k9crypt 1.1.6 → 1.1.7

package/README.md

@@ -6,9 +6,10 @@ This is a special encryption algorithm created for K9Crypt.
 
 ## Updates
 
-**v1.1.6**
+**v1.1.7**
 
-- Due to issues reported in feedback, it has been updated to be usable only as CommonJS.
+- The Argon2 hashing system has now been integrated, offering support for both SHA512 and Argon2.
+- Encryption performance has been optimized, significantly increasing speed.
 
 ## Installation
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "k9crypt",
-  "version": "1.1.6",
+  "version": "1.1.7",
   "description": "A special encryption algorithm created for K9Crypt.",
   "main": "index.js",
   "scripts": {
@@ -18,12 +18,9 @@
   "author": "K9Crypt Team",
   "license": "MIT",
   "dependencies": {
-    "bcrypt": "^6.0.0",
+    "argon2": "^0.44.0",
     "crypto-js": "^4.2.0",
-    "lz4": "^0.6.5",
-    "lzma-native": "^8.0.6",
-    "node-forge": "^1.3.1",
-    "xxhash": "^0.3.0"
+    "lzma-native": "^8.0.6"
   },
   "repository": {
     "type": "git",

package/src/constants.js

@@ -3,8 +3,10 @@ module.exports = {
   IV_SIZE: 16,
   KEY_SIZE: 32,
   TAG_SIZE: 16,
-  PBKDF2_ITERATIONS: 310000,
-  HASH_SEED: 0xCAFEBABE,
+  PBKDF2_ITERATIONS: 50000,
+  HASH_SEED: 0xcafebabe,
   PEPPER: 'veryLongAndComplexPepperValue123!@#$%^&*()_+[]{}|;:,.<>?',
   HMAC_KEY: 'veryLongAndComplexHMACKeyValue456!@#$%^&*()_+[]{}|;:,.<>?',
-};
+  ARGON2_SALT_SIZE: 16,
+  ARGON2_HASH_LENGTH: 64
+};

package/src/index.js

@@ -3,7 +3,7 @@ const { compress, decompress } = require('./utils/compression');
 const { deriveKey } = require('./utils/keyDerivation');
 const { encrypt, decrypt } = require('./utils/encryption');
 const { hash, verifyHash } = require('./utils/hashing');
-const { SALT_SIZE, IV_SIZE, TAG_SIZE } = require('./constants');
+const { SALT_SIZE, IV_SIZE, TAG_SIZE, ARGON2_SALT_SIZE, ARGON2_HASH_LENGTH } = require('./constants');
 
 class K9crypt {
   constructor(secretKey) {
@@ -25,10 +25,11 @@ class K9crypt {
       const compressed = await compress(plaintext);
       const salt = crypto.randomBytes(SALT_SIZE);
       const key = await deriveKey(this.secretKey, salt);
-      const { iv1, iv2, iv3, iv4, iv5, encrypted, tag1 } = encrypt(compressed, key);
-      const dataToHash = Buffer.concat([salt, iv1, iv2, iv3, iv4, iv5, encrypted, tag1]);
-      const dataHash = hash(dataToHash);
-      const result = Buffer.concat([salt, iv1, iv2, iv3, iv4, iv5, encrypted, tag1, dataHash]);
+      const { iv1, iv2, iv3, iv4, iv5, encrypted, tag1 } = await encrypt(compressed, key);
+      const dataToHash = Buffer.concat([ salt, iv1, iv2, iv3, iv4, iv5, encrypted, tag1 ]);
+      const argon2Salt = crypto.randomBytes(ARGON2_SALT_SIZE);
+      const dataHash = await hash(dataToHash, argon2Salt);
+      const result = Buffer.concat([ salt, iv1, iv2, iv3, iv4, iv5, encrypted, tag1, argon2Salt, dataHash ]);
       return result.toString('base64');
     } catch (error) {
       console.log('Encryption failed');
@@ -44,17 +45,19 @@ class K9crypt {
       const iv3 = data.slice(SALT_SIZE + 2 * IV_SIZE, SALT_SIZE + 3 * IV_SIZE);
       const iv4 = data.slice(SALT_SIZE + 3 * IV_SIZE, SALT_SIZE + 4 * IV_SIZE);
       const iv5 = data.slice(SALT_SIZE + 4 * IV_SIZE, SALT_SIZE + 5 * IV_SIZE);
-      const encrypted = data.slice(SALT_SIZE + 5 * IV_SIZE, -TAG_SIZE - 64);
-      const tag1 = data.slice(-TAG_SIZE - 64, -64);
-      const dataHash = data.slice(-64);
 
-      const dataToVerify = data.slice(0, -64);
-      if (!verifyHash(dataToVerify, dataHash)) {
+      const dataHash = data.slice(-ARGON2_HASH_LENGTH);
+      const argon2Salt = data.slice(-ARGON2_HASH_LENGTH - ARGON2_SALT_SIZE, -ARGON2_HASH_LENGTH);
+      const tag1 = data.slice(-ARGON2_HASH_LENGTH - ARGON2_SALT_SIZE - TAG_SIZE, -ARGON2_HASH_LENGTH - ARGON2_SALT_SIZE);
+      const encrypted = data.slice(SALT_SIZE + 5 * IV_SIZE, -ARGON2_HASH_LENGTH - ARGON2_SALT_SIZE - TAG_SIZE);
+
+      const dataToVerify = data.slice(0, -ARGON2_HASH_LENGTH - ARGON2_SALT_SIZE);
+      if (!(await verifyHash(dataToVerify, dataHash, argon2Salt))) {
         console.log('Data integrity check failed');
       }
 
       const key = await deriveKey(this.secretKey, salt);
-      const decrypted = decrypt(encrypted, key, iv1, iv2, iv3, iv4, iv5, tag1);
+      const decrypted = await decrypt(encrypted, key, iv1, iv2, iv3, iv4, iv5, tag1);
       const decompressed = await decompress(decrypted);
       return decompressed.toString('utf8');
     } catch (error) {

package/src/utils/compression.js

@@ -6,20 +6,24 @@ exports.compress = async (data) => {
     const brotliParams = {
       params: {
         [zlib.constants.BROTLI_PARAM_MODE]: zlib.constants.BROTLI_MODE_TEXT,
-        [zlib.constants.BROTLI_PARAM_QUALITY]: zlib.constants.BROTLI_MAX_QUALITY,
+        [zlib.constants.BROTLI_PARAM_QUALITY]: 4,
         [zlib.constants.BROTLI_PARAM_SIZE_HINT]: Buffer.byteLength(data, 'utf8'),
         [zlib.constants.BROTLI_PARAM_LGWIN]: 24
       }
     };
 
     const brotliCompressed = await new Promise((resolve, reject) => {
-      zlib.brotliCompress(Buffer.from(data, 'utf8'), brotliParams, (err, compressed) => {
-        if (err) reject(err);
-        else resolve(compressed);
-      });
+      zlib.brotliCompress(
+        Buffer.from(data, 'utf8'),
+        brotliParams,
+        (err, compressed) => {
+          if (err) reject(err);
+          else resolve(compressed);
+        }
+      );
     });
 
-    const lzmaCompressed = await lzma.compress(brotliCompressed, 9);
+    const lzmaCompressed = await lzma.compress(brotliCompressed, 3);
     return lzmaCompressed;
   } catch (error) {
     throw new Error(`Compression error: ${error.message}`);
@@ -41,4 +45,4 @@ exports.decompress = async (data) => {
   } catch (error) {
     throw new Error(`Decompression error: ${error.message}`);
   }
-};
+};

package/src/utils/encryption.js

@@ -1,52 +1,61 @@
 const crypto = require('crypto');
+const { Readable } = require('stream');
 const { IV_SIZE } = require('../constants');
 const { reverseBuffer } = require('./math');
 
 exports.encrypt = (data, key) => {
-  const iv1 = crypto.randomBytes(IV_SIZE);
-  const cipher1 = crypto.createCipheriv('aes-256-gcm', key, iv1);
-  let encrypted1 = cipher1.update(data);
-  encrypted1 = Buffer.concat([encrypted1, cipher1.final()]);
-  const tag1 = cipher1.getAuthTag();
-  const iv2 = crypto.randomBytes(IV_SIZE);
-  const cipher2 = crypto.createCipheriv('aes-256-cbc', key, iv2);
-  let encrypted2 = cipher2.update(encrypted1);
-  encrypted2 = Buffer.concat([encrypted2, cipher2.final()]);
-  const iv3 = crypto.randomBytes(IV_SIZE);
-  const cipher3 = crypto.createCipheriv('aes-256-cfb', key, iv3);
-  let encrypted3 = cipher3.update(encrypted2);
-  encrypted3 = Buffer.concat([encrypted3, cipher3.final()]);
-  const iv4 = crypto.randomBytes(IV_SIZE);
-  const cipher4 = crypto.createCipheriv('aes-256-ofb', key, iv4);
-  let encrypted4 = cipher4.update(encrypted3);
-  encrypted4 = Buffer.concat([encrypted4, cipher4.final()]);
-  const iv5 = crypto.randomBytes(IV_SIZE);
-  const cipher5 = crypto.createCipheriv('aes-256-ctr', key, iv5);
-  let encrypted5 = cipher5.update(encrypted4);
-  encrypted5 = Buffer.concat([encrypted5, cipher5.final()]);
-  const permutedEncrypted = reverseBuffer(encrypted5);
-
-  return { iv1, iv2, iv3, iv4, iv5, encrypted: permutedEncrypted, tag1 };
+  return new Promise((resolve, reject) => {
+    const iv1 = crypto.randomBytes(IV_SIZE);
+    const cipher1 = crypto.createCipheriv('aes-256-gcm', key, iv1);
+
+    const iv2 = crypto.randomBytes(IV_SIZE);
+    const cipher2 = crypto.createCipheriv('aes-256-cbc', key, iv2);
+
+    const iv3 = crypto.randomBytes(IV_SIZE);
+    const cipher3 = crypto.createCipheriv('aes-256-cfb', key, iv3);
+
+    const iv4 = crypto.randomBytes(IV_SIZE);
+    const cipher4 = crypto.createCipheriv('aes-256-ofb', key, iv4);
+
+    const iv5 = crypto.randomBytes(IV_SIZE);
+    const cipher5 = crypto.createCipheriv('aes-256-ctr', key, iv5);
+
+    const readable = Readable.from(data);
+    const chunks = [];
+
+    const stream = readable.pipe(cipher1).pipe(cipher2).pipe(cipher3).pipe(cipher4).pipe(cipher5);
+
+    stream.on('data', (chunk) => chunks.push(chunk));
+    stream.on('error', (err) => reject(err));
+    stream.on('end', () => {
+      const encrypted = Buffer.concat(chunks);
+      const tag1 = cipher1.getAuthTag();
+      const permutedEncrypted = reverseBuffer(encrypted);
+      resolve({ iv1, iv2, iv3, iv4, iv5, encrypted: permutedEncrypted, tag1 });
+    });
+  });
 };
 
 exports.decrypt = (encrypted, key, iv1, iv2, iv3, iv4, iv5, tag1) => {
-  const originalEncrypted = reverseBuffer(encrypted, true);
-  const decipher5 = crypto.createDecipheriv('aes-256-ctr', key, iv5);
-  let decrypted5 = decipher5.update(originalEncrypted);
-  decrypted5 = Buffer.concat([decrypted5, decipher5.final()]);
-  const decipher4 = crypto.createDecipheriv('aes-256-ofb', key, iv4);
-  let decrypted4 = decipher4.update(decrypted5);
-  decrypted4 = Buffer.concat([decrypted4, decipher4.final()]);
-  const decipher3 = crypto.createDecipheriv('aes-256-cfb', key, iv3);
-  let decrypted3 = decipher3.update(decrypted4);
-  decrypted3 = Buffer.concat([decrypted3, decipher3.final()]);
-  const decipher2 = crypto.createDecipheriv('aes-256-cbc', key, iv2);
-  let decrypted2 = decipher2.update(decrypted3);
-  decrypted2 = Buffer.concat([decrypted2, decipher2.final()]);
-  const decipher1 = crypto.createDecipheriv('aes-256-gcm', key, iv1);
-  decipher1.setAuthTag(tag1);
-  let decrypted1 = decipher1.update(decrypted2);
-  decrypted1 = Buffer.concat([decrypted1, decipher1.final()]);
-
-  return decrypted1;
+  return new Promise((resolve, reject) => {
+    const originalEncrypted = reverseBuffer(encrypted);
+
+    const decipher5 = crypto.createDecipheriv('aes-256-ctr', key, iv5);
+    const decipher4 = crypto.createDecipheriv('aes-256-ofb', key, iv4);
+    const decipher3 = crypto.createDecipheriv('aes-256-cfb', key, iv3);
+    const decipher2 = crypto.createDecipheriv('aes-256-cbc', key, iv2);
+    const decipher1 = crypto.createDecipheriv('aes-256-gcm', key, iv1);
+    decipher1.setAuthTag(tag1);
+
+    const readable = Readable.from(originalEncrypted);
+    const chunks = [];
+
+    const stream = readable.pipe(decipher5).pipe(decipher4).pipe(decipher3).pipe(decipher2).pipe(decipher1);
+
+    stream.on('data', (chunk) => chunks.push(chunk));
+    stream.on('error', (err) => reject(err));
+    stream.on('end', () => {
+      resolve(Buffer.concat(chunks));
+    });
+  });
 };

package/src/utils/hashing.js

@@ -1,13 +1,42 @@
 const crypto = require('crypto');
-const { HMAC_KEY } = require('../constants');
+const argon2 = require('argon2');
+const { HMAC_KEY, ARGON2_HASH_LENGTH } = require('../constants');
 const { reverseHash } = require('./math');
 
-exports.hash = (data) => {
+const ARGON2_OPTIONS = {
+  timeCost: 1,
+  memoryCost: 12288,
+  parallelism: 4,
+  type: argon2.argon2id,
+  hashLength: ARGON2_HASH_LENGTH
+};
+
+exports.hash = async (data, salt) => {
   const hmac = crypto.createHmac('sha512', HMAC_KEY);
   hmac.update(data);
   const digest = hmac.digest();
+  const reversedSha512Hash = reverseHash(digest);
+
+  const argon2Hash = await argon2.hash(reversedSha512Hash, {
+    ...ARGON2_OPTIONS,
+    salt,
+    raw: true
+  });
 
-  return reverseHash(digest);
+  return argon2Hash;
 };
 
-exports.verifyHash = (data, hash) => crypto.timingSafeEqual(exports.hash(data), hash);
+exports.verifyHash = async (data, hash, salt) => {
+  const hmac = crypto.createHmac('sha512', HMAC_KEY);
+  hmac.update(data);
+  const digest = hmac.digest();
+  const reversedSha512Hash = reverseHash(digest);
+
+  const expectedHash = await argon2.hash(reversedSha512Hash, {
+    ...ARGON2_OPTIONS,
+    salt,
+    raw: true
+  });
+
+  return crypto.timingSafeEqual(hash, expectedHash);
+};

package/src/utils/math.js

@@ -1,14 +1,11 @@
-exports.reverseBuffer = (data, reverse = false) => {
-  if (reverse) {
-    return Buffer.from(data.toString('hex').split('').reverse().join(''), 'hex');
-  }
-  return Buffer.from(data.toString('hex').split('').reverse().join(''), 'hex');
+exports.reverseBuffer = (data) => {
+  return Buffer.from(data).reverse();
 };
 
 exports.reverseHash = (hash) => {
-  return Buffer.from(hash.toString('hex').split('').reverse().join(''), 'hex');
+  return Buffer.from(hash).reverse();
 };
 
 exports.enhanceKey = (key) => {
-  return Buffer.from(key.toString('hex').split('').reverse().join(''), 'hex');
-};
+  return Buffer.from(key).reverse();
+};