'use strict';
+const { EventEmitter } = require('events');
const crypto = require('crypto');
const zlib = require('zlib');
const { promisify } = require('util');
const common = require('./common');
const allVersions = require('./version-parameters');
const { performance } = require('perf_hooks');
+const { name: packageName, version: packageVersion } = require('../package.json');
-const _fileScope = common.fileScope(__filename);
+const packageInfo = {
+ packageName,
+ packageVersion,
+};
const brotliCompressAsync = promisify(zlib.brotliCompress);
const brotliDecompressAsync = promisify(zlib.brotliDecompress);
const payloadFlagsShift = 7;
-class MysteryBox {
+class MysteryBox extends EventEmitter {
/**
- * @param {Console} logger
* @param {Object} options
* @param {String|String[]} options.encryptionSecret - if an array, will always encrypt with first secret, will attempt to decrypt with all; useful for rolling secrets
* @param {Number=} options.defaultFlags
*/
- constructor(logger, options = {}) {
- this.logger = logger;
- this.options = options;
-
+ constructor(options = {}, ...args) {
+ super(...args);
this.secrets = common.ensureArray(options.encryptionSecret);
if (!this.secrets.length) {
throw new Error('missing encryption secret');
}
+ /**
+ * Stats tracked when packing/unpacking boxes.
+ * @returns {Object}
+ */
+ static _newStats(method) {
+ return {
+ stats: {
+ method,
+ version: undefined,
+ flags: undefined,
+ flagsRaw: undefined,
+ serializedBytes: undefined,
+ compressedBytes: undefined,
+ },
+ timingsMs: {
+ start: performance.now(),
+ preCompress: 0,
+ postCompress: 0,
+ preCrypt: 0,
+ postCrypt: 0,
+ end: 0,
+ },
+ };
+ }
+
+
/**
* Put contents into a mysterious box.
* @param {Object|Buffer} contents
* @returns {String}
*/
async pack(contents, version = this.bestVersion, flags = this.defaultFlags) {
- const _scope = _fileScope('pack');
- const timingsMs = {
- start: performance.now(),
- preCompress: 0,
- postCompress: 0,
- preCrypt: 0,
- postCrypt: 0,
- end: 0,
- };
- const stats = {
- version,
- flags: undefined,
- serializedBytes: undefined, // original contents size in bytes
- compressedBytes: undefined, // compressed contents size in bytes
- };
+ const { stats, timingsMs } = MysteryBox._newStats('pack');
if (!(version in this.versionParameters)) {
throw new RangeError(`MysteryBox format version ${version} not supported`);
}
// eslint-disable-next-line security/detect-object-injection
const v = this.versionParameters[version];
+ stats.version = version;
const { compression, payloadIsBuffer } = MysteryBox._decodeFlags(flags);
const flagsBuffer = Buffer.alloc(v.flagsBytes);
flagsBuffer.writeUInt8(flags, 0);
+ stats.flagsRaw = flags;
stats.flags = this._prettyFlags(flags);
// Authenticate all this data
const result = Buffer.concat([versionBuffer, flagsBuffer, iv, salt, tag, encrypted, final]).toString('base64url');
timingsMs.end = timingsMs.postCrypt = performance.now();
- this.logger.debug(_scope, 'statistics', { ...stats, ...MysteryBox._timingsLog(timingsMs) });
+ this.emit('statistics', { ...stats, ...MysteryBox._timingsLog(timingsMs), ...packageInfo });
return result;
}
* @returns {Object}
*/
async unpack(box) {
- const _scope = _fileScope('unpack');
- const timingsMs = {
- start: performance.now(),
- preCompress: 0,
- postCompress: 0,
- preCrypt: 0,
- postCrypt: 0,
- end: 0,
- };
+ const { stats, timingsMs } = MysteryBox._newStats('unpack');
if (!box) {
throw new RangeError('nothing to unpack');
throw new Error('internal inconsistency, mismatched version byte length');
}
offset += v.versionBytes;
+ stats.version = version;
const minBytes = v.versionBytes + v.flagsBytes + v.ivBytes + v.saltBytes + v.tagBytes;
if (raw.length < minBytes) {
const flags = raw.subarray(offset, offset + v.flagsBytes).readUInt8(0);
offset += v.flagsBytes;
+ stats.flagsRaw = flags;
const { compression, payloadIsBuffer } = MysteryBox._decodeFlags(flags);
break;
}
timingsMs.end = timingsMs.postCompress = performance.now();
+ stats.serializedBytes = payload.byteLength;
+ if (compression) {
+ stats.compressedBytes = decrypted.byteLength;
+ }
if (!payloadIsBuffer) {
payload = JSON.parse(payload.toString('utf8'));
}
- this.logger.debug(_scope, 'statistics', { version, flags: this._prettyFlags(flags), ...MysteryBox._timingsLog(timingsMs) });
+ stats.flags = this._prettyFlags(flags);
+ this.emit('statistics', { ...stats, ...MysteryBox._timingsLog(timingsMs), ...packageInfo });
return payload;
}
}
-// Expose for stubbing in tests
-MysteryBox._test = { crypto };
-
module.exports = MysteryBox;
\ No newline at end of file
const assert = require('assert');
const sinon = require('sinon'); // eslint-disable-line node/no-unpublished-require
const MysteryBox = require('../../lib/mystery-box');
-const stubLogger = require('../stub-logger');
+const crypto = require('crypto');
+
+function _verbose(mb) {
+ if (process.env.VERBOSE_TESTS) {
+ mb.on('statistics', (...args) => console.log(...args));
+ }
+}
describe('MysteryBox', function () {
let mb, options, object;
options = {
encryptionSecret: 'this is not a very good secret',
};
- mb = new MysteryBox(stubLogger, options);
});
afterEach(function () {
sinon.restore();
describe('constructor', function () {
it('needs a secret', async function () {
options = {};
- assert.rejects(() => new MysteryBox(stubLogger, options));
+ assert.rejects(() => new MysteryBox(options));
});
it('accepts multiple secrets', async function () {
options = {
encryptionSecret: ['first poor secret', 'second poor secret'],
};
- mb = new MysteryBox(stubLogger, options);
+ mb = new MysteryBox(options);
+ _verbose(mb);
object = {
foo: 'bar',
baz: 'quux',
});
it('covers options', function () {
- assert.rejects(() => new MysteryBox(stubLogger));
+ assert.rejects(() => new MysteryBox());
});
it('covers bad flags', function () {
options.defaultFlags = 300;
- assert.rejects(() => new MysteryBox(stubLogger, options), RangeError);
+ assert.rejects(() => new MysteryBox(options), RangeError);
});
it('covers missing ciphers', function () {
- sinon.stub(MysteryBox._test.crypto, 'getCiphers').returns(['rot13']);
- assert.rejects(() => new MysteryBox(stubLogger, options));
+ sinon.stub(crypto, 'getCiphers').returns(['rot13']);
+ assert.rejects(() => new MysteryBox(options));
});
}); // constructor
describe('pack, unpack', function () {
beforeEach(function () {
- mb = new MysteryBox(stubLogger, options);
+ mb = new MysteryBox(options);
+ _verbose(mb);
});
it('covers packing unsupported version', async function () {
it('decrypts secondary (older) secret', async function () {
this.slow(500);
- const oldmb = new MysteryBox(stubLogger, { encryptionSecret: 'old secret' });
- const newmb = new MysteryBox(stubLogger, { encryptionSecret: ['new secret', 'old secret'] });
+ const oldmb = new MysteryBox({ encryptionSecret: 'old secret' });
+ _verbose(oldmb);
+ const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] });
+ _verbose(newmb);
object = {
foo: 'bar',
baz: 'quux',
it('fails to decrypt invalid secret', async function () {
this.slow(500);
- const oldmb = new MysteryBox(stubLogger, { encryptionSecret: 'very old secret' });
- const newmb = new MysteryBox(stubLogger, { encryptionSecret: ['new secret', 'old secret'] });
+ const oldmb = new MysteryBox({ encryptionSecret: 'very old secret' });
+ _verbose(oldmb);
+ const newmb = new MysteryBox({ encryptionSecret: ['new secret', 'old secret'] });
+ _verbose(newmb);
object = {
foo: 'bar',
baz: 'quux',
assert.rejects(() => newmb.unpack(oldEncrypted));
});
- it('encrypts and decrypts all available versions +brotli', async function () {
+ it('encrypts and decrypts all available versions no compression', async function () {
Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
object = {
foo: 'bar',
});
});
+ it('encrypts and decrypts all available versions +brotli', async function () {
+ Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
+ object = {
+ foo: 'bar',
+ baz: 'quux',
+ flarp: 13,
+ };
+ const encryptedResult = await mb.pack(object, version, mb.Flags.Brotli);
+ const decryptedResult = await mb.unpack(encryptedResult);
+ assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`);
+ });
+ });
+
it('encrypts and decrypts all available versions +flate', async function () {
Object.keys(mb.versionParameters).map((v) => Number(v)).forEach(async (version) => {
object = {
baz: 'quux',
flarp: 13,
};
- const encryptedResult = await mb.pack(object, version, 0x01);
+ const encryptedResult = await mb.pack(object, version, mb.Flags.Flate);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object, `${version} results not symmetric`);
});
object = {
longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''),
};
- const encryptedResult = await mb.pack(object, mb.bestVersion, 0x00);
+ const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Brotli);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object);
});
object = {
longProperty: 'x'.repeat(384 * 1024).split('').map(() => String.fromCharCode(rnd())).join(''),
};
- const encryptedResult = await mb.pack(object, mb.bestVersion, 0x01);
+ const encryptedResult = await mb.pack(object, mb.bestVersion, mb.Flags.Flate);
const decryptedResult = await mb.unpack(encryptedResult);
assert.deepStrictEqual(decryptedResult, object);
});
});
it('covers internal error, incorrect version byte size, pack', async function () {
+ this.slow(500);
const version = 1;
sinon.stub(mb.versionParameters[version], 'versionBytes').value(10);
assert.rejects(() => mb.pack({}, version), Error);
});
it('covers internal error, incorrect version byte size, unpack', async function () {
+ this.slow(500);
const version = 1;
const encryptedResult = await mb.pack({}, version);
sinon.stub(mb.versionParameters[version], 'versionBytes').value(10);
projects / squeep-mystery-box / commitdiff