cryptpad/www/file/file-crypto.js

define([
    '/bower_components/tweetnacl/nacl-fast.min.js',
], function () {
    var Nacl = window.nacl;
    var PARANOIA = true;

    var plainChunkLength = 128 * 1024;
    var cypherChunkLength = 131088;

    var computeEncryptedSize = function (bytes, meta) {
        var metasize = Nacl.util.decodeUTF8(JSON.stringify(meta)).length;
        var chunks = Math.ceil(bytes / plainChunkLength);
        return metasize + 18 + (chunks * 16) + bytes;
    };

    var encodePrefix = function (p) {
        return [
            65280, // 255 << 8
            255,
        ].map(function (n, i) {
            return (p & n) >> ((1 - i) * 8);
        });
    };
    var decodePrefix = function (A) {
        return (A[0] << 8) | A[1];
    };

    var slice = function (A) {
        return Array.prototype.slice.call(A);
    };

    var createNonce = function () {
        return new Uint8Array(new Array(24).fill(0));
    };

    var increment = function (N) {
        var l = N.length;
        while (l-- > 1) {
            if (PARANOIA) {
                if (typeof(N[l]) !== 'number') {
                    throw new Error('E_UNSAFE_TYPE');
                }
                if (N[l] > 255) {
                    throw new Error('E_OUT_OF_BOUNDS');
                }
            }
        /*  jshint probably suspects this is unsafe because we lack types
            but as long as this is only used on nonces, it should be safe  */
            if (N[l] !== 255) { return void N[l]++; } // jshint ignore:line
            N[l] = 0;

            // you don't need to worry about this running out.
            // you'd need a REAAAALLY big file
            if (l === 0) {
                throw new Error('E_NONCE_TOO_LARGE');
            }
        }
    };

    var joinChunks = function (chunks) {
        return new Blob(chunks);
    };

    var decryptMetadata = function (u8, key) {
        var prefix = u8.subarray(0, 2);
        var metadataLength = decodePrefix(prefix);

        var metaBox = new Uint8Array(u8.subarray(2, 2 + metadataLength));
        var metaChunk = Nacl.secretbox.open(metaBox, createNonce(), key);

        try {
            return JSON.parse(Nacl.util.encodeUTF8(metaChunk));
        }
        catch (e) { return null; }
    };

    var decrypt = function (u8, key, done, progress) {
        var MAX = u8.length;
        var _progress = function (offset) {
            if (typeof(progress) !== 'function') { return; }
            progress(Math.min(1, offset / MAX));
        };

        var nonce = createNonce();
        var i = 0;

        var prefix = u8.subarray(0, 2);
        var metadataLength = decodePrefix(prefix);

        var res = {
            metadata: undefined,
        };

        var metaBox = new Uint8Array(u8.subarray(2, 2 + metadataLength));

        var metaChunk = Nacl.secretbox.open(metaBox, nonce, key);
        increment(nonce);

        try {
            res.metadata = JSON.parse(Nacl.util.encodeUTF8(metaChunk));
        } catch (e) {
            return window.setTimeout(function () {
                done('E_METADATA_DECRYPTION');
            });
        }

        if (!res.metadata) {
            return void setTimeout(function () {
                done('NO_METADATA');
            });
        }

        var takeChunk = function (cb) {
            var start = i * cypherChunkLength + 2 + metadataLength;
            var end = start + cypherChunkLength;
            i++;
            var box = new Uint8Array(u8.subarray(start, end));

            // decrypt the chunk
            var plaintext = Nacl.secretbox.open(box, nonce, key);
            increment(nonce);

            if (!plaintext) { return cb('DECRYPTION_ERROR'); }

            _progress(end);
            cb(void 0, plaintext);
        };

        var chunks = [];

        var again = function () {
            takeChunk(function (e, plaintext) {
                if (e) {
                    return setTimeout(function () {
                        done(e);
                    });
                }
                if (plaintext) {
                    if (i * cypherChunkLength < u8.length) { // not done
                        chunks.push(plaintext);
                        return setTimeout(again);
                    }
                    chunks.push(plaintext);
                    res.content = joinChunks(chunks);
                    return done(void 0, res);
                }
                done('UNEXPECTED_ENDING');
            });
        };

        again();
    };

    // metadata
    /* { filename: 'raccoon.jpg', type: 'image/jpeg' } */
    var encrypt = function (u8, metadata, key) {
        var nonce = createNonce();

        // encode metadata
        var metaBuffer = Array.prototype.slice
            .call(Nacl.util.decodeUTF8(JSON.stringify(metadata)));

        var plaintext = new Uint8Array(metaBuffer);

        var i = 0;

        var state = 0;
        var next = function (cb) {
            if (state === 2) { return void cb(); }

            var start;
            var end;
            var part;
            var box;

            if (state === 0) { // metadata...
                part = new Uint8Array(plaintext);
                box = Nacl.secretbox(part, nonce, key);
                increment(nonce);

                if (box.length > 65535) {
                    return void cb('METADATA_TOO_LARGE');
                }
                var prefixed = new Uint8Array(encodePrefix(box.length)
                    .concat(slice(box)));
                state++;

                return void cb(void 0, prefixed);
            }

            // encrypt the rest of the file...
            start = i * plainChunkLength;
            end = start + plainChunkLength;

            part = u8.subarray(start, end);
            box = Nacl.secretbox(part, nonce, key);
            increment(nonce);
            i++;

            // regular data is done
            if (i * plainChunkLength >= u8.length) { state = 2; }

            return void cb(void 0, box);
        };

        return next;
    };

    return {
        decrypt: decrypt,
        encrypt: encrypt,
        joinChunks: joinChunks,
        computeEncryptedSize: computeEncryptedSize,
        decryptMetadata: decryptMetadata,
    };
});
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`define([`
			`'/bower_components/tweetnacl/nacl-fast.min.js',`
			`], function () {`
			`var Nacl = window.nacl;`
prepare for upload 2017-04-28 09:45:53 +00:00			`var PARANOIA = true;`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00
prepare for upload 2017-04-28 09:45:53 +00:00			`var plainChunkLength = 128 * 1024;`
			`var cypherChunkLength = 131088;`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00
try to estimate upload size 2017-05-10 16:57:25 +00:00			`var computeEncryptedSize = function (bytes, meta) {`
correctly estimate upload size 2017-05-12 10:12:51 +00:00			`var metasize = Nacl.util.decodeUTF8(JSON.stringify(meta)).length;`
try to estimate upload size 2017-05-10 16:57:25 +00:00			`var chunks = Math.ceil(bytes / plainChunkLength);`
correctly estimate upload size 2017-05-12 10:12:51 +00:00			`return metasize + 18 + (chunks * 16) + bytes;`
try to estimate upload size 2017-05-10 16:57:25 +00:00			`};`

prefer to use functions from common 2017-05-09 16:54:56 +00:00			`var encodePrefix = function (p) {`
			`return [`
			`65280, // 255 << 8`
			`255,`
			`].map(function (n, i) {`
			`return (p & n) >> ((1 - i) * 8);`
			`});`
			`};`
			`var decodePrefix = function (A) {`
			`return (A[0] << 8) \| A[1];`
			`};`

add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`var slice = function (A) {`
			`return Array.prototype.slice.call(A);`
			`};`

prepare for upload 2017-04-28 09:45:53 +00:00			`var createNonce = function () {`
			`return new Uint8Array(new Array(24).fill(0));`
			`};`

add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`var increment = function (N) {`
			`var l = N.length;`
			`while (l-- > 1) {`
prepare for upload 2017-04-28 09:45:53 +00:00			`if (PARANOIA) {`
			`if (typeof(N[l]) !== 'number') {`
			`throw new Error('E_UNSAFE_TYPE');`
			`}`
			`if (N[l] > 255) {`
			`throw new Error('E_OUT_OF_BOUNDS');`
			`}`
			`}`
			`/* jshint probably suspects this is unsafe because we lack types`
			`but as long as this is only used on nonces, it should be safe */`
			`if (N[l] !== 255) { return void N[l]++; } // jshint ignore:line`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`N[l] = 0;`
prepare for upload 2017-04-28 09:45:53 +00:00
			`// you don't need to worry about this running out.`
			`// you'd need a REAAAALLY big file`
blow up if you ever run out of nonce-space 2017-05-04 10:20:38 +00:00			`if (l === 0) {`
			`throw new Error('E_NONCE_TOO_LARGE');`
			`}`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`}`
			`};`

prepare for upload 2017-04-28 09:45:53 +00:00			`var joinChunks = function (chunks) {`
make file crypto great again 2017-05-22 10:04:47 +00:00			`return new Blob(chunks);`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`};`

push the rest of the code 2017-05-22 10:31:00 +00:00			`var decryptMetadata = function (u8, key) {`
			`var prefix = u8.subarray(0, 2);`
			`var metadataLength = decodePrefix(prefix);`

			`var metaBox = new Uint8Array(u8.subarray(2, 2 + metadataLength));`
			`var metaChunk = Nacl.secretbox.open(metaBox, createNonce(), key);`

			`try {`
			`return JSON.parse(Nacl.util.encodeUTF8(metaChunk));`
			`}`
			`catch (e) { return null; }`
			`};`

make file crypto great again 2017-05-22 10:04:47 +00:00			`var decrypt = function (u8, key, done, progress) {`
			`var MAX = u8.length;`
			`var _progress = function (offset) {`
			`if (typeof(progress) !== 'function') { return; }`
			`progress(Math.min(1, offset / MAX));`
new encrypted file format 2017-05-10 15:13:14 +00:00			`};`

prepare for upload 2017-04-28 09:45:53 +00:00			`var nonce = createNonce();`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`var i = 0;`
prepare for upload 2017-04-28 09:45:53 +00:00
new encrypted file format 2017-05-10 15:13:14 +00:00			`var prefix = u8.subarray(0, 2);`
			`var metadataLength = decodePrefix(prefix);`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00
			`var res = {`
			`metadata: undefined,`
			`};`

new encrypted file format 2017-05-10 15:13:14 +00:00			`var metaBox = new Uint8Array(u8.subarray(2, 2 + metadataLength));`

			`var metaChunk = Nacl.secretbox.open(metaBox, nonce, key);`
			`increment(nonce);`

			`try {`
			`res.metadata = JSON.parse(Nacl.util.encodeUTF8(metaChunk));`
			`} catch (e) {`
make file crypto great again 2017-05-22 10:04:47 +00:00			`return window.setTimeout(function () {`
			`done('E_METADATA_DECRYPTION');`
			`});`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`}`

			`if (!res.metadata) {`
			`return void setTimeout(function () {`
make file crypto great again 2017-05-22 10:04:47 +00:00			`done('NO_METADATA');`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`});`
			`}`

make file crypto great again 2017-05-22 10:04:47 +00:00			`var takeChunk = function (cb) {`
new encrypted file format 2017-05-10 15:13:14 +00:00			`var start = i * cypherChunkLength + 2 + metadataLength;`
			`var end = start + cypherChunkLength;`
			`i++;`
			`var box = new Uint8Array(u8.subarray(start, end));`

			`// decrypt the chunk`
			`var plaintext = Nacl.secretbox.open(box, nonce, key);`
			`increment(nonce);`
make file crypto great again 2017-05-22 10:04:47 +00:00
			`if (!plaintext) { return cb('DECRYPTION_ERROR'); }`

			`_progress(end);`
			`cb(void 0, plaintext);`
prepare for upload 2017-04-28 09:45:53 +00:00			`};`

add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`var chunks = [];`

make file crypto great again 2017-05-22 10:04:47 +00:00			`var again = function () {`
			`takeChunk(function (e, plaintext) {`
			`if (e) {`
			`return setTimeout(function () {`
			`done(e);`
			`});`
			`}`
			`if (plaintext) {`
			`if (i * cypherChunkLength < u8.length) { // not done`
			`chunks.push(plaintext);`
			`return setTimeout(again);`
			`}`
			`chunks.push(plaintext);`
			`res.content = joinChunks(chunks);`
			`return done(void 0, res);`
			`}`
			`done('UNEXPECTED_ENDING');`
			`});`
			`};`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00
make file crypto great again 2017-05-22 10:04:47 +00:00			`again();`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`};`

prepare for upload 2017-04-28 09:45:53 +00:00			`// metadata`
			`/* { filename: 'raccoon.jpg', type: 'image/jpeg' } */`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`var encrypt = function (u8, metadata, key) {`
prepare for upload 2017-04-28 09:45:53 +00:00			`var nonce = createNonce();`

			`// encode metadata`
			`var metaBuffer = Array.prototype.slice`
			`.call(Nacl.util.decodeUTF8(JSON.stringify(metadata)));`

new encrypted file format 2017-05-10 15:13:14 +00:00			`var plaintext = new Uint8Array(metaBuffer);`
prepare for upload 2017-04-28 09:45:53 +00:00
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`var i = 0;`
prepare for upload 2017-04-28 09:45:53 +00:00
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`var state = 0;`
			`var next = function (cb) {`
correctly estimate upload size 2017-05-12 10:12:51 +00:00			`if (state === 2) { return void cb(); }`

WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`var start;`
			`var end;`
			`var part;`
			`var box;`
prepare for upload 2017-04-28 09:45:53 +00:00
new encrypted file format 2017-05-10 15:13:14 +00:00			`if (state === 0) { // metadata...`
			`part = new Uint8Array(plaintext);`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`box = Nacl.secretbox(part, nonce, key);`
			`increment(nonce);`

new encrypted file format 2017-05-10 15:13:14 +00:00			`if (box.length > 65535) {`
			`return void cb('METADATA_TOO_LARGE');`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`}`
new encrypted file format 2017-05-10 15:13:14 +00:00			`var prefixed = new Uint8Array(encodePrefix(box.length)`
			`.concat(slice(box)));`
			`state++;`
try to estimate upload size 2017-05-10 16:57:25 +00:00
new encrypted file format 2017-05-10 15:13:14 +00:00			`return void cb(void 0, prefixed);`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`}`

			`// encrypt the rest of the file...`
prepare for upload 2017-04-28 09:45:53 +00:00			`start = i * plainChunkLength;`
			`end = start + plainChunkLength;`

WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`part = u8.subarray(start, end);`
prepare for upload 2017-04-28 09:45:53 +00:00			`box = Nacl.secretbox(part, nonce, key);`
			`increment(nonce);`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`i++;`
prepare for upload 2017-04-28 09:45:53 +00:00
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`// regular data is done`
			`if (i * plainChunkLength >= u8.length) { state = 2; }`

new encrypted file format 2017-05-10 15:13:14 +00:00			`return void cb(void 0, box);`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`};`
prepare for upload 2017-04-28 09:45:53 +00:00
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`return next;`
prepare for upload 2017-04-28 09:45:53 +00:00			`};`

add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`return {`
			`decrypt: decrypt,`
prepare for upload 2017-04-28 09:45:53 +00:00			`encrypt: encrypt,`
WIP support encrypted file upload via base64 chunks 2017-05-04 09:37:46 +00:00			`joinChunks: joinChunks,`
try to estimate upload size 2017-05-10 16:57:25 +00:00			`computeEncryptedSize: computeEncryptedSize,`
push the rest of the code 2017-05-22 10:31:00 +00:00			`decryptMetadata: decryptMetadata,`
add crypto for decrypting a chunked file 2017-04-27 10:56:42 +00:00			`};`
			`});`