Commit d8e63bc4e3cc6ca4565996990f626ed2a9742fd6
be more explicit about buffer encodings
Dominic Tarr committed on 12/20/2018, 10:16:48 PMParent: 6da1ed2b81fa01cf82a1cb23f61b7ba7434a8770
Files changed
| valid.js | changed |
| valid.js | ||
|---|---|---|
| @@ -21,8 +21,21 @@ | ||
| 21 | 21 … | function toMsgId(msg) { |
| 22 | 22 … | return '%'+ssbKeys.hash(JSON.stringify(msg, null, 2)) |
| 23 | 23 … | } |
| 24 | 24 … | |
| 25 … | +//derive key for private field | |
| 26 … | +function hash (seed) { | |
| 27 … | + if(!Buffer.isBuffer(seed)) throw new Error('expected seed as buffer') | |
| 28 … | + return u.hash(seed) | |
| 29 … | +} | |
| 30 … | + | |
| 31 … | +//derive key for reveal field | |
| 32 … | +function hash2 (seed) { | |
| 33 … | + if(!Buffer.isBuffer(seed)) throw new Error('expected seed as buffer') | |
| 34 … | + return u.hash(u.hash(seed)) | |
| 35 … | +} | |
| 36 … | + | |
| 37 … | + | |
| 25 | 38 … | exports.createInvite = function (seed, host, reveal, private, caps) { |
| 26 | 39 … | if(!isObject(caps)) throw new Error('caps *must* be provided') |
| 27 | 40 … | |
| 28 | 41 … | seed = toBuffer(seed) |
| @@ -32,10 +45,10 @@ | ||
| 32 | 45 … | return ssbKeys.signObj(keys, caps.userInvite, { |
| 33 | 46 … | type: 'user-invite', |
| 34 | 47 … | invite: keys.id, |
| 35 | 48 … | host: host, //sign our own key, to prove we created K |
| 36 | - reveal: reveal ? u.box(reveal, u.hash(u.hash(seed))) : undefined, | |
| 37 | - private: private ? u.box(private, u.hash(seed)) : undefined | |
| 49 … | + reveal: reveal ? u.box(reveal, hash2(seed)) : undefined, | |
| 50 … | + private: private ? u.box(private, hash(seed)) : undefined | |
| 38 | 51 … | }) |
| 39 | 52 … | } |
| 40 | 53 … | |
| 41 | 54 … | exports.verifyInvitePublic = function (msg, caps) { |
| @@ -58,13 +71,13 @@ | ||
| 58 | 71 … | |
| 59 | 72 … | seed = toBuffer(seed) |
| 60 | 73 … | exports.verifyInvitePublic(msg, caps) |
| 61 | 74 … | if(msg.content.reveal) { |
| 62 | - var reveal = u.unbox(msg.content.reveal, u.hash(u.hash(seed))) | |
| 75 … | + var reveal = u.unbox(msg.content.reveal, hash2(seed)) | |
| 63 | 76 … | if(!reveal) throw code(new Error('could not decrypt reveal field'), 'decrypt-reveal-failed') |
| 64 | 77 … | } |
| 65 | 78 … | if(msg.content.private) { |
| 66 | - var private = u.unbox(msg.content.private, u.hash(seed)) | |
| 79 … | + var private = u.unbox(msg.content.private, hash(seed)) | |
| 67 | 80 … | if(!private) throw code(new Error('could not decrypt private field'), 'decrypt-private-failed') |
| 68 | 81 … | } |
| 69 | 82 … | |
| 70 | 83 … | return {reveal: reveal, private: private} |
| @@ -84,9 +97,9 @@ | ||
| 84 | 97 … | receipt: inviteId, |
| 85 | 98 … | id: id |
| 86 | 99 … | } |
| 87 | 100 … | if(msg.content.reveal) |
| 88 | - content.key = u.hash(u.hash(seed)).toString('base64') | |
| 101 … | + content.key = hash2(seed).toString('base64') | |
| 89 | 102 … | return ssbKeys.signObj(keys, caps.userInvite, content) |
| 90 | 103 … | } |
| 91 | 104 … | |
| 92 | 105 … | exports.verifyAcceptOnly = function (accept, caps) { |
| @@ -119,9 +132,9 @@ | ||
| 119 | 132 … | throw code(new Error('guest must use a new key, not the same seed'), 'guest-key-reuse') |
| 120 | 133 … | if(invite_msg.content.reveal) { |
| 121 | 134 … | if(!accept.content.key) |
| 122 | 135 … | throw code(new Error('accept missing reveal key, when invite has it'), 'accept-must-reveal-key') |
| 123 | - reveal = u.unbox(invite_msg.content.reveal, Buffer.from(accept.content.key, 'base64')) | |
| 136 … | + reveal = u.unbox(invite_msg.content.reveal, toBuffer(accept.content.key)) | |
| 124 | 137 … | if(!reveal) throw code(new Error('accept did not correctly reveal invite'), 'decrypt-accept-reveal-failed') |
| 125 | 138 … | } |
| 126 | 139 … | |
| 127 | 140 … | if(!ssbKeys.verifyObj(invite_msg.content.invite, caps.userInvite, accept.content)) |
Built with git-ssb-web