From 1574acb37b86ace7bf2eabf0d4858fc3752651f8 Mon Sep 17 00:00:00 2001 From: JC Brand Date: Tue, 10 Sep 2013 22:37:12 +0200 Subject: [PATCH] Save the private key and instance tag in session storage. --- converse.js | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/converse.js b/converse.js index c5ed33ac2..8b646201c 100644 --- a/converse.js +++ b/converse.js @@ -317,34 +317,40 @@ }, getSession: function () { - var saved_key = this.get('priv_key'); + // XXX: sessionStorage is not supported in IE < 8. Perhaps a + // user alert is required here... + var saved_key = window.sessionStorage[hex_sha1(this.id+'priv_key')]; + var instance_tag = window.sessionStorage[hex_sha1(this.id+'instance_tag')]; var cipher = crypto.lib.PasswordBasedCipher; var pass = converse.connection.pass; var result, key; - if (saved_key) { + if (saved_key && instance_tag) { var decrypted = cipher.decrypt(crypto.algo.AES, saved_key, pass); key = otr.DSA.parsePrivate(decrypted.toString(crypto.enc.Latin1)); if (cipher.decrypt(crypto.algo.AES, this.get('pass_check'), pass).toString(crypto.enc.Latin1) === 'match') { // Verified that the user's password is still the same + this.trigger('showHelpMessages', [__('Re-establishing encrypted session')]); return { 'key': key, - 'instance_tag': this.get('instance_tag') + 'instance_tag': instance_tag }; } } - // We need to generate a new key + // We need to generate a new key and instance tag result = alert(__( 'Your browser needs to generate a private key, which will be used '+ 'in your encrypted chat session. This can take up to 30 seconds and '+ 'your browser might freeze and become unresponsive.')); + instance_tag = otr.OTR.makeInstanceTag(); key = new otr.DSA(); - var instance_tag = otr.OTR.makeInstanceTag(); + // Encrypt the key and set in sessionStorage. Also store + // instance tag + window.sessionStorage[hex_sha1(this.id+'priv_key')] = + cipher.encrypt(crypto.algo.AES, key.packPrivate(), pass).toString(); + window.sessionStorage[hex_sha1(this.id+'instance_tag')] = instance_tag; + this.trigger('showHelpMessages', [__('Private key generated.')]); - this.save({ - 'priv_key': cipher.encrypt(crypto.algo.AES, key.packPrivate(), pass).toString(), - 'pass_check': cipher.encrypt(crypto.algo.AES, 'match', pass).toString(), - 'instance_tag': instance_tag - }); + this.save({'pass_check': cipher.encrypt(crypto.algo.AES, 'match', pass).toString()}); return { 'key': key, 'instance_tag': instance_tag @@ -401,6 +407,7 @@ // If 'query_msg' is passed in, it means there is an alread incoming // query message from our buddy. Otherwise, it is us who will // send the query message to them. + this.save({'otr_status': UNENCRYPTED}); session = this.getSession(); this.otr = new otr.OTR({ fragment_size: 140,