From dc4682eaf5606cb58cb0447bc9738e26f414561a Mon Sep 17 00:00:00 2001 From: Abhinav Adduri Date: Mon, 10 Jul 2017 11:25:03 -0700 Subject: [PATCH] added checksums --- frontend/src/fileReceiver.js | 27 ++++++++++++++++++++++++--- frontend/src/fileSender.js | 19 +++++++++++-------- 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/frontend/src/fileReceiver.js b/frontend/src/fileReceiver.js index 5e363140..d6b8cc00 100644 --- a/frontend/src/fileReceiver.js +++ b/frontend/src/fileReceiver.js @@ -68,17 +68,38 @@ class FileReceiver extends EventEmitter { { name: 'AES-GCM', iv: hexToArray(fdata.iv), - additionalData: hexToArray(fdata.aad), - tagLength: 128 + additionalData: hexToArray(fdata.aad) }, key, fdata.data ), new Promise((resolve, reject) => { resolve(fdata.filename); + }), + new Promise((resolve, reject) => { + resolve(hexToArray(fdata.aad)); }) ]); - }); + }).then(([decrypted, fname, proposedHash]) => { + return window.crypto.subtle.digest('SHA-256', decrypted).then(calculatedHash => { + const integrity = new Uint8Array(calculatedHash).toString() === proposedHash.toString(); + if (!integrity) { + return new Promise((resolve, reject) => { + console.log('This file has been tampered with.') + reject(); + }) + } + + return Promise.all([ + new Promise((resolve, reject) => { + resolve(decrypted); + }), + new Promise((resolve, reject) => { + resolve(fname); + }) + ]); + }) + }) } } diff --git a/frontend/src/fileSender.js b/frontend/src/fileSender.js index 132b868c..ee433928 100644 --- a/frontend/src/fileSender.js +++ b/frontend/src/fileSender.js @@ -8,7 +8,6 @@ class FileSender extends EventEmitter { super(); this.file = file; this.iv = window.crypto.getRandomValues(new Uint8Array(12)); - this.aad = window.crypto.getRandomValues(new Uint8Array(6)); } static delete(fileId, token) { @@ -54,28 +53,32 @@ class FileSender extends EventEmitter { const reader = new FileReader(); reader.readAsArrayBuffer(this.file); reader.onload = function(event) { - resolve(new Uint8Array(this.result)); + const plaintext = new Uint8Array(this.result); + window.crypto.subtle.digest('SHA-256', plaintext).then(hash => { + resolve({plaintext: plaintext, hash: new Uint8Array(hash)}); + }) }; }) ]) - .then(([secretKey, plaintext]) => { + .then(([secretKey, file]) => { return Promise.all([ window.crypto.subtle .encrypt( { name: 'AES-GCM', iv: this.iv, - additionalData: this.aad, + additionalData: file.hash, tagLength: 128 }, secretKey, - plaintext + file.plaintext ) .catch(err => console.log('Error with encrypting.')), - window.crypto.subtle.exportKey('jwk', secretKey) + window.crypto.subtle.exportKey('jwk', secretKey), + new Promise((resolve, reject) => { resolve(file.hash) }) ]); }) - .then(([encrypted, keydata]) => { + .then(([encrypted, keydata, hash]) => { return new Promise((resolve, reject) => { const file = this.file; const fileId = arrayToHex(this.iv); @@ -110,7 +113,7 @@ class FileSender extends EventEmitter { xhr.setRequestHeader( 'X-File-Metadata', JSON.stringify({ - aad: arrayToHex(this.aad), + aad: arrayToHex(hash), iv: fileId, filename: file.name })