mirror of
https://github.com/IT4Change/gradido.git
synced 2026-02-06 09:56:05 +00:00
52 lines
1.4 KiB
TypeScript
52 lines
1.4 KiB
TypeScript
import { worker } from 'workerpool'
|
|
|
|
import {
|
|
crypto_box_SEEDBYTES,
|
|
crypto_hash_sha512_BYTES,
|
|
crypto_hash_sha512_STATEBYTES,
|
|
crypto_hash_sha512_final,
|
|
crypto_hash_sha512_init,
|
|
crypto_hash_sha512_update,
|
|
crypto_pwhash,
|
|
crypto_pwhash_SALTBYTES,
|
|
crypto_shorthash,
|
|
crypto_shorthash_BYTES,
|
|
} from 'sodium-native'
|
|
|
|
export const SecretKeyCryptographyCreateKeyFunc = (
|
|
salt: string,
|
|
password: string,
|
|
configLoginAppSecret: Buffer,
|
|
configLoginServerKey: Buffer,
|
|
): bigint => {
|
|
const state = Buffer.alloc(crypto_hash_sha512_STATEBYTES)
|
|
crypto_hash_sha512_init(state)
|
|
crypto_hash_sha512_update(state, Buffer.from(salt))
|
|
crypto_hash_sha512_update(state, configLoginAppSecret)
|
|
const hash = Buffer.alloc(crypto_hash_sha512_BYTES)
|
|
crypto_hash_sha512_final(state, hash)
|
|
|
|
const encryptionKey = Buffer.alloc(crypto_box_SEEDBYTES)
|
|
const opsLimit = 10
|
|
const memLimit = 33554432
|
|
const algo = 2
|
|
crypto_pwhash(
|
|
encryptionKey,
|
|
Buffer.from(password),
|
|
hash.slice(0, crypto_pwhash_SALTBYTES),
|
|
opsLimit,
|
|
memLimit,
|
|
algo,
|
|
)
|
|
|
|
const encryptionKeyHash = Buffer.alloc(crypto_shorthash_BYTES)
|
|
crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
|
|
return encryptionKeyHash.readBigUInt64LE()
|
|
}
|
|
|
|
if (process.env.USE_CRYPTO_WORKER === 'true' && typeof process.send === 'function') {
|
|
worker({
|
|
SecretKeyCryptographyCreateKeyFunc,
|
|
})
|
|
}
|