remotely-save/src/encryptOpenSSL.ts

import { base32, base64url } from "rfc4648";
import { bufferToArrayBuffer, hexStringToTypedArray } from "./misc";

const DEFAULT_ITER = 20000;

// base32.stringify(Buffer.from('Salted__'))
export const MAGIC_ENCRYPTED_PREFIX_BASE32 = "KNQWY5DFMRPV";
// base64.stringify(Buffer.from('Salted__'))
export const MAGIC_ENCRYPTED_PREFIX_BASE64URL = "U2FsdGVkX";

const getKeyIVFromPassword = async (
  salt: Uint8Array,
  password: string,
  rounds: number = DEFAULT_ITER
) => {
  const k1 = await window.crypto.subtle.importKey(
    "raw",
    new TextEncoder().encode(password),
    { name: "PBKDF2" },
    false,
    ["deriveKey", "deriveBits"]
  );

  const k2 = await window.crypto.subtle.deriveBits(
    {
      name: "PBKDF2",
      salt: salt,
      iterations: rounds,
      hash: "SHA-256",
    },
    k1,
    256 + 128
  );

  return k2;
};

export const encryptArrayBuffer = async (
  arrBuf: ArrayBuffer,
  password: string,
  rounds: number = DEFAULT_ITER,
  saltHex = ""
) => {
  let salt: Uint8Array;
  if (saltHex !== "") {
    salt = hexStringToTypedArray(saltHex);
  } else {
    salt = window.crypto.getRandomValues(new Uint8Array(8));
  }

  const derivedKey = await getKeyIVFromPassword(salt, password, rounds);
  const key = derivedKey.slice(0, 32);
  const iv = derivedKey.slice(32, 32 + 16);

  const keyCrypt = await window.crypto.subtle.importKey(
    "raw",
    key,
    { name: "AES-CBC" },
    false,
    ["encrypt", "decrypt"]
  );

  const enc = (await window.crypto.subtle.encrypt(
    { name: "AES-CBC", iv },
    keyCrypt,
    arrBuf
  )) as ArrayBuffer;

  const prefix = new TextEncoder().encode("Salted__");

  const res = new Uint8Array([...prefix, ...salt, ...new Uint8Array(enc)]);

  return bufferToArrayBuffer(res);
};

export const decryptArrayBuffer = async (
  arrBuf: ArrayBuffer,
  password: string,
  rounds: number = DEFAULT_ITER
) => {
  const prefix = arrBuf.slice(0, 8);
  const salt = arrBuf.slice(8, 16);
  const derivedKey = await getKeyIVFromPassword(
    new Uint8Array(salt),
    password,
    rounds
  );
  const key = derivedKey.slice(0, 32);
  const iv = derivedKey.slice(32, 32 + 16);

  const keyCrypt = await window.crypto.subtle.importKey(
    "raw",
    key,
    { name: "AES-CBC" },
    false,
    ["encrypt", "decrypt"]
  );

  const dec = (await window.crypto.subtle.decrypt(
    { name: "AES-CBC", iv },
    keyCrypt,
    arrBuf.slice(16)
  )) as ArrayBuffer;

  return dec;
};

export const encryptStringToBase32 = async (
  text: string,
  password: string,
  rounds: number = DEFAULT_ITER,
  saltHex = ""
) => {
  const enc = await encryptArrayBuffer(
    bufferToArrayBuffer(new TextEncoder().encode(text)),
    password,
    rounds,
    saltHex
  );
  return base32.stringify(new Uint8Array(enc), { pad: false });
};

export const decryptBase32ToString = async (
  text: string,
  password: string,
  rounds: number = DEFAULT_ITER
) => {
  return new TextDecoder().decode(
    await decryptArrayBuffer(
      bufferToArrayBuffer(base32.parse(text, { loose: true })),
      password,
      rounds
    )
  );
};

export const encryptStringToBase64url = async (
  text: string,
  password: string,
  rounds: number = DEFAULT_ITER,
  saltHex = ""
) => {
  const enc = await encryptArrayBuffer(
    bufferToArrayBuffer(new TextEncoder().encode(text)),
    password,
    rounds,
    saltHex
  );
  return base64url.stringify(new Uint8Array(enc), { pad: false });
};

export const decryptBase64urlToString = async (
  text: string,
  password: string,
  rounds: number = DEFAULT_ITER
) => {
  return new TextDecoder().decode(
    await decryptArrayBuffer(
      bufferToArrayBuffer(base64url.parse(text, { loose: true })),
      password,
      rounds
    )
  );
};

export const getSizeFromOrigToEnc = (x: number) => {
  if (x < 0 || Number.isNaN(x) || !Number.isInteger(x)) {
    throw Error(`getSizeFromOrigToEnc: x=${x} is not a valid size`);
  }
  return (Math.floor(x / 16) + 1) * 16 + 16;
};

export const getSizeFromEncToOrig = (x: number) => {
  if (x < 32 || Number.isNaN(x) || !Number.isInteger(x)) {
    throw Error(`getSizeFromEncToOrig: ${x} is not a valid size`);
  }
  if (x % 16 !== 0) {
    throw Error(
      `getSizeFromEncToOrig: ${x} is not a valid encrypted file size`
    );
  }
  return {
    minSize: ((x - 16) / 16 - 1) * 16,
    maxSize: ((x - 16) / 16 - 1) * 16 + 15,
  };
};
use base64url not base32 2021-12-30 17:00:52 +00:00			`import { base32, base64url } from "rfc4648";`
split settings and fix format 2021-12-31 15:46:52 +00:00			`import { bufferToArrayBuffer, hexStringToTypedArray } from "./misc";`
trigger ci 2021-10-27 17:53:16 +00:00
update enc iter 2021-11-14 16:26:40 +00:00			`const DEFAULT_ITER = 20000;`
basic encrypt 2021-10-26 16:33:35 +00:00
check password 2021-11-07 16:39:17 +00:00			`// base32.stringify(Buffer.from('Salted__'))`
			`export const MAGIC_ENCRYPTED_PREFIX_BASE32 = "KNQWY5DFMRPV";`
use base64url not base32 2021-12-30 17:00:52 +00:00			`// base64.stringify(Buffer.from('Salted__'))`
			`export const MAGIC_ENCRYPTED_PREFIX_BASE64URL = "U2FsdGVkX";`
check password 2021-11-07 16:39:17 +00:00
init web crypto 2021-11-04 02:10:05 +00:00			`const getKeyIVFromPassword = async (`
			`salt: Uint8Array,`
basic encrypt 2021-10-26 16:33:35 +00:00			`password: string,`
			`rounds: number = DEFAULT_ITER`
			`) => {`
init web crypto 2021-11-04 02:10:05 +00:00			`const k1 = await window.crypto.subtle.importKey(`
			`"raw",`
			`new TextEncoder().encode(password),`
			`{ name: "PBKDF2" },`
			`false,`
			`["deriveKey", "deriveBits"]`
			`);`
basic encrypt 2021-10-26 16:33:35 +00:00
init web crypto 2021-11-04 02:10:05 +00:00			`const k2 = await window.crypto.subtle.deriveBits(`
			`{`
			`name: "PBKDF2",`
			`salt: salt,`
			`iterations: rounds,`
			`hash: "SHA-256",`
			`},`
			`k1,`
			`256 + 128`
			`);`

			`return k2;`
basic encrypt 2021-10-26 16:33:35 +00:00			`};`

promisify data 2021-11-02 16:15:23 +00:00			`export const encryptArrayBuffer = async (`
basic encrypt 2021-10-26 16:33:35 +00:00			`arrBuf: ArrayBuffer,`
			`password: string,`
add test 2021-11-05 16:23:30 +00:00			`rounds: number = DEFAULT_ITER,`
safe lint from biome 2024-05-07 16:20:15 +00:00			`saltHex = ""`
basic encrypt 2021-10-26 16:33:35 +00:00			`) => {`
add test 2021-11-05 16:23:30 +00:00			`let salt: Uint8Array;`
			`if (saltHex !== "") {`
			`salt = hexStringToTypedArray(saltHex);`
			`} else {`
			`salt = window.crypto.getRandomValues(new Uint8Array(8));`
			`}`
init web crypto 2021-11-04 02:10:05 +00:00
			`const derivedKey = await getKeyIVFromPassword(salt, password, rounds);`
			`const key = derivedKey.slice(0, 32);`
			`const iv = derivedKey.slice(32, 32 + 16);`

			`const keyCrypt = await window.crypto.subtle.importKey(`
			`"raw",`
			`key,`
			`{ name: "AES-CBC" },`
			`false,`
			`["encrypt", "decrypt"]`
use default enc 2021-11-02 02:11:45 +00:00			`);`
init web crypto 2021-11-04 02:10:05 +00:00
			`const enc = (await window.crypto.subtle.encrypt(`
			`{ name: "AES-CBC", iv },`
			`keyCrypt,`
			`arrBuf`
			`)) as ArrayBuffer;`

			`const prefix = new TextEncoder().encode("Salted__");`

spread Uint8Arrays 2021-11-04 17:21:33 +00:00			`const res = new Uint8Array([...prefix, ...salt, ...new Uint8Array(enc)]);`
init web crypto 2021-11-04 02:10:05 +00:00
			`return bufferToArrayBuffer(res);`
basic encrypt 2021-10-26 16:33:35 +00:00			`};`

promisify data 2021-11-02 16:15:23 +00:00			`export const decryptArrayBuffer = async (`
basic encrypt 2021-10-26 16:33:35 +00:00			`arrBuf: ArrayBuffer,`
			`password: string,`
			`rounds: number = DEFAULT_ITER`
			`) => {`
init web crypto 2021-11-04 02:10:05 +00:00			`const prefix = arrBuf.slice(0, 8);`
			`const salt = arrBuf.slice(8, 16);`
			`const derivedKey = await getKeyIVFromPassword(`
			`new Uint8Array(salt),`
			`password,`
			`rounds`
use default enc 2021-11-02 02:11:45 +00:00			`);`
init web crypto 2021-11-04 02:10:05 +00:00			`const key = derivedKey.slice(0, 32);`
			`const iv = derivedKey.slice(32, 32 + 16);`

			`const keyCrypt = await window.crypto.subtle.importKey(`
			`"raw",`
			`key,`
			`{ name: "AES-CBC" },`
			`false,`
			`["encrypt", "decrypt"]`
			`);`

			`const dec = (await window.crypto.subtle.decrypt(`
			`{ name: "AES-CBC", iv },`
			`keyCrypt,`
			`arrBuf.slice(16)`
			`)) as ArrayBuffer;`

			`return dec;`
basic encrypt 2021-10-26 16:33:35 +00:00			`};`

promisify data 2021-11-02 16:15:23 +00:00			`export const encryptStringToBase32 = async (`
basic encrypt 2021-10-26 16:33:35 +00:00			`text: string,`
			`password: string,`
add test 2021-11-05 16:23:30 +00:00			`rounds: number = DEFAULT_ITER,`
safe lint from biome 2024-05-07 16:20:15 +00:00			`saltHex = ""`
basic encrypt 2021-10-26 16:33:35 +00:00			`) => {`
add test 2021-11-05 16:23:30 +00:00			`const enc = await encryptArrayBuffer(`
			`bufferToArrayBuffer(new TextEncoder().encode(text)),`
			`password,`
			`rounds,`
			`saltHex`
promisify data 2021-11-02 16:15:23 +00:00			`);`
use base64url not base32 2021-12-30 17:00:52 +00:00			`return base32.stringify(new Uint8Array(enc), { pad: false });`
basic encrypt 2021-10-26 16:33:35 +00:00			`};`

promisify data 2021-11-02 16:15:23 +00:00			`export const decryptBase32ToString = async (`
basic encrypt 2021-10-26 16:33:35 +00:00			`text: string,`
			`password: string,`
			`rounds: number = DEFAULT_ITER`
			`) => {`
add test 2021-11-05 16:23:30 +00:00			`return new TextDecoder().decode(`
init web crypto 2021-11-04 02:10:05 +00:00			`await decryptArrayBuffer(`
use base64url not base32 2021-12-30 17:00:52 +00:00			`bufferToArrayBuffer(base32.parse(text, { loose: true })),`
			`password,`
			`rounds`
			`)`
			`);`
			`};`

			`export const encryptStringToBase64url = async (`
			`text: string,`
			`password: string,`
			`rounds: number = DEFAULT_ITER,`
safe lint from biome 2024-05-07 16:20:15 +00:00			`saltHex = ""`
use base64url not base32 2021-12-30 17:00:52 +00:00			`) => {`
			`const enc = await encryptArrayBuffer(`
			`bufferToArrayBuffer(new TextEncoder().encode(text)),`
			`password,`
			`rounds,`
			`saltHex`
			`);`
			`return base64url.stringify(new Uint8Array(enc), { pad: false });`
			`};`

			`export const decryptBase64urlToString = async (`
			`text: string,`
			`password: string,`
			`rounds: number = DEFAULT_ITER`
			`) => {`
			`return new TextDecoder().decode(`
			`await decryptArrayBuffer(`
			`bufferToArrayBuffer(base64url.parse(text, { loose: true })),`
promisify data 2021-11-02 16:15:23 +00:00			`password,`
			`rounds`
			`)`
add test 2021-11-05 16:23:30 +00:00			`);`
basic encrypt 2021-10-26 16:33:35 +00:00			`};`
add enc size compute 2022-03-20 15:01:32 +00:00
			`export const getSizeFromOrigToEnc = (x: number) => {`
fix stat on Android, add operations to nan ctime mtime and undefined size 2022-05-10 13:15:30 +00:00			`if (x < 0 \|\| Number.isNaN(x) \|\| !Number.isInteger(x)) {`
			throw Error(`getSizeFromOrigToEnc: x=${x} is not a valid size`);
add enc size compute 2022-03-20 15:01:32 +00:00			`}`
			`return (Math.floor(x / 16) + 1) * 16 + 16;`
			`};`

			`export const getSizeFromEncToOrig = (x: number) => {`
fix stat on Android, add operations to nan ctime mtime and undefined size 2022-05-10 13:15:30 +00:00			`if (x < 32 \|\| Number.isNaN(x) \|\| !Number.isInteger(x)) {`
			throw Error(`getSizeFromEncToOrig: ${x} is not a valid size`);
add enc size compute 2022-03-20 15:01:32 +00:00			`}`
			`if (x % 16 !== 0) {`
fix stat on Android, add operations to nan ctime mtime and undefined size 2022-05-10 13:15:30 +00:00			`throw Error(`
			`getSizeFromEncToOrig: ${x} is not a valid encrypted file size`
			`);`
add enc size compute 2022-03-20 15:01:32 +00:00			`}`
			`return {`
			`minSize: ((x - 16) / 16 - 1) * 16,`
			`maxSize: ((x - 16) / 16 - 1) * 16 + 15,`
			`};`
			`};`