aboutsummaryrefslogtreecommitdiffstats
path: root/view
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2020-08-20 22:47:33 +0200
committerMario Vavti <mario@mariovavti.com>2020-08-20 22:47:33 +0200
commitc4c47f777724937746c99c064e65f52723443e59 (patch)
treec12ed23f32e394af6aa419b5f7e77badf772d431 /view
parente55a1a6aa8fe55d20b588f0223a15018053bfd48 (diff)
downloadvolse-hubzilla-c4c47f777724937746c99c064e65f52723443e59.tar.gz
volse-hubzilla-c4c47f777724937746c99c064e65f52723443e59.tar.bz2
volse-hubzilla-c4c47f777724937746c99c064e65f52723443e59.zip
first cut on implementing additional encryption with the SJCL library. aes only and no backward compatibility.
Diffstat (limited to 'view')
-rw-r--r--view/js/crypto.js94
-rw-r--r--view/php/theme_init.php2
-rw-r--r--view/tpl/chat.tpl4
-rwxr-xr-xview/tpl/comment_item.tpl2
-rwxr-xr-xview/tpl/jot.tpl4
5 files changed, 100 insertions, 6 deletions
diff --git a/view/js/crypto.js b/view/js/crypto.js
index c3a37d177..058b769c5 100644
--- a/view/js/crypto.js
+++ b/view/js/crypto.js
@@ -131,6 +131,63 @@ function red_encrypt(alg, elem,text) {
// }
}
+function hz_encrypt(alg, elem) {
+ var enc_text = '';
+ var newdiv = '';
+
+ if(typeof tinyMCE !== "undefined")
+ tinyMCE.triggerSave(false,true);
+
+ var text = $(elem).val();
+
+ // key and hint need to be localised
+
+ var passphrase = prompt(aStr['passphrase']);
+ // let the user cancel this dialogue
+ if (passphrase == null)
+ return false;
+ var enc_key = bin2hex(passphrase);
+
+ // If you don't provide a key you get rot13, which doesn't need a key
+ // but consequently isn't secure.
+
+ if(! enc_key)
+ alg = 'rot13';
+
+ if((alg == 'rot13') || (alg == 'triple-rot13'))
+ newdiv = "[crypt alg='rot13']" + window.btoa(str_rot13(text)) + '[/crypt]';
+
+ if(alg == 'AES-256') {
+
+ // This is the prompt we're going to use when the receiver tries to open it.
+ // Maybe "Grandma's maiden name" or "our secret place" or something.
+
+ var enc_hint = bin2hex(prompt(aStr['passhint']));
+
+ enc_text = sjcl.encrypt(enc_key, text, { ks: 256 });
+
+ encrypted = enc_text.toString();
+
+ newdiv = "[crypt alg='AES-256' hint='" + enc_hint + "']" + window.btoa(encrypted) + '[/crypt]';
+ }
+
+ enc_key = '';
+
+ // This might be a comment box on a page with a tinymce editor
+ // so check if there is a tinymce editor but also check the display
+ // property of our source element - because a tinymce instance
+ // will have display "none". If a normal textarea such as in a comment
+ // box has display "none" you wouldn't be able to type in it.
+
+ if($(elem).css('display') == 'none' && typeof tinyMCE !== "undefined") {
+ tinyMCE.activeEditor.setContent(newdiv);
+ }
+ else {
+ $(elem).val(newdiv);
+ }
+
+}
+
function red_decrypt(alg,hint,text,elem) {
var dec_text = '';
@@ -180,7 +237,42 @@ function red_decrypt(alg,hint,text,elem) {
}
}
-
+function hz_decrypt(alg, hint, text, elem) {
+
+ var dec_text = '';
+
+ text = window.atob(text);
+
+ if(alg == 'rot13' || alg == 'triple-rot13')
+ dec_text = str_rot13(text);
+ else {
+ var enc_key = bin2hex(prompt((hint.length) ? hex2bin(hint) : aStr['passphrase']));
+ }
+
+ if(alg == 'AES-256') {
+ dec_text = sjcl.decrypt(enc_key, text);
+ }
+
+ enc_key = '';
+
+ // Not sure whether to drop this back in the conversation display.
+ // It probably needs a lightbox or popup window because any conversation
+ // updates could
+ // wipe out the text and make you re-enter the key if it was in the
+ // conversation. For now we do that so you can read it.
+
+ var dec_result = dec_text.toString();
+ delete dec_text;
+
+ // incorrect decryptions *usually* but don't always have zero length
+ // If the person typo'd let them try again without reloading the page
+ // otherwise they'll have no "padlock" to click to try again.
+
+ if(dec_result.length) {
+ $(elem).html(b2h(dec_result));
+ dec_result = '';
+ }
+}
diff --git a/view/php/theme_init.php b/view/php/theme_init.php
index d47325b77..d7cf0a4e8 100644
--- a/view/php/theme_init.php
+++ b/view/php/theme_init.php
@@ -27,6 +27,8 @@ head_add_js('/library/cryptojs/rollups/aes.js');
head_add_js('/library/cryptojs/rollups/rabbit.js');
head_add_js('/library/cryptojs/rollups/tripledes.js');
+head_add_js('/library/sjcl/sjcl.js');
+
head_add_js('acl.js');
head_add_js('webtoolkit.base64.js');
head_add_js('main.js');
diff --git a/view/tpl/chat.tpl b/view/tpl/chat.tpl
index c189cbd15..7ef957b7e 100644
--- a/view/tpl/chat.tpl
+++ b/view/tpl/chat.tpl
@@ -70,7 +70,7 @@
</div>
{{if $feature_encrypt}}
<div class="btn-group mr-2 d-none d-md-flex">
- <button id="chat-encrypt-wrapper" class="btn btn-outline-secondary btn-sm" onclick="red_encrypt('{{$cipher}}', '#chatText', $('#chatText').val()); return false;">
+ <button id="chat-encrypt-wrapper" class="btn btn-outline-secondary btn-sm" onclick="hz_encrypt('{{$cipher}}', '#chatText'); return false;">
<i id="chat-encrypt" class="fa fa-key jot-icons" title="{{$encrypt}}" ></i>
</button>
</div>
@@ -83,7 +83,7 @@
<a class="dropdown-item" href="#" onclick="chatJotGetLink(); return false;" ><i class="fa fa-link"></i>&nbsp;{{$insert}}</a>
{{if $feature_encrypt}}
<div class="dropdown-divider"></div>
- <a class="dropdown-item" href="#" onclick="red_encrypt('{{$cipher}}', '#chatText' ,$('#chatText').val()); return false;"><i class="fa fa-key"></i>&nbsp;{{$encrypt}}</a>
+ <a class="dropdown-item" href="#" onclick="hz_encrypt('{{$cipher}}', '#chatText'); return false;"><i class="fa fa-key"></i>&nbsp;{{$encrypt}}</a>
{{/if}}
</div>
</div>
diff --git a/view/tpl/comment_item.tpl b/view/tpl/comment_item.tpl
index 3b51971ec..0b2ef1a1c 100755
--- a/view/tpl/comment_item.tpl
+++ b/view/tpl/comment_item.tpl
@@ -50,7 +50,7 @@
</div>
{{if $feature_encrypt}}
<div class="btn-group mr-2">
- <button class="btn btn-outline-secondary btn-sm" title="{{$encrypt}}" onclick="red_encrypt('{{$cipher}}','#comment-edit-text-' + '{{$id}}',''); return false;">
+ <button class="btn btn-outline-secondary btn-sm" title="{{$encrypt}}" onclick="hz_encrypt('{{$cipher}}','#comment-edit-text-' + '{{$id}}'); return false;">
<i class="fa fa-key comment-icon"></i>
</button>
</div>
diff --git a/view/tpl/jot.tpl b/view/tpl/jot.tpl
index 09ddb062d..4e496b511 100755
--- a/view/tpl/jot.tpl
+++ b/view/tpl/jot.tpl
@@ -151,7 +151,7 @@
</button>
{{/if}}
{{if $feature_encrypt}}
- <button id="profile-encrypt-wrapper" class="btn btn-outline-secondary btn-sm" title="{{$encrypt}}" onclick="red_encrypt('{{$cipher}}','#profile-jot-text',$('#profile-jot-text').val());return false;">
+ <button id="profile-encrypt-wrapper" class="btn btn-outline-secondary btn-sm" title="{{$encrypt}}" onclick="hz_encrypt('{{$cipher}}','#profile-jot-text');return false;">
<i id="profile-encrypt" class="fa fa-key jot-icons"></i>
</button>
{{/if}}
@@ -197,7 +197,7 @@
<a class="dropdown-item" href="#" onclick="jotGetPubDate();return false;"><i class="fa fa-clock-o"></i>&nbsp;{{$future_txt}}</a>
{{/if}}
{{if $feature_encrypt}}
- <a class="dropdown-item" href="#" onclick="red_encrypt('{{$cipher}}','#profile-jot-text',$('#profile-jot-text').val());return false;"><i class="fa fa-key"></i>&nbsp;{{$encrypt}}</a>
+ <a class="dropdown-item" href="#" onclick="hz_encrypt('{{$cipher}}','#profile-jot-text');return false;"><i class="fa fa-key"></i>&nbsp;{{$encrypt}}</a>
{{/if}}
<a class="dropdown-item" href="#" onclick="initPoll(); return false"><i id="profile-poll" class="fa fa-bar-chart jot-icons"></i>&nbsp;{{$poll}}</a>
{{if $feature_nocomment}}