ciphermask/app/scripts/lib/encryptor.js

var ethUtil = require('ethereumjs-util')

module.exports = {

  // Simple encryption methods:
  encrypt,
  decrypt,

  // More advanced encryption methods:
  keyFromPassword,
  encryptWithKey,
  decryptWithKey,

  // Buffer <-> String methods
  convertArrayBufferViewtoString,
  convertStringToArrayBufferView,

  // Buffer <-> Hex string methods
  serializeBufferForStorage,
  serializeBufferFromStorage,

  // Buffer <-> base64 string methods
  encodeBufferToBase64,
  decodeBase64ToBuffer,

  generateSalt,
}

// Takes a Pojo, returns encrypted text.
function encrypt (password, dataObj) {
  return keyFromPassword(password)
  .then(function (passwordDerivedKey) {
    return encryptWithKey(passwordDerivedKey, dataObj)
  })
}

function encryptWithKey (key, dataObj) {
  var data = JSON.stringify(dataObj)
  var dataBuffer = convertStringToArrayBufferView(data)
  var vector = global.crypto.getRandomValues(new Uint8Array(16))

  return global.crypto.subtle.encrypt({
    name: 'AES-GCM',
    iv: vector,
  }, key, dataBuffer).then(function(buf){
    var buffer = new Uint8Array(buf)
    var vectorStr = encodeBufferToBase64(vector)
    var vaultStr = encodeBufferToBase64(buffer)
    return `${vaultStr}\\${vectorStr}`
  })
}

// Takes encrypted text, returns the restored Pojo.
function decrypt (password, text) {
  return keyFromPassword(password)
  .then(function (key) {
    return decryptWithKey(key, text)
  })
}

function decryptWithKey (key, text) {
  const parts = text.split('\\')
  const encryptedData = decodeBase64ToBuffer(parts[0])
  const vector = decodeBase64ToBuffer(parts[1])
  return crypto.subtle.decrypt({name: 'AES-GCM', iv: vector}, key, encryptedData)
  .then(function(result){
    const decryptedData = new Uint8Array(result)
    const decryptedStr = convertArrayBufferViewtoString(decryptedData)
    const decryptedObj = JSON.parse(decryptedStr)
    return decryptedObj
  })
  .catch(function(reason) {
    throw new Error('Incorrect password')
  })
}

function convertStringToArrayBufferView (str) {
  var bytes = new Uint8Array(str.length)
  for (var i = 0; i < str.length; i++) {
    bytes[i] = str.charCodeAt(i)
  }

  return bytes
}

function convertArrayBufferViewtoString (buffer) {
  var str = ''
  for (var i = 0; i < buffer.byteLength; i++) {
    str += String.fromCharCode(buffer[i])
  }

  return str
}

function keyFromPassword (password) {
  var passBuffer = convertStringToArrayBufferView(password)
  return global.crypto.subtle.digest('SHA-256', passBuffer)
  .then(function (passHash){
    return global.crypto.subtle.importKey('raw', passHash, {name: 'AES-GCM'}, false, ['encrypt', 'decrypt'])
  })
}

function serializeBufferFromStorage (str) {
  str = ethUtil.stripHexPrefix(str)
  var buf = new Uint8Array(str.length / 2)
  for (var i = 0; i < str.length; i += 2) {
    var seg = str.substr(i, 2)
    buf[i / 2] = parseInt(seg, 16)
  }
  return buf
}

// Should return a string, ready for storage, in hex format.
function serializeBufferForStorage (buffer) {
  var result = '0x'
  var len = buffer.length || buffer.byteLength
  for (var i = 0; i < len; i++) {
    result += unprefixedHex(buffer[i])
  }
  return result
}

function unprefixedHex (num) {
  var hex = num.toString(16)
  while (hex.length < 2) {
    hex = '0' + hex
  }
  return hex
}

function encodeBufferToBase64 (buf) {
  var b64encoded = btoa(String.fromCharCode.apply(null, buf))
  return b64encoded
}

function decodeBase64ToBuffer (base64) {
  var buf = new Uint8Array(atob(base64).split('')
  .map(function(c) {
    return c.charCodeAt(0)
  }))
  return buf
}

function generateSalt (byteCount = 32) {
  var view = new Uint8Array(byteCount)
  global.crypto.getRandomValues(view)
  var b64encoded = btoa(String.fromCharCode.apply(null, view))
  return b64encoded
}