Timo/crypto-helper
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

object signature improvements
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Timo Hocker 2020-12-13 13:09:34 +01:00
parent b12ffc17b8
commit 4d6e028fca
6 changed files with 93 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@
# stryker temp files # stryker temp files
.stryker-tmp .stryker-tmp
*.log *.log
*.d.ts

7
CHANGELOG.md
View File

@ -1,5 +1,12 @@
# CHANGELOG # CHANGELOG
## 1.2.0
object signing:
- custom properties
- keys retrievable using functions
## 1.1.0 ## 1.1.0
aes encryption functions aes encryption functions

4
README.md
View File

@ -1,6 +1,6 @@
# @sapphirecode/crypto-helper # @sapphirecode/crypto-helper
version: 1.1.x version: 1.2.x
simple functions for cryptography simple functions for cryptography
@ -30,6 +30,8 @@ const signed = crypto.sign_object({foo: 'bar'}, 'secret');
const info = crypto.get_signature_info(signed); // returns an object with iat (issued at), key_info and data const info = crypto.get_signature_info(signed); // returns an object with iat (issued at), key_info and data
const dec = crypto.decode_signed(signed); // decode a signed object without verifying the signature const dec = crypto.decode_signed(signed); // decode a signed object without verifying the signature
const ver = crypto.verify_signature(signed, 'secret', 10000); // verifies the signature and returns the contents. the timeout is in milliseconds and optional, timing will be ignored if omitted. const ver = crypto.verify_signature(signed, 'secret', 10000); // verifies the signature and returns the contents. the timeout is in milliseconds and optional, timing will be ignored if omitted.
const ver_info = crypto.verify_signature_get_info(signed, 'secret', 10000); // verify a signature and get signature information like iat and key_info
const ver_func = crypto.verify_signature(signed, (signature_info)=>'secret', 10000); // verify a signature, retrieve the key using the signature info
// encryption // encryption
const enc = crypto.encrypt_aes('foo', 'bar'); const enc = crypto.encrypt_aes('foo', 'bar');

37
index.js
View File

@ -94,11 +94,15 @@ function hash_sha512 (str, salt) {
* *
* @param {any} obj object to sign * @param {any} obj object to sign
* @param {string} key key to use * @param {string} key key to use
* @param {string} key_info key identifier * @param {string|Object} key_info key identifier
* @returns {string} signed object * @returns {string} signed object
*/ */
function sign_object (obj, key, key_info = null) { function sign_object (obj, key, key_info = null) {
const payload = { iat: Date.now (), key_info, obj }; const payload = {
iat: Date.now (),
obj,
...(typeof key_info === 'object' ? key_info : { key_info })
};
const str = encoding.to_b64 (JSON.stringify (payload)); const str = encoding.to_b64 (JSON.stringify (payload));
const token = encoding.to_b64 (hash_sha512 (str, key), 'hex'); const token = encoding.to_b64 (hash_sha512 (str, key), 'hex');
const res = `${str}.${token}`; const res = `${str}.${token}`;
@ -106,27 +110,43 @@ function sign_object (obj, key, key_info = null) {
} }
/** /**
* verify a signed object and return its contents * verify a signed object and return its info and contents
* *
* @param {string} str string to verify * @param {string} str string to verify
* @param {string} key used key * @param {string|(Object)=>string} key used key
* @param {number} timeout timeout (optional) * @param {number} timeout timeout (optional)
* @returns {any} returns object if successful, else null * @returns {any} returns object if successful, else null
*/ */
function verify_signature (str, key, timeout = 0) { function verify_signature_get_info (str, key, timeout = 0) {
if (typeof str !== 'string') if (typeof str !== 'string')
return null; return null;
const dec = decodeURIComponent (str) const dec = decodeURIComponent (str)
.split ('.'); .split ('.');
const json = JSON.parse (encoding.to_utf8 (dec[0], 'base64')); const json = JSON.parse (encoding.to_utf8 (dec[0], 'base64'));
const token = encoding.to_hex (dec[1], 'base64'); const token = encoding.to_hex (dec[1], 'base64');
const verify_token = hash_sha512 (dec[0], key); const string_key = typeof key === 'string' ? key : key (json);
const verify_token = hash_sha512 (dec[0], string_key);
if (token !== verify_token) if (token !== verify_token)
return null; return null;
const time = Date.now () - json.iat; const time = Date.now () - json.iat;
if (timeout !== 0 && time > timeout) if (timeout !== 0 && time > timeout)
return null; return null;
return json.obj; return json;
}
/**
* verify a signed object and return its contents
*
* @param {string} str string to verify
* @param {string|(Object)=>string} key used key
* @param {number} timeout timeout (optional)
* @returns {any} returns object if successful, else null
*/
function verify_signature (str, key, timeout = 0) {
const res = verify_signature_get_info (str, key, timeout);
if (res === null)
return null;
return res.obj;
} }
/** /**
@ -255,6 +275,7 @@ module.exports = {
random_hex, random_hex,
random_string, random_string,
sign_object, sign_object,
verify_signature verify_signature,
verify_signature_get_info
}; };

7
package.json
View File

@ -1,6 +1,6 @@
{ {
"name": "@sapphirecode/crypto-helper", "name": "@sapphirecode/crypto-helper",
"version": "1.1.62", "version": "1.2.0",
"main": "index.js", "main": "index.js",
"author": { "author": {
"name": "Timo Hocker", "name": "Timo Hocker",
@ -40,5 +40,8 @@
"LICENSE", "LICENSE",
"index.js", "index.js",
"index.d.ts" "index.d.ts"
] ],
"engines": {
"node": ">=10.0.0"
}
} }

48
test/spec/index.js
View File

@ -110,6 +110,36 @@ describe ('crypto helper', () => {
}).not.toThrow (); }).not.toThrow ();
}); });
it ('should sign object with key info', () => {
const obj = { foo: 'bar' };
expect (() => {
const str = crypto.sign_object (obj, 'baz', 'baz');
const res = crypto.get_signature_info (str);
expect (res.key_info)
.toEqual ('baz');
}).not.toThrow ();
});
it ('should sign object with custom properties', () => {
const obj = { foo: 'bar' };
expect (() => {
const str = crypto.sign_object (obj, 'baz', { bar: 'baz' });
const res = crypto.get_signature_info (str);
expect (res.bar)
.toEqual ('baz');
}).not.toThrow ();
});
it ('should sign object with custom override properties', () => {
const obj = { foo: 'bar' };
expect (() => {
const str = crypto.sign_object (obj, 'baz', { iat: 'baz' });
const res = crypto.get_signature_info (str);
expect (res.iat)
.toEqual ('baz');
}).not.toThrow ();
});
it ('decode_signed', () => { it ('decode_signed', () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');
@ -126,6 +156,24 @@ describe ('crypto helper', () => {
.toEqual (dec); .toEqual (dec);
}); });
it ('should verify and return all info', () => {
const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz', { iat: 'baz' });
const dec = crypto.verify_signature_get_info (str, 'baz');
expect (dec.obj)
.toEqual (obj);
expect (dec.iat)
.toEqual ('baz');
});
it ('should verify signature using function retrieved key', () => {
const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz');
const dec = crypto.verify_signature (str, () => 'baz');
expect (obj)
.toEqual (dec);
});
it ('should reject tampered signatures', () => { it ('should reject tampered signatures', () => {
const obj = { foo: 'bar' }; const obj = { foo: 'bar' };
const str = crypto.sign_object (obj, 'baz'); const str = crypto.sign_object (obj, 'baz');