diff options
Diffstat (limited to 'client-web/source')
| -rw-r--r-- | client-web/source/protocol/crypto.ts | 34 | ||||
| -rw-r--r-- | client-web/source/protocol/mod.ts | 17 |
2 files changed, 46 insertions, 5 deletions
diff --git a/client-web/source/protocol/crypto.ts b/client-web/source/protocol/crypto.ts index 654e80b..76f48c0 100644 --- a/client-web/source/protocol/crypto.ts +++ b/client-web/source/protocol/crypto.ts @@ -73,6 +73,40 @@ export async function crypt_decrypt(key: CryptoKey, data: string): Promise<strin } } +//* Code that might be useful in the future for signing +// const ECDSA_PARAMS = { name: "ECDSA", namedCurve: "P-521", hash: { name: "SHA-384" } } +// export async function crypto_sign(key: CryptoKey, message: string): Promise<string> { +// const signature = await crypto.subtle.sign( +// ECDSA_PARAMS, +// key, +// new TextEncoder().encode(message) +// ) +// return buf_to_base64(new Uint8Array(signature)) +// } +// export async function crypto_generate_signing_key(): Promise<CryptoKeyPair> { +// return await crypto.subtle.generateKey( +// ECDSA_PARAMS, +// false, +// ["sign", "verify"] +// ) +// } +// export async function crypto_verify(key: CryptoKey, message: string, signature: string): Promise<boolean> { +// return await crypto.subtle.verify( +// ECDSA_PARAMS, +// key, +// base64_to_buf(signature).buffer, +// new TextEncoder().encode(message) +// ) +// } +// export async function export_public_signing_key(key: CryptoKey): Promise<string> { +// const buf = await crypto.subtle.exportKey("spki", key) +// return buf_to_base64(new Uint8Array(buf)) +// } +// export async function import_public_signing_key(der: string): Promise<CryptoKey | undefined> { +// const bin_der = base64_to_buf(der).buffer; // TODO safety +// return await crypto.subtle.importKey("spki", bin_der, ECDSA_PARAMS, true, ["verify"]) // TODO safety +// } + export function base64_to_buf(data: string): Uint8Array { const binary_string = globalThis.atob(data); const bytes = new Uint8Array(binary_string.length); diff --git a/client-web/source/protocol/mod.ts b/client-web/source/protocol/mod.ts index b225ced..c756742 100644 --- a/client-web/source/protocol/mod.ts +++ b/client-web/source/protocol/mod.ts @@ -1,4 +1,4 @@ -import { ClientboundPacket, RelayMessage, ServerboundPacket } from "../../../common/packets.d.ts" +import { ClientboundPacket, RelayMessage, RelayMessageWrapper, ServerboundPacket } from "../../../common/packets.d.ts" import { log } from "../logger.ts" import { crypto_encrypt, crypto_seeded_key, crypt_decrypt, crypt_hash } from "./crypto.ts" @@ -7,6 +7,7 @@ export class SignalingConnection { websocket!: WebSocket signaling_id!: string key!: CryptoKey + my_id?: number // needed for outgoing relay messages control_handler: (_packet: ClientboundPacket) => void = () => { } relay_handler: (_sender: number, _message: RelayMessage) => void = () => { } @@ -47,10 +48,15 @@ export class SignalingConnection { async on_message(data: string) { const packet: ClientboundPacket = JSON.parse(data) // TODO dont crash if invalid this.control_handler(packet) + if (packet.init) this.my_id = packet.init.your_id; if (packet.message) { - const inner_json = await crypt_decrypt(this.key, packet.message.message) - const inner: RelayMessage = JSON.parse(inner_json) // TODO make sure that protocol spec is met - this.relay_handler(packet.message.sender, inner) + const plain_json = await crypt_decrypt(this.key, packet.message.message) + const plain: RelayMessageWrapper = JSON.parse(plain_json) // TODO make sure that protocol spec is met + if (plain.sender == packet.message.sender) + this.relay_handler(packet.message.sender, plain.inner) + else { + log({ scope: "crypto", warn: true }, `message dropped: sender inconsistent (${plain.sender} != ${packet.message.sender})`) + } } } @@ -59,7 +65,8 @@ export class SignalingConnection { } async send_relay(data: RelayMessage, recipient?: number | null) { recipient ??= undefined // null -> undefined - const message = await crypto_encrypt(this.key, JSON.stringify(data)) + const packet: RelayMessageWrapper = { inner: data, sender: this.my_id! } + const message = await crypto_encrypt(this.key, JSON.stringify(packet)) this.send_control({ relay: { recipient, message } }) } } |