From 07a23f07597140c3a5d98e4a6d3339559bb52304 Mon Sep 17 00:00:00 2001 From: Matt Corallo Date: Thu, 15 May 2014 01:02:15 -0400 Subject: [PATCH] Fix attachments --- js/api.js | 5 ++--- js/crypto.js | 17 +++++++++++++++-- js/helpers.js | 4 ++-- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/js/api.js b/js/api.js index aa1f0ae5b4..2d66e93d57 100644 --- a/js/api.js +++ b/js/api.js @@ -192,16 +192,15 @@ var API = new function() { urlParameters : '/' + id, do_auth : true, }).then(function(response) { - console.log(response); return new Promise(function(resolve, reject) { $.ajax(response.location, { type : "GET", xhrFields: { responseType: "arraybuffer" }, - /*headers: { + headers: { "Content-Type": "application/octet-stream" - },*/ + }, success : function(response, textStatus, jqXHR) { resolve(response); diff --git a/js/crypto.js b/js/crypto.js index cc7e4f6bc1..611df72505 100644 --- a/js/crypto.js +++ b/js/crypto.js @@ -283,6 +283,19 @@ window.crypto = (function() { }); } + var calculateMAC = function(data, key) { + return HmacSHA256(key, data); + } + + var verifyMAC = function(data, key, mac) { + return calculateMAC(data, key).then(function(calculated_mac) { + var macString = getString(mac);//TODO: Move away from strings for comparison? + + if (getString(calculated_mac).substring(0, macString.length) != macString) + throw new Error("Bad MAC"); + }); + } + /****************************** *** Ratchet implementation *** ******************************/ @@ -547,8 +560,8 @@ window.crypto = (function() { }; crypto.decryptAttachment = function(encryptedBin, keys) { - var aes_key = key.slice(0, 32); - var mac_key = key.slice(32, 64); + var aes_key = keys.slice(0, 32); + var mac_key = keys.slice(32, 64); var iv = encryptedBin.slice(0, 32); var ciphertext = encryptedBin.slice(32, encryptedBin.byteLength - 32); diff --git a/js/helpers.js b/js/helpers.js index 9141d55b92..afc4641a72 100644 --- a/js/helpers.js +++ b/js/helpers.js @@ -321,7 +321,7 @@ function storeMessage(messageObject) { messageMap[messageObject.pushMessage.source] = conversation; } - conversation[conversation.length] = { message: getString(messageObject.message.body), + conversation[conversation.length] = { message: messageObject.message.body != null && getString(messageObject.message.body), sender: messageObject.pushMessage.source, timestamp: messageObject.pushMessage.timestamp.div(dcodeIO.Long.fromNumber(1000)).toNumber() }; storage.putEncrypted("messageMap", messageMap); @@ -465,7 +465,7 @@ function subscribeToPush(message_callback) { return crypto.handleIncomingPushMessageProto(proto).then(function(decrypted) { var handleAttachment = function(attachment) { return API.getAttachment(attachment.id).then(function(encryptedBin) { - return crypto.decryptAttachment(encryptedBin, attachment.key).then(function(decryptedBin) { + return crypto.decryptAttachment(encryptedBin, toArrayBuffer(attachment.key)).then(function(decryptedBin) { attachment.decrypted = decryptedBin; }); });