@meeco/cryppo
Version:
In-browser encryption and decryption. Clone of Ruby Cryppo
158 lines (157 loc) • 8.3 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (_) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.decryptWithKeyUsingArtefacts = exports.decryptWithKey = exports.decryptWithKeyDerivedFromString = void 0;
var node_forge_1 = require("node-forge");
var util_1 = require("../../src/util");
var encoding_versions_1 = require("../encoding-versions");
var derived_key_1 = require("../key-derivation/derived-key");
var strategies_1 = require("../strategies");
function decryptWithKeyDerivedFromString(_a) {
var serialized = _a.serialized, passphrase = _a.passphrase, _b = _a.encodingVersion, encodingVersion = _b === void 0 ? encoding_versions_1.EncodingVersions.latest_version : _b;
return __awaiter(this, void 0, void 0, function () {
var derivedKey;
return __generator(this, function (_c) {
switch (_c.label) {
case 0: return [4 /*yield*/, _deriveKeyWithOptions({
key: passphrase,
serializedOptions: serialized,
encodingVersion: encodingVersion,
})];
case 1:
derivedKey = _c.sent();
return [4 /*yield*/, decryptWithKey({
serialized: serialized.split('.').slice(0, 3).join('.'),
key: derivedKey,
})];
case 2: return [2 /*return*/, _c.sent()];
}
});
});
}
exports.decryptWithKeyDerivedFromString = decryptWithKeyDerivedFromString;
function decryptWithKey(_a) {
var serialized = _a.serialized, key = _a.key;
return __awaiter(this, void 0, void 0, function () {
var deSerialized, encryptionStrategy, decodedPairs, output, legacyKey, i, data, artifacts, strategy, decrypted, err_1;
return __generator(this, function (_b) {
switch (_b.label) {
case 0:
deSerialized = util_1.deSerialize(serialized);
encryptionStrategy = deSerialized.encryptionStrategy;
decodedPairs = deSerialized.decodedPairs;
if (decodedPairs[0] === '') {
return [2 /*return*/, null];
}
output = null;
i = 0;
_b.label = 1;
case 1:
if (!(i < decodedPairs.length)) return [3 /*break*/, 8];
data = decodedPairs[i];
artifacts = decodedPairs[i + 1];
strategy = strategies_1.strategyToAlgorithm(encryptionStrategy);
_b.label = 2;
case 2:
_b.trys.push([2, 3, , 7]);
decrypted = decryptWithKeyUsingArtefacts(legacyKey ? legacyKey : key, data, strategy, artifacts);
// ensure correct type
output = decrypted ? new Uint8Array(decrypted) : null;
return [3 /*break*/, 7];
case 3:
err_1 = _b.sent();
if (!(!legacyKey &&
util_1.encodeUtf8(util_1.bytesToBinaryString(key.bytes)) !== util_1.bytesToBinaryString(key.bytes) &&
derived_key_1.DerivedKeyOptions.usesDerivedKey(serialized))) return [3 /*break*/, 5];
return [4 /*yield*/, _deriveKeyWithOptions({
key: util_1.bytesToBinaryString(key.bytes),
serializedOptions: serialized,
encodingVersion: encoding_versions_1.EncodingVersions.legacy,
})];
case 4:
// Decryption failed with utf-8 key style - retry with legacy utf-16 key format
legacyKey = _b.sent();
i -= 2;
return [3 /*break*/, 7];
case 5:
// Both utf-8 and utf-16 key formats have failed - bail
throw err_1;
case 6: return [3 /*break*/, 7];
case 7:
i += 2;
return [3 /*break*/, 1];
case 8: return [2 /*return*/, output];
}
});
});
}
exports.decryptWithKey = decryptWithKey;
/**
* Determine if we need to use a derived key or not based on whether or not
* we have key derivation options in the serialized payload.
*/
// tslint:disable-next-line: max-line-length
function _deriveKeyWithOptions(_a) {
var key = _a.key, serializedOptions = _a.serializedOptions, _b = _a.encodingVersion, encodingVersion = _b === void 0 ? encoding_versions_1.EncodingVersions.latest_version : _b;
var derivedKeyOptions = derived_key_1.DerivedKeyOptions.fromSerialized(serializedOptions);
return derivedKeyOptions.deriveKey(key, encodingVersion);
}
function decryptWithKeyUsingArtefacts(key, encryptedData, strategy, _a) {
var iv = _a.iv, at = _a.at, ad = _a.ad;
if (encryptedData === '') {
return null;
}
var decipher = node_forge_1.cipher.createDecipher(strategy, node_forge_1.util.createBuffer(key.bytes));
var tagLength = 128;
var tag = node_forge_1.util.createBuffer(at); // authentication tag from encryption
var encrypted = node_forge_1.util.createBuffer(encryptedData);
decipher.start({
iv: node_forge_1.util.createBuffer(iv),
additionalData: ad,
tagLength: tagLength,
tag: tag,
});
decipher.update(encrypted);
var pass = decipher.finish();
// pass is false if there was a failure (eg: authentication tag didn't match)
if (pass) {
return util_1.binaryStringToBytesBuffer(decipher.output.data);
}
throw new Error('Decryption failed');
}
exports.decryptWithKeyUsingArtefacts = decryptWithKeyUsingArtefacts;