UNPKG

crypto-shelf

Version:

Library collection for password hashing, HMAC-based signature generation, and symmetric encryption. Build on top of Node's crypto module

github.com/richterdennis/crypto-shelf

richterdennis/crypto-shelf

62 lines (48 loc) 1.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
import { randomBytes, scrypt, timingSafeEqual, } from 'node:crypto'; import { promisify } from 'node:util'; import assert from 'node:assert/strict'; import Cursor from './utils/Cursor.js'; import { merge } from './utils/helper.js'; const scryptAsync = promisify(scrypt); export const defaults = { keyLength: 48, saltLength: 16, encoding: 'base64url', }; export async function hashPassword(password, options = {}) { const { keyLength, saltLength, encoding } = merge(defaults, options); assert(keyLength > 0 && keyLength < 256, '"keyLength" must be between 1 and 255'); assert(saltLength > 0 && saltLength < 256, '"saltLength" must be between 1 and 255'); password = password.normalize('NFKC'); const salt = randomBytes(saltLength); const key = await scryptAsync( password, salt, keyLength, ); const hash = Cursor.new(2 + saltLength + keyLength) .writeUInt8(saltLength) .writeUInt8(keyLength) .write(salt) .write(key); return encoding ? hash.toString(encoding) : hash.buffer; } export async function comparePassword(clear, hash, options = {}) { const { encoding } = merge(defaults, options); clear = clear.normalize('NFKC'); hash = Cursor.from(hash, encoding); const saltLength = hash.readUInt8(); const keyLength = hash.readUInt8(); const salt = hash.read(saltLength); const key = hash.read(); const compare = await scryptAsync( clear, salt, keyLength, ); return timingSafeEqual(compare, key); }