-
Notifications
You must be signed in to change notification settings - Fork 0
/
scripts.js
223 lines (191 loc) · 7.03 KB
/
scripts.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
"use strict";
// Rate limiting variables
let requestCount = 0;
const REQUEST_LIMIT = 5; // Max requests allowed in a minute
const TIME_FRAME = 60000; // Time frame in milliseconds
function rateLimit() {
requestCount++;
if (requestCount > REQUEST_LIMIT) {
alert("Too many requests. Please try again later.");
return false; // Block the action
}
setTimeout(() => {
requestCount = 0; // Reset count after the time frame
}, TIME_FRAME);
return true; // Allow the action
}
// Strength Meter colors
const strengthColors = ['red', 'orange', 'yellow', 'green'];
function checkPasswordStrength() {
const password = document.getElementById('encryptPassword').value;
const message = document.getElementById('passwordStrengthMessage');
const meter = document.getElementById('passwordStrengthMeter');
const strength = calculatePasswordStrength(password);
const width = (strength * 100) + '%';
meter.style.width = width;
if (strength < 0.5) {
message.textContent = "Weak password. Please strengthen it.";
message.style.color = 'red';
meter.style.backgroundColor = strengthColors[0];
} else if (strength < 0.75) {
message.textContent = "Moderate password. Consider making it stronger.";
message.style.color = 'orange';
meter.style.backgroundColor = strengthColors[1];
} else {
message.textContent = "Strong password!";
message.style.color = 'green';
meter.style.backgroundColor = strengthColors[3];
}
}
function calculatePasswordStrength(password) {
let score = 0;
const criteria = [
/.{16,}/, // At least 16 characters
/[a-z]/, // Lowercase
/[A-Z]/, // Uppercase
/\d/, // Number
/[!@#$%^&*(),.?":{}|<>]/ // Special character
];
criteria.forEach((regex) => {
if (regex.test(password)) {
score += 0.2;
}
});
return score;
}
async function deriveKeyHKDF(password, salt) {
const enc = new TextEncoder();
const keyMaterial = await window.crypto.subtle.importKey(
'raw',
enc.encode(password),
{ name: 'PBKDF2' },
false,
['deriveKey']
);
return await window.crypto.subtle.deriveKey(
{
name: 'PBKDF2',
salt: salt,
iterations: 200000, // Increased iterations for stronger key derivation
hash: 'SHA-256',
},
keyMaterial,
{ name: 'AES-GCM', length: 256 },
false,
['encrypt', 'decrypt']
);
}
async function encryptMessage() {
if (!rateLimit()) return; // Check rate limit
const password = document.getElementById('encryptPassword').value;
const message = document.getElementById('message').value;
// Create salt and IV
const salt = window.crypto.getRandomValues(new Uint8Array(16));
const iv = window.crypto.getRandomValues(new Uint8Array(12));
// Derive the encryption key
const key = await deriveKeyHKDF(password, salt);
// Encode the message
const enc = new TextEncoder();
const ciphertext = await window.crypto.subtle.encrypt(
{
name: 'AES-GCM',
iv: iv,
},
key,
enc.encode(message)
);
// Derive a separate key for HMAC
const hmacKey = await window.crypto.subtle.importKey(
'raw',
enc.encode(password),
{ name: 'HMAC', hash: 'SHA-256' },
false,
['sign']
);
// Create HMAC for integrity check
const hmac = await window.crypto.subtle.sign('HMAC', hmacKey, ciphertext);
// Combine salt, IV, HMAC, and ciphertext into the result buffer
const resultBuffer = new Uint8Array(
salt.byteLength + iv.byteLength + hmac.byteLength + ciphertext.byteLength
);
resultBuffer.set(salt, 0);
resultBuffer.set(iv, salt.byteLength);
resultBuffer.set(new Uint8Array(hmac), salt.byteLength + iv.byteLength);
resultBuffer.set(new Uint8Array(ciphertext), salt.byteLength + iv.byteLength + hmac.byteLength);
// Encode the result into a base64 string
document.getElementById('encryptResult').value = btoa(String.fromCharCode.apply(null, resultBuffer));
// Clear the password and message from memory for security reasons
clearSensitiveData(['encryptPassword', 'message']);
}
async function decryptMessage() {
if (!rateLimit()) return; // Check rate limit
const password = document.getElementById('decryptPassword').value;
const result = document.getElementById('encryptedMessage').value;
if (!result) {
alert('Please enter an encrypted message to decrypt.');
return;
}
// Decode the base64 result back into a Uint8Array
const data = new Uint8Array(atob(result).split("").map(char => char.charCodeAt(0)));
// Extract salt, IV, HMAC, and ciphertext
const salt = data.slice(0, 16);
const iv = data.slice(16, 28);
const hmac = data.slice(28, 60);
const ciphertext = data.slice(60);
// Derive the encryption key from the password and salt
const key = await deriveKeyHKDF(password, salt);
// Import HMAC key for verification
const hmacKey = await window.crypto.subtle.importKey(
'raw',
new TextEncoder().encode(password),
{ name: 'HMAC', hash: 'SHA-256' },
false,
['verify']
);
// Verify the HMAC to ensure integrity
const isValidHmac = await window.crypto.subtle.verify(
'HMAC',
hmacKey,
hmac,
ciphertext
);
if (!isValidHmac) {
alert('Message authentication failed! The data may have been tampered with.');
return;
}
// Decrypt the ciphertext
try {
const decryptedMessage = await window.crypto.subtle.decrypt(
{
name: 'AES-GCM',
iv: iv,
},
key,
ciphertext
);
const dec = new TextDecoder();
document.getElementById('decryptResult').value = dec.decode(decryptedMessage);
} catch (e) {
alert('Decryption failed. Invalid password or corrupted message.');
}
// Clear the password and encrypted message from memory for security reasons
clearSensitiveData(['decryptPassword', 'encryptedMessage']);
}
function clearSensitiveData(ids) {
ids.forEach(id => {
const element = document.getElementById(id);
if (element) {
element.value = '';
}
});
}
document.getElementById('encryptButton').addEventListener('click', encryptMessage);
document.getElementById('decryptButton').addEventListener('click', decryptMessage);
document.getElementById('showDecrypt').addEventListener('click', function() {
document.getElementById('encryptSection').classList.add('hidden');
document.getElementById('decryptSection').classList.remove('hidden');
});
document.getElementById('showEncrypt').addEventListener('click', function() {
document.getElementById('decryptSection').classList.add('hidden');
document.getElementById('encryptSection').classList.remove('hidden');
});