handle errors when deriving keys. fix incorrect reference

www/common/common-messaging.js

@@ -256,7 +256,7 @@ define([
             var $friend = ui.getFriend(curvePublic);
             var $chat = ui.getChannel(curvePublic);
             $friend.remove();
-            $chat.remove();
+            if ($chat) { $chat.remove(); }
             ui.showInfo();
         };
 
@@ -892,7 +892,7 @@ define([
     var addToFriendList = Msg.addToFriendList = function (common, data, cb) {
         var proxy = common.getProxy();
         var friends = getFriendList(proxy);
-        var pubKey = data.curvePublic;
+        var pubKey = data.curvePublic; // todo validata data
 
         if (pubKey === proxy.curvePublic) { return void cb("E_MYKEY"); }
 
@@ -938,7 +938,7 @@ define([
                     var todo = function (yes) {
                         if (yes) {
                             pending[sender] = msgData;
-                            msg = ["FRIEND_REQ_OK", chan, createData(common, msgData.channel)];
+                            msg = ["FRIEND_REQ_OK", chan, createData(proxy, msgData.channel)];
                         }
                         msgStr = Crypto.encrypt(JSON.stringify(msg), key);
                         network.sendto(sender, msgStr);
@@ -1005,7 +1005,7 @@ define([
         if (!parsed.hashData) { return; }
         // Message
         var chan = parsed.hashData.channel;
-        var myData = createData(common);
+        var myData = createData(common.getProxy());
         var msg = ["FRIEND_REQ", chan, myData];
         // Encryption
         var keyStr = parsed.hashData.key;

www/common/curve.js

@@ -50,25 +50,35 @@ define([
     };
 
     Curve.deriveKeys = function (theirs, mine) {
-        var pub = decodeBase64(theirs);
-        var secret = decodeBase64(mine);
+        try {
+            var pub = decodeBase64(theirs);
+            var secret = decodeBase64(mine);
 
-        var sharedSecret = Nacl.box.before(pub, secret);
-        var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt');
+            var sharedSecret = Nacl.box.before(pub, secret);
+            var salt = decodeUTF8('CryptPad.signingKeyGenerationSalt');
 
-        // 64 uint8s
-        var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret]));
-        var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32));
-        var cryptKey = hash.subarray(32, 64);
+            // 64 uint8s
+            var hash = Nacl.hash(concatenateUint8s([salt, sharedSecret]));
+            var signKp = Nacl.sign.keyPair.fromSeed(hash.subarray(0, 32));
+            var cryptKey = hash.subarray(32, 64);
 
-        return {
-            cryptKey: encodeBase64(cryptKey),
-            signKey: encodeBase64(signKp.secretKey),
-            validateKey: encodeBase64(signKp.publicKey)
-        };
+            return {
+                cryptKey: encodeBase64(cryptKey),
+                signKey: encodeBase64(signKp.secretKey),
+                validateKey: encodeBase64(signKp.publicKey)
+            };
+        } catch (e) {
+            console.error('invalid keys or other problem deriving keys');
+            console.error(e);
+            return null;
+        }
     };
 
     Curve.createEncryptor = function (keys) {
+        if (!keys || typeof(keys) !== 'object') {
+            return void console.error("invalid input for createEncryptor");
+        }
+
         var cryptKey = decodeBase64(keys.cryptKey);
         var signKey = decodeBase64(keys.signKey);
         var validateKey = decodeBase64(keys.validateKey);