Chapril/drop.chapril.org-firefoxsend
Chapril/drop.chapril.org-firefoxsend
25
1
Fork 0
Code Issues Releases Activity

added checksums

Browse Source
This commit is contained in:
Abhinav Adduri 2017-07-10 11:25:03 -07:00
parent be470c6b6e
commit dc4682eaf5
2 changed files with 35 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
frontend/src/fileReceiver.js
View File

@ -68,17 +68,38 @@ class FileReceiver extends EventEmitter {
{ {
name: 'AES-GCM', name: 'AES-GCM',
iv: hexToArray(fdata.iv), iv: hexToArray(fdata.iv),
additionalData: hexToArray(fdata.aad), additionalData: hexToArray(fdata.aad)
tagLength: 128
}, },
key, key,
fdata.data fdata.data
), ),
new Promise((resolve, reject) => { new Promise((resolve, reject) => {
resolve(fdata.filename); resolve(fdata.filename);
}),
new Promise((resolve, reject) => {
resolve(hexToArray(fdata.aad));
}) })
]); ]);
}); }).then(([decrypted, fname, proposedHash]) => {
return window.crypto.subtle.digest('SHA-256', decrypted).then(calculatedHash => {
const integrity = new Uint8Array(calculatedHash).toString() === proposedHash.toString();
if (!integrity) {
return new Promise((resolve, reject) => {
console.log('This file has been tampered with.')
reject();
})
}
return Promise.all([
new Promise((resolve, reject) => {
resolve(decrypted);
}),
new Promise((resolve, reject) => {
resolve(fname);
})
]);
})
})
} }
} }

19
frontend/src/fileSender.js
View File

@ -8,7 +8,6 @@ class FileSender extends EventEmitter {
super(); super();
this.file = file; this.file = file;
this.iv = window.crypto.getRandomValues(new Uint8Array(12)); this.iv = window.crypto.getRandomValues(new Uint8Array(12));
this.aad = window.crypto.getRandomValues(new Uint8Array(6));
} }
static delete(fileId, token) { static delete(fileId, token) {
@ -54,28 +53,32 @@ class FileSender extends EventEmitter {
const reader = new FileReader(); const reader = new FileReader();
reader.readAsArrayBuffer(this.file); reader.readAsArrayBuffer(this.file);
reader.onload = function(event) { reader.onload = function(event) {
resolve(new Uint8Array(this.result)); const plaintext = new Uint8Array(this.result);
window.crypto.subtle.digest('SHA-256', plaintext).then(hash => {
resolve({plaintext: plaintext, hash: new Uint8Array(hash)});
})
}; };
}) })
]) ])
.then(([secretKey, plaintext]) => { .then(([secretKey, file]) => {
return Promise.all([ return Promise.all([
window.crypto.subtle window.crypto.subtle
.encrypt( .encrypt(
{ {
name: 'AES-GCM', name: 'AES-GCM',
iv: this.iv, iv: this.iv,
additionalData: this.aad, additionalData: file.hash,
tagLength: 128 tagLength: 128
}, },
secretKey, secretKey,
plaintext file.plaintext
) )
.catch(err => console.log('Error with encrypting.')), .catch(err => console.log('Error with encrypting.')),
window.crypto.subtle.exportKey('jwk', secretKey) window.crypto.subtle.exportKey('jwk', secretKey),
new Promise((resolve, reject) => { resolve(file.hash) })
]); ]);
}) })
.then(([encrypted, keydata]) => { .then(([encrypted, keydata, hash]) => {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const file = this.file; const file = this.file;
const fileId = arrayToHex(this.iv); const fileId = arrayToHex(this.iv);
@ -110,7 +113,7 @@ class FileSender extends EventEmitter {
xhr.setRequestHeader( xhr.setRequestHeader(
'X-File-Metadata', 'X-File-Metadata',
JSON.stringify({ JSON.stringify({
aad: arrayToHex(this.aad), aad: arrayToHex(hash),
iv: fileId, iv: fileId,
filename: file.name filename: file.name
}) })