UNPKG

@i3m/cloud-vault-client

Version:

A TypeScript/JavaScript implementation of a client for the i3M-Wallet Cloud-Vault server

github.com/i3-Market-V2-Public-Repository/SP3-SCGBSSW-I3mWalletMonorepo/tree/public/packages/cloud-vault-client

i3-Market-V2-Public-Repository/SP3-SCGBSSW-I3mWalletMonorepo

98 lines (85 loc) 3.57 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import { OpenApiComponents } from '@i3m/cloud-vault-server/types/openapi' import { createHash, createSecretKey, KeyObject } from 'crypto' import { Worker } from 'worker_threads' import { SecretKey } from './secret-key' import './scrypt-thread' import type { scryptThreadWorkerData } from './scrypt-thread' export interface ScryptOptions { N: number r: number p: number maxmem: number } export interface KeyDerivationOptions extends OpenApiComponents.Schemas.KeyDerivationOptions { salt: Buffer } export class KeyManager { private _encKey!: SecretKey private _authKey!: KeyObject username: string derivationOptions: OpenApiComponents.Schemas.VaultConfiguration['key_derivation'] initialized: Promise<void> private _initialized: boolean constructor (username: string, password: string, opts: OpenApiComponents.Schemas.VaultConfiguration['key_derivation']) { this.username = username this.derivationOptions = opts this._initialized = false this.initialized = this.init(password) } private async init (password: string): Promise<void> { const { master, auth, enc } = this.derivationOptions const masterSalt = _salt(master.salt_hashing_algorithm, master.salt_pattern, { username: this.username }) const masterKey = await deriveKey(password, { ...master, salt: masterSalt }) const authSalt = _salt(auth.salt_hashing_algorithm, auth.salt_pattern, { username: this.username }) const encSalt = _salt(enc.salt_hashing_algorithm, enc.salt_pattern, { username: this.username }) const [authKey, encKey] = await Promise.all([ deriveKey(masterKey, { ...auth, salt: authSalt }), deriveKey(masterKey, { ...enc, salt: encSalt }) ]) this._authKey = authKey this._encKey = new SecretKey(encKey, enc.enc_algorithm) this._initialized = true } get authKey (): string { if (!this._initialized) { throw new Error('Unable to get authKey. KeyManager not initialized', { cause: 'You may have forgotten to await keymanager.initialized or just to login' }) } return this._authKey.export().toString('base64url') } get encKey (): SecretKey { if (!this._initialized) { throw new Error('Unable to get encKey. KeyManager not initialized', { cause: 'You may have forgotten to await keymanager.initialized or just to login' }) } return this._encKey } } function _salt (hashAlgorithm: OpenApiComponents.Schemas.KeyDerivationOptions['salt_hashing_algorithm'], saltPattern: string, replacements: { [name: string]: string }): Buffer { let saltString = '' for (const searchValue in replacements) { saltString = saltPattern.replace(searchValue, replacements[searchValue]) } const hash = createHash(hashAlgorithm) const salt = hash.update(saltString).digest() return salt } export async function deriveKey (password: string, opts: KeyDerivationOptions): Promise<KeyObject> export async function deriveKey (key: KeyObject, opts: KeyDerivationOptions): Promise<KeyObject> export async function deriveKey (passwordOrKey: string | KeyObject, opts: KeyDerivationOptions): Promise<KeyObject> { return await new Promise((resolve, reject) => { const workerData: scryptThreadWorkerData = { _name: 'scrypt-thread', passwordOrKey, opts } const worker = new Worker(__filename, { workerData }) worker.on('message', (derivedKey: Buffer) => { resolve(createSecretKey(derivedKey)) }) worker.on('error', (err) => { reject(err) }) worker.on('messageerror', (err) => { reject(err) }) }) }