Development (#30)

* test

* Updated

* testing recent changes

* My Next PR of changes (#24)

* removed chat plugin from dev build

* disabled xterm console from build

* more xterm removal

* pw gen fix

* fix for encrypt-file

* fix for decryptFile

* allow target_blank passtrough during link-takeover

* update

Co-authored-by: onlykey <onlykey@users.noreply.github.com>

* update for heroku test

* update for heroku test

* updates

* update

* Merge branch 'heroku-deploy' into development

# Conflicts:
#	src/app-src.html
#	src/onlykey-fido2/onlykey/kbpgp-2.1.0.ok.ecc.js
#	src/onlykey-fido2/onlykey/onlykey-api.js

Co-authored-by: Bradley Matusiak <bmatusiak@gmail.com>

Author: onlykey

past_releases/Beta8/src/onlykey-api.js

@@ -8,6 +8,7 @@ var hw_RNG = {};
 var appId = window.location.origin;
 var version = "U2F_V2";
 var OKversion;
+var FWversion;
 var browser = "Chrome";
 var os = getOS();
 var packetnum=0;
@@ -70,7 +71,7 @@ initok = async function () {
       if (os=='Android') await wait(6000);
       else await wait(3000);
     }
-    await wait(1000);
+    await wait(2000);
     if (typeof(sharedsec) === "undefined" && window._status != 'Encrypt Only') {
       if (browser=='Firefox') headermsg("OnlyKey not connected! Close this tab and open a new one to try again.");
       else headermsg("OnlyKey not connected! Refresh this page to try again.");
@@ -110,7 +111,11 @@ IntToByteArray = function(int) {
 function get_pin (byte) {
   if (byte < 6) return 1;
   else {
-    return (byte % 5) + 1;
+    if (FWversion.indexOf('beta') > -1) {
+      return (byte % 5) + 1;
+    } else {
+    return (byte % 6) + 1;
+    }
   }
 }
 
@@ -289,16 +294,23 @@ async function msg_polling(params = {}, cb) {
       _setStatus('pending_challenge');
       data = 1;
     } else if (type == 1) {
-      okPub = response.slice(21, 53);
-      console.info("OnlyKey Public Key: ", okPub );
+      FWversion = bytes2string(response.slice(8, 20));
+
+      if (FWversion.indexOf('beta') > -1) {
+        okPub = response.slice(21, 53);
+        OKversion = response[19] == 99 ? 'Color' : 'Original';
+      } else {
+        FWversion = bytes2string(response.slice(32+8, 32+20));
+        okPub = response.slice(0, 32);
+        OKversion = response[32+19] == 99 ? 'Color' : 'Go';
+      }
       sharedsec = nacl.box.before(Uint8Array.from(okPub), appKey.secretKey);
-      console.info("NACL shared secret: ", sharedsec );
-      OKversion = response[19] == 99 ? 'Color' : 'Original';
-      var FWversion = bytes2string(response.slice(8, 20));
-      msg("OnlyKey " + OKversion + " " + FWversion + " secure encrypted connection established using NACL shared secret and AES256 GCM encryption\n");
+      var key = sha256(sharedsec); //AES256 key sha256 hash of shared secret
+      msg("OnlyKey " + FWversion + " secure encrypted connection established using NACL shared secret and AES256 GCM encryption\n");
       id('header_messages').innerHTML = "<br>";
       headermsg("OnlyKey " + FWversion + " Secure Connection Established\n");
-      var key = sha256(sharedsec); //AES256 key sha256 hash of shared secret
+      console.info("OnlyKey Public Key: ", okPub );
+      console.info("NACL shared secret: ", sharedsec );
       console.info("AES Key", key);
       return;
     } /*else if (type == 2) {
@@ -668,6 +680,7 @@ async function ctaphid_via_webauthn(cmd, opt1, opt2, opt3, data, timeout) {
       timeout: timeout,
       //rpId: 'apps.crp.to',
       userVerification: 'discouraged',
+      //requireResidentKey: 'required',
       //userPresence: 'false',
       //mediation: 'silent',
       //extensions: {

src/app-src.html

@@ -52,7 +52,7 @@ <h1 id="fancy-icons">
       <i class="fi-b fa fa-long-arrow-right fa-2x" aria-hidden="true"></i>
       <i class="fi-c fa fa-lock fa-2x" aria-hidden="true"></i>
     </h1>
-    <h5><div id="header_messages"></div></h5>
+    <div id="header_messages"></div>
   </div>
   <div id="container">
     <div class="text-center">

src/onlykey-fido2/onlykey/kbpgp-2.1.0.ok.ecc.js

@@ -1583,13 +1583,8 @@
 
     Curve25519.prototype.decrypt = function(x, V) {
       var S;
-
-      console.log("Curve25519:decrypt:x",x);
       x = Curve25519.reverse_buf(x);
       S = kbnacl.alloc({}).scalarmult(x, V);
-      console.log("Curve25519:decrypt:V",V);
-      console.log("Curve25519:decrypt:xREV",x);
-      console.log("Curve25519:decrypt:S",S);
       return S;
     };
 
@@ -5555,7 +5550,7 @@ _break()
       for (i = _i = 0, _len = hex_key_ids.length; _i < _len; i = ++_i) {
         id = hex_key_ids[i];
         k = this._keys[id];
-        if (onlykey.is_ecc) {
+        if (onlykey.is_ecc || (k != null ? (_ref = k.key) != null ? _ref.can_perform(ops) : void 0 : void 0)) {
           ret_i = i;
           km = this._kms[id];
           break;

src/onlykey-fido2/onlykey/onlykey-api.js

@@ -80,8 +80,8 @@ module.exports = function(imports) {
         }
 
         if (typeof(onlykey_api.sharedsec) === "undefined") {
-          if (onlykey_api.browser == 'Firefox') headermsg("OnlyKey not connected! Close this tab and open a new one to try again.");
-          else headermsg("OnlyKey not connected! Refresh this page to try again.");
+          if (onlykey_api.browser == 'Firefox') headermsg("<p class='text-danger'>OnlyKey not connected! Close this tab and open a new one to try again.</p>");
+          else headermsg("<p class='text-danger'>OnlyKey not connected! Refresh this page to try again.</p>");
           if (callback && typeof callback == "function")
             callback(true);
           resolve();
@@ -152,8 +152,8 @@ module.exports = function(imports) {
         response = ctaphid_response.data;
 
       if (!response) {
-        if (onlykey_api.browser == 'Firefox') headermsg("OnlyKey not connected! Close this tab and open a new one to try again.");
-        else headermsg("OnlyKey not connected! Refresh this page to try again.");
+        if (onlykey_api.browser == 'Firefox') headermsg("<p class='text-danger'>OnlyKey not connected! Close this tab and open a new one to try again.</p>");
+        else headermsg("<p class='text-danger'>OnlyKey not connected! Refresh this page to try again.</p>");
         imports.app.emit("ok-disconnected");
       }
       else {
@@ -189,11 +189,10 @@ module.exports = function(imports) {
               onlykey_api.OKversion = response[19] == 99 ? 'Color' : 'Original';
               onlykey_api.FWversion = bytes2string(response.slice(8, 20));
               console.info("Version:",[onlykey_api.OKversion, onlykey_api.FWversion]);
-              headermsg("OnlyKey " + onlykey_api.FWversion + " Secure Connection Established\n");
-  
               imports.app.emit("ok-connected");
               cb(null);
             }
+            headermsg("<p class='text-success'>OnlyKey " + onlykey_api.FWversion + " Secure Connection Established</p>\n");
             break;
           default:
             imports.app.emit("ok-disconnected");
@@ -297,6 +296,9 @@ module.exports = function(imports) {
         }
       default:
         console.warn("ctap_error_code", ctap_error_codes[error_code]);
+        if (ctap_error_codes[error_code] == 'CTAP2_ERR_EXTENSION_NOT_SUPPORTED') {
+           error = ctap_error_codes[error_code];
+        }
         break;
     }
 
@@ -414,10 +416,9 @@ module.exports = function(imports) {
   function id(s) { return document.getElementById(s); }
 
   function headermsg(s) { 
-    
-    if(imports.app)
-      imports.app.emit("ok-message",s);
-    else
+    //if(imports.app)
+    //  imports.app.emit("ok-message",s);
+    //else
       id('header_messages').innerHTML += "<br>" + s; 
 
   }

src/onlykey-fido2/onlykey/onlykey-pgp.js

@@ -567,6 +567,8 @@ module.exports = function(imports) {
             console.info(decryptedMessage);
             _api.emit("done");
             callback(null, decryptedMessage);
+            _$status('finished');
+            imports.app.emit("ok-connected");
             resolve(decryptedMessage);
           });
         });
@@ -673,6 +675,8 @@ module.exports = function(imports) {
             saveAs(finalfile, filename);
             _api.emit("done");
             callback();
+            _$status('finished');
+            imports.app.emit("ok-connected");
             resolve();
           });
 
@@ -796,10 +800,10 @@ module.exports = function(imports) {
             else {
               _api.emit("status", 'Done :)  Click here to copy message, then paste encrypted message into an email, IM, whatever.');
             }
-
-            _$status("finished");
             _api.emit("done");
             callback(null, results);
+            _$status('finished');
+            imports.app.emit("ok-connected");
             return resolve(results);
           });
         });
@@ -914,7 +918,6 @@ module.exports = function(imports) {
                   _api.emit("status", 'Done :)  downloading signed file ' + filename + '.zip.gpg');
                 else
                   _api.emit("status", 'Done :)  downloading encrypted file ' + filename + '.zip.gpg');
-                _$status("finished");
                 if (usevirtru != null) {
                   try {
                     _api.emit("status", 'Done :)  downloading encrypted file ' + filename + '.tdf');
@@ -933,6 +936,8 @@ module.exports = function(imports) {
                   saveAs(finalfile, filename + ".zip.gpg");
                   _api.emit("done");
                   callback();
+                  _$status('finished');
+                  imports.app.emit("ok-connected");
                   return resolve();
                 }
               });

src/plugins/decrypt/decrypt-file.page.html

@@ -1,4 +1,3 @@
-<h5><div id=header_messages></div></h5>
 <h4>
     <font size="+2">Securely decrypt and verify files using
         <a href="https://onlykey.io" target="_blank">OnlyKey</a>

src/plugins/decrypt/decrypt.page.html

@@ -1,4 +1,3 @@
-<h5><div id=header_messages></div></h5>
 <h4>
     <font size="+2">Securely decrypt and verify messages using
         <a href="https://onlykey.io" target="_blank">OnlyKey</a></font>