1 |
|
2 |
|
3 |
|
4 |
|
5 |
|
6 |
|
7 |
|
8 |
|
9 |
|
10 |
|
11 | 'use strict'
|
12 |
|
13 | import { Aescbc } from './aescbc'
|
14 | import { Hash } from './hash'
|
15 | import { Random } from './random'
|
16 | import { Workers } from './workers'
|
17 | import { cmp } from './cmp'
|
18 |
|
19 | class Ach { }
|
20 |
|
21 | Ach.encrypt = function (messageBuf, cipherKeyBuf, ivBuf) {
|
22 | const encBuf = Aescbc.encrypt(messageBuf, cipherKeyBuf, ivBuf)
|
23 | const hmacbuf = Hash.sha256Hmac(encBuf, cipherKeyBuf)
|
24 | return Buffer.concat([hmacbuf, encBuf])
|
25 | }
|
26 |
|
27 | Ach.asyncEncrypt = async function (messageBuf, cipherKeyBuf, ivBuf) {
|
28 | if (!ivBuf) {
|
29 | ivBuf = Random.getRandomBuffer(128 / 8)
|
30 | }
|
31 | const args = [messageBuf, cipherKeyBuf, ivBuf]
|
32 | const workersResult = await Workers.asyncClassMethod(Ach, 'encrypt', args)
|
33 | return workersResult.resbuf
|
34 | }
|
35 |
|
36 | Ach.decrypt = function (encBuf, cipherKeyBuf) {
|
37 | if (encBuf.length < (256 + 128 + 128) / 8) {
|
38 | throw new Error(
|
39 | 'The encrypted data must be at least 256+128+128 bits, which is the length of the Hmac plus the iv plus the smallest encrypted data size'
|
40 | )
|
41 | }
|
42 | const hmacbuf = encBuf.slice(0, 256 / 8)
|
43 | encBuf = encBuf.slice(256 / 8, encBuf.length)
|
44 | const hmacbuf2 = Hash.sha256Hmac(encBuf, cipherKeyBuf)
|
45 | if (!cmp(hmacbuf, hmacbuf2)) {
|
46 | throw new Error(
|
47 | 'Message authentication failed - Hmacs are not equivalent'
|
48 | )
|
49 | }
|
50 | return Aescbc.decrypt(encBuf, cipherKeyBuf)
|
51 | }
|
52 |
|
53 | Ach.asyncDecrypt = async function (encBuf, cipherKeyBuf) {
|
54 | const args = [encBuf, cipherKeyBuf]
|
55 | const workersResult = await Workers.asyncClassMethod(Ach, 'decrypt', args)
|
56 | return workersResult.resbuf
|
57 | }
|
58 |
|
59 | export { Ach }
|