-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: support for createCipher backward compatible (#4612)
- Loading branch information
1 parent
4b4a37c
commit b6d5652
Showing
10 changed files
with
253 additions
and
173 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
--- | ||
'@verdaccio/signature': minor | ||
--- | ||
|
||
support for createCipher backward compatible |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,50 +1,13 @@ | ||
import { createCipher, createDecipher } from 'crypto'; | ||
|
||
import { generateRandomHexString } from '../utils'; | ||
|
||
export const defaultAlgorithm = 'aes192'; | ||
export const defaultTarballHashAlgorithm = 'sha1'; | ||
|
||
/** | ||
* | ||
* @param buf | ||
* @param secret | ||
* @returns | ||
*/ | ||
export function aesEncryptDeprecated(buf: Buffer, secret: string): Buffer { | ||
// deprecated (it will be removed in Verdaccio 6), it is a breaking change | ||
// https://nodejs.org/api/crypto.html#crypto_crypto_createcipher_algorithm_password_options | ||
// https://www.grainger.xyz/changing-from-cipher-to-cipheriv/ | ||
const c = createCipher(defaultAlgorithm, secret); | ||
const b1 = c.update(buf); | ||
const b2 = c.final(); | ||
return Buffer.concat([b1, b2]); | ||
} | ||
|
||
/** | ||
* | ||
* @param buf | ||
* @param secret | ||
* @returns | ||
*/ | ||
export function aesDecryptDeprecated(buf: Buffer, secret: string): Buffer { | ||
try { | ||
// https://nodejs.org/api/crypto.html#crypto_crypto_createdecipher_algorithm_password_options | ||
// https://www.grainger.xyz/changing-from-cipher-to-cipheriv/ | ||
const c = createDecipher(defaultAlgorithm, secret); | ||
const b1 = c.update(buf); | ||
const b2 = c.final(); | ||
return Buffer.concat([b1, b2]); | ||
} catch (_) { | ||
return Buffer.alloc(0); | ||
} | ||
} | ||
|
||
export const TOKEN_VALID_LENGTH_DEPRECATED = 64; | ||
|
||
/** | ||
* Generate a secret key of 64 characters. | ||
*/ | ||
export function generateRandomSecretKeyDeprecated(): string { | ||
return generateRandomHexString(6); | ||
} | ||
export { | ||
aesDecryptDeprecated, | ||
aesEncryptDeprecated, | ||
generateRandomSecretKeyDeprecated, | ||
TOKEN_VALID_LENGTH_DEPRECATED, | ||
defaultAlgorithm, | ||
defaultTarballHashAlgorithm, | ||
} from './legacy-crypto'; | ||
// Temporary export to keep backward compatibility with Node.js >= 22 | ||
export { | ||
aesDecryptDeprecatedBackwardCompatible, | ||
aesEncryptDeprecatedBackwardCompatible, | ||
} from './legacy-backward-compatible'; |
32 changes: 32 additions & 0 deletions
32
packages/signature/src/legacy-signature/legacy-backward-compatible.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* eslint-disable new-cap */ | ||
import { createCipheriv, createDecipheriv } from 'crypto'; | ||
import EVP_BytesToKey from 'evp_bytestokey'; | ||
|
||
export const defaultAlgorithm = 'aes192'; | ||
const KEY_SIZE = 24; | ||
|
||
export function aesDecryptDeprecatedBackwardCompatible(text, secret: string) { | ||
const result = EVP_BytesToKey( | ||
secret, | ||
null, | ||
KEY_SIZE * 8, // byte to bit size | ||
16 | ||
); | ||
|
||
let decipher = createDecipheriv(defaultAlgorithm, result.key, result.iv); | ||
let decrypted = decipher.update(text, 'hex', 'utf8') + decipher.final('utf8'); | ||
return decrypted.toString(); | ||
} | ||
|
||
export function aesEncryptDeprecatedBackwardCompatible(text, secret: string) { | ||
const result = EVP_BytesToKey( | ||
secret, | ||
null, | ||
KEY_SIZE * 8, // byte to bit size | ||
16 | ||
); | ||
|
||
const cipher = createCipheriv(defaultAlgorithm, result.key, result.iv); | ||
const encrypted = cipher.update(text, 'utf8', 'hex') + cipher.final('hex'); | ||
return encrypted.toString(); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
import { createCipher, createDecipher } from 'crypto'; | ||
|
||
import { generateRandomHexString } from '../utils'; | ||
|
||
export const defaultAlgorithm = 'aes192'; | ||
export const defaultTarballHashAlgorithm = 'sha1'; | ||
|
||
/** | ||
* Deprecated version usage of crypto.createCipher, only useful for node.js versions < 22. | ||
* @param buf | ||
* @param secret | ||
* @returns | ||
*/ | ||
export function aesEncryptDeprecated(buf: Buffer, secret: string): Buffer { | ||
// deprecated (it will be removed in Verdaccio 6), it is a breaking change | ||
// https://nodejs.org/api/crypto.html#crypto_crypto_createcipher_algorithm_password_options | ||
// https://www.grainger.xyz/changing-from-cipher-to-cipheriv/ | ||
const c = createCipher(defaultAlgorithm, secret); | ||
const b1 = c.update(buf); | ||
const b2 = c.final(); | ||
return Buffer.concat([b1, b2]); | ||
} | ||
|
||
/** | ||
* Deprecated version usage of crypto.createCipher, only useful for node.js versions < 22. | ||
* @param buf | ||
* @param secret | ||
* @returns | ||
*/ | ||
export function aesDecryptDeprecated(buf: Buffer, secret: string): Buffer { | ||
try { | ||
// https://nodejs.org/api/crypto.html#crypto_crypto_createdecipher_algorithm_password_options | ||
// https://www.grainger.xyz/changing-from-cipher-to-cipheriv/ | ||
const c = createDecipher(defaultAlgorithm, secret); | ||
const b1 = c.update(buf); | ||
const b2 = c.final(); | ||
return Buffer.concat([b1, b2]); | ||
} catch (_) { | ||
return Buffer.alloc(0); | ||
} | ||
} | ||
|
||
export const TOKEN_VALID_LENGTH_DEPRECATED = 64; | ||
|
||
/** | ||
* Generate a secret key of 64 characters. | ||
*/ | ||
export function generateRandomSecretKeyDeprecated(): string { | ||
return generateRandomHexString(6); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 23 additions & 0 deletions
23
packages/signature/test/legacy-token-deprecated-backward-compatible.spec.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
import { | ||
aesDecryptDeprecatedBackwardCompatible, | ||
aesEncryptDeprecatedBackwardCompatible, | ||
generateRandomSecretKeyDeprecated, | ||
} from '../src'; | ||
|
||
describe('test deprecated crypto utils', () => { | ||
test('decrypt payload flow', () => { | ||
const secret = generateRandomSecretKeyDeprecated(); | ||
const payload = 'juan:password'; | ||
const token = aesEncryptDeprecatedBackwardCompatible(Buffer.from(payload), secret); | ||
const data = aesDecryptDeprecatedBackwardCompatible(token, secret); | ||
|
||
expect(data.toString()).toEqual(payload.toString()); | ||
}); | ||
|
||
test('crypt fails if secret is incorrect', () => { | ||
const payload = 'juan:password'; | ||
expect( | ||
aesEncryptDeprecatedBackwardCompatible(Buffer.from(payload), 'fake_token').toString() | ||
).not.toEqual(Buffer.from(payload)); | ||
}); | ||
}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.