Created
August 20, 2018 15:28
-
-
Save vnoder/e33c4dc5223bbc2899bf2acb8c78a5dd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | |
| * securesocks encryptor | |
| * Name Alias KeySize Salt Size Nonce Size Tag Size | |
| * AEAD_AES_256_GCM aes-256-gcm 32 32 12 16 | |
| * AEAD_AES_192_GCM aes-192-gcm 24 24 12 16 | |
| * AEAD_AES_128_GCM aes-128-gcm 16 16 12 16 | |
| */ | |
| import * as crypto from 'crypto'; | |
| export const EncryptMethod = { | |
| "aes-128-gcm": "aes-128-gcm", | |
| "aes-192-gcm": "aes-192-gcm", | |
| "aes-256-gcm": "aes-256-gcm", | |
| } | |
| export const KeyAndIvLen = { | |
| 'aes-128-gcm': [16, 12, 16, 16],// [keylen,ivlen, saltlen, taglen] | |
| 'aes-192-gcm': [24, 12, 24, 16], | |
| 'aes-256-gcm': [32, 12, 32, 16], | |
| } | |
| /** | |
| * encrypor | |
| * | |
| * usage exmaple | |
| * ``` | |
| * let masterKey = "pass" | |
| * let encryptData:Buffer = Encryptor.encrypt(Buffer.from("hello"), EncryptMethod["aes-256-gcm"], masterKey); | |
| * let plainText = Encryptor.decrypt(encryptData, EncryptMethod["aes-256-gcm"], masterKey).toString(); | |
| * | |
| * ``` | |
| */ | |
| export class Encryptor { | |
| /** | |
| * encrypt data by given key | |
| * @param data - data to encrypt, buffer or text | |
| * @param method - encrypt method | |
| * @param masterkey - encrypt masterkey | |
| */ | |
| static encrypt(data: Buffer, method: string, masterkey: string): Buffer { | |
| let ivMap = KeyAndIvLen[method]; | |
| if (!ivMap) { | |
| return null; | |
| } | |
| let keyLen = ivMap[0]; | |
| let ivLen = ivMap[1]; | |
| let saltLen = ivMap[2]; | |
| let iv = crypto.randomBytes(ivLen); | |
| let salt = crypto.randomBytes(saltLen); | |
| // derive key | |
| let key = crypto.pbkdf2Sync(masterkey, salt, 2145, keyLen, 'sha512'); | |
| let cipher = <crypto.CipherGCM>crypto.createCipheriv(method, key, iv); | |
| // encrypt the given text | |
| let encrypted = Buffer.concat([cipher.update(data), cipher.final()]); | |
| let tag = cipher.getAuthTag(); | |
| return Buffer.concat([salt, iv, tag, encrypted]); | |
| } | |
| /** | |
| * decrypts text by given key | |
| * @param data - encrypt data | |
| * @param method - encrypt method | |
| * @param masterKey - encrypt masterkey | |
| * @param keyLen - derive key length | |
| */ | |
| static decrypt(data: Buffer, method: string, masterkey: string): Buffer { | |
| let ivMap = KeyAndIvLen[method]; | |
| if (!ivMap) { | |
| return null; | |
| } | |
| let keyLen = ivMap[0]; | |
| let ivLen = ivMap[1]; | |
| let saltLen = ivMap[2]; | |
| let salt = data.slice(0, saltLen); | |
| let iv = data.slice(saltLen, saltLen + ivLen); | |
| let tag = data.slice(saltLen + ivLen, saltLen + ivLen + 16); | |
| let text = data.slice(saltLen + ivLen + 16); | |
| // derive key | |
| let key = crypto.pbkdf2Sync(masterkey, salt, 2145, keyLen, 'sha512'); | |
| let decipher = <crypto.DecipherGCM>crypto.createDecipheriv(method, key, iv); | |
| decipher.setAuthTag(tag); | |
| // encrypt the given text | |
| return Buffer.concat([decipher.update(text), decipher.final()]); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment