UNPKG

growler

Version:

Send notifications to remote and local Growl clients using GNTP

betamos/Node-Growler

147 lines (133 loc) 4.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
/** * Security management for Node Growler */ var crypto = require('crypto'); /* * Always choose an algorithm which has a digest size which is at least as long * as the encryption algorithm's key length. Only applies if using encryption. */ var hashAlgorithms = { 'MD5': { name: 'md5', digestSize: 16 }, 'SHA1': { name: 'sha1', digestSize: 20 }, 'SHA256': { // Default name: 'sha256', digestSize: 32 }, 'SHA512': { name: 'sha512', digestSize: 64 } }; /* * Note that not all of these algorithms may exist on your system */ var encryptionAlgorithms = { 'AES': { // Recommended name: 'aes192', keyLength: 24, ivSize: 16 }, 'DES': { name: 'des', keyLength: 8, ivSize: 8 }, '3DES': { name: 'des3', keyLength: 24, ivSize: 8 } }; var SALT_SIZE = 16; /** * @constructor * * Create a security guard. Note that salt and hashes are in binary form. * When an instance of this class is instantiated * with the 'new' keyword, it will return an object with the following keys: * - {string|null} hashAlg Will be hashAlgorithm if password was given * - {Buffer=} salt Hex-encoded salt used for key (only if hashAlg) * - {string=} keyHash Hex-encoded key hash (only if hashAlg) * - {string|null} encAlg Will be encryptionAlgorithm if hashAlg and * encryptionAlgorithm was given * - {Buffer=} iv Hex-encoded initial vector for encryption (only if encAlg) * - {Function} writeSecure Writes data to socket, see below. * * @param {string|null} password The password to the Growl client. If null, no * security will ever work. Password CAN be empty string. * * @param {string} hashAlgorithm Algorithm for hashing. * Should be 'MD5', 'SHA1', 'SHA256' or 'SHA512'. * * @param {string|null} encryptionAlgorithm Encryption algorithm. Should be * 'AES', 'DES', '3DES' or null if no encryption should be enabled. */ var SecurityGuard = function(password, hashAlgorithm, encryptionAlgorithm) { password = typeof password == 'string' ? password : null; // Need to check for type since an empty string is a valid password this.passwordProtection = password != null; // Hashing and key generation if (this.passwordProtection) { this.hashAlg = hashAlgorithm; // var saltBuffer = crypto.randomBytes(SALT_SIZE); this.salt = saltBuffer.toString('hex'); var hash = crypto.createHash(hashAlgorithms[this.hashAlg].name); hash.update(password); hash.update(saltBuffer); // The key is pass+salt hashed. Don't expose it var key = hash.digest(); // Create a new hash object hash = crypto.createHash(hashAlgorithms[this.hashAlg].name); // Yo dawg, we put a hash in yo hash hash.update(key); // Retrieve the final hash (digest) in hex form this.keyHash = hash.digest('hex'); } else this.hashAlg = null; if (this.passwordProtection && encryptionAlgorithm) { this.encAlg = encryptionAlgorithm; if (encryptionAlgorithms[this.encAlg].keyLength > hashAlgorithms[this.hashAlg].digestSize) throw new Error('Invalid combination of hash and encryption algorithm. '+ this.encAlg +' needs a '+ encryptionAlgorithms[this.encAlg].keyLength + 'B key but '+ this.hashAlg + ' only generates a '+ hashAlgorithms[this.hashAlg].digestSize +'B digest.'); // For encryption, an initial vector is required var ivBuffer = crypto.randomBytes(encryptionAlgorithms[this.encAlg].ivSize); this.iv = ivBuffer.toString('hex'); } else { this.encAlg = null; } password = null; // Remove password from memory /** * Writes data to the socket according to the object's encryption algorithm. * If not encrypted it just writes the data plain. * * @param {!Socket} socket The socket to write the data to. Must be writable. * * @param {string|!Buffer} data Data to write. If string assuming UTF-8. */ this.writeSecure = function(socket, data) { var encryption = encryptionAlgorithms[this.encAlg] || null; if (encryption) { var cipher = crypto.createCipheriv( encryption.name, key.slice(0, encryption.keyLength), ivBuffer.toString('binary')); socket.write(cipher.update(data, typeof data == 'string' ? 'utf8' : 'binary'), 'binary'); socket.write(cipher.final(), 'binary'); } else socket.write(data); }; }; // Export using node.js module layer module.exports = SecurityGuard;