box.open = function(doc) { if (turnedOff) return doc if (doc._id.match(/^permit\//)) return doc if (!(sender in doc.receivers)) return doc var permit = doc.receivers[sender] var key = nacl.box.open( nacl.util.decodeBase64(permit.encryptedKey), nacl.util.decodeBase64(permit.nonce), nacl.util.decodeBase64(doc.ephemeral), databaseKey.secretKey ) if (!key) throw('Decryption error') var data = nacl.secretbox.open( nacl.util.decodeBase64(doc.box), nacl.util.decodeBase64(doc.nonce), key ) if (!data) throw('Decryption error') var recs = Object.keys(doc.receivers) .reduce(function(memo, key) { memo[key] = true return memo }, {}) return assign(JSON.parse(nacl.util.encodeUTF8(data)), pick(doc, underscoreProperties), { receivers: recs }) }
handlePacket(msg, user) { msg.copy(nonce, 0, 0, 12); let data = NaCl.secretbox.open(msg.slice(12), nonce, this.connection.data.secret); if (!data) { /** * Emitted whenever a voice packet cannot be decrypted * @event VoiceReceiver#warn * @param {string} message The warning message */ this.emit('warn', 'Failed to decrypt voice packet'); return; } data = new Buffer(data); if (this.opusStreams.get(user.id)) this.opusStreams.get(user.id)._push(data); /** * Emitted whenever voice data is received from the voice connection. This is _always_ emitted (unlike PCM). * @event VoiceReceiver#opus * @param {User} user The user that is sending the buffer (is speaking) * @param {Buffer} buffer The opus buffer */ this.emit('opus', user, data); if (this.listenerCount('pcm') > 0 || this.pcmStreams.size > 0) { /** * Emits decoded voice data when it's received. For performance reasons, the decoding will only * happen if there is at least one `pcm` listener on this receiver. * @event VoiceReceiver#pcm * @param {User} user The user that is sending the buffer (is speaking) * @param {Buffer} buffer The decoded buffer */ const pcm = this.connection.player.opusEncoder.decode(data); if (this.pcmStreams.get(user.id)) this.pcmStreams.get(user.id)._push(pcm); this.emit('pcm', user, pcm); } }
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) { var secretbox = nacl.util.decodeBase64(encryptedKey.key); var nonce = nacl.util.decodeBase64(encryptedKey.nonce); var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey); return nacl_encodeHex(decryptedKey); };
scrypt(password, encryptedSecretKeyBundle.salt, encryptedSecretKeyBundle.logN, encryptedSecretKeyBundle.blockSize, dkLen, (derivedKey) => { const secretKey = tweetnacl.secretbox.open(encryptedSecretKeyBundle.encryptedSecretKey, encryptedSecretKeyBundle.nonce, new Uint8Array(derivedKey)); if (secretKey) { resolve(secretKey); } else { reject('Decryption of the encrypted secret key failed.'); } });
KeyStore._decryptString = function (encryptedStr, pwDerivedKey) { var secretbox = nacl.util.decodeBase64(encryptedStr.encStr); var nonce = nacl.util.decodeBase64(encryptedStr.nonce); var decryptedStr = nacl.secretbox.open(secretbox, nonce, pwDerivedKey); return nacl.util.encodeUTF8(decryptedStr); };
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) { var secretbox = nacl.util.decodeBase64(encryptedKey.key); var nonce = nacl.util.decodeBase64(encryptedKey.nonce); var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey); if (decryptedKey === undefined) { throw new Error("Decryption failed!"); } return nacl_encodeHex(decryptedKey); };
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) { var secretbox = nacl.util.decodeBase64(encryptedKey.key); var nonce = nacl.util.decodeBase64(encryptedKey.nonce); // console.log('secretbox:' + secretbox.toString()); // console.log('nonce:' + nonce.toString()); // console.log('pwDerivedKey:' + pwDerivedKey.toString()); var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey); // console.log(decryptedKey) // console.log(decryptedKey.toString()); return nacl_encodeHex(decryptedKey); };
KeyStore._decryptString = function (encryptedStr, pwDerivedKey) { var secretbox = nacl.util.decodeBase64(encryptedStr.encStr); var nonce = nacl.util.decodeBase64(encryptedStr.nonce); var decryptedStr = nacl.secretbox.open(secretbox, nonce, pwDerivedKey); if (decryptedStr === undefined) { throw new Error("Decryption failed!"); } return nacl.util.encodeUTF8(decryptedStr); };
_decrypt(packet) { if (this.voicews.mode != Constants.EncryptionModes.xsalsa20_poly1305) return packet; const header = packet.slice(0, 12); if (packet.length < 12 + 16) return header; header.copy(this.decryptionNonce); let decrypted = null; if (NACL_USE_TYPED_ARRAYS) { const audioDataView = new Uint8Array(Utils.createArrayBuffer(packet.slice(12))); const nonceView = new Uint8Array(Utils.createArrayBuffer(this.decryptionNonce)); decrypted = nacl.secretbox.open(audioDataView, nonceView, this.voicews.secret); } else { const audioData = packet.slice(12); const nonce = this.decryptionNonce; decrypted = nacl.secretbox.open(audioData, nonce, this.voicews.secret); } const decryptedPacket = new Buffer(packet.length - 16); header.copy(decryptedPacket); for (var i = 0, len = decrypted.length; i < len; i++) { decryptedPacket[12 + i] = decrypted[i]; } return decryptedPacket; }
exports.decode = function (str, options) { options || (options = {}) assert(typeof str === 'string') var lines = str.split(/\r?\n/), line, chunks = [] var tagFound = false, endFound = false, headerParsed = false, headerKey, headerValue var header = {} var beginRE = new RegExp('-----\\s*BEGIN' + (options.tag ? ' ' + options.tag : '') + '\\s*-----') var endRE = new RegExp('-----\\s*END' + (options.tag ? ' ' + options.tag : '') + '\\s*-----') while (lines.length) { var line = lines.shift() if (!tagFound) { var tagMatch = line.match(beginRE) if (tagMatch) tagFound = true } else if (!headerParsed) { if (!line) { headerParsed = true continue } else { var headerMatch = line.match(/^([^:]+): (.*)/) if (!headerMatch) { var headerContMatch = line.match(/^ (.{1,63})/) if (headerContMatch) { assert(headerValue) headerValue += headerContMatch[1].trim() } else { chunks.push(line) headerParsed = true } continue } if (headerValue) { header[headerKey] = headerValue } headerKey = headerMatch[1].toLowerCase() headerValue = headerMatch[2].trim() } } else { var endMatch = line.match(endRE) if (endMatch) { endFound = true break } chunks.push(line) } } if (headerValue) { header[headerKey] = headerValue } assert(tagFound) assert(endFound) var buf = Buffer(chunks.join(''), 'base64') if (header['dek-info'] && options.passphrase) { assert(typeof options.passphrase === 'string') var naclMatch = header['dek-info'].match(/^NACL-SCRYPT,(.*)/) if (naclMatch) { var nonce = Buffer(naclMatch[1], 'base64') var key = scrypt.hashSync(options.passphrase, nonce, { maxmem: options.maxmem || 32, cost: options.cost || Math.pow(2, 14), blockSize: options.blockSize || 8, parallel: options.parallel || 1, size: nacl.secretbox.keyLength }) var plaintext = nacl.secretbox.open(a(buf), a(nonce), a(key)) assert(plaintext, 'Bad passphrase') buf = Buffer(plaintext) } } return { headers: header, body: buf } };