zorin-e
5/16/2018 - 2:11 PM

Mibew encrypt messages

Diffie hellman, RSA

DH2.js
content_copyfile_download
import DH from 'diffie-hellman/lib/dh';
import BN from 'bn.js';
import randomBytes from 'randombytes';

/**
 *
 * Diffie hellman
 *
 */

// inheritance from DH
export default class DH2 extends DH {
	constructor(prime, gen) {
		super(prime, gen);
	}

	// override generateKeys
	generateKeys() {
		if (!this._priv) {
			this._priv = new BN(randomBytes(parseInt(this._primeLen / 8)));
		}
		this._pub = this._gen.toRed(this._prime).redPow(this._priv).fromRed();

		return this.getPublicKey();		
	}
}
MibewEncrypt.js
content_copyfile_download
import 'whatwg-fetch';
import JSEncrypt from 'jsencrypt';
import JSRSA from 'jsrsasign';
import CryptoJS from 'crypto-js';

// own modules
import DH from 'DH2';

export default class MibewEncrypt {
	constructor(primeObj, publicKey, cb) {
		this._primeObj = primeObj;
		this._publicKey = publicKey;
		this._key = [];
		this._cb = cb;
	}

	gen() {
		// gen keys
		const dh = new DH(this._primeObj.prime, this._primeObj.gen.toString());
		let key = dh.generateKeys();

		// set public key and encrypt
		const crypt = new JSEncrypt();
		crypt.setPublicKey(this._publicKey);

		// convert to hex
		key = key.toString('hex');
		const max = parseInt(key.length / 2);

		this._key.push(crypt.encrypt(key.slice(0, max)));
		this._key.push(crypt.encrypt(key.slice(max)));

		return this;
	}

	async getData(props) {
		try {
			// get B
			let response = await fetch(props.url, {
				credentials: 'same-origin',
				method: 'POST',
				headers: {
					'Content-Type': 'application/json'
				},
				body: JSON.stringify({
					A: this._key
				})
			});
			let data = await response.json();

			if(data.success == 1) {
				// conver B and signature
				const B = CryptoJS.enc.Base64.parse(data.B).toString(CryptoJS.enc.Utf8);
				const signature = CryptoJS.enc.Base64.parse(data.SN).toString(CryptoJS.enc.Hex);

				// verify
				const pubKey = JSRSA.KEYUTIL.getKey(this._publicKey);
				const isValid = pubKey.verify(B, signature);

				if(typeof isValid === 'boolean' && isValid) {
					// gen keys
					const dh = new DH(this._primeObj.prime, B);
					let key = dh.generateKeys();

					// set key to localStorage
					localStorage.setItem('K', key.toString('utf8'));

					// call callback
					this._cb();
				}
			}

		} catch(error) {
			throw new Error(error);
		}
	}
}
use.js
content_copyfile_download
import JSRSA from 'jsrsasign';
import CryptoJS from 'crypto-js';

// own modules
import MibewEncrypt from 'modules/MibewEncrypt';

const getRandomString = () => {
	let string = '';
	for(var i = 0; i < 100; i++) {
		string += Math.floor(Math.random() * 9)
	}

	return string;
}

// get session key K
const getSessionKeyK = () => localStorage.getItem('K');

// run encrypt
const mibewEncrypt = (cb) => ((primeObj, clubId, publicKey) => {
	if(getSessionKeyK()) return;
	const me = new MibewEncrypt(primeObj, publicKey, cb).gen();

	try {
		me.getData({
			url: `/admin/utils/crypto.php?gh_id=${clubId}`
		});
	} catch(error) {
		console.error(error);
	}
})(mibewDHPrime, ClubID, mibewRsaPublicKey);

/**
 *
 * ecrypting data that will send to server
 * @message data from mibew sendRequests
 *
 */

mibewEncrypt.encryptMessage = (message) => {
	const data = JSON.stringify({
		text: message,
		number: getRandomString()
	});

	const iv  = CryptoJS.enc.Hex.parse("00000000000000000000000000000000");

	return CryptoJS.AES.encrypt(data, getSessionKeyK(), {iv: iv, padding: CryptoJS.pad.Pkcs7}).toString();
}

mibewEncrypt.decryptMessage = (message) => CryptoJS.AES.decrypt(message, getSessionKeyK()).toString(CryptoJS.enc.Utf8)

// export to global scope
window.mibewEncrypt = mibewEncrypt;