Merge pull request #470 from mozilla/remove-hash

removed the file sha256 hash
This commit is contained in:
Danny Coates 2017-08-07 14:42:53 -07:00 committed by GitHub
commit 5844a9a03c
5 changed files with 7 additions and 44 deletions

View File

@ -41,10 +41,6 @@ function download() {
document.l10n.formatValue('decryptingFile').then(progress.setText); document.l10n.formatValue('decryptingFile').then(progress.setText);
}); });
fileReceiver.on('hashing', () => {
document.l10n.formatValue('verifyingFile').then(progress.setText);
});
fileReceiver fileReceiver
.download() .download()
.catch(err => { .catch(err => {

View File

@ -45,7 +45,6 @@ class FileReceiver extends EventEmitter {
resolve([ resolve([
{ {
data: this.result, data: this.result,
aad: meta.aad,
filename: meta.filename, filename: meta.filename,
iv: meta.id iv: meta.id
}, },
@ -69,7 +68,6 @@ class FileReceiver extends EventEmitter {
{ {
name: 'AES-GCM', name: 'AES-GCM',
iv: hexToArray(fdata.iv), iv: hexToArray(fdata.iv),
additionalData: hexToArray(fdata.aad),
tagLength: 128 tagLength: 128
}, },
key, key,
@ -78,26 +76,8 @@ class FileReceiver extends EventEmitter {
.then(decrypted => { .then(decrypted => {
return Promise.resolve(decrypted); return Promise.resolve(decrypted);
}), }),
fdata.filename, decodeURIComponent(fdata.filename)
hexToArray(fdata.aad)
]); ]);
})
.then(([decrypted, fname, proposedHash]) => {
this.emit('hashing');
return window.crypto.subtle
.digest('SHA-256', decrypted)
.then(calculatedHash => {
const integrity =
new Uint8Array(calculatedHash).toString() ===
proposedHash.toString();
if (!integrity) {
this.emit('unsafe', true);
return Promise.reject();
} else {
this.emit('safe', true);
return Promise.all([decrypted, decodeURIComponent(fname)]);
}
});
}); });
} }
} }

View File

@ -48,37 +48,30 @@ class FileSender extends EventEmitter {
const reader = new FileReader(); const reader = new FileReader();
reader.readAsArrayBuffer(this.file); reader.readAsArrayBuffer(this.file);
reader.onload = function(event) { reader.onload = function(event) {
self.emit('hashing');
const plaintext = new Uint8Array(this.result); const plaintext = new Uint8Array(this.result);
window.crypto.subtle.digest('SHA-256', plaintext).then(hash => { resolve(plaintext);
self.emit('encrypting');
resolve({ plaintext: plaintext, hash: new Uint8Array(hash) });
});
}; };
reader.onerror = function(err) { reader.onerror = function(err) {
reject(err); reject(err);
}; };
}) })
]) ])
.then(([secretKey, file]) => { .then(([secretKey, plaintext]) => {
self.emit('encrypting');
return Promise.all([ return Promise.all([
window.crypto.subtle.encrypt( window.crypto.subtle.encrypt(
{ {
name: 'AES-GCM', name: 'AES-GCM',
iv: this.iv, iv: this.iv,
additionalData: file.hash,
tagLength: 128 tagLength: 128
}, },
secretKey, secretKey,
file.plaintext plaintext
), ),
window.crypto.subtle.exportKey('jwk', secretKey), window.crypto.subtle.exportKey('jwk', secretKey)
new Promise((resolve, reject) => {
resolve(file.hash);
})
]); ]);
}) })
.then(([encrypted, keydata, hash]) => { .then(([encrypted, keydata]) => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const file = this.file; const file = this.file;
const fileId = arrayToHex(this.iv); const fileId = arrayToHex(this.iv);
@ -114,7 +107,6 @@ class FileSender extends EventEmitter {
xhr.setRequestHeader( xhr.setRequestHeader(
'X-File-Metadata', 'X-File-Metadata',
JSON.stringify({ JSON.stringify({
aad: arrayToHex(hash),
id: fileId, id: fileId,
filename: encodeURIComponent(file.name) filename: encodeURIComponent(file.name)
}) })

View File

@ -169,10 +169,6 @@ $(() => {
}); });
}); });
fileSender.on('hashing', () => {
document.l10n.formatValue('verifyingFile').then(progress.setText);
});
fileSender.on('encrypting', () => { fileSender.on('encrypting', () => {
document.l10n.formatValue('encryptingFile').then(progress.setText); document.l10n.formatValue('encryptingFile').then(progress.setText);
}); });

View File

@ -225,7 +225,6 @@ app.post('/upload', (req, res, next) => {
} }
if ( if (
!meta.hasOwnProperty('aad') ||
!meta.hasOwnProperty('id') || !meta.hasOwnProperty('id') ||
!meta.hasOwnProperty('filename') || !meta.hasOwnProperty('filename') ||
!validateIV(meta.id) !validateIV(meta.id)