use default enc

2021-11-02 10:11:45 +08:00 · 2021-11-02 10:11:45 +08:00 · ab8805f272
parent da180fcc92
commit ab8805f272
2 changed files with 48 additions and 70 deletions
--- a/src/encrypt.ts
+++ b/src/encrypt.ts
@ -1,65 +1,53 @@
-import * as CryptoJS from "crypto-js";
+import * as crypto from "crypto";
 import * as base32 from "hi-base32";
-import {
-  bufferToArrayBuffer,
-  arrayBufferToBuffer,
-  arrayBufferToBase64,
-  base64ToArrayBuffer,
-} from "./misc";
+import { bufferToArrayBuffer, arrayBufferToBuffer } from "./misc";

 const DEFAULT_ITER = 10000;

-export const encryptWordArray = (
-  wa: CryptoJS.lib.WordArray,
+export const encryptBuffer = (
+  buf: Buffer,
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const prefix = CryptoJS.enc.Utf8.parse("Salted__");
-  const salt = CryptoJS.lib.WordArray.random(8);
-  const derivedKey = CryptoJS.PBKDF2(password, salt, {
-    keySize: 32 + 16,
-    iterations: rounds,
-    hasher: CryptoJS.algo.SHA256,
-  });
-  const key = CryptoJS.lib.WordArray.create(derivedKey.words.slice(0, 32 / 4));
-  const iv = CryptoJS.lib.WordArray.create(
-    derivedKey.words.slice(32 / 4, (32 + 16) / 4)
+  const salt = crypto.randomBytes(8);
+  const derivedKey = crypto.pbkdf2Sync(
+    password,
+    salt,
+    rounds,
+    32 + 16,
+    "sha256"
  );
-  const encrypted = CryptoJS.AES.encrypt(wa, key, { iv: iv }).ciphertext;
-  const res = CryptoJS.lib.WordArray.create()
-    .concat(prefix)
-    .concat(salt)
-    .concat(encrypted);
+  const key = derivedKey.slice(0, 32);
+  const iv = derivedKey.slice(32, 32 + 16);
+  const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
+  cipher.write(buf);
+  cipher.end();
+  const encrypted = cipher.read();
+  const res = Buffer.concat([Buffer.from("Salted__"), salt, encrypted]);
  return res;
 };

-export const decryptWordArray = (
-  wa: CryptoJS.lib.WordArray,
+export const decryptBuffer = (
+  buf: Buffer,
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const prefix = CryptoJS.lib.WordArray.create(wa.words.slice(0, 8 / 4));
-
-  const salt = CryptoJS.lib.WordArray.create(
-    wa.words.slice(8 / 4, (8 + 8) / 4)
+  const prefix = buf.slice(0, 8);
+  const salt = buf.slice(8, 16);
+  const derivedKey = crypto.pbkdf2Sync(
+    password,
+    salt,
+    rounds,
+    32 + 16,
+    "sha256"
  );
-  const derivedKey = CryptoJS.PBKDF2(password, salt, {
-    keySize: 32 + 16,
-    iterations: rounds,
-    hasher: CryptoJS.algo.SHA256,
-  });
-  const key = CryptoJS.lib.WordArray.create(derivedKey.words.slice(0, 32 / 4));
-  const iv = CryptoJS.lib.WordArray.create(
-    derivedKey.words.slice(32 / 4, 32 / 4 + 16 / 4)
-  );
-  const decrypted = CryptoJS.AES.decrypt(
-    CryptoJS.lib.CipherParams.create({
-      ciphertext: CryptoJS.lib.WordArray.create(wa.words.slice((8 + 8) / 4)),
-    }),
-    key,
-    { iv: iv }
-  );
-  return decrypted;
+  const key = derivedKey.slice(0, 32);
+  const iv = derivedKey.slice(32, 32 + 16);
+  const decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
+  decipher.write(buf.slice(16));
+  decipher.end();
+  const decrypted = decipher.read();
+  return decrypted as Buffer;
 };

 export const encryptArrayBuffer = (
@ -67,12 +55,9 @@ export const encryptArrayBuffer = (
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const b64 = arrayBufferToBase64(arrBuf);
-  const wa = CryptoJS.enc.Base64.parse(b64);
-  const enc = encryptWordArray(wa, password, rounds);
-  const resb64 = CryptoJS.enc.Base64.stringify(enc);
-  const res = base64ToArrayBuffer(resb64);
-  return res;
+  return bufferToArrayBuffer(
+    encryptBuffer(arrayBufferToBuffer(arrBuf), password, rounds)
+  );
 };

 export const decryptArrayBuffer = (
@ -80,12 +65,9 @@ export const decryptArrayBuffer = (
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const b64 = arrayBufferToBase64(arrBuf);
-  const wa = CryptoJS.enc.Base64.parse(b64);
-  const dec = decryptWordArray(wa, password, rounds);
-  const resb64 = CryptoJS.enc.Base64.stringify(dec);
-  const res = base64ToArrayBuffer(resb64);
-  return res;
+  return bufferToArrayBuffer(
+    decryptBuffer(arrayBufferToBuffer(arrBuf), password, rounds)
+  );
 };

 export const encryptStringToBase32 = (
@ -93,11 +75,7 @@ export const encryptStringToBase32 = (
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const wa = CryptoJS.enc.Utf8.parse(text);
-  const enc = encryptWordArray(wa, password, rounds);
-  const enctext = CryptoJS.enc.Base64.stringify(enc);
-  const res = base32.encode(base64ToArrayBuffer(enctext));
-  return res;
+  return base32.encode(encryptBuffer(Buffer.from(text), password, rounds));
 };

 export const decryptBase32ToString = (
@ -105,9 +83,9 @@ export const decryptBase32ToString = (
  password: string,
  rounds: number = DEFAULT_ITER
 ) => {
-  const enc = Buffer.from(base32.decode.asBytes(text)).toString("base64");
-  const wa = CryptoJS.enc.Base64.parse(enc);
-  const dec = decryptWordArray(wa, password, rounds);
-  const dectext = CryptoJS.enc.Utf8.stringify(dec);
-  return dectext;
+  return decryptBuffer(
+    Buffer.from(base32.decode.asBytes(text)),
+    password,
+    rounds
+  ).toString();
 };
--- a/webpack.config.js
+++ b/webpack.config.js
@ -31,7 +31,7 @@ module.exports = {
  },
  resolve: {
    extensions: [".tsx", ".ts", ".js"],
-    mainFields: ["module", "main"],
+    mainFields: ["browser", "module", "main"],
    fallback: {
      assert: require.resolve("assert"),
      buffer: require.resolve("buffer/"),