|
|
@@ -0,0 +1,1697 @@
|
|
|
+
|
|
|
+
|
|
|
+/*--------------------------------------------------------------------------------------------
|
|
|
+
|
|
|
+ MIT license.
|
|
|
+
|
|
|
+ Copyright 2017 Aaron Flin
|
|
|
+
|
|
|
+ Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
+ of this software and associated documentation files (the "Software"), to
|
|
|
+ deal in the Software without restriction, including without limitation the
|
|
|
+ rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
|
|
|
+ sell copies of the Software, and to permit persons to whom the Software is
|
|
|
+ furnished to do so, subject to the following conditions:
|
|
|
+
|
|
|
+ The above copyright notice and this permission notice shall be included in
|
|
|
+ all copies or substantial portions of the Software.
|
|
|
+
|
|
|
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
|
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
|
|
+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
|
|
|
+ IN THE SOFTWARE.
|
|
|
+
|
|
|
+
|
|
|
+----------------------------------------------------------------------------------------------*/
|
|
|
+import forge from 'node-forge';
|
|
|
+
|
|
|
+//start collecting random data for forge RNG
|
|
|
+var d = new Date();
|
|
|
+
|
|
|
+if (typeof document !== 'undefined') {
|
|
|
+ forge.random.collect(d.getTime(), 32);
|
|
|
+ //in normal version, we can get the mouse movements and add that as random data.
|
|
|
+ document.onmousemove = function (e) {
|
|
|
+ forge.random.collectInt(e.clientX, 16);
|
|
|
+ forge.random.collectInt(e.clientY, 16);
|
|
|
+ };
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+export var aescrypt = (function () {
|
|
|
+
|
|
|
+ var b2h = forge.util.bytesToHex;
|
|
|
+
|
|
|
+ function a2h(a) {
|
|
|
+ return forge.util.bytesToHex(arrayToString(a));
|
|
|
+ }
|
|
|
+
|
|
|
+ var toType = function (obj) {
|
|
|
+ return ({}).toString.call(obj).match(/\s([a-zA-Z0-9]+)/)[1].toLowerCase();
|
|
|
+ }
|
|
|
+
|
|
|
+ /* copy string or uint8array into a uint8array
|
|
|
+ start is where in output array to start copying
|
|
|
+ max is max bytes to copy from input string/array
|
|
|
+
|
|
|
+ does not check if a is big enough to take s
|
|
|
+ */
|
|
|
+
|
|
|
+ function copyToArray(s, a, start, max) {
|
|
|
+ if (max === undefined) max = s.length;
|
|
|
+ if (start === undefined) start = 0;
|
|
|
+ var t = toType(s);
|
|
|
+
|
|
|
+ if (t == "arraybuffer") {
|
|
|
+ s = new Uint8Array(s);
|
|
|
+ t = 'uint8array';
|
|
|
+ }
|
|
|
+
|
|
|
+ switch (t) {
|
|
|
+ case 'array':
|
|
|
+ case 'uint8array':
|
|
|
+ //for (var i=0; i<max;i++)
|
|
|
+ // a[i+start]=s[i];
|
|
|
+ // not much of an improvement using .set(), if any at all
|
|
|
+ if (max >= s.length) {
|
|
|
+ a.set(s, start);
|
|
|
+ return s.length;
|
|
|
+ } else if (t == 'array') {
|
|
|
+ a.set(s.slice(0, max), start);
|
|
|
+ } else {
|
|
|
+ a.set(s.subarray(0, max), start);
|
|
|
+ }
|
|
|
+ return max;
|
|
|
+ case 'string':
|
|
|
+ for (var i = 0; i < max; i++)
|
|
|
+ a[i + start] = s.charCodeAt(i);
|
|
|
+ return i;
|
|
|
+ default:
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ /* convert a uint8array or arraybuffer to a string */
|
|
|
+ function arrayToString(array) {
|
|
|
+ var ret = "";
|
|
|
+ if (toType(array) == 'arraybuffer')
|
|
|
+ array = new Uint8Array(array);
|
|
|
+ return String.fromCharCode.apply(null, array);
|
|
|
+ }
|
|
|
+
|
|
|
+ function toU8(data, nostrings) {
|
|
|
+ switch (toType(data)) {
|
|
|
+ case 'uint8array':
|
|
|
+ return data;
|
|
|
+ case 'arraybuffer':
|
|
|
+ return (new Uint8Array(data));
|
|
|
+ case 'string':
|
|
|
+ if (nostrings) return;
|
|
|
+ //no break
|
|
|
+ case 'array':
|
|
|
+ // is this the best way to do this, given encfile could be large?
|
|
|
+ var x = new Uint8Array(data.length);
|
|
|
+ copyToArray(data, x, 0);
|
|
|
+ return x;
|
|
|
+ default:
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ function isblank(a, start, len) {
|
|
|
+ var end = start + len;
|
|
|
+ for (var i = start; i < end; i++)
|
|
|
+ if (a[i] != 0) return false;
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+
|
|
|
+ function to16(str) {
|
|
|
+ var out, i, len, c, c2;
|
|
|
+ var char2, char3;
|
|
|
+
|
|
|
+ out = "";
|
|
|
+ len = str.length;
|
|
|
+ i = 0;
|
|
|
+ while (i < len) {
|
|
|
+ c = str.charCodeAt(i++);
|
|
|
+ c2 = c >>> 8;
|
|
|
+ c = c & 0xFF;
|
|
|
+ out += String.fromCharCode(c);
|
|
|
+ out += String.fromCharCode(c2);
|
|
|
+ }
|
|
|
+ return out;
|
|
|
+ }
|
|
|
+
|
|
|
+ function ivpasstokey(iv, pass) {
|
|
|
+ var hashbuf = new Uint8Array(32);
|
|
|
+ var hashstr, hashstr2;
|
|
|
+ var p = to16(pass);
|
|
|
+ copyToArray(iv, hashbuf, 0);
|
|
|
+ hashstr = arrayToString(hashbuf);
|
|
|
+ hashstr2 = hashstr;
|
|
|
+ // do this outside the loop, its expensive, and many times more expensive in chrome than firefox
|
|
|
+ var md = forge.md.sha256.create();
|
|
|
+ for (var i = 0; i < 8192; i++) {
|
|
|
+ //start() is not expensive, but allows us to start over with same object
|
|
|
+ md.start();
|
|
|
+ md.update(hashstr + p);
|
|
|
+ hashstr = md.digest().data;
|
|
|
+ }
|
|
|
+ return hashstr;
|
|
|
+ }
|
|
|
+
|
|
|
+ function xor16(a, b) {
|
|
|
+ var x = new Uint8Array(16);
|
|
|
+ for (i = 0; i < 16; i++)
|
|
|
+ x[i] = a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
|
+ return arrayToString(x);
|
|
|
+ }
|
|
|
+
|
|
|
+ function makeext(x) {
|
|
|
+ var lenbytes = new String;
|
|
|
+ var t = new String;
|
|
|
+ var len = 0;
|
|
|
+ if (typeof x == 'string') {
|
|
|
+ len = x.length + 1;
|
|
|
+ t = x + String.fromCharCode(0);
|
|
|
+ } else {
|
|
|
+ //assume an array of strings
|
|
|
+ for (var i = 0; i < x.length; i++) {
|
|
|
+ len += x[i].length + 1;
|
|
|
+ t += x[i] + String.fromCharCode(0);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return String.fromCharCode(len >> 8) + String.fromCharCode(len & 0xFF) + t;
|
|
|
+ }
|
|
|
+
|
|
|
+ function cipherblock(key, iv, block) {
|
|
|
+ var cipher = forge.cipher.createCipher('AES-CBC', key);
|
|
|
+ cipher.start({ iv: iv });
|
|
|
+ cipher.update(forge.util.createBuffer(block));
|
|
|
+ cipher.finish();
|
|
|
+ var mod = block.length % 16;
|
|
|
+ //console.log(mod);
|
|
|
+ if (mod != 0)
|
|
|
+ return cipher.output.data;
|
|
|
+ // don't pad file that otherwise fits exactly into 16 byte blocks.
|
|
|
+ // forge needs the extra room for encoding a padding number in the plaintext
|
|
|
+ // aescrypt format has the padding number outside the encrypted text.
|
|
|
+ else
|
|
|
+ return cipher.output.data.slice(0, -16);
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ /* decipher some crypttext. skipend fixes the truncation problem that prompted much of the commented out code below */
|
|
|
+
|
|
|
+ function decipherblock(key, iv, block, skipend) {
|
|
|
+ var decipher = forge.cipher.createDecipher('AES-CBC', key);
|
|
|
+ decipher.start({ iv: iv });
|
|
|
+ decipher.update(forge.util.createBuffer(block));
|
|
|
+ //too many negatives for a normal human brain (well, at least mine)
|
|
|
+ // skip end of file padding if skipend = true;
|
|
|
+ if (skipend !== true) decipher.finish();
|
|
|
+ return decipher.output.data;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* converting a large file to a string chokes, we need to do this a bit at a time */
|
|
|
+ /* if its big, pass a Uint8Array instead of string */
|
|
|
+ var chunksize = 16 * 1024;
|
|
|
+ function hmacblock(key, block) {
|
|
|
+ var hmac = forge.hmac.create();
|
|
|
+ hmac.start('sha256', key);
|
|
|
+ if (toType(block) == 'uint8array') {
|
|
|
+ var l = block.length;
|
|
|
+ //console.log(l);
|
|
|
+ for (var i = 0; i < l; i += chunksize) {
|
|
|
+ var end = ((i + chunksize) < l) ? i + chunksize : l;
|
|
|
+ var s = arrayToString(block.subarray(i, end));
|
|
|
+ //console.log("updating with:"+s);
|
|
|
+ //console.log(s.length);
|
|
|
+ hmac.update(s);
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ hmac.update(block);
|
|
|
+ }
|
|
|
+ return hmac.digest().data;
|
|
|
+ }
|
|
|
+
|
|
|
+ //same thing, but use existing hmac, and don't finish
|
|
|
+ function hmacchunkblock(hmac, block) {
|
|
|
+ if (toType(block) == 'uint8array') {
|
|
|
+ var l = block.length, s;
|
|
|
+ //console.log(l);
|
|
|
+ for (var i = 0; i < l; i += chunksize) {
|
|
|
+ //var end = ( (i+chunksize)< l) ? i+chunksize: l;
|
|
|
+ //var s=arrayToString(block.subarray(i,end));
|
|
|
+ //console.log("updating with:"+s);
|
|
|
+ //console.log(s.length);
|
|
|
+ s = arrayToString(block.subarray(i, i + chunksize));
|
|
|
+ hmac.update(s);
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ hmac.update(block);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ /* get a key and fileiv from a 96 byte credential block */
|
|
|
+ /* cb is an Uint8Array containing the credential block and pass is used to decrypt it */
|
|
|
+
|
|
|
+ function getkey(cb, pass) {
|
|
|
+ var keyiv, bufi = 0, enckeyblk, hdat, hashkey, hdatcomp, keyblock, fileiv, key, i;
|
|
|
+ keyiv = arrayToString(cb.subarray(bufi, bufi + 16));
|
|
|
+ bufi += 16;
|
|
|
+ enckeyblk = arrayToString(cb.subarray(bufi, bufi + 48));
|
|
|
+ bufi += 48;
|
|
|
+ hdat = arrayToString(cb.subarray(bufi, bufi + 32));
|
|
|
+ bufi += 32;
|
|
|
+ hashkey = ivpasstokey(keyiv, pass);
|
|
|
+ hdatcomp = hmacblock(hashkey, enckeyblk);
|
|
|
+ //console.log ("keyiv=" + forge.util.bytesToHex(keyiv));console.log ("enckeyblk=" + forge.util.bytesToHex(enckeyblk));console.log ("hdat=" + forge.util.bytesToHex(hdat));console.log ("hashkey=" + forge.util.bytesToHex(hashkey));console.log("hdatcomp=" + forge.util.bytesToHex(hdatcomp));
|
|
|
+ if (hdat != hdatcomp) {
|
|
|
+ //return error
|
|
|
+ //console.log("hmac does not match. Bad password or file corruption");
|
|
|
+ return { key: "", fileiv: "", error: "hmac does not match. Bad password or file corruption" };
|
|
|
+ }
|
|
|
+ i = 0;
|
|
|
+ keyblock = decipherblock(hashkey, keyiv, enckeyblk, true);
|
|
|
+ if (keyblock.length != 48) {
|
|
|
+ console.log("This shouldn't happen anymore. Please report this.");
|
|
|
+ }
|
|
|
+ fileiv = keyblock.slice(0, 16);
|
|
|
+ key = keyblock.slice(16, 48);
|
|
|
+ //console.log("keyblock.length="+keyblock.length);console.log ("key=" + forge.util.bytesToHex(key));console.log ("fileiv=" + forge.util.bytesToHex(fileiv));
|
|
|
+ return { key: key, fileiv: fileiv, error: "" };
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ /* make the 96 byte credential block ( keyiv, encrypted fileiv+key, hmac (fileiv+key) ) */
|
|
|
+ /* pass required, will generate key and fileiv if not provided */
|
|
|
+ function newcredentialblock(pass, key, fileiv) {
|
|
|
+ var keyiv, hashkey, keyblock, enckeyblk, tblock;
|
|
|
+ var buffer = new Uint8Array(96);
|
|
|
+ var d = new Date();
|
|
|
+ forge.random.collectInt(d.getTime(), 32);
|
|
|
+
|
|
|
+ //encrypt the iv-key combination (those used to encrypt file data)
|
|
|
+ // and chop off the padding
|
|
|
+
|
|
|
+ keyiv = forge.random.getBytesSync(16);
|
|
|
+ hashkey = ivpasstokey(keyiv, pass);
|
|
|
+ if (fileiv === undefined) fileiv = forge.random.getBytesSync(16);
|
|
|
+ if (key === undefined) key = forge.random.getBytesSync(32);
|
|
|
+ keyblock = fileiv + key;
|
|
|
+
|
|
|
+ enckeyblk = cipherblock(hashkey, keyiv, keyblock).slice(0, 48);
|
|
|
+
|
|
|
+ //this appears to be no longer a problem when using decipherblock(,,,true)
|
|
|
+ //i.e. dont finish(), and skip padding removal which we don't have
|
|
|
+ tblock = decipherblock(hashkey, keyiv, enckeyblk, true);
|
|
|
+ if (tblock != keyblock) {
|
|
|
+ //console.log("failed to find keys and ivs that forge liked...");
|
|
|
+ //console.log("keyblock=" + forge.util.bytesToHex(keyblock));
|
|
|
+ return "";
|
|
|
+ }
|
|
|
+
|
|
|
+ //console.log("keyiv="+forge.util.bytesToHex(keyiv));console.log("hashkey=" + forge.util.bytesToHex(hashkey));console.log("keyblock=" + forge.util.bytesToHex(keyblock));console.log("fileiv=" + forge.util.bytesToHex(fileiv));console.log("key=" + forge.util.bytesToHex(key));console.log("aes-cbc enckeyblock ="+forge.util.bytesToHex(enckeyblk));console.log("encrypted iv+key length=" + enckeyblk.length);
|
|
|
+
|
|
|
+ // 16 + 48 + 32 bytes = 96 for entire record.
|
|
|
+ copyToArray((keyiv + enckeyblk + hmacblock(hashkey, enckeyblk)), buffer, 0)
|
|
|
+ return { buffer: buffer, key: key, fileiv: fileiv };
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ /* get the key from main keyblock or in credential blocks *
|
|
|
+ * takes a Unit8Array *
|
|
|
+ * if inextcbonly==true, we will only look for the pass in the *
|
|
|
+ * extended cb block *
|
|
|
+ * if offset is set, we start looking for extensions at that *
|
|
|
+ * location instead of 5 bytes in */
|
|
|
+
|
|
|
+ var getanykey = function (file, pass, inextcbonly, offset, deletekey) {
|
|
|
+ var file, bufi, error, credext, credsize, newblock,
|
|
|
+ key, encdata, data, i = 0, cb;
|
|
|
+
|
|
|
+ //console.log("file="+ forge.util.bytesToHex(arrayToString(file)));
|
|
|
+ //find our extension, skip past rest. Assume from start of file, but take offset if provided
|
|
|
+ bufi = (offset === undefined) ? 5 : offset;
|
|
|
+
|
|
|
+ while (bufi < file.length && (file[bufi] != 0 || file[bufi + 1] != 0)) {
|
|
|
+ var sig, size = (file[bufi] << 8) + file[bufi + 1];
|
|
|
+ if (size > 17) {
|
|
|
+ sig = arrayToString(file.subarray(bufi + 2, bufi + 17));
|
|
|
+ if (sig == "enckeyblk v 0.1") {
|
|
|
+ credext = bufi + 18; //2 size bytes plus ("enckeyblk v 0.1").length + 1 (0x00 at end)
|
|
|
+ credsize = size - 16;
|
|
|
+ //no need to go further, and we might not have a 0x0000 at the end anyway
|
|
|
+ if (inextcbonly) break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ bufi += size + 2;
|
|
|
+ if (bufi > file.length) {
|
|
|
+ //return error
|
|
|
+ //console.log("error finding end of extensions");
|
|
|
+ return { key: "", fileiv: "", error: "error finding end of extensions" };
|
|
|
+ }
|
|
|
+ }
|
|
|
+ // if true skip and only look in extended credential block for key. Skip checking of main block for this password
|
|
|
+ if (inextcbonly !== true) {
|
|
|
+ bufi += 2;
|
|
|
+ //get keyiv, encrypted key and file iv and hmac of encrypted key and file iv (credential block)
|
|
|
+ cb = file.subarray(bufi, bufi + 96);
|
|
|
+ bufi += 96;
|
|
|
+ //console.log("looking in main block");
|
|
|
+ key = getkey(cb, pass);
|
|
|
+ if (key.error == "")
|
|
|
+ return { key: key.key, fileiv: key.fileiv, error: "", masterkey: true };
|
|
|
+
|
|
|
+ }
|
|
|
+ var isarray = false;
|
|
|
+ var indexarray;
|
|
|
+ if (credext !== undefined) {
|
|
|
+ // find non empty blocks and check for key
|
|
|
+ // also check for request to delete key
|
|
|
+ // if deletekey is an array, it should be an array of keyslot positions to delete
|
|
|
+ // otherwise if ===true, it should be deleted if pass matches
|
|
|
+ var j = 0;
|
|
|
+ if (deletekey && typeof deletekey == 'array') {
|
|
|
+ isarray = true;
|
|
|
+ indexarray = [];
|
|
|
+ }
|
|
|
+ for (var i = 0; i < credsize; i += 96) {
|
|
|
+ var start = i + credext;
|
|
|
+ if (!isblank(file, start, 96)) {
|
|
|
+ cb = file.subarray(start, start + 96);
|
|
|
+ //console.log("cb="+forge.util.bytesToHex(arrayToString(cb)));
|
|
|
+ // if we are deleting keys at certain positions
|
|
|
+ if (isarray) {
|
|
|
+ for (var k = 0; k < deletekey.length; k++) {
|
|
|
+ if (deletekey[k] == j) {
|
|
|
+ copyToArray(new Uint8Array(96), file, start);
|
|
|
+ indexarray.push(j);
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ //dont check for key. if using array and inextcbonly===true, password can be blank
|
|
|
+ continue;
|
|
|
+ }
|
|
|
+ //console.log("checking keyslot "+j);
|
|
|
+ key = getkey(cb, pass);
|
|
|
+ if (key.error == "") {
|
|
|
+ if (deletekey === true) {
|
|
|
+ copyToArray(new Uint8Array(96), file, start);
|
|
|
+ }
|
|
|
+ return { key: key.key, fileiv: key.fileiv, error: "", index: j, masterkey: false };
|
|
|
+ }
|
|
|
+ }
|
|
|
+ //else console.log("empty keyslot: "+j);
|
|
|
+ j++;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (isarray)
|
|
|
+ return { key: "", fileiv: '', error: '', index: indexarray };
|
|
|
+ else
|
|
|
+ return { key: "", fileiv: '', error: "Key not found using this password" };
|
|
|
+ }
|
|
|
+
|
|
|
+ // an array of uint8arrays, with functions to add more and extract bytes
|
|
|
+ // argument file and argument input in put(input) must be uint8arrays
|
|
|
+ // no checking or error messages.
|
|
|
+ function newbytebuf(file) {
|
|
|
+ var buffer = [];
|
|
|
+
|
|
|
+ if (file !== undefined) {
|
|
|
+ file = toU8(file);
|
|
|
+
|
|
|
+ if (toType(file) == 'uint8array') buffer = [file];
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ function getarrayslength(arrays) {
|
|
|
+ var len = 0;
|
|
|
+ for (var i = 0; i < arrays.length; i++)
|
|
|
+ len += arrays[i].length;
|
|
|
+ return len;
|
|
|
+ }
|
|
|
+
|
|
|
+ function joinarray(arrays) {
|
|
|
+ var len = getarrayslength(arrays), ret = new Uint8Array(len);
|
|
|
+
|
|
|
+ if (len == 0) return ret;
|
|
|
+
|
|
|
+ len = 0;
|
|
|
+ for (var i = 0; i < arrays.length; i++) {
|
|
|
+ ret.set(arrays[i], len);
|
|
|
+ len += arrays[i].length;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ return {
|
|
|
+ // read from this buffer (amount gotten with .get() )
|
|
|
+ read: 0,
|
|
|
+ // written to this buffer (amount pushed with put() )
|
|
|
+ written: getarrayslength(buffer),
|
|
|
+ eof: false,
|
|
|
+ buffers: buffer,
|
|
|
+ length: 0,
|
|
|
+ done: function () { this.eof = true; return this; },
|
|
|
+ // only use uint8arrays for input
|
|
|
+ put: function (input) {
|
|
|
+ if (this.eof) {
|
|
|
+ //don't accept more data after eof==true
|
|
|
+ //console.log("already done, can't take more data");
|
|
|
+ this.error = "already done, can't take more data";
|
|
|
+ return this;
|
|
|
+ }
|
|
|
+
|
|
|
+ input = toU8(input);
|
|
|
+
|
|
|
+ if (input !== undefined) {
|
|
|
+ this.written += input.length;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ this.buffers.push(input);
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ this.error = "invalid input data in put()";
|
|
|
+ //console.log("invalid input data in put()");
|
|
|
+ }
|
|
|
+ return this;
|
|
|
+ },
|
|
|
+ getlength: function () {
|
|
|
+ this.length = getarrayslength(this.buffers);
|
|
|
+ return this.length;
|
|
|
+ },
|
|
|
+ // optimized if data is still in underlying arraybuffer, but we won't go crazy. If
|
|
|
+ // the unget data covers more than one buffer, then probably not worth it.
|
|
|
+ // if data is an int, we are putting back data that we just got, in order with no gaps.
|
|
|
+ // However, if that isn't possible, x should be the actual data so we have a fallback.
|
|
|
+ // if data is an uint8array, we just unshift the new data
|
|
|
+ unget: function (data, x) {
|
|
|
+ if ((typeof data == 'string' || typeof data == 'number') &&
|
|
|
+ Math.round(data) == data) {
|
|
|
+ if (data <= this.slice && this.buffers.length) {
|
|
|
+ this.slice -= data.length;
|
|
|
+ //reslice the first buffer
|
|
|
+ var wholebuf = new Uint8Array(this.buffers[0].buffer);
|
|
|
+ this.buffers[0] = wholebuf.subarray(this.slice);
|
|
|
+ this.read -= data;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return this;
|
|
|
+ } else {
|
|
|
+ //overlap, we'll unshift the data instead
|
|
|
+ data = x;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ data = toU8(data);
|
|
|
+ this.read -= data.length;
|
|
|
+ this.buffers.unshift(data);
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return this;
|
|
|
+ },
|
|
|
+ // size=-1: get all data as one array
|
|
|
+ // size>0: shift size data from buffer. if buffer smaller than size, return undefined
|
|
|
+ // size==undefined: get a convenient amount of data out of the buffer; if no data left, return undefined
|
|
|
+ get: function (size) {
|
|
|
+ var filebuf = this.buffers;
|
|
|
+ if (!filebuf || !filebuf.length) return;
|
|
|
+ // get the first block of data if undefined, or if that was the size requested
|
|
|
+ if (size === undefined || size == filebuf[0].length) {
|
|
|
+ this.slice = 0;
|
|
|
+ this.read += size;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return (filebuf.shift());
|
|
|
+ }
|
|
|
+ //return everything if -1
|
|
|
+ //if no data in buffer, return undefined;
|
|
|
+ if (size == -1 || size == 'all') {
|
|
|
+ var ret = joinarray(this.buffers);
|
|
|
+ this.buffers = [];
|
|
|
+ this.slice = 0;
|
|
|
+ this.read += ret.length;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return ret;
|
|
|
+ }
|
|
|
+
|
|
|
+ var endbuf = 0, tail;
|
|
|
+ var i = 0, len = 0, ret, jarray = [];
|
|
|
+
|
|
|
+ // is there enough data in the buffer for this request
|
|
|
+ for (i = 0; i < filebuf.length; i++) {
|
|
|
+ //tail is how much more we need from the next array
|
|
|
+ tail = size - len;
|
|
|
+ len += filebuf[i].length;
|
|
|
+ endbuf = i;
|
|
|
+ if (len >= size) break;
|
|
|
+ }
|
|
|
+ if (len < size)
|
|
|
+ //return undefined, just like shift above
|
|
|
+ return;
|
|
|
+
|
|
|
+ if (endbuf == 0) {
|
|
|
+ // the easy case
|
|
|
+ ret = filebuf[0].subarray(0, size);
|
|
|
+ filebuf[0] = filebuf[0].subarray(size);
|
|
|
+ this.slice += size;
|
|
|
+ this.read += size;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return ret;
|
|
|
+ }
|
|
|
+
|
|
|
+ for (i = 0; i < endbuf; i++)
|
|
|
+ jarray.push(filebuf.shift());
|
|
|
+
|
|
|
+ jarray.push(filebuf[0].subarray(0, tail));
|
|
|
+
|
|
|
+ filebuf[0] = filebuf[0].subarray(tail);
|
|
|
+ this.slice = tail;
|
|
|
+ ret = joinarray(jarray);
|
|
|
+ this.read += ret.length;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ return ret;
|
|
|
+ },
|
|
|
+
|
|
|
+ // Just like get, but don't advance or update read
|
|
|
+ // size=-1: get all data as one array
|
|
|
+ // size>0: shift size data from buffer. if buffer smaller than size, return undefined
|
|
|
+ // size==undefined: get a convenient amount of data out of the buffer; if no data left, return undefined
|
|
|
+ preview: function (size) {
|
|
|
+ var filebuf = this.buffers;
|
|
|
+ this.length = this.written - this.read;
|
|
|
+ if (!filebuf || !filebuf.length) return;
|
|
|
+ // get the first block of data if undefined, or if that was the size requested
|
|
|
+ if (size === undefined || size == filebuf[0].length) {
|
|
|
+ this.bufslice = 0;
|
|
|
+ return (filebuf[0]);
|
|
|
+ }
|
|
|
+ //return everything if -1
|
|
|
+ //if no data in buffer, return undefined;
|
|
|
+ if (size == -1)
|
|
|
+ return joinarray(this.buffers);
|
|
|
+
|
|
|
+ var endbuf = 0, tail;
|
|
|
+ var i = 0, len = 0, ret, jarray = [];
|
|
|
+
|
|
|
+ // is there enough data in the buffer for this request
|
|
|
+ for (i = 0; i < filebuf.length; i++) {
|
|
|
+ //tail is how much more we need from the last array
|
|
|
+ //from which we will grab data
|
|
|
+ tail = size - len;
|
|
|
+ len += filebuf[i].length;
|
|
|
+ endbuf = i;
|
|
|
+ if (len >= size) break;
|
|
|
+ }
|
|
|
+ if (len < size)
|
|
|
+ //return undefined, just like shift above
|
|
|
+ return;
|
|
|
+
|
|
|
+ if (endbuf == 0)
|
|
|
+ return filebuf[0].subarray(0, size);
|
|
|
+
|
|
|
+ for (i = 0; i < endbuf; i++)
|
|
|
+ jarray.push(filebuf[i]);
|
|
|
+
|
|
|
+ jarray.push(filebuf[i].subarray(0, tail));
|
|
|
+
|
|
|
+ return joinarray(jarray);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* parsefile (file)
|
|
|
+ takes an arraybuffer or uint8array of encrypted file and returns position of items in head
|
|
|
+ and start of the body
|
|
|
+ also checks format of file and returns errors;
|
|
|
+ */
|
|
|
+
|
|
|
+ var parsefile = function (file) {
|
|
|
+ var bufi, credblock, credext, credextsize, head, body;
|
|
|
+
|
|
|
+ //make sure we have a uint8array
|
|
|
+ file = toU8(file);
|
|
|
+
|
|
|
+ if (file === undefined)
|
|
|
+ return { data: file, error: "bad input" };
|
|
|
+
|
|
|
+ //check first 4 bytes
|
|
|
+ if (!(file[0] == 0x41 && file[1] == 0x45 && file[2] == 0x53)) {
|
|
|
+ //return error
|
|
|
+ //console.log("bad magic");
|
|
|
+ return { data: file, error: "bad magic" }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (file[3] != 2) {
|
|
|
+ //return error
|
|
|
+ //console.log("wrong file version, only supports v2");
|
|
|
+ return { data: file, error: "wrong file version, only supports v2" }
|
|
|
+ }
|
|
|
+
|
|
|
+ //find our extension, skip past rest
|
|
|
+ bufi = 5;
|
|
|
+ while (file[bufi] != 0 || file[bufi + 1] != 0) {
|
|
|
+ var sig, size = (file[bufi] << 8) + file[bufi + 1];
|
|
|
+ if (size > 17) {
|
|
|
+ sig = arrayToString(file.subarray(bufi + 2, bufi + 17));
|
|
|
+ if (sig == "enckeyblk v 0.1") {
|
|
|
+ credext = bufi + 18;
|
|
|
+ credextsize = size - 16;
|
|
|
+ }
|
|
|
+ bufi += size + 2;
|
|
|
+ }
|
|
|
+ if (bufi > file.length) {
|
|
|
+ //return error
|
|
|
+ //console.log("error finding end of extensions");
|
|
|
+ return { data: file, error: "error finding end of extensions" };
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ bufi += 2;
|
|
|
+ credblock = bufi;
|
|
|
+ return { data: file, credblock: credblock, credext: credext, credextsize: credextsize, datastart: credblock + 96, error: '' };
|
|
|
+ }
|
|
|
+ /** Delete passwords from the file, Not part of the aescrypt 02 format standard */
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Delete passwords from aescrypt.js extended aescrypt 02 formatted file.
|
|
|
+ *
|
|
|
+ * Behavior differs from other functions. If error, still returns the encoded file back unaltered.
|
|
|
+ *
|
|
|
+ * @param encfile the bytes to encrypt (either encoded as String, one byte per
|
|
|
+ * character, or as an ArrayBuffer or a Uint8Array).
|
|
|
+ *
|
|
|
+ * @param pass password String that was used for encryption
|
|
|
+ *
|
|
|
+ * @param delblockarray array of ints between 0-15 specifying password-encrypted key slots to delete
|
|
|
+ * or array of strings containing passwords of passwords-encrypted key to delete.
|
|
|
+ *
|
|
|
+ * @param requirepass whether to use password to confirm ownership of file
|
|
|
+ * If set to false, blocks will be erased without confirming that pass will decrypt file
|
|
|
+ */
|
|
|
+
|
|
|
+ var delpass = function (encfile, pass, delblockarray, requirepass) {
|
|
|
+ var file, error, newblock, emptyblock,
|
|
|
+ key = "", encdata, data, i = 0, index = [], fileinfo
|
|
|
+ var blankarray = new Uint8Array(96);
|
|
|
+
|
|
|
+
|
|
|
+ //sanity check
|
|
|
+ if (toType(delblockarray) == 'array') {
|
|
|
+ var isnum = false;
|
|
|
+ var isstring = false;
|
|
|
+ for (var i = 0; i < delblockarray.length; i++) {
|
|
|
+ var x = delblockarray[i];
|
|
|
+ if (Math.round(x) == x) {
|
|
|
+ if (x > -1 && x < 682)
|
|
|
+ isnum = true;
|
|
|
+ //in case someone has a password of all digits (baaaaaad), lets hope the number is less than 683
|
|
|
+ else
|
|
|
+ isstring = true;
|
|
|
+ }
|
|
|
+ //we'll skip empty strings below
|
|
|
+ else if (x != '')
|
|
|
+ isstring = true;
|
|
|
+ }
|
|
|
+ // we will only handle an array of all strings or all numbers
|
|
|
+ if ((isnum && isstring) || (!isnum && !isstring))
|
|
|
+ return { data: file, error: "delblockarray must be an array of all numbers between 0 and 682 inclusive, or an array of all password strings" }
|
|
|
+ } else {
|
|
|
+ return { data: file, error: "delblockarray is not an array" };
|
|
|
+ }
|
|
|
+
|
|
|
+ //{data:file, credblock: credblock, credext: credext, credextsize: credextsize, datastart: credblock+96, error: ''}
|
|
|
+ //end of extensions tag (0x0000) is at credblock-2;
|
|
|
+ //begin of extended credblock extension, including size bytes is at credext-18;
|
|
|
+
|
|
|
+ fileinfo = parsefile(encfile);
|
|
|
+ if (fileinfo.error != '') return fileinfo;
|
|
|
+
|
|
|
+ file = fileinfo.data;
|
|
|
+ if (file === undefined)
|
|
|
+ return { data: file, error: "bad input" };
|
|
|
+
|
|
|
+ if (fileinfo.credext === undefined) {
|
|
|
+ //Nothing to do here
|
|
|
+ return { data: file, error: "" };
|
|
|
+ }
|
|
|
+
|
|
|
+ // default is to require password
|
|
|
+ if (requirepass !== false) {
|
|
|
+ key = getanykey(file, pass, false, fileinfo.credext - 18);
|
|
|
+ if (key.error != "")
|
|
|
+ return { data: file, error: key.error };
|
|
|
+ }
|
|
|
+
|
|
|
+ if (isstring) {
|
|
|
+ //find blocks matching passwords and delete it;
|
|
|
+ var x = [];
|
|
|
+ for (var i = 0; i < delblockarray.length; i++) {
|
|
|
+ var key = getanykey(file, delblockarray[i], true, fileinfo.credext - 18, true);//second true means delete password
|
|
|
+ if (key.error == '') {
|
|
|
+ x.push(key.index);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return { data: file, error: "", index: x };
|
|
|
+ }
|
|
|
+
|
|
|
+ // doesn't actually check for password, only deletes.
|
|
|
+ var key = getanykey(file, '', true, fileinfo.credext - 18, delblockarray);
|
|
|
+
|
|
|
+ return { data: file, error: "", index: key.index };
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ /** Add another password to the file, Not part of the aescrypt 02 format standard */
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Add Password to aescrypt.js extended aescrypt 02 formatted file
|
|
|
+ *
|
|
|
+ * Behavior differs from aes[en|de]crypt. On error, return unaltered encrypted file
|
|
|
+ *
|
|
|
+ * @param encfile the bytes to encrypt (either encoded as String, one byte per
|
|
|
+ * character, or as an ArrayBuffer or a Uint8Array).
|
|
|
+ *
|
|
|
+ * @param pass password String that was used for encryption
|
|
|
+ *
|
|
|
+ * @param newpass password String to add to this file.
|
|
|
+ */
|
|
|
+
|
|
|
+ var addpass = function (encfile, pass, newpass) {
|
|
|
+ var file, error, newblock, emptyblock, fileinfo,
|
|
|
+ key, i = 0, j = 0, index;
|
|
|
+
|
|
|
+ fileinfo = parsefile(encfile);
|
|
|
+ if (fileinfo.error != '') return fileinfo;
|
|
|
+
|
|
|
+ //{data:file, credblock: credblock, credext: credext, credextsize: credextsize, datastart: credblock+96, error: ''}
|
|
|
+ //end of extensions tag (0x0000) is at credblock-2;
|
|
|
+ //begin of extended credblock extension, including size bytes is at credext-18;
|
|
|
+
|
|
|
+ file = fileinfo.data;
|
|
|
+
|
|
|
+ // get a (the) key using this password. Since we know the start of the extended credential extension, skip to that position
|
|
|
+ key = getanykey(file, pass, false, fileinfo.credext - 18);
|
|
|
+ if (key.error != "")
|
|
|
+ return { data: file, error: key.error };
|
|
|
+
|
|
|
+ newblock = newcredentialblock(newpass, key.key, key.fileiv);
|
|
|
+ if (newblock == "") return { data: file, error: "unable to make new password entry for file" };
|
|
|
+
|
|
|
+ if (fileinfo.credext === undefined) {
|
|
|
+ //we have to write a new file with room for extended credential block with 16 key slots (18 + (16*96))==1554
|
|
|
+ var endofext = fileinfo.credblock - 2;
|
|
|
+ var newfile = new Uint8Array(file.length + 1554);
|
|
|
+ // copy all of head up to but not including end of extension tag (0x0000)
|
|
|
+ copyToArray(file, newfile, 0, endofext);
|
|
|
+ //create a new credential block using newpass
|
|
|
+ //create entry for extended credential extension
|
|
|
+ copyToArray((String.fromCharCode(6) + String.fromCharCode(16) + "enckeyblk v 0.1" + String.fromCharCode(0)),
|
|
|
+ newfile, endofext);
|
|
|
+ //copy in the new credential block
|
|
|
+ copyToArray(newblock.buffer, newfile, endofext + 18);
|
|
|
+ //copy rest of data from original file starting with the end of extensions tag 0x0000
|
|
|
+ copyToArray(file.subarray(endofext), newfile, endofext + 1554);
|
|
|
+ return { data: newfile, index: 0, error: "" };
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ //find first empty block
|
|
|
+ j = 0;
|
|
|
+ for (var i = 0; i < fileinfo.credextsize; i += 96) {
|
|
|
+ var start = i + fileinfo.credext;
|
|
|
+ if (isblank(file, start, 96)) {
|
|
|
+ emptyblock = start;
|
|
|
+ index = j;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ j++;
|
|
|
+ }
|
|
|
+ // TODO: extend it again if full.
|
|
|
+ if (emptyblock === undefined)
|
|
|
+ return { data: file, error: "error: all keyslots are in use" };
|
|
|
+
|
|
|
+ copyToArray(newblock.buffer, file, emptyblock);
|
|
|
+ return { data: file, index: index, error: "" };
|
|
|
+ }
|
|
|
+
|
|
|
+ /** Decrypt data in the aescrypt 02 format (ver 1 and 0 not supported) */
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Decrypt encfile using password where encfile is in aescrypt 02 format
|
|
|
+ * Return an ArrayBuffer of the plaintext file or a binary string
|
|
|
+ *
|
|
|
+ *
|
|
|
+ * @param encfile the bytes to encrypt (either encoded as String, one byte per
|
|
|
+ * character, or as an ArrayBuffer or Typed Array).
|
|
|
+ *
|
|
|
+ * @param pass password String that was used for encryption
|
|
|
+ *
|
|
|
+ * @param returnstring boolean where if true function returns a binary string
|
|
|
+ *
|
|
|
+ * @param cb, callback with results
|
|
|
+ */
|
|
|
+
|
|
|
+ var aesdecrypt = function (encfile, pass, returnstring, cb) {
|
|
|
+ var emptydata = new Uint8Array(0);
|
|
|
+ //var usemod=true;
|
|
|
+
|
|
|
+ //take a uint8array, arraybuffer or string for file
|
|
|
+ var file = toU8(encfile);
|
|
|
+ if (file === undefined)
|
|
|
+ return { data: emptydata, error: "bad input" };
|
|
|
+
|
|
|
+
|
|
|
+ /* testing:
|
|
|
+ {
|
|
|
+ //var filebuf=newbytebuf(file);
|
|
|
+ //or
|
|
|
+ var filebuf=newbytebuf(file).done();
|
|
|
+
|
|
|
+ var key=decryptparsehead( filebuf, pass );
|
|
|
+ var decryptor=decryptstart(key);
|
|
|
+ // end of string is set with .done() above, so only need one pass in decryptpayload();
|
|
|
+ //var decrypted=decryptpayload(filebuf,decryptor);
|
|
|
+ // while (decrypted>0) decrypted=decryptpayload(filebuf,decryptor);
|
|
|
+ //filebuf.done();
|
|
|
+ var decrypted=decryptpayload(filebuf,decryptor);
|
|
|
+ var error=decryptfinish(filebuf,decryptor);
|
|
|
+ }
|
|
|
+
|
|
|
+ console.log("test over");
|
|
|
+ */
|
|
|
+
|
|
|
+ var key = decrypthead(file, pass);
|
|
|
+ if (key.error != '') return { data: emptydata, error: key.error };
|
|
|
+
|
|
|
+ if (crypto && crypto.subtle && typeof cb == 'function') {
|
|
|
+ var cr = crypto.subtle;
|
|
|
+
|
|
|
+ function checkhmac(dec) {
|
|
|
+ cr.importKey(
|
|
|
+ 'raw',
|
|
|
+ toU8(key.key),
|
|
|
+ { name: "HMAC", hash: { name: "SHA-256" } },
|
|
|
+ false,
|
|
|
+ ["sign", "verify"]
|
|
|
+ ).then(function (k) {
|
|
|
+ cr.verify(
|
|
|
+ { name: "HMAC" },
|
|
|
+ k,
|
|
|
+ file.subarray(-32),
|
|
|
+ file.subarray(key.datastart, -33)
|
|
|
+ ).then(function (valid) {
|
|
|
+ if (valid) cb({ data: dec, error: '' });
|
|
|
+ else cb({ data: dec, error: "hmac does not match. Likely file corruption or tampering." })
|
|
|
+ }).catch(function (e) {
|
|
|
+ //console.log(e);
|
|
|
+ cb({ data: emptydata, error: e.message });
|
|
|
+ });;
|
|
|
+ }).catch(function (e) {
|
|
|
+ //console.log(e);
|
|
|
+ cb({ data: emptydata, error: e.message });
|
|
|
+ });
|
|
|
+
|
|
|
+ }
|
|
|
+ cr.importKey(
|
|
|
+ 'raw',
|
|
|
+ toU8(key.key),
|
|
|
+ { name: "AES-CBC" },
|
|
|
+ false,
|
|
|
+ ["encrypt", "decrypt"]
|
|
|
+ ).then(function (k) {
|
|
|
+ var modbyte = file[file.length - 33];
|
|
|
+ var subfile = file.subarray(key.datastart, -33);
|
|
|
+ //console.log(modbyte);
|
|
|
+ if (modbyte == 0) {
|
|
|
+ //we can cheat our way out of the fact that the aescrypt file format fails to put padding on
|
|
|
+ //a size%16==0 sized file with forge api, but not with webcrypto api
|
|
|
+ //so just use forge instead.
|
|
|
+ cb(aesdecrypt(encfile, pass, returnstring));
|
|
|
+ return;
|
|
|
+ }
|
|
|
+
|
|
|
+ cr.decrypt(
|
|
|
+ { name: "AES-CBC", iv: toU8(key.fileiv) },
|
|
|
+ k,
|
|
|
+ subfile
|
|
|
+ ).then(function (decrypted) {
|
|
|
+ decrypted = (new Uint8Array(decrypted)).subarray(0, (modbyte - 16));
|
|
|
+ checkhmac(decrypted);
|
|
|
+ }).catch(function (e) {
|
|
|
+ //for (var x in e)
|
|
|
+ // console.log(x+'='+e[x]);
|
|
|
+ // in case we choke somewhere. Orignally was for above mentioned aescrypt padding problem.
|
|
|
+ cb(aesdecrypt(encfile, pass, returnstring)); //try with forge
|
|
|
+ })
|
|
|
+ ;
|
|
|
+ }).catch(function (e) {
|
|
|
+ //console.log(e);
|
|
|
+ cb({ data: emptydata, error: e.message });
|
|
|
+ });
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ var decryptor = decryptstart(key);
|
|
|
+
|
|
|
+ var decrypted = decryptpayload(file, decryptor, key.datastart);
|
|
|
+
|
|
|
+ if (decrypted == -1) return { data: new Uint8Array(0), error: "file corrupted (invalid length)" };
|
|
|
+
|
|
|
+ var error = decryptfinish(file, decryptor, true);
|
|
|
+ if (returnstring)
|
|
|
+ return { data: decryptor.decipher.output.data, error: error };
|
|
|
+ else {
|
|
|
+ var a = new Uint8Array(decryptor.decipher.output.data.length);
|
|
|
+ copyToArray(decryptor.decipher.output.data, a);
|
|
|
+ return { data: a, error: error };
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // do head in one go
|
|
|
+ function decrypthead(encfile, pass) {
|
|
|
+ var file, fileinfo, key;
|
|
|
+
|
|
|
+ //{data:file, credblock: credblock, credext: credext, credextsize: credextsize, datastart: credblock+96, error: ''}
|
|
|
+ //end of extensions tag (0x0000) is at credblock-2;
|
|
|
+ //begin of extended credblock extension, including size bytes is at credext-18;
|
|
|
+
|
|
|
+ fileinfo = parsefile(encfile);
|
|
|
+ if (fileinfo.error != '') return fileinfo;
|
|
|
+
|
|
|
+ file = fileinfo.data;
|
|
|
+ if (file === undefined)
|
|
|
+ return { data: file, error: "bad input" };
|
|
|
+ if (fileinfo.credext) {
|
|
|
+ key = getanykey(file, pass, false, fileinfo.credext - 18);
|
|
|
+ } else if (fileinfo.credblock) {
|
|
|
+ key = getkey(file.subarray(fileinfo.credblock, fileinfo.credblock + 96), pass);
|
|
|
+ }
|
|
|
+ else return ({ error: "Could not parse encrypted file" });
|
|
|
+ key.datastart = fileinfo.datastart;
|
|
|
+
|
|
|
+ return key;
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ // parse head of file and get key
|
|
|
+ // can be done in stages as more data is put into filebuf
|
|
|
+ // cant use parsefile() if we really want to be able to handle incoming a byte at a time
|
|
|
+ function decryptparsehead(filebuf, pass, progress) {
|
|
|
+ if (progress === undefined) progress = { stage: 0 };
|
|
|
+ //check first 5 bytes
|
|
|
+ if (progress.stage == 0) {
|
|
|
+ //need 5 bytes for stage 1;
|
|
|
+ var file = filebuf.get(5);
|
|
|
+ if (file == undefined) return progress;
|
|
|
+
|
|
|
+ if (!(file[0] == 0x41 && file[1] == 0x45 && file[2] == 0x53)) {
|
|
|
+ //return error
|
|
|
+ //console.log("bad magic");
|
|
|
+ return { error: "bad magic" }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (file[3] != 2) {
|
|
|
+ //return error
|
|
|
+ //console.log("wrong file version, only supports v2");
|
|
|
+ return { error: "wrong file version, only supports v2" }
|
|
|
+ }
|
|
|
+ progress.stage = 1;
|
|
|
+ }
|
|
|
+ if (progress.stage == 1) {
|
|
|
+ file = filebuf.preview(2);
|
|
|
+ if (file === undefined) return progress;
|
|
|
+ while (file[0] != 0 || file[1] != 0) {
|
|
|
+ var sig = '';
|
|
|
+ var extsize = (file[0] << 8) + file[1] + 2;
|
|
|
+ var lengthbytes = file;
|
|
|
+ file = filebuf.get(extsize);
|
|
|
+ if (file === undefined) return progress;
|
|
|
+ // look for extended credential block
|
|
|
+ if (file.length > 17) {
|
|
|
+ sig = arrayToString(file.subarray(2, 17));
|
|
|
+ if (sig == "enckeyblk v 0.1") {
|
|
|
+ var k = getanykey(file, pass, true, 0);
|
|
|
+ if (k.error == "") progress.key = k;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ file = filebuf.preview(2);
|
|
|
+ if (file === undefined) return progress;
|
|
|
+ }
|
|
|
+ file = filebuf.get(2); //skip past the final 0x0000
|
|
|
+ progress.stage = 2;
|
|
|
+ }
|
|
|
+ if (progress.stage == 2) {
|
|
|
+ // this is our main credential block containing
|
|
|
+ // keyiv, encrypted key and file iv and hmac of ( encrypted key + file iv)
|
|
|
+ file = filebuf.get(96);
|
|
|
+ if (file === undefined) return progress;
|
|
|
+ if (progress.key) {
|
|
|
+ progress.key.stage = 3;
|
|
|
+ return progress.key
|
|
|
+ } else {
|
|
|
+ var key = getkey(file, pass);
|
|
|
+ key.stage = 3;
|
|
|
+ return key;
|
|
|
+ }
|
|
|
+ //this is the end of the header section
|
|
|
+ //encrypted data is next
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ // set up decipher, hmac and an object to hold them an output array
|
|
|
+ function decryptstart(key) {
|
|
|
+ var decipher = forge.cipher.createDecipher('AES-CBC', key.key);
|
|
|
+ var hmac = forge.hmac.create();
|
|
|
+ decipher.start({ iv: key.fileiv });
|
|
|
+ hmac.start('sha256', key.key);
|
|
|
+ return { decipher: decipher, hmac: hmac, data: newbytebuf() };
|
|
|
+ }
|
|
|
+
|
|
|
+ // decrypt 64 bytes at a time
|
|
|
+ // either the buffer will need to contain the whole file, or we will
|
|
|
+ // probably need to feed buffer 128 bytes at a time until the end of file, or it will all break down
|
|
|
+ // if position is defined, we assume file is a uint8array and data starts at pos
|
|
|
+ function decryptpayload(filebuf, decryptor, pos) {
|
|
|
+
|
|
|
+ var block;
|
|
|
+ var len = filebuf.length;
|
|
|
+ // 49 bytes is the minimum payload size (16 bytes encrypted data + 1 mod byte + 32 byte hmac)
|
|
|
+ // if we are at the end of file, just encrypt what we have left.
|
|
|
+ // if filebuf is an uint8array, pos will/should be defined
|
|
|
+ if (filebuf.eof || pos !== undefined) {
|
|
|
+ //console.log("got eof, doing rest of file, len="+len);
|
|
|
+
|
|
|
+ //this should only be 33 or more.
|
|
|
+ if (len < 33) return -1;
|
|
|
+ if (len == 33) return 0;
|
|
|
+ //get all but the last 33 bytes
|
|
|
+ len -= 33;
|
|
|
+ if (pos !== undefined)
|
|
|
+ block = filebuf.subarray(pos, -33);
|
|
|
+ else
|
|
|
+ block = filebuf.get(len);
|
|
|
+ //console.log("starting decrypt");
|
|
|
+ decryptor.decipher.update(forge.util.createBuffer(block));
|
|
|
+ //decryptor.hmac.update(arrayToString(block));
|
|
|
+ //console.log("starting hmac calc");
|
|
|
+ hmacchunkblock(decryptor.hmac, block);
|
|
|
+ //console.log("done with decryption");
|
|
|
+ return (len);
|
|
|
+
|
|
|
+ // if no end of file, then leave at least 33 bytes after this round
|
|
|
+ } else if (len > 97) {
|
|
|
+ //console.log("no eof, leaving at least 33 in buf");
|
|
|
+ len = len - 33;
|
|
|
+ len = len - len % 64
|
|
|
+ //console.log("decrypting "+len+" bytes")
|
|
|
+ block = filebuf.get(len);
|
|
|
+ //now minimum in buffer is 33
|
|
|
+ decryptor.decipher.update(forge.util.createBuffer(block));
|
|
|
+ //decryptor.hmac.update(arrayToString(block));
|
|
|
+ hmacchunkblock(decryptor.hmac, block);
|
|
|
+ return (len);
|
|
|
+ }
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ // if pos == true, filebuf is uint8array
|
|
|
+ function decryptfinish(filebuf, decryptor, pos) {
|
|
|
+ var hdat, hdatcomp, modbyte;
|
|
|
+
|
|
|
+ if (pos !== true) {
|
|
|
+ modbyte = filebuf.get(1);
|
|
|
+ if (modbyte === undefined) return "file corrupted (no modbyte)";
|
|
|
+ modbyte = modbyte[0];
|
|
|
+ hdat = arrayToString(filebuf.get(-1));
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ pos = filebuf.length - 33;
|
|
|
+ modbyte = filebuf[pos];
|
|
|
+ hdat = arrayToString(filebuf.subarray(pos + 1));
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!hdat || hdat.length != 32) return "file corrupted (invalid hmac block)";
|
|
|
+
|
|
|
+ hdatcomp = decryptor.hmac.digest().data
|
|
|
+ if (hdat != hdatcomp) {
|
|
|
+ return "hmac does not match. Likely file corruption or tampering.";
|
|
|
+ }
|
|
|
+ if (modbyte != 0)
|
|
|
+ decryptor.decipher.output.data = decryptor.decipher.output.data.slice(
|
|
|
+ 0, (modbyte - 16)
|
|
|
+ );
|
|
|
+ return "";
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ /** Encrypt data in the aescrypt 02 format */
|
|
|
+
|
|
|
+ /**
|
|
|
+ * Encrypts filecontents with pass and returns an ArrayBuffer containing a file encrypted in the aescrypt format 02.
|
|
|
+ *
|
|
|
+ * @param filecontents the bytes to encrypt (either encoded as String, one byte per
|
|
|
+ * character, or as an ArrayBuffer or Typed Array).
|
|
|
+ *
|
|
|
+ * @param pass password String used for encryption
|
|
|
+ *
|
|
|
+ * @param returnstring boolean if true return a binary string instead of a uint8arrray
|
|
|
+ *
|
|
|
+ * @param slotn number of slots for extra passwords (default 16)
|
|
|
+ *
|
|
|
+ * @param cb callback to receive encrypted data
|
|
|
+ */
|
|
|
+
|
|
|
+ var aesencrypt = function (filecontents, pass, returnstring, slotn, cb) {
|
|
|
+
|
|
|
+ var emptydata = new Uint8Array(0);
|
|
|
+
|
|
|
+ if (crypto && crypto.subtle && typeof cb == 'function') {
|
|
|
+ var cr = crypto.subtle;
|
|
|
+ var sd = encryptstart(pass, slotn, true);
|
|
|
+ console.log("WEBCRYPTO");
|
|
|
+ function cryptofinish(enc, hdat, head, mod) {
|
|
|
+ var output, bufi,
|
|
|
+ modbyte = String.fromCharCode(mod);
|
|
|
+
|
|
|
+ output = newbytebuf();
|
|
|
+ output.put(head);
|
|
|
+ output.put(enc);
|
|
|
+ output.put(modbyte);
|
|
|
+ output.put(hdat);
|
|
|
+
|
|
|
+ output = output.get(-1);
|
|
|
+ //console.log(output.length);
|
|
|
+ return { data: output, error: "" };
|
|
|
+ }
|
|
|
+
|
|
|
+ function makehmac(enc) {
|
|
|
+ cr.importKey(
|
|
|
+ 'raw',
|
|
|
+ toU8(sd.key),
|
|
|
+ { name: "HMAC", hash: { name: "SHA-256" } },
|
|
|
+ false,
|
|
|
+ ["sign", "verify"]
|
|
|
+ ).then(function (k) {
|
|
|
+ //console.log("key imported for hmac");
|
|
|
+ var mod = filecontents.length % 16;
|
|
|
+ if (mod == 0) enc = enc.subarray(0, -16);
|
|
|
+ cr.sign(
|
|
|
+ { name: "HMAC" },
|
|
|
+ k,
|
|
|
+ enc
|
|
|
+ ).then(function (sig) {
|
|
|
+ //console.log("finishing file");
|
|
|
+ cb(cryptofinish(enc, sig, sd.head, mod));
|
|
|
+ })/*.catch(function(e) {
|
|
|
+ console.log(e);
|
|
|
+ cb({data:emptydata,error:e.message});
|
|
|
+ });*/;
|
|
|
+ }).catch(function (e) {
|
|
|
+ //for (var x in e)
|
|
|
+ // console.log(x+'='+e[x]);
|
|
|
+ cb({ data: emptydata, error: e.message });
|
|
|
+ });
|
|
|
+
|
|
|
+ }
|
|
|
+
|
|
|
+ cr.importKey(
|
|
|
+ 'raw',
|
|
|
+ toU8(sd.key),
|
|
|
+ { name: "AES-CBC" },
|
|
|
+ false,
|
|
|
+ ["encrypt", "decrypt"]
|
|
|
+ ).then(function (k) {
|
|
|
+ cr.encrypt(
|
|
|
+ { name: "AES-CBC", iv: toU8(sd.fileiv) },
|
|
|
+ k,
|
|
|
+ toU8(filecontents)
|
|
|
+ ).then(function (encrypted) {
|
|
|
+ //console.log(encrypted.byteLength);
|
|
|
+ makehmac(new Uint8Array(encrypted));
|
|
|
+ }).catch(function (e) {
|
|
|
+ //for (var x in e)
|
|
|
+ // console.log(x+'='+e[x]);
|
|
|
+ cb(aesencrypt(filecontents, pass, returnstring, slotn)); //try with forge
|
|
|
+ })
|
|
|
+ ;
|
|
|
+ }).catch(function (e) {
|
|
|
+ //console.log(e);
|
|
|
+ cb({ data: emptydata, error: e.message });
|
|
|
+ });
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ // the forge version
|
|
|
+ var startdata = encryptstart(pass, slotn);
|
|
|
+ var mod = encryptupdate(startdata.cipher, startdata.hmac, filecontents);
|
|
|
+ mod %= 16;
|
|
|
+ return encryptfinish(startdata.cipher, startdata.hmac, startdata.head, mod, returnstring);
|
|
|
+ }
|
|
|
+
|
|
|
+ //* set up file header and return keys and iv
|
|
|
+ function encryptstart(pass, extrakeyslots, noforge) {
|
|
|
+ var headstart = new Uint8Array(5);
|
|
|
+ var endext = new Uint8Array(2);//0x0000 for no more extensions
|
|
|
+ var extensions = [];
|
|
|
+ var bufarray = new ArrayBuffer(96);
|
|
|
+ var bufi = 0;
|
|
|
+ var buffer = new Uint8Array(bufarray);
|
|
|
+ var cred = '';
|
|
|
+ var keyiv, extlen = 0, output,
|
|
|
+ i = 0, //blank=new String;
|
|
|
+ blank;
|
|
|
+ var emptydata = new ArrayBuffer(0);
|
|
|
+ var cipher, hmac, extrapasses = [];
|
|
|
+ //console.log(toType(pass));
|
|
|
+ if (toType(pass) == 'array') {
|
|
|
+ extrapasses = pass;
|
|
|
+ pass = extrapasses.shift();
|
|
|
+ //console.log(pass);
|
|
|
+ //console.log(extrapasses);
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ // TODO: support for other than 16, and for extending a block that is too small to fit another
|
|
|
+ // password (in addpass()). Right now, a code review of other projects would be required
|
|
|
+ // since they might rely on file header size being constant (dunno, hence need for review).
|
|
|
+ // if (extrakeyslots===undefined)
|
|
|
+ extrakeyslots = 16;
|
|
|
+ // max size of extension is 65536
|
|
|
+ if (extrakeyslots > 682) extrakeyslots = 682;
|
|
|
+ copyToArray("AES", headstart, 0);
|
|
|
+ headstart[3] = 2;
|
|
|
+
|
|
|
+ //headstart[4]=0; //aready 0;
|
|
|
+
|
|
|
+ // make credentials
|
|
|
+ //this is now mostly solved and should be successful on every attempt
|
|
|
+ var i = 0;
|
|
|
+ while (cred == '' && i++ < 9) {
|
|
|
+ //if(i>1) console.log("FAILED making new credential block");
|
|
|
+ cred = newcredentialblock(pass);
|
|
|
+ }
|
|
|
+ if (cred == '') {
|
|
|
+ //console.log("tried 8 time, bailing...");
|
|
|
+ return { head: emptydata, error: "could not make a new set of credentials" };
|
|
|
+ }
|
|
|
+
|
|
|
+ /* **** add extensions here **** */
|
|
|
+
|
|
|
+ extensions.push(makeext(["CREATED_BY", "aescrypt.js 0.1"]));
|
|
|
+
|
|
|
+ //add blank 128 byte extension
|
|
|
+
|
|
|
+ blank = new Uint8Array(130);
|
|
|
+ blank.set([128], 1);
|
|
|
+ extensions.push(blank);
|
|
|
+
|
|
|
+ //add extended credential block
|
|
|
+ //and add extra passwords, if available;
|
|
|
+ if (extrakeyslots > 0) {
|
|
|
+ var csize = 16 + (96 * extrakeyslots);
|
|
|
+ var h = String.fromCharCode(csize >>> 8) + String.fromCharCode(csize & 0xFF) + "enckeyblk v 0.1" + String.fromCharCode(0);
|
|
|
+ blank = new Uint8Array(csize + 2);
|
|
|
+ copyToArray(h, blank);
|
|
|
+ var len = (extrapasses.length < 16) ? extrapasses.length : 16;
|
|
|
+ for (var i = 0; i < len; i++) {
|
|
|
+ var newpass = extrapasses[i],
|
|
|
+ newblock = newcredentialblock(newpass, cred.key, cred.fileiv),
|
|
|
+ start = 18 + (i * 96);
|
|
|
+
|
|
|
+ copyToArray(newblock.buffer, blank, start);
|
|
|
+ }
|
|
|
+ extensions.push(blank);
|
|
|
+ }
|
|
|
+
|
|
|
+ /*
|
|
|
+ blank=String.fromCharCode(0)+String.fromCharCode(128);
|
|
|
+ for (var i=0;i<128;i++)
|
|
|
+ blank+=String.fromCharCode(0);
|
|
|
+ extensions.push(blank);
|
|
|
+
|
|
|
+ //add an area for 16 96-byte blocks for extra keyiv-enckeyblk-hmac combos ("credential blocks")
|
|
|
+ blank=String.fromCharCode(06)+String.fromCharCode(16)+"enckeyblk v 0.1"+String.fromCharCode(0);
|
|
|
+ for (var i=0;i<1536;i++)
|
|
|
+ blank+=String.fromCharCode(0);
|
|
|
+ extensions.push(blank);
|
|
|
+ */
|
|
|
+
|
|
|
+
|
|
|
+ /* **** end add extensions **** */
|
|
|
+
|
|
|
+ //the last extension - 0x0000 to mark end of extensions
|
|
|
+ extensions.push(endext);
|
|
|
+
|
|
|
+ // get length of all extensions
|
|
|
+ for (var i = 0; i < extensions.length; i++)
|
|
|
+ extlen += extensions[i].length;
|
|
|
+
|
|
|
+ output = new Uint8Array(
|
|
|
+ headstart.length +
|
|
|
+ extlen +
|
|
|
+ cred.buffer.length
|
|
|
+ );
|
|
|
+
|
|
|
+ bufi = 0;
|
|
|
+ bufi += copyToArray(headstart, output, bufi);
|
|
|
+ for (var i = 0; i < extensions.length; i++)
|
|
|
+ bufi += copyToArray(extensions[i], output, bufi);
|
|
|
+ bufi += copyToArray(cred.buffer, output, bufi);
|
|
|
+
|
|
|
+ if (!noforge) {
|
|
|
+ cipher = forge.cipher.createCipher('AES-CBC', cred.key);
|
|
|
+ cipher.start({ iv: cred.fileiv });
|
|
|
+
|
|
|
+ hmac = forge.hmac.create();
|
|
|
+ hmac.start('sha256', cred.key);
|
|
|
+ return { head: output, error: "", cipher: cipher, hmac: hmac };
|
|
|
+ }
|
|
|
+
|
|
|
+ return { head: output, error: "", fileiv: cred.fileiv, key: cred.key };
|
|
|
+ }
|
|
|
+
|
|
|
+ function encryptupdate(cipher, hmac, data, newiv) {
|
|
|
+ var encdata;
|
|
|
+ // newiv is a misnomer since cipher.start({iv:newiv}) doesn't work here (not sure why)
|
|
|
+ if (newiv !== false && newiv !== undefined) {
|
|
|
+ //cipher.start({iv:newiv});
|
|
|
+ cipher.output.data = newiv;
|
|
|
+ cipher.update(forge.util.createBuffer(data));
|
|
|
+ cipher.output.data = cipher.output.data.slice(16);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ cipher.update(forge.util.createBuffer(data));
|
|
|
+
|
|
|
+ hmac.update(cipher.output.data);
|
|
|
+
|
|
|
+ return (data.length);
|
|
|
+ }
|
|
|
+
|
|
|
+ function encryptfinish(cipher, hmac, head, mod, returnstring) {
|
|
|
+ var output, len, bufi, hdat,
|
|
|
+ modbyte = String.fromCharCode(mod),
|
|
|
+ hlen = cipher.output.data.length;
|
|
|
+
|
|
|
+ cipher.finish();
|
|
|
+ if (mod != 0)
|
|
|
+ len = cipher.output.data.length;
|
|
|
+
|
|
|
+ // don't pad file that otherwise fits exactly into 16 byte blocks.
|
|
|
+ // forge needs the extra room for encoding a padding number in the plaintext (Section 10.3 of [RFC2315], step 2)
|
|
|
+ // aescrypt format has the padding number outside the encrypted text.
|
|
|
+ else
|
|
|
+ len = cipher.output.data.length - 16;
|
|
|
+
|
|
|
+ //how much extra data left to hmac, negative number or zero
|
|
|
+ hlen -= len;
|
|
|
+
|
|
|
+ //update our hmac with extra data
|
|
|
+ if (hlen < 0)
|
|
|
+ hmac.update(cipher.output.data.slice(hlen));
|
|
|
+
|
|
|
+ hdat = hmac.digest().data;
|
|
|
+
|
|
|
+
|
|
|
+ if (returnstring) {
|
|
|
+ // do not use with chunking
|
|
|
+ return {
|
|
|
+ data: ("").concat(arrayToString(head), cipher.output.data.slice(0, len), modbyte, hdat),
|
|
|
+ error: ""
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ output = new Uint8Array(
|
|
|
+ head.length +
|
|
|
+ len +
|
|
|
+ modbyte.length +
|
|
|
+ hdat.length
|
|
|
+ );
|
|
|
+ // if getChunk is used below, head will be "" and cipher.output.data
|
|
|
+ // will have been moved off and also be "", or a tail portion of it
|
|
|
+ bufi = 0;
|
|
|
+ bufi += copyToArray(head, output, bufi);
|
|
|
+ bufi += copyToArray(cipher.output.data, output, bufi, len);
|
|
|
+ bufi += copyToArray(modbyte, output, bufi);
|
|
|
+ bufi += copyToArray(hdat, output, bufi);
|
|
|
+ return { data: output, error: "" };
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+
|
|
|
+ var chunkencrypt = function (pass) {
|
|
|
+ return {
|
|
|
+ start: function (pass) {
|
|
|
+ var encstart = encryptstart(pass);
|
|
|
+ this.hmac = encstart.hmac;
|
|
|
+ this.cipher = encstart.cipher;
|
|
|
+ this.head = arrayToString(encstart.head);
|
|
|
+ this.newiv = false;
|
|
|
+ this.length = 0;
|
|
|
+ //there really should be no errors
|
|
|
+ this.error = encstart.error;
|
|
|
+ },
|
|
|
+ update: function (data) {
|
|
|
+ this.length += encryptupdate(this.cipher, this.hmac, data, this.newiv);
|
|
|
+ this.newiv = false;
|
|
|
+ return this;
|
|
|
+ },
|
|
|
+ getChunk: function (size) {
|
|
|
+ //return size must be a multiple of size
|
|
|
+
|
|
|
+ var ret, retsize;
|
|
|
+
|
|
|
+ if (this.leftover) {
|
|
|
+ this.cipher.output.data = this.leftover + this.cipher.output.data;
|
|
|
+ delete this.leftover;
|
|
|
+ }
|
|
|
+
|
|
|
+ retsize = parseInt((this.head.length + this.cipher.output.data.length) / size) * size;
|
|
|
+ //console.log("retsize="+retsize+ " or "+size+ ' * ' + parseInt( (this.head.length+this.cipher.output.data.length)/size ) );
|
|
|
+
|
|
|
+ if (retsize == 0) return;
|
|
|
+
|
|
|
+ if (retsize == this.head.length) {
|
|
|
+ ret = this.head;
|
|
|
+ } else if (retsize < this.head.length) {
|
|
|
+ ret = this.head.slice(0, retsize);
|
|
|
+ this.leftover = this.head.slice(retsize);
|
|
|
+ } else {
|
|
|
+ // concat head to cipher output to make desired size
|
|
|
+ if (this.head.length) {
|
|
|
+ retsize -= this.head.length;
|
|
|
+ ret = this.head + this.cipher.output.data.slice(0, retsize);
|
|
|
+ } else {
|
|
|
+ ret = this.cipher.output.data.slice(0, retsize);
|
|
|
+ }
|
|
|
+
|
|
|
+ this.leftover = this.cipher.output.data.slice(retsize); //just add this on next time.
|
|
|
+ this.newiv = this.cipher.output.data.slice(-16); //put 16 bytes back in mix for next cbc mode computation
|
|
|
+ this.cipher.output.data = "";
|
|
|
+ }
|
|
|
+
|
|
|
+ this.head = '';
|
|
|
+ var reta = new Uint8Array(ret.length);
|
|
|
+ copyToArray(ret, reta);
|
|
|
+ return { data: reta, error: "" };
|
|
|
+
|
|
|
+
|
|
|
+ /*-------------------------- old way------------------------------------------
|
|
|
+ ret = this.head +
|
|
|
+ this.cipher.output.data;
|
|
|
+
|
|
|
+ // only update if we at least as much data as requsted
|
|
|
+ if (size && size > ret.length)
|
|
|
+ return;
|
|
|
+
|
|
|
+ var reta=new Uint8Array(ret.length);
|
|
|
+
|
|
|
+ if( ret.length>0)
|
|
|
+ copyToArray(ret,reta);
|
|
|
+ else
|
|
|
+ return;
|
|
|
+
|
|
|
+ // cbc mode needs last 16 bytes to compute next 16
|
|
|
+ // and we'll make adjustments in next update()
|
|
|
+ if (this.cipher.output.data.length) {
|
|
|
+ this.newiv=this.cipher.output.data.slice(-16);
|
|
|
+ this.cipher.output.data="";
|
|
|
+ }
|
|
|
+
|
|
|
+ this.head="";
|
|
|
+
|
|
|
+ return {data: reta, error: ""};
|
|
|
+ ----------------------------*/
|
|
|
+ },
|
|
|
+ finish: function () {
|
|
|
+ if (this.leftover) {
|
|
|
+ this.cipher.output.data = this.leftover + this.cipher.output.data;
|
|
|
+ delete this.leftover;
|
|
|
+ }
|
|
|
+ var f = encryptfinish(this.cipher, this.hmac, this.head, (this.length % 16));
|
|
|
+ return f;
|
|
|
+ },
|
|
|
+ }
|
|
|
+ };
|
|
|
+
|
|
|
+ /*
|
|
|
+ var aesdecrypt=function(encfile,pass,returnstring) {
|
|
|
+ var emptydata=new ArrayBuffer(0);
|
|
|
+ //var usemod=true;
|
|
|
+
|
|
|
+ //take a uint8array, arraybuffer or string for file
|
|
|
+ file=toU8(encfile);
|
|
|
+ if (file===undefined)
|
|
|
+ return {data:emptydata, error:"bad input"};
|
|
|
+ var filebuf=newbytebuf(file).done();
|
|
|
+ var key=decryptparsehead( filebuf, pass );
|
|
|
+ if (key.error!='') return {data:emptydata, error: key.error};
|
|
|
+ var decryptor=decryptstart(key);
|
|
|
+
|
|
|
+ // end of string is set with .done() above, so only need one pass in decryptpayload();
|
|
|
+ var decrypted=decryptpayload(filebuf,decryptor);
|
|
|
+ if (decrypted == -1) return {data:new Uint8Array(0),error:"file corrupted"};
|
|
|
+
|
|
|
+ var error=decryptfinish(filebuf,decryptor);
|
|
|
+ if(returnstring)
|
|
|
+ return {data:decryptor.decipher.output.data, error: error};
|
|
|
+ else {
|
|
|
+ var a=new Uint8Array(decryptor.decipher.output.data.length);
|
|
|
+ copyToArray(decryptor.decipher.output.data,a);
|
|
|
+ return {data: a, error: error};
|
|
|
+ }
|
|
|
+ }
|
|
|
+*/
|
|
|
+ //data is not required in start;
|
|
|
+ var chunkdecrypt = function () {
|
|
|
+ return {
|
|
|
+ start: function (pass) {
|
|
|
+ if (!pass || pass == "") {
|
|
|
+ this.error = "password missing";
|
|
|
+ return this;
|
|
|
+ }
|
|
|
+ this.pass = pass;
|
|
|
+ this.progress = { stage: 0 };
|
|
|
+ this.filebuf = newbytebuf();
|
|
|
+ this.output = newbytebuf();
|
|
|
+ this.error = "";
|
|
|
+ this.lasterror = "";
|
|
|
+ delete this.decryptor;
|
|
|
+ },
|
|
|
+ update: function (data) {
|
|
|
+ // go no further on unrecoverable error. error message should be in this.error;
|
|
|
+ this.newoutput = false;
|
|
|
+ if (this.progress.stage == -1)
|
|
|
+ return this;
|
|
|
+
|
|
|
+ // push our data into the buffer
|
|
|
+ this.filebuf.put(data);
|
|
|
+ if (this.progress.stage < 3)
|
|
|
+ this.progress = decryptparsehead(this.filebuf, this.pass, this.progress);
|
|
|
+
|
|
|
+ if (this.progress.error) {
|
|
|
+ this.pass = '';
|
|
|
+ this.error = this.progress.error;
|
|
|
+ this.progress.stage = -1;
|
|
|
+ return this;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (this.progress.stage == 3) {
|
|
|
+ // we should have our key in this.progress.key
|
|
|
+ // this stage requires no data from filebuf
|
|
|
+
|
|
|
+ //dont need password lying around;
|
|
|
+ delete this.pass;
|
|
|
+ this.decryptor = decryptstart(this.progress);
|
|
|
+ this.progress.stage = 4;
|
|
|
+ //dont need key anylonger
|
|
|
+ delete this.key;
|
|
|
+ }
|
|
|
+ // kinda unnecessary since stage 3 requires no data
|
|
|
+ // but might want to put error checking into decryptstart some day.
|
|
|
+ if (this.progress.stage == 4) {
|
|
|
+ // decrypt whatever is in the buffer in multiples of 64 bytes, leaving at least 33 at end
|
|
|
+ var decrypted = decryptpayload(this.filebuf, this.decryptor);
|
|
|
+ if (decrypted > 0) {
|
|
|
+ this.output.put(this.decryptor.decipher.output.data);
|
|
|
+ this.decryptor.decipher.output.data = "";
|
|
|
+ this.newoutput = true;
|
|
|
+ } else if (decrypted == -1) {
|
|
|
+ this.error = "file corrupted (invalid length)";
|
|
|
+ this.progress.stage = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return this;
|
|
|
+ },
|
|
|
+ getChunk: function (size) {
|
|
|
+ var ret;
|
|
|
+ // get all of the buffer if size undefined
|
|
|
+ if (size === undefined) size = -1;
|
|
|
+ if (size == 0 || !this.output)
|
|
|
+ return;
|
|
|
+
|
|
|
+ ret = this.output.get(size);
|
|
|
+ // return undefined if no data
|
|
|
+ if (!ret || ret.length == 0) return;
|
|
|
+
|
|
|
+ if (this.output.eof && this.output.length == 0)
|
|
|
+ delete this.output;
|
|
|
+
|
|
|
+ return { data: ret, error: this.error };
|
|
|
+ },
|
|
|
+ finish: function () {
|
|
|
+ // mark eof
|
|
|
+ this.filebuf.done();
|
|
|
+ // finish off whatever is in the buffer
|
|
|
+ var decrypted = decryptpayload(this.filebuf, this.decryptor);
|
|
|
+ if (decrypted > 0) {
|
|
|
+ //check hmac and truncate
|
|
|
+ this.error = decryptfinish(this.filebuf, this.decryptor);
|
|
|
+ //copy output
|
|
|
+ this.output.put(this.decryptor.decipher.output.data);
|
|
|
+ //empty forge buffer
|
|
|
+ this.decryptor.decipher.output.data = "";
|
|
|
+ this.newoutput = true;
|
|
|
+ this.output.eof = true;
|
|
|
+ } else if (decrypted == -1) {
|
|
|
+ this.error = "file corrupted (invalid length)";
|
|
|
+ } else if (decrypted == 0) {
|
|
|
+ delete this.output;
|
|
|
+ }
|
|
|
+
|
|
|
+ this.progress.stage = -1;
|
|
|
+
|
|
|
+ delete this.filebuf;
|
|
|
+ delete this.decryptor;
|
|
|
+ var lastchunk = this.getChunk();
|
|
|
+ if (lastchunk && lastchunk.data)
|
|
|
+ lastchunk = lastchunk.data;
|
|
|
+ return { data: lastchunk, error: this.error };
|
|
|
+ },
|
|
|
+ }
|
|
|
+ };
|
|
|
+
|
|
|
+
|
|
|
+ return ({
|
|
|
+ chunkEncrypt: chunkencrypt,
|
|
|
+ chunkDecrypt: chunkdecrypt,
|
|
|
+ encrypt: aesencrypt,
|
|
|
+ decrypt: aesdecrypt,
|
|
|
+ addPassword: addpass,
|
|
|
+ delPassword: delpass,
|
|
|
+ util: {
|
|
|
+ copyToArray: copyToArray,
|
|
|
+ arrayToString: arrayToString,
|
|
|
+ toType: toType,
|
|
|
+ newbytebuf: newbytebuf
|
|
|
+ }
|
|
|
+ });
|
|
|
+})();
|
Pushkar Anand