Refactor some low-level crypto things
This commit is contained in:
Matt Corallo
parent
905357a2e1
commit
5583e82a20
4 changed files with 42 additions and 53 deletions
59
js/crypto.js
59
js/crypto.js
|
|
@ -1,30 +1,3 @@
|
|||
function HmacSHA256(key, input) {
|
||||
input = assertIsArrayBuffer(input);
|
||||
key = assertIsArrayBuffer(key);
|
||||
return window.crypto.subtle.sign({name: "HMAC", hash: "SHA-256"}, key, input);
|
||||
}
|
||||
|
||||
function encryptAESCTR(input, key, counter) {
|
||||
input = assertIsArrayBuffer(input);
|
||||
key = assertIsArrayBuffer(key);
|
||||
counter = assertIsArrayBuffer(counter);
|
||||
return window.crypto.subtle.encrypt({name: "AES-CTR", counter: counter}, key, input);
|
||||
}
|
||||
|
||||
function decryptAESCTR(input, key, counter) {
|
||||
input = assertIsArrayBuffer(input);
|
||||
key = assertIsArrayBuffer(key);
|
||||
counter = assertIsArrayBuffer(counter);
|
||||
return window.crypto.subtle.decrypt({name: "AES-CTR", counter: counter}, key, input);
|
||||
}
|
||||
|
||||
function decryptAESCBC(input, key, iv) {
|
||||
input = assertIsArrayBuffer(input);
|
||||
key = assertIsArrayBuffer(key);
|
||||
iv = assertIsArrayBuffer(iv);
|
||||
return window.crypto.subtle.decrypt({name: "AES-CBC", iv: iv}, key, input);
|
||||
}
|
||||
|
||||
// functions exposed for replacement and direct calling in test code
|
||||
var crypto_tests = {};
|
||||
|
||||
|
|
@ -42,6 +15,11 @@ window.crypto = (function() {
|
|||
}
|
||||
}
|
||||
|
||||
function HmacSHA256(key, input) {
|
||||
return window.crypto.subtle.sign({name: "HMAC", hash: "SHA-256"}, key, input);
|
||||
}
|
||||
|
||||
|
||||
crypto_tests.privToPub = function(privKey, isIdentity) {
|
||||
if (privKey.byteLength != 32)
|
||||
throw new Error("Invalid private key");
|
||||
|
|
@ -168,11 +146,11 @@ window.crypto = (function() {
|
|||
|
||||
crypto_tests.HKDF = function(input, salt, info) {
|
||||
// Specific implementation of RFC 5869 that only returns exactly 64 bytes
|
||||
return HmacSHA256(salt, input).then(function(PRK) {
|
||||
return HmacSHA256(salt, toArrayBuffer(input)).then(function(PRK) {
|
||||
var infoString = getString(info);
|
||||
// TextSecure implements a slightly tweaked version of RFC 5869: the 0 and 1 should be 1 and 2 here
|
||||
return HmacSHA256(PRK, infoString + String.fromCharCode(0)).then(function(T1) {
|
||||
return HmacSHA256(PRK, getString(T1) + infoString + String.fromCharCode(1)).then(function(T2) {
|
||||
return HmacSHA256(PRK, toArrayBuffer(infoString + String.fromCharCode(0))).then(function(T1) {
|
||||
return HmacSHA256(PRK, toArrayBuffer(getString(T1) + infoString + String.fromCharCode(1))).then(function(T2) {
|
||||
return [ T1, T2 ];
|
||||
});
|
||||
});
|
||||
|
|
@ -200,7 +178,7 @@ window.crypto = (function() {
|
|||
if (version === undefined)
|
||||
version = 1;
|
||||
|
||||
return HmacSHA256(key, String.fromCharCode(version) + getString(data)).then(function(calculated_mac) {
|
||||
return HmacSHA256(key, toArrayBuffer(String.fromCharCode(version) + getString(data))).then(function(calculated_mac) {
|
||||
var macString = getString(mac);
|
||||
|
||||
if (calculated_mac.substring(0, macString.length) != macString)
|
||||
|
|
@ -212,7 +190,7 @@ window.crypto = (function() {
|
|||
if (version === undefined)
|
||||
version = 1;
|
||||
|
||||
return HmacSHA256(key, String.fromCharCode(version) + getString(data));
|
||||
return HmacSHA256(key, toArrayBuffer(String.fromCharCode(version) + getString(data)));
|
||||
}
|
||||
|
||||
/******************************
|
||||
|
|
@ -294,8 +272,9 @@ window.crypto = (function() {
|
|||
return new Promise(function(resolve) { resolve() }); // Stalker, much?
|
||||
|
||||
if (chain.chainKey.counter < counter) {
|
||||
return HmacSHA256(chain.chainKey.key, String.fromCharCode(1)).then(function(mac) {
|
||||
return HmacSHA256(chain.chainKey.key, String.fromCharCode(2)).then(function(key) {
|
||||
var key = toArrayBuffer(chain.chainKey.key);
|
||||
return HmacSHA256(key, toArrayBuffer(String.fromCharCode(1))).then(function(mac) {
|
||||
return HmacSHA256(key, toArrayBuffer(String.fromCharCode(2))).then(function(key) {
|
||||
chain.messageKeys[chain.chainKey.counter + 1] = mac;
|
||||
chain.chainKey.key = key
|
||||
chain.chainKey.counter += 1;
|
||||
|
|
@ -367,8 +346,10 @@ window.crypto = (function() {
|
|||
delete chain.messageKeys[message.counter];
|
||||
|
||||
verifyMACWithVersionByte(messageProto, keys[1], mac, (2 << 4) | 2);
|
||||
var iv = getString(intToArrayBuffer(message.counter));
|
||||
return decryptAESCTR(message.ciphertext, keys[0], iv).then(function(plaintext) {
|
||||
var counter = intToArrayBuffer(message.counter);
|
||||
return window.crypto.subtle.decrypt({name: "AES-CTR", counter: counter}, keys[0], toArrayBuffer(message.ciphertext))
|
||||
.then(function(plaintext) {
|
||||
|
||||
//TODO: removeOldChains(session);
|
||||
delete session['pendingPreKey'];
|
||||
|
||||
|
|
@ -399,7 +380,7 @@ window.crypto = (function() {
|
|||
var mac = decodedMessage.subarray(decodedMessage.length - 10, decodedMessage.length);
|
||||
|
||||
return verifyMACWithVersionByte(ivAndCipherText, mac_key, mac).then(function() {
|
||||
return decryptAESCBC(ciphertext, aes_key, iv);
|
||||
return window.crypto.subtle.decrypt({name: "AES-CBC", iv: iv}, aes_key, ciphertext);
|
||||
});
|
||||
};
|
||||
|
||||
|
|
@ -440,8 +421,8 @@ window.crypto = (function() {
|
|||
msg.counter = chain.chainKey.counter;
|
||||
msg.previousCounter = session.currentRatchet.previousCounter;
|
||||
|
||||
var iv = intToArrayBuffer(chain.chainKey.counter);
|
||||
return encryptAESCTR(plaintext, keys[0], iv).then(function(ciphertext) {
|
||||
var counter = intToArrayBuffer(chain.chainKey.counter);
|
||||
return window.crypto.subtle.encrypt({name: "AES-CTR", counter: counter}, keys[0], plaintext).then(function(ciphertext) {
|
||||
msg.ciphertext = ciphertext;
|
||||
var encodedMsg = getString(msg.encode());
|
||||
|
||||
|
|
|
|||
|
|
@ -159,12 +159,6 @@ function toArrayBuffer(thing) {
|
|||
return res;
|
||||
}
|
||||
|
||||
function assertIsArrayBuffer(thing) {
|
||||
if (thing !== Object(thing) || thing.__proto__ != StaticArrayBufferProto)
|
||||
console.log("WARNING: Needed a ArrayBuffer");
|
||||
return toArrayBuffer(thing);
|
||||
}
|
||||
|
||||
function ensureStringed(thing) {
|
||||
if (getStringable(thing))
|
||||
return getString(thing);
|
||||
|
|
|
|||
|
|
@ -304,7 +304,6 @@ registerOnLoadFunction(function() {
|
|||
var doStep;
|
||||
|
||||
var stepDone = function(res) {
|
||||
console.log('stepDone');
|
||||
if (!res || privKeyQueue.length != 0) {
|
||||
crypto_tests.createNewKeyPair = origCreateNewKeyPair;
|
||||
return false;
|
||||
|
|
@ -444,7 +443,7 @@ console.log('stepDone');
|
|||
var key = hexToArrayBuffer('6f35628d65813435534b5d67fbdb54cb33403d04e843103e6399f806cb5df95febbdd61236f33245');
|
||||
var input = hexToArrayBuffer('752cff52e4b90768558e5369e75d97c69643509a5e5904e0a386cbe4d0970ef73f918f675945a9aefe26daea27587e8dc909dd56fd0468805f834039b345f855cfe19c44b55af241fff3ffcd8045cd5c288e6c4e284c3720570b58e4d47b8feeedc52fd1401f698a209fccfa3b4c0d9a797b046a2759f82a54c41ccd7b5f592b');
|
||||
var mac = getString(hexToArrayBuffer('05d1243e6465ed9620c9aec1c351a186'));
|
||||
return HmacSHA256(key, input).then(function(result) {
|
||||
return window.crypto.subtle.sign({name: "HMAC", hash: "SHA-256"}, key, input).then(function(result) {
|
||||
return getString(result).substring(0, mac.length) === mac;
|
||||
});
|
||||
}, "HMAC SHA-256", false);
|
||||
|
|
@ -454,7 +453,7 @@ console.log('stepDone');
|
|||
var counter = hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff');
|
||||
var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a');
|
||||
var ciphertext = hexToArrayBuffer('874d6191b620e3261bef6864990db6ce');
|
||||
return encryptAESCTR(plaintext, key, counter).then(function(result) {
|
||||
return window.crypto.subtle.encrypt({name: "AES-CTR", counter: counter}, key, plaintext).then(function(result) {
|
||||
return getString(result) === getString(ciphertext);
|
||||
});
|
||||
}, "Encrypt AES-CTR", false);
|
||||
|
|
@ -464,7 +463,7 @@ console.log('stepDone');
|
|||
var counter = hexToArrayBuffer('f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff');
|
||||
var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172a');
|
||||
var ciphertext = hexToArrayBuffer('874d6191b620e3261bef6864990db6ce');
|
||||
return decryptAESCTR(ciphertext, key, counter).then(function(result) {
|
||||
return window.crypto.subtle.decrypt({name: "AES-CTR", counter: counter}, key, ciphertext).then(function(result) {
|
||||
return getString(result) === getString(plaintext);
|
||||
});
|
||||
}, "Decrypt AES-CTR", false);
|
||||
|
|
@ -474,7 +473,7 @@ console.log('stepDone');
|
|||
var iv = hexToArrayBuffer('000102030405060708090a0b0c0d0e0f');
|
||||
var plaintext = hexToArrayBuffer('6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710');
|
||||
var ciphertext = hexToArrayBuffer('f58c4c04d6e5f1ba779eabfb5f7bfbd69cfc4e967edb808d679f777bc6702c7d39f23369a9d9bacfa530e26304231461b2eb05e2c39be9fcda6c19078c6a9d1b3f461796d6b0d6b2e0c2a72b4d80e644');
|
||||
return decryptAESCBC(ciphertext, key, iv).then(function(result) {
|
||||
return window.crypto.subtle.decrypt({name: "AES-CBC", iv: iv}, key, ciphertext).then(function(result) {
|
||||
return getString(result) === getString(plaintext);
|
||||
});
|
||||
}, "Decrypt AES-CBC", false);
|
||||
|
|
|
|||
|
|
@ -4,8 +4,16 @@ window.crypto.subtle = (function() {
|
|||
if (window.crypto.subtle !== undefined && window.crypto.subtle !== null) {
|
||||
return window.crypto.subtle;
|
||||
} else {
|
||||
var StaticArrayBufferProto = new ArrayBuffer().__proto__;
|
||||
function assertIsArrayBuffer(thing) {
|
||||
if (thing !== Object(thing) || thing.__proto__ != StaticArrayBufferProto)
|
||||
throw new Error("WARNING: Needed a ArrayBuffer");
|
||||
}
|
||||
|
||||
// private implementation functions
|
||||
function HmacSHA256(key, input) {
|
||||
assertIsArrayBuffer(key);
|
||||
assertIsArrayBuffer(input);
|
||||
return CryptoJS.HmacSHA256(
|
||||
CryptoJS.lib.WordArray.create(toArrayBuffer(input)),
|
||||
CryptoJS.enc.Latin1.parse(getString(key))
|
||||
|
|
@ -13,6 +21,9 @@ window.crypto.subtle = (function() {
|
|||
};
|
||||
|
||||
function encryptAESCTR(plaintext, key, counter) {
|
||||
assertIsArrayBuffer(plaintext);
|
||||
assertIsArrayBuffer(key);
|
||||
assertIsArrayBuffer(counter);
|
||||
return CryptoJS.AES.encrypt(CryptoJS.enc.Latin1.parse(getString(plaintext)),
|
||||
CryptoJS.enc.Latin1.parse(getString(key)),
|
||||
{mode: CryptoJS.mode.CTR, iv: CryptoJS.enc.Latin1.parse(getString(counter)),
|
||||
|
|
@ -21,6 +32,9 @@ window.crypto.subtle = (function() {
|
|||
};
|
||||
|
||||
function decryptAESCTR(ciphertext, key, counter) {
|
||||
assertIsArrayBuffer(ciphertext);
|
||||
assertIsArrayBuffer(key);
|
||||
assertIsArrayBuffer(counter);
|
||||
return CryptoJS.AES.decrypt(btoa(getString(ciphertext)),
|
||||
CryptoJS.enc.Latin1.parse(getString(key)),
|
||||
{mode: CryptoJS.mode.CTR, iv: CryptoJS.enc.Latin1.parse(getString(counter)),
|
||||
|
|
@ -29,6 +43,9 @@ window.crypto.subtle = (function() {
|
|||
};
|
||||
|
||||
function decryptAESCBC(ciphertext, key, iv) {
|
||||
assertIsArrayBuffer(ciphertext);
|
||||
assertIsArrayBuffer(key);
|
||||
assertIsArrayBuffer(iv);
|
||||
return CryptoJS.AES.decrypt(btoa(getString(ciphertext)),
|
||||
CryptoJS.enc.Latin1.parse(getString(key)),
|
||||
{iv: CryptoJS.enc.Latin1.parse(getString(iv))})
|
||||
|
|
@ -40,9 +57,7 @@ window.crypto.subtle = (function() {
|
|||
function promise(implementation) {
|
||||
var args = Array.prototype.slice.call(arguments);
|
||||
args.shift();
|
||||
return new Promise(function(resolve) {
|
||||
resolve(toArrayBuffer(implementation.apply(this, args)));
|
||||
});
|
||||
return new Promise.resolve(toArrayBuffer(implementation.apply(this, args)));
|
||||
}
|
||||
|
||||
// public interface functions
|
||||
|
|
|
|||
Loading…
Reference in a new issue