2015-12-09 04:35:05 +01:00
|
|
|
angular
|
|
|
|
.module('bit.services')
|
|
|
|
|
2017-04-14 00:18:32 +02:00
|
|
|
.factory('cryptoService', function ($sessionStorage, constants, $q) {
|
2015-12-09 04:35:05 +01:00
|
|
|
var _service = {},
|
|
|
|
_key,
|
2017-04-19 22:45:16 +02:00
|
|
|
_legacyEtmKey,
|
2017-04-19 04:28:49 +02:00
|
|
|
_orgKeys,
|
2017-02-28 06:18:11 +01:00
|
|
|
_privateKey,
|
2017-04-19 04:28:49 +02:00
|
|
|
_publicKey;
|
2015-12-09 04:35:05 +01:00
|
|
|
|
|
|
|
_service.setKey = function (key) {
|
|
|
|
_key = key;
|
2017-04-19 04:28:49 +02:00
|
|
|
$sessionStorage.key = _key.keyB64;
|
2015-12-09 04:35:05 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 06:29:15 +01:00
|
|
|
_service.setPrivateKey = function (privateKeyCt, key) {
|
|
|
|
try {
|
2017-03-10 02:59:10 +01:00
|
|
|
var privateKeyBytes = _service.decrypt(privateKeyCt, key, 'raw');
|
|
|
|
$sessionStorage.privateKey = forge.util.encode64(privateKeyBytes);
|
2017-03-22 04:07:38 +01:00
|
|
|
_privateKey = forge.pki.privateKeyFromAsn1(forge.asn1.fromDer(privateKeyBytes));
|
2017-02-21 06:29:15 +01:00
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
console.log('Cannot set private key. Decryption failed.');
|
|
|
|
}
|
2017-02-21 04:21:14 +01:00
|
|
|
};
|
|
|
|
|
2017-03-07 05:54:06 +01:00
|
|
|
_service.setOrgKeys = function (orgKeysCt, privateKey) {
|
2017-03-28 04:22:56 +02:00
|
|
|
if (!orgKeysCt || Object.keys(orgKeysCt).length === 0) {
|
2017-03-07 05:54:06 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-04-02 04:17:28 +02:00
|
|
|
_service.clearOrgKeys();
|
2017-03-07 05:54:06 +01:00
|
|
|
var orgKeysb64 = {},
|
2017-03-14 03:54:57 +01:00
|
|
|
_orgKeys = {},
|
|
|
|
setKey = false;
|
2017-03-28 03:55:39 +02:00
|
|
|
|
|
|
|
for (var orgId in orgKeysCt) {
|
|
|
|
if (orgKeysCt.hasOwnProperty(orgId)) {
|
|
|
|
try {
|
2017-04-19 15:27:38 +02:00
|
|
|
var decBytes = _service.rsaDecrypt(orgKeysCt[orgId].key, privateKey);
|
2017-04-22 20:39:40 +02:00
|
|
|
var decKey = new SymmetricCryptoKey(decBytes);
|
2017-04-19 15:27:38 +02:00
|
|
|
_orgKeys[orgId] = decKey;
|
|
|
|
orgKeysb64[orgId] = decKey.keyB64;
|
2017-03-28 03:55:39 +02:00
|
|
|
setKey = true;
|
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
console.log('Cannot set org key ' + i + '. Decryption failed.');
|
|
|
|
}
|
2017-03-07 05:54:06 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-03-14 03:54:57 +01:00
|
|
|
if (setKey) {
|
|
|
|
$sessionStorage.orgKeys = orgKeysb64;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
_orgKeys = null;
|
|
|
|
}
|
2017-03-12 02:46:33 +01:00
|
|
|
};
|
|
|
|
|
2017-04-03 15:30:21 +02:00
|
|
|
_service.addOrgKey = function (orgId, encOrgKey, privateKey) {
|
2017-03-12 02:46:33 +01:00
|
|
|
_orgKeys = _service.getOrgKeys();
|
|
|
|
if (!_orgKeys) {
|
|
|
|
_orgKeys = {};
|
|
|
|
}
|
|
|
|
|
|
|
|
var orgKeysb64 = $sessionStorage.orgKeys;
|
|
|
|
if (!orgKeysb64) {
|
|
|
|
orgKeysb64 = {};
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2017-04-19 15:27:38 +02:00
|
|
|
var decBytes = _service.rsaDecrypt(encOrgKey, privateKey);
|
2017-04-22 20:39:40 +02:00
|
|
|
var decKey = new SymmetricCryptoKey(decBytes);
|
2017-04-19 15:27:38 +02:00
|
|
|
_orgKeys[orgId] = decKey;
|
|
|
|
orgKeysb64[orgId] = decKey.keyB64;
|
2017-03-12 02:46:33 +01:00
|
|
|
}
|
|
|
|
catch (e) {
|
2017-03-14 03:54:57 +01:00
|
|
|
_orgKeys = null;
|
2017-03-12 02:46:33 +01:00
|
|
|
console.log('Cannot set org key. Decryption failed.');
|
|
|
|
}
|
2017-03-07 05:54:06 +01:00
|
|
|
|
|
|
|
$sessionStorage.orgKeys = orgKeysb64;
|
|
|
|
};
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
_service.getKey = function () {
|
|
|
|
if (!_key && $sessionStorage.key) {
|
2017-04-22 20:39:40 +02:00
|
|
|
_key = new SymmetricCryptoKey($sessionStorage.key, true);
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
if (!_key) {
|
|
|
|
throw 'key unavailable';
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return _key;
|
|
|
|
};
|
|
|
|
|
2017-04-17 20:53:26 +02:00
|
|
|
_service.getPrivateKey = function (outputEncoding) {
|
|
|
|
outputEncoding = outputEncoding || 'native';
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
if (_privateKey) {
|
2017-04-17 20:53:26 +02:00
|
|
|
if (outputEncoding === 'raw') {
|
|
|
|
var privateKeyAsn1 = forge.pki.privateKeyToAsn1(_privateKey);
|
|
|
|
var privateKeyPkcs8 = forge.pki.wrapRsaPrivateKey(privateKeyAsn1);
|
|
|
|
return forge.asn1.toDer(privateKeyPkcs8).getBytes();
|
|
|
|
}
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
return _privateKey;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($sessionStorage.privateKey) {
|
2017-02-28 06:18:11 +01:00
|
|
|
var privateKeyBytes = forge.util.decode64($sessionStorage.privateKey);
|
|
|
|
_privateKey = forge.pki.privateKeyFromAsn1(forge.asn1.fromDer(privateKeyBytes));
|
2017-04-17 20:53:26 +02:00
|
|
|
|
|
|
|
if (outputEncoding === 'raw') {
|
|
|
|
return privateKeyBytes;
|
|
|
|
}
|
2017-02-21 04:21:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return _privateKey;
|
|
|
|
};
|
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
_service.getPublicKey = function () {
|
|
|
|
if (_publicKey) {
|
|
|
|
return _publicKey;
|
|
|
|
}
|
|
|
|
|
|
|
|
var privateKey = _service.getPrivateKey();
|
|
|
|
if (!privateKey) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
_publicKey = forge.pki.setRsaPublicKey(privateKey.n, privateKey.e);
|
|
|
|
return _publicKey;
|
|
|
|
};
|
|
|
|
|
2017-03-07 05:54:06 +01:00
|
|
|
_service.getOrgKeys = function () {
|
|
|
|
if (_orgKeys) {
|
|
|
|
return _orgKeys;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($sessionStorage.orgKeys) {
|
2017-03-10 04:28:14 +01:00
|
|
|
var orgKeys = {},
|
|
|
|
setKey = false;
|
|
|
|
|
2017-03-07 05:54:06 +01:00
|
|
|
for (var orgId in $sessionStorage.orgKeys) {
|
|
|
|
if ($sessionStorage.orgKeys.hasOwnProperty(orgId)) {
|
2017-04-22 20:39:40 +02:00
|
|
|
orgKeys[orgId] = new SymmetricCryptoKey($sessionStorage.orgKeys[orgId], true);
|
2017-03-10 04:28:14 +01:00
|
|
|
setKey = true;
|
2017-03-07 05:54:06 +01:00
|
|
|
}
|
|
|
|
}
|
2017-03-10 04:28:14 +01:00
|
|
|
|
|
|
|
if (setKey) {
|
|
|
|
_orgKeys = orgKeys;
|
|
|
|
}
|
2017-03-07 05:54:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return _orgKeys;
|
|
|
|
};
|
|
|
|
|
|
|
|
_service.getOrgKey = function (orgId) {
|
|
|
|
var orgKeys = _service.getOrgKeys();
|
|
|
|
if (!orgKeys || !(orgId in orgKeys)) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
return orgKeys[orgId];
|
2017-03-22 04:07:38 +01:00
|
|
|
};
|
2017-03-07 05:54:06 +01:00
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.clearKey = function () {
|
2017-04-19 04:28:49 +02:00
|
|
|
_key = null;
|
2017-04-19 22:45:16 +02:00
|
|
|
_legacyEtmKey = null;
|
2015-12-09 04:35:05 +01:00
|
|
|
delete $sessionStorage.key;
|
|
|
|
};
|
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
_service.clearKeyPair = function () {
|
2017-02-21 04:21:14 +01:00
|
|
|
_privateKey = null;
|
2017-02-28 06:18:11 +01:00
|
|
|
_publicKey = null;
|
2017-02-21 04:21:14 +01:00
|
|
|
delete $sessionStorage.privateKey;
|
|
|
|
};
|
|
|
|
|
2017-03-07 05:54:06 +01:00
|
|
|
_service.clearOrgKeys = function () {
|
2017-03-14 03:54:57 +01:00
|
|
|
_orgKeys = null;
|
2017-03-07 05:54:06 +01:00
|
|
|
delete $sessionStorage.orgKeys;
|
|
|
|
};
|
|
|
|
|
2017-04-11 16:52:16 +02:00
|
|
|
_service.clearOrgKey = function (orgId) {
|
|
|
|
if (_orgKeys.hasOwnProperty(orgId)) {
|
|
|
|
delete _orgKeys[orgId];
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($sessionStorage.orgKeys.hasOwnProperty(orgId)) {
|
|
|
|
delete $sessionStorage.orgKeys[orgId];
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
_service.clearKeys = function () {
|
|
|
|
_service.clearKey();
|
2017-02-28 06:18:11 +01:00
|
|
|
_service.clearKeyPair();
|
2017-03-07 05:54:06 +01:00
|
|
|
_service.clearOrgKeys();
|
2017-02-21 04:21:14 +01:00
|
|
|
};
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
_service.makeKey = function (password, salt) {
|
|
|
|
var keyBytes = forge.pbkdf2(forge.util.encodeUtf8(password), forge.util.encodeUtf8(salt),
|
2017-02-16 01:03:56 +01:00
|
|
|
5000, 256 / 8, 'sha256');
|
2017-04-22 20:39:40 +02:00
|
|
|
return new SymmetricCryptoKey(keyBytes);
|
2015-12-09 04:35:05 +01:00
|
|
|
};
|
|
|
|
|
2017-04-14 00:18:32 +02:00
|
|
|
_service.makeKeyPair = function (key) {
|
|
|
|
var deferred = $q.defer();
|
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
forge.pki.rsa.generateKeyPair({ bits: 2048, workers: 2 }, function (error, keypair) {
|
|
|
|
if (error) {
|
2017-04-14 00:18:32 +02:00
|
|
|
deferred.reject(error);
|
2017-02-21 04:21:14 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-03-11 02:49:50 +01:00
|
|
|
var privateKeyAsn1 = forge.pki.privateKeyToAsn1(keypair.privateKey);
|
|
|
|
var privateKeyPkcs8 = forge.pki.wrapRsaPrivateKey(privateKeyAsn1);
|
|
|
|
var privateKeyBytes = forge.asn1.toDer(privateKeyPkcs8).getBytes();
|
2017-04-14 00:18:32 +02:00
|
|
|
var privateKeyEncCt = _service.encrypt(privateKeyBytes, key, 'raw');
|
2017-02-21 04:21:14 +01:00
|
|
|
|
2017-03-11 02:49:50 +01:00
|
|
|
var publicKeyAsn1 = forge.pki.publicKeyToAsn1(keypair.publicKey);
|
|
|
|
var publicKeyBytes = forge.asn1.toDer(publicKeyAsn1).getBytes();
|
2017-02-21 04:21:14 +01:00
|
|
|
|
2017-04-14 00:18:32 +02:00
|
|
|
deferred.resolve({
|
|
|
|
publicKey: forge.util.encode64(publicKeyBytes),
|
|
|
|
privateKeyEnc: privateKeyEncCt
|
|
|
|
});
|
2017-02-21 04:21:14 +01:00
|
|
|
});
|
2017-04-14 00:18:32 +02:00
|
|
|
|
|
|
|
return deferred.promise;
|
2017-02-21 04:21:14 +01:00
|
|
|
};
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
_service.makeShareKeyCt = function () {
|
|
|
|
return _service.rsaEncrypt(forge.random.getBytesSync(512 / 8));
|
2017-02-28 06:18:11 +01:00
|
|
|
};
|
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
_service.hashPassword = function (password, key) {
|
|
|
|
if (!key) {
|
|
|
|
key = _service.getKey();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!password || !key) {
|
|
|
|
throw 'Invalid parameters.';
|
|
|
|
}
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
var hashBits = forge.pbkdf2(key.key, forge.util.encodeUtf8(password), 1, 256 / 8, 'sha256');
|
2017-02-11 19:03:48 +01:00
|
|
|
return forge.util.encode64(hashBits);
|
2016-12-09 04:21:46 +01:00
|
|
|
};
|
|
|
|
|
2017-02-21 06:29:15 +01:00
|
|
|
_service.encrypt = function (plainValue, key, plainValueEncoding) {
|
2017-04-19 04:28:49 +02:00
|
|
|
key = key || _service.getKey();
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
if (!key) {
|
|
|
|
throw 'Encryption key unavailable.';
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
2017-02-21 06:29:15 +01:00
|
|
|
plainValueEncoding = plainValueEncoding || 'utf8';
|
|
|
|
var buffer = forge.util.createBuffer(plainValue, plainValueEncoding);
|
2017-02-11 19:03:48 +01:00
|
|
|
var ivBytes = forge.random.getBytesSync(16);
|
2017-04-19 04:28:49 +02:00
|
|
|
var cipher = forge.cipher.createCipher('AES-CBC', key.encKey);
|
2017-02-11 19:03:48 +01:00
|
|
|
cipher.start({ iv: ivBytes });
|
|
|
|
cipher.update(buffer);
|
|
|
|
cipher.finish();
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var iv = forge.util.encode64(ivBytes);
|
|
|
|
var ctBytes = cipher.output.getBytes();
|
|
|
|
var ct = forge.util.encode64(ctBytes);
|
2016-12-09 04:21:46 +01:00
|
|
|
var cipherString = iv + '|' + ct;
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
if (key.macKey) {
|
|
|
|
var mac = computeMac(ctBytes, ivBytes, key.macKey);
|
2016-12-09 04:21:46 +01:00
|
|
|
cipherString = cipherString + '|' + mac;
|
|
|
|
}
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
if (key.encType === constants.encType.AesCbc256_B64) {
|
|
|
|
return cipherString;
|
|
|
|
}
|
|
|
|
|
|
|
|
return key.encType + '.' + cipherString;
|
2015-12-09 04:35:05 +01:00
|
|
|
};
|
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
_service.rsaEncrypt = function (plainValue, publicKey) {
|
|
|
|
publicKey = publicKey || _service.getPublicKey();
|
|
|
|
if (!publicKey) {
|
|
|
|
throw 'Public key unavailable.';
|
|
|
|
}
|
|
|
|
|
2017-03-05 02:41:45 +01:00
|
|
|
if (typeof publicKey === 'string') {
|
|
|
|
var publicKeyBytes = forge.util.decode64(publicKey);
|
|
|
|
publicKey = forge.pki.publicKeyFromAsn1(forge.asn1.fromDer(publicKeyBytes));
|
|
|
|
}
|
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
var encryptedBytes = publicKey.encrypt(plainValue, 'RSA-OAEP', {
|
2017-04-21 19:46:07 +02:00
|
|
|
md: forge.md.sha1.create()
|
2017-02-28 06:18:11 +01:00
|
|
|
});
|
2017-04-19 04:28:49 +02:00
|
|
|
|
2017-04-21 19:46:07 +02:00
|
|
|
return constants.encType.Rsa2048_OaepSha1_B64 + '.' + forge.util.encode64(encryptedBytes);
|
2017-03-01 04:53:19 +01:00
|
|
|
};
|
2017-02-28 06:18:11 +01:00
|
|
|
|
2017-02-21 06:29:15 +01:00
|
|
|
_service.decrypt = function (encValue, key, outputEncoding) {
|
2017-04-19 04:28:49 +02:00
|
|
|
key = key || _service.getKey();
|
|
|
|
|
2017-04-07 05:00:33 +02:00
|
|
|
var headerPieces = encValue.split('.'),
|
|
|
|
encType,
|
2017-04-19 04:28:49 +02:00
|
|
|
encPieces;
|
2017-04-07 05:00:33 +02:00
|
|
|
|
|
|
|
if (headerPieces.length === 2) {
|
|
|
|
try {
|
|
|
|
encType = parseInt(headerPieces[0]);
|
|
|
|
encPieces = headerPieces[1].split('|');
|
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
encPieces = encValue.split('|');
|
2017-04-19 22:45:16 +02:00
|
|
|
encType = encPieces.length === 3 ? constants.encType.AesCbc128_HmacSha256_B64 :
|
|
|
|
constants.encType.AesCbc256_B64;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (encType === constants.encType.AesCbc128_HmacSha256_B64 && key.encType === constants.encType.AesCbc256_B64) {
|
|
|
|
// Old encrypt-then-mac scheme, swap out the key
|
2017-04-22 20:39:40 +02:00
|
|
|
_legacyEtmKey = _legacyEtmKey ||
|
|
|
|
new SymmetricCryptoKey(key.key, false, constants.encType.AesCbc128_HmacSha256_B64);
|
2017-04-19 22:45:16 +02:00
|
|
|
key = _legacyEtmKey;
|
2015-12-09 04:35:05 +01:00
|
|
|
}
|
|
|
|
|
2017-04-19 04:28:49 +02:00
|
|
|
if (encType !== key.encType) {
|
|
|
|
throw 'encType unavailable.';
|
|
|
|
}
|
|
|
|
|
2017-04-07 05:00:33 +02:00
|
|
|
switch (encType) {
|
2017-04-11 00:55:18 +02:00
|
|
|
case constants.encType.AesCbc128_HmacSha256_B64:
|
2017-04-07 05:00:33 +02:00
|
|
|
if (encPieces.length !== 3) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
break;
|
2017-04-11 00:55:18 +02:00
|
|
|
case constants.encType.AesCbc256_HmacSha256_B64:
|
2017-04-07 05:00:33 +02:00
|
|
|
if (encPieces.length !== 3) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
break;
|
2017-04-11 00:55:18 +02:00
|
|
|
case constants.encType.AesCbc256_B64:
|
2017-04-07 05:00:33 +02:00
|
|
|
if (encPieces.length !== 2) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var ivBytes = forge.util.decode64(encPieces[0]);
|
|
|
|
var ctBytes = forge.util.decode64(encPieces[1]);
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-04-20 22:32:03 +02:00
|
|
|
if (key.macKey && encPieces.length > 2) {
|
2017-04-19 04:28:49 +02:00
|
|
|
var computedMac = computeMac(ctBytes, ivBytes, key.macKey);
|
2016-12-09 04:21:46 +01:00
|
|
|
if (computedMac !== encPieces[2]) {
|
|
|
|
console.error('MAC failed.');
|
2017-04-07 05:00:33 +02:00
|
|
|
return null;
|
2016-12-09 04:21:46 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
var ctBuffer = forge.util.createBuffer(ctBytes);
|
2017-04-19 04:28:49 +02:00
|
|
|
var decipher = forge.cipher.createDecipher('AES-CBC', key.encKey);
|
2017-02-11 19:03:48 +01:00
|
|
|
decipher.start({ iv: ivBytes });
|
|
|
|
decipher.update(ctBuffer);
|
|
|
|
decipher.finish();
|
2015-12-09 04:35:05 +01:00
|
|
|
|
2017-02-21 04:21:14 +01:00
|
|
|
outputEncoding = outputEncoding || 'utf8';
|
|
|
|
if (outputEncoding === 'utf8') {
|
|
|
|
return decipher.output.toString('utf8');
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
return decipher.output.getBytes();
|
|
|
|
}
|
2017-02-11 19:03:48 +01:00
|
|
|
};
|
2016-12-09 04:21:46 +01:00
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
_service.rsaDecrypt = function (encValue, privateKey) {
|
|
|
|
privateKey = privateKey || _service.getPrivateKey();
|
|
|
|
if (!privateKey) {
|
|
|
|
throw 'Private key unavailable.';
|
|
|
|
}
|
|
|
|
|
2017-04-07 05:00:33 +02:00
|
|
|
var headerPieces = encValue.split('.'),
|
|
|
|
encType,
|
|
|
|
encPiece;
|
|
|
|
|
|
|
|
if (headerPieces.length === 1) {
|
2017-04-21 19:46:07 +02:00
|
|
|
encType = constants.encType.Rsa2048_OaepSha256_B64;
|
2017-04-07 05:00:33 +02:00
|
|
|
encPiece = headerPieces[0];
|
|
|
|
}
|
|
|
|
else if (headerPieces.length === 2) {
|
|
|
|
try {
|
|
|
|
encType = parseInt(headerPieces[0]);
|
|
|
|
encPiece = headerPieces[1];
|
|
|
|
}
|
|
|
|
catch (e) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-21 19:46:07 +02:00
|
|
|
var ctBytes = forge.util.decode64(encPiece);
|
|
|
|
var md;
|
|
|
|
|
|
|
|
if (encType === constants.encType.Rsa2048_OaepSha256_B64) {
|
|
|
|
md = forge.md.sha256.create();
|
|
|
|
}
|
|
|
|
else if (encType === constants.encType.Rsa2048_OaepSha1_B64) {
|
|
|
|
md = forge.md.sha1.create();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
throw 'encType unavailable.';
|
2017-04-07 05:00:33 +02:00
|
|
|
}
|
|
|
|
|
2017-02-28 06:18:11 +01:00
|
|
|
var decBytes = privateKey.decrypt(ctBytes, 'RSA-OAEP', {
|
2017-04-21 19:46:07 +02:00
|
|
|
md: md
|
2017-02-28 06:18:11 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
return decBytes;
|
2017-03-01 04:53:19 +01:00
|
|
|
};
|
2017-02-28 06:18:11 +01:00
|
|
|
|
2017-02-11 19:03:48 +01:00
|
|
|
function computeMac(ct, iv, macKey) {
|
|
|
|
var hmac = forge.hmac.create();
|
2017-04-19 04:28:49 +02:00
|
|
|
hmac.start('sha256', macKey);
|
2017-02-11 19:03:48 +01:00
|
|
|
hmac.update(iv + ct);
|
|
|
|
var mac = hmac.digest();
|
|
|
|
return forge.util.encode64(mac.getBytes());
|
2016-12-09 04:21:46 +01:00
|
|
|
}
|
|
|
|
|
2017-04-22 20:39:40 +02:00
|
|
|
function SymmetricCryptoKey(keyBytes, b64KeyBytes, encType) {
|
2017-04-19 04:28:49 +02:00
|
|
|
if (b64KeyBytes) {
|
|
|
|
keyBytes = forge.util.decode64(keyBytes);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!keyBytes) {
|
|
|
|
throw 'Must provide keyBytes';
|
|
|
|
}
|
|
|
|
|
|
|
|
var buffer = forge.util.createBuffer(keyBytes);
|
|
|
|
if (!buffer || buffer.length() === 0) {
|
|
|
|
throw 'Couldn\'t make buffer';
|
|
|
|
}
|
2017-04-19 15:27:38 +02:00
|
|
|
var bufferLength = buffer.length();
|
2017-04-19 04:28:49 +02:00
|
|
|
|
|
|
|
if (encType === null || encType === undefined) {
|
2017-04-19 15:27:38 +02:00
|
|
|
if (bufferLength === 32) {
|
2017-04-19 04:28:49 +02:00
|
|
|
encType = constants.encType.AesCbc256_B64;
|
|
|
|
}
|
2017-04-19 15:27:38 +02:00
|
|
|
else if (bufferLength === 64) {
|
2017-04-19 04:28:49 +02:00
|
|
|
encType = constants.encType.AesCbc256_HmacSha256_B64;
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
throw 'Unable to determine encType.';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
this.key = keyBytes;
|
|
|
|
this.keyB64 = forge.util.encode64(keyBytes);
|
|
|
|
this.encType = encType;
|
|
|
|
|
2017-04-19 15:27:38 +02:00
|
|
|
if (encType === constants.encType.AesCbc256_B64 && bufferLength === 32) {
|
2017-04-19 04:28:49 +02:00
|
|
|
this.encKey = keyBytes;
|
|
|
|
this.macKey = null;
|
|
|
|
}
|
2017-04-19 15:27:38 +02:00
|
|
|
else if (encType === constants.encType.AesCbc128_HmacSha256_B64 && bufferLength === 32) {
|
2017-04-19 04:28:49 +02:00
|
|
|
this.encKey = buffer.getBytes(16); // first half
|
|
|
|
this.macKey = buffer.getBytes(16); // second half
|
|
|
|
}
|
2017-04-19 15:27:38 +02:00
|
|
|
else if (encType === constants.encType.AesCbc256_HmacSha256_B64 && bufferLength === 64) {
|
2017-04-19 04:28:49 +02:00
|
|
|
this.encKey = buffer.getBytes(32); // first half
|
|
|
|
this.macKey = buffer.getBytes(32); // second half
|
|
|
|
}
|
|
|
|
else {
|
2017-04-19 15:27:38 +02:00
|
|
|
throw 'Unsupported encType/key length.';
|
2017-04-19 04:28:49 +02:00
|
|
|
}
|
2017-04-19 15:03:47 +02:00
|
|
|
}
|
2017-04-19 04:28:49 +02:00
|
|
|
|
2015-12-09 04:35:05 +01:00
|
|
|
return _service;
|
2017-04-19 04:28:49 +02:00
|
|
|
});
|