From 31d601b2a68cea6498e72c7ee0ac80b89695a1fd Mon Sep 17 00:00:00 2001
From: "Ryan X. Charles" <ryan@bitpay.com>
Date: Sun, 8 Jun 2014 12:59:48 -0700
Subject: [PATCH] initial work replacing symmetric shared secret with ECIES

---
 js/models/core/PrivateKey.js    | 18 ++++++++++++++---
 js/models/core/Wallet.js        | 22 ++++++++++-----------
 js/models/core/WalletFactory.js |  3 ++-
 js/models/network/WebRTC.js     | 35 +++++++++++++++++++++++++--------
 4 files changed, 55 insertions(+), 23 deletions(-)

diff --git a/js/models/core/PrivateKey.js b/js/models/core/PrivateKey.js
index 1efe93694..09411ab05 100644
--- a/js/models/core/PrivateKey.js
+++ b/js/models/core/PrivateKey.js
@@ -20,13 +20,25 @@ function PrivateKey(opts) {
 
 PrivateKey.prototype.getId = function() {
   if (!this.id) {
-    var path = Structure.IdFullBranch;
-    var idhk = this.bip.derive(path);
-    this.id= idhk.eckey.public.toString('hex');
+    this.cacheId();
   }
   return this.id;
 };
 
+PrivateKey.prototype.getIdPriv = function() {
+  if (!this.idpriv) {
+    this.cacheId();
+  }
+  return this.idpriv;
+};
+
+PrivateKey.prototype.cacheId = function() {
+  var path = Structure.IdFullBranch;
+  var idhk = this.bip.derive(path);
+  this.id = idhk.eckey.public.toString('hex');
+  this.idpriv = idhk.eckey.private.toString('hex');
+};
+
 PrivateKey.prototype.deriveBIP45Branch = function() {
   if (!this.bip45Branch) {
     this.bip45Branch = this.bip.derive(Structure.BIP45_PUBLIC_PREFIX);
diff --git a/js/models/core/Wallet.js b/js/models/core/Wallet.js
index 98a19d416..58fc1249b 100644
--- a/js/models/core/Wallet.js
+++ b/js/models/core/Wallet.js
@@ -38,7 +38,7 @@ function Wallet(opts) {
 
   this.id = opts.id || Wallet.getRandomId();
   this.name = opts.name;
-  this.netKey = opts.netKey || SecureRandom.getRandomBuffer(8).toString('base64');
+  //this.netKey = opts.netKey || SecureRandom.getRandomBuffer(8).toString('base64');
 
   // Renew token every 24hs
   if (opts.tokenTime && new Date().getTime() - opts.tokenTime < 86400000) {
@@ -216,7 +216,7 @@ Wallet.prototype._optsToObj = function() {
     requiredCopayers: this.requiredCopayers,
     totalCopayers: this.totalCopayers,
     name: this.name,
-    netKey: this.netKey,
+    //netKey: this.netKey,
     version: this.version,
   };
 
@@ -240,21 +240,21 @@ Wallet.prototype.getMyCopayerId = function() {
 
 
 Wallet.prototype.getSecret = function() {
-  var i = new Buffer(this.getMyCopayerId(), 'hex');
-  var k = new Buffer(this.netKey, 'base64');
-  var b = Buffer.concat([i, k]);
-  var str = Base58Check.encode(b);
+  var pubkeybuf = new Buffer(this.getMyCopayerId(), 'hex');
+  //var k = new Buffer(this.netKey, 'base64');
+  //var b = Buffer.concat([i, k]);
+  var str = Base58Check.encode(pubkeybuf);
   return str;
 };
 
 
 Wallet.decodeSecret = function(secretB) {
   var secret = Base58Check.decode(secretB);
-  var netKeyBuf = secret.slice(-8);
+  //var netKeyBuf = secret.slice(-8);
   var pubKeyBuf = secret.slice(0, 33);
   return {
-    pubKey: pubKeyBuf.toString('hex'),
-    netKey: netKeyBuf.toString('base64'),
+    pubKey: pubKeyBuf.toString('hex')//,
+    //netKey: netKeyBuf.toString('base64'),
   }
 };
 
@@ -280,8 +280,8 @@ Wallet.prototype.netStart = function() {
   var startOpts = {
     copayerId: myId,
     token: self.token,
-    maxPeers: self.totalCopayers,
-    netKey: this.netKey,
+    maxPeers: self.totalCopayers//,
+    //netKey: this.netKey,
   };
 
   if (this.publicKeyRing.isComplete()) {
diff --git a/js/models/core/WalletFactory.js b/js/models/core/WalletFactory.js
index 28f3454f2..02c67dc70 100644
--- a/js/models/core/WalletFactory.js
+++ b/js/models/core/WalletFactory.js
@@ -220,7 +220,8 @@ WalletFactory.prototype.joinCreateSession = function(secret, nickname, passphras
   this.log('\t### PrivateKey Initialized');
   var opts = {
     copayerId: privateKey.getId(),
-    netKey: s.netKey,
+    //netKey: s.netKey,
+    privkey: privateKey.getIdPriv()
   };
   self.network.cleanUp();
   self.network.start(opts, function() {
diff --git a/js/models/network/WebRTC.js b/js/models/network/WebRTC.js
index fad273b1f..715f74d78 100644
--- a/js/models/network/WebRTC.js
+++ b/js/models/network/WebRTC.js
@@ -43,7 +43,8 @@ Network.prototype.cleanUp = function() {
   this.started = false;
   this.connectedPeers = [];
   this.peerId = null;
-  this.netKey = null;
+  //this.netKey = null;
+  this.privkey = null; //TODO: hide privkey in a closure
   this.copayerId = null;
   this.signingKey = null;
   this.allowedCopayerIds=null;
@@ -150,11 +151,14 @@ Network.prototype._addConnectedCopayer = function(copayerId, isInbound) {
   this.emit('connect', copayerId);
 };
 
-Network.prototype._onData = function(encStr, isInbound, peerId) {
+Network.prototype._onData = function(enchex, isInbound, peerId) {
   var sig, payload;
+  var encbuf = new Buffer(enchex, 'hex');
+
+  var privkey = this.privkey;
 
   try { 
-    var data = this._decrypt(encStr);
+    var data = this._decrypt(privkey, encbuf);
     payload=  JSON.parse(data);
   } catch (e) {
     this._deletePeer(peerId);
@@ -300,7 +304,8 @@ Network.prototype.start = function(opts, openCallback) {
 
   if (this.started) return openCallback();
 
-  this.netKey = opts.netKey;
+  //this.netKey = opts.netKey;
+  this.privkey = opts.privkey;
   this.maxPeers = opts.maxPeers || this.maxPeers;
 
   if (opts.token)
@@ -344,7 +349,11 @@ Network.prototype.getPeer = function() {
   return this.peer;
 };
 
-Network.prototype._encrypt = function(payloadStr) {
+Network.prototype._encrypt = function(pubkey, payload) {
+  var encrypted = bitcore.ECIES.encrypt(pubkey, payload);
+  return encrypted;
+
+  /*
   var plainText = sjcl.codec.utf8String.toBits(payloadStr);
   var p = this.sjclParams;    
   ct = sjcl.encrypt(this.netKey, plainText, p);//,p, rp);
@@ -354,10 +363,15 @@ Network.prototype._encrypt = function(payloadStr) {
     ct: c.ct,
   };
   return JSON.stringify(toSend);
+  */
 };
 
 
-Network.prototype._decrypt = function(encStr) {
+Network.prototype._decrypt = function(privkey, encrypted) {
+  var decrypted = bitcore.ECIES.decrypt(privkey, encrypted);
+  return decrypted;
+
+  /*
   var i = JSON.parse(encStr);
   for (var k in this.sjclParams) {
     i[k] = this.sjclParams[k];
@@ -365,6 +379,7 @@ Network.prototype._decrypt = function(encStr) {
   var str= JSON.stringify(i);
   var pt = sjcl.decrypt(this.netKey, str);
   return pt;
+  */
 };
 
 Network.prototype._sendToOne = function(copayerId, payload, sig, cb) {
@@ -379,7 +394,8 @@ Network.prototype._sendToOne = function(copayerId, payload, sig, cb) {
 };
 
 Network.prototype.send = function(copayerIds, payload, cb) {
-  if (!payload || !this.netKey) return cb();
+  //if (!payload || !this.netKey) return cb();
+  if (!payload) return cb();
 
   var self=this;
   if (!copayerIds) {
@@ -389,11 +405,14 @@ Network.prototype.send = function(copayerIds, payload, cb) {
 
   var sig;
   var payloadStr = JSON.stringify(payload);
-  var encPayload = this._encrypt(payloadStr);
+  var payloadBuf = new Buffer(payloadStr);
+  //var encPayload = this._encrypt(payloadStr);
   if (Array.isArray(copayerIds)) {
     var l = copayerIds.length;
     var i = 0;
     copayerIds.forEach(function(copayerId) {
+      var copayerIdBuf = new Buffer(copayerId, 'hex');
+      var encPayload = self._encrypt(copayerIdBuf, payloadBuf);
       self._sendToOne(copayerId, encPayload, sig, function () {
         if (++i === l && typeof cb === 'function') cb();
       });