Timo/crypto-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

async
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Timo Hocker 2022-08-08 13:07:06 +02:00
parent 42857284fd
commit 00f1a57f8c
No known key found for this signature in database
GPG Key ID: 3B86485AC71C835C
7 changed files with 109 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG.md
View File

@ -1,5 +1,10 @@
# CHANGELOG # CHANGELOG
## 2.0.0
Signature related functions have changed to be asynchronous and to accept async
functions as key retrieving functions
## 1.3.0 ## 1.3.0
asymmetric encryption and signatures asymmetric encryption and signatures

12
README.md
View File

@ -1,6 +1,6 @@
# @sapphirecode/crypto-helper # @sapphirecode/crypto-helper
version: 1.3.x version: 2.0.x
simple functions for cryptography simple functions for cryptography
@ -29,11 +29,11 @@ const check = crypto.checksum('foo'); // returns a sha 256 hex
// jwt like object signing // jwt like object signing
const signed = crypto.sign_object({foo: 'bar'}, 'secret'); const signed = crypto.sign_object({foo: 'bar'}, 'secret');
const info = crypto.get_signature_info(signed); // returns an object with iat (issued at), key_info and data const info = await crypto.get_signature_info(signed); // returns an object with iat (issued at), key_info and data
const dec = crypto.decode_signed(signed); // decode a signed object without verifying the signature const dec = await crypto.decode_signed(signed); // decode a signed object without verifying the signature
const ver = crypto.verify_signature(signed, 'secret', 10000); // verifies the signature and returns the contents. the timeout is in milliseconds and optional, timing will be ignored if omitted. const ver = await crypto.verify_signature(signed, 'secret', 10000); // verifies the signature and returns the contents. the timeout is in milliseconds and optional, timing will be ignored if omitted.
const ver_info = crypto.verify_signature_get_info(signed, 'secret', 10000); // verify a signature and get signature information like iat and key_info const ver_info = await crypto.verify_signature_get_info(signed, 'secret', 10000); // verify a signature and get signature information like iat and key_info
const ver_func = crypto.verify_signature( const ver_func = await crypto.verify_signature(
signed, signed,
(signature_info) => 'secret', (signature_info) => 'secret',
10000 10000

47
lib/signatures.js
View File

@ -26,7 +26,14 @@ function sign_object (obj, key, key_info = null) {
return res; return res;
} }
function parse_signature (str, key = null) { /**
* parse a string signature
*
* @param {string} str string to verify
* @param {string|((Object)=>string|Promise<string>)|null} key used key
* @returns {Promise<any>} returns object if successful, else null
*/
async function parse_signature (str, key = null) {
let dec = str.split ('.'); let dec = str.split ('.');
const version = dec[2]; const version = dec[2];
const res = {}; const res = {};
@ -46,7 +53,7 @@ function parse_signature (str, key = null) {
} }
if (key !== null) { if (key !== null) {
const string_key = typeof key === 'string' ? key : key (res.json); const string_key = typeof key === 'string' ? key : await key (res.json);
res.is_rsa = (/^-----BEGIN RSA PUBLIC KEY-----/u).test (string_key); res.is_rsa = (/^-----BEGIN RSA PUBLIC KEY-----/u).test (string_key);
res.hash = res.is_rsa res.hash = res.is_rsa
? asym_verify (dec[0], string_key, res.token) ? asym_verify (dec[0], string_key, res.token)
@ -59,18 +66,20 @@ function parse_signature (str, key = null) {
* verify a signed object and return its info and contents * verify a signed object and return its info and contents
* *
* @param {string} str string to verify * @param {string} str string to verify
* @param {string|(Object)=>string} key used key * @param {string|((Object)=>string|Promise<string>)} key used key
* @param {number|(Object)=>number} timeout timeout (optional) * @param {number|((Object)=>number|Promise<number>)} timeout timeout (optional)
* @returns {any} returns object if successful, else null * @returns {Promise<any>} returns object if successful, else null
*/ */
function verify_signature_get_info (str, key, timeout = 0) { async function verify_signature_get_info (str, key, timeout = 0) {
if (typeof str !== 'string') if (typeof str !== 'string')
return null; return null;
const { json, token, hash, is_rsa } = parse_signature (str, key); const { json, token, hash, is_rsa } = await parse_signature (str, key);
if (is_rsa ? !hash : (token !== hash)) if (is_rsa ? !hash : (token !== hash))
return null; return null;
const time = Date.now () - json.iat; const time = Date.now () - json.iat;
const num_timeout = typeof timeout === 'number' ? timeout : timeout (json); const num_timeout = typeof timeout === 'number'
? timeout
: await timeout (json);
if (num_timeout === 0 || time <= num_timeout) if (num_timeout === 0 || time <= num_timeout)
return json; return json;
return null; return null;
@ -80,12 +89,12 @@ function verify_signature_get_info (str, key, timeout = 0) {
* verify a signed object and return its contents * verify a signed object and return its contents
* *
* @param {string} str string to verify * @param {string} str string to verify
* @param {string|(Object)=>string} key used key * @param {string|((Object)=>string|Promise<string>)} key used key
* @param {number|(Object)=>number} timeout timeout (optional) * @param {number|((Object)=>number|Promise<number>)} timeout timeout (optional)
* @returns {any} returns object if successful, else null * @returns {Promise<any>} returns object if successful, else null
*/ */
function verify_signature (str, key, timeout = 0) { async function verify_signature (str, key, timeout = 0) {
const res = verify_signature_get_info (str, key, timeout); const res = await verify_signature_get_info (str, key, timeout);
if (res === null) if (res === null)
return null; return null;
return res.obj; return res.obj;
@ -95,12 +104,12 @@ function verify_signature (str, key, timeout = 0) {
* get a signed object info and data * get a signed object info and data
* *
* @param {string} str string to decode * @param {string} str string to decode
* @returns {any} data * @returns {Promise<any>} data
*/ */
function get_signature_info (str) { async function get_signature_info (str) {
if (typeof str !== 'string') if (typeof str !== 'string')
return null; return null;
const { json } = parse_signature (str); const { json } = await parse_signature (str);
return json; return json;
} }
@ -108,10 +117,10 @@ function get_signature_info (str) {
* decode a signed object without verifying the signature * decode a signed object without verifying the signature
* *
* @param {string} str string to decode * @param {string} str string to decode
* @returns {any} object * @returns {Promise<any>} object
*/ */
function decode_signed (str) { async function decode_signed (str) {
const info = get_signature_info (str); const info = await get_signature_info (str);
if (info) if (info)
return info.obj; return info.obj;
return null; return null;

2
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@sapphirecode/crypto-helper", "name": "@sapphirecode/crypto-helper",
"version": "1.3.0", "version": "2.0.0",
"main": "index.js", "main": "index.js",
"author": { "author": {
"name": "Timo Hocker", "name": "Timo Hocker",

2
test/spec/encryption.js
View File

@ -94,7 +94,7 @@ describe ('encryption', () => {
}) })
.toThrowError ( .toThrowError (
// eslint-disable-next-line max-len // eslint-disable-next-line max-len
'error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt' /bad decrypt/ui
); );
}); });

2
test/spec/rsa.js
View File

@ -19,7 +19,7 @@ describe ('rsa', () => {
it ('should throw on too small key size', async () => { it ('should throw on too small key size', async () => {
await expectAsync (crypto.generate_keypair (16)) await expectAsync (crypto.generate_keypair (16))
.toBeRejectedWithError ( .toBeRejectedWithError (
'error:0408F078:rsa routines:pkey_rsa_ctrl:key size too small' /key size too small/ui
); );
}); });

118
test/spec/signatures.js
View File

@ -18,26 +18,28 @@ describe ('signatures', () => {
.uninstall (); .uninstall ();
}); });
it ('sign_object', () => { it ('sign_object', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
expect (() => { await expectAsync ((async () => {
const str = crypto.sign_object (obj, 'baz'); const str = await crypto.sign_object (obj, 'baz');
expect (typeof str) expect (typeof str)
.toEqual ('string'); .toEqual ('string');
}).not.toThrow (); }) ())
.toBeResolved ();
}); });
it ('sign_object with rsa key', async () => { it ('sign_object with rsa key', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const k = await rsa.generate_keypair (); const k = await rsa.generate_keypair ();
expect (() => { await expectAsync ((async () => {
const str = crypto.sign_object (obj, k.private_key); const str = await crypto.sign_object (obj, k.private_key);
expect (typeof str) expect (typeof str)
.toEqual ('string'); .toEqual ('string');
}).not.toThrow (); }) ())
.toBeResolved ();
}); });
it ('verify_signature with rsa key', () => { it ('verify_signature with rsa key', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = 'U1GcsN3yZzSKxPH8jhCGTKiswfazB9rMfUtE5351LT11t6EmS7xfPjnt' const str = 'U1GcsN3yZzSKxPH8jhCGTKiswfazB9rMfUtE5351LT11t6EmS7xfPjnt'
+ '.5ytniC6q2ovoF7ZqbD8qk9r2kjjAcA9EYhLwC3wwJKPPsKdHSTFd7d9TzBP1skQ98X' + '.5ytniC6q2ovoF7ZqbD8qk9r2kjjAcA9EYhLwC3wwJKPPsKdHSTFd7d9TzBP1skQ98X'
@ -54,12 +56,12 @@ describe ('signatures', () => {
+ 'dUmjCLWrOzx8SqdqJYmQJX+6GNswnvVF30bkW+/MJZF/P2jLFtSa24Monh7axIqx\n' + 'dUmjCLWrOzx8SqdqJYmQJX+6GNswnvVF30bkW+/MJZF/P2jLFtSa24Monh7axIqx\n'
+ '8HG0xDw1Z98WV9oQh/vDP/KAs1cPp0AJlwIDAQAB\n' + '8HG0xDw1Z98WV9oQh/vDP/KAs1cPp0AJlwIDAQAB\n'
+ '-----END RSA PUBLIC KEY-----\n'; + '-----END RSA PUBLIC KEY-----\n';
const ver = crypto.verify_signature (str, key); const ver = await crypto.verify_signature (str, key);
expect (ver) expect (ver)
.toEqual (obj); .toEqual (obj);
}); });
it ('verify_signature reject with rsa key', () => { it ('verify_signature reject with rsa key', async () => {
const str = 'U1GcsN3yZzSKxPH8jhCGTKiswfazB9rMfUtE5351LT11t6EmS7xfPjnt' const str = 'U1GcsN3yZzSKxPH8jhCGTKiswfazB9rMfUtE5351LT11t6EmS7xfPjnt'
+ '.5ytniC6q2ovoF7ZqbD8qk9r2kjjAcA9EYhLwC3wwJKPPsKdHSTFd7d9TzBP1skQ98X' + '.5ytniC6q2ovoF7ZqbD8qk9r2kjjAcA9EYhLwC3wwJKPPsKdHSTFd7d9TzBP1skQ98X'
+ 'LjRUkc2M8M84LmWLg76EvcY2pw6HwsFvCUoZYcKAJp3vkp9MQVrVYdHKMPkBjQKyy2V' + 'LjRUkc2M8M84LmWLg76EvcY2pw6HwsFvCUoZYcKAJp3vkp9MQVrVYdHKMPkBjQKyy2V'
@ -75,179 +77,185 @@ describe ('signatures', () => {
+ 'dUmjCLWrOzx8SqdqJYmQJX+6GNswnvVF30bkW+/MJZF/P2jLFtSa24Monh7axIqx\n' + 'dUmjCLWrOzx8SqdqJYmQJX+6GNswnvVF30bkW+/MJZF/P2jLFtSa24Monh7axIqx\n'
+ '8HG0xDw1Z98WV9oQh/vDP/KAs1cPp0AJlwIDAQAB\n' + '8HG0xDw1Z98WV9oQh/vDP/KAs1cPp0AJlwIDAQAB\n'
+ '-----END RSA PUBLIC KEY-----\n'; + '-----END RSA PUBLIC KEY-----\n';
const ver = crypto.verify_signature (str, key); const ver = await crypto.verify_signature (str, key);
expect (ver) expect (ver)
.toBeNull (); .toBeNull ();
}); });
it ('should sign object with key info', () => { it ('should sign object with key info', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
expect (() => { await expectAsync ((async () => {
const str = crypto.sign_object (obj, 'baz', 'baz'); const str = crypto.sign_object (obj, 'baz', 'baz');
const res = crypto.get_signature_info (str); const res = await crypto.get_signature_info (str);
expect (res.key_info) expect (res.key_info)
.toEqual ('baz'); .toEqual ('baz');
}).not.toThrow (); }) ())
.toBeResolved ();
}); });
it ('should sign object with custom properties', () => { it ('should sign object with custom properties', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
expect (() => { await expectAsync ((async () => {
const str = crypto.sign_object (obj, 'baz', { bar: 'baz' }); const str = crypto.sign_object (obj, 'baz', { bar: 'baz' });
const res = crypto.get_signature_info (str); const res = await crypto.get_signature_info (str);
expect (res.bar) expect (res.bar)
.toEqual ('baz'); .toEqual ('baz');
}).not.toThrow (); }) ())
.toBeResolved ();
}); });
it ('should sign object with custom override properties', () => { it ('should sign object with custom override properties', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
expect (() => { await expectAsync ((async () => {
const str = crypto.sign_object (obj, 'baz', { iat: 'baz' }); const str = crypto.sign_object (obj, 'baz', { iat: 'baz' });
const res = crypto.get_signature_info (str); const res = await crypto.get_signature_info (str);
expect (res.iat) expect (res.iat)
.toEqual ('baz'); .toEqual ('baz');
}).not.toThrow (); }) ())
.toBeResolved ();
}); });
it ('decode_signed', () => { it ('decode_signed', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
const dec = crypto.decode_signed (str); const dec = await crypto.decode_signed (str);
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('verify_signature', () => { it ('verify_signature', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
const dec = crypto.verify_signature (str, 'baz'); const dec = await crypto.verify_signature (str, 'baz');
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('should verify and return all info', () => { it ('should verify and return all info', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz', { iat: 'baz' }); const str = crypto.sign_object (obj, 'baz', { iat: 'baz' });
const dec = crypto.verify_signature_get_info (str, 'baz'); const dec = await crypto.verify_signature_get_info (str, 'baz');
expect (dec.obj) expect (dec.obj)
.toEqual (obj); .toEqual (obj);
expect (dec.iat) expect (dec.iat)
.toEqual ('baz'); .toEqual ('baz');
}); });
it ('should verify signature using function retrieved key', () => { it ('should verify signature using function retrieved key', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
const dec = crypto.verify_signature (str, () => 'baz'); const dec = await crypto.verify_signature (str, () => 'baz');
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('should verify signature using function retrieved timeout 0', () => { it (
'should verify signature using function retrieved timeout 0',
async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
const dec = crypto.verify_signature (str, 'baz', () => 0); const dec = await crypto.verify_signature (str, 'baz', () => 0);
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); }
);
it ('should reject tampered signatures', () => { it ('should reject tampered signatures', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
const dec = crypto.verify_signature (str, 'foo'); const dec = await crypto.verify_signature (str, 'foo');
expect (dec) expect (dec)
.toEqual (null); .toEqual (null);
}); });
it ('should return null on invalid input', () => { it ('should return null on invalid input', async () => {
const ver = crypto.verify_signature (null, 'foo'); const ver = await crypto.verify_signature (null, 'foo');
expect (ver) expect (ver)
.toEqual (null); .toEqual (null);
const dec = crypto.decode_signed (null, 'foo'); const dec = await crypto.decode_signed (null);
expect (dec) expect (dec)
.toEqual (null); .toEqual (null);
}); });
it ('should not fail verification if timeout unspecified', () => { it ('should not fail verification if timeout unspecified', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
jasmine.clock () jasmine.clock ()
.tick (36e5); .tick (36e5);
const dec = crypto.verify_signature (str, 'baz'); const dec = await crypto.verify_signature (str, 'baz');
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('should reject old signatures', () => { it ('should reject old signatures', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
jasmine.clock () jasmine.clock ()
.tick (50); .tick (50);
const dec = crypto.verify_signature (str, 'baz', 1); const dec = await crypto.verify_signature (str, 'baz', 1);
expect (dec) expect (dec)
.toEqual (null); .toEqual (null);
}); });
it ('should not reject valid signatures', () => { it ('should not reject valid signatures', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
jasmine.clock () jasmine.clock ()
.tick (50); .tick (50);
const dec = crypto.verify_signature (str, 'baz', 100); const dec = await crypto.verify_signature (str, 'baz', 100);
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('should verify signature using function retrieved timeout', () => { it ('should verify signature using function retrieved timeout', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz', { to: 100 }); const str = crypto.sign_object (obj, 'baz', { to: 100 });
jasmine.clock () jasmine.clock ()
.tick (50); .tick (50);
const dec = crypto.verify_signature (str, 'baz', (info) => info.to); const dec = await crypto.verify_signature (str, 'baz', (info) => info.to);
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('verify_signature on almost timed out packet', () => { it ('verify_signature on almost timed out packet', async () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
jasmine.clock () jasmine.clock ()
.tick (10); .tick (10);
const dec = crypto.verify_signature (str, 'baz', 10); const dec = await crypto.verify_signature (str, 'baz', 10);
expect (obj) expect (obj)
.toEqual (dec); .toEqual (dec);
}); });
it ('should decode problematic token', () => { it ('should decode problematic token', async () => {
// eslint-disable-next-line max-len // eslint-disable-next-line max-len
const str = 'wEJbzvUywiaiGWZUG6CtCXNkNmRGyVoi9icytpTe4gZhsb8Gk.5PZbhGL525mdV7EmYomTwUei6qULpLaZwSXy92eaUDNgbyXPHsr9dfUCeEBpTqmzuq3VtmmV43epUyWRoHocAsV3.2'; const str = 'wEJbzvUywiaiGWZUG6CtCXNkNmRGyVoi9icytpTe4gZhsb8Gk.5PZbhGL525mdV7EmYomTwUei6qULpLaZwSXy92eaUDNgbyXPHsr9dfUCeEBpTqmzuq3VtmmV43epUyWRoHocAsV3.2';
const obj = crypto.decode_signed (str); const obj = await crypto.decode_signed (str);
expect (obj) expect (obj)
.toEqual ({ id: 1 }); .toEqual ({ id: 1 });
}); });
it ('should automatically reencode b64 tokens', () => { it ('should automatically reencode b64 tokens', async () => {
// eslint-disable-next-line max-len // eslint-disable-next-line max-len
const str = 'eyJpYXQiOjE1ODE0NDAwMTIyODgsIm9iaiI6eyJpZCI6MX19.24ZOsWrnfkNe%2FbM0r7DaVJMqE2bfn2aAM%2BZSzWeSf31OCTlXXNWD34RBL2X5v3UliYQ4IIsLNBFbaW9texPHug%3D%3D'; const str = 'eyJpYXQiOjE1ODE0NDAwMTIyODgsIm9iaiI6eyJpZCI6MX19.24ZOsWrnfkNe%2FbM0r7DaVJMqE2bfn2aAM%2BZSzWeSf31OCTlXXNWD34RBL2X5v3UliYQ4IIsLNBFbaW9texPHug%3D%3D';
const obj = crypto.decode_signed (str); const obj = await crypto.decode_signed (str);
expect (obj) expect (obj)
.toEqual ({ id: 1 }); .toEqual ({ id: 1 });
}); });
it ('verify_signature on b64 string', () => { it ('verify_signature on b64 string', async () => {
// eslint-disable-next-line max-len // eslint-disable-next-line max-len
const str = 'eyJpYXQiOjE2MDkzNDQ4MDMyMjcsIm9iaiI6eyJpZCI6MX19.N762xuMaNbT%2Fqb0uTKST68BZgSnmNxXaHl4GY7iAKqaDDEwZn3biYfg5DgJ45QgPZrndchczDjUqLkyXoqw4KQ%3D%3D'; const str = 'eyJpYXQiOjE2MDkzNDQ4MDMyMjcsIm9iaiI6eyJpZCI6MX19.N762xuMaNbT%2Fqb0uTKST68BZgSnmNxXaHl4GY7iAKqaDDEwZn3biYfg5DgJ45QgPZrndchczDjUqLkyXoqw4KQ%3D%3D';
const obj = crypto.verify_signature (str, 'baz'); const obj = await crypto.verify_signature (str, 'baz');
expect (obj) expect (obj)
.toEqual ({ id: 1 }); .toEqual ({ id: 1 });
}); });