-
-
Notifications
You must be signed in to change notification settings - Fork 8
/
derivation.ts
82 lines (79 loc) · 2.51 KB
/
derivation.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import { pbkdf2 as deriveKey } from "pbkdf2";
import { DerivedKeyInfo } from "../base/constructs";
const DERIVED_KEY_ALGORITHM = "sha256";
const HMAC_KEY_SIZE = 32;
const PASSWORD_KEY_SIZE = 32;
/**
* Derive a key from a password
* @param pbkdf2Gen The generator method
* @param password The password to derive from
* @param salt The salt
* @param rounds The number of iterations
* @param generateHMAC Enable HMAC key generation
* @throws {Error} Rejects if no password is provided
* @throws {Error} Rejects if no salt is provided
* @throws {Error} Rejects if no rounds are provided
* @returns A promise that resolves with derived key information
*/
export async function deriveFromPassword(
pbkdf2Gen: Function,
password: string,
salt: string,
rounds: number,
generateHMAC: boolean = true
): Promise<DerivedKeyInfo> {
if (!password) {
throw new Error("Failed deriving key: Password must be provided");
}
if (!salt) {
throw new Error("Failed deriving key: Salt must be provided");
}
if (!rounds || rounds <= 0) {
throw new Error("Failed deriving key: Rounds must be greater than 0");
}
const bits = generateHMAC ? (PASSWORD_KEY_SIZE + HMAC_KEY_SIZE) * 8 : PASSWORD_KEY_SIZE * 8;
const derivedKeyData = await pbkdf2Gen(password, salt, rounds, bits);
const derivedKeyHex = derivedKeyData.toString("hex");
const dkhLength = derivedKeyHex.length;
const keyBuffer = generateHMAC
? new Buffer(derivedKeyHex.substr(0, dkhLength / 2), "hex")
: new Buffer(derivedKeyHex, "hex");
return {
salt: salt,
key: keyBuffer,
rounds: rounds,
hmac: generateHMAC
? new Buffer(derivedKeyHex.substr(dkhLength / 2, dkhLength / 2), "hex")
: null
};
}
/**
* The default PBKDF2 function
* @param password The password to use
* @param salt The salt to use
* @param rounds The number of iterations
* @param bits The size of the key to generate, in bits
* @returns A Promise that resolves with the hash
*/
export function pbkdf2(
password: string,
salt: string,
rounds: number,
bits: number
): Promise<Buffer> {
return new Promise((resolve, reject) => {
deriveKey(
password,
salt,
rounds,
bits / 8,
DERIVED_KEY_ALGORITHM,
(err?: Error, key?: Buffer) => {
if (err) {
return reject(err);
}
return resolve(key);
}
);
});
}