-
Notifications
You must be signed in to change notification settings - Fork 815
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Ammar Karachi
committed
Jun 1, 2022
1 parent
7e05245
commit 180edab
Showing
6 changed files
with
102 additions
and
113 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
80 changes: 43 additions & 37 deletions
80
packages/amplify-cli/src/commands/helpers/encryption-helpers.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,39 +1,45 @@ | ||
import { getPublicKey } from './get-public-key' | ||
import crypto from 'crypto'; | ||
|
||
import { getPublicKey } from './reporter-apis'; | ||
|
||
/** | ||
* encrypt a buffer using AES 256 | ||
* @param text plainText as bugger to be encrypted | ||
* @param passKey sting pass phrase to be used for encryption | ||
* @returns base64 string to be encrypted | ||
*/ | ||
export const encryptBuffer = async (text: Buffer, passKey: string): Promise<string> => { | ||
const masterKey = Buffer.from(passKey, 'utf-8'); | ||
// random initialization vector | ||
const iv = crypto.randomBytes(16); | ||
|
||
// random salt | ||
const salt = crypto.randomBytes(64); | ||
|
||
// derive encryption key: 32 byte key length | ||
// in assumption the masterkey is a cryptographic and NOT a password there is no need for | ||
// a large number of iterations. It may can replaced by HKDF | ||
// the value of 2145 is randomly chosen! | ||
const key = crypto.pbkdf2Sync(masterKey, salt, 2145, 32, 'sha512'); | ||
// AES 256 GCM Mode | ||
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv); | ||
|
||
// encrypt the given text | ||
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]); | ||
|
||
// extract the auth tag | ||
const tag = cipher.getAuthTag(); | ||
|
||
// generate output | ||
return Buffer.concat([salt, iv, tag, encrypted]).toString('base64'); | ||
} | ||
|
||
|
||
|
||
export const encryptKey = async(key: string): Promise<string> => { | ||
const publicKey = await getPublicKey(); | ||
return crypto.publicEncrypt({ | ||
key: publicKey, | ||
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING, | ||
oaepHash: 'sha256' | ||
}, Buffer.from(key)).toString('base64'); | ||
} | ||
const masterKey = Buffer.from(passKey, 'utf-8'); | ||
// random initialization vector | ||
const iv = crypto.randomBytes(16); | ||
|
||
// random salt | ||
const salt = crypto.randomBytes(64); | ||
|
||
const key = crypto.pbkdf2Sync(masterKey, salt, 2145, 32, 'sha512'); | ||
|
||
// AES 256 GCM Mode | ||
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv); | ||
|
||
// encrypt the given text | ||
const encrypted = Buffer.concat([cipher.update(text), cipher.final()]); | ||
|
||
// extract the auth tag | ||
const tag = cipher.getAuthTag(); | ||
|
||
// generate output | ||
return Buffer.concat([salt, iv, tag, encrypted]).toString('base64'); | ||
}; | ||
|
||
/** | ||
* encrypts key with Asymmetric SHA 256 | ||
* @param key to be encrypted | ||
* @returns encrypted string | ||
*/ | ||
export const encryptKey = async (key: string): Promise<string> => { | ||
const publicKey = await getPublicKey(); | ||
return crypto.publicEncrypt({ | ||
key: publicKey, | ||
padding: crypto.constants.RSA_PKCS1_OAEP_PADDING, | ||
oaepHash: 'sha256', | ||
}, Buffer.from(key)).toString('base64'); | ||
}; |
16 changes: 0 additions & 16 deletions
16
packages/amplify-cli/src/commands/helpers/get-public-key.ts
This file was deleted.
Oops, something went wrong.
31 changes: 31 additions & 0 deletions
31
packages/amplify-cli/src/commands/helpers/reporter-apis.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
import { DiagnoseReportUploadError } from "amplify-cli-core"; | ||
import fetch from "node-fetch"; | ||
|
||
/** | ||
* Return the public key from github API | ||
* @returns the public key | ||
*/ | ||
export const getPublicKey = async (): Promise<string> => { | ||
let url = "https://aws-amplify.github.io/amplify-cli/report-public-key.pub"; | ||
if (process.env.AMPLIFY_CLI_BETA_PUBLIC_KEY_URL && typeof process.env.AMPLIFY_CLI_BETA_PUBLIC_KEY_URL === "string") { | ||
url = process.env.AMPLIFY_CLI_BETA_USAGE_TRACKING_URL || url; | ||
} | ||
const res = await fetch(url); | ||
if (!res.ok) { | ||
throw new DiagnoseReportUploadError("Failed to retrieve public key"); | ||
} | ||
return res.text(); | ||
}; | ||
|
||
/** | ||
* The function checks for the environment variable AMPLIFY_CLI_BETA_REPORT_URL if it's not present or is not a string | ||
* return the prod url | ||
* @returns url for the reporter end point | ||
*/ | ||
export const reporterEndpoint = (): string => { | ||
const prodUrl = "https://api.cli.amplify.aws/diagnose/report"; | ||
if (process.env.AMPLIFY_CLI_BETA_REPORT_URL && typeof process.env.AMPLIFY_CLI_BETA_REPORT_URL === "string") { | ||
return process.env.AMPLIFY_CLI_BETA_USAGE_TRACKING_URL || prodUrl; | ||
} | ||
return prodUrl; | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters