Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use WebCryptoAPI for encryptAes and decryptAes (Prototype) #75

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
232 changes: 144 additions & 88 deletions lib/ake.js
Original file line number Diff line number Diff line change
Expand Up @@ -81,25 +81,38 @@
},

verifySignMac: function (mac, aesctr, m2, c, their_y, our_dh_pk, m1, ctr) {
// verify mac
var vmac = HLP.makeMac(aesctr, m2)
if (!HLP.compare(mac, vmac))
return ['MACs do not match.']

// decrypt x
var x = HLP.decryptAes(aesctr.substring(4), c, ctr)
x = HLP.splitype(['PUBKEY', 'INT', 'SIG'], x.toString(CryptoJS.enc.Latin1))

var m = hMac(their_y, our_dh_pk, x[0], x[1], m1)
var pub = DSA.parsePublic(x[0])

var r = HLP.bits2bigInt(x[2].substring(0, 20))
var s = HLP.bits2bigInt(x[2].substring(20))

// verify sign m
if (!DSA.verify(pub, m, r, s)) return ['Cannot verify signature of m.']
return new Promise(
function(resolve, reject) {
// verify mac
var vmac = HLP.makeMac(aesctr, m2)
if (!HLP.compare(mac, vmac)) {
resolve(['MACs do not match.'])
return
}

return [null, HLP.readLen(x[1]), pub]
// decrypt x
HLP.decryptAesAsync(aesctr.substring(4), c, ctr)
.then(function (x) {
x = HLP.splitype(['PUBKEY', 'INT', 'SIG'], x.toString(CryptoJS.enc.Latin1))

var m = hMac(their_y, our_dh_pk, x[0], x[1], m1)
var pub = DSA.parsePublic(x[0])

var r = HLP.bits2bigInt(x[2].substring(0, 20))
var s = HLP.bits2bigInt(x[2].substring(20))

// verify sign m
if (!DSA.verify(pub, m, r, s)) {
resolve(['Cannot verify signature of m.'])
return
}

resolve([null, HLP.readLen(x[1]), pub])
})
.catch(function (error) {
reject(error);
})
})
},

makeM: function (their_y, m1, c, m2) {
Expand All @@ -111,9 +124,19 @@
msg += BigInt.bigInt2bits(m[0], 20) // pad to 20 bytes
msg += BigInt.bigInt2bits(m[1], 20)
msg = CryptoJS.enc.Latin1.parse(msg)
var aesctr = HLP.packData(HLP.encryptAes(msg, c, HLP.packCtr(0)))
var mac = HLP.makeMac(aesctr, m2)
return aesctr + mac

return new Promise(
function(resolve, reject) {
HLP.encryptAesAsync(msg, c, HLP.packCtr(0))
.then(function (result) {
var aesctr = HLP.packData(result)
var mac = HLP.makeMac(aesctr, m2)
resolve(aesctr + mac)
})
.catch(function (error) {
reject(error)
})
})
},

akeSuccess: function (version) {
Expand Down Expand Up @@ -233,12 +256,20 @@

type = '\x11'
send = HLP.packMPI(this.r)
send += this.makeM(this.their_y, this.m1, this.c, this.m2)
this.makeM(this.their_y, this.m1, this.c, this.m2)
.then(function (result) {
send += result

this.sendMsg(version, type, send)
}.bind(this))
.catch(function (error) {
console.error('Error calling makeM: ' + error)
})

this.m1 = null
this.m2 = null
this.c = null
break
return

case '\x11':
HLP.debug.call(this.otr, 'signature message')
Expand All @@ -254,55 +285,72 @@
var key = CryptoJS.enc.Hex.parse(BigInt.bigInt2str(this.r, 16))
key = CryptoJS.enc.Latin1.stringify(key)

var gxmpi = HLP.decryptAes(this.encrypted, key, HLP.packCtr(0))
gxmpi = gxmpi.toString(CryptoJS.enc.Latin1)

this.their_y = HLP.readMPI(gxmpi)

// verify hash
var hash = CryptoJS.SHA256(CryptoJS.enc.Latin1.parse(gxmpi))

if (!HLP.compare(this.hashed, hash.toString(CryptoJS.enc.Latin1)))
return this.otr.error('Hashed g^x does not match.', true)

// verify gx is legal 2 <= g^x <= N-2
if (!HLP.checkGroup(this.their_y, N_MINUS_2))
return this.otr.error('Illegal g^x.', true)

this.createKeys(this.their_y)

vsm = this.verifySignMac(
msg[2]
, msg[1]
, this.m2
, this.c
, this.their_y
, this.our_dh.publicKey
, this.m1
, HLP.packCtr(0)
)
if (vsm[0]) return this.otr.error(vsm[0], true)

// store their key
this.their_keyid = vsm[1]
this.their_priv_pk = vsm[2]

send = this.makeM(
this.their_y
, this.m1_prime
, this.c_prime
, this.m2_prime
)

this.m1 = null
this.m2 = null
this.m1_prime = null
this.m2_prime = null
this.c = null
this.c_prime = null

this.sendMsg(version, '\x12', send)
this.akeSuccess(version)
HLP.decryptAesAsync(this.encrypted, key, HLP.packCtr(0))
.then(function (gxmpi) {
gxmpi = gxmpi.toString(CryptoJS.enc.Latin1)

this.their_y = HLP.readMPI(gxmpi)

// verify hash
var hash = CryptoJS.SHA256(CryptoJS.enc.Latin1.parse(gxmpi))

if (!HLP.compare(this.hashed, hash.toString(CryptoJS.enc.Latin1)))
return this.otr.error('Hashed g^x does not match.', true)

// verify gx is legal 2 <= g^x <= N-2
if (!HLP.checkGroup(this.their_y, N_MINUS_2))
return this.otr.error('Illegal g^x.', true)

this.createKeys(this.their_y)

this.verifySignMac(
msg[2]
, msg[1]
, this.m2
, this.c
, this.their_y
, this.our_dh.publicKey
, this.m1
, HLP.packCtr(0)
).then(function (vsm) {
if (vsm[0]) {
console.error("OTR error: " + vsm[0]);
this.otr.error(vsm[0], true)
return
}

// store their key
this.their_keyid = vsm[1]
this.their_priv_pk = vsm[2]

this.makeM(
this.their_y
, this.m1_prime
, this.c_prime
, this.m2_prime
).then(function (send) {
this.m1 = null
this.m2 = null
this.m1_prime = null
this.m2_prime = null
this.c = null
this.c_prime = null

this.sendMsg(version, '\x12', send)
this.akeSuccess(version)
}.bind(this))
.catch(function (error) {
console.error("OTR makeM error: " + error);
})

}.bind(this))
.catch(function (error) {
console.error("OTR verify error: " + error);
})
}.bind(this))
.catch(function (error) {
console.error("OTR decrypt error: " + error);
})
return

case '\x12':
Expand All @@ -313,7 +361,7 @@

msg = HLP.splitype(['DATA', 'MAC'], msg.msg)

vsm = this.verifySignMac(
this.verifySignMac(
msg[1]
, msg[0]
, this.m2_prime
Expand All @@ -322,19 +370,27 @@
, this.our_dh.publicKey
, this.m1_prime
, HLP.packCtr(0)
)
if (vsm[0]) return this.otr.error(vsm[0], true)
).then(function (vsm) {
if (vsm[0]) {
console.error("OTR error: " + vsm[0]);
this.otr.error(vsm[0], true)
return
}

// store their key
this.their_keyid = vsm[1]
this.their_priv_pk = vsm[2]
// store their key
this.their_keyid = vsm[1]
this.their_priv_pk = vsm[2]

this.m1_prime = null
this.m2_prime = null
this.c_prime = null
this.m1_prime = null
this.m2_prime = null
this.c_prime = null

this.transmittedRS = true
this.akeSuccess(version)
this.transmittedRS = true
this.akeSuccess(version)
}.bind(this))
.catch(function (error) {
console.error("OTR error: " + error);
})
return

default:
Expand Down Expand Up @@ -388,12 +444,12 @@
this.myhashed = CryptoJS.SHA256(gxmpi)
this.myhashed = HLP.packData(this.myhashed.toString(CryptoJS.enc.Latin1))

this.dhcommit = HLP.packData(HLP.encryptAes(gxmpi, key, HLP.packCtr(0)))
this.dhcommit += this.myhashed

this.sendMsg(version, '\x02', this.dhcommit)
HLP.encryptAesAsync(gxmpi, key, HLP.packCtr(0)).then(function(encrypted){
this.dhcommit = encrypted
this.dhcommit += this.myhashed
this.sendMsg(version, '\x02', this.dhcommit)
}.bind(this))
}

}

}).call(this)
Loading