From 9a150ddb22957d106e303858319cca014187241f Mon Sep 17 00:00:00 2001 From: Danny Coates Date: Mon, 7 Aug 2017 14:05:13 -0700 Subject: [PATCH] removed the file sha256 hash --- frontend/src/download.js | 4 ---- frontend/src/fileReceiver.js | 22 +--------------------- frontend/src/fileSender.js | 20 ++++++-------------- frontend/src/upload.js | 4 ---- server/server.js | 1 - 5 files changed, 7 insertions(+), 44 deletions(-) diff --git a/frontend/src/download.js b/frontend/src/download.js index 42be0ec4..01aef44b 100644 --- a/frontend/src/download.js +++ b/frontend/src/download.js @@ -41,10 +41,6 @@ function download() { document.l10n.formatValue('decryptingFile').then(progress.setText); }); - fileReceiver.on('hashing', () => { - document.l10n.formatValue('verifyingFile').then(progress.setText); - }); - fileReceiver .download() .catch(err => { diff --git a/frontend/src/fileReceiver.js b/frontend/src/fileReceiver.js index 5b1c21fb..b3215146 100644 --- a/frontend/src/fileReceiver.js +++ b/frontend/src/fileReceiver.js @@ -45,7 +45,6 @@ class FileReceiver extends EventEmitter { resolve([ { data: this.result, - aad: meta.aad, filename: meta.filename, iv: meta.id }, @@ -69,7 +68,6 @@ class FileReceiver extends EventEmitter { { name: 'AES-GCM', iv: hexToArray(fdata.iv), - additionalData: hexToArray(fdata.aad), tagLength: 128 }, key, @@ -78,26 +76,8 @@ class FileReceiver extends EventEmitter { .then(decrypted => { return Promise.resolve(decrypted); }), - fdata.filename, - hexToArray(fdata.aad) + decodeURIComponent(fdata.filename) ]); - }) - .then(([decrypted, fname, proposedHash]) => { - this.emit('hashing'); - return window.crypto.subtle - .digest('SHA-256', decrypted) - .then(calculatedHash => { - const integrity = - new Uint8Array(calculatedHash).toString() === - proposedHash.toString(); - if (!integrity) { - this.emit('unsafe', true); - return Promise.reject(); - } else { - this.emit('safe', true); - return Promise.all([decrypted, decodeURIComponent(fname)]); - } - }); }); } } diff --git a/frontend/src/fileSender.js b/frontend/src/fileSender.js index 989be7fa..ffe0ad19 100644 --- a/frontend/src/fileSender.js +++ b/frontend/src/fileSender.js @@ -48,37 +48,30 @@ class FileSender extends EventEmitter { const reader = new FileReader(); reader.readAsArrayBuffer(this.file); reader.onload = function(event) { - self.emit('hashing'); const plaintext = new Uint8Array(this.result); - window.crypto.subtle.digest('SHA-256', plaintext).then(hash => { - self.emit('encrypting'); - resolve({ plaintext: plaintext, hash: new Uint8Array(hash) }); - }); + resolve(plaintext); }; reader.onerror = function(err) { reject(err); }; }) ]) - .then(([secretKey, file]) => { + .then(([secretKey, plaintext]) => { + self.emit('encrypting'); return Promise.all([ window.crypto.subtle.encrypt( { name: 'AES-GCM', iv: this.iv, - additionalData: file.hash, tagLength: 128 }, secretKey, - file.plaintext + plaintext ), - window.crypto.subtle.exportKey('jwk', secretKey), - new Promise((resolve, reject) => { - resolve(file.hash); - }) + window.crypto.subtle.exportKey('jwk', secretKey) ]); }) - .then(([encrypted, keydata, hash]) => { + .then(([encrypted, keydata]) => { return new Promise((resolve, reject) => { const file = this.file; const fileId = arrayToHex(this.iv); @@ -114,7 +107,6 @@ class FileSender extends EventEmitter { xhr.setRequestHeader( 'X-File-Metadata', JSON.stringify({ - aad: arrayToHex(hash), id: fileId, filename: encodeURIComponent(file.name) }) diff --git a/frontend/src/upload.js b/frontend/src/upload.js index 79ca4dd4..2bf7ea38 100644 --- a/frontend/src/upload.js +++ b/frontend/src/upload.js @@ -169,10 +169,6 @@ $(() => { }); }); - fileSender.on('hashing', () => { - document.l10n.formatValue('verifyingFile').then(progress.setText); - }); - fileSender.on('encrypting', () => { document.l10n.formatValue('encryptingFile').then(progress.setText); }); diff --git a/server/server.js b/server/server.js index d8259083..e843ef05 100644 --- a/server/server.js +++ b/server/server.js @@ -225,7 +225,6 @@ app.post('/upload', (req, res, next) => { } if ( - !meta.hasOwnProperty('aad') || !meta.hasOwnProperty('id') || !meta.hasOwnProperty('filename') || !validateIV(meta.id)