1 | var crypto = require('crypto')
|
2 | var Base = require('../base')
|
3 |
|
4 | var SALT_HEX = '985ceb6dcec614f4a6cb156e7e2a14398cf964b1568f4d2213b60a6449d7c1d9'
|
5 | var SALT = new Buffer(SALT_HEX, 'hex')
|
6 | var KEY = null
|
7 |
|
8 | var getKey = function(){
|
9 | return (KEY || Base.env.IX_ENCRYPTION_KEY)
|
10 | }
|
11 |
|
12 | exports.setKey = function(key){
|
13 | KEY = key
|
14 | }
|
15 |
|
16 | exports.decrypt = function(cipherParams, cb_err_data){
|
17 | crypto.pbkdf2(getKey(), SALT, 256, 256/8, function(err, key){
|
18 | if (err) { cb_err_data(err); return }
|
19 | try {
|
20 | var ivBuf = new Buffer(cipherParams.iv, 'hex')
|
21 | var decipher = crypto.createDecipheriv('aes-256-cbc', key, ivBuf)
|
22 | decipher.end(cipherParams.ct, 'hex')
|
23 | var plaintext = decipher.read().toString('utf8')
|
24 | var data = JSON.parse(plaintext.slice(16))
|
25 | cb_err_data(null, data)
|
26 | }
|
27 | catch(e) {
|
28 | cb_err_data(e)
|
29 | }
|
30 | })
|
31 | }
|
32 |
|
33 | exports.encryptingResponder = function(responder){
|
34 | return function(err, data){
|
35 | var ptParams = { err: err, data: data }
|
36 | crypto.pseudoRandomBytes(12, function(err, prefixBuf){
|
37 | if (err) { responder(err); return }
|
38 | var prefix = prefixBuf.toString('base64')
|
39 | var plaintext = prefix+JSON.stringify(ptParams)
|
40 | crypto.pbkdf2(getKey(), SALT, 256, 256/8, function(err, key){
|
41 | if (err) { responder(err); return }
|
42 | crypto.pseudoRandomBytes(128/8, function(err, iv){
|
43 | if (err) { responder(err); return }
|
44 | var cipher = crypto.createCipheriv('aes-256-cbc', key, iv)
|
45 | cipher.end(plaintext)
|
46 | var ciphertext = ''
|
47 | var ctBuf = null
|
48 | while (ctBuf = cipher.read()) {
|
49 | ciphertext += ctBuf.toString('hex')
|
50 | }
|
51 | responder(null, { ct: ciphertext, iv: iv.toString('hex') })
|
52 | })
|
53 | })
|
54 | })
|
55 | }
|
56 | }
|