From 7a5bfe8245090609a64545498b8d94928a4673b7 Mon Sep 17 00:00:00 2001 From: ansuz Date: Fri, 13 Dec 2019 18:27:48 -0500 Subject: [PATCH] pw => password, /common/invitation.js scaffolding --- www/common/invitation.js | 73 ++++++++++++++++++++++++++++++++++++++++ www/teams/inner.js | 8 +++-- 2 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 www/common/invitation.js diff --git a/www/common/invitation.js b/www/common/invitation.js new file mode 100644 index 000000000..4126d30f3 --- /dev/null +++ b/www/common/invitation.js @@ -0,0 +1,73 @@ +(function () { +var factory = function (/* Util, Cred, nThen */) { + var Invite = {}; + + /* XXX ansuz + inner invitation components + + * create an invitation link + * derive secrets from a v2 link and password + * split hash into two preseeds + * preseed1 => preview hash + * scrypt(scrypt_seed) => b64_bytes + * preview an invitation link + * get preview hash from invitation link + * decrypt an invitation link + * (slowly) get b64_bytes from hash + + */ + + Invite.deriveSeeds = function (key) { + var seeds = {}; + + var scrypt_seed; + var preview_secrets; + var preview_channel; + var preview_cryptKey; + (function () { + var b64_seed = hashData.key; + if (typeof(b64_seed) !== 'string') { + return console.error('invite seed is not a string'); + } + + var u8_seed = Nacl.util.decodeBase64(b64_seed); + var step1 = Nacl.hash(u8_seed); + seeds.scrypt = Nacl.util.encodeBase64(step1.subarray(0, 32)); + + var preview_hash = '#/2/invite/view/' + + Nacl.util.encodeBase64(step1.subarray(32, 50)).replace('/', '-') + + '/'; + + preview_secrets = Hash.getSecrets('pad', preview_hash); + }()); + return seeds; + }; + + // seed => bytes64 + Invite.deriveBytes = function (scrypt_seed, cb) { + // XXX do scrypt stuff... + + }; + + Invite.derivePreviewHash = function (preview_seed) { + + }; + + return Invite; +}; + if (typeof(module) !== 'undefined' && module.exports) { + module.exports = factory( + require("../common-util"), + require("../common-credential.js"), + require("nthen") + ); + } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) { + define([ + '/common/common-util.js', + '/common/common-credential.js', + '/bower_components/nthen/index.js', + ], function (Util, Cred, nThen) { + return factory(Util, nThen); + }); + } +}()); diff --git a/www/teams/inner.js b/www/teams/inner.js index 626f5ddcd..6b8fb35e7 100644 --- a/www/teams/inner.js +++ b/www/teams/inner.js @@ -15,6 +15,7 @@ define([ '/common/hyperscript.js', '/customize/application_config.js', '/common/messenger-ui.js', + '/common/invitation.js', '/customize/messages.js', '/bower_components/scrypt-async/scrypt-async.min.js', @@ -38,6 +39,7 @@ define([ h, AppConfig, MessengerUI, + InviteInner, Messages) { var APP = {}; @@ -1045,6 +1047,7 @@ define([ var hash = common.getMetadataMgr().getPrivateData().teamInviteHash; var hashData = Hash.parseTypeHash('invite', hash); var password = hashData.password; + var seeds = InviteInner.deriveSeeds(hashData.key); var div; @@ -1059,7 +1062,8 @@ define([ ])); setTimeout(waitFor(), 150); }).nThen(function (waitFor) { - Scrypt(hashData.key, + // XXX ansuz InviteInner.deriveBytes + Scrypt(seeds.scrypt, (pw || '') + (AppConfig.loginSalt || ''), // salt 8, // memoryCost (n) 1024, // block size parameter (r) @@ -1073,7 +1077,7 @@ define([ APP.module.execCommand('GET_LINK_DATA', { bytes64: bytes64, hash: hash, - pw: pw, + password: pw, }, waitFor(function () { $div.empty(); // TODO