2018-07-14 03:05:19 +03:00
|
|
|
import 'buffer';
|
2018-07-17 21:40:01 +03:00
|
|
|
import {
|
|
|
|
TStream as TransformStream,
|
|
|
|
RStream as ReadableStream
|
|
|
|
} from './streams';
|
2018-06-04 20:47:55 +03:00
|
|
|
|
|
|
|
const NONCE_LENGTH = 12;
|
|
|
|
const TAG_LENGTH = 16;
|
|
|
|
const KEY_LENGTH = 16;
|
|
|
|
const MODE_ENCRYPT = 'encrypt';
|
|
|
|
const MODE_DECRYPT = 'decrypt';
|
2018-07-05 22:40:49 +03:00
|
|
|
const RS = 1024 * 1024;
|
2018-06-04 20:47:55 +03:00
|
|
|
|
|
|
|
const encoder = new TextEncoder();
|
|
|
|
|
|
|
|
function generateSalt(len) {
|
|
|
|
const randSalt = new Uint8Array(len);
|
2018-07-07 01:49:50 +03:00
|
|
|
crypto.getRandomValues(randSalt);
|
2018-06-04 20:47:55 +03:00
|
|
|
return randSalt.buffer;
|
|
|
|
}
|
|
|
|
|
2018-06-21 23:57:53 +03:00
|
|
|
class ECETransformer {
|
2018-06-04 20:47:55 +03:00
|
|
|
constructor(mode, ikm, rs, salt) {
|
|
|
|
this.mode = mode;
|
|
|
|
this.prevChunk;
|
|
|
|
this.seq = 0;
|
|
|
|
this.firstchunk = true;
|
2018-06-21 03:05:33 +03:00
|
|
|
this.rs = rs;
|
2018-06-04 20:47:55 +03:00
|
|
|
this.ikm = ikm.buffer;
|
2018-06-21 03:05:33 +03:00
|
|
|
this.salt = salt;
|
2018-06-04 20:47:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
async generateKey() {
|
2018-07-07 01:49:50 +03:00
|
|
|
const inputKey = await crypto.subtle.importKey(
|
2018-06-04 20:47:55 +03:00
|
|
|
'raw',
|
|
|
|
this.ikm,
|
|
|
|
'HKDF',
|
|
|
|
false,
|
|
|
|
['deriveKey']
|
|
|
|
);
|
|
|
|
|
2018-07-07 01:49:50 +03:00
|
|
|
return crypto.subtle.deriveKey(
|
2018-06-04 20:47:55 +03:00
|
|
|
{
|
|
|
|
name: 'HKDF',
|
2018-06-21 03:05:33 +03:00
|
|
|
salt: this.salt,
|
2018-06-04 20:47:55 +03:00
|
|
|
info: encoder.encode('Content-Encoding: aes128gcm\0'),
|
|
|
|
hash: 'SHA-256'
|
|
|
|
},
|
|
|
|
inputKey,
|
|
|
|
{
|
|
|
|
name: 'AES-GCM',
|
|
|
|
length: 128
|
|
|
|
},
|
|
|
|
false,
|
|
|
|
['encrypt', 'decrypt']
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
async generateNonceBase() {
|
2018-07-07 01:49:50 +03:00
|
|
|
const inputKey = await crypto.subtle.importKey(
|
2018-06-04 20:47:55 +03:00
|
|
|
'raw',
|
|
|
|
this.ikm,
|
|
|
|
'HKDF',
|
|
|
|
false,
|
|
|
|
['deriveKey']
|
|
|
|
);
|
|
|
|
|
2018-07-07 01:49:50 +03:00
|
|
|
const base = await crypto.subtle.exportKey(
|
2018-06-04 20:47:55 +03:00
|
|
|
'raw',
|
2018-07-07 01:49:50 +03:00
|
|
|
await crypto.subtle.deriveKey(
|
2018-06-04 20:47:55 +03:00
|
|
|
{
|
|
|
|
name: 'HKDF',
|
2018-06-21 03:05:33 +03:00
|
|
|
salt: this.salt,
|
2018-06-04 20:47:55 +03:00
|
|
|
info: encoder.encode('Content-Encoding: nonce\0'),
|
|
|
|
hash: 'SHA-256'
|
|
|
|
},
|
|
|
|
inputKey,
|
|
|
|
{
|
|
|
|
name: 'AES-GCM',
|
|
|
|
length: 128
|
|
|
|
},
|
|
|
|
true,
|
|
|
|
['encrypt', 'decrypt']
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
return Buffer.from(base.slice(0, NONCE_LENGTH));
|
|
|
|
}
|
|
|
|
|
|
|
|
generateNonce(seq) {
|
2018-06-21 03:05:33 +03:00
|
|
|
if (seq > 0xffffffff) {
|
|
|
|
throw new Error('record sequence number exceeds limit');
|
|
|
|
}
|
|
|
|
const nonce = Buffer.from(this.nonceBase);
|
2018-06-04 20:47:55 +03:00
|
|
|
const m = nonce.readUIntBE(nonce.length - 4, 4);
|
|
|
|
const xor = (m ^ seq) >>> 0; //forces unsigned int xor
|
|
|
|
nonce.writeUIntBE(xor, nonce.length - 4, 4);
|
|
|
|
|
|
|
|
return nonce;
|
|
|
|
}
|
|
|
|
|
|
|
|
pad(data, isLast) {
|
|
|
|
const len = data.length;
|
|
|
|
if (len + TAG_LENGTH >= this.rs) {
|
|
|
|
throw new Error('data too large for record size');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isLast) {
|
|
|
|
const padding = Buffer.alloc(1);
|
|
|
|
padding.writeUInt8(2, 0);
|
|
|
|
return Buffer.concat([data, padding]);
|
|
|
|
} else {
|
|
|
|
const padding = Buffer.alloc(this.rs - len - TAG_LENGTH);
|
|
|
|
padding.fill(0);
|
|
|
|
padding.writeUInt8(1, 0);
|
|
|
|
return Buffer.concat([data, padding]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
unpad(data, isLast) {
|
|
|
|
for (let i = data.length - 1; i >= 0; i--) {
|
|
|
|
if (data[i]) {
|
|
|
|
if (isLast) {
|
|
|
|
if (data[i] !== 2) {
|
|
|
|
throw new Error('delimiter of final record is not 2');
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (data[i] !== 1) {
|
|
|
|
throw new Error('delimiter of not final record is not 1');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return data.slice(0, i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
throw new Error('no delimiter found');
|
|
|
|
}
|
|
|
|
|
|
|
|
createHeader() {
|
|
|
|
const nums = Buffer.alloc(5);
|
|
|
|
nums.writeUIntBE(this.rs, 0, 4);
|
|
|
|
nums.writeUIntBE(0, 4, 1);
|
2018-06-21 03:05:33 +03:00
|
|
|
return Buffer.concat([Buffer.from(this.salt), nums]);
|
2018-06-04 20:47:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
readHeader(buffer) {
|
|
|
|
if (buffer.length < 21) {
|
|
|
|
throw new Error('chunk too small for reading header');
|
|
|
|
}
|
|
|
|
const header = {};
|
|
|
|
header.salt = buffer.buffer.slice(0, KEY_LENGTH);
|
|
|
|
header.rs = buffer.readUIntBE(KEY_LENGTH, 4);
|
|
|
|
const idlen = buffer.readUInt8(KEY_LENGTH + 4);
|
|
|
|
header.length = idlen + KEY_LENGTH + 5;
|
|
|
|
return header;
|
|
|
|
}
|
|
|
|
|
|
|
|
async encryptRecord(buffer, seq, isLast) {
|
|
|
|
const nonce = this.generateNonce(seq);
|
2018-07-07 01:49:50 +03:00
|
|
|
const encrypted = await crypto.subtle.encrypt(
|
2018-06-04 20:47:55 +03:00
|
|
|
{ name: 'AES-GCM', iv: nonce },
|
2018-06-21 03:05:33 +03:00
|
|
|
this.key,
|
2018-06-04 20:47:55 +03:00
|
|
|
this.pad(buffer, isLast)
|
|
|
|
);
|
|
|
|
return Buffer.from(encrypted);
|
|
|
|
}
|
|
|
|
|
|
|
|
async decryptRecord(buffer, seq, isLast) {
|
|
|
|
const nonce = this.generateNonce(seq);
|
2018-07-07 01:49:50 +03:00
|
|
|
const data = await crypto.subtle.decrypt(
|
2018-06-04 20:47:55 +03:00
|
|
|
{
|
|
|
|
name: 'AES-GCM',
|
|
|
|
iv: nonce,
|
|
|
|
tagLength: 128
|
|
|
|
},
|
2018-06-21 03:05:33 +03:00
|
|
|
this.key,
|
2018-06-04 20:47:55 +03:00
|
|
|
buffer
|
|
|
|
);
|
|
|
|
|
|
|
|
return this.unpad(Buffer.from(data), isLast);
|
|
|
|
}
|
|
|
|
|
|
|
|
async start(controller) {
|
|
|
|
if (this.mode === MODE_ENCRYPT) {
|
2018-06-21 03:05:33 +03:00
|
|
|
this.key = await this.generateKey();
|
|
|
|
this.nonceBase = await this.generateNonceBase();
|
2018-06-04 20:47:55 +03:00
|
|
|
controller.enqueue(this.createHeader());
|
|
|
|
} else if (this.mode !== MODE_DECRYPT) {
|
|
|
|
throw new Error('mode must be either encrypt or decrypt');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async transformPrevChunk(isLast, controller) {
|
|
|
|
if (this.mode === MODE_ENCRYPT) {
|
|
|
|
controller.enqueue(
|
|
|
|
await this.encryptRecord(this.prevChunk, this.seq, isLast)
|
|
|
|
);
|
|
|
|
this.seq++;
|
|
|
|
} else {
|
|
|
|
if (this.seq === 0) {
|
|
|
|
//the first chunk during decryption contains only the header
|
|
|
|
const header = this.readHeader(this.prevChunk);
|
2018-06-21 03:05:33 +03:00
|
|
|
this.salt = header.salt;
|
2018-06-04 20:47:55 +03:00
|
|
|
this.rs = header.rs;
|
2018-06-21 03:05:33 +03:00
|
|
|
this.key = await this.generateKey();
|
|
|
|
this.nonceBase = await this.generateNonceBase();
|
2018-06-04 20:47:55 +03:00
|
|
|
} else {
|
|
|
|
controller.enqueue(
|
|
|
|
await this.decryptRecord(this.prevChunk, this.seq - 1, isLast)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
this.seq++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async transform(chunk, controller) {
|
|
|
|
if (!this.firstchunk) {
|
|
|
|
await this.transformPrevChunk(false, controller);
|
|
|
|
}
|
|
|
|
this.firstchunk = false;
|
|
|
|
this.prevChunk = Buffer.from(chunk.buffer);
|
|
|
|
}
|
|
|
|
|
|
|
|
async flush(controller) {
|
2018-07-05 22:40:49 +03:00
|
|
|
//console.log('ece stream ends')
|
2018-06-04 20:47:55 +03:00
|
|
|
if (this.prevChunk) {
|
|
|
|
await this.transformPrevChunk(true, controller);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2018-06-21 03:05:33 +03:00
|
|
|
|
2018-07-05 22:40:49 +03:00
|
|
|
export class BlobSlicer {
|
2018-06-21 03:05:33 +03:00
|
|
|
constructor(blob, rs, mode) {
|
|
|
|
this.blob = blob;
|
|
|
|
this.index = 0;
|
|
|
|
this.mode = mode;
|
|
|
|
this.chunkSize = mode === MODE_ENCRYPT ? rs - 17 : rs;
|
|
|
|
}
|
|
|
|
|
|
|
|
pull(controller) {
|
|
|
|
return new Promise((resolve, reject) => {
|
|
|
|
const bytesLeft = this.blob.size - this.index;
|
|
|
|
if (bytesLeft <= 0) {
|
|
|
|
controller.close();
|
|
|
|
return resolve();
|
|
|
|
}
|
|
|
|
let size = 1;
|
|
|
|
if (this.mode === MODE_DECRYPT && this.index === 0) {
|
|
|
|
size = Math.min(21, bytesLeft);
|
|
|
|
} else {
|
|
|
|
size = Math.min(this.chunkSize, bytesLeft);
|
|
|
|
}
|
|
|
|
const blob = this.blob.slice(this.index, this.index + size);
|
|
|
|
const reader = new FileReader();
|
|
|
|
reader.onload = () => {
|
|
|
|
controller.enqueue(new Uint8Array(reader.result));
|
|
|
|
resolve();
|
|
|
|
};
|
|
|
|
reader.onerror = reject;
|
|
|
|
reader.readAsArrayBuffer(blob);
|
|
|
|
this.index += size;
|
|
|
|
});
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-06-29 19:36:08 +03:00
|
|
|
class StreamSlicer {
|
|
|
|
constructor(rs, mode) {
|
|
|
|
this.mode = mode;
|
|
|
|
this.rs = rs;
|
2018-07-07 01:49:50 +03:00
|
|
|
this.chunkSize = mode === MODE_ENCRYPT ? rs - 17 : 21;
|
2018-06-29 19:36:08 +03:00
|
|
|
this.partialChunk = new Uint8Array(this.chunkSize); //where partial chunks are saved
|
2018-07-05 22:40:49 +03:00
|
|
|
this.offset = 0;
|
2018-06-29 19:36:08 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
send(buf, controller) {
|
|
|
|
controller.enqueue(buf);
|
2018-07-05 22:40:49 +03:00
|
|
|
if (this.chunkSize === 21 && this.mode === MODE_DECRYPT) {
|
2018-06-29 19:36:08 +03:00
|
|
|
this.chunkSize = this.rs;
|
|
|
|
}
|
2018-07-05 22:40:49 +03:00
|
|
|
this.partialChunk = new Uint8Array(this.chunkSize);
|
2018-06-29 19:36:08 +03:00
|
|
|
}
|
|
|
|
|
2018-07-05 22:40:49 +03:00
|
|
|
//reslice input into record sized chunks
|
2018-06-29 19:36:08 +03:00
|
|
|
transform(chunk, controller) {
|
2018-07-05 22:40:49 +03:00
|
|
|
//console.log('Received chunk with %d bytes.', chunk.byteLength)
|
2018-06-29 19:36:08 +03:00
|
|
|
let i = 0;
|
|
|
|
|
2018-07-05 22:40:49 +03:00
|
|
|
if (this.offset > 0) {
|
2018-07-07 01:49:50 +03:00
|
|
|
const len = Math.min(chunk.byteLength, this.chunkSize - this.offset);
|
2018-07-05 22:40:49 +03:00
|
|
|
this.partialChunk.set(chunk.slice(0, len), this.offset);
|
2018-06-29 19:36:08 +03:00
|
|
|
this.offset += len;
|
|
|
|
i += len;
|
|
|
|
|
|
|
|
if (this.offset === this.chunkSize) {
|
|
|
|
this.send(this.partialChunk, controller);
|
|
|
|
this.offset = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-07-05 22:40:49 +03:00
|
|
|
while (i < chunk.byteLength) {
|
2018-07-07 01:49:50 +03:00
|
|
|
if (chunk.byteLength - i >= this.chunkSize) {
|
2018-06-29 19:36:08 +03:00
|
|
|
const record = chunk.slice(i, i + this.chunkSize);
|
|
|
|
i += this.chunkSize;
|
|
|
|
this.send(record, controller);
|
|
|
|
} else {
|
2018-07-05 22:40:49 +03:00
|
|
|
const end = chunk.slice(i, this.chunkSize);
|
|
|
|
i += end.length;
|
2018-06-29 19:36:08 +03:00
|
|
|
this.partialChunk.set(end);
|
|
|
|
this.offset = end.length;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
flush(controller) {
|
2018-07-05 22:40:49 +03:00
|
|
|
//console.log('slice stream ends')
|
2018-06-29 19:36:08 +03:00
|
|
|
if (this.offset > 0) {
|
|
|
|
controller.enqueue(this.partialChunk.slice(0, this.offset));
|
|
|
|
}
|
2018-06-21 03:05:33 +03:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2018-07-05 22:40:49 +03:00
|
|
|
input: a blob or a ReadableStream containing data to be transformed
|
2018-07-14 03:05:19 +03:00
|
|
|
key: Uint8Array containing key of size KEY_LENGTH
|
2018-06-21 03:05:33 +03:00
|
|
|
mode: string, either 'encrypt' or 'decrypt'
|
|
|
|
rs: int containing record size, optional
|
|
|
|
salt: ArrayBuffer containing salt of KEY_LENGTH length, optional
|
|
|
|
*/
|
|
|
|
export default class ECE {
|
|
|
|
constructor(input, key, mode, rs, salt) {
|
2018-07-05 22:40:49 +03:00
|
|
|
this.input = input;
|
|
|
|
this.key = key;
|
|
|
|
this.mode = mode;
|
|
|
|
this.rs = rs;
|
|
|
|
this.salt = salt;
|
2018-06-21 03:05:33 +03:00
|
|
|
if (rs === undefined) {
|
2018-07-05 22:40:49 +03:00
|
|
|
this.rs = RS;
|
2018-06-21 03:05:33 +03:00
|
|
|
}
|
|
|
|
if (salt === undefined) {
|
2018-07-05 22:40:49 +03:00
|
|
|
this.salt = generateSalt(KEY_LENGTH);
|
2018-06-21 03:05:33 +03:00
|
|
|
}
|
2018-07-05 22:40:49 +03:00
|
|
|
}
|
2018-06-21 03:05:33 +03:00
|
|
|
|
2018-07-05 22:40:49 +03:00
|
|
|
info() {
|
|
|
|
return {
|
|
|
|
recordSize: this.rs,
|
2018-07-07 01:49:50 +03:00
|
|
|
fileSize:
|
|
|
|
21 + this.input.size + 16 * Math.floor(this.input.size / (this.rs - 17))
|
2018-07-05 22:40:49 +03:00
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
transform() {
|
2018-06-29 19:36:08 +03:00
|
|
|
let inputStream;
|
2018-07-05 22:40:49 +03:00
|
|
|
|
|
|
|
if (this.input instanceof Blob) {
|
2018-07-07 01:49:50 +03:00
|
|
|
inputStream = new ReadableStream(
|
|
|
|
new BlobSlicer(this.input, this.rs, this.mode)
|
2018-07-12 02:52:46 +03:00
|
|
|
);
|
2018-06-29 19:36:08 +03:00
|
|
|
} else {
|
2018-07-07 01:49:50 +03:00
|
|
|
const sliceStream = new TransformStream(
|
|
|
|
new StreamSlicer(this.rs, this.mode)
|
2018-07-12 02:52:46 +03:00
|
|
|
);
|
2018-07-05 22:40:49 +03:00
|
|
|
inputStream = this.input.pipeThrough(sliceStream);
|
2018-06-29 19:36:08 +03:00
|
|
|
}
|
2018-06-21 03:05:33 +03:00
|
|
|
|
2018-07-07 01:49:50 +03:00
|
|
|
const cryptoStream = new TransformStream(
|
|
|
|
new ECETransformer(this.mode, this.key, this.rs, this.salt)
|
2018-07-12 02:52:46 +03:00
|
|
|
);
|
|
|
|
return inputStream.pipeThrough(cryptoStream);
|
2018-06-21 03:05:33 +03:00
|
|
|
}
|
|
|
|
}
|