OMEMO fixes for Edge.

CHANGES.md

@@ -3,6 +3,7 @@
 ## 4.0.2 (Unreleased)
 
 - M4A and WEBM files when sent as XEP-0066 Out of Band Data, are now playable directly in chat
+- OMEMO fixes for Edge.
 - #1220 Converse not working in Edge
 
 ## 4.0.1 (2018-09-19)

dist/converse.js

@@ -72889,11 +72889,19 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
         async encryptMessage(plaintext) {
           // The client MUST use fresh, randomly generated key/IV pairs
           // with AES-128 in Galois/Counter Mode (GCM).
-          const iv = crypto.getRandomValues(new window.Uint8Array(16)),
+          // For GCM a 12 byte IV is strongly suggested as other IV lengths
+          // will require additional calculations. In principle any IV size
+          // can be used as long as the IV doesn't ever repeat. NIST however
+          // suggests that only an IV size of 12 bytes needs to be supported
+          // by implementations.
+          //
+          // https://crypto.stackexchange.com/questions/26783/ciphertext-and-tag-size-and-iv-transmission-with-aes-in-gcm-mode
+          const iv = crypto.getRandomValues(new window.Uint8Array(12)),
                 key = await crypto.subtle.generateKey(KEY_ALGO, true, ["encrypt", "decrypt"]),
                 algo = {
             'name': 'AES-GCM',
             'iv': iv,
+            'additionalData': new Uint8Array(1),
             'tagLength': TAG_LENGTH
           },
                 encrypted = await crypto.subtle.encrypt(algo, key, u.stringToArrayBuffer(plaintext)),
@@ -72916,6 +72924,7 @@ var __WEBPACK_AMD_DEFINE_FACTORY__, __WEBPACK_AMD_DEFINE_ARRAY__, __WEBPACK_AMD_
                 algo = {
             'name': "AES-GCM",
             'iv': u.base64ToArrayBuffer(obj.iv),
+            'additionalData': new Uint8Array(1),
             'tagLength': TAG_LENGTH
           };
           return u.arrayBufferToString((await crypto.subtle.decrypt(algo, key_obj, cipher)));

src/converse-omemo.js

@@ -204,11 +204,21 @@
                 async encryptMessage (plaintext) {
                     // The client MUST use fresh, randomly generated key/IV pairs
                     // with AES-128 in Galois/Counter Mode (GCM).
-                    const iv = crypto.getRandomValues(new window.Uint8Array(16)),
+
+                    // For GCM a 12 byte IV is strongly suggested as other IV lengths
+                    // will require additional calculations. In principle any IV size
+                    // can be used as long as the IV doesn't ever repeat. NIST however
+                    // suggests that only an IV size of 12 bytes needs to be supported
+                    // by implementations.
+                    //
+                    // https://crypto.stackexchange.com/questions/26783/ciphertext-and-tag-size-and-iv-transmission-with-aes-in-gcm-mode
+
+                    const iv = crypto.getRandomValues(new window.Uint8Array(12)),
                           key = await crypto.subtle.generateKey(KEY_ALGO, true, ["encrypt", "decrypt"]),
                           algo = {
                               'name': 'AES-GCM',
                               'iv': iv,
+                              'additionalData': new Uint8Array(1),
                               'tagLength': TAG_LENGTH
                           },
                           encrypted = await crypto.subtle.encrypt(algo, key, u.stringToArrayBuffer(plaintext)),
@@ -232,6 +242,7 @@
                           algo = {
                               'name': "AES-GCM",
                               'iv': u.base64ToArrayBuffer(obj.iv),
+                              'additionalData': new Uint8Array(1),
                               'tagLength': TAG_LENGTH
                           }
                     return u.arrayBufferToString(await crypto.subtle.decrypt(algo, key_obj, cipher));