Chapril/xmpp.chapril.org-conversejs
Chapril/xmpp.chapril.org-conversejs
24
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
376c50fbc8
xmpp.chapril.org-conversejs/src/converse-otr.js
JC Brand 6f1ac50893 Move leaky MUC abstractions out of converse-chatview.js 
In the process also updated `updateSettings` to allow merging.
2016-10-27 14:56:31 +02:00

534 lines
26 KiB
JavaScript
Raw Blame History

// Converse.js (A browser based XMPP chat client)
// http://conversejs.org
//
// Copyright (c) 2012-2016, Jan-Carel Brand <jc@opkode.com>
// Licensed under the Mozilla Public License (MPLv2)
//
/*global Backbone, define, window, crypto, CryptoJS */
/* This is a Converse.js plugin which add support Off-the-record (OTR)
* encryption of one-on-one chat messages.
*/
(function (root, factory) {
define("converse-otr", [
"otr",
"converse-core",
"converse-api",
"tpl!toolbar_otr"
], factory);
}(this, function (otr, converse, converse_api, tpl_toolbar_otr) {
"use strict";
converse.templates.toolbar_otr = tpl_toolbar_otr;
// Strophe methods for building stanzas
var Strophe = converse_api.env.Strophe,
utils = converse_api.env.utils,
b64_sha1 = converse_api.env.b64_sha1;
// Other necessary globals
var $ = converse_api.env.jQuery,
_ = converse_api.env._;
// For translations
var __ = utils.__.bind(converse);
var HAS_CSPRNG = ((typeof crypto !== 'undefined') &&
((typeof crypto.randomBytes === 'function') ||
(typeof crypto.getRandomValues === 'function')
));
var HAS_CRYPTO = HAS_CSPRNG && (
(typeof CryptoJS !== "undefined") &&
(typeof otr.OTR !== "undefined") &&
(typeof otr.DSA !== "undefined")
);
var UNENCRYPTED = 0;
var UNVERIFIED= 1;
var VERIFIED= 2;
var FINISHED = 3;
var OTR_TRANSLATED_MAPPING = {}; // Populated in initialize
var OTR_CLASS_MAPPING = {};
OTR_CLASS_MAPPING[UNENCRYPTED] = 'unencrypted';
OTR_CLASS_MAPPING[UNVERIFIED] = 'unverified';
OTR_CLASS_MAPPING[VERIFIED] = 'verified';
OTR_CLASS_MAPPING[FINISHED] = 'finished';
converse_api.plugins.add('converse-otr', {
overrides: {
// Overrides mentioned here will be picked up by converse.js's
// plugin architecture they will replace existing methods on the
// relevant objects or classes.
//
// New functions which don't exist yet can also be added.
_initialize: function () {
this.__super__._initialize.apply(this, arguments);
this.otr = new this.OTR();
},
registerGlobalEventHandlers: function () {
this.__super__.registerGlobalEventHandlers();
$(document).click(function () {
if ($('.toggle-otr ul').is(':visible')) {
$('.toggle-otr ul', this).slideUp();
}
if ($('.toggle-smiley ul').is(':visible')) {
$('.toggle-smiley ul', this).slideUp();
}
});
},
wrappedChatBox: function (chatbox) {
var wrapped_chatbox = this.__super__.wrappedChatBox.apply(this, arguments);
if (!chatbox) { return; }
return _.extend(wrapped_chatbox, {
'endOTR': chatbox.endOTR.bind(chatbox),
'initiateOTR': chatbox.initiateOTR.bind(chatbox),
});
},
ChatBox: {
initialize: function () {
this.__super__.initialize.apply(this, arguments);
if (this.get('box_id') !== 'controlbox') {
this.save({
'otr_status': this.get('otr_status') || UNENCRYPTED
});
}
},
shouldPlayNotification: function ($message) {
/* Don't play a notification if this is an OTR message but
* encryption is not yet set up. That would mean that the
* OTR session is still being established, so there are no
* "visible" OTR messages being exchanged.
*/
return this.__super__.shouldPlayNotification.apply(this, arguments) &&
!(utils.isOTRMessage($message[0]) && !_.contains([UNVERIFIED, VERIFIED], this.get('otr_status')));
},
createMessage: function ($message, $delay, original_stanza) {
var converse = this.__super__.converse,
$body = $message.children('body'),
text = ($body.length > 0 ? $body.text() : undefined);
if ((!text) || (!converse.allow_otr)) {
return this.__super__.createMessage.apply(this, arguments);
}
if (text.match(/^\?OTRv23?/)) {
this.initiateOTR(text);
} else {
if (_.contains([UNVERIFIED, VERIFIED], this.get('otr_status'))) {
this.otr.receiveMsg(text);
} else {
if (text.match(/^\?OTR/)) {
if (!this.otr) {
this.initiateOTR(text);
} else {
this.otr.receiveMsg(text);
}
} else {
// Normal unencrypted message.
return this.__super__.createMessage.apply(this, arguments);
}
}
}
},
getSession: function (callback) {
var converse = this.__super__.converse;
var cipher = CryptoJS.lib.PasswordBasedCipher;
var pass, instance_tag, saved_key, pass_check;
if (converse.cache_otr_key) {
pass = converse.otr.getSessionPassphrase();
if (typeof pass !== "undefined") {
instance_tag = window.sessionStorage[b64_sha1(this.id+'instance_tag')];
saved_key = window.sessionStorage[b64_sha1(this.id+'priv_key')];
pass_check = window.sessionStorage[b64_sha1(this.connection.jid+'pass_check')];
if (saved_key && instance_tag && typeof pass_check !== 'undefined') {
var decrypted = cipher.decrypt(CryptoJS.algo.AES, saved_key, pass);
var key = otr.DSA.parsePrivate(decrypted.toString(CryptoJS.enc.Latin1));
if (cipher.decrypt(CryptoJS.algo.AES, pass_check, pass).toString(CryptoJS.enc.Latin1) === 'match') {
// Verified that the passphrase is still the same
this.trigger('showHelpMessages', [__('Re-establishing encrypted session')]);
callback({
'key': key,
'instance_tag': instance_tag
});
return; // Our work is done here
}
}
}
}
// We need to generate a new key and instance tag
this.trigger('showHelpMessages', [
__('Generating private key.'),
__('Your browser might become unresponsive.')],
null,
true // show spinner
);
window.setTimeout(function () {
var instance_tag = otr.OTR.makeInstanceTag();
callback({
'key': converse.otr.generatePrivateKey.call(this, instance_tag),
'instance_tag': instance_tag
});
}, 500);
},
updateOTRStatus: function (state) {
switch (state) {
case otr.OTR.CONST.STATUS_AKE_SUCCESS:
if (this.otr.msgstate === otr.OTR.CONST.MSGSTATE_ENCRYPTED) {
this.save({'otr_status': UNVERIFIED});
}
break;
case otr.OTR.CONST.STATUS_END_OTR:
if (this.otr.msgstate === otr.OTR.CONST.MSGSTATE_FINISHED) {
this.save({'otr_status': FINISHED});
} else if (this.otr.msgstate === otr.OTR.CONST.MSGSTATE_PLAINTEXT) {
this.save({'otr_status': UNENCRYPTED});
}
break;
}
},
onSMP: function (type, data) {
// Event handler for SMP (Socialist's Millionaire Protocol)
// used by OTR (off-the-record).
switch (type) {
case 'question':
this.otr.smpSecret(prompt(__(
'Authentication request from %1$s\n\nYour chat contact is attempting to verify your identity, by asking you the question below.\n\n%2$s',
[this.get('fullname'), data])));
break;
case 'trust':
if (data === true) {
this.save({'otr_status': VERIFIED});
} else {
this.trigger(
'showHelpMessages',
[__("Could not verify this user's identify.")],
'error');
this.save({'otr_status': UNVERIFIED});
}
break;
default:
throw new TypeError('ChatBox.onSMP: Unknown type for SMP');
}
},
initiateOTR: function (query_msg) {
// Sets up an OTR object through which we can send and receive
// encrypted messages.
//
// If 'query_msg' is passed in, it means there is an alread incoming
// query message from our contact. Otherwise, it is us who will
// send the query message to them.
this.save({'otr_status': UNENCRYPTED});
this.getSession(function (session) {
var converse = this.__super__.converse;
this.otr = new otr.OTR({
fragment_size: 140,
send_interval: 200,
priv: session.key,
instance_tag: session.instance_tag,
debug: this.debug
});
this.otr.on('status', this.updateOTRStatus.bind(this));
this.otr.on('smp', this.onSMP.bind(this));
this.otr.on('ui', function (msg) {
this.trigger('showReceivedOTRMessage', msg);
}.bind(this));
this.otr.on('io', function (msg) {
this.trigger('sendMessage', new converse.Message({ message: msg }));
}.bind(this));
this.otr.on('error', function (msg) {
this.trigger('showOTRError', msg);
}.bind(this));
this.trigger('showHelpMessages', [__('Exchanging private key with contact.')]);
if (query_msg) {
this.otr.receiveMsg(query_msg);
} else {
this.otr.sendQueryMsg();
}
}.bind(this));
},
endOTR: function () {
if (this.otr) {
this.otr.endOtr();
}
this.save({'otr_status': UNENCRYPTED});
}
},
ChatBoxView: {
events: {
'click .toggle-otr': 'toggleOTRMenu',
'click .start-otr': 'startOTRFromToolbar',
'click .end-otr': 'endOTR',
'click .auth-otr': 'authOTR'
},
initialize: function () {
var converse = this.__super__.converse;
this.__super__.initialize.apply(this, arguments);
this.model.on('change:otr_status', this.onOTRStatusChanged, this);
this.model.on('showOTRError', this.showOTRError, this);
this.model.on('showSentOTRMessage', function (text) {
this.showMessage({'message': text, 'sender': 'me'});
}, this);
this.model.on('showReceivedOTRMessage', function (text) {
this.showMessage({'message': text, 'sender': 'them'});
}, this);
if ((_.contains([UNVERIFIED, VERIFIED], this.model.get('otr_status'))) || converse.use_otr_by_default) {
this.model.initiateOTR();
}
},
createMessageStanza: function () {
var stanza = this.__super__.createMessageStanza.apply(this, arguments);
if (this.model.get('otr_status') !== UNENCRYPTED || utils.isOTRMessage(stanza.nodeTree)) {
// OTR messages aren't carbon copied
stanza.c('private', {'xmlns': Strophe.NS.CARBONS}).up()
.c('no-store', {'xmlns': Strophe.NS.HINTS}).up()
.c('no-permanent-store', {'xmlns': Strophe.NS.HINTS}).up()
.c('no-copy', {'xmlns': Strophe.NS.HINTS});
}
return stanza;
},
onMessageSubmitted: function (text) {
var converse = this.__super__.converse;
if (!converse.connection.authenticated) {
return this.showHelpMessages(
['Sorry, the connection has been lost, '+
'and your message could not be sent'],
'error'
);
}
var match = text.replace(/^\s*/, "").match(/^\/(.*)\s*$/);
if (match) {
if ((converse.allow_otr) && (match[1] === "endotr")) {
return this.endOTR();
} else if ((converse.allow_otr) && (match[1] === "otr")) {
return this.model.initiateOTR();
}
}
if (_.contains([UNVERIFIED, VERIFIED], this.model.get('otr_status'))) {
// Off-the-record encryption is active
this.model.otr.sendMsg(text);
this.model.trigger('showSentOTRMessage', text);
} else {
this.__super__.onMessageSubmitted.apply(this, arguments);
}
},
onOTRStatusChanged: function () {
this.renderToolbar().informOTRChange();
},
informOTRChange: function () {
var data = this.model.toJSON();
var msgs = [];
if (data.otr_status === UNENCRYPTED) {
msgs.push(__("Your messages are not encrypted anymore"));
} else if (data.otr_status === UNVERIFIED) {
msgs.push(__("Your messages are now encrypted but your contact's identity has not been verified."));
} else if (data.otr_status === VERIFIED) {
msgs.push(__("Your contact's identify has been verified."));
} else if (data.otr_status === FINISHED) {
msgs.push(__("Your contact has ended encryption on their end, you should do the same."));
}
return this.showHelpMessages(msgs, 'info', false);
},
showOTRError: function (msg) {
var converse = this.__super__.converse;
if (msg === 'Message cannot be sent at this time.') {
this.showHelpMessages(
[__('Your message could not be sent')], 'error');
} else if (msg === 'Received an unencrypted message.') {
this.showHelpMessages(
[__('We received an unencrypted message')], 'error');
} else if (msg === 'Received an unreadable encrypted message.') {
this.showHelpMessages(
[__('We received an unreadable encrypted message')],
'error');
} else {
this.showHelpMessages(['Encryption error occured: '+msg], 'error');
}
converse.log("OTR ERROR:"+msg);
},
startOTRFromToolbar: function (ev) {
$(ev.target).parent().parent().slideUp();
ev.stopPropagation();
this.model.initiateOTR();
},
endOTR: function (ev) {
if (typeof ev !== "undefined") {
ev.preventDefault();
ev.stopPropagation();
}
this.model.endOTR();
},
authOTR: function (ev) {
var converse = this.__super__.converse;
var scheme = $(ev.target).data().scheme;
var result, question, answer;
if (scheme === 'fingerprint') {
result = confirm(__('Here are the fingerprints, please confirm them with %1$s, outside of this chat.\n\nFingerprint for you, %2$s: %3$s\n\nFingerprint for %1$s: %4$s\n\nIf you have confirmed that the fingerprints match, click OK, otherwise click Cancel.', [
this.model.get('fullname'),
converse.xmppstatus.get('fullname')||converse.bare_jid,
this.model.otr.priv.fingerprint(),
this.model.otr.their_priv_pk.fingerprint()
]
));
if (result === true) {
this.model.save({'otr_status': VERIFIED});
} else {
this.model.save({'otr_status': UNVERIFIED});
}
} else if (scheme === 'smp') {
alert(__('You will be prompted to provide a security question and then an answer to that question.\n\nYour contact will then be prompted the same question and if they type the exact same answer (case sensitive), their identity will be verified.'));
question = prompt(__('What is your security question?'));
if (question) {
answer = prompt(__('What is the answer to the security question?'));
this.model.otr.smpSecret(answer, question);
}
} else {
this.showHelpMessages([__('Invalid authentication scheme provided')], 'error');
}
},
toggleOTRMenu: function (ev) {
ev.stopPropagation();
this.$el.find('.toggle-otr ul').slideToggle(200);
},
getOTRTooltip: function () {
var data = this.model.toJSON();
if (data.otr_status === UNENCRYPTED) {
return __('Your messages are not encrypted. Click here to enable OTR encryption.');
} else if (data.otr_status === UNVERIFIED) {
return __('Your messages are encrypted, but your contact has not been verified.');
} else if (data.otr_status === VERIFIED) {
return __('Your messages are encrypted and your contact verified.');
} else if (data.otr_status === FINISHED) {
return __('Your contact has closed their end of the private session, you should do the same');
}
},
renderToolbar: function (toolbar, options) {
var converse = this.__super__.converse;
if (!converse.show_toolbar) {
return;
}
var data = this.model.toJSON();
options = _.extend(options || {}, {
FINISHED: FINISHED,
UNENCRYPTED: UNENCRYPTED,
UNVERIFIED: UNVERIFIED,
VERIFIED: VERIFIED,
// FIXME: Leaky abstraction MUC
allow_otr: converse.allow_otr && !this.is_chatroom,
label_end_encrypted_conversation: __('End encrypted conversation'),
label_refresh_encrypted_conversation: __('Refresh encrypted conversation'),
label_start_encrypted_conversation: __('Start encrypted conversation'),
label_verify_with_fingerprints: __('Verify with fingerprints'),
label_verify_with_smp: __('Verify with SMP'),
label_whats_this: __("What\'s this?"),
otr_status_class: OTR_CLASS_MAPPING[data.otr_status],
otr_tooltip: this.getOTRTooltip(),
otr_translated_status: OTR_TRANSLATED_MAPPING[data.otr_status],
});
this.__super__.renderToolbar.apply(this, arguments);
this.$el.find('.chat-toolbar').append(
converse.templates.toolbar_otr(
_.extend(this.model.toJSON(), options || {})
));
return this;
}
}
},
initialize: function () {
/* The initialize function gets called as soon as the plugin is
* loaded by converse.js's plugin machinery.
*/
var converse = this.converse;
// Translation aware constants
// ---------------------------
// We can only call the __ translation method *after* converse.js
// has been initialized and with it the i18n machinery. That's why
// we do it here in the "initialize" method and not at the top of
// the module.
OTR_TRANSLATED_MAPPING[UNENCRYPTED] = __('unencrypted');
OTR_TRANSLATED_MAPPING[UNVERIFIED] = __('unverified');
OTR_TRANSLATED_MAPPING[VERIFIED] = __('verified');
OTR_TRANSLATED_MAPPING[FINISHED] = __('finished');
// For translations
__ = utils.__.bind(converse);
// Configuration values for this plugin
var settings = {
allow_otr: true,
cache_otr_key: false,
use_otr_by_default: false
};
_.extend(converse.default_settings, settings);
_.extend(converse, settings);
_.extend(converse, _.pick(converse.user_settings, Object.keys(settings)));
// Only allow OTR if we have the capability
converse.allow_otr = converse.allow_otr && HAS_CRYPTO;
// Only use OTR by default if allow OTR is enabled to begin with
converse.use_otr_by_default = converse.use_otr_by_default && converse.allow_otr;
// Backbone Models and Views
// -------------------------
converse.OTR = Backbone.Model.extend({
// A model for managing OTR settings.
getSessionPassphrase: function () {
if (converse.authentication === 'prebind') {
var key = b64_sha1(converse.connection.jid),
pass = window.sessionStorage[key];
if (typeof pass === 'undefined') {
pass = Math.floor(Math.random()*4294967295).toString();
window.sessionStorage[key] = pass;
}
return pass;
} else {
return converse.connection.pass;
}
},
generatePrivateKey: function (instance_tag) {
var key = new otr.DSA();
var jid = converse.connection.jid;
if (converse.cache_otr_key) {
var cipher = CryptoJS.lib.PasswordBasedCipher;
var pass = this.getSessionPassphrase();
if (typeof pass !== "undefined") {
// Encrypt the key and set in sessionStorage. Also store instance tag.
window.sessionStorage[b64_sha1(jid+'priv_key')] =
cipher.encrypt(CryptoJS.algo.AES, key.packPrivate(), pass).toString();
window.sessionStorage[b64_sha1(jid+'instance_tag')] = instance_tag;
window.sessionStorage[b64_sha1(jid+'pass_check')] =
cipher.encrypt(CryptoJS.algo.AES, 'match', pass).toString();
}
}
return key;
}
});
}
});
}));
Reference in New Issue View Git Blame Copy Permalink