|
@@ -11,9 +11,8 @@ function encrypt(s,password){
|
|
|
let salt=util.createRandomNonce(12);
|
|
|
let [iters,key]=stretchKey(pass,salt);
|
|
|
let [_,ciphertext]=_encrypt(bs,key,salt);
|
|
|
let payload=[iters].concat(salt,ciphertext);
|
|
|
let signature=blake2s([VERSION].concat(payload),16,pass);
|
|
|
let arr=[VERSION].concat(signature,payload);
|
|
|
let signature=blake2s([VERSION,iters].concat(salt,ciphertext),16,key);
|
|
|
let arr=[VERSION,iters].concat(signature,salt,ciphertext);
|
|
|
return util.bytes2base64(arr);
|
|
|
}
|
|
|
|
|
@@ -21,14 +20,15 @@ function decrypt(s,password){
|
|
|
let pass=util.str2utf8(password);
|
|
|
let arr=util.base642bytes(s);
|
|
|
let version=arr[0];
|
|
|
let signature=arr.slice(1,17);
|
|
|
let iters=arr[17];
|
|
|
let iters=arr[1];
|
|
|
let signature=arr.slice(2,18);
|
|
|
let salt=arr.slice(18,30);
|
|
|
let ciphertext=arr.slice(30);
|
|
|
let check=blake2s([version,iters].concat(salt,ciphertext),16,pass);
|
|
|
|
|
|
let key=pbkdf2(pass,salt,1<<iters,32);
|
|
|
let check=blake2s([version,iters].concat(salt,ciphertext),16,key);
|
|
|
if(!signature.every((b,i)=>b===check[i])){return 1;}
|
|
|
if(version>VERSION){return 2;}
|
|
|
let key=pbkdf2(pass,salt,1<<iters,32);
|
|
|
let plainbytes=_decrypt(ciphertext,key,salt);
|
|
|
return util.utf82str(plainbytes);
|
|
|
}
|