fixes

2020-03-04 15:35:04 +01:00 · 2020-03-04 15:35:04 +01:00 · 85e3303341
commit 85e3303341
parent 850515cc42
3 changed files with 4560 additions and 28 deletions
--- a/index.js
+++ b/index.js
@ -3,6 +3,7 @@
 * Created by Timo Hocker <timo@scode.ovh>, March 2020
 */

+// @ts-nocheck
 /* eslint-disable no-magic-numbers */
 'use strict';

@ -13,7 +14,7 @@ const encryption = {
  algorithm:  'aes-256-gcm',
  nonce_size: 12,
  tag_size:   16,
-  key_size:   16,
+  key_size:   32,
  hash:       'sha256',
  salt_size:  16,
  iterations: 32767
@ -181,33 +182,35 @@ function encrypt_aes (text, pass) {
 * @returns {string} plaintext
 */
 function decrypt_aes (ciphertext, pass) {
-  const buf = Buffer.from (ciphertext, 'base64');
-  const salt = buf.slice (0, encryption.salt_size);
-  // eslint-disable-next-line no-sync
-  const key = crypto.pbkdf2Sync (
-    Buffer.from (pass, 'utf-8'),
-    salt,
-    encryption.iterations,
-    encryption.key_size,
-    encryption.hash
-  );
-  const nonce = buf.slice (encryption.salt_size, encryption.nonce_size);
-  const enc = buf.slice (
-    encryption.salt_size + encryption.nonce_size,
-    buf.length - encryption.salt_size - encryption.tag_size
-  );
-  const tag = buf.slice (
-    encryption.salt_size
-    + encryption.nonce_size
-    + enc.length
-  );
-  const cipher = crypto.createDecipheriv (encryption.algorithm, key, nonce);
-  cipher.setAuthTag (tag);
-  return Buffer.concat ([
-    cipher.update (enc),
-    cipher.final ()
-  ])
-    .toString ('utf-8');
+  try {
+    let buf = Buffer.from (ciphertext, 'base64');
+    const salt = buf.slice (0, encryption.salt_size);
+    buf = buf.slice (encryption.salt_size);
+    // eslint-disable-next-line no-sync
+    const key = crypto.pbkdf2Sync (
+      Buffer.from (pass, 'utf-8'),
+      salt,
+      encryption.iterations,
+      encryption.key_size,
+      encryption.hash
+    );
+    const nonce = buf.slice (0, encryption.nonce_size);
+    buf = buf.slice (encryption.nonce_size);
+    const tag = buf.slice (
+      buf.length - encryption.tag_size
+    );
+    buf = buf.slice (0, buf.length - encryption.tag_size);
+    const cipher = crypto.createDecipheriv (encryption.algorithm, key, nonce);
+    cipher.setAuthTag (tag);
+    return Buffer.concat ([
+      cipher.update (buf),
+      cipher.final ()
+    ])
+      .toString ('utf-8');
+  }
+  catch (e) {
+    return null;
+  }
 }

 module.exports = {
--- a/package-lock.json
+++ b/package-lock.json
--- a/test/encryption.js
+++ b/test/encryption.js
@ -1,3 +1,5 @@
+/* eslint-disable no-magic-numbers */
+// @ts-nocheck
 'use strict';

 const test = require ('ava');
@ -19,3 +21,18 @@ test ('fail decryption', (t) => {
  const dec = crypto.decrypt_aes (enc, 'baz');
  t.is (dec, null);
 });
+
+test ('unique crypto strings', (t) => {
+  const enc = [
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar'),
+    crypto.encrypt_aes ('foo', 'bar')
+  ];
+  const unique = enc.filter ((v, i) => enc.indexOf (v) === i).length;
+  t.is (unique, 8);
+});