chore: node version bump -- v22.11.0 (#3508)

node version bump with updates to cipher logic
This commit is contained in:
lohit 2024-11-20 17:09:02 +05:30 committed by GitHub
parent aff7c405cd
commit 1cb0d4e191
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 54 additions and 9 deletions

2
.nvmrc
View File

@ -1 +1 @@
v20.9.0 v22.11.0

View File

@ -6,10 +6,34 @@ const { safeStorage } = require('electron');
const ELECTRONSAFESTORAGE_ALGO = '00'; const ELECTRONSAFESTORAGE_ALGO = '00';
const AES256_ALGO = '01'; const AES256_ALGO = '01';
// AES-256 encryption and decryption functions function deriveKeyAndIv(password, keyLength, ivLength) {
const key = Buffer.alloc(keyLength);
const iv = Buffer.alloc(ivLength);
const derivedBytes = [];
let lastHash = null;
while (Buffer.concat(derivedBytes).length < keyLength + ivLength) {
const hash = crypto.createHash('md5');
if (lastHash) {
hash.update(lastHash);
}
hash.update(Buffer.from(password, 'utf8'));
lastHash = hash.digest();
derivedBytes.push(lastHash);
}
const concatenatedBytes = Buffer.concat(derivedBytes);
concatenatedBytes.copy(key, 0, 0, keyLength);
concatenatedBytes.copy(iv, 0, keyLength, keyLength + ivLength);
return { key, iv };
}
function aes256Encrypt(data) { function aes256Encrypt(data) {
const key = machineIdSync(); const rawKey = machineIdSync();
const cipher = crypto.createCipher('aes-256-cbc', key); const iv = Buffer.alloc(16, 0); // Default IV for new encryption
const key = crypto.createHash('sha256').update(rawKey).digest(); // Derive a 32-byte key
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
let encrypted = cipher.update(data, 'utf8', 'hex'); let encrypted = cipher.update(data, 'utf8', 'hex');
encrypted += cipher.final('hex'); encrypted += cipher.final('hex');
@ -17,13 +41,27 @@ function aes256Encrypt(data) {
} }
function aes256Decrypt(data) { function aes256Decrypt(data) {
const key = machineIdSync(); const rawKey = machineIdSync();
const decipher = crypto.createDecipher('aes-256-cbc', key);
// Attempt to decrypt using new method first
const iv = Buffer.alloc(16, 0); // Default IV for new encryption
const key = crypto.createHash('sha256').update(rawKey).digest(); // Derive a 32-byte key
try {
const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
let decrypted = decipher.update(data, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
} catch (err) {
// If decryption fails, fall back to old key derivation
const { key: oldKey, iv: oldIv } = deriveKeyAndIv(rawKey, 32, 16);
const decipher = crypto.createDecipheriv('aes-256-cbc', oldKey, oldIv);
let decrypted = decipher.update(data, 'hex', 'utf8'); let decrypted = decipher.update(data, 'hex', 'utf8');
decrypted += decipher.final('utf8'); decrypted += decipher.final('utf8');
return decrypted; return decrypted;
} }
}
// electron safe storage encryption and decryption functions // electron safe storage encryption and decryption functions
function safeStorageEncrypt(str) { function safeStorageEncrypt(str) {

View File

@ -22,6 +22,13 @@ describe('Encryption and Decryption Tests', () => {
expect(() => decryptString('garbage')).toThrow('Decrypt failed: unrecognized string format'); expect(() => decryptString('garbage')).toThrow('Decrypt failed: unrecognized string format');
}); });
it.skip('string encrypted using createCipher (< node 20) should be decrypted properly', () => {
const encryptedString = '$01:2738e0e6a38bcde5fd80141ceadc9b67bc7b1fca7e398c552c1ca2bace28eb57';
const decryptedValue = decryptString(encryptedString);
expect(decryptedValue).toBe('bruno is awesome');
});
it('decrypt should throw an error for invalid algorithm', () => { it('decrypt should throw an error for invalid algorithm', () => {
const invalidAlgo = '$99:abcdefg'; const invalidAlgo = '$99:abcdefg';