UNPKG

otpus

Version:

General purpose cipher for Node & browser

github.com/remocons/otpus

remocons/otpus

133 lines (113 loc) 3.86 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import { RAND, MBP, webCrypto } from './otpus.js' const wc = webCrypto.subtle /* otpus encryption lib. Using WebCrypto API */ /** * General purpose encryption. * * features: * - support encryption for any type of data using string(or any types) passPhrase. * - decryption result data will be same data type of origin data. * - randomize data size. (to hide real message size) * * - encryption algorithm: AES-GCM of Webcrypto API. * - key generation: PBKDF2 of WebCrypto API. * - salt, iv: from getRandomValues * - data packaging: MBP(meta-buffer-pack) https://github.com/make-robot/meta-buffer-pack * * @param {String | Uint8Array | any } data * @param {String | Uint8Array | any} passPhrase * @param {Number} iterations default 10000. for PBKDF2 * @returns {Promise} (will return bufferPack when fulfilled) bufferPack is Buffer( subclass of Uint8Array) * */ export async function encrypt(data, passPhrase, iterations = 10000) { const randSize = parseInt(RAND(1)[0] / 4); // 0~63 const randBuffer = RAND(randSize) // To hide real data size ( special feature of otpus.) // [ random size of buffer with random values + real data buffer ] const randomSizeDataPack = MBP.pack( MBP.MB('#randBuffer', randBuffer), MBP.MB('realData', data) ) const salt = RAND(16) // at least 16Bytes https://developer.mozilla.org/en-US/docs/Web/API/Pbkdf2Params const iv = RAND(12) // recommended 12Bytes https://developer.mozilla.org/en-US/docs/Web/API/AesGcmParams // otpus.RAND(size) is shortcut of getRandomValues( new Uint8Array(size) ) const rawKey = await wc.importKey( "raw", MBP.U8(passPhrase), // MBP.U8() return Uint8Array for any data types. ex. string -> return encoded(UTF8) { name: "PBKDF2" }, false, ["deriveKey"] ); const key = await wc.deriveKey( { "name": "PBKDF2", salt: salt, "iterations": iterations, "hash": "SHA-256" }, rawKey, { "name": "AES-GCM", "length": 256 }, true, ["encrypt", "decrypt"] ); const encData = await wc.encrypt( { name: "AES-GCM", iv: iv }, key, randomSizeDataPack ); return MBP.pack( MBP.MB('encData', encData), MBP.MB('iv', iv), MBP.MB('salt', salt), MBP.MB('iterations', iterations) ) } /** * * @param {Uint8Array} encPack bufferPack (MBP pack) * @param {String | Uint8Array | any } passPhrase * @returns {Promise} will return decodedData when fulfilled * * [important] * return data type of decodedData is same with encryption data. (MBP pack feature. ) case 1. encrypt( data:String, key) => pack => decrypt(pack, key) : Promise => String. case 1. encrypt( data:Number, key) => pack => decrypt(pack, key) : Promise => Number. case 2. encrypt( data:Uint8Array, key) => pack => decrypt(pack, key) : Promise => Uint8Array. */ export async function decrypt(encPack, passPhrase) { const pack = MBP.unpack(encPack) const rawKey = await wc.importKey( "raw", MBP.U8(passPhrase), { name: "PBKDF2" }, false, ["deriveKey"] ); const key = await wc.deriveKey( { "name": "PBKDF2", salt: pack.salt, "iterations": pack.iterations, "hash": "SHA-256" }, rawKey, { "name": "AES-GCM", "length": 256 }, true, ["encrypt", "decrypt"] ); const randomSizeDataPack = await wc.decrypt( { name: "AES-GCM", iv: pack.iv }, key, pack.encData ); const innerPack = MBP.unpack(randomSizeDataPack) return innerPack.realData }