Issues in encryption.js (master) - Issues in master - blocktrail/blocktrail-sdk-nodejs - Measure and Improve Code Quality continuously with Scrutinizer

Issues (615)

lib/encryption.js (2 issues)

Labels

Bug 2

Severity

Major 2

var assert = require('assert');
var sjcl = require('sjcl');
var KeyDerivation = require('./keyderivation');
var randomBytes = require('randombytes');

var Encryption = {
    defaultSaltLen: 10, /* can permit changes, no more than 512 bit (128 bytes) */
    tagLenBits: 128, /* can permit changes */
    ivLenBits: 128,  /* fixed */
    ivLenWords: 128 / 32
};

Encryption.generateSalt = function() {
    return randomBytes(this.defaultSaltLen);
};

Encryption.generateIV = function() {
    return randomBytes(this.ivLenBits / 8);
};

Encryption.encrypt = function(pt, pw, iterations) {
    var salt = this.generateSalt();
    var iv = this.generateIV();

    iterations = typeof iterations === 'undefined' ? KeyDerivation.defaultIterations : iterations;
    return this.encryptWithSaltAndIV(pt, pw, salt, iv, iterations);
};

Encryption.encryptWithSaltAndIV = function(pt, pw, saltBuf, iv, iterations) {
    assert(pt instanceof Buffer, 'pt must be provided as a buffer');

    assert(pw instanceof Buffer, 'pw must be provided as a buffer');
    assert(iv instanceof Buffer, 'IV must be provided as a buffer');
    assert(saltBuf instanceof Buffer, 'saltBuff must be provided as a buffer');
    assert(iv.length === 16, 'IV must be exactly 16 bytes');

    var SL = (new Buffer(1));
    var S = saltBuf;
    var I = new Buffer(4);
    SL.writeUInt8(saltBuf.length);
    I.writeUInt32LE(iterations);
    var header = SL.toString('hex') + S.toString('hex') + I.toString('hex');

    var key = sjcl.codec.hex.toBits(KeyDerivation.compute(pw, saltBuf, iterations).toString('hex'));
    var ct_t = sjcl.mode.gcm.encrypt(
      new sjcl.cipher.aes(key),
      sjcl.codec.hex.toBits(pt.toString('hex')),
      sjcl.codec.hex.toBits(iv.toString('hex')),
      sjcl.codec.hex.toBits(header),
      this.tagLenBits
    );

    // iter || saltLen8 || salt || iv || tag || ct
    return new Buffer([header, iv.toString('hex'), sjcl.codec.hex.fromBits(ct_t)].join(''), 'hex');
};

Encryption.decrypt = function(ct, pw) {
    assert(ct instanceof Buffer, 'cipherText must be provided as a Buffer');

    assert(pw instanceof Buffer, 'password must be provided as a Buffer');
    var copy = new Buffer(ct, 'hex');
    var c = 0;

    var saltLen = copy.readUInt8(c)      ; c += 1;
    var salt = copy.slice(1, c + saltLen); c += saltLen;
    var iterations = copy.readUInt32LE(c); c += 4;
    var header = copy.slice(0, c);

    var iv = copy.slice(c, 16 + c); c += 16;
    var ct_t = copy.slice(c);

    // SaltBuf is required for KeyDerivation. Convert to sjcl where required.
    var key = KeyDerivation.compute(pw, salt, iterations);
    var plainText = sjcl.mode.gcm.decrypt(
      new sjcl.cipher.aes(sjcl.codec.hex.toBits(key.toString('hex'))),
      sjcl.codec.hex.toBits(ct_t.toString('hex')),
      sjcl.codec.hex.toBits(iv.toString('hex')),
      sjcl.codec.hex.toBits(header.toString('hex')),
      this.tagLenBits
    );
    return new Buffer(sjcl.codec.hex.fromBits(plainText), 'hex');
};

module.exports = Encryption;


1			var assert = require('assert');
2			var sjcl = require('sjcl');
3			var KeyDerivation = require('./keyderivation');
4			var randomBytes = require('randombytes');
5
6			var Encryption = {
7			defaultSaltLen: 10, /* can permit changes, no more than 512 bit (128 bytes) */
8			tagLenBits: 128, /* can permit changes */
9			ivLenBits: 128, /* fixed */
10			ivLenWords: 128 / 32
11			};
12
13			Encryption.generateSalt = function() {
14			return randomBytes(this.defaultSaltLen);
15			};
16
17			Encryption.generateIV = function() {
18			return randomBytes(this.ivLenBits / 8);
19			};
20
21			Encryption.encrypt = function(pt, pw, iterations) {
22			var salt = this.generateSalt();
23			var iv = this.generateIV();
24
25			iterations = typeof iterations === 'undefined' ? KeyDerivation.defaultIterations : iterations;
26			return this.encryptWithSaltAndIV(pt, pw, salt, iv, iterations);
27			};
28
29			Encryption.encryptWithSaltAndIV = function(pt, pw, saltBuf, iv, iterations) {
30			assert(pt instanceof Buffer, 'pt must be provided as a buffer');
			0 ignored issues – show Bug introduced 2017-09-28 19:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `Buffer` seems to be never declared. If this is a global, consider adding a `/** global: Buffer */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
31			assert(pw instanceof Buffer, 'pw must be provided as a buffer');
32			assert(iv instanceof Buffer, 'IV must be provided as a buffer');
33			assert(saltBuf instanceof Buffer, 'saltBuff must be provided as a buffer');
34			assert(iv.length === 16, 'IV must be exactly 16 bytes');
35
36			var SL = (new Buffer(1));
37			var S = saltBuf;
38			var I = new Buffer(4);
39			SL.writeUInt8(saltBuf.length);
40			I.writeUInt32LE(iterations);
41			var header = SL.toString('hex') + S.toString('hex') + I.toString('hex');
42
43			var key = sjcl.codec.hex.toBits(KeyDerivation.compute(pw, saltBuf, iterations).toString('hex'));
44			var ct_t = sjcl.mode.gcm.encrypt(
45			new sjcl.cipher.aes(key),
46			sjcl.codec.hex.toBits(pt.toString('hex')),
47			sjcl.codec.hex.toBits(iv.toString('hex')),
48			sjcl.codec.hex.toBits(header),
49			this.tagLenBits
50			);
51
52			// iter \|\| saltLen8 \|\| salt \|\| iv \|\| tag \|\| ct
53			return new Buffer([header, iv.toString('hex'), sjcl.codec.hex.fromBits(ct_t)].join(''), 'hex');
54			};
55
56			Encryption.decrypt = function(ct, pw) {
57			assert(ct instanceof Buffer, 'cipherText must be provided as a Buffer');
			0 ignored issues – show Bug introduced 2017-09-28 19:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `Buffer` seems to be never declared. If this is a global, consider adding a `/** global: Buffer */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
58			assert(pw instanceof Buffer, 'password must be provided as a Buffer');
59			var copy = new Buffer(ct, 'hex');
60			var c = 0;
61
62			var saltLen = copy.readUInt8(c) ; c += 1;
63			var salt = copy.slice(1, c + saltLen); c += saltLen;
64			var iterations = copy.readUInt32LE(c); c += 4;
65			var header = copy.slice(0, c);
66
67			var iv = copy.slice(c, 16 + c); c += 16;
68			var ct_t = copy.slice(c);
69
70			// SaltBuf is required for KeyDerivation. Convert to sjcl where required.
71			var key = KeyDerivation.compute(pw, salt, iterations);
72			var plainText = sjcl.mode.gcm.decrypt(
73			new sjcl.cipher.aes(sjcl.codec.hex.toBits(key.toString('hex'))),
74			sjcl.codec.hex.toBits(ct_t.toString('hex')),
75			sjcl.codec.hex.toBits(iv.toString('hex')),
76			sjcl.codec.hex.toBits(header.toString('hex')),
77			this.tagLenBits
78			);
79			return new Buffer(sjcl.codec.hex.fromBits(plainText), 'hex');
80			};
81
82			module.exports = Encryption;
83

blocktrail / blocktrail-sdk-nodejs

Issues (615)

lib/encryption.js (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like