crypto: use secret directly instead of deriving key

2024-11-06 00:10:02 +00:00 · 2024-03-05 16:49:00 +00:00 · 2024-03-05 16:49:00 +00:00 · 7fab5a37ff
commit 7fab5a37ff
parent fc39ac76b6
3 changed files with 6 additions and 9 deletions
--- a/src/core/api.js
+++ b/src/core/api.js
@ -128,7 +128,7 @@ export function runAPI(express, app, gitCommit, gitBranch, __dirname) {
                    const q = req.query;
                    const checkQueries = q.t && q.e && q.h && q.s && q.i;
                    const checkBaseLength = q.t.length === 21 && q.e.length === 13;
-                    const checkSafeLength = q.h.length === 43 && q.s.length === 342 && q.i.length === 22;
+                    const checkSafeLength = q.h.length === 43 && q.s.length === 43 && q.i.length === 22;

                    if (checkQueries && checkBaseLength && checkSafeLength) {
                        let streamInfo = verifyStream(q.t, q.h, q.e, q.s, q.i);
--- a/src/modules/stream/manage.js
+++ b/src/modules/stream/manage.js
@ -20,7 +20,7 @@ const hmacSalt = randomBytes(64).toString('hex');
 export function createStream(obj) {
    const streamID = nanoid(),
        iv = randomBytes(16).toString('base64url'),
-        secret = randomBytes(256).toString('base64url'),
+        secret = randomBytes(32).toString('base64url'),
        exp = new Date().getTime() + streamLifespan,
        hmac = generateHmac(`${streamID},${exp},${iv},${secret}`, hmacSalt),
        streamData = {
--- a/src/modules/sub/crypto.js
+++ b/src/modules/sub/crypto.js
@ -1,25 +1,22 @@
 import { createHmac, createCipheriv, createDecipheriv, scryptSync } from "crypto";

 const algorithm = "aes256"
-const keyLength = 32;

 export function generateHmac(str, salt) {
    return createHmac("sha256", salt).update(str).digest("base64url");
 }

 export function encryptStream(plaintext, iv, secret) {
-    const buff = Buffer.from(JSON.stringify(plaintext), "utf-8");
-
-    const key = scryptSync(Buffer.from(secret, "base64url"), "salt", keyLength);
+    const buff = Buffer.from(JSON.stringify(plaintext));
+    const key = Buffer.from(secret, "base64url");
    const cipher = createCipheriv(algorithm, key, Buffer.from(iv, "base64url"));

    return Buffer.concat([ cipher.update(buff), cipher.final() ])
 }

 export function decryptStream(ciphertext, iv, secret) {
-    const buff = Buffer.from(ciphertext, "binary");
-
-    const key = scryptSync(Buffer.from(secret, "base64url"), "salt", keyLength);
+    const buff = Buffer.from(ciphertext);
+    const key = Buffer.from(secret, "base64url");
    const decipher = createDecipheriv(algorithm, key, Buffer.from(iv, "base64url"));

    return Buffer.concat([ decipher.update(buff), decipher.final() ])