web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

handle errors when deriving keys. fix incorrect reference

Browse Source
This commit is contained in:
ansuz
2017-08-17 12:50:12 +02:00
parent 3315449114
commit f207edfd28
2 changed files with 27 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
www/common/common-messaging.js
View File

@@ -256,7 +256,7 @@ define([
var $friend = ui.getFriend(curvePublic); var $friend = ui.getFriend(curvePublic);
var $chat = ui.getChannel(curvePublic); var $chat = ui.getChannel(curvePublic);
$friend.remove(); $friend.remove();
$chat.remove(); if ($chat) { $chat.remove(); }
ui.showInfo(); ui.showInfo();
}; };
@@ -892,7 +892,7 @@ define([
var addToFriendList = Msg.addToFriendList = function (common, data, cb) { var addToFriendList = Msg.addToFriendList = function (common, data, cb) {
var proxy = common.getProxy(); var proxy = common.getProxy();
var friends = getFriendList(proxy); var friends = getFriendList(proxy);
var pubKey = data.curvePublic; var pubKey = data.curvePublic; // todo validata data
if (pubKey === proxy.curvePublic) { return void cb("E_MYKEY"); } if (pubKey === proxy.curvePublic) { return void cb("E_MYKEY"); }
@@ -938,7 +938,7 @@ define([
var todo = function (yes) { var todo = function (yes) {
if (yes) { if (yes) {
pending[sender] = msgData; pending[sender] = msgData;
msg = ["FRIEND_REQ_OK", chan, createData(common, msgData.channel)]; msg = ["FRIEND_REQ_OK", chan, createData(proxy, msgData.channel)];
} }
msgStr = Crypto.encrypt(JSON.stringify(msg), key); msgStr = Crypto.encrypt(JSON.stringify(msg), key);
network.sendto(sender, msgStr); network.sendto(sender, msgStr);
@@ -1005,7 +1005,7 @@ define([
if (!parsed.hashData) { return; } if (!parsed.hashData) { return; }
// Message // Message
var chan = parsed.hashData.channel; var chan = parsed.hashData.channel;
var myData = createData(common); var myData = createData(common.getProxy());
var msg = ["FRIEND_REQ", chan, myData]; var msg = ["FRIEND_REQ", chan, myData];
// Encryption // Encryption
var keyStr = parsed.hashData.key; var keyStr = parsed.hashData.key;

36
www/common/curve.js
View File

@@ -50,25 +50,35 @@ define([
}; };
Curve.deriveKeys = function (theirs, mine) { Curve.deriveKeys = function (theirs, mine) {
var pub = decodeBase64(theirs); try {
var secret = decodeBase64(mine); var pub = decodeBase64(theirs);
var secret = decodeBase64(mine);
var sharedSecret = Nacl.box.before(pub, secret); var sharedSecret = Nacl.box.before(pub, secret);
var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt'); var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt');
// 64 uint8s // 64 uint8s
var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret])); var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret]));
var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32)); var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32));
var cryptKey = hash.subarray(32, 64); var cryptKey = hash.subarray(32, 64);
return { return {
cryptKey: encodeBase64(cryptKey), cryptKey: encodeBase64(cryptKey),
signKey: encodeBase64(signKp.secretKey), signKey: encodeBase64(signKp.secretKey),
validateKey: encodeBase64(signKp.publicKey) validateKey: encodeBase64(signKp.publicKey)
}; };
} catch (e) {
console.error('invalid keys or other problem deriving keys');
console.error(e);
return null;
}
}; };
Curve.createEncryptor = function (keys) { Curve.createEncryptor = function (keys) {
if (!keys || typeof(keys) !== 'object') {
return void console.error("invalid input for createEncryptor");
}
var cryptKey = decodeBase64(keys.cryptKey); var cryptKey = decodeBase64(keys.cryptKey);
var signKey = decodeBase64(keys.signKey); var signKey = decodeBase64(keys.signKey);
var validateKey = decodeBase64(keys.validateKey); var validateKey = decodeBase64(keys.validateKey);