Commit 942d2626 authored by JC Brand's avatar JC Brand

Implement a check that the user's password is still the same

before trusting the decrypted private key, otherwise generate a new one.
parent 3fbf572a
...@@ -298,15 +298,24 @@ ...@@ -298,15 +298,24 @@
getPrivateKey: function () { getPrivateKey: function () {
var savedKey = this.get('priv_key'); var savedKey = this.get('priv_key');
var passCheck = this.get('pass_check');
var cipher = crypto.lib.PasswordBasedCipher;
var pass = converse.connection.pass;
var myKey, decrypted, ciphertextParams; var myKey, decrypted, ciphertextParams;
if (savedKey) { if (savedKey) {
decrypted = crypto.lib.PasswordBasedCipher.decrypt(crypto.algo.AES, savedKey, converse.connection.pass); decrypted = cipher.decrypt(crypto.algo.AES, savedKey, pass);
myKey = otr.DSA.parsePrivate(decrypted.toString(crypto.enc.Latin1)); myKey = otr.DSA.parsePrivate(decrypted.toString(crypto.enc.Latin1));
} else { if (cipher.decrypt(crypto.algo.AES, passCheck, 'pass').toString(crypto.enc.Latin1) === 'match') {
myKey = new otr.DSA(); // Verified that the user's password is still the same
ciphertextParams = crypto.lib.PasswordBasedCipher.encrypt(crypto.algo.AES, myKey.packPrivate(), converse.connection.pass); return myKey;
this.save({'priv_key': ciphertextParams.toString()}); }
} }
// Couldn't get stored key, generate a new one.
myKey = new otr.DSA();
this.save({
'priv_key': cipher.encrypt(crypto.algo.AES, myKey.packPrivate(), pass).toString(),
'pass_check': cipher.encrypt(crypto.algo.AES, 'match', pass).toString()
});
return myKey; return myKey;
}, },
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment