@naturalcycles/nodejs-lib/dist/security/crypto.util.js

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.encryptString = exports.decryptString = exports.encryptObject = exports.decryptObject = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
const crypto = require("node:crypto");
const js_lib_1 = require("@naturalcycles/js-lib");
const hash_util_1 = require("./hash.util");
const algorithm = 'aes-256-cbc';
/**
 * Using aes-256-cbc
 */
function encryptRandomIVBuffer(input, secretKeyBase64) {
    // md5 to match aes-256 key length of 32 bytes
    const key = (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
    // Random iv to achieve non-deterministic encryption (but deterministic decryption)
    const iv = crypto.randomBytes(16);
    const cipher = crypto.createCipheriv(algorithm, key, iv);
    return Buffer.concat([iv, cipher.update(input), cipher.final()]);
}
exports.encryptRandomIVBuffer = encryptRandomIVBuffer;
/**
 * Using aes-256-cbc
 */
function decryptRandomIVBuffer(input, secretKeyBase64) {
    // md5 to match aes-256 key length of 32 bytes
    const key = (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
    // iv is first 16 bytes of encrypted buffer, the rest is payload
    const iv = input.subarray(0, 16);
    const payload = input.subarray(16);
    const decipher = crypto.createDecipheriv(algorithm, key, iv);
    return Buffer.concat([decipher.update(payload), decipher.final()]);
}
exports.decryptRandomIVBuffer = decryptRandomIVBuffer;
/**
 * Decrypts all object values.
 * Returns object with decrypted values.
 */
function decryptObject(obj, secretKey) {
    const { key, iv } = getCryptoParams(secretKey);
    const r = {};
    (0, js_lib_1._stringMapEntries)(obj).forEach(([k, v]) => {
        const decipher = crypto.createDecipheriv(algorithm, key, iv);
        r[k] = decipher.update(v, 'base64', 'utf8') + decipher.final('utf8');
    });
    return r;
}
exports.decryptObject = decryptObject;
function encryptObject(obj, secretKey) {
    const { key, iv } = getCryptoParams(secretKey);
    const r = {};
    (0, js_lib_1._stringMapEntries)(obj).forEach(([k, v]) => {
        const cipher = crypto.createCipheriv(algorithm, key, iv);
        r[k] = cipher.update(v, 'utf8', 'base64') + cipher.final('base64');
    });
    return r;
}
exports.encryptObject = encryptObject;
/**
 * Using aes-256-cbc
 */
function decryptString(str, secretKey) {
    const { key, iv } = getCryptoParams(secretKey);
    const decipher = crypto.createDecipheriv(algorithm, key, iv);
    return decipher.update(str, 'base64', 'utf8') + decipher.final('utf8');
}
exports.decryptString = decryptString;
/**
 * Using aes-256-cbc
 */
function encryptString(str, secretKey) {
    const { key, iv } = getCryptoParams(secretKey);
    const cipher = crypto.createCipheriv(algorithm, key, iv);
    return cipher.update(str, 'utf8', 'base64') + cipher.final('base64');
}
exports.encryptString = encryptString;
function getCryptoParams(secretKey) {
    const key = (0, hash_util_1.md5)(secretKey);
    const iv = (0, hash_util_1.md5)(secretKey + key).slice(0, 16);
    return { key, iv };
}