CryptoJS Changeset - 20fa1614ab45

Changeset - 20fa1614ab45

Parent rev.

Child rev.

[Not reviewed]

default

0 1 2

Laman - 5 years ago 2019-07-06 12:39:11

FIX: unstretched password leaking through signature

3 files changed with 7 insertions and 7 deletions:

scheme.odg

bin+new file

scheme.png

bin+new file

src/main.js

0 comments (0 inline, 0 general)

scheme.odg

➞

Show inline comments

		new file 100644
		binary diff not shown

scheme.png

➞

Show inline comments

		new file 100644
		binary diff not shown

Show images

src/main.js

➞

Show inline comments

@@ @@ -11,9 +11,8 @@ function encrypt(s,password){ @@
 	let salt=util.createRandomNonce(12);
 	let [iters,key]=stretchKey(pass,salt);
 	let [_,ciphertext]=_encrypt(bs,key,salt);
 	let payload=[iters].concat(salt,ciphertext);
 	let signature=blake2s([VERSION].concat(payload),16,pass);
 	let arr=[VERSION].concat(signature,payload);
 	let signature=blake2s([VERSION,iters].concat(salt,ciphertext),16,key);
 	let arr=[VERSION,iters].concat(signature,salt,ciphertext);
 	return util.bytes2base64(arr);
+}
@@ @@ -21,14 +20,15 @@ function decrypt(s,password){ @@
 	let pass=util.str2utf8(password);
 	let arr=util.base642bytes(s);
 	let version=arr[0];
 	let signature=arr.slice(1,17);
 	let iters=arr[17];
 	let iters=arr[1];
 	let signature=arr.slice(2,18);
 	let salt=arr.slice(18,30);
 	let ciphertext=arr.slice(30);
 	let check=blake2s([version,iters].concat(salt,ciphertext),16,pass);
 	let key=pbkdf2(pass,salt,1<<iters,32);
 	let check=blake2s([version,iters].concat(salt,ciphertext),16,key);
 	if(!signature.every((b,i)=>b===check[i])){return 1;}
 	if(version>VERSION){return 2;}
 	let key=pbkdf2(pass,salt,1<<iters,32);
 	let plainbytes=_decrypt(ciphertext,key,salt);
 	return util.utf82str(plainbytes);
+}

0 comments (0 inline, 0 general)