1
0
mirror of https://github.com/bitwarden/browser.git synced 2024-12-28 17:27:50 +01:00

Added encrypt-then-mac support to cryptoService

This commit is contained in:
Kyle Spearrin 2016-12-10 10:33:58 -05:00
parent d0e2840cd8
commit 70ded7f57b
2 changed files with 113 additions and 27 deletions

View File

@ -3,8 +3,11 @@ var CipherString = function (encryptedString) {
this.decryptedValue = null;
if (encryptedString) {
this.initializationVector = this.encryptedString.split('|')[0];
this.cipherText = this.encryptedString.split('|')[1];
var encPieces = this.encryptedString.split('|');
this.initializationVector = encPieces[0];
this.cipherText = encPieces[1];
this.mac = encPieces.length > 2 ? encPieces[2] : null;
}
};

View File

@ -8,7 +8,8 @@ function initCryptoService() {
_b64Key,
_keyHash,
_b64KeyHash,
_aes;
_aes,
_aesWithMac;
sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."]();
@ -92,6 +93,26 @@ function initCryptoService() {
});
};
CryptoService.prototype.getEncKey = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getKey(false, function (key) {
callback(key.slice(0, 4));
});
};
CryptoService.prototype.getMacKey = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getKey(false, function (key) {
callback(key.slice(4));
});
};
CryptoService.prototype.getKeyHash = function (b64, callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
@ -130,7 +151,7 @@ function initCryptoService() {
throw 'callback function required';
}
_key = _b64Key = _aes = null;
_key = _b64Key = _aes = _aesWithMac = null;
chrome.storage.local.remove('key', function () {
callback();
});
@ -213,32 +234,62 @@ function initCryptoService() {
});
};
CryptoService.prototype.getAesWithMac = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getEncKey(function (encKey) {
if (!_aesWithMac && encKey) {
_aesWithMac = new sjcl.cipher.aes(encKey);
}
callback(_aesWithMac);
});
};
CryptoService.prototype.encrypt = function (plaintextValue) {
var self = this;
var deferred = Q.defer();
if (plaintextValue === null || plaintextValue === undefined) {
deferred.resolve(null);
}
else {
this.getKey(false, function (key) {
if (!key) {
self.getKey(false, function (key) {
self.getEncKey(function (theEncKey) {
self.getMacKey(function (macKey) {
if (!key || !theEncKey || !macKey) {
throw 'Encryption key unavailable.';
}
// TODO: Turn on whenever ready to support encrypt-then-mac
var encKey = false ? theEncKey : key;
var response = {};
var params = {
mode: "cbc",
mode: 'cbc',
iv: sjcl.random.randomWords(4, 10)
};
var ctJson = sjcl.encrypt(key, plaintextValue, params, response);
var ctJson = sjcl.encrypt(encKey, plaintextValue, params, response);
var ct = ctJson.match(/"ct":"([^"]*)"/)[1];
var iv = sjcl.codec.base64.fromBits(response.iv);
var cs = new CipherString(iv + "|" + ct);
var cipherString = iv + '|' + ct;
// TODO: Turn on whenever ready to support encrypt-then-mac
if (false) {
var mac = computeMac(ct, response.iv, macKey);
cipherString = cipherString + '|' + mac;
}
var cs = new CipherString(cipherString);
deferred.resolve(cs);
});
});
});
}
return deferred.promise;
@ -246,24 +297,56 @@ function initCryptoService() {
CryptoService.prototype.decrypt = function (cipherString) {
var deferred = Q.defer();
var self = this;
if (cipherString === null || cipherString === undefined || !cipherString.encryptedString) {
throw 'cannot decrypt nothing';
}
this.getAes(function (aes) {
if (!aes) {
self.getMacKey(function (macKey) {
if (!macKey) {
throw 'MAC key unavailable.';
}
self.getAes(function (aes) {
self.getAesWithMac(function (aesWithMac) {
if (!aes || !aesWithMac) {
throw 'AES encryption unavailable.';
}
var ivBits = sjcl.codec.base64.toBits(cipherString.initializationVector);
var ctBits = sjcl.codec.base64.toBits(cipherString.cipherText);
var decBits = sjcl.mode.cbc.decrypt(aes, ctBits, ivBits, null);
var computedMac = null;
if (cipherString.mac) {
computedMac = computeMac(ctBits, ivBits, macKey);
if (computedMac !== cipherString.mac) {
console.error('MAC failed.');
deferred.reject('MAC failed.');
}
}
var decBits = sjcl.mode.cbc.decrypt(computedMac ? aesWithMac : aes, ctBits, ivBits, null);
var decValue = sjcl.codec.utf8String.fromBits(decBits);
deferred.resolve(decValue);
});
});
});
return deferred.promise;
};
function computeMac(ct, iv, macKey) {
if (typeof ct === 'string') {
ct = sjcl.codec.base64.toBits(ct);
}
if (typeof iv === 'string') {
iv = sjcl.codec.base64.toBits(iv);
}
var hmac = new sjcl.misc.hmac(macKey, sjcl.hash.sha256);
var bits = iv.concat(ct);
var mac = hmac.encrypt(bits);
return sjcl.codec.base64.fromBits(mac);
}
};