2015-12-09 04:35:05 +01:00
|
|
|
angular
|
|
|
|
.module('bit.services')
|
|
|
|
|
|
|
|
.factory('cryptoService', function ($sessionStorage) {
|
|
|
|
var _service = {},
|
|
|
|
_key,
|
2017-02-21 04:21:14 +01:00
|
|
|
_b64Key,
|
|
|
|
_privateKey;
|
2015-12-09 04:35:05 +01:00
|
|
|
|
|
|
|
_service.setKey = function (key) {
|
|
|
|
_key = key;
|
2017-02-11 19:03:48 +01:00
|
|
|
$sessionStorage.key = forge.util.encode64(key);
|
2015-12-09 04:35:05 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.setPrivateKey = function (privateKey) {
|
|
|
|
_privateKey = privateKey;
|
|
|
|
$sessionStorage.privateKey = forge.util.encode64(privateKey);
|
|
|
|
};
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.getKey = function (b64) {
|
|
|
|
if (b64 && b64 === true && _b64Key) {
|
|
|
|
return _b64Key;
|
|
|
|
}
|
|
|
|
else if (!b64 && _key) {
|
|
|
|
return _key;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($sessionStorage.key) {
|
2017-02-11 19:03:48 +01:00
|
|
|
_key = forge.util.decode64($sessionStorage.key);
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (b64 && b64 === true) {
|
2017-02-11 19:03:48 +01:00
|
|
|
_b64Key = forge.util.encode64(_key);
|
2015-12-09 04:35:05 +01:00
|
|
|
return _b64Key;
|
|
|
|
}
|
|
|
|
|
|
|
|
return _key;
|
|
|
|
};
|
|
|
|
|
2016-12-09 04:21:46 +01:00
|
|
|
_service.getEncKey = function (key) {
|
|
|
|
key = key || _service.getKey();
|
2017-02-11 19:03:48 +01:00
|
|
|
|
|
|
|
var buffer = forge.util.createBuffer(key);
|
|
|
|
return buffer.getBytes(16);
|
2016-12-09 04:21:46 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
_service.getMacKey = function (key) {
|
|
|
|
key = key || _service.getKey();
|
2017-02-11 19:03:48 +01:00
|
|
|
|
|
|
|
var buffer = forge.util.createBuffer(key);
|
|
|
|
buffer.getBytes(16); // skip first half
|
|
|
|
return buffer.getBytes(16);
|
2016-12-09 04:21:46 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.getPrivateKey = function () {
|
|
|
|
if (_privateKey) {
|
|
|
|
return _privateKey;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($sessionStorage.privateKey) {
|
|
|
|
_privateKey = forge.util.decode64($sessionStorage.privateKey);
|
|
|
|
}
|
|
|
|
|
|
|
|
return _privateKey;
|
|
|
|
};
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.clearKey = function () {
|
2017-02-11 19:03:48 +01:00
|
|
|
_key = _b64Key = null;
|
2015-12-09 04:35:05 +01:00
|
|
|
delete $sessionStorage.key;
|
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.clearPrivateKey = function () {
|
|
|
|
_privateKey = null;
|
|
|
|
delete $sessionStorage.privateKey;
|
|
|
|
};
|
|
|
|
|
|
|
|
_service.clearKeys = function () {
|
|
|
|
_service.clearKey();
|
|
|
|
_service.clearPrivateKey();
|
|
|
|
};
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.makeKey = function (password, salt, b64) {
|
2017-02-16 01:03:56 +01:00
|
|
|
var key = forge.pbkdf2(forge.util.encodeUtf8(password), forge.util.encodeUtf8(salt),
|
|
|
|
5000, 256 / 8, 'sha256');
|
2015-12-09 04:35:05 +01:00
|
|
|
|
|
|
|
if (b64 && b64 === true) {
|
2017-02-11 19:03:48 +01:00
|
|
|
return forge.util.encode64(key);
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return key;
|
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.makeKeyPair = function (callback) {
|
|
|
|
forge.pki.rsa.generateKeyPair({ bits: 2048, workers: 2 }, function (error, keypair) {
|
|
|
|
if (error) {
|
|
|
|
callback(null, null, error);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
var privateKey = forge.pki.privateKeyToAsn1(keypair.privateKey);
|
|
|
|
var privateKeyBytes = forge.asn1.toDer(privateKey).getBytes();
|
|
|
|
|
|
|
|
var publicKey = forge.pki.publicKeyToAsn1(keypair.publicKey);
|
|
|
|
var publicKeyBytes = forge.asn1.toDer(publicKey).getBytes();
|
|
|
|
|
|
|
|
callback(privateKeyBytes, publicKeyBytes, null);
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.hashPassword = function (password, key) {
|
|
|
|
if (!key) {
|
|
|
|
key = _service.getKey();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!password || !key) {
|
|
|
|
throw 'Invalid parameters.';
|
|
|
|
}
|
|
|
|
|
2017-02-16 01:03:56 +01:00
|
|
|
var hashBits = forge.pbkdf2(key, forge.util.encodeUtf8(password), 1, 256 / 8, 'sha256');
|
2017-02-11 19:03:48 +01:00
|
|
|
return forge.util.encode64(hashBits);
|
2016-12-09 04:21:46 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.encrypt = function (plainValue, key, encoding) {
|
2015-12-09 04:35:05 +01:00
|
|
|
if (!_service.getKey() && !key) {
|
|
|
|
throw 'Encryption key unavailable.';
|
|
|
|
}
|
|
|
|
|
2016-12-09 04:21:46 +01:00
|
|
|
// TODO: Turn on whenever ready to support encrypt-then-mac
|
|
|
|
var encKey = null;
|
|
|
|
if (false) {
|
|
|
|
encKey = _service.getEncKey(key);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
encKey = key || _service.getKey();
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
encoding = encoding || 'utf8';
|
|
|
|
var buffer = forge.util.createBuffer(plainValue, encoding);
|
2017-02-11 19:03:48 +01:00
|
|
|
var ivBytes = forge.random.getBytesSync(16);
|
|
|
|
var cipher = forge.cipher.createCipher('AES-CBC', encKey);
|
|
|
|
cipher.start({ iv: ivBytes });
|
|
|
|
cipher.update(buffer);
|
|
|
|
cipher.finish();
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var iv = forge.util.encode64(ivBytes);
|
|
|
|
var ctBytes = cipher.output.getBytes();
|
|
|
|
var ct = forge.util.encode64(ctBytes);
|
2016-12-09 04:21:46 +01:00
|
|
|
var cipherString = iv + '|' + ct;
|
|
|
|
|
|
|
|
// TODO: Turn on whenever ready to support encrypt-then-mac
|
|
|
|
if (false) {
|
2017-02-11 19:03:48 +01:00
|
|
|
var mac = computeMac(ctBytes, ivBytes);
|
2016-12-09 04:21:46 +01:00
|
|
|
cipherString = cipherString + '|' + mac;
|
|
|
|
}
|
|
|
|
|
|
|
|
return cipherString;
|
2015-12-09 04:35:05 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.decrypt = function (encValue, outputEncoding) {
|
2017-02-11 19:03:48 +01:00
|
|
|
if (!_service.getKey()) {
|
2015-12-09 04:35:05 +01:00
|
|
|
throw 'AES encryption unavailable.';
|
|
|
|
}
|
|
|
|
|
|
|
|
var encPieces = encValue.split('|');
|
2016-12-09 04:21:46 +01:00
|
|
|
if (encPieces.length !== 2 && encPieces.length !== 3) {
|
2015-12-09 04:35:05 +01:00
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var ivBytes = forge.util.decode64(encPieces[0]);
|
|
|
|
var ctBytes = forge.util.decode64(encPieces[1]);
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2016-12-09 04:21:46 +01:00
|
|
|
var computedMac = null;
|
|
|
|
if (encPieces.length === 3) {
|
2017-02-11 19:03:48 +01:00
|
|
|
computedMac = computeMac(ctBytes, ivBytes);
|
2016-12-09 04:21:46 +01:00
|
|
|
if (computedMac !== encPieces[2]) {
|
|
|
|
console.error('MAC failed.');
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var ctBuffer = forge.util.createBuffer(ctBytes);
|
|
|
|
var decipher = forge.cipher.createDecipher('AES-CBC', computedMac ? _service.getEncKey() : _service.getKey());
|
|
|
|
decipher.start({ iv: ivBytes });
|
|
|
|
decipher.update(ctBuffer);
|
|
|
|
decipher.finish();
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
outputEncoding = outputEncoding || 'utf8';
|
|
|
|
if (outputEncoding === 'utf8') {
|
|
|
|
return decipher.output.toString('utf8');
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return decipher.output.getBytes();
|
|
|
|
}
|
2017-02-11 19:03:48 +01:00
|
|
|
};
|
2016-12-09 04:21:46 +01:00
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
function computeMac(ct, iv, macKey) {
|
|
|
|
var hmac = forge.hmac.create();
|
|
|
|
hmac.start('sha256', macKey || _service.getMacKey());
|
|
|
|
hmac.update(iv + ct);
|
|
|
|
var mac = hmac.digest();
|
|
|
|
return forge.util.encode64(mac.getBytes());
|
2016-12-09 04:21:46 +01:00
|
|
|
}
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
return _service;
|
|
|
|
});
|