mask-privacy 4.2.0 → 4.3.0

package/dist/index.js

@@ -714,7 +714,7 @@ function looksLikeToken(value) {
   if (v7.includes("-") && v7.length >= 6) {
     const parts = v7.split("-");
     const tag = parts[parts.length - 1];
-    if (tag.length === 4 && /^\d+$/.test(tag)) {
+    if (tag.length >= 3 && tag.length <= 10 && /^\d+$/.test(tag)) {
       return true;
     }
   }
@@ -734,14 +734,14 @@ function isUnambiguouslySafeToken(value) {
   if (/^[A-Z]{2}00[A-F0-9]{4,16}$/.test(v7)) return true;
   if (/^<(PER|LOC|ORG):[^>]+>$/.test(v7)) return true;
   if (v7.startsWith("[TKN-") && v7.endsWith("]")) return true;
-  if (/^[A-Z][a-zA-Z, ]+-[0-9]{3,4}$/.test(v7)) return true;
+  if (/^[A-Z][a-zA-Z, ]+-[0-9]{3,10}$/.test(v7)) return true;
   return false;
 }
 var TOKEN_PATTERN;
 var init_fpe_utils = __esm({
   "src/core/fpe_utils.ts"() {
     TOKEN_PATTERN = new RegExp(
-      "tkn-[a-f0-9]{8,64}@[A-Za-z0-9.\\-]+\\.[A-Za-z]{2,}|\\+[1-9]\\d{0,3}-555-\\d{7}|\\d{3}-\\d{2}-\\d{4}|\\d{4}-\\d{4}-\\d{4}-\\d{4}|\\b\\d{9}\\b|\\b000\\d{5}[A-Z]\\b|[A-Z]{2}00[A-F0-9]{4,16}|<(?:PER|LOC|ORG):[^>]+>|\\b[A-Z][a-zA-Z, ]+-[0-9]{3,4}\\b|\\[TKN-[^\\]]+\\]",
+      "tkn-[a-f0-9]{8,64}@[A-Za-z0-9.\\-]+\\.[A-Za-z]{2,}|\\+[1-9]\\d{0,3}-555-\\d{7}|\\d{3}-\\d{2}-\\d{4}|\\d{4}-\\d{4}-\\d{4}-\\d{4}|\\b\\d{9}\\b|\\b000\\d{5}[A-Z]\\b|[A-Z]{2}00[A-F0-9]{4,16}|<(?:PER|LOC|ORG):[^>]+>|\\b[A-Z][a-zA-Z, ]+-[0-9]{3,10}\\b|\\[TKN-[^\\]]+\\]",
       // Opaque
       "g"
     );
@@ -790,46 +790,46 @@ async function _getBijectiveTweak() {
 async function _encryptBijectiveFF1(text) {
   const canonical = text.toLowerCase().trim();
   const hash = cryptoNode__namespace.createHash("sha256").update(canonical, "utf-8").digest();
-  const inputInt = hash.readBigUInt64BE(0);
-  const inputStr = inputInt.toString().padStart(20, "0");
+  const hash128 = hash.subarray(0, 16);
+  const inputInt = hash128.readBigUInt64BE(0) << 64n | hash128.readBigUInt64BE(8);
+  const inputStr = inputInt.toString().padStart(40, "0");
   const aesKey = await _getAesKey();
   const tweak = await _getBijectiveTweak();
   const engine = new FF1(aesKey, tweak, 10);
   const cipherStr = engine.encrypt(inputStr);
-  return BigInt(cipherStr) % 2n ** 64n;
+  return BigInt(cipherStr);
 }
 function _renderBijectivePerson(bits) {
   const firstIdx = Number(bits & 0x7FFn);
   const connIdx = Number(bits >> 11n & 0x3Fn);
   const rootIdx = Number(bits >> 17n & 0xFFFn);
   const suffixIdx = Number(bits >> 29n & 0x1FFn);
-  const tag = Number(bits >> 38n & 0x3FFFn);
-  const formatIdx = Number(bits >> 52n & 0xFn);
+  const tag = bits >> 38n & 0xFFFFFFFFFFn;
+  const formatIdx = Number(bits >> 78n & 0xFn);
   const first = FIRST_NAMES[firstIdx % FIRST_NAMES.length];
   const conn = CONNECTORS[connIdx % CONNECTORS.length];
   const root = SURNAME_ROOTS[rootIdx % SURNAME_ROOTS.length];
   const suffix = SURNAME_SUFFIXES[suffixIdx % SURNAME_SUFFIXES.length];
   const surname = `${root}${suffix}`;
-  const numeric = tag % 1e4;
-  const paddedNumeric = numeric.toString().padStart(4, "0");
+  const numeric = Number(tag % 10000000000n);
+  const paddedNumeric = numeric.toString().padStart(10, "0");
   if (formatIdx === 0) return `${first} ${conn} ${surname}-${paddedNumeric}`;
   if (formatIdx === 1) return `${surname}, ${first}-${paddedNumeric}`;
   if (formatIdx === 2) return `${first[0]}. ${surname}-${paddedNumeric}`;
-  if (formatIdx === 3) return `${first} ${surname}-${paddedNumeric}`;
   return `${first} ${surname}-${paddedNumeric}`;
 }
 function _renderBijectiveLocation(bits) {
   const s1 = Number(bits & 0x3FFn);
   const s22 = Number(bits >> 10n & 0x3FFn);
   const s32 = Number(bits >> 20n & 0x3FFn);
-  const tag = Number(bits >> 30n & 0xFFFn);
+  const tag = bits >> 30n & 0xFFFFFFFFFFn;
   const city = `${SYLLABLES[s1 % 1e3]}${SYLLABLES[s22 % 1e3].toLowerCase()}${SYLLABLES[s32 % 1e3].toLowerCase()}`;
-  return `${city}-${tag.toString().padStart(3, "0")}`;
+  return `${city}-${Number(tag % 10000000000n).toString().padStart(10, "0")}`;
 }
-function _computeLuhnDigit(partialNum) {
-  const digits = partialNum.split("").map(Number);
+function _getLuhnSum(numStr) {
+  const digits = numStr.split("").map(Number);
   let sum = 0;
-  let shouldDouble = true;
+  let shouldDouble = false;
   for (let i6 = digits.length - 1; i6 >= 0; i6--) {
     let digit = digits[i6];
     if (shouldDouble) {
@@ -839,7 +839,7 @@ function _computeLuhnDigit(partialNum) {
     sum += digit;
     shouldDouble = !shouldDouble;
   }
-  return ((10 - sum % 10) % 10).toString();
+  return sum;
 }
 function _computeEsIdCheck(num) {
   return "TRWAGMYFPDXBNJZSQVHLCKE"[num % 23];
@@ -886,14 +886,15 @@ async function generateDPToken(rawText, entityType = "UNKNOWN") {
   if (type === "CREDIT_CARD" || type === "CREDIT_CARD_NUMBER") {
     const digits = _stripCcSeparators(text);
     if (digits.length === 16) {
-      const bin6 = digits.slice(0, 6);
-      const last4 = digits.slice(12, 16);
-      const middle6 = digits.slice(6, 12);
+      const prefix6 = digits.slice(0, 6);
+      const suffix4 = digits.slice(12, 16);
+      const middle5 = digits.slice(6, 11);
       const engine = new FF1(await _getAesKey(), Buffer.from("CREDIT_CARD"), 10);
-      const encMiddle = engine.encrypt(middle6);
-      const base15 = bin6 + encMiddle + last4.slice(0, 3);
-      const checkDig = _computeLuhnDigit(base15);
-      const full = bin6 + encMiddle + last4.slice(0, 3) + checkDig;
+      const encMiddle5 = engine.encrypt(middle5);
+      const draft = prefix6 + encMiddle5 + "0" + suffix4;
+      const sum = _getLuhnSum(draft);
+      const correction = (10 - sum % 10) % 10;
+      const full = prefix6 + encMiddle5 + correction.toString() + suffix4;
       return `${full.slice(0, 4)}-${full.slice(4, 8)}-${full.slice(8, 12)}-${full.slice(12, 16)}`;
     } else {
       const fallbackDigits = digits.padEnd(16, "0").slice(0, 16);