box.open = function(doc) {
if (turnedOff) return doc
if (doc._id.match(/^permit\//)) return doc
if (!(sender in doc.receivers)) return doc
var permit = doc.receivers[sender]
var key = nacl.box.open(
nacl.util.decodeBase64(permit.encryptedKey),
nacl.util.decodeBase64(permit.nonce),
nacl.util.decodeBase64(doc.ephemeral),
databaseKey.secretKey
)
if (!key) throw('Decryption error')
var data = nacl.secretbox.open(
nacl.util.decodeBase64(doc.box),
nacl.util.decodeBase64(doc.nonce),
key
)
if (!data) throw('Decryption error')
var recs = Object.keys(doc.receivers)
.reduce(function(memo, key) {
memo[key] = true
return memo
}, {})
return assign(JSON.parse(nacl.util.encodeUTF8(data)),
pick(doc, underscoreProperties), {
receivers: recs
})
}
handlePacket(msg, user) {
msg.copy(nonce, 0, 0, 12);
let data = NaCl.secretbox.open(msg.slice(12), nonce, this.connection.data.secret);
if (!data) {
/**
* Emitted whenever a voice packet cannot be decrypted
* @event VoiceReceiver#warn
* @param {string} message The warning message
*/
this.emit('warn', 'Failed to decrypt voice packet');
return;
}
data = new Buffer(data);
if (this.opusStreams.get(user.id)) this.opusStreams.get(user.id)._push(data);
/**
* Emitted whenever voice data is received from the voice connection. This is _always_ emitted (unlike PCM).
* @event VoiceReceiver#opus
* @param {User} user The user that is sending the buffer (is speaking)
* @param {Buffer} buffer The opus buffer
*/
this.emit('opus', user, data);
if (this.listenerCount('pcm') > 0 || this.pcmStreams.size > 0) {
/**
* Emits decoded voice data when it's received. For performance reasons, the decoding will only
* happen if there is at least one `pcm` listener on this receiver.
* @event VoiceReceiver#pcm
* @param {User} user The user that is sending the buffer (is speaking)
* @param {Buffer} buffer The decoded buffer
*/
const pcm = this.connection.player.opusEncoder.decode(data);
if (this.pcmStreams.get(user.id)) this.pcmStreams.get(user.id)._push(pcm);
this.emit('pcm', user, pcm);
}
}
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) {
var secretbox = nacl.util.decodeBase64(encryptedKey.key);
var nonce = nacl.util.decodeBase64(encryptedKey.nonce);
var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey);
return nacl_encodeHex(decryptedKey);
};
scrypt(password, encryptedSecretKeyBundle.salt, encryptedSecretKeyBundle.logN, encryptedSecretKeyBundle.blockSize, dkLen, (derivedKey) => {
const secretKey = tweetnacl.secretbox.open(encryptedSecretKeyBundle.encryptedSecretKey, encryptedSecretKeyBundle.nonce, new Uint8Array(derivedKey));
if (secretKey) {
resolve(secretKey);
} else {
reject('Decryption of the encrypted secret key failed.');
}
});
KeyStore._decryptString = function (encryptedStr, pwDerivedKey) {
var secretbox = nacl.util.decodeBase64(encryptedStr.encStr);
var nonce = nacl.util.decodeBase64(encryptedStr.nonce);
var decryptedStr = nacl.secretbox.open(secretbox, nonce, pwDerivedKey);
return nacl.util.encodeUTF8(decryptedStr);
};
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) {
var secretbox = nacl.util.decodeBase64(encryptedKey.key);
var nonce = nacl.util.decodeBase64(encryptedKey.nonce);
var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey);
if (decryptedKey === undefined) {
throw new Error("Decryption failed!");
}
return nacl_encodeHex(decryptedKey);
};
KeyStore._decryptKey = function (encryptedKey, pwDerivedKey) {
var secretbox = nacl.util.decodeBase64(encryptedKey.key);
var nonce = nacl.util.decodeBase64(encryptedKey.nonce);
// console.log('secretbox:' + secretbox.toString());
// console.log('nonce:' + nonce.toString());
// console.log('pwDerivedKey:' + pwDerivedKey.toString());
var decryptedKey = nacl.secretbox.open(secretbox, nonce, pwDerivedKey);
// console.log(decryptedKey)
// console.log(decryptedKey.toString());
return nacl_encodeHex(decryptedKey);
};
KeyStore._decryptString = function (encryptedStr, pwDerivedKey) {
var secretbox = nacl.util.decodeBase64(encryptedStr.encStr);
var nonce = nacl.util.decodeBase64(encryptedStr.nonce);
var decryptedStr = nacl.secretbox.open(secretbox, nonce, pwDerivedKey);
if (decryptedStr === undefined) {
throw new Error("Decryption failed!");
}
return nacl.util.encodeUTF8(decryptedStr);
};
_decrypt(packet) {
if (this.voicews.mode != Constants.EncryptionModes.xsalsa20_poly1305)
return packet;
const header = packet.slice(0, 12);
if (packet.length < 12 + 16)
return header;
header.copy(this.decryptionNonce);
let decrypted = null;
if (NACL_USE_TYPED_ARRAYS) {
const audioDataView =
new Uint8Array(Utils.createArrayBuffer(packet.slice(12)));
const nonceView =
new Uint8Array(Utils.createArrayBuffer(this.decryptionNonce));
decrypted =
nacl.secretbox.open(audioDataView, nonceView, this.voicews.secret);
} else {
const audioData = packet.slice(12);
const nonce = this.decryptionNonce;
decrypted =
nacl.secretbox.open(audioData, nonce, this.voicews.secret);
}
const decryptedPacket = new Buffer(packet.length - 16);
header.copy(decryptedPacket);
for (var i = 0, len = decrypted.length; i < len; i++) {
decryptedPacket[12 + i] = decrypted[i];
}
return decryptedPacket;
}
exports.decode = function (str, options) {
options || (options = {})
assert(typeof str === 'string')
var lines = str.split(/\r?\n/), line, chunks = []
var tagFound = false, endFound = false, headerParsed = false, headerKey, headerValue
var header = {}
var beginRE = new RegExp('-----\\s*BEGIN' + (options.tag ? ' ' + options.tag : '') + '\\s*-----')
var endRE = new RegExp('-----\\s*END' + (options.tag ? ' ' + options.tag : '') + '\\s*-----')
while (lines.length) {
var line = lines.shift()
if (!tagFound) {
var tagMatch = line.match(beginRE)
if (tagMatch) tagFound = true
}
else if (!headerParsed) {
if (!line) {
headerParsed = true
continue
}
else {
var headerMatch = line.match(/^([^:]+): (.*)/)
if (!headerMatch) {
var headerContMatch = line.match(/^ (.{1,63})/)
if (headerContMatch) {
assert(headerValue)
headerValue += headerContMatch[1].trim()
}
else {
chunks.push(line)
headerParsed = true
}
continue
}
if (headerValue) {
header[headerKey] = headerValue
}
headerKey = headerMatch[1].toLowerCase()
headerValue = headerMatch[2].trim()
}
}
else {
var endMatch = line.match(endRE)
if (endMatch) {
endFound = true
break
}
chunks.push(line)
}
}
if (headerValue) {
header[headerKey] = headerValue
}
assert(tagFound)
assert(endFound)
var buf = Buffer(chunks.join(''), 'base64')
if (header['dek-info'] && options.passphrase) {
assert(typeof options.passphrase === 'string')
var naclMatch = header['dek-info'].match(/^NACL-SCRYPT,(.*)/)
if (naclMatch) {
var nonce = Buffer(naclMatch[1], 'base64')
var key = scrypt.hashSync(options.passphrase, nonce, {
maxmem: options.maxmem || 32,
cost: options.cost || Math.pow(2, 14),
blockSize: options.blockSize || 8,
parallel: options.parallel || 1,
size: nacl.secretbox.keyLength
})
var plaintext = nacl.secretbox.open(a(buf), a(nonce), a(key))
assert(plaintext, 'Bad passphrase')
buf = Buffer(plaintext)
}
}
return {
headers: header,
body: buf
}
};