Welcome to mirror list, hosted at ThFree Co, Russian Federation.

EncryptionService.js « Services « src - git.mdns.eu/nextcloud/passwords-client.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/src/Services/EncryptionService.js
blob: 7f81498718a083e5a7979bfb076673304f4acccf (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

import sodium from 'libsodium-wrappers';

export default class EncryptionService {

    constructor() {
    }

    /**
     * Encrypt the message with the given key and return a hex encoded string
     *
     * @param {String} message
     * @param {String} key
     * @returns {String}
     * @private
     */
    encrypt(message, passphrase) {
        let {key, salt} = this._passwordToKey(passphrase);
        let encrypted = this._encrypt(message, key);

        return sodium.to_hex(new Uint8Array([...salt, ...encrypted]));
    }

    /**
     * Decrypt the hex or base64 encoded message with the given key
     *
     * @param {String} encodedString
     * @param {Uint8Array} key
     * @returns {String}
     * @private
     */
    _decryptString(encodedString, passphrase) {
        let salt = encodedString.slice(0, sodium.crypto_pwhash_SALTBYTES),
            text = encodedString.slice(sodium.crypto_pwhash_SALTBYTES),
            key  = this._passwordToKey(passphrase, salt);
        return sodium.to_string(this._decrypt(text, key));
    }

    /**
     * Encrypt the message with the given key
     *
     * @param {String} message
     * @param {String} key
     * @returns {Uint8Array}
     * @private
     */
    _encrypt(message, key) {
        let nonce = sodium.randombytes_buf(sodium.crypto_secretbox_NONCEBYTES);

        return new Uint8Array([...nonce, ...sodium.crypto_secretbox_easy(message, nonce, key)]);
    }

    /**
     * Decrypt the message with the given key
     *
     * @param {Uint8Array} encrypted
     * @param {Uint8Array} key
     * @returns {Uint8Array}
     * @private
     */
    _decrypt(encrypted, key) {
        if(encrypted.length < sodium.crypto_secretbox_NONCEBYTES + sodium.crypto_secretbox_MACBYTES) throw new Error('Invalid encrypted text length');

        let nonce      = encrypted.slice(0, sodium.crypto_secretbox_NONCEBYTES),
            ciphertext = encrypted.slice(sodium.crypto_secretbox_NONCEBYTES);

        return sodium.crypto_secretbox_open_easy(ciphertext, nonce, key);
    }

    // noinspection JSMethodCanBeStatic
    /**
     *
     * @param password
     * @param salt
     * @returns {Uint8Array}
     * @private
     */
    _passwordToKey(password) {
        let salt = sodium.randombytes_buf(sodium.crypto_pwhash_SALTBYTES);

        let key = sodium.crypto_pwhash(
            sodium.crypto_box_SEEDBYTES,
            password,
            salt,
            sodium.crypto_pwhash_OPSLIMIT_INTERACTIVE,
            sodium.crypto_pwhash_MEMLIMIT_INTERACTIVE,
            sodium.crypto_pwhash_ALG_DEFAULT
        );

        return {key, salt};
    }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 19:38:44 +0300