Merge branch 'security' into e2ee-dev

client/src/builtin/E2EE.js

@@ -190,6 +190,29 @@ export default new class E2EE extends BuiltinModule {
         if (!this._ecdh) this._ecdh = {};
         return this._ecdh;
     }
+    
+    get ecdh() {
+        if (!this._ecdh) this._ecdh = {};
+        return this._ecdh;
+    }
+
+    createKeyExchange(userID) {
+        this.ecdh[userID] = crypto.createECDH('secp521r1');
+        return this.ecdh[userID].generateKeys('base64');
+    }
+
+    publicKeyFor(userID) {
+        return this.ecdh[userID].getPublicKey('base64');
+    }
+
+    computeSecret(userID, otherKey) {
+        const secret = this.ecdh[userID].computeSecret(otherKey, 'base64', 'base64');
+        delete this.ecdh[userID];
+        // Hashing the shared secret future-proofs against some possible attacks.
+        const hash = crypto.createHash('sha256');
+        hash.update(secret);
+        return hash.digest('base64');
+    }
 
     createKeyExchange(userID) {
         this.ecdh[userID] = crypto.createECDH('secp521r1');

client/webpack.config.js

@@ -37,6 +37,7 @@ module.exports = {
         util: 'require("util")',
         process: 'require("process")',
         net: 'require("net")',
+        crypto: 'require("crypto")',
         request: 'require(require("path").join(require("electron").remote.app.getAppPath(), "node_modules", "request"))',
         sparkplug: 'require("../../core/dist/sparkplug")',
         crypto: 'require("crypto")'

client/webpack.production.config.js

@@ -38,6 +38,7 @@ module.exports = {
         util: 'require("util")',
         process: 'require("process")',
         net: 'require("net")',
+        crypto: 'require("crypto")',
         request: 'require(require("path").join(require("electron").remote.app.getAppPath(), "node_modules", "request"))',
         sparkplug: 'require("./sparkplug")',
         crypto: 'require("crypto")'