@cloudpss/crypto 0.5.28 → 0.5.30
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -32,13 +32,13 @@ export interface EncryptedData {
|
|
|
32
32
|
* CloudPSS 数据加密
|
|
33
33
|
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 96,迭代 100,000 次
|
|
34
34
|
* - 加密算法:AES-256-GCM,使用与密钥生成算法的盐作为 NONCE,TAG 长度 128
|
|
35
|
-
* - 附加数据:最大长度
|
|
35
|
+
* - 附加数据:最大长度 256MiB -1B
|
|
36
36
|
*
|
|
37
37
|
* - 文件格式:
|
|
38
38
|
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
39
39
|
* - Nonce: 96 bits
|
|
40
40
|
* - Length of AAD: 4 bytes
|
|
41
|
-
* - AAD (if exists)
|
|
41
|
+
* - AAD (if exists) (padded to 128 bits)
|
|
42
42
|
* - Encrypted Data
|
|
43
43
|
* - Auth Tag: 128 bits
|
|
44
44
|
*/
|
|
@@ -4,7 +4,7 @@ export const PBKDF2_ITERATIONS = 100_000;
|
|
|
4
4
|
/** NONCE 长度(byte) */
|
|
5
5
|
export const NONCE_SIZE = 96 / 8;
|
|
6
6
|
/** AAD 最大长度(byte) */
|
|
7
|
-
export const AAD_MAX_SIZE =
|
|
7
|
+
export const AAD_MAX_SIZE = 256 * 1024 * 1024 - 1; // 256MiB -1B
|
|
8
8
|
/** AAD 长度字段长度(byte) */
|
|
9
9
|
export const AAD_LEN_SIZE = 4;
|
|
10
10
|
// 与 AES 一致对齐
|
|
@@ -18,13 +18,13 @@ export const AES_TAG_SIZE = 128 / 8;
|
|
|
18
18
|
* CloudPSS 数据加密
|
|
19
19
|
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 96,迭代 100,000 次
|
|
20
20
|
* - 加密算法:AES-256-GCM,使用与密钥生成算法的盐作为 NONCE,TAG 长度 128
|
|
21
|
-
* - 附加数据:最大长度
|
|
21
|
+
* - 附加数据:最大长度 256MiB -1B
|
|
22
22
|
*
|
|
23
23
|
* - 文件格式:
|
|
24
24
|
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
25
25
|
* - Nonce: 96 bits
|
|
26
26
|
* - Length of AAD: 4 bytes
|
|
27
|
-
* - AAD (if exists)
|
|
27
|
+
* - AAD (if exists) (padded to 128 bits)
|
|
28
28
|
* - Encrypted Data
|
|
29
29
|
* - Auth Tag: 128 bits
|
|
30
30
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/encryption/common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEzD,kBAAkB;AAClB,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AACzC,qBAAqB;AACrB,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;AACjC,qBAAqB;AACrB,MAAM,CAAC,MAAM,YAAY,GAAG,
|
|
1
|
+
{"version":3,"file":"common.js","sourceRoot":"","sources":["../../src/encryption/common.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAEzD,kBAAkB;AAClB,MAAM,CAAC,MAAM,iBAAiB,GAAG,OAAO,CAAC;AACzC,qBAAqB;AACrB,MAAM,CAAC,MAAM,UAAU,GAAG,EAAE,GAAG,CAAC,CAAC;AACjC,qBAAqB;AACrB,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,aAAa;AAChE,uBAAuB;AACvB,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC;AAE9B,aAAa;AACb,kBAAkB;AAClB,MAAM,CAAC,MAAM,WAAW,GAAG,GAAG,GAAG,CAAC,CAAC;AACnC,mBAAmB;AACnB,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,GAAG,CAAC,CAAC;AACpC,wBAAwB;AACxB,MAAM,CAAC,MAAM,YAAY,GAAG,GAAG,GAAG,CAAC,CAAC;AAoBpC;;;;;;;;;;;;;GAaG;AAEH,oBAAoB;AACpB,MAAM,CAAC,MAAM,YAAY,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AAE9F,MAAM,kBAAkB,GAAG,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CAAC;AAE1F,eAAe;AACf,MAAM,UAAU,OAAO,CAAC,IAAY,EAAE,OAAe;IACjD,OAAO,CAAC,IAAI,GAAG,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,uBAAuB;AACvB,MAAM,UAAU,cAAc,CAAC,IAAgB;IAC3C,MAAM,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAClC,IAAI,MAAM,CAAC,UAAU,GAAG,kBAAkB;QAAE,OAAO,SAAS,CAAC;IAC7D,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,SAAS,CAAC;IACrE,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,EAAE,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,CAAC;IACrF,MAAM,OAAO,GACT,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,CAAC,IAAI,EAAE,CAAC;QAChD,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QACpD,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,CAAC,CAAC,CAAC;IACjD,IAAI,OAAO,GAAG,YAAY,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;QACxC,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACrD,IAAI,MAAM,CAAC,UAAU,GAAG,cAAc,GAAG,kBAAkB,EAAE,CAAC;QAC1D,OAAO,SAAS,CAAC;IACrB,CAAC;IACD,MAAM,GAAG,GAAG,OAAO;QACf,CAAC,CAAC,MAAM,CAAC,QAAQ,CACX,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,EAC/C,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,OAAO,CAC5D;QACH,CAAC,CAAC,YAAY,CAAC;IACnB,MAAM,SAAS,GAAG,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,MAAM,GAAG,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC,CAAC;IACpG,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;AAC3C,CAAC"}
|
package/package.json
CHANGED
package/src/encryption/common.ts
CHANGED
|
@@ -5,7 +5,7 @@ export const PBKDF2_ITERATIONS = 100_000;
|
|
|
5
5
|
/** NONCE 长度(byte) */
|
|
6
6
|
export const NONCE_SIZE = 96 / 8;
|
|
7
7
|
/** AAD 最大长度(byte) */
|
|
8
|
-
export const AAD_MAX_SIZE =
|
|
8
|
+
export const AAD_MAX_SIZE = 256 * 1024 * 1024 - 1; // 256MiB -1B
|
|
9
9
|
/** AAD 长度字段长度(byte) */
|
|
10
10
|
export const AAD_LEN_SIZE = 4;
|
|
11
11
|
|
|
@@ -39,13 +39,13 @@ export interface EncryptedData {
|
|
|
39
39
|
* CloudPSS 数据加密
|
|
40
40
|
* - 密钥生成算法:PBKDF2-HMAC-SHA256,盐长度 96,迭代 100,000 次
|
|
41
41
|
* - 加密算法:AES-256-GCM,使用与密钥生成算法的盐作为 NONCE,TAG 长度 128
|
|
42
|
-
* - 附加数据:最大长度
|
|
42
|
+
* - 附加数据:最大长度 256MiB -1B
|
|
43
43
|
*
|
|
44
44
|
* - 文件格式:
|
|
45
45
|
* - Magic Number: 0e 02 49 29 3f 07 7b 0a
|
|
46
46
|
* - Nonce: 96 bits
|
|
47
47
|
* - Length of AAD: 4 bytes
|
|
48
|
-
* - AAD (if exists)
|
|
48
|
+
* - AAD (if exists) (padded to 128 bits)
|
|
49
49
|
* - Encrypted Data
|
|
50
50
|
* - Auth Tag: 128 bits
|
|
51
51
|
*/
|
package/tests/encryption.js
CHANGED
|
@@ -7,13 +7,14 @@ import * as browserImpl from '../dist/encryption/browser.js';
|
|
|
7
7
|
import * as webImpl from '../dist/encryption/web.js';
|
|
8
8
|
import * as wasmImpl from '../dist/encryption/wasm.js';
|
|
9
9
|
|
|
10
|
-
const data =
|
|
11
|
-
Buffer.from(''),
|
|
12
|
-
Buffer.from('Hello, World!'),
|
|
13
|
-
Buffer.from('Hello, World!'.repeat(100)),
|
|
14
|
-
new Uint8Array(100),
|
|
15
|
-
Buffer.from('Hello, World!'.repeat(1000)).buffer,
|
|
16
|
-
|
|
10
|
+
const data = Object.entries({
|
|
11
|
+
empty: Buffer.from(''),
|
|
12
|
+
short: Buffer.from('Hello, World!'),
|
|
13
|
+
long: Buffer.from('Hello, World!'.repeat(100)),
|
|
14
|
+
zeros: new Uint8Array(100),
|
|
15
|
+
longlong: Buffer.from('Hello, World!'.repeat(1000)).buffer,
|
|
16
|
+
unaligned: Buffer.from('Hello, World!'.repeat(1000)).subarray(1),
|
|
17
|
+
}).map(([k, d]) => ({ raw: d, length: d.byteLength, type: d.constructor.name, tag: k }));
|
|
17
18
|
const passphrase = 'test';
|
|
18
19
|
|
|
19
20
|
describe('Encryption root export', () => {
|
|
@@ -110,7 +111,7 @@ function checkModule(module) {
|
|
|
110
111
|
// eslint-disable-next-line @typescript-eslint/unbound-method
|
|
111
112
|
const { encrypt, decrypt, encryptAad } = module;
|
|
112
113
|
|
|
113
|
-
it.each(data)('encrypt/decrypt $type[$length]', async ({ raw }) => {
|
|
114
|
+
it.each(data)('encrypt/decrypt $type[$length] ($tag)', async ({ raw }) => {
|
|
114
115
|
const encrypted = await encrypt(raw, passphrase);
|
|
115
116
|
expect(encrypted).toBeInstanceOf(Uint8Array);
|
|
116
117
|
expect(encrypted.byteLength).toBeGreaterThan(raw.byteLength);
|
|
@@ -125,7 +126,7 @@ function checkModule(module) {
|
|
|
125
126
|
expect(decrypted).toEqual(toUint8Array(raw));
|
|
126
127
|
});
|
|
127
128
|
|
|
128
|
-
it.each(data)('encrypt/decrypt $type[$length] with aad', async ({ raw }) => {
|
|
129
|
+
it.each(data)('encrypt/decrypt $type[$length] ($tag) with aad', async ({ raw }) => {
|
|
129
130
|
const aad = Buffer.from('Hello, AAD!');
|
|
130
131
|
const encrypted = await encryptAad(raw, aad, passphrase);
|
|
131
132
|
expect(encrypted).toBeInstanceOf(Uint8Array);
|
|
@@ -153,7 +154,7 @@ function checkModule(module) {
|
|
|
153
154
|
*/
|
|
154
155
|
function checkImplEncryption(encrypt, decrypt) {
|
|
155
156
|
it.each(data)(
|
|
156
|
-
`$type[$length]`,
|
|
157
|
+
`$type[$length] ($tag)`,
|
|
157
158
|
async ({ raw }) => {
|
|
158
159
|
const encrypted = await encrypt({ data: toUint8Array(raw), aad: new Uint8Array(0) }, passphrase);
|
|
159
160
|
expect(encrypted.nonce).toBeInstanceOf(Uint8Array);
|
|
@@ -175,7 +176,7 @@ function checkImplEncryption(encrypt, decrypt) {
|
|
|
175
176
|
100_000,
|
|
176
177
|
);
|
|
177
178
|
it.each(data)(
|
|
178
|
-
`(aad) $type[$length]`,
|
|
179
|
+
`(aad) $type[$length] ($tag)`,
|
|
179
180
|
async ({ raw }) => {
|
|
180
181
|
const aad = Buffer.from('Hello, AAD!');
|
|
181
182
|
const encrypted = await encrypt({ data: toUint8Array(raw), aad }, passphrase);
|