WIP

Author: CMCDragonkai

src/utils/utils.ts

@@ -319,6 +319,32 @@ function bufferSplit(
   return output;
 }
 
+/**
+ * Zero-copy wraps ArrayBuffer-like objects into Buffer
+ * This supports ArrayBuffer, TypedArrays and the NodeJS Buffer
+ */
+function bufferWrap(
+  array: ArrayBuffer,
+  offset?: number,
+  length?: number,
+): Buffer {
+  if (Buffer.isBuffer(array)) {
+    return array;
+  } else if (ArrayBuffer.isView(array)) {
+    return Buffer.from(
+      array.buffer,
+      offset ?? array.byteOffset,
+      length ?? array.byteLength
+    );
+  } else {
+    return Buffer.from(
+      array,
+      offset,
+      length
+    );
+  }
+}
+
 function debounce<P extends any[]>(
   f: (...params: P) => any,
   timeout: number = 0,
@@ -419,4 +445,5 @@ export {
   isAsyncGenerator,
   lexiPackBuffer,
   lexiUnpackBuffer,
+  bufferWrap,
 };

test-bootstrapping.ts

@@ -1,4 +1,3 @@
-import * as jest from 'jest';
 import * as jose from 'jose';
 import { hkdf, KeyObject, webcrypto } from 'crypto';
 import * as bip39 from '@scure/bip39';

test-dek.ts

@@ -0,0 +1,164 @@
+import * as jose from 'jose';
+import { hkdf, KeyObject, webcrypto } from 'crypto';
+import * as bip39 from '@scure/bip39';
+import { wordlist } from '@scure/bip39/wordlists/english';
+
+import * as nobleEd25519 from '@noble/ed25519';
+import * as nobleHashesUtils from '@noble/hashes/utils';
+
+import * as base64 from 'multiformats/bases/base64';
+import * as noblePbkdf2 from '@noble/hashes/pbkdf2';
+import * as nobleHkdf from '@noble/hashes/hkdf';
+
+import { sha512 as nobleSha512 } from '@noble/hashes/sha512';
+import { sha256 as nobleSha256 } from '@noble/hashes/sha256';
+import { isTypedArray } from 'util/types';
+
+type Assert = (condition: unknown) => asserts condition;
+const assert: Assert = (condition) => {
+  if (condition == false) throw new Error('Invalid assertion');
+};
+
+
+/**
+ * Zero-copy wraps ArrayBuffer-like objects into Buffer
+ * This supports ArrayBuffer, TypedArrays and NodeJS Buffer
+ */
+function bufferWrap(
+  array: ArrayBuffer,
+  offset?: number,
+  length?: number,
+): Buffer {
+  if (Buffer.isBuffer(array)) {
+    return array;
+  } else if (ArrayBuffer.isView(array)) {
+    return Buffer.from(
+      array.buffer,
+      offset ?? array.byteOffset,
+      length ?? array.byteLength
+    );
+  } else {
+    return Buffer.from(
+      array,
+      offset,
+      length
+    );
+  }
+}
+
+
+/**
+ * This is limited to 65,536 bytes of random data
+ * Stream this call, if you want more
+ */
+function getRandomBytesSync(size: number): Buffer {
+  return webcrypto.getRandomValues(
+    Buffer.allocUnsafe(size)
+  );
+}
+
+// @ts-ignore - this overrides the random source used by @noble and @scure libraries
+nobleHashesUtils.randomBytes = (size: number = 32) => getRandomBytesSync(size);
+nobleEd25519.utils.randomBytes = (size: number = 32) => getRandomBytesSync(size);
+
+async function encryptWithKey(
+  key: CryptoKey,
+  plainText: ArrayBuffer
+): Promise<Buffer> {
+  const iv = getRandomBytesSync(16);
+  const data = await webcrypto.subtle.encrypt(
+    {
+      name: 'AES-GCM',
+      iv,
+      tagLength: 128,
+    },
+    key,
+    plainText
+  );
+  return Buffer.concat([
+    iv,
+    bufferWrap(data)
+  ]);
+}
+
+async function decryptWithKey(
+  key: CryptoKey,
+  cipherText: ArrayBuffer
+): Promise<Buffer | undefined> {
+  const cipherText_ = bufferWrap(cipherText);
+  if (cipherText_.byteLength < 32) {
+    return;
+  }
+  const iv = cipherText_.subarray(0, 16);
+  const data = cipherText_.subarray(16);
+  let plainText: ArrayBuffer;
+  try {
+    plainText = await webcrypto.subtle.decrypt(
+      {
+        name: 'AES-GCM',
+        iv,
+        tagLength: 128
+      },
+      key,
+      data
+    );
+  } catch (e) {
+    // This means algorithm is incorrectly setup
+    if (e.name === 'InvalidAccessError') {
+      throw e;
+    }
+    // Otherwise the key is wrong
+    // or the data is wrong
+    return;
+  }
+  return bufferWrap(plainText);
+}
+
+async function main () {
+
+  const databaseKey = getRandomBytesSync(32);
+
+  const databaseKeyJWK = {
+    alg: "A256GCM",
+    kty: "oct",
+    k: base64.base64url.baseEncode(databaseKey),
+    ext: true,
+    key_ops: ["encrypt", "decrypt"],
+  };
+
+  const databaseCryptoKey = await webcrypto.subtle.importKey(
+    'jwk',
+    databaseKeyJWK,
+    'AES-GCM',
+    true,
+    databaseKeyJWK.key_ops as Array<webcrypto.KeyUsage>
+  );
+
+  const cipherText = await encryptWithKey(
+    databaseCryptoKey,
+    Buffer.from('hello world')
+  );
+
+  // Try with incorrect key
+  // const databaseCryptoKey2 = await webcrypto.subtle.importKey(
+  //   'raw',
+  //   getRandomBytesSync(16),
+  //   'AES-GCM',
+  //   true,
+  //   databaseKeyJWK.key_ops as Array<webcrypto.KeyUsage>
+  // );
+
+  const plainText = await decryptWithKey(
+    databaseCryptoKey,
+    cipherText
+  );
+
+  console.log(plainText?.toString());
+
+  // Now we do key wrapping
+
+
+
+}
+
+void main();