Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
let sharedKey =
ECKCDSA.sharedkey(
Converter.convertHexStringToByteArray(privateKey),
Converter.convertHexStringToByteArray(recipientPublicKey)
);
// Create random nonce
let random_bytes = CryptoJS.lib.WordArray.random(32);
let r_nonce = Converter.convertWordArrayToUint8Array(random_bytes);
// combine
for (let i = 0; i < 32; i++) {
sharedKey[i] ^= r_nonce[i];
}
// hash shared key
let key = CryptoJS.SHA256(Converter.convertByteArrayToWordArray(sharedKey));
// ENCRYPT
let iv = CryptoJS.lib.WordArray.random(16);
let messageB64 = CryptoJS.AES.encrypt(message, key.toString(), {iv: iv}).toString();
// convert base 64 to hex due to node limitation
let messageHex = iv.toString(CryptoJS.enc.Hex) + CryptoJS.enc.Base64.parse(messageB64.ciphertext).toString(CryptoJS.enc.Hex);
// Uint 8 to hex
let nonce = random_bytes.toString(CryptoJS.enc.Hex);
// return encrypted pair
resolve({ m: messageHex, n: nonce })
})
})
}
if (!room) {
return
}
if (typeof message_obj == 'string') {
message_obj = { content: message_obj }
}
const message = Object.assign({}, message_obj)
// set timestamp
message.created = Date.now()
if (!validateMessage(message)) {
return false
}
const key = this.convs[room_id].keys[0]
const iv = CryptoJS.lib.WordArray.random(16)
const message_str = JSON.stringify(message)
const sha_sub = CryptoJS.enc.Base64.stringify(
CryptoJS.SHA1(message_str)
).substr(0, 6)
const encmsg = CryptoJS.AES.encrypt(message_str + sha_sub, key, {
iv: iv
}).toString()
const iv_str = CryptoJS.enc.Base64.stringify(iv)
this._sending_message = true
// include a random iv str so that people can't match strings of the same message
await room.add([
{ type: 'msg', emsg: encmsg, i: iv_str, address: this.account_key }
])
this._sending_message = false
return room_id
}
function encrypt (msg, password) {
var salt = CryptoJS.lib.WordArray.random(128/8);
var key = CryptoJS.PBKDF2(password, salt, {
keySize: keySize/32,
iterations: iterations
});
var iv = CryptoJS.lib.WordArray.random(128/8);
var encrypted = CryptoJS.AES.encrypt(msg, key, {
iv: iv,
padding: CryptoJS.pad.Pkcs7,
mode: CryptoJS.mode.CBC
});
// salt, iv will be hex 32 in length
// append them to the ciphertext for use in decryption
var encryptedMsg = salt.toString()+ iv.toString() + encrypted.toString();
return encryptedMsg;
}
return
}
if (typeof message_obj == 'string') {
message_obj = { content: message_obj }
}
const message = Object.assign({}, message_obj)
// set timestamp
message.created = Date.now()
if (!validateMessage(message)) {
debug('ERR: invalid message')
return false
}
const key = this.convs[room_id].keys[0]
const iv = CryptoJS.lib.WordArray.random(16)
const message_str = JSON.stringify(message)
const sha_sub = CryptoJS.enc.Base64.stringify(
CryptoJS.SHA1(message_str)
).substr(0, 6)
const encmsg = CryptoJS.AES.encrypt(message_str + sha_sub, key, {
iv: iv
}).toString()
const iv_str = CryptoJS.enc.Base64.stringify(iv)
this._sending_message = true
// include a random iv str so that people can't match strings of the same message
await room.add([
{ type: 'msg', emsg: encmsg, i: iv_str, address: this.account_key }
])
debug('room.add OK')
this._sending_message = false
return room_id
static parse(jsonStr) {
// parse json string
let jsonObj = JSON.parse(jsonStr);
// extract ciphertext from json object, and create cipher params object
let cipherParams = CryptoJS.lib.CipherParams.create({
ciphertext: CryptoJS.enc.Base64.parse(jsonObj.ct)
});
// optionally extract iv and salt
if (jsonObj.iv) {
cipherParams.iv = CryptoJS.enc.Hex.parse(jsonObj.iv)
}
if (jsonObj.s) {
cipherParams.salt = CryptoJS.enc.Hex.parse(jsonObj.s)
}
return cipherParams;
}
}
Plugin.prototype.parse = function (jsonStr) {
// parse json string
var jsonObj = this.jParse(jsonStr);
// extract ciphertext from json object, and create cipher params object
var cipherParams = CryptoJS.lib.CipherParams.create({
ciphertext: CryptoJS.enc.Base64.parse(jsonObj.ct)
});
// optionally extract iv and salt
if (jsonObj.iv) {
cipherParams.iv = CryptoJS.enc.Hex.parse(jsonObj.iv);
}
if (jsonObj.s) {
cipherParams.salt = CryptoJS.enc.Hex.parse(jsonObj.s);
}
return cipherParams;
};
PDFSecurity.generateRandomWordArray = bytes => {
const words = [];
for (let i = 0; i < bytes; i++) {
words.push(0x00010203);
}
return new CryptoJS.lib.WordArray.init(words, bytes);
};
async claim(obj, pkey) {
var did = this.getDid(pkey);
if (!this.storeData[did]) {
this.storeData[did] = new Array();
}
var index = CryptoJS.enc.Base64.stringify(CryptoJS.lib.WordArray.random(64));
this.storeData[did][index] = obj;
return index;
}