move shared secret to QRCodeData

src/crypto/verification/QRCode.js

@@ -24,7 +24,7 @@ import {VerificationBase as Base} from "./Base";
 import {
     newKeyMismatchError,
 } from './Error';
-import {decodeBase64} from "../olmlib";
+import olmlib from "../olmlib";
 
 export const SHOW_QR_CODE_METHOD = "m.qr_code.show.v1";
 export const SCAN_QR_CODE_METHOD = "m.qr_code.scan.v1";
@@ -49,8 +49,9 @@ export class ReciprocateQRCode extends Base {
                 "with this method yet.");
         }
 
+        const {qrCodeData} = this.request;
         // 1. check the secret
-        if (this.startEvent.getContent()['secret'] !== this.request.encodedSharedSecret) {
+        if (this.startEvent.getContent()['secret'] !== qrCodeData.encodedSharedSecret) {
             throw newKeyMismatchError();
         }
 
@@ -64,7 +65,6 @@ export class ReciprocateQRCode extends Base {
         });
 
         const keys = {};
-        const {qrCodeData} = this.request;
         if (qrCodeData.mode === MODE_VERIFY_OTHER_USER) {
             // add master key to keys to be signed, only if we're not doing self-verification
             const masterKey = qrCodeData.otherUserMasterKey;
@@ -107,6 +107,7 @@ const MODE_VERIFY_SELF_UNTRUSTED = 0x02; // We do not trust the master key
 
 export class QRCodeData {
     constructor(request, client) {
+        this._sharedSecret = QRCodeData._generateSharedSecret();
         this._mode = QRCodeData._determineMode(request, client);
         this._otherUserMasterKey = null;
         this._otherDeviceKey = null;
@@ -137,6 +138,19 @@ export class QRCodeData {
         return this._otherUserMasterKey;
     }
 
+    /**
+     * The unpadded base64 encoded shared secret.
+     */
+    get encodedSharedSecret() {
+        return this._sharedSecret;
+    }
+
+    static _generateSharedSecret() {
+        const secretBytes = new Uint8Array(8);
+        global.crypto.getRandomValues(secretBytes);
+        this._sharedSecret = olmlib.encodeUnpaddedBase64(secretBytes);
+    }
+
     static _getOtherDeviceKey(request, client) {
         const myUserId = client.getUserId();
         const myDevices = client.getStoredDevicesForUser(myUserId) || [];
@@ -173,7 +187,7 @@ export class QRCodeData {
             transactionId,
             firstKeyB64: '', // worked out shortly
             secondKeyB64: '', // worked out shortly
-            secretB64: request.encodedSharedSecret,
+            secretB64: this.encodedSharedSecret,
         };
 
         const myCrossSigningInfo = client.getStoredCrossSigningForUser(myUserId);
@@ -216,7 +230,7 @@ export class QRCodeData {
             buf = Buffer.concat([buf, tmpBuf]);
         };
         const appendEncBase64 = (b64: string) => {
-            const b = decodeBase64(b64);
+            const b = olmlib.decodeBase64(b64);
             const tmpBuf = Buffer.from(b);
             buf = Buffer.concat([buf, tmpBuf]);
         };

src/crypto/verification/request/VerificationRequest.js

@@ -23,7 +23,6 @@ import {
     newUnexpectedMessageError,
     newUnknownMethodError,
 } from "../Error";
-import * as olmlib from "../../olmlib";
 import {QRCodeData, SCAN_QR_CODE_METHOD} from "../QRCode";
 
 // the recommended amount of time before a verification request
@@ -71,7 +70,6 @@ export class VerificationRequest extends EventEmitter {
         this._eventsByThem = new Map();
         this._observeOnly = false;
         this._timeoutTimer = null;
-        this._sharedSecret = null; // used for QR codes
         this._accepting = false;
         this._declining = false;
         this._verifierHasFinished = false;
@@ -209,7 +207,6 @@ export class VerificationRequest extends EventEmitter {
 
     /** Only set after a .ready if the other party can scan a QR code */
     get qrCodeData() {
-        // TODO, merge encodedSharedSecret in here as well
         return this._qrCodeData;
     }
 
@@ -327,14 +324,6 @@ export class VerificationRequest extends EventEmitter {
         return this._observeOnly;
     }
 
-    /**
-     * The unpadded base64 encoded shared secret. Primarily used for QR code
-     * verification.
-     */
-    get encodedSharedSecret() {
-        if (!this._sharedSecret) this._generateSharedSecret();
-        return this._sharedSecret;
-    }
 
     /**
      * Gets which device the verification should be started with
@@ -394,7 +383,6 @@ export class VerificationRequest extends EventEmitter {
         if (!this.observeOnly && this._phase === PHASE_UNSENT) {
             const methods = [...this._verificationMethods.keys()];
             await this.channel.send(REQUEST_TYPE, {methods});
-            this._generateSharedSecret();
         }
     }
 
@@ -427,16 +415,9 @@ export class VerificationRequest extends EventEmitter {
             this._accepting = true;
             this.emit("change");
             await this.channel.send(READY_TYPE, {methods});
-            this._generateSharedSecret();
         }
     }
 
-    _generateSharedSecret() {
-        const secretBytes = new Uint8Array(8);
-        global.crypto.getRandomValues(secretBytes);
-        this._sharedSecret = olmlib.encodeUnpaddedBase64(secretBytes);
-    }
-
     /**
      * Can be used to listen for state changes until the callback returns true.
      * @param {Function} fn callback to evaluate whether the request is in the desired state.