implements authenticated encryption

bower.json

@@ -15,6 +15,7 @@
     "mocha": "~1.18.2",
     "chai": "~1.9.1",
     "crypto-js": "http://crypto-js.googlecode.com/files/CryptoJS%20v3.1.2.zip",
+    "sjcl":"1.0.0",
     "file-saver": "*"
   }
 }

config.template.js

@@ -10,12 +10,18 @@ var config = {
     //port: 10009,
     //path: '/',
      //
-    key: 'g23ihfh82h35rf',
+    key: 'g23ihfh82h35rf', // api key for the peerjs server
-    host:'162.242.219.26',
+    host:'162.242.219.26', // peerjs server
     port:10009,
     path: '/',
     maxPeers: 15,
-    debug: 3
+//    debug: 3,
+    sjclParams: {
+      salt: 'cc295e13e14edcc0', // choose your own salt (hex string)
+      iter:500,
+      mode:'ccm',
+      ts:parseInt(64),   
+    }
   },
   limits: {
     totalCopayers: 10,

index.html

@@ -518,6 +518,7 @@
     <script src="lib/bitcore.js"></script>
     <script src="lib/crypto-js/rollups/aes.js"></script>
     <script src="lib/file-saver/FileSaver.js"></script>
+    <script src="lib/sjcl/sjcl.js"></script>
     <script src="lib/socket.io.js"></script>
     <script src="js/copayBundle.js"></script>
 

js/models/network/WebRTC.js

@@ -24,6 +24,12 @@ function Network(opts) {
   this.debug          = opts.debug || 3;
   this.maxPeers       = opts.maxPeers || 10;
   this.opts           = { key: opts.key };
+  this.sjclParams     = opts.sjclParams || {
+    salt: 'f28bfb49ef70573c',
+    iter:500,
+    mode:'ccm',
+    ts:parseInt(64),   
+  };
 
   // For using your own peerJs server
   ['port', 'host', 'path', 'debug'].forEach(function(k) {
@@ -152,10 +158,11 @@ Network.prototype._addCopayer = function(copayerId, isInbound) {
 
 
 
-Network.prototype._onData = function(data, isInbound, peerId) {
+Network.prototype._onData = function(encStr, isInbound, peerId) {
   var sig, payload;
 
   try { 
+    var data = this._decrypt(encStr);
     payload=  JSON.parse(data);
   } catch (e) {
     console.log('### ERROR IN DATA: "%s" ', data, isInbound, e); 
@@ -355,13 +362,39 @@ Network.prototype.getPeer = function() {
   return this.peer;
 };
 
+Network.prototype._encryptFor = function(copayerId, payloadStr) {
+  var cBits= sjcl.codec.hex.toBits(copayerId);
+  var pass64= sjcl.codec.base64.fromBits(cBits);
+  var plainText = sjcl.codec.utf8String.toBits(payloadStr);
+  var p = this.sjclParams;    // auth strength
+  ct = sjcl.encrypt(pass64, plainText, p);//,p, rp);
+  var c = JSON.parse(ct);
+  var toSend = {
+    iv: c.iv,
+    ct: c.ct,
+  };
+  return JSON.stringify(toSend);
+};
+
+
+Network.prototype._decrypt = function(encStr) {
+  var i = JSON.parse(encStr);
+  for (var k in this.sjclParams) {
+    i[k] = this.sjclParams[k];
+  }
+  var str= JSON.stringify(i);
+  var cBits= sjcl.codec.hex.toBits(this.copayerId);
+  var pass64= sjcl.codec.base64.fromBits(cBits);
+  var pt = sjcl.decrypt(pass64, str);
+  return pt;
+};
 
 Network.prototype._sendToOne = function(copayerId, payloadStr, sig, cb) {
   var peerId = this.peerFromCopayer(copayerId);
   if (peerId !== this.peerId) {
     var dataConn = this.connections[peerId];
     if (dataConn) {
-      dataConn.send(payloadStr);
+      dataConn.send(this._encryptFor(copayerId, payloadStr));
     }
     else {
       console.log('[WebRTC.js.255] WARN: NO CONNECTION TO:', peerId); //TODO

package.json

@@ -18,7 +18,8 @@
     "url": "https://github.com/bitpay/copay/issues"
   },
   "scripts": {
-    "test": "mocha"
+    "test": "mocha",
+    "postinstall": "cd lib/sjcl;./configure;make;cp sjcl.js ../"
   },
   "homepage": "https://github.com/bitpay/copay",
   "devDependencies": {