Commit 5a543e13 authored by sajolida's avatar sajolida
Browse files

Prototype verification on page instead of in extension

parent 51e46a81
document.addEventListener("DOMContentLoaded", function() {
window.addEventListener("message", receiveMessage);
function receiveMessage(event) {
if (event.source !== window || event.origin !== "https://tails.boum.org" || !event.data) {
return;
}
if (event.data.action === "verifying") {
showVerifyingDownload(event.data.fileName);
}
else if (event.data.action === "verification-failed") {
showVerificationResult("failed");
}
else if (event.data.action === "verification-failed-again") {
showVerificationResult("failed-again");
}
else if (event.data.action === "verification-success") {
showVerificationResult("successful");
}
else if (event.data.action === "progress") {
showVerificationProgress(event.data.percentage);
}
else if (event.data.action === "extension-installed") {
if (document.documentElement.dataset.extension === "up-to-date") {
showVerifyDownload();
}
else if (document.documentElement.dataset.extension === "outdated") {
showUpdateExtension();
}
}
}
// Display floating-toggleable-links to prevent people without JS to
// either always see the toggles or have broken toggle links.
function showFloatingToggleableLinks() {
......@@ -196,19 +165,8 @@ document.addEventListener("DOMContentLoaded", function() {
hide(document.getElementById("verification-successful"));
hide(document.getElementById("verification-failed"));
hide(document.getElementById("verification-failed-again"));
toggleContinueLink("direct", "skip-verification-direct");
}
function showUpdateExtension() {
hide(document.getElementById("verification"));
hide(document.getElementById("install-extension"));
show(document.getElementById("update-extension"));
}
function showVerifyDownload() {
hide(document.getElementById("install-extension"));
hide(document.getElementById("update-extension"));
show(document.getElementById("verification"));
toggleContinueLink("direct", "skip-verification-direct");
}
function showVerifyingDownload(filename) {
......@@ -227,7 +185,7 @@ document.addEventListener("DOMContentLoaded", function() {
function showVerificationResult(result) {
toggleDirectBitTorrent("direct");
showVerifyDownload();
show(document.getElementById("verification"));
hide(document.getElementById("verify-download-wrapper"));
resetVerificationResult();
hitCounter(result);
......@@ -280,10 +238,10 @@ document.addEventListener("DOMContentLoaded", function() {
opaque(document.getElementById("continue-link-bittorrent"));
// Display "Verify with your browser" when image is clicked
document.getElementById("download-img").onclick = function(e) { displayVerificationExtension(e, this); }
document.getElementById("download-iso").onclick = function(e) { displayVerificationExtension(e, this); }
document.getElementById("download-img").onclick = function(e) { displayVerification(e, this); }
document.getElementById("download-iso").onclick = function(e) { displayVerification(e, this); }
function displayVerificationExtension(e, elm) {
function displayVerification(e, elm) {
try {
e.preventDefault();
hitCounter("download-image");
......@@ -335,10 +293,17 @@ document.addEventListener("DOMContentLoaded", function() {
}
}
// Right-after installing on Chrome, display the "Verify Tails..."
if (window.location.hash === "#chrome-installation") {
toggleDirectBitTorrent("direct");
showVerifyDownload();
// Trigger verification when file is chosen
document.getElementById("verify-download").onchange = function(e) { verifyFile(e, this); }
function verifyFile(e, elm) {
file = elm.files[0]
// XXX: Cannot open file
showVerifyingDownload(file.name);
showVerificationProgress(50);
setTimeout(function(){ showVerificationResult("failed"); }, 2500);
setTimeout(function(){ showVerificationResult("failed-again"); }, 5000);
setTimeout(function(){ showVerificationResult("successful"); }, 7500);
}
// To debug the display of the different states:
......
<div id="activate-tails-verification"></div> <!-- Needed to activate the verification extension -->
<div id="extension-version">2.4</div> <!-- Minimum version of the extension -->
<div id="tails-version">[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</div>
<h1 class="usb upgrade dvd vm">Download Tails [[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</h1>
......@@ -58,27 +56,17 @@ were solved, and known issues that have already been identified.</p>
<li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
<a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
</ul>
<p>[[How does the extension work?|contribute/design/verification_extension]]</p>
<p>[[How does the verification work?|contribute/design/verification_extension]]</p>
"""]]
</div>
<p>Our browser extension makes it quick and easy.</p>
</div>
<div id="install-extension" class="indent">
<a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn supported-browser firefox btn btn-primary inline-block">Install <u>Tails Verification</u> extension</a>
<a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn supported-browser chrome btn btn-primary inline-block" target="_blank">Install <u>Tails Verification</u> extension</a>
<div id="verification" class="indent block">
<div class="no-js">
<p>You seem to have JavaScript disabled. To use our browser
extension, please allow all this page:</p>
<p>You seem to have JavaScript disabled. To use the
verification in the browser,
please allow all this page:</p>
[[!img screenshots/allow_js.png link="no"]]
</div>
</div>
<div id="update-extension" class="indent block">
<p>Your extension is an older version.</p>
<a href="https://addons.mozilla.org/firefox/downloads/latest/tails-verification/addon-tails-verification-latest.xpi" class="install-extension-btn firefox btn btn-primary inline-block">Update extension</a>
<a href="https://chrome.google.com/webstore/detail/tails-verification/gaghffbplpialpoeclgjkkbknblfajdl" class="install-extension-btn chrome btn btn-primary inline-block" target="_blank">Update extension</a>
</div>
<div id="verification" class="indent block">
<p id="extension-installed" class="block"><u>Tails Verification</u> extension installed!</p>
<label id="verify-download-wrapper" class="btn btn-primary inline-block">
Verify Tails <span class="remove-extra-space">&nbsp;[[!inline pages="inc/stable_amd64_version" raw="yes" sort="age"]]</span>&hellip;
<input id="verify-download" type="file"/>
......@@ -109,7 +97,7 @@ were solved, and known issues that have already been identified.</p>
<p>Downloading again is usually enough to fix this
problem.</p>
<p>[[How does the extension work?|contribute/design/verification_extension]]</p>
<p>[[How does the verification work?|contribute/design/verification_extension]]</p>
"""]]
</div>
<p class="usb upgrade download-only-img"><a href="[[!inline pages="inc/stable_amd64_img_url" raw="yes" sort="age"]]" id="download-img-again" class="use-mirror-pool-on-retry">Please try to download again&hellip;</a></p>
......@@ -123,7 +111,7 @@ were solved, and known issues that have already been identified.</p>
[[!toggle id="why-failed-again" text="X"]]
<p>The verification might have failed again because of:</p>
<ul>
<li>A software problem in our verification extension</li>
<li>A software problem in our verification code</li>
<li>A malicious download from our download mirrors</li>
<li>A network attack in your country or local network</li>
</ul>
......@@ -227,10 +215,9 @@ were solved, and known issues that have already been identified.</p>
<li>Get hacked while using Tails if your download is modified on the fly by an attacker on the network.<br/>
<a href="https://en.wikipedia.org/wiki/DigiNotar">This is possible for strong adversaries.</a></li>
</ul>
<p>[[How does the extension work?|contribute/design/verification_extension]]</p>
<p>[[How does the verification work?|contribute/design/verification_extension]]</p>
"""]]
</div>
<p>Our browser extension for Firefox, Chrome, and Tor Browser makes this quick and easy.</p>
</div>
<p>Copy and paste this link in Firefox, Chrome, or Tor Browser:</p>
<p class="windows"><code>https://tails.boum.org/install/win/usb-download/</code></p>
......@@ -345,7 +332,7 @@ were solved, and known issues that have already been identified.</p>
<h2>Verify using OpenPGP (optional)</h2>
<p>If you know OpenPGP, you can also verify your download using an
OpenPGP signature instead of, or in addition to, our browser extension or
OpenPGP signature instead of, or in addition to, our verification in the browser or
BitTorrent.</p>
<p>Download the
......@@ -575,12 +562,12 @@ individuals.</p>
[[!toggleable id="web-of-trust" text="""
<span class="hide">[[!toggle id="web-of-trust" text=""]]</span>
<p>The verification techniques that we present (browser extension,
<p>The verification techniques that we present (verification in the browser,
BitTorrent, or OpenPGP verification) all rely on some
information being securely downloaded using HTTPS from our website:</p>
<ul>
<li>The <em>checksum</em> for the Firefox extension</li>
<li>The <em>checksum</em> for the verification in the browser</li>
<li>The <em>Torrent file</em> for BitTorrent</li>
<li>The <em>Tails signing key</em> for OpenPGP verification</li>
</ul>
......
......@@ -15,7 +15,6 @@ h1 {
}
#skip-verification-direct,
#verification,
#update-extension,
#verifying-download,
#verification-successful,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment