session-desktop/libtextsecure/ProvisioningCipher.js

(function() {
'use strict';

function ProvisioningCipher() {}

ProvisioningCipher.prototype = {
    decrypt: function(provisionEnvelope) {
        var masterEphemeral = provisionEnvelope.publicKey.toArrayBuffer();
        var message = provisionEnvelope.body.toArrayBuffer();
        if (new Uint8Array(message)[0] != 1) {
            throw new Error("Bad version number on ProvisioningMessage");
        }

        var iv = message.slice(1, 16 + 1);
        var mac = message.slice(message.byteLength - 32, message.byteLength);
        var ivAndCiphertext = message.slice(0, message.byteLength - 32);
        var ciphertext = message.slice(16 + 1, message.byteLength - 32);

        return libsignal.Curve.async.calculateAgreement(
            masterEphemeral, this.keyPair.privKey
        ).then(function(ecRes) {
            return libsignal.HKDF.deriveSecrets(
                ecRes, new ArrayBuffer(32), "TextSecure Provisioning Message"
            );
        }).then(function(keys) {
            return libsignal.crypto.verifyMAC(ivAndCiphertext, keys[1], mac, 32).then(function() {
                return libsignal.crypto.decrypt(keys[0], ciphertext, iv);
            });
        }).then(function(plaintext) {
            var provisionMessage = textsecure.protobuf.ProvisionMessage.decode(plaintext);
            var privKey = provisionMessage.identityKeyPrivate.toArrayBuffer();

            return libsignal.Curve.async.createKeyPair(privKey).then(function(keyPair) {
                return {
                    identityKeyPair  : keyPair,
                    number           : provisionMessage.number,
                    provisioningCode : provisionMessage.provisioningCode,
                    userAgent        : provisionMessage.userAgent
                };
            });
        });
    },
    getPublicKey: function() {
      return Promise.resolve().then(function() {
          if (!this.keyPair) {
              return libsignal.Curve.async.generateKeyPair().then(function(keyPair) {
                  this.keyPair = keyPair;
              }.bind(this));
          }
      }.bind(this)).then(function() {
          return this.keyPair.pubKey;
      }.bind(this));
    }
};

libsignal.ProvisioningCipher = function() {
    var cipher = new ProvisioningCipher();

    this.decrypt      = cipher.decrypt.bind(cipher);
    this.getPublicKey = cipher.getPublicKey.bind(cipher);
};

})();