From d09a6da4de32ce62b2845ab7492be205cb81c4ac Mon Sep 17 00:00:00 2001 From: Greg Fodor <gfodor@gmail.com> Date: Mon, 7 May 2018 22:30:27 -0700 Subject: [PATCH] e2e encryption working for xfer --- src/utils/crypto.js | 25 +++++++++++-------------- src/utils/xfer-channel.js | 4 ++-- 2 files changed, 13 insertions(+), 16 deletions(-) diff --git a/src/utils/crypto.js b/src/utils/crypto.js index 53280bfc6..53fd606e9 100644 --- a/src/utils/crypto.js +++ b/src/utils/crypto.js @@ -15,9 +15,7 @@ async function publicKeyToString(key) { } async function stringToPublicKey(s) { - return await crypto.subtle.importKey("jwk", JSON.parse(s), { name: "ECDH", namedCurve: "P-256" }, true, [ - "deriveKey" - ]); + return await crypto.subtle.importKey("jwk", JSON.parse(s), { name: "ECDH", namedCurve: "P-256" }, true, []); } function stringToArrayBuffer(s) { @@ -30,7 +28,8 @@ function stringToArrayBuffer(s) { return buf; } -function arrayBufferToString(buf) { +function arrayBufferToString(b) { + const buf = new Uint8Array(b); let s = ""; for (let i = 0; i < buf.byteLength; i++) { @@ -56,8 +55,11 @@ export async function generatePublicKeyAndEncryptedObject(incomingPublicKeyStrin const keyPair = await crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveKey"]); const publicKeyString = await publicKeyToString(keyPair.publicKey); const secret = await deriveKey(keyPair.privateKey, incomingPublicKey); + const encryptedData = btoa( - await crypto.subtle.encrypt({ name: "AES-CBC", iv }, secret, stringToArrayBuffer(JSON.stringify(obj))) + arrayBufferToString( + await crypto.subtle.encrypt({ name: "AES-CBC", iv }, secret, stringToArrayBuffer(JSON.stringify(obj))) + ) ); return { publicKeyString, encryptedData }; @@ -66,14 +68,9 @@ export async function generatePublicKeyAndEncryptedObject(incomingPublicKeyStrin // Requestor then takes the receiver's public key, the private key (returned from generateKeys()), and the data from the receiver. export async function decryptObject(publicKeyString, privateKey, base64value) { const iv = new Uint8Array(16); - const publicKey = await publicKeyToString(publicKeyString); + const publicKey = await stringToPublicKey(publicKeyString); const secret = await deriveKey(privateKey, publicKey); - - return JSON.parse( - arrayBufferToString( - new Uint8Array( - await crypto.subtle.decrypt({ name: "AES-CBC", iv }, secret, stringToArrayBuffer(atob(base64value))) - ) - ) - ); + const ciphertext = stringToArrayBuffer(atob(base64value)); + const data = await crypto.subtle.decrypt({ name: "AES-CBC", iv }, secret, ciphertext); + return JSON.parse(arrayBufferToString(data)); } diff --git a/src/utils/xfer-channel.js b/src/utils/xfer-channel.js index ac77f1617..e2fbfd5d6 100644 --- a/src/utils/xfer-channel.js +++ b/src/utils/xfer-channel.js @@ -55,7 +55,7 @@ export default class XferChannel { data.profile = { ...this.store.state.profile }; } - this.generatePublicKeyAndEncryptedObject(incoming.public_key).then( + generatePublicKeyAndEncryptedObject(incoming.public_key, data).then( ({ publicKeyString, encryptedData }) => { const payload = { target_session_id: incoming.reply_to_session_id, @@ -118,7 +118,7 @@ export default class XferChannel { finished = true; channel.leave(); - this.decryptObject(payload.public_key, privateKey, payload.data).then(resolve); + decryptObject(payload.public_key, privateKey, payload.data).then(resolve); }); channel.join().receive("error", r => console.error(r)); -- GitLab