Merge pull request #1 from simonratner/native-aes-gcm

Use built-in cipher instead of external package

Author: simonratner

lib/encrypted-attr.js

@@ -1,16 +1,18 @@
 'use strict'
 
+const alg = 'aes-256-gcm'
 const crypto = require('crypto')
-const gcm = require('node-aes-gcm')
 const { get, set } = require('lodash')
 
 function EncryptedAttributes (attributes, options) {
   options = options || {}
 
+  let prefix = Buffer.from(`${alg}$`).toString('base64')
+
   function encryptAttribute (obj, val) {
     // Encrypted attributes are prefixed with "aes-256-gcm$", the base64
-    // encoding of which is "YWVzLTI1Ni1nY20k". Nulls are not encrypted.
-    if (val == null || (typeof val === 'string' && val.startsWith('YWVzLTI1Ni1nY20k'))) {
+    // encoding of which is in `prefix`. Nulls are not encrypted.
+    if (val == null || (typeof val === 'string' && val.startsWith(prefix))) {
       return val
     }
     if (typeof val !== 'string') {
@@ -24,11 +26,13 @@ function EncryptedAttributes (attributes, options) {
     let aad = Buffer.from(
       `aes-256-gcm$${options.verifyId ? obj.id.toString() : ''}$${options.keyId}`)
     let key = Buffer.from(options.keys[options.keyId], 'base64')
-    let result = gcm.encrypt(key, iv, Buffer.from(val), aad)
+    let gcm = crypto.createCipheriv('aes-256-gcm', key, iv).setAAD(aad)
+    let result = gcm.update(val, 'utf8', 'base64') + gcm.final('base64')
+
     return aad.toString('base64') + '$' +
            iv.toString('base64') + '$' +
-           result.ciphertext.toString('base64') + '$' +
-           result.auth_tag.toString('base64').slice(0, 22)
+           result + '$' +
+           gcm.getAuthTag().toString('base64').slice(0, 22)
   }
 
   function encryptAll (obj) {
@@ -43,8 +47,8 @@ function EncryptedAttributes (attributes, options) {
 
   function decryptAttribute (obj, val) {
     // Encrypted attributes are prefixed with "aes-256-gcm$", the base64
-    // encoding of which is "YWVzLTI1Ni1nY20k". Nulls are not encrypted.
-    if (typeof val !== 'string' || !val.startsWith('YWVzLTI1Ni1nY20k')) {
+    // encoding of which is in `prefix`. Nulls are not encrypted.
+    if (typeof val !== 'string' || !val.startsWith(prefix)) {
       return val
     }
     if (options.verifyId && !obj.id) {
@@ -59,11 +63,9 @@ function EncryptedAttributes (attributes, options) {
       throw new Error('Encrypted attribute has invalid key id')
     }
     let key = Buffer.from(options.keys[keyId], 'base64')
-    let result = gcm.decrypt(key, iv, payload, aad, tag)
-    if (!result.auth_ok) {
-      throw new Error('Encrypted attribute has invalid auth tag')
-    }
-    return result.plaintext.toString()
+    let gcm = crypto.createDecipheriv('aes-256-gcm', key, iv).setAAD(aad).setAuthTag(tag)
+
+    return gcm.update(payload, 'binary', 'utf8') + gcm.final('utf8')
   }
 
   function decryptAll (obj) {

package-lock.json

@@ -15,8 +15,7 @@
     "orm"
   ],
   "dependencies": {
-    "lodash": "^4.17.4",
-    "node-aes-gcm": "^0.2.2"
+    "lodash": "^4.17.4"
   },
   "optionalDependencies": {},
   "devDependencies": {

package.json

@@ -158,15 +158,15 @@ describe('encrypted attributes', function () {
     let obj = {id: 1}
     // aad: aes-256-gcm$01$k2
     let wrongKey = 'YWVzLTI1Ni1nY20kMSRrMg==$sK91YfUvv+O8Jx/m$OOQniq8=$WLbWYz7uCQBTNO3Fc+5UvA'
-    expect(() => enc.decryptAttribute(obj, wrongKey), 'to throw', /invalid auth tag/i)
+    expect(() => enc.decryptAttribute(obj, wrongKey), 'to throw', /unable to auth/i)
   })
 
   it('should throw when decrypting with wrong auth tag', function () {
     let enc = EncryptedAttributes(['secret'], this.options)
     let obj = {id: 1}
     // aad: aes-256-gcm$01$k1
     let wrongAuthTag = 'YWVzLTI1Ni1nY20kMSRrMQ==$sK91YfUvv+O8Jx/m$OOQniq8=$VLbWYz7uCQBTNO3Fc+5UvA'
-    expect(() => enc.decryptAttribute(obj, wrongAuthTag), 'to throw', /invalid auth tag/i)
+    expect(() => enc.decryptAttribute(obj, wrongAuthTag), 'to throw', /unable to auth/i)
   })
 
   it('should throw when decrypting without id', function () {