Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
export function encryptAES128CTR(string, password, hex=false) {
const string_buffer = new Buffer(string, hex?'hex':undefined) // ethereum: new Buffer(string,'hex')
const ciphertype = 'aes-128-ctr'
const salt = randomBytes(32)
const iv = randomBytes(16)
const kdf = 'scrypt'
const kdfparams = {
dklen: 32,
salt: salt.toString('hex'),
n: 1024,
r: 8,
p: 1,
}
const derivedKey = scrypt(new Buffer(password), salt, kdfparams.n, kdfparams.r, kdfparams.p, kdfparams.dklen)
const cipher = createCipheriv(ciphertype, derivedKey.slice(0, 16), iv)
if (!cipher)
throw new Error('Unsupported cipher')
return {
ciphertext: Buffer.concat([cipher.update(string_buffer), cipher.final()]).toString('hex'),
cipherparams: {
iv: iv.toString('hex')
},
cipher: ciphertype,
kdf: kdf,
kdfparams: kdfparams
}
}
kdfparams.n = options.n || 8192; // 2048 4096 8192 16384
kdfparams.r = options.r || 8;
kdfparams.p = options.p || 1;
derivedKey = scrypt(
Buffer.from(password),
Buffer.from(kdfparams.salt, 'hex'),
kdfparams.n,
kdfparams.r,
kdfparams.p,
kdfparams.dklen
);
} else {
throw new Error('Unsupported kdf');
}
const cipher = createCipheriv(options.cipher || 'aes-128-ctr', derivedKey.slice(0, 16), iv);
if (!cipher) {
throw new Error('Unsupported cipher');
}
const ciphertext = Buffer.concat([
cipher.update(Buffer.from(this.privateKey.replace('0x', ''), 'hex')),
cipher.final()
]);
const mac = keccak256(Buffer.concat([derivedKey.slice(16, 32), Buffer.from(ciphertext, 'hex')])).replace(
'0x',
''
);
return {
version: 3,
salt: salt.toString('hex')
}
if (kdf === 'pbkdf2') {
kdfparams.c = opts.c || 262144
kdfparams.prf = 'hmac-sha256'
derivedKey = pbkdf2.pbkdf2Sync(new Buffer(password), salt, kdfparams.c, kdfparams.dklen, 'sha256')
} else if (kdf === 'scrypt') {
// FIXME: support progress reporting callback
kdfparams.n = opts.n || 1024
kdfparams.r = opts.r || 8
kdfparams.p = opts.p || 1
derivedKey = scrypt(new Buffer(password), salt, kdfparams.n, kdfparams.r, kdfparams.p, kdfparams.dklen)
} else {
throw new Error('Unsupported kdf')
}
var cipher = createCipheriv(opts.cipher || 'aes-128-ctr', derivedKey.slice(0, 16), iv)
if (!cipher) {
throw new Error('Unsupported cipher')
}
var ciphertext = Buffer.concat([cipher.update(value), cipher.final()])
return {
ciphertext: ciphertext.toString('hex'),
cipherparams: {
iv: iv.toString('hex')
},
cipher: opts.cipher || 'aes-128-ctr',
kdf: kdf,
kdfparams: kdfparams
}
}
function decipherBuffer(decipher, data) {
kdfparams.n = options.n || 8192; // 2048 4096 8192 16384
kdfparams.r = options.r || 8;
kdfparams.p = options.p || 1;
derivedKey = scrypt(
Buffer.from(password),
Buffer.from(kdfparams.salt, 'hex'),
kdfparams.n,
kdfparams.r,
kdfparams.p,
kdfparams.dklen
);
} else {
throw new Error('Unsupported kdf');
}
const cipher = createCipheriv(options.cipher || 'aes-128-ctr', derivedKey.slice(0, 16), iv);
if (!cipher) {
throw new Error('Unsupported cipher');
}
const ciphertext = Buffer.concat([
cipher.update(Buffer.from(this.privateKey.replace('0x', ''), 'hex')),
cipher.final()
]);
const mac = keccak256(Buffer.concat([derivedKey.slice(16, 32), Buffer.from(ciphertext, 'hex')])).replace(
'0x',
''
);
return {
version: 3,
t.test(cipher, function (t) {
t.plan(1)
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
if (cipher.indexOf('gcm') > -1) {
decrypter.setAuthTag(crypter.getAuthTag())
}
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
})
})
test('through crypto browserify works', function (t) {
t.plan(2)
var crypto = require('../')
var cipher = 'aes-128-ctr'
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
t.ok(crypto.getCiphers().length, 'get ciphers returns an array')
})
test('through crypto browserify works', function (t) {
t.plan(2)
var crypto = require('../')
var cipher = 'aes-128-ctr'
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
t.ok(crypto.getCiphers().length, 'get ciphers returns an array')
})
t.test(cipher, function (t) {
t.plan(1)
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
if (cipher.indexOf('gcm') > -1) {
decrypter.setAuthTag(crypter.getAuthTag())
}
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
})
})
test('through crypto browserify works', function (t) {
t.plan(2)
var crypto = require('../')
var cipher = 'aes-128-ctr'
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
t.ok(crypto.getCiphers().length, 'get ciphers returns an array')
})
test('ciphers', function (t) {
crypto.listCiphers().forEach(function (cipher) {
t.test(cipher, function (t) {
t.plan(1)
var data = randomBytes(562)
var password = randomBytes(20)
var crypter = crypto.createCipher(cipher, password)
var decrypter = crypto.createDecipher(cipher, password)
var out = []
out.push(decrypter.update(crypter.update(data)))
out.push(decrypter.update(crypter.final()))
if (cipher.indexOf('gcm') > -1) {
decrypter.setAuthTag(crypter.getAuthTag())
}
out.push(decrypter.final())
t.equals(data.toString('hex'), Buffer.concat(out).toString('hex'))
})
})