vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

cleanup crypto service a bit

This commit is contained in:
Kyle Spearrin 2017-11-02 11:07:45 -04:00
parent 177b97ff97
commit c586349014
1 changed files with 22 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/services/crypto.service.ts
View File

@ -15,6 +15,15 @@ const Keys = {
keyHash: 'keyHash', keyHash: 'keyHash',
}; };
const SigningAlgorithm = {
name: 'HMAC',
hash: { name: 'SHA-256' }
};
const AesAlgorithm = {
name: 'AES-CBC'
};
const Crypto = window.crypto; const Crypto = window.crypto;
const Subtle = Crypto.subtle; const Subtle = Crypto.subtle;
@ -293,8 +302,8 @@ export default class CryptoService {
if (encValue.mac) { if (encValue.mac) {
encBytes.set(encValue.mac, 1 + encValue.iv.length); encBytes.set(encValue.mac, 1 + encValue.iv.length);
} }
encBytes.set(encValue.ct, 1 + encValue.iv.length + macLen);
encBytes.set(encValue.ct, 1 + encValue.iv.length + macLen);
return encBytes.buffer; return encBytes.buffer;
} }
@ -303,7 +312,6 @@ export default class CryptoService {
const ivBytes: string = forge.util.decode64(cipherString.initializationVector); const ivBytes: string = forge.util.decode64(cipherString.initializationVector);
const ctBytes: string = forge.util.decode64(cipherString.cipherText); const ctBytes: string = forge.util.decode64(cipherString.cipherText);
const macBytes: string = cipherString.mac ? forge.util.decode64(cipherString.mac) : null; const macBytes: string = cipherString.mac ? forge.util.decode64(cipherString.mac) : null;
const decipher = await this.aesDecrypt(cipherString.encryptionType, ctBytes, ivBytes, macBytes, key); const decipher = await this.aesDecrypt(cipherString.encryptionType, ctBytes, ivBytes, macBytes, key);
if (!decipher) { if (!decipher) {
return null; return null;
@ -405,18 +413,18 @@ export default class CryptoService {
throw new Error('No private key.'); throw new Error('No private key.');
} }
let padding: any = null; let rsaAlgorithm: any = null;
switch (encType) { switch (encType) {
case EncryptionType.Rsa2048_OaepSha256_B64: case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64: case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
padding = { rsaAlgorithm = {
name: 'RSA-OAEP', name: 'RSA-OAEP',
hash: { name: 'SHA-256' }, hash: { name: 'SHA-256' },
}; };
break; break;
case EncryptionType.Rsa2048_OaepSha1_B64: case EncryptionType.Rsa2048_OaepSha1_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64: case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
padding = { rsaAlgorithm = {
name: 'RSA-OAEP', name: 'RSA-OAEP',
hash: { name: 'SHA-1' }, hash: { name: 'SHA-1' },
}; };
@ -425,11 +433,9 @@ export default class CryptoService {
throw new Error('encType unavailable.'); throw new Error('encType unavailable.');
} }
const privateKey = await Subtle.importKey('pkcs8', privateKeyBytes, padding, false, ['decrypt']); const privateKey = await Subtle.importKey('pkcs8', privateKeyBytes, rsaAlgorithm, false, ['decrypt']);
const ctArr = UtilsService.fromB64ToArray(encPieces[0]); const ctArr = UtilsService.fromB64ToArray(encPieces[0]);
const decBytes = await Subtle.decrypt(padding, privateKey, ctArr.buffer); const decBytes = await Subtle.decrypt(rsaAlgorithm, privateKey, ctArr.buffer);
const b64DecValue = UtilsService.fromBufferToB64(decBytes); const b64DecValue = UtilsService.fromBufferToB64(decBytes);
return b64DecValue; return b64DecValue;
} }
@ -444,7 +450,7 @@ export default class CryptoService {
obj.iv = new Uint8Array(16); obj.iv = new Uint8Array(16);
Crypto.getRandomValues(obj.iv); Crypto.getRandomValues(obj.iv);
const encKey = await Subtle.importKey('raw', keyBuf.encKey, { name: 'AES-CBC' }, false, ['encrypt']); const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['encrypt']);
const encValue = await Subtle.encrypt({ name: 'AES-CBC', iv: obj.iv }, encKey, plainValue); const encValue = await Subtle.encrypt({ name: 'AES-CBC', iv: obj.iv }, encKey, plainValue);
obj.ct = new Uint8Array(encValue); obj.ct = new Uint8Array(encValue);
@ -492,7 +498,7 @@ export default class CryptoService {
macBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> { macBuf: ArrayBuffer, key: SymmetricCryptoKey): Promise<ArrayBuffer> {
const theKey = await this.getKeyForEncryption(key); const theKey = await this.getKeyForEncryption(key);
const keyBuf = theKey.getBuffers(); const keyBuf = theKey.getBuffers();
const encKey = await Subtle.importKey('raw', keyBuf.encKey, { name: 'AES-CBC' }, false, ['decrypt']); const encKey = await Subtle.importKey('raw', keyBuf.encKey, AesAlgorithm, false, ['decrypt']);
if (!keyBuf.macKey || !macBuf) { if (!keyBuf.macKey || !macBuf) {
return null; return null;
} }
@ -524,9 +530,8 @@ export default class CryptoService {
} }
private async computeMacWC(dataBuf: ArrayBuffer, macKeyBuf: ArrayBuffer): Promise<ArrayBuffer> { private async computeMacWC(dataBuf: ArrayBuffer, macKeyBuf: ArrayBuffer): Promise<ArrayBuffer> {
const key = await Subtle.importKey('raw', macKeyBuf, { name: 'HMAC', hash: { name: 'SHA-256' } }, const key = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
false, ['sign']); return await Subtle.sign(SigningAlgorithm, key, dataBuf);
return await Subtle.sign({ name: 'HMAC', hash: { name: 'SHA-256' } }, key, dataBuf);
} }
// Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification). // Safely compare two MACs in a way that protects against timing attacks (Double HMAC Verification).
@ -546,10 +551,9 @@ export default class CryptoService {
} }
private async macsEqualWC(macKeyBuf: ArrayBuffer, mac1Buf: ArrayBuffer, mac2Buf: ArrayBuffer): Promise<boolean> { private async macsEqualWC(macKeyBuf: ArrayBuffer, mac1Buf: ArrayBuffer, mac2Buf: ArrayBuffer): Promise<boolean> {
const macKey = await Subtle.importKey('raw', macKeyBuf, { name: 'HMAC', hash: { name: 'SHA-256' } }, const macKey = await Subtle.importKey('raw', macKeyBuf, SigningAlgorithm, false, ['sign']);
false, ['sign']); const mac1 = await Subtle.sign(SigningAlgorithm, macKey, mac1Buf);
const mac1 = await Subtle.sign({ name: 'HMAC', hash: { name: 'SHA-256' } }, macKey, mac1Buf); const mac2 = await Subtle.sign(SigningAlgorithm, macKey, mac2Buf);
const mac2 = await Subtle.sign({ name: 'HMAC', hash: { name: 'SHA-256' } }, macKey, mac2Buf);
if (mac1.byteLength !== mac2.byteLength) { if (mac1.byteLength !== mac2.byteLength) {
return false; return false;