From 383f8ea7dc4a264613cfe92b257878eb78438ce7 Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Thu, 20 Oct 2016 11:33:18 -0700 Subject: Linted & added salting to vault --- app/scripts/keyring-controller.js | 43 ++++++++------------------------------- app/scripts/lib/config-manager.js | 2 +- app/scripts/lib/encryptor.js | 16 +++++++++++++++ 3 files changed, 26 insertions(+), 35 deletions(-) (limited to 'app/scripts') diff --git a/app/scripts/keyring-controller.js b/app/scripts/keyring-controller.js index 84601916f..f6b1e9358 100644 --- a/app/scripts/keyring-controller.js +++ b/app/scripts/keyring-controller.js @@ -12,37 +12,6 @@ module.exports = class KeyringController extends EventEmitter { this.keyChains = [] } - keyFromPassword(password, callback) { - deriveKeyFromPassword(password, callback); - } - - // Takes a pw and callback, returns a password-dervied key - getKeyForPassword(password, callback) { - let salt = this.configManager.getSalt() - - if (!salt) { - salt = generateSalt(32) - this.configManager.setSalt(salt) - } - - var logN = 14 - var r = 8 - var dkLen = 32 - var interruptStep = 200 - - var cb = function(derKey) { - try { - var ui8arr = (new Uint8Array(derKey)) - this.pwDerivedKey = ui8arr - callback(null, ui8arr) - } catch (err) { - callback(err) - } - } - - scrypt(password, salt, logN, r, dkLen, interruptStep, cb, null) - } - getState() { return { isInitialized: !!this.configManager.getVault(), @@ -66,11 +35,13 @@ module.exports = class KeyringController extends EventEmitter { } createNewVault(password, entropy, cb) { + const salt = generateNewSalt() + this.configManager.setSalt(salt) this.loadKey(password) .then((key) => { return encryptor.encryptWithKey(key, {}) }) - .then((encryptedString) => { + .then((encryptedString) => { this.configManager.setVault(encryptedString) cb(null, this.getState()) }) @@ -90,7 +61,8 @@ module.exports = class KeyringController extends EventEmitter { } loadKey(password) { - return encryptor.keyFromPassword(password) + const salt = this.configManager.getSalt() + return encryptor.keyFromPassword(password + salt) .then((key) => { this.key = key return key @@ -141,5 +113,8 @@ module.exports = class KeyringController extends EventEmitter { } function generateSalt (byteCount) { - return bitcore.crypto.Random.getRandomBuffer(byteCount || 32).toString('base64') + var view = new Uint8Array(32) + global.crypto.getRandomValues(view) + var b64encoded = btoa(String.fromCharCode.apply(null, view)) + return b64encoded } diff --git a/app/scripts/lib/config-manager.js b/app/scripts/lib/config-manager.js index d12304c46..ae4a84082 100644 --- a/app/scripts/lib/config-manager.js +++ b/app/scripts/lib/config-manager.js @@ -118,7 +118,7 @@ ConfigManager.prototype.setVault = function (encryptedString) { ConfigManager.prototype.getVault = function () { var data = this.getData() - return ('vault' in data) && data.vault + return ('vault' in data) && data.vault } ConfigManager.prototype.getKeychains = function () { diff --git a/app/scripts/lib/encryptor.js b/app/scripts/lib/encryptor.js index 91d6ed5ce..8a3b0b023 100644 --- a/app/scripts/lib/encryptor.js +++ b/app/scripts/lib/encryptor.js @@ -18,6 +18,10 @@ module.exports = { // Buffer <-> Hex string methods serializeBufferForStorage, serializeBufferFromStorage, + + // Buffer <-> base64 string methods + encodeBufferToBase64, + decodeBase64ToBuffer, } // Takes a Pojo, returns encrypted text. @@ -117,3 +121,15 @@ function unprefixedHex (num) { } return hex } + +function encodeBufferToBase64 (buf) { + var b64encoded = btoa(String.fromCharCode.apply(null, buf)) + return b64encoded +} + +function decodeBase64ToBuffer (base64) { + var u8_2 = new Uint8Array(atob(b64encoded).split("") + .map(function(c) { + return c.charCodeAt(0) + })) +} -- cgit