handle errors when deriving keys. fix incorrect reference

7 years ago · f207edfd28
parent 3315449114
commit f207edfd28
2 changed files with 27 additions and 17 deletions
--- a/www/common/common-messaging.js
+++ b/www/common/common-messaging.js
@ -256,7 +256,7 @@ define([
            var $friend = ui.getFriend(curvePublic);
            var $chat = ui.getChannel(curvePublic);
            $friend.remove();
-            $chat.remove();
+            if ($chat) { $chat.remove(); }
            ui.showInfo();
        };
@ -892,7 +892,7 @@ define([
    var addToFriendList = Msg.addToFriendList = function (common, data, cb) {
        var proxy = common.getProxy();
        var friends = getFriendList(proxy);
-        var pubKey = data.curvePublic;
+        var pubKey = data.curvePublic; // todo validata data
        if (pubKey === proxy.curvePublic) { return void cb("E_MYKEY"); }
@ -938,7 +938,7 @@ define([
                    var todo = function (yes) {
                        if (yes) {
                            pending[sender] = msgData;
-                            msg = ["FRIEND_REQ_OK", chan, createData(common, msgData.channel)];
+                            msg = ["FRIEND_REQ_OK", chan, createData(proxy, msgData.channel)];
                        }
                        msgStr = Crypto.encrypt(JSON.stringify(msg), key);
                        network.sendto(sender, msgStr);
@ -1005,7 +1005,7 @@ define([
        if (!parsed.hashData) { return; }
        // Message
        var chan = parsed.hashData.channel;
-        var myData = createData(common);
+        var myData = createData(common.getProxy());
        var msg = ["FRIEND_REQ", chan, myData];
        // Encryption
        var keyStr = parsed.hashData.key;
--- a/www/common/curve.js
+++ b/www/common/curve.js
@ -50,25 +50,35 @@ define([
    };
    Curve.deriveKeys = function (theirs, mine) {
-        var pub = decodeBase64(theirs);
+        try {
-        var secret = decodeBase64(mine);
+            var pub = decodeBase64(theirs);
            var secret = decodeBase64(mine);
-        var sharedSecret = Nacl.box.before(pub, secret);
+            var sharedSecret = Nacl.box.before(pub, secret);
-        var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt');
+            var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt');
-        // 64 uint8s
+            // 64 uint8s
-        var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret]));
+            var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret]));
-        var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32));
+            var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32));
-        var cryptKey = hash.subarray(32, 64);
+            var cryptKey = hash.subarray(32, 64);
-        return {
+            return {
-            cryptKey: encodeBase64(cryptKey),
+                cryptKey: encodeBase64(cryptKey),
-            signKey: encodeBase64(signKp.secretKey),
+                signKey: encodeBase64(signKp.secretKey),
-            validateKey: encodeBase64(signKp.publicKey)
+                validateKey: encodeBase64(signKp.publicKey)
-        };
+            };
        } catch (e) {
            console.error('invalid keys or other problem deriving keys');
            console.error(e);
            return null;
        }
    };
    Curve.createEncryptor = function (keys) {
        if (!keys || typeof(keys) !== 'object') {
            return void console.error("invalid input for createEncryptor");
        }
        var cryptKey = decodeBase64(keys.cryptKey);
        var signKey = decodeBase64(keys.signKey);
        var validateKey = decodeBase64(keys.validateKey);