From 26f1e6cbd2af9d6bb0c58871635466c459cc87d8 Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Mon, 19 Dec 2016 21:55:02 -0800 Subject: Remove encryptor in favor of external browser-passworder I broke out the encryptor lib into its own module on npm called browser-passworder. --- app/scripts/keyring-controller.js | 3 +- app/scripts/lib/encryptor.js | 156 --------------------------------- package.json | 1 + test/integration/lib/encryptor-test.js | 71 --------------- 4 files changed, 3 insertions(+), 228 deletions(-) delete mode 100644 app/scripts/lib/encryptor.js delete mode 100644 test/integration/lib/encryptor-test.js diff --git a/app/scripts/keyring-controller.js b/app/scripts/keyring-controller.js index ca4c306be..58366c26f 100644 --- a/app/scripts/keyring-controller.js +++ b/app/scripts/keyring-controller.js @@ -5,8 +5,9 @@ const bip39 = require('bip39') const Transaction = require('ethereumjs-tx') const EventEmitter = require('events').EventEmitter const filter = require('promise-filter') +const encryptor = require('browser-passworder') + const normalize = require('./lib/sig-util').normalize -const encryptor = require('./lib/encryptor') const messageManager = require('./lib/message-manager') const IdStoreMigrator = require('./lib/idStore-migrator') const BN = ethUtil.BN diff --git a/app/scripts/lib/encryptor.js b/app/scripts/lib/encryptor.js deleted file mode 100644 index 4770d2f54..000000000 --- a/app/scripts/lib/encryptor.js +++ /dev/null @@ -1,156 +0,0 @@ -module.exports = { - - // Simple encryption methods: - encrypt, - decrypt, - - // More advanced encryption methods: - keyFromPassword, - encryptWithKey, - decryptWithKey, - - // Buffer <-> String methods - convertArrayBufferViewtoString, - convertStringToArrayBufferView, - - // Buffer <-> Hex string methods - serializeBufferForStorage, - serializeBufferFromStorage, - - // Buffer <-> base64 string methods - encodeBufferToBase64, - decodeBase64ToBuffer, - - generateSalt, -} - -// Takes a Pojo, returns cypher text. -function encrypt (password, dataObj) { - const salt = this.generateSalt() - - return keyFromPassword(password + salt) - .then(function (passwordDerivedKey) { - return encryptWithKey(passwordDerivedKey, dataObj) - }) - .then(function (payload) { - payload.salt = salt - return JSON.stringify(payload) - }) -} - -function encryptWithKey (key, dataObj) { - var data = JSON.stringify(dataObj) - var dataBuffer = convertStringToArrayBufferView(data) - var vector = global.crypto.getRandomValues(new Uint8Array(16)) - return global.crypto.subtle.encrypt({ - name: 'AES-GCM', - iv: vector, - }, key, dataBuffer).then(function (buf) { - var buffer = new Uint8Array(buf) - var vectorStr = encodeBufferToBase64(vector) - var vaultStr = encodeBufferToBase64(buffer) - return { - data: vaultStr, - iv: vectorStr, - } - }) -} - -// Takes encrypted text, returns the restored Pojo. -function decrypt (password, text) { - const payload = JSON.parse(text) - const salt = payload.salt - return keyFromPassword(password + salt) - .then(function (key) { - return decryptWithKey(key, payload) - }) -} - -function decryptWithKey (key, payload) { - const encryptedData = decodeBase64ToBuffer(payload.data) - const vector = decodeBase64ToBuffer(payload.iv) - return crypto.subtle.decrypt({name: 'AES-GCM', iv: vector}, key, encryptedData) - .then(function (result) { - const decryptedData = new Uint8Array(result) - const decryptedStr = convertArrayBufferViewtoString(decryptedData) - const decryptedObj = JSON.parse(decryptedStr) - return decryptedObj - }) - .catch(function (reason) { - throw new Error('Incorrect password') - }) -} - -function convertStringToArrayBufferView (str) { - var bytes = new Uint8Array(str.length) - for (var i = 0; i < str.length; i++) { - bytes[i] = str.charCodeAt(i) - } - - return bytes -} - -function convertArrayBufferViewtoString (buffer) { - var str = '' - for (var i = 0; i < buffer.byteLength; i++) { - str += String.fromCharCode(buffer[i]) - } - - return str -} - -function keyFromPassword (password) { - var passBuffer = convertStringToArrayBufferView(password) - return global.crypto.subtle.digest('SHA-256', passBuffer) - .then(function (passHash) { - return global.crypto.subtle.importKey('raw', passHash, {name: 'AES-GCM'}, false, ['encrypt', 'decrypt']) - }) -} - -function serializeBufferFromStorage (str) { - var stripStr = (str.slice(0, 2) === '0x') ? str.slice(2) : str - var buf = new Uint8Array(stripStr.length / 2) - for (var i = 0; i < stripStr.length; i += 2) { - var seg = stripStr.substr(i, 2) - buf[i / 2] = parseInt(seg, 16) - } - return buf -} - -// Should return a string, ready for storage, in hex format. -function serializeBufferForStorage (buffer) { - var result = '0x' - var len = buffer.length || buffer.byteLength - for (var i = 0; i < len; i++) { - result += unprefixedHex(buffer[i]) - } - return result -} - -function unprefixedHex (num) { - var hex = num.toString(16) - while (hex.length < 2) { - hex = '0' + hex - } - return hex -} - -function encodeBufferToBase64 (buf) { - var b64encoded = btoa(String.fromCharCode.apply(null, buf)) - return b64encoded -} - -function decodeBase64ToBuffer (base64) { - var buf = new Uint8Array(atob(base64).split('') - .map(function (c) { - return c.charCodeAt(0) - })) - return buf -} - -function generateSalt (byteCount = 32) { - var view = new Uint8Array(byteCount) - global.crypto.getRandomValues(view) - var b64encoded = btoa(String.fromCharCode.apply(null, view)) - return b64encoded -} diff --git a/package.json b/package.json index 46d17a94c..619500011 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ "dependencies": { "async": "^1.5.2", "bip39": "^2.2.0", + "browser-passworder": "^1.0.1", "browserify-derequire": "^0.9.4", "clone": "^1.0.2", "copy-to-clipboard": "^2.0.0", diff --git a/test/integration/lib/encryptor-test.js b/test/integration/lib/encryptor-test.js deleted file mode 100644 index 897d22740..000000000 --- a/test/integration/lib/encryptor-test.js +++ /dev/null @@ -1,71 +0,0 @@ -var encryptor = require('../../../app/scripts/lib/encryptor') - -QUnit.module('encryptor') - -QUnit.test('encryptor:serializeBufferForStorage', function (assert) { - assert.expect(1) - var buf = new Buffer(2) - buf[0] = 16 - buf[1] = 1 - - var output = encryptor.serializeBufferForStorage(buf) - - var expect = '0x1001' - assert.equal(expect, output) -}) - -QUnit.test('encryptor:serializeBufferFromStorage', function (assert) { - assert.expect(2) - var input = '0x1001' - var output = encryptor.serializeBufferFromStorage(input) - - assert.equal(output[0], 16) - assert.equal(output[1], 1) -}) - -QUnit.test('encryptor:encrypt & decrypt', function(assert) { - var done = assert.async(); - var password, data, encrypted - - password = 'a sample passw0rd' - data = { foo: 'data to encrypt' } - - encryptor.encrypt(password, data) - .then(function(encryptedStr) { - assert.equal(typeof encryptedStr, 'string', 'returns a string') - return encryptor.decrypt(password, encryptedStr) - }) - .then(function (decryptedObj) { - assert.deepEqual(decryptedObj, data, 'decrypted what was encrypted') - done() - }) - .catch(function(reason) { - assert.ifError(reason, 'threw an error') - done(reason) - }) - -}) - -QUnit.test('encryptor:encrypt & decrypt with wrong password', function(assert) { - var done = assert.async(); - var password, data, encrypted, wrongPassword - - password = 'a sample passw0rd' - wrongPassword = 'a wrong password' - data = { foo: 'data to encrypt' } - - encryptor.encrypt(password, data) - .then(function(encryptedStr) { - assert.equal(typeof encryptedStr, 'string', 'returns a string') - return encryptor.decrypt(wrongPassword, encryptedStr) - }) - .then(function (decryptedObj) { - assert.equal(!decryptedObj, true, 'Wrong password should not decrypt') - done() - }) - .catch(function(reason) { - done() - }) -}) - - -- cgit From 2988bc0723d3e36d54eefbafe8c17ad3a512ecf9 Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Tue, 20 Dec 2016 09:28:15 -0800 Subject: Use security patched version of browser-passworder --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 619500011..f160d0a57 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "dependencies": { "async": "^1.5.2", "bip39": "^2.2.0", - "browser-passworder": "^1.0.1", + "browser-passworder": "^2.0.0", "browserify-derequire": "^0.9.4", "clone": "^1.0.2", "copy-to-clipboard": "^2.0.0", -- cgit From dea658a898254214203845f128959ac861d9a349 Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Tue, 20 Dec 2016 10:11:51 -0800 Subject: Bump passworder version --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f160d0a57..f3dd20d41 100644 --- a/package.json +++ b/package.json @@ -37,7 +37,7 @@ "dependencies": { "async": "^1.5.2", "bip39": "^2.2.0", - "browser-passworder": "^2.0.0", + "browser-passworder": "^2.0.3", "browserify-derequire": "^0.9.4", "clone": "^1.0.2", "copy-to-clipboard": "^2.0.0", -- cgit