UNPKG

aladinnetwork-blockstack

Version:

The Aladin Javascript library for authentication, identity, and storage.

aladinnetwork.org

231 lines (202 loc) 7.12 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
import { ec as EllipticCurve } from 'elliptic' import BN from 'bn.js' import crypto from 'crypto' import { getPublicKeyFromPrivate } from '../keys' const ecurve = new EllipticCurve('secp256k1') /** * @ignore */ export type CipherObject = { iv: string, ephemeralPK: string, cipherText: string, mac: string, wasString: boolean } /** * @ignore */ function aes256CbcEncrypt(iv: Buffer, key: Buffer, plaintext: Buffer) { const cipher = crypto.createCipheriv('aes-256-cbc', key, iv) return Buffer.concat([cipher.update(plaintext), cipher.final()]) } /** * @ignore */ function aes256CbcDecrypt(iv: Buffer, key: Buffer, ciphertext: Buffer) { const cipher = crypto.createDecipheriv('aes-256-cbc', key, iv) return Buffer.concat([cipher.update(ciphertext), cipher.final()]) } /** * @ignore */ function hmacSha256(key: Buffer, content: Buffer) { return crypto.createHmac('sha256', key).update(content).digest() } /** * @ignore */ function equalConstTime(b1: Buffer, b2: Buffer) { if (b1.length !== b2.length) { return false } let res = 0 for (let i = 0; i < b1.length; i++) { res |= b1[i] ^ b2[i] // jshint ignore:line } return res === 0 } /** * @ignore */ function sharedSecretToKeys(sharedSecret: Buffer) { // generate mac and encryption key from shared secret const hashedSecret = crypto.createHash('sha512').update(sharedSecret).digest() return { encryptionKey: hashedSecret.slice(0, 32), hmacKey: hashedSecret.slice(32) } } /** * @ignore */ export function getHexFromBN(bnInput: BN) { const hexOut = bnInput.toString('hex') if (hexOut.length === 64) { return hexOut } else if (hexOut.length < 64) { // pad with leading zeros // the padStart function would require node 9 const padding = '0'.repeat(64 - hexOut.length) return `${padding}${hexOut}` } else { throw new Error('Generated a > 32-byte BN for encryption. Failing.') } } /** * Encrypt content to elliptic curve publicKey using ECIES * @param {String} publicKey - secp256k1 public key hex string * @param {String | Buffer} content - content to encrypt * @return {Object} Object containing (hex encoded): * iv (initialization vector), cipherText (cipher text), * mac (message authentication code), ephemeral public key * wasString (boolean indicating with or not to return a buffer or string on decrypt) * * @private * @ignore */ export function encryptECIES(publicKey: string, content: string | Buffer): CipherObject { const isString = (typeof (content) === 'string') // always copy to buffer const plainText = content instanceof Buffer ? Buffer.from(content) : Buffer.from(content) const ecPK = ecurve.keyFromPublic(publicKey, 'hex').getPublic() as BN const ephemeralSK = ecurve.genKeyPair() const ephemeralPK = ephemeralSK.getPublic() const sharedSecret = ephemeralSK.derive(ecPK) as BN const sharedSecretHex = getHexFromBN(sharedSecret) const sharedKeys = sharedSecretToKeys( Buffer.from(sharedSecretHex, 'hex') ) const initializationVector = crypto.randomBytes(16) const cipherText = aes256CbcEncrypt( initializationVector, sharedKeys.encryptionKey, plainText ) const macData = Buffer.concat([initializationVector, Buffer.from(ephemeralPK.encodeCompressed()), cipherText]) const mac = hmacSha256(sharedKeys.hmacKey, macData) return { iv: initializationVector.toString('hex'), ephemeralPK: ephemeralPK.encodeCompressed('hex'), cipherText: cipherText.toString('hex'), mac: mac.toString('hex'), wasString: isString } } /** * Decrypt content encrypted using ECIES * @param {String} privateKey - secp256k1 private key hex string * @param {Object} cipherObject - object to decrypt, should contain: * iv (initialization vector), cipherText (cipher text), * mac (message authentication code), ephemeralPublicKey * wasString (boolean indicating with or not to return a buffer or string on decrypt) * @return {Buffer} plaintext * @throws {Error} if unable to decrypt * @private * @ignore */ export function decryptECIES(privateKey: string, cipherObject: CipherObject): Buffer | string { const ecSK = ecurve.keyFromPrivate(privateKey, 'hex') const ephemeralPK = ecurve.keyFromPublic(cipherObject.ephemeralPK, 'hex').getPublic() const sharedSecret = ecSK.derive(ephemeralPK) const sharedSecretBuffer = Buffer.from(getHexFromBN(sharedSecret), 'hex') const sharedKeys = sharedSecretToKeys(sharedSecretBuffer) const ivBuffer = Buffer.from(cipherObject.iv, 'hex') const cipherTextBuffer = Buffer.from(cipherObject.cipherText, 'hex') const macData = Buffer.concat([ivBuffer, Buffer.from(ephemeralPK.encodeCompressed()), cipherTextBuffer]) const actualMac = hmacSha256(sharedKeys.hmacKey, macData) const expectedMac = Buffer.from(cipherObject.mac, 'hex') if (!equalConstTime(expectedMac, actualMac)) { throw new Error('Decryption failed: failure in MAC check') } const plainText = aes256CbcDecrypt( ivBuffer, sharedKeys.encryptionKey, cipherTextBuffer ) if (cipherObject.wasString) { return plainText.toString() } else { return plainText } } /** * Sign content using ECDSA * * @param {String} privateKey - secp256k1 private key hex string * @param {Object} content - content to sign * @return {Object} contains: * signature - Hex encoded DER signature * public key - Hex encoded private string taken from privateKey * @private * @ignore */ export function signECDSA(privateKey: string, content: string | Buffer): { publicKey: string, signature: string } { const contentBuffer = content instanceof Buffer ? content : Buffer.from(content) const ecPrivate = ecurve.keyFromPrivate(privateKey, 'hex') const publicKey = getPublicKeyFromPrivate(privateKey) const contentHash = crypto.createHash('sha256').update(contentBuffer).digest() const signature = ecPrivate.sign(contentHash) const signatureString = signature.toDER('hex') return { signature: signatureString, publicKey } } /** * @ignore */ function getBuffer(content: string | ArrayBuffer | Buffer) { if (content instanceof Buffer) return content else if (content instanceof ArrayBuffer) return Buffer.from(content) else return Buffer.from(content) } /** * Verify content using ECDSA * @param {String | Buffer} content - Content to verify was signed * @param {String} publicKey - secp256k1 private key hex string * @param {String} signature - Hex encoded DER signature * @return {Boolean} returns true when signature matches publickey + content, false if not * @private * @ignore */ export function verifyECDSA(content: string | ArrayBuffer | Buffer, publicKey: string, signature: string) { const contentBuffer = getBuffer(content) const ecPublic = ecurve.keyFromPublic(publicKey, 'hex') const contentHash = crypto.createHash('sha256').update(contentBuffer).digest() return ecPublic.verify(contentHash, <any>signature) }