refactored crypto

src/js/crypto/crypto.js

@@ -2,7 +2,7 @@
  * High level crypto api that invokes native crypto (if available) and
  * gracefully degrades to JS crypto (if unavailable)
  */
-define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypto-batch'], function(util, aes, rsa, cryptoBatch) {
+define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypto-batch', 'js/crypto/pbkdf2'], function(util, aes, rsa, cryptoBatch, pbkdf2) {
 	'use strict';
 
 	var self = {};
@@ -26,7 +26,7 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 		self.rsaKeySize = args.rsaKeySize;
 
 		// derive PBKDF2 from password in web worker thread
-		self.deriveKey(args.password, self.keySize, function(err, pbkdf2) {
+		self.deriveKey(args.password, self.keySize, function(err, derivedKey) {
 			if (err) {
 				callback(err);
 				return;
@@ -35,15 +35,15 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 			// check if key exists
 			if (!args.storedKeypair) {
 				// generate keys, encrypt and persist if none exists
-				generateKeypair(pbkdf2);
+				generateKeypair(derivedKey);
 			} else {
 				// decrypt key
-				decryptKeypair(args.storedKeypair, pbkdf2);
+				decryptKeypair(args.storedKeypair, derivedKey);
 			}
 
 		});
 
-		function generateKeypair(pbkdf2) {
+		function generateKeypair(derivedKey) {
 			// generate RSA keypair in web worker
 			rsa.generateKeypair(self.rsaKeySize, function(err, generatedKeypair) {
 				if (err) {
@@ -53,7 +53,7 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 
 				// encrypt keypair
 				var iv = util.random(self.ivSize);
-				var encryptedPrivateKey = aes.encrypt(generatedKeypair.privkeyPem, pbkdf2, iv);
+				var encryptedPrivateKey = aes.encrypt(generatedKeypair.privkeyPem, derivedKey, iv);
 
 				// new encrypted keypair object
 				var newKeypair = {
@@ -75,7 +75,7 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 			});
 		}
 
-		function decryptKeypair(storedKeypair, pbkdf2) {
+		function decryptKeypair(storedKeypair, derivedKey) {
 			var decryptedPrivateKey;
 
 			// validate input
@@ -86,10 +86,10 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 				return;
 			}
 
-			// try to decrypt with pbkdf2
+			// try to decrypt with derivedKey
 			try {
 				var prK = storedKeypair.privateKey;
-				decryptedPrivateKey = aes.decrypt(prK.encryptedKey, pbkdf2, prK.iv);
+				decryptedPrivateKey = aes.decrypt(prK.encryptedKey, derivedKey, prK.iv);
 			} catch (ex) {
 				callback({
 					errMsg: 'Wrong password!'
@@ -111,7 +111,6 @@ define(['cryptoLib/util', 'cryptoLib/aes-cbc', 'cryptoLib/rsa', 'cryptoLib/crypt
 			password: password,
 			keySize: keySize
 		}, callback, function() {
-			var pbkdf2 = new app.crypto.PBKDF2();
 			return pbkdf2.getKey(password, keySize);
 		});
 	};

src/js/crypto/pbkdf2.js

@@ -1,16 +1,18 @@
 /**
  * A Wrapper for Forge's PBKDF2 function
  */
-app.crypto.PBKDF2 = function() {
+define(['forge'], function(forge) {
 	'use strict';
 
+	var self = {};
+
 	/**
 	 * PBKDF2-HMAC-SHA1 key derivation with a constant salt and 1000 iterations
 	 * @param password [String] The password in UTF8
 	 * @param keySize [Number] The key size in bits
 	 * @return [String] The base64 encoded key
 	 */
-	this.getKey = function(password, keySize) {
+	self.getKey = function(password, keySize) {
 		var salt = forge.util.decode64("vbhmLjC+Ub6MSbhS6/CkOwxB25wvwRkSLP2DzDtYb+4=");
 		var key = forge.pkcs5.pbkdf2(password, salt, 1000, keySize / 8);
 		var keyBase64 = forge.util.encode64(key);
@@ -18,4 +20,5 @@ app.crypto.PBKDF2 = function() {
 		return keyBase64;
 	};
 
-};
+	return self;
+});

src/js/model/email-model.js

@@ -1,4 +1,4 @@
-(function() {
+define(['backbone'], function(Backbone) {
 	'use strict';
 
 	app.model.Email = Backbone.Model.extend({
@@ -24,4 +24,4 @@
 
 	});
 
-}());
+});

test/test-data.js

@@ -1,4 +1,4 @@
-define(['cryptoLib/util'], function(util) {
+define(['cryptoLib/util', 'js/model/email-model'], function(util) {
 	'use strict';
 
 	var self = {};

test/unit/crypto-test.js

@@ -1,8 +1,9 @@
+define(['js/crypto/crypto', 'cryptoLib/util', 'test/test-data'], function(crypto, util, testData) {
 	'use strict';
 
 	module("Crypto Api");
 
-var crypto_test = {
+	var cryptoTest = {
 		user: 'crypto_test@example.com',
 		password: 'Password',
 		keySize: 128,
@@ -12,22 +13,20 @@ var crypto_test = {
 
 	asyncTest("Init without keypair", 4, function() {
 		// init dependencies
-	crypto_test.util = new cryptoLib.Util(window, uuid);
+		ok(crypto, 'Crypto');
-	crypto_test.crypto = new app.crypto.Crypto(window, crypto_test.util);
-	ok(crypto_test.crypto, 'Crypto');
 
 		// test without passing keys
-	crypto_test.crypto.init({
+		crypto.init({
-		emailAddress: crypto_test.user,
+			emailAddress: cryptoTest.user,
-		password: crypto_test.password,
+			password: cryptoTest.password,
-		keySize: crypto_test.keySize,
+			keySize: cryptoTest.keySize,
-		rsaKeySize: crypto_test.rsaKeySize
+			rsaKeySize: cryptoTest.rsaKeySize
 		}, function(err, generatedKeypair) {
 			ok(!err && generatedKeypair, 'Init crypto without keypair input');
 			var pk = generatedKeypair.publicKey;
 			ok(pk._id && pk.userId, 'Key ID: ' + pk._id);
 			ok(pk.publicKey.indexOf('-----BEGIN PUBLIC KEY-----') === 0, pk.publicKey);
-		crypto_test.generatedKeypair = generatedKeypair;
+			cryptoTest.generatedKeypair = generatedKeypair;
 
 			start();
 		});
@@ -35,12 +34,12 @@ asyncTest("Init without keypair", 4, function() {
 
 	asyncTest("Init with keypair", 1, function() {
 		// test with passing keypair
-	crypto_test.crypto.init({
+		crypto.init({
-		emailAddress: crypto_test.user,
+			emailAddress: cryptoTest.user,
-		password: crypto_test.password,
+			password: cryptoTest.password,
-		keySize: crypto_test.keySize,
+			keySize: cryptoTest.keySize,
-		rsaKeySize: crypto_test.rsaKeySize,
+			rsaKeySize: cryptoTest.rsaKeySize,
-		storedKeypair: crypto_test.generatedKeypair
+			storedKeypair: cryptoTest.generatedKeypair
 		}, function(err, generatedKeypair) {
 			ok(!err && !generatedKeypair, 'Init crypto with keypair input');
 
@@ -49,9 +48,9 @@ asyncTest("Init with keypair", 1, function() {
 	});
 
 	asyncTest("PBKDF2 (Async/Worker)", 2, function() {
-	crypto_test.crypto.deriveKey(crypto_test.password, crypto_test.keySize, function(err, key) {
+		crypto.deriveKey(cryptoTest.password, cryptoTest.keySize, function(err, key) {
 			ok(!err);
-		equal(crypto_test.util.base642Str(key).length * 8, crypto_test.keySize, 'Keysize ' + crypto_test.keySize);
+			equal(util.base642Str(key).length * 8, cryptoTest.keySize, 'Keysize ' + cryptoTest.keySize);
 
 			start();
 		});
@@ -60,14 +59,14 @@ asyncTest("PBKDF2 (Async/Worker)", 2, function() {
 	asyncTest("AES en/decrypt (Async/Worker)", 4, function() {
 		var secret = 'Big secret';
 
-	var key = crypto_test.util.random(crypto_test.keySize);
+		var key = util.random(cryptoTest.keySize);
-	var iv = crypto_test.util.random(crypto_test.ivSize);
+		var iv = util.random(cryptoTest.ivSize);
 
-	crypto_test.crypto.aesEncrypt(secret, key, iv, function(err, ciphertext) {
+		crypto.aesEncrypt(secret, key, iv, function(err, ciphertext) {
 			ok(!err);
 			ok(ciphertext, 'Encrypt item');
 
-		crypto_test.crypto.aesDecrypt(ciphertext, key, iv, function(err, decrypted) {
+			crypto.aesDecrypt(ciphertext, key, iv, function(err, decrypted) {
 				ok(!err);
 				equal(decrypted, secret, 'Decrypt item');
 
@@ -78,17 +77,17 @@ asyncTest("AES en/decrypt (Async/Worker)", 4, function() {
 
 	asyncTest("AES/RSA encrypt batch for User (Async/Worker)", 2, function() {
 		// generate test data
-	var collection, td = new TestData();
+		var collection;
 
-	collection = td.getEmailCollection(10);
+		collection = testData.getEmailCollection(10);
-	crypto_test.list = collection.toJSON();
+		cryptoTest.list = collection.toJSON();
 
-	var receiverPubkeys = [crypto_test.generatedKeypair.publicKey];
+		var receiverPubkeys = [cryptoTest.generatedKeypair.publicKey];
 
-	crypto_test.crypto.encryptListForUser(crypto_test.list, receiverPubkeys, function(err, encryptedList) {
+		crypto.encryptListForUser(cryptoTest.list, receiverPubkeys, function(err, encryptedList) {
 			ok(!err && encryptedList, 'Encrypt list for user');
-		equal(encryptedList.length, crypto_test.list.length, 'Length of list');
+			equal(encryptedList.length, cryptoTest.list.length, 'Length of list');
-		crypto_test.encryptedList = encryptedList;
+			cryptoTest.encryptedList = encryptedList;
 
 			start();
 		});
@@ -96,13 +95,15 @@ asyncTest("AES/RSA encrypt batch for User (Async/Worker)", 2, function() {
 
 	asyncTest("AES/RSA decrypt batch for User (Async/Worker)", 3, function() {
 
-	var senderPubkeys = [crypto_test.generatedKeypair.publicKey];
+		var senderPubkeys = [cryptoTest.generatedKeypair.publicKey];
 
-	crypto_test.crypto.decryptListForUser(crypto_test.encryptedList, senderPubkeys, function(err, decryptedList) {
+		crypto.decryptListForUser(cryptoTest.encryptedList, senderPubkeys, function(err, decryptedList) {
 			ok(!err && decryptedList, 'Decrypt list');
-		equal(decryptedList.length, crypto_test.list.length, 'Length of list');
+			equal(decryptedList.length, cryptoTest.list.length, 'Length of list');
-		deepEqual(decryptedList, crypto_test.list, 'Decrypted list is correct');
+			deepEqual(decryptedList, cryptoTest.list, 'Decrypted list is correct');
 
 			start();
 		});
 	});
+
+});

test/unit/main.js

@@ -25,7 +25,8 @@ function startTests() {
 			'test/unit/aes-test',
 			'test/unit/rsa-test',
 			'test/unit/lawnchair-dao-test',
-			'test/unit/keychain-dao-test'
+			'test/unit/keychain-dao-test',
+			'test/unit/crypto-test'
 	], function() {
 		//Tests loaded, run tests
 		QUnit.start();