X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fmystery-box.js;h=2fb68a583e2c9b2408e37f7d17dcde212bb9a481;hb=75c98d382607b7d6bcfba9f97cc9edabb6f0395b;hp=2343c5e164f79f9d04629a97c366a1fbd0f58595;hpb=b9782b5dfca21a6da610eebf8bd7207f10256fbf;p=squeep-mystery-box diff --git a/lib/mystery-box.js b/lib/mystery-box.js index 2343c5e..2fb68a5 100644 --- a/lib/mystery-box.js +++ b/lib/mystery-box.js @@ -63,18 +63,17 @@ class MysteryBox { /** * @param {Console} logger * @param {Object} options - * @param {String} options.encryptionSecret + * @param {String|String[]} options.encryptionSecret - if an array, will always encrypt with first secret, will attempt to decrypt with all; useful for rolling secrets * @param {Number=} options.defaultFlags */ constructor(logger, options = {}) { this.logger = logger; this.options = options; - this.secret = options.encryptionSecret; - if (!this.secret) { + this.secrets = common.ensureArray(options.encryptionSecret); + if (!this.secrets.length) { throw new Error('missing encryption secret'); } - // TODO: support secret rolling // Filter any unavailable algorithms const availableCiphers = crypto.getCiphers(); @@ -176,7 +175,9 @@ class MysteryBox { // Authenticate all this data const aadBuffer = Buffer.concat([versionBuffer, flagsBuffer, iv, salt]); - const key = await scryptAsync(this.secret, salt, v.keyBytes); + // Always encrypt with first secret + const secret = this.secrets[0]; + const key = await scryptAsync(secret, salt, v.keyBytes); const cipher = crypto.createCipheriv(v.algorithm, key, iv, v.algOptions); cipher.setAAD(aadBuffer); const encrypted = cipher.update(payload); @@ -216,7 +217,7 @@ class MysteryBox { const raw = Buffer.from(base64URLToBase64(box), 'base64'); let offset = 0; - const version = raw.slice(offset, 1).readUInt8(0); + const version = raw.subarray(offset, 1).readUInt8(0); if (!(version in this.versionParameters)) { throw new RangeError('unsupported version'); } @@ -229,31 +230,47 @@ class MysteryBox { throw new RangeError('not enough to unpack'); } - const flags = raw.slice(offset, offset + v.flagsBytes).readUInt8(0); + const flags = raw.subarray(offset, offset + v.flagsBytes).readUInt8(0); offset += v.flagsBytes; const { compression, payloadIsBuffer } = MysteryBox._decodeFlags(flags); - const iv = raw.slice(offset, offset + v.ivBytes); + const iv = raw.subarray(offset, offset + v.ivBytes); offset += v.ivBytes; - const salt = raw.slice(offset, offset + v.saltBytes); + const salt = raw.subarray(offset, offset + v.saltBytes); offset += v.saltBytes; - const aad = raw.slice(0, offset); // Everything up to here + const aad = raw.subarray(0, offset); // Everything up to here - const tag = raw.slice(offset, offset + v.tagBytes); + const tag = raw.subarray(offset, offset + v.tagBytes); offset += v.tagBytes; - const encrypted = raw.slice(offset); + const encrypted = raw.subarray(offset); timingsMs.preCrypt = performance.now(); - const key = await scryptAsync(this.secret, salt, v.keyBytes); - const decipher = crypto.createDecipheriv(v.algorithm, key, iv, v.algOptions); - decipher.setAAD(aad); - decipher.setAuthTag(tag); - const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]); + let decrypted; + let err; + let success = false; + for await (const secret of this.secrets) { + const key = await scryptAsync(secret, salt, v.keyBytes); + const decipher = crypto.createDecipheriv(v.algorithm, key, iv, v.algOptions); + decipher.setAAD(aad); + decipher.setAuthTag(tag); + + try { + decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]); + success = true; + break; + } catch (e) { + err = e; + continue; + } + } + if (!success) { + throw err; + } let payload; timingsMs.preCompress = timingsMs.postCrypt = performance.now();