Chapril/paste.chapril.org-privatebin
Chapril/paste.chapril.org-privatebin
25
1
Fork 0
Code Issues Releases Wiki Activity

further code deduplication

Browse Source
This commit is contained in:
El RIDO 2018-10-20 23:08:13 +02:00
parent 4c3fb3fe63
commit 5b00f4ead7
No known key found for this signature in database
GPG Key ID: 0F5C940A6BD81F92
3 changed files with 31 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
js/privatebin.js
View File

@ -699,15 +699,12 @@ jQuery.PrivateBin = (function($, RawDeflate) {
* @async * @async
* @function * @function
* @private * @private
* @param {string} mode of AES (ctr, cbc, cmac, gcm, cfb, kw)
* @param {string} key * @param {string} key
* @param {string} password * @param {string} password
* @param {string} salt used in HMAC * @param {object} object cryptographic message
* @param {int} iterations amount to apply
* @param {int} keysize (128, 192 or 256)
* @return {CryptoKey} derived key * @return {CryptoKey} derived key
*/ */
async function deriveKey(mode, key, password, salt, iterations, keysize) async function deriveKey(key, password, object)
{ {
let keyArray = StrToArr(key); let keyArray = StrToArr(key);
if ((password || '').trim().length > 0) { if ((password || '').trim().length > 0) {
@ -730,21 +727,39 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return await window.crypto.subtle.deriveKey( return await window.crypto.subtle.deriveKey(
{ {
name: 'PBKDF2', // we use PBKDF2 for key derivation name: 'PBKDF2', // we use PBKDF2 for key derivation
salt: StrToArr(atob(salt)), // salt used in HMAC salt: StrToArr(atob(object.salt)), // salt used in HMAC
iterations: iterations, // amount of iterations to apply iterations: object.iter, // amount of iterations to apply
hash: {name: 'SHA-256'} // can be "SHA-1", "SHA-256", "SHA-384" or "SHA-512" hash: {name: 'SHA-256'} // can be "SHA-1", "SHA-256", "SHA-384" or "SHA-512"
}, },
importedKey, importedKey,
{ {
// can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") name: 'AES-' + object.mode.toUpperCase(), // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC")
name: 'AES-' + mode.toUpperCase(), length: object.ks // can be 128, 192 or 256
length: keysize // can be 128, 192 or 256
}, },
false, // the key may not be exported false, // the key may not be exported
['encrypt'] // we may only use it for decryption ['encrypt'] // we may only use it for decryption
); );
} }
/**
* gets crypto settings from given object
*
* @name CryptTool.cryptoSettings
* @function
* @private
* @param {object} object cryptographic message
* @return {object} crypto settings
*/
function cryptoSettings(object)
{
return {
name: 'AES-' + object.mode.toUpperCase(), // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC")
iv: StrToArr(atob(object.iv)), // the initialization vector you used to encrypt
additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any)
tagLength: object.ts // the length of the tag you used to encrypt (if any)
};
}
/** /**
* compress, then encrypt message with given key and password * compress, then encrypt message with given key and password
* *
@ -774,14 +789,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
// finally, encrypt message // finally, encrypt message
const encrypted = await window.crypto.subtle.encrypt( const encrypted = await window.crypto.subtle.encrypt(
{ cryptoSettings(object),
// can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") await deriveKey(key, password, object),
name: algo,
iv: StrToArr(iv), // the initialization vector you used to encrypt
additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any)
tagLength: object.ts // the length of the tag you used to encrypt (if any)
},
await deriveKey(object.mode, key, password, object.salt, object.iter, object.ks),
StrToArr(compress(message)) // compressed plain text to encrypt StrToArr(compress(message)) // compressed plain text to encrypt
); );
object.ct = btoa(ArrToStr(encrypted)); object.ct = btoa(ArrToStr(encrypted));
@ -806,13 +815,8 @@ jQuery.PrivateBin = (function($, RawDeflate) {
return decompress( return decompress(
ArrToStr( ArrToStr(
await window.crypto.subtle.decrypt( await window.crypto.subtle.decrypt(
{ cryptoSettings(object),
name: algo, // can be any supported AES algorithm ("AES-CTR", "AES-CBC", "AES-CMAC", "AES-GCM", "AES-CFB", "AES-KW", "ECDH", "DH" or "HMAC") await deriveKey(key, password, object),
iv: StrToArr(atob(object.iv)), // the initialization vector you used to encrypt
additionalData: StrToArr(atob(object.adata)), // the addtional data you used during encryption (if any)
tagLength: object.ts // the length of the tag you used to encrypt (if any)
},
await deriveKey(object.mode, key, password, object.salt, object.iter, object.ks),
StrToArr(atob(object.ct)) // cipher text to decrypt StrToArr(atob(object.ct)) // cipher text to decrypt
) )
) )

2
tpl/bootstrap.php
View File

@ -70,7 +70,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-JNheFJ1QBN8s4U4lfDXguGVvnqJtrnt508Ew5PgAKWOTA2osRDgDJJYViz/A7XEd1NVAafN/qMDnIz/oqJkH/g==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/hqrAlB/+OWfUg9D/0knhNkmUCzSJNqK2GIU3KBt/vhgfFiKGByOAzFYsyNxINu7c1pEwc/F/ZL5A/iF1rnK0Q==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->

2
tpl/page.php
View File

@ -48,7 +48,7 @@ if ($MARKDOWN):
endif; endif;
?> ?>
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/purify-1.0.7.js" integrity="sha512-VnKJHLosO8z2ojNvWk9BEKYqnhZyWK9rM90FgZUUEp/PRnUqR5OLLKE0a3BkVmn7YgB7LXRrjHgFHQYKd6DAIA==" crossorigin="anonymous"></script>
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-JNheFJ1QBN8s4U4lfDXguGVvnqJtrnt508Ew5PgAKWOTA2osRDgDJJYViz/A7XEd1NVAafN/qMDnIz/oqJkH/g==" crossorigin="anonymous"></script> <script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-/hqrAlB/+OWfUg9D/0knhNkmUCzSJNqK2GIU3KBt/vhgfFiKGByOAzFYsyNxINu7c1pEwc/F/ZL5A/iF1rnK0Q==" crossorigin="anonymous"></script>
<!--[if lt IE 10]> <!--[if lt IE 10]>
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style> <style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;} #oldienotice {display:block;}</style>
<![endif]--> <![endif]-->