iocane
Version:
Textual encryption library
197 lines (196 loc) • 10 kB
JavaScript
;
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.generateSalt = exports.generateIV = exports.encryptGCM = exports.encryptCBC = exports.decryptGCM = exports.decryptCBC = void 0;
var crypto_1 = __importDefault(require("crypto"));
var timing_1 = require("../shared/timing");
var symbols_1 = require("../symbols");
var types_1 = require("../types");
function decryptCBC(encryptedComponents, keyDerivationInfo) {
return __awaiter(this, void 0, void 0, function () {
var encryptedContent, iv, salt, hmacData, hmacTool, newHmacHex, decryptTool, decryptedText;
return __generator(this, function (_a) {
encryptedContent = encryptedComponents.content;
iv = Buffer.from(encryptedComponents.iv, "hex");
salt = encryptedComponents.salt;
hmacData = encryptedComponents.auth;
hmacTool = crypto_1.default.createHmac(symbols_1.NODE_HMAC_ALGORITHM, keyDerivationInfo.hmac);
// Generate the HMAC
hmacTool.update(typeof encryptedContent === "string"
? encryptedContent
: encryptedContent);
hmacTool.update(encryptedComponents.iv);
hmacTool.update(salt);
newHmacHex = hmacTool.digest("hex");
// Check hmac for tampering
if ((0, timing_1.constantTimeCompare)(hmacData, newHmacHex) !== true) {
throw new Error("Authentication failed while decrypting content");
}
decryptTool = crypto_1.default.createDecipheriv(symbols_1.NODE_ENC_ALGORITHM_CBC, keyDerivationInfo.key, iv);
if (typeof encryptedContent === "string") {
decryptedText = decryptTool.update(encryptedContent, "base64", "utf8");
return [2 /*return*/, "".concat(decryptedText).concat(decryptTool.final("utf8"))];
}
return [2 /*return*/, Buffer.concat([decryptTool.update(encryptedContent), decryptTool.final()])];
});
});
}
exports.decryptCBC = decryptCBC;
function decryptGCM(encryptedComponents, keyDerivationInfo) {
return __awaiter(this, void 0, void 0, function () {
var encryptedContent, iv, tagHex, decryptTool, decryptedText;
return __generator(this, function (_a) {
encryptedContent = encryptedComponents.content;
iv = Buffer.from(encryptedComponents.iv, "hex");
tagHex = encryptedComponents.auth;
decryptTool = crypto_1.default.createDecipheriv(symbols_1.NODE_ENC_ALGORITHM_GCM, keyDerivationInfo.key, iv);
// Add additional auth data
decryptTool.setAAD(Buffer.from("".concat(encryptedComponents.iv).concat(keyDerivationInfo.salt), "utf8"));
// Set auth tag
decryptTool.setAuthTag(Buffer.from(tagHex, "hex"));
// Perform decryption
if (typeof encryptedContent === "string") {
decryptedText = decryptTool.update(encryptedContent, "base64", "utf8");
return [2 /*return*/, "".concat(decryptedText).concat(decryptTool.final("utf8"))];
}
return [2 /*return*/, Buffer.concat([decryptTool.update(encryptedContent), decryptTool.final()])];
});
});
}
exports.decryptGCM = decryptGCM;
function encryptCBC(content, keyDerivationInfo, iv) {
return __awaiter(this, void 0, void 0, function () {
var ivHex, encryptTool, hmacTool, rounds, encryptedContent, hmacHex, output;
return __generator(this, function (_a) {
ivHex = iv.toString("hex");
encryptTool = crypto_1.default.createCipheriv(symbols_1.NODE_ENC_ALGORITHM_CBC, keyDerivationInfo.key, iv);
hmacTool = crypto_1.default.createHmac(symbols_1.NODE_HMAC_ALGORITHM, keyDerivationInfo.hmac);
rounds = keyDerivationInfo.rounds;
encryptedContent = typeof content === "string"
? encryptTool.update(content, "utf8", "base64")
: encryptTool.update(content);
if (typeof content === "string") {
encryptedContent += encryptTool.final("base64");
}
else {
encryptedContent = Buffer.concat([encryptedContent, encryptTool.final()]);
}
// Generate hmac
hmacTool.update(encryptedContent);
hmacTool.update(ivHex);
hmacTool.update(keyDerivationInfo.salt);
hmacHex = hmacTool.digest("hex");
output = {
method: types_1.EncryptionAlgorithm.CBC,
auth: hmacHex,
iv: ivHex,
salt: keyDerivationInfo.salt,
rounds: rounds,
content: encryptedContent
};
return [2 /*return*/, typeof content === "string"
? output
: output];
});
});
}
exports.encryptCBC = encryptCBC;
function encryptGCM(content, keyDerivationInfo, iv) {
return __awaiter(this, void 0, void 0, function () {
var ivHex, rounds, encryptTool, encryptedContent, tag, output;
return __generator(this, function (_a) {
ivHex = iv.toString("hex");
rounds = keyDerivationInfo.rounds;
encryptTool = crypto_1.default.createCipheriv(symbols_1.NODE_ENC_ALGORITHM_GCM, keyDerivationInfo.key, iv);
// Add additional auth data
encryptTool.setAAD(Buffer.from("".concat(ivHex).concat(keyDerivationInfo.salt), "utf8"));
encryptedContent = typeof content === "string"
? encryptTool.update(content, "utf8", "base64")
: encryptTool.update(content);
if (typeof content === "string") {
encryptedContent += encryptTool.final("base64");
}
else {
encryptedContent = Buffer.concat([encryptedContent, encryptTool.final()]);
}
tag = encryptTool.getAuthTag();
output = {
method: types_1.EncryptionAlgorithm.GCM,
iv: ivHex,
salt: keyDerivationInfo.salt,
rounds: rounds,
content: encryptedContent,
auth: tag.toString("hex")
};
return [2 /*return*/, typeof content === "string"
? output
: output];
});
});
}
exports.encryptGCM = encryptGCM;
function generateIV() {
return __awaiter(this, void 0, void 0, function () {
return __generator(this, function (_a) {
return [2 /*return*/, Buffer.from(crypto_1.default.randomBytes(16))];
});
});
}
exports.generateIV = generateIV;
function generateSalt(length) {
return __awaiter(this, void 0, void 0, function () {
var output;
return __generator(this, function (_a) {
if (length <= 0) {
throw new Error("Failed generating salt: Invalid length supplied: ".concat(length));
}
output = "";
while (output.length < length) {
output += crypto_1.default.randomBytes(3).toString("base64");
if (output.length > length) {
output = output.substr(0, length);
}
}
return [2 /*return*/, output];
});
});
}
exports.generateSalt = generateSalt;