Start encypted convesation

[rvboris]

JS Console log:

Uncaught TypeError: Cannot read property 'words' of undefined converse.min.js?s=1386885805:142 r.WordArray.i.extend.concat converse.min.js?s=1386885805:142 r.BufferedBlockAlgorithm.i.extend._append converse.min.js?s=1386885805:142 r.Hasher.l.extend.update converse.min.js?s=1386885805:142 i.EvpKDF.n.extend.compute converse.min.js?s=1386885805:142 x.OpenSSL.execute converse.min.js?s=1386885805:142 n.PasswordBasedCipher.S.extend.encrypt converse.min.js?s=1386885805:142 ChatBox.Backbone.Model.extend.getSession converse.min.js?s=1386885805:142 ChatBox.Backbone.Model.extend.initiateOTR converse.min.js?s=1386885805:142 ChatBoxView.Backbone.View.extend.startOTRFromToolbar converse.min.js?s=1386885805:142 v.event.dispatch jquery.min.js?s=1371395453:2 o.handle.u

[priyadi]

Hi,

What browser and OS did you use?

[rvboris]

Ubuntu x64, Google Chrome latest

[jcbrand]

@rvboris Can you please check whether you get this problem with standalone converse.js? You can test at https://conversejs.org

If so, this ticket should ideally be logged at https://github.com/jcbrand/converse.js

[jseidl]

I can confirm this issue on ubuntu x64 firefox and chrome browsers. cant test on converse.js because my server isnt public facing. I'll try to create a free account somewhere to test it.

[jseidl]

I've created an account at macjabber.com and tested it. It seems to work since it generated the private key and my other endpoint received the OTR request, but this endpoint hasn't the OTR plugin (Empathy)

I've also disabled all other plugins to eliminate the possibility of plugin conflicts.

Tested on a Win7 with Chrome, same problem.

Tried to debug myself but I don't know which function called concat()

The problem seems to be on this snippet of CryptoJS

           concat: function (e) {
                var t = this.words,
                    n = e.words, /** <-- where error occurs, e is undefined **/

[jseidl]

Ok. I've traced it out.

Problem is here: js/converse.js.min

getSession() function expects u.connection.pass but there's none. Still cant find where it should be populated

I've confirmed that that's the issue by doing this dumb "patch"

        getSession: function () {
            var e = window.sessionStorage[hex_sha1(this.id + "priv_key")],
                t = window.sessionStorage[hex_sha1(this.id + "instance_tag")],
                i = CryptoJS.lib.PasswordBasedCipher,
                s = 'somedummypass'//u.connection.pass,
                o = this.get("pass_check"),
                a, f; 
            if (e && t && typeof o != "undefined") {
                var l = i.decrypt(CryptoJS.algo.AES, e, s);
                f = r.parsePrivate(l.toString(CryptoJS.enc.Latin1));
                if (i.decrypt(CryptoJS.algo.AES, o, s).toString(CryptoJS.enc.Latin1) === "match") return this.trigger("showHelpMessages", [v("Re-establishing encrypted session")]), {
                    key: f,
                    instance_tag: t
                }     
            }     

Everything started working well. I think that because we kind auto-login, this field never gets to be populated, so we need to get from $args['pass'] and populate it somehow.

[jseidl]

Well, that screwed a little, I had to modify slightly by setting u.connection.pass to something

        getSession: function () {
            u.connection.pass = 'somedummypass'; // ugly hack
            var e = window.sessionStorage[hex_sha1(this.id + "priv_key")],
                t = window.sessionStorage[hex_sha1(this.id + "instance_tag")],
                i = CryptoJS.lib.PasswordBasedCipher,
                s = u.connection.pass,
                o = this.get("pass_check"),
                a, f;
            if (e && t && typeof o != "undefined") {
                var l = i.decrypt(CryptoJS.algo.AES, e, s);
                f = r.parsePrivate(l.toString(CryptoJS.enc.Latin1));
                if (i.decrypt(CryptoJS.algo.AES, o, s).toString(CryptoJS.enc.Latin1) === "match") return this.trigger("showHelpMessages", [v("Re-establishing encrypted session")]), {
                    key: f,
                    instance_tag: t
                }
            }

Everything works. Key generation, encryption negotiation, encrypted chat. SMP verification ALMOST works. User receives confirmation and then disconnects. This screws up all further sessions. Still dunno whats happening there. Haven't tested on converse.js website

[jseidl]

Well, that screws up SMP because as I've hardcoded the pass, it cannot reconnect.

So... u.connection.pass just get dereferenced somewhere..

[priyadi]

@jseidl can you open an issue or a pull request to upstream at https://github.com/jcbrand/converse.js?

[jseidl]

Still haven't confirmed if its a plain converse.js issue or integration between roundcube and converse.js

[jseidl]

Turned out it was a converse.js issue. Fixed and opened issue on converse.js

[priyadi]

For reference, issue in question is https://github.com/jcbrand/converse.js/issues/111

Closing this because this is being fixed converse.js