2016-10-25 04:16:47 +02:00
|
|
|
function CryptoService(constantsService) {
|
|
|
|
|
this.constantsService = constantsService;
|
2016-09-04 06:34:24 +02:00
|
|
|
initCryptoService();
|
2016-09-03 06:03:13 +02:00
|
|
|
};
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-09-04 06:34:24 +02:00
|
|
|
function initCryptoService() {
|
2016-09-03 06:03:13 +02:00
|
|
|
var _key,
|
|
|
|
|
_b64Key,
|
2016-10-25 04:16:47 +02:00
|
|
|
_keyHash,
|
|
|
|
|
_b64KeyHash,
|
2017-01-13 05:57:56 +01:00
|
|
|
_encKey,
|
|
|
|
|
_macKey;
|
2016-09-05 07:49:44 +02:00
|
|
|
|
2016-09-03 06:03:13 +02:00
|
|
|
CryptoService.prototype.setKey = function (key, callback) {
|
2016-09-02 06:50:57 +02:00
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
var self = this;
|
2016-09-02 06:50:57 +02:00
|
|
|
_key = key;
|
2016-10-25 04:16:47 +02:00
|
|
|
|
|
|
|
|
chrome.storage.local.get(self.constantsService.lockOptionKey, function (obj) {
|
|
|
|
|
if (obj && (obj[self.constantsService.lockOptionKey] || obj[self.constantsService.lockOptionKey] === 0)) {
|
|
|
|
|
// if we have a lock option set, we do not store the key
|
|
|
|
|
callback();
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
chrome.storage.local.set({
|
2017-01-13 05:57:56 +01:00
|
|
|
'key': forge.util.encode64(key)
|
2016-10-25 04:16:47 +02:00
|
|
|
}, function () {
|
|
|
|
|
callback();
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
CryptoService.prototype.setKeyHash = function (keyHash, callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
_keyHash = forge.util.encode64(keyHash);
|
2016-10-25 04:16:47 +02:00
|
|
|
|
2016-09-02 06:50:57 +02:00
|
|
|
chrome.storage.local.set({
|
2016-10-25 04:16:47 +02:00
|
|
|
'keyHash': keyHash
|
2016-09-02 06:50:57 +02:00
|
|
|
}, function () {
|
|
|
|
|
callback();
|
|
|
|
|
});
|
2016-09-03 06:03:13 +02:00
|
|
|
}
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-09-03 06:03:13 +02:00
|
|
|
CryptoService.prototype.getKey = function (b64, callback) {
|
2016-09-02 06:50:57 +02:00
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (b64 && b64 === true && _b64Key) {
|
2016-10-25 04:16:47 +02:00
|
|
|
callback(_b64Key);
|
|
|
|
|
return;
|
2016-09-02 06:50:57 +02:00
|
|
|
}
|
|
|
|
|
else if (!b64 && _key) {
|
2016-10-25 04:16:47 +02:00
|
|
|
callback(_key);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
else if (b64 && b64 === true && _key && !_b64Key) {
|
2017-01-13 05:57:56 +01:00
|
|
|
_b64Key = forge.util.encode64(_key);
|
2016-10-25 04:16:47 +02:00
|
|
|
callback(_b64Key);
|
|
|
|
|
return;
|
2016-09-02 06:50:57 +02:00
|
|
|
}
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
var self = this;
|
|
|
|
|
chrome.storage.local.get(self.constantsService.lockOptionKey, function (obj) {
|
|
|
|
|
if (obj && (obj[self.constantsService.lockOptionKey] || obj[self.constantsService.lockOptionKey] === 0)) {
|
|
|
|
|
// if we have a lock option set, we do not try to fetch the storage key since it should not even be there
|
|
|
|
|
callback(null);
|
|
|
|
|
return;
|
2016-09-02 06:50:57 +02:00
|
|
|
}
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
chrome.storage.local.get('key', function (obj) {
|
|
|
|
|
if (obj && obj.key) {
|
2017-01-13 05:57:56 +01:00
|
|
|
_key = forge.util.decode64(obj.key);
|
2016-10-25 04:16:47 +02:00
|
|
|
|
|
|
|
|
if (b64 && b64 === true) {
|
|
|
|
|
_b64Key = obj.key;
|
|
|
|
|
callback(_b64Key);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
callback(_key);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-12-10 16:33:58 +01:00
|
|
|
CryptoService.prototype.getEncKey = function (callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
if (_encKey) {
|
|
|
|
|
callback(_encKey);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-10 16:33:58 +01:00
|
|
|
this.getKey(false, function (key) {
|
2017-01-13 05:57:56 +01:00
|
|
|
var buffer = forge.util.createBuffer(key);
|
|
|
|
|
_encKey = buffer.getBytes(16);
|
|
|
|
|
callback(_encKey);
|
2016-12-10 16:33:58 +01:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
CryptoService.prototype.getMacKey = function (callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
if (_macKey) {
|
|
|
|
|
callback(_macKey);
|
|
|
|
|
}
|
|
|
|
|
|
2016-12-10 16:33:58 +01:00
|
|
|
this.getKey(false, function (key) {
|
2017-01-13 05:57:56 +01:00
|
|
|
var buffer = forge.util.createBuffer(key);
|
|
|
|
|
buffer.getBytes(16);
|
|
|
|
|
_macKey = buffer.getBytes(16);
|
|
|
|
|
callback(_macKey);
|
2016-12-10 16:33:58 +01:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
CryptoService.prototype.getKeyHash = function (b64, callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (b64 && b64 === true && _b64KeyHash) {
|
|
|
|
|
callback(_b64KeyHash);
|
2017-04-12 14:45:31 +02:00
|
|
|
return;
|
2016-10-25 04:16:47 +02:00
|
|
|
}
|
|
|
|
|
else if (!b64 && _keyHash) {
|
|
|
|
|
callback(_keyHash);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
else if (b64 && b64 === true && _keyHash && !_b64KeyHash) {
|
2017-01-13 05:57:56 +01:00
|
|
|
_b64KeyHash = forge.util.encode64(_keyHash);
|
2016-10-25 04:16:47 +02:00
|
|
|
callback(_b64KeyHash);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
chrome.storage.local.get('keyHash', function (obj) {
|
|
|
|
|
if (obj && obj.keyHash) {
|
2017-01-13 05:57:56 +01:00
|
|
|
_keyHash = forge.util.decode64(obj.keyHash);
|
2016-10-25 04:16:47 +02:00
|
|
|
|
|
|
|
|
if (b64 && b64 === true) {
|
|
|
|
|
_b64KeyHash = obj.keyHash;
|
|
|
|
|
callback(_b64KeyHash);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2016-09-02 06:50:57 +02:00
|
|
|
}
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
callback(_keyHash);
|
2016-09-02 06:50:57 +02:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-09-03 06:03:13 +02:00
|
|
|
CryptoService.prototype.clearKey = function (callback) {
|
2016-09-02 06:50:57 +02:00
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
_key = _b64Key = _macKey = _encKey = null;
|
2016-09-02 06:50:57 +02:00
|
|
|
chrome.storage.local.remove('key', function () {
|
|
|
|
|
callback();
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-25 04:16:47 +02:00
|
|
|
CryptoService.prototype.clearKeyHash = function (callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_keyHash = _b64KeyHash = null;
|
|
|
|
|
chrome.storage.local.remove('keyHash', function () {
|
|
|
|
|
callback();
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
CryptoService.prototype.toggleKey = function (callback) {
|
|
|
|
|
if (!callback || typeof callback !== 'function') {
|
|
|
|
|
throw 'callback function required';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var self = this;
|
|
|
|
|
self.getKey(false, function (key) {
|
|
|
|
|
chrome.storage.local.get(self.constantsService.lockOptionKey, function (obj) {
|
|
|
|
|
if (obj && (obj[self.constantsService.lockOptionKey] || obj[self.constantsService.lockOptionKey] === 0)) {
|
|
|
|
|
// if we have a lock option set, clear the key
|
|
|
|
|
self.clearKey(function () {
|
|
|
|
|
_key = key;
|
|
|
|
|
callback();
|
|
|
|
|
return;
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
// no lock option, so store the current key
|
|
|
|
|
self.setKey(key, function () {
|
|
|
|
|
callback();
|
|
|
|
|
return;
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-09-03 06:03:13 +02:00
|
|
|
CryptoService.prototype.makeKey = function (password, salt, b64) {
|
2017-02-16 01:02:55 +01:00
|
|
|
var key = forge.pbkdf2(forge.util.encodeUtf8(password), forge.util.encodeUtf8(salt),
|
|
|
|
|
5000, 256 / 8, 'sha256');
|
2016-09-02 06:50:57 +02:00
|
|
|
|
|
|
|
|
if (b64 && b64 === true) {
|
2017-01-13 05:57:56 +01:00
|
|
|
return forge.util.encode64(key);
|
2016-09-02 06:50:57 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return key;
|
|
|
|
|
};
|
|
|
|
|
|
2016-09-05 06:03:49 +02:00
|
|
|
CryptoService.prototype.hashPassword = function (password, key, callback) {
|
|
|
|
|
this.getKey(false, function (storedKey) {
|
|
|
|
|
if (!key) {
|
|
|
|
|
key = storedKey;
|
|
|
|
|
}
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-09-05 06:03:49 +02:00
|
|
|
if (!password || !key) {
|
|
|
|
|
throw 'Invalid parameters.';
|
|
|
|
|
}
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2017-02-16 01:02:55 +01:00
|
|
|
var hashBits = forge.pbkdf2(key, forge.util.encodeUtf8(password), 1, 256 / 8, 'sha256');
|
2017-01-13 05:57:56 +01:00
|
|
|
callback(forge.util.encode64(hashBits));
|
2016-12-10 16:33:58 +01:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-09-17 05:47:50 +02:00
|
|
|
CryptoService.prototype.encrypt = function (plaintextValue) {
|
2016-12-10 16:33:58 +01:00
|
|
|
var self = this;
|
2016-09-17 05:47:50 +02:00
|
|
|
var deferred = Q.defer();
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-09-05 07:49:44 +02:00
|
|
|
if (plaintextValue === null || plaintextValue === undefined) {
|
2016-09-17 05:47:50 +02:00
|
|
|
deferred.resolve(null);
|
|
|
|
|
}
|
|
|
|
|
else {
|
2016-12-10 16:33:58 +01:00
|
|
|
self.getKey(false, function (key) {
|
|
|
|
|
self.getEncKey(function (theEncKey) {
|
|
|
|
|
self.getMacKey(function (macKey) {
|
|
|
|
|
if (!key || !theEncKey || !macKey) {
|
|
|
|
|
throw 'Encryption key unavailable.';
|
|
|
|
|
}
|
2016-09-17 05:47:50 +02:00
|
|
|
|
2016-12-10 16:33:58 +01:00
|
|
|
// TODO: Turn on whenever ready to support encrypt-then-mac
|
|
|
|
|
var encKey = false ? theEncKey : key;
|
2016-09-17 05:47:50 +02:00
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
var buffer = forge.util.createBuffer(plaintextValue, 'utf8');
|
|
|
|
|
var ivBytes = forge.random.getBytesSync(16);
|
|
|
|
|
var cipher = forge.cipher.createCipher('AES-CBC', encKey);
|
|
|
|
|
cipher.start({ iv: ivBytes });
|
|
|
|
|
cipher.update(buffer);
|
|
|
|
|
cipher.finish();
|
2016-12-10 16:33:58 +01:00
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
var iv = forge.util.encode64(ivBytes);
|
|
|
|
|
var ctBytes = cipher.output.getBytes();
|
|
|
|
|
var ct = forge.util.encode64(ctBytes);
|
2016-12-10 16:33:58 +01:00
|
|
|
var cipherString = iv + '|' + ct;
|
|
|
|
|
|
|
|
|
|
// TODO: Turn on whenever ready to support encrypt-then-mac
|
|
|
|
|
if (false) {
|
2017-01-13 05:57:56 +01:00
|
|
|
var mac = computeMac(ctBytes, ivBytes, macKey);
|
2016-12-10 16:33:58 +01:00
|
|
|
cipherString = cipherString + '|' + mac;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var cs = new CipherString(cipherString);
|
|
|
|
|
deferred.resolve(cs);
|
|
|
|
|
});
|
|
|
|
|
});
|
2016-09-17 05:47:50 +02:00
|
|
|
});
|
2016-09-05 07:49:44 +02:00
|
|
|
}
|
|
|
|
|
|
2016-09-17 05:47:50 +02:00
|
|
|
return deferred.promise;
|
2016-09-02 06:50:57 +02:00
|
|
|
};
|
|
|
|
|
|
2016-09-17 05:47:50 +02:00
|
|
|
CryptoService.prototype.decrypt = function (cipherString) {
|
|
|
|
|
var deferred = Q.defer();
|
2016-12-10 16:33:58 +01:00
|
|
|
var self = this;
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-09-05 17:05:27 +02:00
|
|
|
if (cipherString === null || cipherString === undefined || !cipherString.encryptedString) {
|
2016-09-05 07:49:44 +02:00
|
|
|
throw 'cannot decrypt nothing';
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 05:57:56 +01:00
|
|
|
self.getKey(false, function (key) {
|
|
|
|
|
self.getEncKey(function (theEncKey) {
|
|
|
|
|
self.getMacKey(function (macKey) {
|
|
|
|
|
if (!macKey) {
|
|
|
|
|
throw 'MAC key unavailable.';
|
2016-12-10 16:33:58 +01:00
|
|
|
}
|
|
|
|
|
|
2017-01-13 06:22:42 +01:00
|
|
|
var ivBytes = forge.util.decode64(cipherString.initializationVector);
|
|
|
|
|
var ctBytes = forge.util.decode64(cipherString.cipherText);
|
2016-09-02 06:50:57 +02:00
|
|
|
|
2016-12-10 16:33:58 +01:00
|
|
|
var computedMac = null;
|
|
|
|
|
if (cipherString.mac) {
|
2017-01-13 06:22:42 +01:00
|
|
|
computedMac = computeMac(ctBytes, ivBytes, macKey);
|
2016-12-10 16:33:58 +01:00
|
|
|
if (computedMac !== cipherString.mac) {
|
|
|
|
|
console.error('MAC failed.');
|
|
|
|
|
deferred.reject('MAC failed.');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-13 06:22:42 +01:00
|
|
|
var ctBuffer = forge.util.createBuffer(ctBytes);
|
2017-01-13 05:57:56 +01:00
|
|
|
var decipher = forge.cipher.createDecipher('AES-CBC', computedMac ? theEncKey : key);
|
2017-01-13 06:22:42 +01:00
|
|
|
decipher.start({ iv: ivBytes });
|
2017-01-13 05:57:56 +01:00
|
|
|
decipher.update(ctBuffer);
|
|
|
|
|
decipher.finish();
|
|
|
|
|
|
|
|
|
|
var decValue = decipher.output.toString('utf8');
|
2016-12-10 16:33:58 +01:00
|
|
|
deferred.resolve(decValue);
|
|
|
|
|
});
|
|
|
|
|
});
|
2016-09-04 06:34:24 +02:00
|
|
|
});
|
2016-09-17 05:47:50 +02:00
|
|
|
|
|
|
|
|
return deferred.promise;
|
2016-09-02 06:50:57 +02:00
|
|
|
};
|
2016-12-10 16:33:58 +01:00
|
|
|
|
|
|
|
|
function computeMac(ct, iv, macKey) {
|
2017-01-13 05:57:56 +01:00
|
|
|
var hmac = forge.hmac.create();
|
|
|
|
|
hmac.start('sha256', macKey);
|
2017-01-13 06:22:42 +01:00
|
|
|
hmac.update(iv + ct);
|
2017-01-13 05:57:56 +01:00
|
|
|
var mac = hmac.digest();
|
2017-01-13 06:22:42 +01:00
|
|
|
return forge.util.encode64(mac.getBytes());
|
2016-12-10 16:33:58 +01:00
|
|
|
}
|
2016-09-04 06:34:24 +02:00
|
|
|
};
|
