X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=lib%2Fversion-parameters.js;h=afa8441bb56243633538ddce8944126c31304978;hb=HEAD;hp=9af7d49d61eee45b8ee4922abc7f6f66ab30100f;hpb=b3d316d4fa45a66db0dd7b08a34e79eb97898180;p=squeep-mystery-box diff --git a/lib/version-parameters.js b/lib/version-parameters.js index 9af7d49..bfbb116 100644 --- a/lib/version-parameters.js +++ b/lib/version-parameters.js @@ -1,26 +1,46 @@ 'use strict'; +const ALG = { + __proto__: null, + + AES_256_GCM: 'aes-256-gcm', + CHACHA20_POLY1305: 'chacha20-poly1305', + XCHACHA20_POLY1305: 'xchacha20-poly1305', +}; + +const KD = { + __proto__: null, + + SCRYPT: 'scrypt', + SHAKE256: 'shake256', + BLAKE2B512: 'blake2b512', +}; + /** * Supported packings/cipher types. * To be useful, any cipher included here must be Authenticated Encryption with Additional Data (AEAD). * More preferable versions are numbered higher. */ const allVersions = { + __proto__: null, + + // 0: {} There is no version zero + 1: { version: 1, - algorithm: 'aes-256-gcm', + algorithm: ALG.AES_256_GCM, algOptions: {}, versionBytes: 1, flagsBytes: 1, ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'scrypt', + keyDeriver: KD.SCRYPT, keyBytes: 32, }, 2: { version: 2, - algorithm: 'chacha20-poly1305', // Prefer this over NIST because we stan djb + algorithm: ALG.CHACHA20_POLY1305, algOptions: { authTagLength: 16, }, @@ -29,12 +49,12 @@ const allVersions = { ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'scrypt', + keyDeriver: KD.SCRYPT, keyBytes: 32, }, 3: { version: 3, - algorithm: 'xchacha20-poly1305', // Not yet available, but would prefer even more... + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... algOptions: { authTagLength: 16, }, @@ -43,24 +63,24 @@ const allVersions = { ivBytes: 24, saltBytes: 16, tagBytes: 16, - keyDeriver: 'scrypt', + keyDeriver: KD.SCRYPT, keyBytes: 32, }, 4: { version: 4, - algorithm: 'aes-256-gcm', + algorithm: ALG.AES_256_GCM, algOptions: {}, versionBytes: 1, flagsBytes: 1, ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'shake256', + keyDeriver: KD.SHAKE256, keyBytes: 32, }, 5: { version: 5, - algorithm: 'chacha20-poly1305', + algorithm: ALG.CHACHA20_POLY1305, algOptions: { authTagLength: 16, }, @@ -69,12 +89,12 @@ const allVersions = { ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'shake256', + keyDeriver: KD.SHAKE256, keyBytes: 32, }, 6: { version: 6, - algorithm: 'xchacha20-poly1305', // Not yet available, but would prefer even more... + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... algOptions: { authTagLength: 16, }, @@ -83,24 +103,24 @@ const allVersions = { ivBytes: 24, saltBytes: 16, tagBytes: 16, - keyDeriver: 'shake256', + keyDeriver: KD.SHAKE256, keyBytes: 32, }, 7: { version: 7, - algorithm: 'aes-256-gcm', + algorithm: ALG.AES_256_GCM, algOptions: {}, versionBytes: 1, flagsBytes: 1, ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'blake2b512', + keyDeriver: KD.BLAKE2B512, keyBytes: 32, }, 8: { version: 8, - algorithm: 'chacha20-poly1305', + algorithm: ALG.CHACHA20_POLY1305, algOptions: { authTagLength: 16, }, @@ -109,12 +129,55 @@ const allVersions = { ivBytes: 12, saltBytes: 16, tagBytes: 16, - keyDeriver: 'blake2b512', + keyDeriver: KD.BLAKE2B512, keyBytes: 32, }, 9: { version: 9, - algorithm: 'xchacha20-poly1305', // Not yet available, but would prefer even more... + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 24, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.BLAKE2B512, + keyBytes: 32, + }, + // Prior to version 10, flags were part of tagged data. + // Version 10 and later, flags are part of encrypted data, to leak no hints of content. + // Configurations for versions 10 through 19 are duplicates of the legacy 1 through 9. + 10: { + version: 10, + algorithm: ALG.AES_256_GCM, + algOptions: {}, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.SCRYPT, + keyBytes: 32, + }, + 11: { + version: 11, + algorithm: ALG.CHACHA20_POLY1305, + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.SCRYPT, + keyBytes: 32, + }, + 12: { + version: 12, + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... algOptions: { authTagLength: 16, }, @@ -123,9 +186,100 @@ const allVersions = { ivBytes: 24, saltBytes: 16, tagBytes: 16, - keyDeriver: 'blake2b512', + keyDeriver: KD.SCRYPT, + keyBytes: 32, + }, + 13: { + version: 13, + algorithm: ALG.AES_256_GCM, + algOptions: {}, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.SHAKE256, + keyBytes: 32, + }, + 14: { + version: 14, + algorithm: ALG.CHACHA20_POLY1305, + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.SHAKE256, + keyBytes: 32, + }, + 15: { + version: 15, + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 24, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.SHAKE256, + keyBytes: 32, + }, + 16: { + version: 16, + algorithm: ALG.AES_256_GCM, + algOptions: {}, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.BLAKE2B512, + keyBytes: 32, + }, + 17: { + version: 17, + algorithm: ALG.CHACHA20_POLY1305, + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 12, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.BLAKE2B512, + keyBytes: 32, + }, + 18: { + version: 18, + algorithm: ALG.XCHACHA20_POLY1305, // Not yet available, but would prefer even more... + algOptions: { + authTagLength: 16, + }, + versionBytes: 1, + flagsBytes: 1, + ivBytes: 24, + saltBytes: 16, + tagBytes: 16, + keyDeriver: KD.BLAKE2B512, keyBytes: 32, }, }; +Object.defineProperties(allVersions, { + ALG: { + enumerable: false, + get: () => ALG, + }, + KD: { + enumerable: false, + get: () => KD, + }, +}); + module.exports = allVersions; \ No newline at end of file