crypto: Replaced all crypto API calls to use kruptein module

valery-barysok · Dec 30, 2019 · 1d1dc0b · 1d1dc0b
1 parent 2e85941
commit 1d1dc0b
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 2,461 deletions.
diff --git a/lib/session-file-helpers.js b/lib/session-file-helpers.js
@@ -4,14 +4,11 @@ var path = require('path');
 var retry = require('retry');
 var childProcess = require('child_process');
 var Bagpipe = require('bagpipe');
-var crypto = require('crypto');
 var objectAssign = require('object-assign');
 var isWindows = process.platform === 'win32';
 
 var helpers = {
 
-  encAlgorithm: 'aes-256-ctr',
-
   isSecret: function (secret) {
     return secret !== undefined && secret != null;
   },
@@ -62,6 +59,11 @@ var helpers = {
     decoder: JSON.parse,
     encryptEncoding: 'hex',
     fileExtension: '.json',
+    crypto: {
+      algorithm: "aes-256-gcm",
+      hashing: "sha512",
+      use_scrypt: true
+    },
     keyFunction: function (secret, sessionId) {
       return secret + sessionId;
     },
@@ -72,6 +74,9 @@ var helpers = {
     options.path = path.normalize(options.path);
     options.filePattern = helpers.getFilePatternFromFileExtension(options.fileExtension);
 
+    if (helpers.isSecret(options.secret))
+      options.kruptein = require('kruptein')(options.crypto);
+
     return options;
   },
 
@@ -169,8 +174,12 @@ var helpers = {
 
         if (!err) {
           var json;
+
+          if (helpers.isSecret(options.secret))
+            data = options.decoder(helpers.decrypt(options, data, sessionId));
+
           try {
-            json = options.decoder(helpers.isSecret(options.secret) ? helpers.decrypt(options, data, sessionId) : data);
+            json = options.decoder(data);
           } catch (parseError) {
             return fs.remove(sessionPath, function (removeError) {
               if (removeError) {
@@ -215,7 +224,7 @@ var helpers = {
       var sessionPath = helpers.sessionPath(options, sessionId);
       var json = options.encoder(session);
       if (helpers.isSecret(options.secret)) {
-        json = helpers.encrypt(options, json, sessionId)
+        json = helpers.encrypt(options, json, sessionId);
       }
       writeFileAtomic(sessionPath, json, function (err) {
         if (callback) {
@@ -376,44 +385,30 @@ var helpers = {
   },
 
   encrypt: function (options, data, sessionId) {
-    var prefix = 'IV;';
-    var key = options.keyFunction(options.secret, sessionId);
-    var hashedKey = crypto.createHash('sha256').update(key).digest();
-    var iv = crypto.randomBytes(16);
-    var cipher = crypto.createCipheriv(helpers.encAlgorithm, hashedKey, iv);
-    var crypted = cipher.update(data, options.encoding, options.encryptEncoding);
-    var cryptedFinal = cipher.final(options.encryptEncoding);
-    if (typeof cryptedFinal === 'string') {
-      return prefix + iv.toString(options.encryptEncoding || 'hex') + crypted + cryptedFinal;
-    } else {
-      return Buffer.concat([Buffer.from(prefix), iv, crypted, cryptedFinal], prefix.length + iv.length + crypted.length + cryptedFinal.length);
-    }
+    var ciphertext = null;
+
+    options.kruptein.set(options.secret, data, function(err, ct) {
+      if (err)
+        throw err;
+
+      ciphertext = ct;
+    });
+
+    return ciphertext;
   },
 
   decrypt: function (options, data, sessionId) {
-    var prefix = 'IV;';
-    var key = options.keyFunction(options.secret, sessionId);
-    var hashedKey = crypto.createHash('sha256').update(key).digest();
-    var hasIV = typeof data === 'string' ?
-      data.indexOf(prefix) === 0 :
-      Buffer.compare(data.slice(0, 3), Buffer.from(prefix)) === 0;
-    if (hasIV) {
-      var ivDataBuffer = typeof data === 'string' ? Buffer.from(data.slice(prefix.length), options.encryptEncoding || 'hex') : data.slice(prefix.length);
-      var iv = ivDataBuffer.slice(0, 16);
-      var decipher = crypto.createDecipheriv(helpers.encAlgorithm, hashedKey, iv);
-      var encryptedText = ivDataBuffer.slice(16);
-    } else {
-      var decipher = crypto.createDecipher(helpers.encAlgorithm, options.keyFunction(options.secret, sessionId));
-      var encryptedText = data;
-    }
-    var dec = decipher.update(encryptedText, options.encryptEncoding, options.encoding);
-    var decFinal = decipher.final(options.encoding);
-    if (typeof decFinal === 'string') {
-      return dec + decFinal;
-    } else {
-      return Buffer.concat([dec, decFinal], dec.length + decFinal.length);
-    }
+    var plaintext = null;
+
+    options.kruptein.get(options.secret, data, function(err, pt) {
+      if (err)
+        throw err;
+
+      plaintext = pt;
+    });
+
+    return plaintext;
   }
 };
 
-module.exports = helpers;
+module.exports = helpers;