diff options
| author | Dan Finlay <dan@danfinlay.com> | 2016-11-23 07:54:51 +0800 |
|---|---|---|
| committer | Dan Finlay <dan@danfinlay.com> | 2016-11-23 07:54:51 +0800 |
| commit | de8da9ddf67f36977e43d2168c4847fd9923c875 (patch) | |
| tree | d6a417d1adea9a6e29a21950603e012e8d357741 /app/scripts/lib | |
| parent | 2966d46fa29641ad478cc83b5ee4c6c8adf1c63b (diff) | |
| download | tangerine-wallet-browser-de8da9ddf67f36977e43d2168c4847fd9923c875.tar.gz tangerine-wallet-browser-de8da9ddf67f36977e43d2168c4847fd9923c875.tar.zst tangerine-wallet-browser-de8da9ddf67f36977e43d2168c4847fd9923c875.zip | |
Simplify Encryptor API Surface
At least, the portion of it that we use.
Moved salting within the encryptor, so it does not need to be managed externally.
KeyringController now caches the password instead of a passwordDerivedKey, since it is ignorant of the salt.
Encryptor payload is now in a JSON format, so its portions are both base64 encoded *and* labeled appropriately. The format is `{ "data": "0x0", "iv": "0x0", "salt": "string" }`.
Fixes #843
Fixes #859
Diffstat (limited to 'app/scripts/lib')
| -rw-r--r-- | app/scripts/lib/encryptor.js | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/app/scripts/lib/encryptor.js b/app/scripts/lib/encryptor.js index df72b62c0..8bacab766 100644 --- a/app/scripts/lib/encryptor.js +++ b/app/scripts/lib/encryptor.js @@ -26,10 +26,16 @@ module.exports = { // Takes a Pojo, returns cypher text. function encrypt (password, dataObj) { - return keyFromPassword(password) + const salt = this.generateSalt() + + return keyFromPassword(password + salt) .then(function (passwordDerivedKey) { return encryptWithKey(passwordDerivedKey, dataObj) }) + .then(function (payload) { + payload.salt = salt + return JSON.stringify(payload) + }) } function encryptWithKey (key, dataObj) { @@ -44,22 +50,26 @@ function encryptWithKey (key, dataObj) { var buffer = new Uint8Array(buf) var vectorStr = encodeBufferToBase64(vector) var vaultStr = encodeBufferToBase64(buffer) - return `${vaultStr}\\${vectorStr}` + return { + data: vaultStr, + iv: vectorStr, + } }) } // Takes encrypted text, returns the restored Pojo. function decrypt (password, text) { - return keyFromPassword(password) + const payload = JSON.parse(text) + const salt = payload.salt + return keyFromPassword(password + salt) .then(function (key) { - return decryptWithKey(key, text) + return decryptWithKey(key, payload) }) } -function decryptWithKey (key, text) { - const parts = text.split('\\') - const encryptedData = decodeBase64ToBuffer(parts[0]) - const vector = decodeBase64ToBuffer(parts[1]) +function decryptWithKey (key, payload) { + const encryptedData = decodeBase64ToBuffer(payload.data) + const vector = decodeBase64ToBuffer(payload.iv) return crypto.subtle.decrypt({name: 'AES-GCM', iv: vector}, key, encryptedData) .then(function (result) { const decryptedData = new Uint8Array(result) |