aboutsummaryrefslogtreecommitdiffstats
path: root/app
diff options
context:
space:
mode:
authorDan Finlay <dan@danfinlay.com>2016-10-21 02:33:18 +0800
committerDan Finlay <dan@danfinlay.com>2016-10-21 02:33:18 +0800
commit383f8ea7dc4a264613cfe92b257878eb78438ce7 (patch)
treee476d190f97e60d3740f7650b318b8a7bb092a75 /app
parente5c95d68f80eba3e3d4645f7ac1f6606d0dddd52 (diff)
downloadtangerine-wallet-browser-383f8ea7dc4a264613cfe92b257878eb78438ce7.tar.gz
tangerine-wallet-browser-383f8ea7dc4a264613cfe92b257878eb78438ce7.tar.zst
tangerine-wallet-browser-383f8ea7dc4a264613cfe92b257878eb78438ce7.zip
Linted & added salting to vault
Diffstat (limited to 'app')
-rw-r--r--app/scripts/keyring-controller.js43
-rw-r--r--app/scripts/lib/config-manager.js2
-rw-r--r--app/scripts/lib/encryptor.js16
3 files changed, 26 insertions, 35 deletions
diff --git a/app/scripts/keyring-controller.js b/app/scripts/keyring-controller.js
index 84601916f..f6b1e9358 100644
--- a/app/scripts/keyring-controller.js
+++ b/app/scripts/keyring-controller.js
@@ -12,37 +12,6 @@ module.exports = class KeyringController extends EventEmitter {
this.keyChains = []
}
- keyFromPassword(password, callback) {
- deriveKeyFromPassword(password, callback);
- }
-
- // Takes a pw and callback, returns a password-dervied key
- getKeyForPassword(password, callback) {
- let salt = this.configManager.getSalt()
-
- if (!salt) {
- salt = generateSalt(32)
- this.configManager.setSalt(salt)
- }
-
- var logN = 14
- var r = 8
- var dkLen = 32
- var interruptStep = 200
-
- var cb = function(derKey) {
- try {
- var ui8arr = (new Uint8Array(derKey))
- this.pwDerivedKey = ui8arr
- callback(null, ui8arr)
- } catch (err) {
- callback(err)
- }
- }
-
- scrypt(password, salt, logN, r, dkLen, interruptStep, cb, null)
- }
-
getState() {
return {
isInitialized: !!this.configManager.getVault(),
@@ -66,11 +35,13 @@ module.exports = class KeyringController extends EventEmitter {
}
createNewVault(password, entropy, cb) {
+ const salt = generateNewSalt()
+ this.configManager.setSalt(salt)
this.loadKey(password)
.then((key) => {
return encryptor.encryptWithKey(key, {})
})
- .then((encryptedString) => {
+ .then((encryptedString) => {
this.configManager.setVault(encryptedString)
cb(null, this.getState())
})
@@ -90,7 +61,8 @@ module.exports = class KeyringController extends EventEmitter {
}
loadKey(password) {
- return encryptor.keyFromPassword(password)
+ const salt = this.configManager.getSalt()
+ return encryptor.keyFromPassword(password + salt)
.then((key) => {
this.key = key
return key
@@ -141,5 +113,8 @@ module.exports = class KeyringController extends EventEmitter {
}
function generateSalt (byteCount) {
- return bitcore.crypto.Random.getRandomBuffer(byteCount || 32).toString('base64')
+ var view = new Uint8Array(32)
+ global.crypto.getRandomValues(view)
+ var b64encoded = btoa(String.fromCharCode.apply(null, view))
+ return b64encoded
}
diff --git a/app/scripts/lib/config-manager.js b/app/scripts/lib/config-manager.js
index d12304c46..ae4a84082 100644
--- a/app/scripts/lib/config-manager.js
+++ b/app/scripts/lib/config-manager.js
@@ -118,7 +118,7 @@ ConfigManager.prototype.setVault = function (encryptedString) {
ConfigManager.prototype.getVault = function () {
var data = this.getData()
- return ('vault' in data) && data.vault
+ return ('vault' in data) && data.vault
}
ConfigManager.prototype.getKeychains = function () {
diff --git a/app/scripts/lib/encryptor.js b/app/scripts/lib/encryptor.js
index 91d6ed5ce..8a3b0b023 100644
--- a/app/scripts/lib/encryptor.js
+++ b/app/scripts/lib/encryptor.js
@@ -18,6 +18,10 @@ module.exports = {
// Buffer <-> Hex string methods
serializeBufferForStorage,
serializeBufferFromStorage,
+
+ // Buffer <-> base64 string methods
+ encodeBufferToBase64,
+ decodeBase64ToBuffer,
}
// Takes a Pojo, returns encrypted text.
@@ -117,3 +121,15 @@ function unprefixedHex (num) {
}
return hex
}
+
+function encodeBufferToBase64 (buf) {
+ var b64encoded = btoa(String.fromCharCode.apply(null, buf))
+ return b64encoded
+}
+
+function decodeBase64ToBuffer (base64) {
+ var u8_2 = new Uint8Array(atob(b64encoded).split("")
+ .map(function(c) {
+ return c.charCodeAt(0)
+ }))
+}