dylan.derr/Send
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #106 from mozilla/gcm

Browse source 
Gcm
This commit is contained in:
Danny Coates 2017-07-10 12:50:18 -07:00 committed by GitHub
commit 2031158336
7 changed files with 165 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

65
frontend/src/fileReceiver.js
View file

@ -1,12 +1,9 @@
const EventEmitter = require('events');
const { strToIv } = require('./utils');
const Raven = window.Raven;
const { hexToArray } = require('./utils');
class FileReceiver extends EventEmitter {
constructor() {
super();
this.salt = strToIv(location.pathname.slice(10, -1));
}
download() {
@ -34,11 +31,12 @@ class FileReceiver extends EventEmitter {
const blob = new Blob([this.response]);
const fileReader = new FileReader();
fileReader.onload = function() {
const meta = JSON.parse(xhr.getResponseHeader('X-File-Metadata'));
resolve({
data: this.result,
fname: xhr
.getResponseHeader('Content-Disposition')
.match(/=(.+)/)[1]
aad: meta.aad,
filename: meta.filename,
iv: meta.id
});
};
@ -54,36 +52,53 @@ class FileReceiver extends EventEmitter {
{
kty: 'oct',
k: location.hash.slice(1),
alg: 'A128CBC',
alg: 'A128GCM',
ext: true
},
{
name: 'AES-CBC'
name: 'AES-GCM'
},
true,
['encrypt', 'decrypt']
)
])
.then(([fdata, key]) => {
const salt = this.salt;
]).then(([fdata, key]) => {
return Promise.all([
window.crypto.subtle.decrypt(
{
name: 'AES-GCM',
iv: hexToArray(fdata.iv),
additionalData: hexToArray(fdata.aad)
},
key,
fdata.data
),
new Promise((resolve, reject) => {
resolve(fdata.filename);
}),
new Promise((resolve, reject) => {
resolve(hexToArray(fdata.aad));
})
]);
}).then(([decrypted, fname, proposedHash]) => {
return window.crypto.subtle.digest('SHA-256', decrypted).then(calculatedHash => {
const integrity = new Uint8Array(calculatedHash).toString() === proposedHash.toString();
if (!integrity) {
return new Promise((resolve, reject) => {
console.log('This file has been tampered with.')
reject();
})
}
return Promise.all([
window.crypto.subtle.decrypt(
{
name: 'AES-CBC',
iv: salt
},
key,
fdata.data
),
new Promise((resolve, reject) => {
resolve(fdata.fname);
resolve(decrypted);
}),
new Promise((resolve, reject) => {
resolve(fname);
})
]);
})
.catch(err => {
Raven.captureException(err);
return Promise.reject(err);
});
})
}
}

70
frontend/src/fileSender.js
View file

@ -1,5 +1,5 @@
const EventEmitter = require('events');
const { ivToStr } = require('./utils');
const { arrayToHex } = require('./utils');
const Raven = window.Raven;
@ -7,7 +7,7 @@ class FileSender extends EventEmitter {
constructor(file) {
super();
this.file = file;
this.iv = window.crypto.getRandomValues(new Uint8Array(16));
this.iv = window.crypto.getRandomValues(new Uint8Array(12));
}
static delete(fileId, token) {
@ -37,46 +37,56 @@ class FileSender extends EventEmitter {
upload() {
return Promise.all([
window.crypto.subtle.generateKey(
{
name: 'AES-CBC',
length: 128
},
true,
['encrypt', 'decrypt']
),
window.crypto.subtle
.generateKey(
{
name: 'AES-GCM',
length: 128
},
true,
['encrypt', 'decrypt']
)
.catch(err =>
console.log('There was an error generating a crypto key')
),
new Promise((resolve, reject) => {
const reader = new FileReader();
reader.readAsArrayBuffer(this.file);
reader.onload = function(event) {
resolve(new Uint8Array(this.result));
const plaintext = new Uint8Array(this.result);
window.crypto.subtle.digest('SHA-256', plaintext).then(hash => {
resolve({plaintext: plaintext, hash: new Uint8Array(hash)});
})
};
reader.onerror = function(err) {
reject(err);
};
})
])
.then(([secretKey, plaintext]) => {
.then(([secretKey, file]) => {
return Promise.all([
window.crypto.subtle.encrypt(
{
name: 'AES-CBC',
iv: this.iv
},
secretKey,
plaintext
),
window.crypto.subtle.exportKey('jwk', secretKey)
window.crypto.subtle
.encrypt(
{
name: 'AES-GCM',
iv: this.iv,
additionalData: file.hash,
tagLength: 128
},
secretKey,
file.plaintext
),
window.crypto.subtle.exportKey('jwk', secretKey),
new Promise((resolve, reject) => { resolve(file.hash) })
]);
})
.then(([encrypted, keydata]) => {
.then(([encrypted, keydata, hash]) => {
return new Promise((resolve, reject) => {
const file = this.file;
const fileId = ivToStr(this.iv);
const fileId = arrayToHex(this.iv);
const dataView = new DataView(encrypted);
const blob = new Blob([dataView], { type: file.type });
const fd = new FormData();
fd.append('fname', file.name);
fd.append('data', blob, file.name);
const xhr = new XMLHttpRequest();
@ -94,14 +104,22 @@ class FileSender extends EventEmitter {
const responseObj = JSON.parse(xhr.responseText);
resolve({
url: responseObj.url,
fileId: fileId,
fileId: responseObj.id,
secretKey: keydata.k,
deleteToken: responseObj.uuid
});
}
};
xhr.open('post', '/upload/' + fileId, true);
xhr.open('post', '/upload', true);
xhr.setRequestHeader(
'X-File-Metadata',
JSON.stringify({
aad: arrayToHex(hash),
id: fileId,
filename: file.name
})
);
xhr.send(fd);
});
})

10
frontend/src/utils.js
View file

@ -1,4 +1,4 @@
function ivToStr(iv) {
function arrayToHex(iv) {
let hexStr = '';
for (const i in iv) {
if (iv[i] < 16) {
@ -11,8 +11,8 @@ function ivToStr(iv) {
return hexStr;
}
function strToIv(str) {
const iv = new Uint8Array(16);
function hexToArray(str) {
const iv = new Uint8Array(str.length / 2);
for (let i = 0; i < str.length; i += 2) {
iv[i / 2] = parseInt(str.charAt(i) + str.charAt(i + 1), 16);
}
@ -33,7 +33,7 @@ function notify(str) {
}
module.exports = {
ivToStr,
strToIv,
arrayToHex,
hexToArray,
notify
};