bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-14 15:23:33 +00:00
Code Issues Releases Wiki Activity

Added encrypt-then-mac support to cryptoService

Browse Source
This commit is contained in:
Kyle Spearrin
2016-12-10 10:33:58 -05:00
parent d0e2840cd8
commit 70ded7f57b
2 changed files with 113 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/models/domainModels.js
View File

@@ -3,8 +3,11 @@ var CipherString = function (encryptedString) {
this.decryptedValue = null; this.decryptedValue = null;
if (encryptedString) { if (encryptedString) {
this.initializationVector = this.encryptedString.split('|')[0]; var encPieces = this.encryptedString.split('|');
this.cipherText = this.encryptedString.split('|')[1];
this.initializationVector = encPieces[0];
this.cipherText = encPieces[1];
this.mac = encPieces.length > 2 ? encPieces[2] : null;
} }
}; };
@@ -42,7 +45,7 @@ var Folder = function (obj, alreadyEncrypted) {
!function () { !function () {
CipherString.prototype.decrypt = function (callback) { CipherString.prototype.decrypt = function (callback) {
var deferred = Q.defer(); var deferred = Q.defer();
if (!this.decryptedValue) { if (!this.decryptedValue) {
var cryptoService = chrome.extension.getBackgroundPage().cryptoService; var cryptoService = chrome.extension.getBackgroundPage().cryptoService;

131
src/services/cryptoService.js
View File

@@ -8,7 +8,8 @@ function initCryptoService() {
_b64Key, _b64Key,
_keyHash, _keyHash,
_b64KeyHash, _b64KeyHash,
_aes; _aes,
_aesWithMac;
sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."](); sjcl.beware["CBC mode is dangerous because it doesn't protect message integrity."]();
@@ -92,6 +93,26 @@ function initCryptoService() {
}); });
}; };
CryptoService.prototype.getEncKey = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getKey(false, function (key) {
callback(key.slice(0, 4));
});
};
CryptoService.prototype.getMacKey = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getKey(false, function (key) {
callback(key.slice(4));
});
};
CryptoService.prototype.getKeyHash = function (b64, callback) { CryptoService.prototype.getKeyHash = function (b64, callback) {
if (!callback || typeof callback !== 'function') { if (!callback || typeof callback !== 'function') {
throw 'callback function required'; throw 'callback function required';
@@ -130,7 +151,7 @@ function initCryptoService() {
throw 'callback function required'; throw 'callback function required';
} }
_key = _b64Key = _aes = null; _key = _b64Key = _aes = _aesWithMac = null;
chrome.storage.local.remove('key', function () { chrome.storage.local.remove('key', function () {
callback(); callback();
}); });
@@ -213,31 +234,61 @@ function initCryptoService() {
}); });
}; };
CryptoService.prototype.getAesWithMac = function (callback) {
if (!callback || typeof callback !== 'function') {
throw 'callback function required';
}
this.getEncKey(function (encKey) {
if (!_aesWithMac && encKey) {
_aesWithMac = new sjcl.cipher.aes(encKey);
}
callback(_aesWithMac);
});
};
CryptoService.prototype.encrypt = function (plaintextValue) { CryptoService.prototype.encrypt = function (plaintextValue) {
var self = this;
var deferred = Q.defer(); var deferred = Q.defer();
if (plaintextValue === null || plaintextValue === undefined) { if (plaintextValue === null || plaintextValue === undefined) {
deferred.resolve(null); deferred.resolve(null);
} }
else { else {
this.getKey(false, function (key) { self.getKey(false, function (key) {
if (!key) { self.getEncKey(function (theEncKey) {
throw 'Encryption key unavailable.'; self.getMacKey(function (macKey) {
} if (!key || !theEncKey || !macKey) {
throw 'Encryption key unavailable.';
}
var response = {}; // TODO: Turn on whenever ready to support encrypt-then-mac
var params = { var encKey = false ? theEncKey : key;
mode: "cbc",
iv: sjcl.random.randomWords(4, 10)
};
var ctJson = sjcl.encrypt(key, plaintextValue, params, response); var response = {};
var params = {
mode: 'cbc',
iv: sjcl.random.randomWords(4, 10)
};
var ct = ctJson.match(/"ct":"([^"]*)"/)[1]; var ctJson = sjcl.encrypt(encKey, plaintextValue, params, response);
var iv = sjcl.codec.base64.fromBits(response.iv);
var cs = new CipherString(iv + "|" + ct); var ct = ctJson.match(/"ct":"([^"]*)"/)[1];
deferred.resolve(cs); var iv = sjcl.codec.base64.fromBits(response.iv);
var cipherString = iv + '|' + ct;
// TODO: Turn on whenever ready to support encrypt-then-mac
if (false) {
var mac = computeMac(ct, response.iv, macKey);
cipherString = cipherString + '|' + mac;
}
var cs = new CipherString(cipherString);
deferred.resolve(cs);
});
});
}); });
} }
@@ -246,24 +297,56 @@ function initCryptoService() {
CryptoService.prototype.decrypt = function (cipherString) { CryptoService.prototype.decrypt = function (cipherString) {
var deferred = Q.defer(); var deferred = Q.defer();
var self = this;
if (cipherString === null || cipherString === undefined || !cipherString.encryptedString) { if (cipherString === null || cipherString === undefined || !cipherString.encryptedString) {
throw 'cannot decrypt nothing'; throw 'cannot decrypt nothing';
} }
this.getAes(function (aes) { self.getMacKey(function (macKey) {
if (!aes) { if (!macKey) {
throw 'AES encryption unavailable.'; throw 'MAC key unavailable.';
} }
var ivBits = sjcl.codec.base64.toBits(cipherString.initializationVector); self.getAes(function (aes) {
var ctBits = sjcl.codec.base64.toBits(cipherString.cipherText); self.getAesWithMac(function (aesWithMac) {
if (!aes || !aesWithMac) {
throw 'AES encryption unavailable.';
}
var decBits = sjcl.mode.cbc.decrypt(aes, ctBits, ivBits, null); var ivBits = sjcl.codec.base64.toBits(cipherString.initializationVector);
var decValue = sjcl.codec.utf8String.fromBits(decBits); var ctBits = sjcl.codec.base64.toBits(cipherString.cipherText);
deferred.resolve(decValue);
var computedMac = null;
if (cipherString.mac) {
computedMac = computeMac(ctBits, ivBits, macKey);
if (computedMac !== cipherString.mac) {
console.error('MAC failed.');
deferred.reject('MAC failed.');
}
}
var decBits = sjcl.mode.cbc.decrypt(computedMac ? aesWithMac : aes, ctBits, ivBits, null);
var decValue = sjcl.codec.utf8String.fromBits(decBits);
deferred.resolve(decValue);
});
});
}); });
return deferred.promise; return deferred.promise;
}; };
function computeMac(ct, iv, macKey) {
if (typeof ct === 'string') {
ct = sjcl.codec.base64.toBits(ct);
}
if (typeof iv === 'string') {
iv = sjcl.codec.base64.toBits(iv);
}
var hmac = new sjcl.misc.hmac(macKey, sjcl.hash.sha256);
var bits = iv.concat(ct);
var mac = hmac.encrypt(bits);
return sjcl.codec.base64.fromBits(mac);
}
}; };