diff --git a/js/privatebin.js b/js/privatebin.js index c3ece7b..5b3d926 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -699,15 +699,12 @@ jQuery.PrivateBin = (function($, RawDeflate) { * @async * @function * @private - * @param {string} mode of AES (ctr, cbc, cmac, gcm, cfb, kw) * @param {string} key * @param {string} password - * @param {string} salt used in HMAC - * @param {int} iterations amount to apply - * @param {int} keysize (128, 192 or 256) + * @param {object} object cryptographic message * @return {CryptoKey} derived key */ - async function deriveKey(mode, key, password, salt, iterations, keysize) + async function deriveKey(key, password, object) { let keyArray = StrToArr(key); if ((password || '').trim().length > 0) { @@ -730,21 +727,39 @@ jQuery.PrivateBin = (function($, RawDeflate) { return await window.crypto.subtle.deriveKey( { name: 'PBKDF2', // we use PBKDF2 for key derivation - salt: StrToArr(atob(salt)), // salt used in HMAC - iterations: iterations, // amount of iterations to apply + salt: StrToArr(atob(object.salt)), // salt used in HMAC + iterations: object.iter, // amount of iterations to apply hash: {name: 'SHA-256'} // can be "SHA-1", "SHA-256", "SHA-384" or "SHA-512" }, importedKey, { - // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") - name: 'AES-' + mode.toUpperCase(), - length: keysize // can be 128, 192 or 256 + name: 'AES-' + object.mode.toUpperCase(), // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") + length: object.ks // can be 128, 192 or 256 }, false, // the key may not be exported ['encrypt'] // we may only use it for decryption ); } + /** + * gets crypto settings from given object + * + * @name CryptTool.cryptoSettings + * @function + * @private + * @param {object} object cryptographic message + * @return {object} crypto settings + */ + function cryptoSettings(object) + { + return { + name: 'AES-' + object.mode.toUpperCase(), // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") + iv: StrToArr(atob(object.iv)), // the initialization vector you used to encrypt + additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any) + tagLength: object.ts // the length of the tag you used to encrypt (if any) + }; + } + /** * compress, then encrypt message with given key and password * @@ -774,14 +789,8 @@ jQuery.PrivateBin = (function($, RawDeflate) { // finally, encrypt message const encrypted = await window.crypto.subtle.encrypt( - { - // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") - name: algo, - iv: StrToArr(iv), // the initialization vector you used to encrypt - additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any) - tagLength: object.ts // the length of the tag you used to encrypt (if any) - }, - await deriveKey(object.mode, key, password, object.salt, object.iter, object.ks), + cryptoSettings(object), + await deriveKey(key, password, object), StrToArr(compress(message)) // compressed plain text to encrypt ); object.ct = btoa(ArrToStr(encrypted)); @@ -806,13 +815,8 @@ jQuery.PrivateBin = (function($, RawDeflate) { return decompress( ArrToStr( await window.crypto.subtle.decrypt( - { - name: algo, // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") - iv: StrToArr(atob(object.iv)), // the initialization vector you used to encrypt - additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any) - tagLength: object.ts // the length of the tag you used to encrypt (if any) - }, - await deriveKey(object.mode, key, password, object.salt, object.iter, object.ks), + cryptoSettings(object), + await deriveKey(key, password, object), StrToArr(atob(object.ct)) // cipher text to decrypt ) ) diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 03dd724..64c4e25 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -70,7 +70,7 @@ if ($MARKDOWN): endif; ?> - + diff --git a/tpl/page.php b/tpl/page.php index b6a245d..1983ff5 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -48,7 +48,7 @@ if ($MARKDOWN): endif; ?> - +