crypto-helper/index.js

/*
 * Copyright (C) Sapphirecode - All Rights Reserved
 * This file is part of crypto-helper which is released under MIT.
 * See file 'LICENSE' for full license details.
 * Created by Timo Hocker <timo@scode.ovh>, May 2020
 */

// @ts-nocheck
'use strict';

const crypto = require ('crypto');
const encoding = require ('@sapphirecode/encoding-helper');

const encryption_mode_cbc_256 = {
  algorithm:  'aes-256-cbc',
  nonce_size: 16,
  key_size:   32,
  hash:       'sha256',
  salt_size:  16,
  iterations: 32767
};

const encryption_mode_cbc_256_quick = {
  algorithm:  'aes-256-cbc',
  nonce_size: 16,
  key_size:   32,
  hash:       'sha256',
  salt_size:  16,
  iterations: 32
};

const encryption_mode_cbc_128 = {
  algorithm:  'aes-128-cbc',
  nonce_size: 16,
  key_size:   16,
  hash:       'sha256',
  salt_size:  16,
  iterations: 40
};

/**
 * creates a random string
 *
 * @param {number} len string length default: 8
 * @returns {string} random string
 */
function random_string (len = 8) {
  if (len < 1)
    throw new Error ('invalid length');
  return crypto.randomBytes (Math.ceil (len * 3 / 4))
    .toString ('base64')
    .substr (0, len);
}

/**
 * creates a random hexadecimal string
 *
 * @param {number} len length
 * @returns {string} hex string
 */
function random_hex (len = 8) {
  if (len < 1)
    throw new Error ('invalid length');
  return crypto.randomBytes (Math.ceil (len / 2))
    .toString ('hex')
    .substr (0, len);
}

/**
 * creates a 64 character long random hex string
 *
 * @returns {string} salt
 */
function create_salt () {
  return random_hex (64);
}

/**
 * creates a sha512 hash
 *
 * @param {string} str string input
 * @param {string} salt salt
 * @returns {string} salt
 */
function hash_sha512 (str, salt) {
  const md = crypto.createHash ('sha512');
  md.update (str);
  md.update (salt);
  return md.digest ('hex');
}

/**
 * sign an object
 *
 * @param {any} obj object to sign
 * @param {string} key key to use
 * @param {string|Object} key_info key identifier
 * @returns {string} signed object
 */
function sign_object (obj, key, key_info = null) {
  const payload = {
    iat: Date.now (),
    obj,
    ...(typeof key_info === 'object' ? key_info : { key_info })
  };
  const str = encoding.to_b58 (JSON.stringify (payload));
  const token = encoding.to_b58 (hash_sha512 (str, key), 'hex');
  const res = `${str}.${token}.2`;
  return res;
}

function parse_signature (str, key = null) {
  let dec = str.split ('.');
  const version = dec[2];
  const res = {};
  switch (version) {
    case '2':
      res.json = JSON.parse (encoding.to_utf8 (dec[0], 'base58'));
      res.token = encoding.to_hex (dec[1], 'base58');
      break;
    default:
      dec = decodeURIComponent (str)
        .split ('.');
      res.json = JSON.parse (
        encoding.to_utf8 (dec[0], 'base64')
      );
      res.token = encoding.to_hex (dec[1], 'base64');
      break;
  }

  if (key !== null) {
    const string_key = typeof key === 'string' ? key : key (res.json);
    res.hash = hash_sha512 (dec[0], string_key);
  }
  return res;
}

/**
 * verify a signed object and return its info and contents
 *
 * @param {string} str string to verify
 * @param {string|(Object)=>string} key used key
 * @param {number|(Object)=>number} timeout timeout (optional)
 * @returns {any} returns object if successful, else null
 */
function verify_signature_get_info (str, key, timeout = 0) {
  if (typeof str !== 'string')
    return null;
  const { json, token, hash } = parse_signature (str, key);
  if (token !== hash)
    return null;
  const time = Date.now () - json.iat;
  const num_timeout = typeof timeout === 'number' ? timeout : timeout (json);
  if (num_timeout === 0 || time <= num_timeout)
    return json;
  return null;
}

/**
 * verify a signed object and return its contents
 *
 * @param {string} str string to verify
 * @param {string|(Object)=>string} key used key
 * @param {number|(Object)=>number} timeout timeout (optional)
 * @returns {any} returns object if successful, else null
 */
function verify_signature (str, key, timeout = 0) {
  const res = verify_signature_get_info (str, key, timeout);
  if (res === null)
    return null;
  return res.obj;
}

/**
 * get a signed object info and data
 *
 * @param {string} str string to decode
 * @returns {any} data
 */
function get_signature_info (str) {
  if (typeof str !== 'string')
    return null;
  const { json } = parse_signature (str);
  return json;
}

/**
 * decode a signed object without verifying the signature
 *
 * @param {string} str string to decode
 * @returns {any} object
 */
function decode_signed (str) {
  const info = get_signature_info (str);
  if (info)
    return info.obj;
  return null;
}

/**
 * creates a sha256 hash
 *
 * @param {any} data input
 * @returns {string} hash
 */
function checksum (data) {
  const md = crypto.createHash ('sha256');
  md.update (String (data));
  return md.digest ('hex');
}

/**
 * encrypt plain text with aes
 *
 * @param {string} text plaintext
 * @param {string} pass password
 * @param {object} mode encryption mode
 * @returns {string} encrypted
 */
function encrypt_aes (text, pass, mode = encryption_mode_cbc_256) {
  const salt = crypto.randomBytes (mode.salt_size);
  // eslint-disable-next-line no-sync
  const key = crypto.pbkdf2Sync (
    Buffer.from (pass),
    salt,
    mode.iterations,
    mode.key_size,
    mode.hash
  );
  const nonce = crypto.randomBytes (mode.nonce_size);
  const cipher = crypto.createCipheriv (mode.algorithm, key, nonce);
  return Buffer.concat ([
    salt,
    nonce,
    cipher.update (Buffer.from (text)),
    cipher.final ()
  ])
    .toString ('base64');
}

/**
 * decrypt an aes string
 *
 * @param {string} ciphertext encrypted text
 * @param {string} pass password
 * @param {object} mode encryption mode
 * @param {boolean} rethrow rethrow exceptions instead of returning null
 * @returns {string} plaintext
 */
function decrypt_aes (
  ciphertext,
  pass,
  mode = encryption_mode_cbc_256,
  rethrow = false
) {
  try {
    let buf = Buffer.from (ciphertext, 'base64');
    const salt = buf.slice (0, mode.salt_size);
    buf = buf.slice (mode.salt_size);
    // eslint-disable-next-line no-sync
    const key = crypto.pbkdf2Sync (
      Buffer.from (pass),
      salt,
      mode.iterations,
      mode.key_size,
      mode.hash
    );
    const nonce = buf.slice (0, mode.nonce_size);
    buf = buf.slice (mode.nonce_size);
    const cipher = crypto.createDecipheriv (mode.algorithm, key, nonce);
    return Buffer.concat ([
      cipher.update (buf),
      cipher.final ()
    ])
      .toString ();
  }
  catch (e) {
    if (rethrow)
      throw e;
  }
  return null;
}

module.exports = {
  checksum,
  create_salt,
  decode_signed,
  decrypt_aes,
  encrypt_aes,
  encryption_mode_cbc_128,
  encryption_mode_cbc_256,
  encryption_mode_cbc_256_quick,
  get_signature_info,
  hash_sha512,
  random_hex,
  random_string,
  sign_object,
  verify_signature,
  verify_signature_get_info
};
init 2020-03-04 12:18:11 +01:00			`/*`
			`* Copyright (C) Sapphirecode - All Rights Reserved`
update 2020-05-15 16:28:17 +02:00			`* This file is part of crypto-helper which is released under MIT.`
fix license 2020-03-25 17:02:59 +01:00			`* See file 'LICENSE' for full license details.`
update 2020-05-15 16:28:17 +02:00			`* Created by Timo Hocker <timo@scode.ovh>, May 2020`
init 2020-03-04 12:18:11 +01:00			`*/`

fixes 2020-03-04 15:35:04 +01:00			`// @ts-nocheck`
init 2020-03-04 12:18:11 +01:00			`'use strict';`

			`const crypto = require ('crypto');`
fix 2020-05-06 07:50:45 +02:00			`const encoding = require ('@sapphirecode/encoding-helper');`
init 2020-03-04 12:18:11 +01:00
add encryption mode choice 2020-03-05 10:39:00 +01:00			`const encryption_mode_cbc_256 = {`
use aes-cbc 2020-03-05 10:19:27 +01:00			`algorithm: 'aes-256-cbc',`
			`nonce_size: 16,`
fixes 2020-03-04 15:35:04 +01:00			`key_size: 32,`
add encryption 2020-03-04 14:51:22 +01:00			`hash: 'sha256',`
			`salt_size: 16,`
			`iterations: 32767`
			`};`

add encryption mode cbc_256_quick 2020-03-11 09:21:33 +01:00			`const encryption_mode_cbc_256_quick = {`
			`algorithm: 'aes-256-cbc',`
			`nonce_size: 16,`
			`key_size: 32,`
			`hash: 'sha256',`
			`salt_size: 16,`
			`iterations: 32`
			`};`

add encryption mode choice 2020-03-05 10:39:00 +01:00			`const encryption_mode_cbc_128 = {`
			`algorithm: 'aes-128-cbc',`
			`nonce_size: 16,`
			`key_size: 16,`
			`hash: 'sha256',`
			`salt_size: 16,`
			`iterations: 40`
			`};`

init 2020-03-04 12:18:11 +01:00			`/**`
			`* creates a random string`
			`*`
typo, fix tests 2020-11-29 12:01:43 +01:00			`* @param {number} len string length default: 8`
init 2020-03-04 12:18:11 +01:00			`* @returns {string} random string`
			`*/`
			`function random_string (len = 8) {`
			`if (len < 1)`
			`throw new Error ('invalid length');`
			`return crypto.randomBytes (Math.ceil (len * 3 / 4))`
			`.toString ('base64')`
			`.substr (0, len);`
			`}`

			`/**`
			`* creates a random hexadecimal string`
			`*`
			`* @param {number} len length`
			`* @returns {string} hex string`
			`*/`
			`function random_hex (len = 8) {`
			`if (len < 1)`
			`throw new Error ('invalid length');`
			`return crypto.randomBytes (Math.ceil (len / 2))`
			`.toString ('hex')`
			`.substr (0, len);`
			`}`

			`/**`
			`* creates a 64 character long random hex string`
			`*`
			`* @returns {string} salt`
			`*/`
			`function create_salt () {`
			`return random_hex (64);`
			`}`

			`/**`
			`* creates a sha512 hash`
			`*`
			`* @param {string} str string input`
			`* @param {string} salt salt`
			`* @returns {string} salt`
			`*/`
			`function hash_sha512 (str, salt) {`
			`const md = crypto.createHash ('sha512');`
			`md.update (str);`
			`md.update (salt);`
			`return md.digest ('hex');`
			`}`

			`/**`
			`* sign an object`
			`*`
			`* @param {any} obj object to sign`
			`* @param {string} key key to use`
object signature improvements 2020-12-13 13:09:34 +01:00			`* @param {string\|Object} key_info key identifier`
init 2020-03-04 12:18:11 +01:00			`* @returns {string} signed object`
			`*/`
			`function sign_object (obj, key, key_info = null) {`
object signature improvements 2020-12-13 13:09:34 +01:00			`const payload = {`
			`iat: Date.now (),`
			`obj,`
			`...(typeof key_info === 'object' ? key_info : { key_info })`
			`};`
use base58 encoding for signatures 2020-12-30 17:16:29 +01:00			`const str = encoding.to_b58 (JSON.stringify (payload));`
			`const token = encoding.to_b58 (hash_sha512 (str, key), 'hex');`
			const res = `${str}.${token}.2`;
			`return res;`
			`}`

			`function parse_signature (str, key = null) {`
			`let dec = str.split ('.');`
			`const version = dec[2];`
			`const res = {};`
			`switch (version) {`
			`case '2':`
			`res.json = JSON.parse (encoding.to_utf8 (dec[0], 'base58'));`
			`res.token = encoding.to_hex (dec[1], 'base58');`
			`break;`
			`default:`
			`dec = decodeURIComponent (str)`
			`.split ('.');`
			`res.json = JSON.parse (`
			`encoding.to_utf8 (dec[0], 'base64')`
			`);`
			`res.token = encoding.to_hex (dec[1], 'base64');`
			`break;`
			`}`

			`if (key !== null) {`
			`const string_key = typeof key === 'string' ? key : key (res.json);`
			`res.hash = hash_sha512 (dec[0], string_key);`
			`}`
			`return res;`
init 2020-03-04 12:18:11 +01:00			`}`

			`/**`
object signature improvements 2020-12-13 13:09:34 +01:00			`* verify a signed object and return its info and contents`
init 2020-03-04 12:18:11 +01:00			`*`
			`* @param {string} str string to verify`
object signature improvements 2020-12-13 13:09:34 +01:00			`* @param {string\|(Object)=>string} key used key`
function timeout 2020-12-13 13:31:48 +01:00			`* @param {number\|(Object)=>number} timeout timeout (optional)`
init 2020-03-04 12:18:11 +01:00			`* @returns {any} returns object if successful, else null`
			`*/`
object signature improvements 2020-12-13 13:09:34 +01:00			`function verify_signature_get_info (str, key, timeout = 0) {`
return null on error with signed objects 2020-03-10 13:37:12 +01:00			`if (typeof str !== 'string')`
			`return null;`
use base58 encoding for signatures 2020-12-30 17:16:29 +01:00			`const { json, token, hash } = parse_signature (str, key);`
			`if (token !== hash)`
init 2020-03-04 12:18:11 +01:00			`return null;`
			`const time = Date.now () - json.iat;`
function timeout 2020-12-13 13:31:48 +01:00			`const num_timeout = typeof timeout === 'number' ? timeout : timeout (json);`
			`if (num_timeout === 0 \|\| time <= num_timeout)`
			`return json;`
			`return null;`
object signature improvements 2020-12-13 13:09:34 +01:00			`}`

			`/**`
			`* verify a signed object and return its contents`
			`*`
			`* @param {string} str string to verify`
			`* @param {string\|(Object)=>string} key used key`
function timeout 2020-12-13 13:31:48 +01:00			`* @param {number\|(Object)=>number} timeout timeout (optional)`
object signature improvements 2020-12-13 13:09:34 +01:00			`* @returns {any} returns object if successful, else null`
			`*/`
			`function verify_signature (str, key, timeout = 0) {`
			`const res = verify_signature_get_info (str, key, timeout);`
			`if (res === null)`
			`return null;`
			`return res.obj;`
init 2020-03-04 12:18:11 +01:00			`}`

			`/**`
			`* get a signed object info and data`
			`*`
			`* @param {string} str string to decode`
			`* @returns {any} data`
			`*/`
			`function get_signature_info (str) {`
return null on error with signed objects 2020-03-10 13:37:12 +01:00			`if (typeof str !== 'string')`
			`return null;`
use base58 encoding for signatures 2020-12-30 17:16:29 +01:00			`const { json } = parse_signature (str);`
init 2020-03-04 12:18:11 +01:00			`return json;`
			`}`

			`/**`
			`* decode a signed object without verifying the signature`
			`*`
			`* @param {string} str string to decode`
			`* @returns {any} object`
			`*/`
			`function decode_signed (str) {`
return null on error with signed objects 2020-03-10 13:37:12 +01:00			`const info = get_signature_info (str);`
			`if (info)`
			`return info.obj;`
			`return null;`
init 2020-03-04 12:18:11 +01:00			`}`

			`/**`
			`* creates a sha256 hash`
			`*`
			`* @param {any} data input`
			`* @returns {string} hash`
			`*/`
			`function checksum (data) {`
			`const md = crypto.createHash ('sha256');`
			`md.update (String (data));`
			`return md.digest ('hex');`
			`}`

add encryption 2020-03-04 14:51:22 +01:00			`/**`
			`* encrypt plain text with aes`
			`*`
			`* @param {string} text plaintext`
			`* @param {string} pass password`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`* @param {object} mode encryption mode`
add encryption 2020-03-04 14:51:22 +01:00			`* @returns {string} encrypted`
			`*/`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`function encrypt_aes (text, pass, mode = encryption_mode_cbc_256) {`
			`const salt = crypto.randomBytes (mode.salt_size);`
add encryption 2020-03-04 14:51:22 +01:00			`// eslint-disable-next-line no-sync`
			`const key = crypto.pbkdf2Sync (`
remove explicit default encoding 2020-03-09 08:07:44 +01:00			`Buffer.from (pass),`
add encryption 2020-03-04 14:51:22 +01:00			`salt,`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`mode.iterations,`
			`mode.key_size,`
			`mode.hash`
add encryption 2020-03-04 14:51:22 +01:00			`);`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`const nonce = crypto.randomBytes (mode.nonce_size);`
			`const cipher = crypto.createCipheriv (mode.algorithm, key, nonce);`
add encryption 2020-03-04 14:51:22 +01:00			`return Buffer.concat ([`
			`salt,`
			`nonce,`
			`cipher.update (Buffer.from (text)),`
use aes-cbc 2020-03-05 10:19:27 +01:00			`cipher.final ()`
add encryption 2020-03-04 14:51:22 +01:00			`])`
			`.toString ('base64');`
			`}`

			`/**`
			`* decrypt an aes string`
			`*`
			`* @param {string} ciphertext encrypted text`
			`* @param {string} pass password`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`* @param {object} mode encryption mode`
add rethrow option 2020-03-05 10:24:27 +01:00			`* @param {boolean} rethrow rethrow exceptions instead of returning null`
add encryption 2020-03-04 14:51:22 +01:00			`* @returns {string} plaintext`
			`*/`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`function decrypt_aes (`
			`ciphertext,`
			`pass,`
			`mode = encryption_mode_cbc_256,`
			`rethrow = false`
			`) {`
fixes 2020-03-04 15:35:04 +01:00			`try {`
			`let buf = Buffer.from (ciphertext, 'base64');`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`const salt = buf.slice (0, mode.salt_size);`
			`buf = buf.slice (mode.salt_size);`
fixes 2020-03-04 15:35:04 +01:00			`// eslint-disable-next-line no-sync`
			`const key = crypto.pbkdf2Sync (`
remove explicit default encoding 2020-03-09 08:07:44 +01:00			`Buffer.from (pass),`
fixes 2020-03-04 15:35:04 +01:00			`salt,`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`mode.iterations,`
			`mode.key_size,`
			`mode.hash`
fixes 2020-03-04 15:35:04 +01:00			`);`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`const nonce = buf.slice (0, mode.nonce_size);`
			`buf = buf.slice (mode.nonce_size);`
			`const cipher = crypto.createDecipheriv (mode.algorithm, key, nonce);`
fixes 2020-03-04 15:35:04 +01:00			`return Buffer.concat ([`
			`cipher.update (buf),`
			`cipher.final ()`
			`])`
remove explicit default encoding 2020-03-09 08:07:44 +01:00			`.toString ();`
fixes 2020-03-04 15:35:04 +01:00			`}`
			`catch (e) {`
add rethrow option 2020-03-05 10:24:27 +01:00			`if (rethrow)`
			`throw e;`
fixes 2020-03-04 15:35:04 +01:00			`}`
add rethrow option 2020-03-05 10:24:27 +01:00			`return null;`
add encryption 2020-03-04 14:51:22 +01:00			`}`

init 2020-03-04 12:18:11 +01:00			`module.exports = {`
			`checksum,`
			`create_salt,`
			`decode_signed,`
add encryption 2020-03-04 14:51:22 +01:00			`decrypt_aes,`
			`encrypt_aes,`
add encryption mode choice 2020-03-05 10:39:00 +01:00			`encryption_mode_cbc_128,`
			`encryption_mode_cbc_256,`
add encryption mode cbc_256_quick 2020-03-11 09:21:33 +01:00			`encryption_mode_cbc_256_quick,`
init 2020-03-04 12:18:11 +01:00			`get_signature_info,`
			`hash_sha512,`
			`random_hex,`
			`random_string,`
			`sign_object,`
object signature improvements 2020-12-13 13:09:34 +01:00			`verify_signature,`
			`verify_signature_get_info`
init 2020-03-04 12:18:11 +01:00			`};`