Merge pull request #470 from mozilla/remove-hash
removed the file sha256 hash
This commit is contained in:
commit
5844a9a03c
@ -41,10 +41,6 @@ function download() {
|
|||||||
document.l10n.formatValue('decryptingFile').then(progress.setText);
|
document.l10n.formatValue('decryptingFile').then(progress.setText);
|
||||||
});
|
});
|
||||||
|
|
||||||
fileReceiver.on('hashing', () => {
|
|
||||||
document.l10n.formatValue('verifyingFile').then(progress.setText);
|
|
||||||
});
|
|
||||||
|
|
||||||
fileReceiver
|
fileReceiver
|
||||||
.download()
|
.download()
|
||||||
.catch(err => {
|
.catch(err => {
|
||||||
|
@ -45,7 +45,6 @@ class FileReceiver extends EventEmitter {
|
|||||||
resolve([
|
resolve([
|
||||||
{
|
{
|
||||||
data: this.result,
|
data: this.result,
|
||||||
aad: meta.aad,
|
|
||||||
filename: meta.filename,
|
filename: meta.filename,
|
||||||
iv: meta.id
|
iv: meta.id
|
||||||
},
|
},
|
||||||
@ -69,7 +68,6 @@ class FileReceiver extends EventEmitter {
|
|||||||
{
|
{
|
||||||
name: 'AES-GCM',
|
name: 'AES-GCM',
|
||||||
iv: hexToArray(fdata.iv),
|
iv: hexToArray(fdata.iv),
|
||||||
additionalData: hexToArray(fdata.aad),
|
|
||||||
tagLength: 128
|
tagLength: 128
|
||||||
},
|
},
|
||||||
key,
|
key,
|
||||||
@ -78,26 +76,8 @@ class FileReceiver extends EventEmitter {
|
|||||||
.then(decrypted => {
|
.then(decrypted => {
|
||||||
return Promise.resolve(decrypted);
|
return Promise.resolve(decrypted);
|
||||||
}),
|
}),
|
||||||
fdata.filename,
|
decodeURIComponent(fdata.filename)
|
||||||
hexToArray(fdata.aad)
|
|
||||||
]);
|
]);
|
||||||
})
|
|
||||||
.then(([decrypted, fname, proposedHash]) => {
|
|
||||||
this.emit('hashing');
|
|
||||||
return window.crypto.subtle
|
|
||||||
.digest('SHA-256', decrypted)
|
|
||||||
.then(calculatedHash => {
|
|
||||||
const integrity =
|
|
||||||
new Uint8Array(calculatedHash).toString() ===
|
|
||||||
proposedHash.toString();
|
|
||||||
if (!integrity) {
|
|
||||||
this.emit('unsafe', true);
|
|
||||||
return Promise.reject();
|
|
||||||
} else {
|
|
||||||
this.emit('safe', true);
|
|
||||||
return Promise.all([decrypted, decodeURIComponent(fname)]);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -48,37 +48,30 @@ class FileSender extends EventEmitter {
|
|||||||
const reader = new FileReader();
|
const reader = new FileReader();
|
||||||
reader.readAsArrayBuffer(this.file);
|
reader.readAsArrayBuffer(this.file);
|
||||||
reader.onload = function(event) {
|
reader.onload = function(event) {
|
||||||
self.emit('hashing');
|
|
||||||
const plaintext = new Uint8Array(this.result);
|
const plaintext = new Uint8Array(this.result);
|
||||||
window.crypto.subtle.digest('SHA-256', plaintext).then(hash => {
|
resolve(plaintext);
|
||||||
self.emit('encrypting');
|
|
||||||
resolve({ plaintext: plaintext, hash: new Uint8Array(hash) });
|
|
||||||
});
|
|
||||||
};
|
};
|
||||||
reader.onerror = function(err) {
|
reader.onerror = function(err) {
|
||||||
reject(err);
|
reject(err);
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
])
|
])
|
||||||
.then(([secretKey, file]) => {
|
.then(([secretKey, plaintext]) => {
|
||||||
|
self.emit('encrypting');
|
||||||
return Promise.all([
|
return Promise.all([
|
||||||
window.crypto.subtle.encrypt(
|
window.crypto.subtle.encrypt(
|
||||||
{
|
{
|
||||||
name: 'AES-GCM',
|
name: 'AES-GCM',
|
||||||
iv: this.iv,
|
iv: this.iv,
|
||||||
additionalData: file.hash,
|
|
||||||
tagLength: 128
|
tagLength: 128
|
||||||
},
|
},
|
||||||
secretKey,
|
secretKey,
|
||||||
file.plaintext
|
plaintext
|
||||||
),
|
),
|
||||||
window.crypto.subtle.exportKey('jwk', secretKey),
|
window.crypto.subtle.exportKey('jwk', secretKey)
|
||||||
new Promise((resolve, reject) => {
|
|
||||||
resolve(file.hash);
|
|
||||||
})
|
|
||||||
]);
|
]);
|
||||||
})
|
})
|
||||||
.then(([encrypted, keydata, hash]) => {
|
.then(([encrypted, keydata]) => {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
const file = this.file;
|
const file = this.file;
|
||||||
const fileId = arrayToHex(this.iv);
|
const fileId = arrayToHex(this.iv);
|
||||||
@ -114,7 +107,6 @@ class FileSender extends EventEmitter {
|
|||||||
xhr.setRequestHeader(
|
xhr.setRequestHeader(
|
||||||
'X-File-Metadata',
|
'X-File-Metadata',
|
||||||
JSON.stringify({
|
JSON.stringify({
|
||||||
aad: arrayToHex(hash),
|
|
||||||
id: fileId,
|
id: fileId,
|
||||||
filename: encodeURIComponent(file.name)
|
filename: encodeURIComponent(file.name)
|
||||||
})
|
})
|
||||||
|
@ -169,10 +169,6 @@ $(() => {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
fileSender.on('hashing', () => {
|
|
||||||
document.l10n.formatValue('verifyingFile').then(progress.setText);
|
|
||||||
});
|
|
||||||
|
|
||||||
fileSender.on('encrypting', () => {
|
fileSender.on('encrypting', () => {
|
||||||
document.l10n.formatValue('encryptingFile').then(progress.setText);
|
document.l10n.formatValue('encryptingFile').then(progress.setText);
|
||||||
});
|
});
|
||||||
|
@ -225,7 +225,6 @@ app.post('/upload', (req, res, next) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (
|
if (
|
||||||
!meta.hasOwnProperty('aad') ||
|
|
||||||
!meta.hasOwnProperty('id') ||
|
!meta.hasOwnProperty('id') ||
|
||||||
!meta.hasOwnProperty('filename') ||
|
!meta.hasOwnProperty('filename') ||
|
||||||
!validateIV(meta.id)
|
!validateIV(meta.id)
|
||||||
|
Loading…
Reference in New Issue
Block a user