signal-desktop/libtextsecure/ProvisioningCipher.js

(function() {
'use strict';

function ProvisioningCipher() {}

ProvisioningCipher.prototype = {
    decrypt: function(provisionEnvelope) {
        var masterEphemeral = provisionEnvelope.publicKey.toArrayBuffer();
        var message = provisionEnvelope.body.toArrayBuffer();
        if (new Uint8Array(message)[0] != 1) {
            throw new Error("Bad version number on ProvisioningMessage");
        }

        var iv = message.slice(1, 16 + 1);
        var mac = message.slice(message.byteLength - 32, message.byteLength);
        var ivAndCiphertext = message.slice(0, message.byteLength - 32);
        var ciphertext = message.slice(16 + 1, message.byteLength - 32);

        return libsignal.Curve.async.calculateAgreement(
            masterEphemeral, this.keyPair.privKey
        ).then(function(ecRes) {
            return libsignal.HKDF.deriveSecrets(
                ecRes, new ArrayBuffer(32), "TextSecure Provisioning Message"
            );
        }).then(function(keys) {
            return libsignal.crypto.verifyMAC(ivAndCiphertext, keys[1], mac, 32).then(function() {
                return libsignal.crypto.decrypt(keys[0], ciphertext, iv);
            });
        }).then(function(plaintext) {
            var provisionMessage = textsecure.protobuf.ProvisionMessage.decode(plaintext);
            var privKey = provisionMessage.identityKeyPrivate.toArrayBuffer();

            return libsignal.Curve.async.createKeyPair(privKey).then(function(keyPair) {
                var ret = {
                    identityKeyPair  : keyPair,
                    number           : provisionMessage.number,
                    provisioningCode : provisionMessage.provisioningCode,
                    userAgent        : provisionMessage.userAgent,
                    readReceipts     : provisionMessage.readReceipts
                };
                if (provisionMessage.profileKey) {
                  ret.profileKey = provisionMessage.profileKey.toArrayBuffer();
                }
                return ret;
            });
        });
    },
    getPublicKey: function() {
      return Promise.resolve().then(function() {
          if (!this.keyPair) {
              return libsignal.Curve.async.generateKeyPair().then(function(keyPair) {
                  this.keyPair = keyPair;
              }.bind(this));
          }
      }.bind(this)).then(function() {
          return this.keyPair.pubKey;
      }.bind(this));
    }
};

libsignal.ProvisioningCipher = function() {
    var cipher = new ProvisioningCipher();

    this.decrypt      = cipher.decrypt.bind(cipher);
    this.getPublicKey = cipher.getPublicKey.bind(cipher);
};

})();
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`(function() {`
			`'use strict';`

			`function ProvisioningCipher() {}`

			`ProvisioningCipher.prototype = {`
			`decrypt: function(provisionEnvelope) {`
			`var masterEphemeral = provisionEnvelope.publicKey.toArrayBuffer();`
			`var message = provisionEnvelope.body.toArrayBuffer();`
			`if (new Uint8Array(message)[0] != 1) {`
			`throw new Error("Bad version number on ProvisioningMessage");`
			`}`

			`var iv = message.slice(1, 16 + 1);`
			`var mac = message.slice(message.byteLength - 32, message.byteLength);`
			`var ivAndCiphertext = message.slice(0, message.byteLength - 32);`
			`var ciphertext = message.slice(16 + 1, message.byteLength - 32);`

Update libsignal-protocol v0.13.0 * libsignal.Curve is now a synchronous interface. * libsignal.Curve.async is now the asynchronous interface. * Fixes bugs in session management. // FREEBIE 2016-05-18 19:45:33 +00:00			`return libsignal.Curve.async.calculateAgreement(`
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`masterEphemeral, this.keyPair.privKey`
			`).then(function(ecRes) {`
			`return libsignal.HKDF.deriveSecrets(`
			`ecRes, new ArrayBuffer(32), "TextSecure Provisioning Message"`
			`);`
			`}).then(function(keys) {`
			`return libsignal.crypto.verifyMAC(ivAndCiphertext, keys[1], mac, 32).then(function() {`
			`return libsignal.crypto.decrypt(keys[0], ciphertext, iv);`
			`});`
			`}).then(function(plaintext) {`
			`var provisionMessage = textsecure.protobuf.ProvisionMessage.decode(plaintext);`
			`var privKey = provisionMessage.identityKeyPrivate.toArrayBuffer();`

Update libsignal-protocol v0.13.0 * libsignal.Curve is now a synchronous interface. * libsignal.Curve.async is now the asynchronous interface. * Fixes bugs in session management. // FREEBIE 2016-05-18 19:45:33 +00:00			`return libsignal.Curve.async.createKeyPair(privKey).then(function(keyPair) {`
Handle provisioning messages with no profile key (#1470) This can happen while linking to an older mobile client. // FREEBIE 2017-09-13 18:26:26 +00:00			`var ret = {`
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`identityKeyPair : keyPair,`
			`number : provisionMessage.number,`
Set theme based on master device userAgent // FREEBIE 2016-09-12 19:09:56 +00:00			`provisioningCode : provisionMessage.provisioningCode,`
Profiles (#1453) * Add AES-GCM encryption for profiles With tests. * Add profileKey to DataMessage protobuf // FREEBIE * Decrypt and save profile names // FREEBIE * Save incoming profile keys * Move pad/unpad to crypto module // FREEBIE * Support fetching avatars from the cdn // FREEBIE * Translate failed authentication errors When AES-GCM authentication fails, webcrypto returns a very generic error. The same error is thrown for invalid length inputs, but our earlier checks in decryptProfile should rule out those failure modes and leave us safe to assume that we either had bad ciphertext or the wrong key. // FREEBIE * Handle profile avatars (wip) and log decrypt errors // FREEBIE * Display profile avatars Synced contact avatars will still override profile avatars. * Display profile names in convo list Only if we don't have a synced contact name. // FREEBIE * Make cdn url an environment config Use different ones for staging and production // FREEBIE * Display profile name in conversation header * Display profile name in group messages * Update conversation header if profile avatar changes // FREEBIE * Style profile names small with ~ * Save profileKeys from contact sync messages // FREEBIE * Save profile keys from provisioning messages For standalone accounts, generate a random profile key. // FREEBIE * Special case for one-time sync of our profile key Android will use a contact sync message to sync a profile key from Android clients who have just upgraded and generated their profile key. Normally we should receive this data in a provisioning message. // FREEBIE * Infer profile sharing from synced data messages * Populate profile keys on outgoing messages Requires that `profileSharing` be set on the conversation. // FREEBIE * Support for the profile key update flag When receiving a message with this flag, don't init a message record, just process the profile key and move on. // FREEBIE * Display profile names in group member list * Refresh contact's profile on profile key changes // FREEBIE * Catch errors on profile save // FREEBIE * Save our own synced contact info Don't return early if we get a contact sync for our own number // FREEBIE 2017-09-11 16:50:35 +00:00			`userAgent : provisionMessage.userAgent,`
Feature: Blue check marks for read messages if opted in (#1489) * Refactor delivery receipt event handler * Rename the delivery receipt event For less ambiguity with read receipts. * Rename synced read event For less ambiguity with read receipts from other Signal users. * Add support for incoming receipt messages Handle ReceiptMessages, which may include encrypted delivery receipts or read receipts from recipients of our sent messages. // FREEBIE * Rename ReadReceipts to ReadSyncs * Render read messages with blue double checks * Send read receipts to senders of incoming messages // FREEBIE * Move ReadSyncs to their own file // FREEBIE * Fixup old comments on read receipts (now read syncs) And some variable renaming for extra clarity. // FREEBIE * Add global setting for read receipts Don't send read receipt messages unless the setting is enabled. Don't process read receipts if the setting is disabled. // FREEBIE * Sync read receipt setting from mobile Toggling this setting on your mobile device should sync it to Desktop. When linking, use the setting in the provisioning message. // FREEBIE * Send receipt messages silently Avoid generating phantom messages on ios // FREEBIE * Save recipients on the outgoing message models For accurate tracking and display of sent/delivered/read state, even if group membership changes later. // FREEBIE * Fix conversation type in profile key update handling // FREEBIE * Set recipients on synced sent messages * Render saved recipients in message detail if available For older messages, where we did not save the intended set of recipients at the time of sending, fall back to the current group membership. // FREEBIE * Record who has been successfully sent to // FREEBIE * Record who a message has been delivered to * Invert the not-clickable class * Fix readReceipt setting sync when linking * Render per recipient sent/delivered/read status In the message detail view for outgoing messages, render each recipient's individual sent/delivered/read status with respect to this message, as long as there are no errors associated with the recipient (ie, safety number changes, user not registered, etc...) since the error icon is displayed in that case. Messages sent before this change may not have per-recipient status lists and will simply show no status icon. // FREEBIE Add configuration sync request Send these requests in a one-off fashion when: 1. We have just setup from a chrome app import 2. We have just upgraded to read-receipt support // FREEBIE * Expose sendRequestConfigurationSyncMessage // FREEBIE * Fix handling of incoming delivery receipts - union with array FREEBIE 2017-10-04 22:28:43 +00:00			`readReceipts : provisionMessage.readReceipts`
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`};`
Handle provisioning messages with no profile key (#1470) This can happen while linking to an older mobile client. // FREEBIE 2017-09-13 18:26:26 +00:00			`if (provisionMessage.profileKey) {`
			`ret.profileKey = provisionMessage.profileKey.toArrayBuffer();`
			`}`
			`return ret;`
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`});`
			`});`
			`},`
			`getPublicKey: function() {`
			`return Promise.resolve().then(function() {`
			`if (!this.keyPair) {`
Update libsignal-protocol v0.13.0 * libsignal.Curve is now a synchronous interface. * libsignal.Curve.async is now the asynchronous interface. * Fixes bugs in session management. // FREEBIE 2016-05-18 19:45:33 +00:00			`return libsignal.Curve.async.generateKeyPair().then(function(keyPair) {`
Update libsignal-protocol v0.9.0 * Exposes crypto APIs. * Move worker methods to libsigna.worker. * Move ProvisioningCipher to libtextsecure. 2016-05-02 05:31:44 +00:00			`this.keyPair = keyPair;`
			`}.bind(this));`
			`}`
			`}.bind(this)).then(function() {`
			`return this.keyPair.pubKey;`
			`}.bind(this));`
			`}`
			`};`

			`libsignal.ProvisioningCipher = function() {`
			`var cipher = new ProvisioningCipher();`

			`this.decrypt = cipher.decrypt.bind(cipher);`
			`this.getPublicKey = cipher.getPublicKey.bind(cipher);`
			`};`

			`})();`