crypto: use secret directly instead of deriving key
This commit is contained in:
parent
fc39ac76b6
commit
7fab5a37ff
3 changed files with 6 additions and 9 deletions
|
@ -128,7 +128,7 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
|
|||
const q = req.query;
|
||||
const checkQueries = q.t && q.e && q.h && q.s && q.i;
|
||||
const checkBaseLength = q.t.length === 21 && q.e.length === 13;
|
||||
const checkSafeLength = q.h.length === 43 && q.s.length === 342 && q.i.length === 22;
|
||||
const checkSafeLength = q.h.length === 43 && q.s.length === 43 && q.i.length === 22;
|
||||
|
||||
if (checkQueries && checkBaseLength && checkSafeLength) {
|
||||
let streamInfo = verifyStream(q.t, q.h, q.e, q.s, q.i);
|
||||
|
|
|
@ -20,7 +20,7 @@ const hmacSalt = randomBytes(64).toString('hex');
|
|||
export function createStream(obj) {
|
||||
const streamID = nanoid(),
|
||||
iv = randomBytes(16).toString('base64url'),
|
||||
secret = randomBytes(256).toString('base64url'),
|
||||
secret = randomBytes(32).toString('base64url'),
|
||||
exp = new Date().getTime() + streamLifespan,
|
||||
hmac = generateHmac(`${streamID},${exp},${iv},${secret}`, hmacSalt),
|
||||
streamData = {
|
||||
|
|
|
@ -1,25 +1,22 @@
|
|||
import { createHmac, createCipheriv, createDecipheriv, scryptSync } from "crypto";
|
||||
|
||||
const algorithm = "aes256"
|
||||
const keyLength = 32;
|
||||
|
||||
export function generateHmac(str, salt) {
|
||||
return createHmac("sha256", salt).update(str).digest("base64url");
|
||||
}
|
||||
|
||||
export function encryptStream(plaintext, iv, secret) {
|
||||
const buff = Buffer.from(JSON.stringify(plaintext), "utf-8");
|
||||
|
||||
const key = scryptSync(Buffer.from(secret, "base64url"), "salt", keyLength);
|
||||
const buff = Buffer.from(JSON.stringify(plaintext));
|
||||
const key = Buffer.from(secret, "base64url");
|
||||
const cipher = createCipheriv(algorithm, key, Buffer.from(iv, "base64url"));
|
||||
|
||||
return Buffer.concat([ cipher.update(buff), cipher.final() ])
|
||||
}
|
||||
|
||||
export function decryptStream(ciphertext, iv, secret) {
|
||||
const buff = Buffer.from(ciphertext, "binary");
|
||||
|
||||
const key = scryptSync(Buffer.from(secret, "base64url"), "salt", keyLength);
|
||||
const buff = Buffer.from(ciphertext);
|
||||
const key = Buffer.from(secret, "base64url");
|
||||
const decipher = createDecipheriv(algorithm, key, Buffer.from(iv, "base64url"));
|
||||
|
||||
return Buffer.concat([ decipher.update(buff), decipher.final() ])
|
||||
|
|
Loading…
Reference in a new issue