://github.com/oxen-io/session-desktop
2
0
Fork 0
Code Issues 8 Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
unstable
feature/update-crowdin-translations
master
audit2
show
audit
v1.9.1
v1.9.0
v1.8.6
v1.8.5
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.9
v1.7.8
v1.7.7
v1.7.6
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.11
v1.6.10
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.11
v1.4.10
v1.4.1
v1.4.0
v1.3.1
v1.3.0
v1.2.1
v1.2.0
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.2
v1.13.1
v1.13.0
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.12.0
v1.11.5
v1.11.4
v1.11.3
v1.11.2
v1.11.1
v1.11.0
v1.10.8
v1.10.7
v1.10.6
v1.10.5
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.1.2
v1.1.1
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '232e906650'
${ noResults }
session-desktop/libtextsecure/crypto.js

189 lines
7.9 KiB
JavaScript
Raw Blame History

/*
* vim: ts=4:sw=4:expandtab
*/
;(function(){
'use strict';
var encrypt = libsignal.crypto.encrypt;
var decrypt = libsignal.crypto.decrypt;
var calculateMAC = libsignal.crypto.calculateMAC;
var verifyMAC = libsignal.crypto.verifyMAC;
var PROFILE_IV_LENGTH = 12; // bytes
var PROFILE_KEY_LENGTH = 32; // bytes
var PROFILE_TAG_LENGTH = 128; // bits
var PROFILE_NAME_PADDED_LENGTH = 26; // bytes
function verifyDigest(data, theirDigest) {
return crypto.subtle.digest({name: 'SHA-256'}, data).then(function(ourDigest) {
var a = new Uint8Array(ourDigest);
var b = new Uint8Array(theirDigest);
var result = 0;
for (var i=0; i < theirDigest.byteLength; ++i) {
result = result | (a[i] ^ b[i]);
}
if (result !== 0) {
throw new Error('Bad digest');
}
});
}
function calculateDigest(data) {
return crypto.subtle.digest({name: 'SHA-256'}, data);
}
window.textsecure = window.textsecure || {};
window.textsecure.crypto = {
// Decrypts message into a raw string
decryptWebsocketMessage: function(message, signaling_key) {
var decodedMessage = message.toArrayBuffer();
if (signaling_key.byteLength != 52) {
throw new Error("Got invalid length signaling_key");
}
if (decodedMessage.byteLength < 1 + 16 + 10) {
throw new Error("Got invalid length message");
}
if (new Uint8Array(decodedMessage)[0] != 1) {
throw new Error("Got bad version number: " + decodedMessage[0]);
}
var aes_key = signaling_key.slice(0, 32);
var mac_key = signaling_key.slice(32, 32 + 20);
var iv = decodedMessage.slice(1, 1 + 16);
var ciphertext = decodedMessage.slice(1 + 16, decodedMessage.byteLength - 10);
var ivAndCiphertext = decodedMessage.slice(0, decodedMessage.byteLength - 10);
var mac = decodedMessage.slice(decodedMessage.byteLength - 10, decodedMessage.byteLength);
return verifyMAC(ivAndCiphertext, mac_key, mac, 10).then(function() {
return decrypt(aes_key, ciphertext, iv);
});
},
decryptAttachment: function(encryptedBin, keys, theirDigest) {
if (keys.byteLength != 64) {
throw new Error("Got invalid length attachment keys");
}
if (encryptedBin.byteLength < 16 + 32) {
throw new Error("Got invalid length attachment");
}
var aes_key = keys.slice(0, 32);
var mac_key = keys.slice(32, 64);
var iv = encryptedBin.slice(0, 16);
var ciphertext = encryptedBin.slice(16, encryptedBin.byteLength - 32);
var ivAndCiphertext = encryptedBin.slice(0, encryptedBin.byteLength - 32);
var mac = encryptedBin.slice(encryptedBin.byteLength - 32, encryptedBin.byteLength);
return verifyMAC(ivAndCiphertext, mac_key, mac, 32).then(function() {
if (theirDigest !== null) {
return verifyDigest(encryptedBin, theirDigest);
}
}).then(function() {
return decrypt(aes_key, ciphertext, iv);
});
},
encryptAttachment: function(plaintext, keys, iv) {
if (!(plaintext instanceof ArrayBuffer) && !ArrayBuffer.isView(plaintext)) {
throw new TypeError(
'`plaintext` must be an `ArrayBuffer` or `ArrayBufferView`; got: ' +
typeof plaintext
);
}
if (keys.byteLength != 64) {
throw new Error("Got invalid length attachment keys");
}
if (iv.byteLength != 16) {
throw new Error("Got invalid length attachment iv");
}
var aes_key = keys.slice(0, 32);
var mac_key = keys.slice(32, 64);
return encrypt(aes_key, plaintext, iv).then(function(ciphertext) {
var ivAndCiphertext = new Uint8Array(16 + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), 16);
return calculateMAC(mac_key, ivAndCiphertext.buffer).then(function(mac) {
var encryptedBin = new Uint8Array(16 + ciphertext.byteLength + 32);
encryptedBin.set(ivAndCiphertext);
encryptedBin.set(new Uint8Array(mac), 16 + ciphertext.byteLength);
return calculateDigest(encryptedBin.buffer).then(function(digest) {
return { ciphertext: encryptedBin.buffer, digest: digest };
});
});
});
},
encryptProfile: function(data, key) {
var iv = libsignal.crypto.getRandomBytes(PROFILE_IV_LENGTH);
if (key.byteLength != PROFILE_KEY_LENGTH) {
throw new Error("Got invalid length profile key");
}
if (iv.byteLength != PROFILE_IV_LENGTH) {
throw new Error("Got invalid length profile iv");
}
return crypto.subtle.importKey('raw', key, {name: 'AES-GCM'}, false, ['encrypt']).then(function(key) {
return crypto.subtle.encrypt({name: 'AES-GCM', iv: iv, tagLength: PROFILE_TAG_LENGTH}, key, data).then(function(ciphertext) {
var ivAndCiphertext = new Uint8Array(PROFILE_IV_LENGTH + ciphertext.byteLength);
ivAndCiphertext.set(new Uint8Array(iv));
ivAndCiphertext.set(new Uint8Array(ciphertext), PROFILE_IV_LENGTH);
return ivAndCiphertext.buffer;
});
});
},
decryptProfile: function(data, key) {
if (data.byteLength < 12 + 16 + 1) {
throw new Error("Got too short input: " + data.byteLength);
}
var iv = data.slice(0, PROFILE_IV_LENGTH);
var ciphertext = data.slice(PROFILE_IV_LENGTH, data.byteLength);
if (key.byteLength != PROFILE_KEY_LENGTH) {
throw new Error("Got invalid length profile key");
}
if (iv.byteLength != PROFILE_IV_LENGTH) {
throw new Error("Got invalid length profile iv");
}
var error = new Error(); // save stack
return crypto.subtle.importKey('raw', key, {name: 'AES-GCM'}, false, ['decrypt']).then(function(key) {
return crypto.subtle.decrypt({name: 'AES-GCM', iv: iv, tagLength: PROFILE_TAG_LENGTH}, key, ciphertext).catch(function(e) {
if (e.name === 'OperationError') {
// bad mac, basically.
error.message = 'Failed to decrypt profile data. Most likely the profile key has changed.';
error.name = 'ProfileDecryptError';
throw error;
}
});
});
},
encryptProfileName: function(name, key) {
var padded = new Uint8Array(PROFILE_NAME_PADDED_LENGTH);
padded.set(new Uint8Array(name));
return textsecure.crypto.encryptProfile(padded.buffer, key);
},
decryptProfileName: function(encryptedProfileName, key) {
var data = dcodeIO.ByteBuffer.wrap(encryptedProfileName, 'base64').toArrayBuffer();
return textsecure.crypto.decryptProfile(data, key).then(function(decrypted) {
// unpad
var name = '';
var padded = new Uint8Array(decrypted);
for (var i = padded.length; i > 0; i--) {
if (padded[i-1] !== 0x00) {
break;
}
}
return dcodeIO.ByteBuffer.wrap(padded).slice(0, i).toArrayBuffer();
});
},
getRandomBytes: function(size) {
return libsignal.crypto.getRandomBytes(size);
}
};
})();
Reference in New Issue View Git Blame Copy Permalink