objectid64/encrypter.ts at master · zandaqo/objectid64 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
/**
 * Encrypts and decrypts numerical ids, UUIDs, and ObjectIds
 * to and from 128-bit id values akin to UUID.
 */
export class Encrypter {
  static #params: AesCtrParams;

  static get params() {
    /* TODO: replace with simple static variable
    once node supports globalThis.crypto without a flag */
    if (!this.#params) {
      this.#params = {
        name: "AES-CTR",
        counter: globalThis.crypto.getRandomValues(new Uint8Array(16)),
        length: 128,
      };
    }
    return this.#params;
  }

  #key: CryptoKey;

  /**
   * @param key a key to use for encryption, can be generated using `Ecrypter.generateKey`
   */
  constructor(key: CryptoKey) {
    this.#key = key;
  }

  /**
   * Returns a "raw" binary version of the encryption key used by the Encrypter.
   *
   * @returns a "raw" version of the encryption key
   */
  async exportKey() {
    return await globalThis.crypto.subtle.exportKey("raw", this.#key);
  }

  async encrypt(data: Uint8Array): Promise<Uint8Array> {
    const encrypted = await globalThis.crypto.subtle.encrypt(
      Encrypter.params,
      this.#key,
      data,
    );
    return new Uint8Array(encrypted);
  }

  async decrypt(data: ArrayBufferView): Promise<ArrayBuffer> {
    return await globalThis.crypto.subtle.decrypt(
      Encrypter.params,
      this.#key,
      data,
    );
  }

  /**
   * Encrypts a 32-bit integer id into a 128-bit encrypted id.
   *
   * @param integer the id to encrypt
   * @param view an existing typedarray to use for encryption
   * @returns the encrypted 128-bit id
   */
  async fromInt(
    integer: number,
    view = new Uint8Array(16),
  ): Promise<Uint8Array> {
    const data = globalThis.crypto.getRandomValues(view);
    new DataView(data.buffer).setInt32(0, integer, true);
    return await this.encrypt(data);
  }

  /**
   * Decrypts a 128-bit id into a 32-bit integer id.
   *
   * @param id the 128-bit encrypted id
   * @returns the decrypted 32-bit integer id
   */
  async toInt(id: ArrayBufferView): Promise<number> {
    const decrypted = await this.decrypt(id);
    return new DataView(decrypted).getInt32(0, true);
  }

  /**
   * Encrypts a 64-bit bigint id into a 128-bit encrypted id.
   *
   * @param integer the id to encrypt
   * @param view an existing typedarray to use for encryption
   * @returns the encrypted 128-bit id
   */
  async fromBigInt(
    integer: bigint,
    view = new Uint8Array(16),
  ): Promise<Uint8Array> {
    const data = globalThis.crypto.getRandomValues(view);
    new DataView(data.buffer).setBigInt64(0, integer, true);
    return await this.encrypt(data);
  }

  /**
   * Decrypts a 128-bit id into a 64-bit bigint id.
   *
   * @param id the 128-bit encrypted id
   * @returns the decrypted 64-bit integer id
   */
  async toBigInt(id: ArrayBufferView): Promise<bigint> {
    const decrypted = await this.decrypt(id);
    return new DataView(decrypted).getBigInt64(0, true);
  }

  /**
   * Encrypts an Object id into a 128-bit encrypted id.
   *
   * @param id the id to encrypt
   * @param view an existing typedarray to use for encryption
   * @returns the encrypted 128-bit id
   */
  async fromObjectId(
    id: Uint8Array,
    view = new Uint8Array(16),
  ): Promise<Uint8Array> {
    const data = globalThis.crypto.getRandomValues(view);
    data.set(id);
    return await this.encrypt(data);
  }

  /**
   * Decrypts a 128-bit id into an ObjectId.
   *
   * @param id the 128-bit encrypted id
   * @returns the decrypted ObjectId
   */
  async toObjectId(id: ArrayBufferView): Promise<Uint8Array> {
    const decrypted = await this.decrypt(id);
    return new Uint8Array(decrypted.slice(0, 12));
  }

  /**
   * Encrypts a UUID into a 128-bit encrypted id.
   *
   * @param id the id to encrypt
   * @returns the encrypted 128-bit id
   */
  async fromUUID(id: Uint8Array): Promise<Uint8Array> {
    return await this.encrypt(id);
  }

  /**
   * Decrypts a 128-bit id into a UUID.
   *
   * @param id the 128-bit encrypted id
   * @returns the decrypted UUID
   */
  async toUUID(id: ArrayBufferView): Promise<Uint8Array> {
    return new Uint8Array(await this.decrypt(id));
  }

  /**
   * Generates a 128-bit ecryption key for AES encryption of ids.
   *
   * @returns an encryption key
   */
  static async generateKey(): Promise<CryptoKey> {
    return await globalThis.crypto.subtle.generateKey(
      {
        name: "AES-CTR",
        length: 128,
      },
      true,
      ["decrypt", "encrypt"],
    );
  }

  /**
   * Converts a "raw" binary version of an encryption key into a CryptoKey.
   *
   * @param key "raw" version of the encryption key
   * @returns the encryption key
   */
  static async importKey(key: ArrayBuffer) {
    return await globalThis.crypto.subtle.importKey(
      "raw",
      key,
      { name: "AES-CTR" },
      true,
      ["encrypt", "decrypt"],
    );
  }
}