UNPKG

@azure/cosmos

Version:

Microsoft Azure Cosmos DB Service Node.js SDK for NOSQL API

github.com/Azure/azure-sdk-for-js/tree/main/sdk/cosmosdb/cosmos/README.md

Azure/azure-sdk-for-js

104 lines (103 loc) 4.43 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
var __defProp = Object.defineProperty; var __getOwnPropDesc = Object.getOwnPropertyDescriptor; var __getOwnPropNames = Object.getOwnPropertyNames; var __hasOwnProp = Object.prototype.hasOwnProperty; var __export = (target, all) => { for (var name in all) __defProp(target, name, { get: all[name], enumerable: true }); }; var __copyProps = (to, from, except, desc) => { if (from && typeof from === "object" || typeof from === "function") { for (let key of __getOwnPropNames(from)) if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); } return to; }; var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); var AeadAes256CbcHmacSha256Algorithm_exports = {}; __export(AeadAes256CbcHmacSha256Algorithm_exports, { AeadAes256CbcHmacSha256Algorithm: () => AeadAes256CbcHmacSha256Algorithm }); module.exports = __toCommonJS(AeadAes256CbcHmacSha256Algorithm_exports); var import_enums = require("../enums/index.js"); var import_node_crypto = require("node:crypto"); class AeadAes256CbcHmacSha256Algorithm { algoVersion = 1; blockSizeInBytes = 16; encryptionType; dataEncryptionKey; version; versionSize; keySizeInBytes; minimumCipherTextLength; constructor(dataEncryptionKey, encryptionType) { this.dataEncryptionKey = dataEncryptionKey; this.encryptionType = encryptionType; this.version = Buffer.from([this.algoVersion]); this.versionSize = Buffer.from([1]); this.keySizeInBytes = 32; this.minimumCipherTextLength = 1 + 2 * this.blockSizeInBytes + this.keySizeInBytes; } encrypt(plainTextBuffer) { let iv; if (this.encryptionType === import_enums.EncryptionType.RANDOMIZED) { iv = (0, import_node_crypto.randomBytes)(16); } else { const ivHmac = (0, import_node_crypto.createHmac)("sha256", this.dataEncryptionKey.ivKeyBuffer); ivHmac.update(plainTextBuffer); iv = ivHmac.digest().slice(0, this.blockSizeInBytes); } const cipher = (0, import_node_crypto.createCipheriv)("aes-256-cbc", this.dataEncryptionKey.encryptionKeyBuffer, iv); const cipherTextBuffer = Buffer.concat([cipher.update(plainTextBuffer), cipher.final()]); const authTagBuffer = this.generateAuthenticationTag(iv, cipherTextBuffer); return Buffer.concat([Buffer.from([this.algoVersion]), authTagBuffer, iv, cipherTextBuffer]); } decrypt(cipherTextBuffer) { if (cipherTextBuffer.length < this.minimumCipherTextLength) { throw new Error("Invalid cipher text length"); } if (cipherTextBuffer[0] !== this.algoVersion) { throw new Error("Invalid cipher text version"); } const authTagStartIndex = 1; const authTagLength = this.keySizeInBytes; const ivStartIndex = authTagStartIndex + authTagLength; const ivLength = this.blockSizeInBytes; const cipherTextStartIndex = ivStartIndex + ivLength; const cipherTextLength = cipherTextBuffer.length - cipherTextStartIndex; const authenticationTag = cipherTextBuffer.slice( authTagStartIndex, authTagStartIndex + authTagLength ); const iv = cipherTextBuffer.slice(ivStartIndex, ivStartIndex + ivLength); const cipherText = cipherTextBuffer.slice( cipherTextStartIndex, cipherTextStartIndex + cipherTextLength ); this.validateAuthenticationTag(authenticationTag, iv, cipherText); const decipher = (0, import_node_crypto.createDecipheriv)( "aes-256-cbc", this.dataEncryptionKey.encryptionKeyBuffer, iv ); const decrypted = decipher.update(cipherText); const result = Buffer.concat([decrypted, decipher.final()]); return result; } generateAuthenticationTag(iv, cipherTextBuffer) { const hmac = (0, import_node_crypto.createHmac)("sha256", this.dataEncryptionKey.macKeyBuffer); const buffer = Buffer.concat([this.version, iv, cipherTextBuffer, this.versionSize]); return hmac.update(buffer).digest(); } validateAuthenticationTag(authenticationTag, iv, cipherText) { const expectedAuthTag = this.generateAuthenticationTag(iv, cipherText); if (!authenticationTag.equals(expectedAuthTag)) { throw new Error("Invalid authentication tag"); } } } // Annotate the CommonJS export names for ESM import in node: 0 && (module.exports = { AeadAes256CbcHmacSha256Algorithm });