secure-cookie - npm Package Compare versions

Comparing version 0.0.1 to 0.0.2

CHANGELOG.md

@@ -0,2 +1,9 @@
+## [0.0.2](https://github.com/ayZagen/secure-cookie/compare/v0.0.1...v0.0.2) (2021-09-20)
+
+
+### Bug Fixes
+
+* padding ignored for encryption without iv ([703af9a](https://github.com/ayZagen/secure-cookie/commit/703af9aa9e2aaa5d5df96a832a2360e4c3a738fd))
+
 ## 0.0.1 (2021-09-20)
 

dist/index.esm.js

 /*!
- * secure-cookie v0.0.1
+ * secure-cookie v0.0.2
  * (c) Ismail H. Ayaz
@@ -226,6 +226,8 @@ * Released under the MIT License.
         }
-        if (!iv) {
-            iv = dataBuff.slice(0, cipherInfo.ivLength);
+        if (cipherInfo.ivLength !== undefined) {
+            if (!iv) {
+                iv = dataBuff.slice(0, cipherInfo.ivLength);
+            }
+            dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length);
         }
-        dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length);
         if (AUTH_TAG_REQUIRED.test(algorithm)) {
@@ -246,3 +248,3 @@ if (!authTag) {
         var algorithm = options.algorithm, key = options.key, iv = options.iv, authTagLength = options.authTagLength, authTag = options.authTag;
-        var decipher = crypto.createDecipheriv(algorithm, key, iv, { authTagLength: authTagLength });
+        var decipher = crypto.createDecipheriv(algorithm, key, iv || null, { authTagLength: authTagLength });
         if (authTag) {
@@ -252,10 +254,11 @@ decipher.setAuthTag(authTag);
         var plainText = decipher.update(data);
+        var final;
         try {
-            decipher.final();
+            final = decipher.final();
         }
-        catch (_a) {
+        catch (e) {
             // authentication failed
             return null;
         }
-        return plainText.toString('utf-8');
+        return Buffer.concat([plainText, final]).toString('utf-8');
     };
@@ -376,4 +379,4 @@ KeyStore.prototype.sign = function (data, key) {
         var signed = opts && opts.signed !== undefined ? opts.signed : this.signed;
+        /* istanbul ignore next */
         if (typeof headers == 'string') {
-            /* istanbul ignore next */
             headers = [headers];
@@ -380,0 +383,0 @@ }

dist/index.js

 /*!
- * secure-cookie v0.0.1
+ * secure-cookie v0.0.2
  * (c) Ismail H. Ayaz
@@ -236,6 +236,8 @@ * Released under the MIT License.
         }
-        if (!iv) {
-            iv = dataBuff.slice(0, cipherInfo.ivLength);
+        if (cipherInfo.ivLength !== undefined) {
+            if (!iv) {
+                iv = dataBuff.slice(0, cipherInfo.ivLength);
+            }
+            dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length);
         }
-        dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length);
         if (AUTH_TAG_REQUIRED.test(algorithm)) {
@@ -256,3 +258,3 @@ if (!authTag) {
         var algorithm = options.algorithm, key = options.key, iv = options.iv, authTagLength = options.authTagLength, authTag = options.authTag;
-        var decipher = crypto__default['default'].createDecipheriv(algorithm, key, iv, { authTagLength: authTagLength });
+        var decipher = crypto__default['default'].createDecipheriv(algorithm, key, iv || null, { authTagLength: authTagLength });
         if (authTag) {
@@ -262,10 +264,11 @@ decipher.setAuthTag(authTag);
         var plainText = decipher.update(data);
+        var final;
         try {
-            decipher.final();
+            final = decipher.final();
         }
-        catch (_a) {
+        catch (e) {
             // authentication failed
             return null;
         }
-        return plainText.toString('utf-8');
+        return Buffer.concat([plainText, final]).toString('utf-8');
     };
@@ -386,4 +389,4 @@ KeyStore.prototype.sign = function (data, key) {
         var signed = opts && opts.signed !== undefined ? opts.signed : this.signed;
+        /* istanbul ignore next */
         if (typeof headers == 'string') {
-            /* istanbul ignore next */
             headers = [headers];
@@ -390,0 +393,0 @@ }

docs/classes/Cookies.md

@@ -46,3 +46,3 @@ [secure-cookie](../README.md) / Cookies
 
-[cookies.ts:56](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L56)
+[cookies.ts:56](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L56)
 
@@ -57,3 +57,3 @@ ## Properties
 
-[cookies.ts:45](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L45)
+[cookies.ts:45](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L45)
 
@@ -68,3 +68,3 @@ ___
 
-[cookies.ts:49](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L49)
+[cookies.ts:49](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L49)
 
@@ -79,3 +79,3 @@ ___
 
-[cookies.ts:53](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L53)
+[cookies.ts:53](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L53)
 
@@ -90,3 +90,3 @@ ___
 
-[cookies.ts:54](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L54)
+[cookies.ts:54](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L54)
 
@@ -101,3 +101,3 @@ ___
 
-[cookies.ts:43](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L43)
+[cookies.ts:43](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L43)
 
@@ -112,3 +112,3 @@ ___
 
-[cookies.ts:51](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L51)
+[cookies.ts:51](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L51)
 
@@ -123,3 +123,3 @@ ___
 
-[cookies.ts:47](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L47)
+[cookies.ts:47](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L47)
 
@@ -162,3 +162,3 @@ ___
 
-[cookies.ts:185](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L185)
+[cookies.ts:185](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L185)
 
@@ -201,3 +201,3 @@ ___
 
-[cookies.ts:186](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L186)
+[cookies.ts:186](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L186)
 
@@ -240,3 +240,3 @@ ## Methods
 
-[cookies.ts:87](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L87)
+[cookies.ts:87](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L87)
 
@@ -265,3 +265,3 @@ ___
 
-[cookies.ts:136](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L136)
+[cookies.ts:136](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L136)
 
@@ -299,3 +299,3 @@ ___
 
-[cookies.ts:187](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L187)
+[cookies.ts:187](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L187)
 
@@ -334,2 +334,2 @@ ___
 
-[cookies.ts:180](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L180)
+[cookies.ts:180](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L180)

docs/README.md

@@ -35,3 +35,3 @@ secure-cookie
 
-[cookies.ts:8](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L8)
+[cookies.ts:8](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L8)
 
@@ -46,3 +46,3 @@ ___
 
-[cookies.ts:39](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L39)
+[cookies.ts:39](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L39)
 
@@ -57,2 +57,2 @@ ___
 
-[cookies.ts:38](https://github.com/ayZagen/secure-cookie/blob/bb7d3ba/src/cookies.ts#L38)
+[cookies.ts:38](https://github.com/ayZagen/secure-cookie/blob/703af9a/src/cookies.ts#L38)

package.json

 {
   "name": "secure-cookie",
-  "version": "0.0.1",
+  "version": "0.0.2",
   "description": "",
@@ -5,0 +5,0 @@ "main": "dist/index.js",

README.md

@@ -6,3 +6,3 @@ # secure-cookie
 </a>
-<a href="https://codecov.io/gh/PlusAuth/plusauth-oidc-client-js">
+<a href="https://codecov.io/gh/ayZagen/secure-cookie">
 <img alt="Codecov" src="https://img.shields.io/codecov/c/gh/ayZagen/secure-cookie?logo=codecov&style=flat-square">
@@ -15,5 +15,6 @@ </a>
 
-Nodejs cookie library with signing and encryption support. Inspired
-from [`cookies`](https://github.com/pillarjs/cookies)
+Nodejs cookie library with signing and encryption support. For those familiar with
+[`cookies`](https://github.com/pillarjs/cookies)
 and  [`crypto-utils/keygrip`](https://github.com/crypto-utils/keygrip)
+this library is almost the same plus encryption support.
 
@@ -43,2 +44,4 @@ ## Installation
     signing: {
+  //  encoding: 'base64',
+  //  algorithm: 'sha1',
       keys: ["mysigningkey"]
@@ -59,3 +62,2 @@ }
 ### Encrypted Cookies
-
 ```javascript
@@ -70,3 +72,6 @@ const {Cookies, KeyStore} = require('secure-cookies')
     encryption: {
-      keys: ["24bitsecretmustbechanged"]
+   // algorithm: 'aes-192-ccm',
+   // authTagLength: 16,
+   // encoding: 'hex',
+      keys: ["a24bytesecretmustchanged"]
     }
@@ -87,2 +92,13 @@ })
 
+Make sure selected algorithm is supported by your NodeJs version.
+By default `aes-192-ccm` is selected. You can override that and related settings from KeyStore constructor options.
+If the algorithm you would like to use is missing from the default ones you can add it by following:
+
+```javascript
+const {KeyStore} = require('secure-cookies')
+KeyStore.cipherInfo['aes-xxx-xxx'] =  { ivLength: 16, keyLength: 16 }
+```
+
+You can see included algorithms from [src/ciphers.ts](/src/ciphers.ts)
+
 For all options and internals have a look at to [API documentation](./docs/README.md).
@@ -89,0 +105,0 @@

src/cookies.ts

@@ -150,4 +150,4 @@ import http, { IncomingMessage, ServerResponse } from 'http';
 
+    /* istanbul ignore next */
     if (typeof headers == 'string') {
-      /* istanbul ignore next */
       headers = [headers];
@@ -154,0 +154,0 @@ }

src/keystore.ts

@@ -126,3 +126,3 @@ /* eslint-disable @typescript-eslint/ban-ts-comment */
 
-    const keys = key ? [ key ] : defaultKeys
+    const keys = key ? [key] : defaultKeys
     if (keys.length === 0) {
@@ -152,6 +152,8 @@ throw new Error("keys required for encrypted cookies")
 
-    if (!iv) {
-      iv = dataBuff.slice(0, cipherInfo.ivLength)
+    if (cipherInfo.ivLength !== undefined) {
+      if (!iv) {
+        iv = dataBuff.slice(0, cipherInfo.ivLength)
+      }
+      dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length)
     }
-    dataBuff = dataBuff.slice(cipherInfo.ivLength, dataBuff.length)
 
@@ -175,3 +177,3 @@
     const {algorithm, key, iv, authTagLength, authTag} = options
-    const decipher = crypto.createDecipheriv(algorithm as any, key!, iv as Buffer, {authTagLength});
+    const decipher = crypto.createDecipheriv(algorithm as any, key!, iv as Buffer || null, {authTagLength});
 
@@ -183,9 +185,10 @@ if (authTag) {
     const plainText = decipher.update(data)
+    let final: Buffer
     try {
-      decipher.final()
-    } catch {
+      final = decipher.final()
+    } catch(e:any) {
       // authentication failed
       return null
     }
-    return plainText.toString('utf-8')
+    return Buffer.concat([plainText, final]).toString('utf-8')
   }
@@ -192,0 +195,0 @@

tests/keystore.spec.ts

@@ -109,2 +109,16 @@ /* eslint-disable @typescript-eslint/ban-ts-comment */
 
+    it("should work w/ buffer", () => {
+      const ks = new KeyStore({
+        encryption: {
+          keys: ["secretsecretsecretsecret"],
+          algorithm: "aes-192-ccm",
+          encoding: "hex",
+          authTagLength: 16
+        }
+      })
+      jest.spyOn(crypto, 'randomBytes').mockImplementationOnce(() => Buffer.from("123412341234", "utf-8"))
+      const encrypted = ks.encrypt(Buffer.from("ohmytext", "utf-8"))
+      expect(encrypted).toBe("313233343132333431323334d0658e97af34ad7906a0724657faee5c062a9b5842925dc0".toLowerCase())
+    })
+
     it('should return null if data is not defined', function () {
@@ -212,2 +226,41 @@ const ks = new KeyStore({
 
+    it("should work w/ buffer", () => {
+      const ks = new KeyStore({
+        encryption: {
+          keys: ["secretsecretsecretsecret"],
+          encoding: "base64"
+        }
+      })
+      const encrypted = ks.encrypt("ohmytext")
+
+      const decrypted = ks.decrypt(Buffer.from(encrypted, "base64"))
+      expect(decrypted).toBe("ohmytext")
+    })
+
+    it('should return null if auth fails', function () {
+      const ks = new KeyStore({
+        encryption: {
+          keys: ["secretsecretsecretsecret"],
+          encoding: "base64"
+        }
+      })
+      const encrypted = ks.encrypt("ohmytext")
+      const decrypted = ks.decrypt(encrypted, { authTag: Buffer.from("1234567812345678", "utf-8")})
+      expect(decrypted).toBe(null)
+    });
+
+
+    it("should allow using different secret key", () => {
+      const ks = new KeyStore({
+        encryption: {
+          keys: ["secretsecretsecretsecret"],
+          algorithm: "aes-192-cbc",
+          encoding: "hex"
+        }
+      })
+      jest.spyOn(crypto, 'randomBytes').mockImplementationOnce(() => Buffer.from("1234123412341234", "utf-8"))
+      const encrypted = ks.encrypt("ohmytext", {key: "necretnecretnecretnecret"})
+      expect(ks.decrypt(encrypted, { key: "necretnecretnecretnecret" })).toBe("ohmytext")
+    })
+
     it("should fail if no key exists to decrypt with", () => {
@@ -223,2 +276,15 @@ const ks = new KeyStore({
 
+
+    it("should work w/ algorithms without iv", () => {
+      const ks = new KeyStore({
+        encryption: {
+          keys: ["32secretsecretsecretsecretsecret"],
+          algorithm: "aes-256-ecb",
+          encoding: "base64"
+        }
+      })
+      const encrypted = ks.encrypt("ohmytext")
+      expect(ks.decrypt(encrypted)).toBe("ohmytext")
+    })
+
     it("should accept iv buffer", () => {
@@ -237,2 +303,3 @@ const ks = new KeyStore({
     })
+
     it("should accept iv string", () => {
@@ -265,2 +332,3 @@ const ks = new KeyStore({
     })
+
     it("should accept authTag string", () => {
@@ -296,3 +364,2 @@ const ks = new KeyStore({
 
-
     it("should work with different authTagLength", () => {
@@ -318,2 +385,12 @@ const ks = new KeyStore({
   describe('.indexOf(data)', function () {
+    it('should w/ no keys', function () {
+      const ks = new KeyStore({
+        encryption: {keys: [genRandom(24)]}
+      })
+      ks.encryption.keys = []
+      expect(() => {
+        ks.indexOf("ohmytext", "ohmytext")
+      }).toThrow(Error)
+    });
+
     it('should return key index that signed data', function () {
@@ -320,0 +397,0 @@ const keys = new KeyStore({signing: {keys: ['SEKRIT2', 'SEKRIT1']}})

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

350125

increased by1.78%

Number of package files

70

increased by2.94%

Lines of code

4465

increased by2.46%

Number of lines in readme file

103

increased by18.39%

No dependency changes