Using AES for encryption

fd46cb4c · Marcelo Schmidt · 07ae66bd · fd46cb4c · fd46cb4c
Commit fd46cb4c authored 9 years ago by Marcelo Schmidt
--- a/packages/rocketchat-otr/client/rocketchat.otr.js
+++ b/packages/rocketchat-otr/client/rocketchat.otr.js
@@ -38,7 +38,13 @@ Meteor.startup(function() {
 	});
 	RocketChat.promises.add('onClientBeforeSendMessage', function(message) {
 		if (message.rid && RocketChat.OTR.instancesByRoomId && RocketChat.OTR.instancesByRoomId[message.rid] && RocketChat.OTR.instancesByRoomId[message.rid].aesReady.get()) {
-			return RocketChat.OTR.instancesByRoomId[message.rid].encrypt(message);
+			return RocketChat.OTR.instancesByRoomId[message.rid].encryptAES(message.msg)
+			.then((params) => {
+				[msg, iv] = params;
+				message.msg = msg;
+				message.iv = iv;
+				return message;
+			});
 		} else {
 			return Promise.resolve(message);
 		}
@@ -46,8 +52,12 @@ Meteor.startup(function() {


 	RocketChat.promises.add('onClientMessageReceived', function(message) {
-		if (message.rid && RocketChat.OTR.instancesByRoomId && RocketChat.OTR.instancesByRoomId[message.rid] && RocketChat.OTR.instancesByRoomId[message.rid].aesReady.get()) {
-			return RocketChat.OTR.instancesByRoomId[message.rid].decrypt(message);
+		if (message.rid && message.iv && RocketChat.OTR.instancesByRoomId && RocketChat.OTR.instancesByRoomId[message.rid] && RocketChat.OTR.instancesByRoomId[message.rid].aesReady.get()) {
+			return RocketChat.OTR.instancesByRoomId[message.rid].decryptAES(message.msg, message.iv)
+			.then((msg) => {
+				message.msg = msg;
+				return message;
+			})
 		} else {
 			return Promise.resolve(message);
 		}

--- a/packages/rocketchat-otr/client/rocketchat.otr.room.js
+++ b/packages/rocketchat-otr/client/rocketchat.otr.room.js
@@ -59,8 +59,7 @@ RocketChat.OTR.Room = class {
 		this.aesReady.set(true);
 		this.encryptAES(localStorage.getItem('sharedSecret')).then((args) => {
 			[sharedSecret, iv] = args;
-			console.log(sharedSecret, iv);
-			// RocketChat.Notifications.notifyUser(this.peerId, 'otr', 'sharedSecret-acknowledge', { roomId: this.roomId, userId: this.userId, sharedSecret: sharedSecret, iv: iv });
+			RocketChat.Notifications.notifyUser(this.peerId, 'otr', 'sharedSecret-acknowledge', { roomId: this.roomId, userId: this.userId, sharedSecret: sharedSecret, iv: iv });
 		});
 	}

@@ -161,7 +160,7 @@ RocketChat.OTR.Room = class {
 		.then((encrypted) => {
 			return this.bytesToHexString(encrypted);
 		})
-		.catch(function(err){
+		.catch((err) => {
 			console.log(err);
 			return message;
 		});
@@ -178,7 +177,7 @@ RocketChat.OTR.Room = class {
 			//returns an ArrayBuffer containing the decrypted data
 			return new TextDecoder("UTF-8").decode(new Uint8Array(decrypted));
 		})
-		.catch(function(err){
+		.catch((err) => {
 			console.log(err);
 			return message;
 		});
@@ -216,10 +215,29 @@ RocketChat.OTR.Room = class {
 			this.sharedSecret, //from generateKey or importKey above
 			new TextEncoder("UTF-8").encode(message) //ArrayBuffer of data you want to encrypt
 		)
-		.then(function(encrypted){
-			return [this.bytesToHexString(encrypted), iv];
+		.then((encrypted) => {
+			return [this.bytesToHexString(encrypted), this.bytesToHexString(iv)];
+		})
+		.catch((err) => {
+			console.log(err);
+			return message;
+		});
+	}
+
+	decryptAES(message, iv) {
+		return window.crypto.subtle.decrypt(
+			{
+				name: "AES-CBC",
+				iv: new this.hexStringToUint8Array(iv), //The initialization vector you used to encrypt
+			},
+			this.sharedSecret, //from generateKey or importKey above
+			new this.hexStringToUint8Array(message) //ArrayBuffer of the data
+		)
+		.then((decrypted) => {
+			//returns an ArrayBuffer containing the decrypted data
+			return new TextDecoder("UTF-8").decode(new Uint8Array(decrypted));
 		})
-		.catch(function(err){
+		.catch((err) => {
 			console.log(err);
 			return message;
 		});
@@ -288,9 +306,18 @@ RocketChat.OTR.Room = class {
 				});
 				break;
 			case 'sharedSecret-acknowledge':
-				console.log(data.sharedSecret);
-				this.establishing.set(false);
-				this.aesReady.set(true);
+				this.decryptAES(data.sharedSecret, data.iv)
+				.then((sharedSecret) => {
+					if (sharedSecret === JSON.stringify(this.sharedSecretJWK)) {
+						this.establishing.set(false);
+						this.aesReady.set(true);
+					} else {
+						this.establishing.set(false);
+						this.rsaReady.set(false);
+						this.aesReady.set(false);
+						swal(TAPi18n.__("Error establishing encrypted connection"), null, "error");
+					}
+				})
 				break;
 			case 'deny':
 				this.establishing.set(false);