[security] Add security number to PeerUI to make verification of peer-to-peer encryption possible.

2025-04-20 15:06:15 -04:00 · 2023-02-16 02:19:14 +01:00 · 2023-02-16 02:19:14 +01:00 · c5d0eaa034
commit c5d0eaa034
parent e9b23bfdb0
9 changed files with 131 additions and 23 deletions
--- a/public_included_ws_fallback/scripts/network.js
+++ b/public_included_ws_fallback/scripts/network.js
@ -568,7 +568,7 @@ class RTCPeer extends Peer {

    _onChannelOpened(event) {
        console.log('RTC: channel opened with', this._peerId);
-        Events.fire('peer-connected', this._peerId);
+        Events.fire('peer-connected', {peerId: this._peerId, connectionHash: this.getConnectionHash()});
        const channel = event.channel || event.target;
        channel.binaryType = 'arraybuffer';
        channel.onmessage = e => this._onMessage(e.data);
@ -578,6 +578,32 @@ class RTCPeer extends Peer {
        this._channel = channel;
    }

+    getConnectionHash() {
+        const localDescriptionLines = this._conn.localDescription.sdp.split("\r\n");
+        const remoteDescriptionLines = this._conn.remoteDescription.sdp.split("\r\n");
+        let localConnectionFingerprint, remoteConnectionFingerprint;
+        for (let i=0; i<localDescriptionLines.length; i++) {
+            if (localDescriptionLines[i].startsWith("a=fingerprint:")) {
+                localConnectionFingerprint = localDescriptionLines[i].substring(14);
+                break;
+            }
+        }
+        for (let i=0; i<remoteDescriptionLines.length; i++) {
+            if (remoteDescriptionLines[i].startsWith("a=fingerprint:")) {
+                remoteConnectionFingerprint = remoteDescriptionLines[i].substring(14);
+                break;
+            }
+        }
+        const combinedFingerprints = this._isCaller
+            ? localConnectionFingerprint + remoteConnectionFingerprint
+            : remoteConnectionFingerprint + localConnectionFingerprint;
+        let hash = cyrb53(combinedFingerprints).toString();
+        while (hash.length < 16) {
+            hash = "0" + hash;
+        }
+        return hash;
+    }
+
    _onBeforeUnload(e) {
        if (this._busy) {
            e.preventDefault();
@ -679,11 +705,16 @@ class WSPeer extends Peer {
    }

    onServerMessage(message) {
-        Events.fire('peer-connected', message.sender.id)
+        Events.fire('peer-connected', {peerId: message.sender.id, connectionHash: this.getConnectionHash()})
        if (this._peerId) return;
        this._peerId = message.sender.id;
        this._sendSignal();
    }
+
+    getConnectionHash() {
+        // Todo: implement SubtleCrypto asymmetric encryption and create connectionHash from public keys
+        return "";
+    }
 }

 class PeersManager {