Derive pairwise secret from DH output and room secret

Cryptodog · Nov 16, 2024 · 362afa8 · 362afa8
1 parent 0cf0622
commit 362afa8
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 5 deletions.
diff --git a/js/etc/keys.js b/js/etc/keys.js
@@ -52,7 +52,7 @@ Cryptodog.keys = function () { };
 
         return {
             roomId,
-            roomSecret,
+            roomSecret: new Uint8Array(roomSecret)
         };
     };
 }());
diff --git a/js/etc/multiParty.js b/js/etc/multiParty.js
@@ -235,7 +235,8 @@ Cryptodog.multiParty = function () { };
             Cryptodog.multiParty.ecdhWorker.postMessage({
                 theirName: sender,
                 theirPublicKey: publicKey,
-                ourPrivateKey: Cryptodog.me.mpPrivateKey
+                ourPrivateKey: Cryptodog.me.mpPrivateKey,
+                roomSecret: Cryptodog.me.roomSecret,
             });
             buddy.mpPublicKey = publicKey;
             buddy.mpFingerprint = Cryptodog.multiParty.genFingerprint(sender);

diff --git a/js/workers/ecdh.js b/js/workers/ecdh.js
@@ -1,14 +1,23 @@
 importScripts('../lib/crypto-js.js', '../lib/bigint.mod.js', '../lib/elliptic.js');
 
 onmessage = function (event) {
-    let sharedSecret = genSharedSecret(event.data.theirPublicKey, event.data.ourPrivateKey);
+    let sharedSecret = genSharedSecret(event.data.theirPublicKey, event.data.ourPrivateKey, event.data.roomSecret);
     postMessage({ theirName: event.data.theirName, secretKey: sharedSecret });
 };
 
+// convert a Uint8Array to a WordArray
+const toWordArray = function (uint8Arr) {
+    var wa = [], i;
+    for (i = 0; i < uint8Arr.length; i++) {
+        wa[(i / 4) | 0] |= uint8Arr[i] << (24 - 8 * i);
+    }
+    return CryptoJS.lib.WordArray.create(wa, uint8Arr.length);
+};
+
 // Generate shared secrets
 // First 256 bytes are for encryption, last 256 bytes are for HMAC.
 // Represented as WordArrays
-function genSharedSecret(theirPublicKey, ourPrivateKey) {
+function genSharedSecret(theirPublicKey, ourPrivateKey, roomSecret) {
     // I need to convert the BigInt to WordArray here. I do it using the Base64 representation.
     var sharedSecret = CryptoJS.SHA512(
         CryptoJS.enc.Base64.parse(
@@ -18,9 +27,12 @@ function genSharedSecret(theirPublicKey, ourPrivateKey) {
             )
         )
     );
+    // concat the room secret to the hashed DH output, and hash that to get the final shared secret
+    const mixed = sharedSecret.concat(toWordArray(roomSecret));
+    sharedSecret = CryptoJS.SHA512(mixed);
 
     return {
         message: sharedSecret.words.slice(0, 8),
         hmac: sharedSecret.words.slice(8, 16)
     };
-};
+};