refactor: extract to64() util and improve sha2 algorithm

Author: darkgl0w

index.js

@@ -4,14 +4,18 @@ const { timingSafeEqual } = require('crypto');
 const { sha2Crypt } = require('./lib/sha2');
 const { parseMagicSalt } = require('./lib/utils');
 
+/**
+ * @param {*} password - The password string.
+ * @param {*} magic - The salt string.
+ */
 function crypt (password, magic) {
-  const { algorithm, rounds, salt } = parseMagicSalt(magic);
+  const { algorithm, prefix, rounds, salt } = parseMagicSalt(magic);
   const result = [''];
 
-  result.push(algorithm === 'sha256' ? 5 : 6);
+  result.push(prefix);
   if (magic.slice(1).split('$').length === 3 || rounds !== 5000) result.push(`rounds=${rounds}`);
   result.push(salt);
-  result.push(sha2Crypt(password, { algorithm, rounds, salt }));
+  result.push(sha2Crypt({ algorithm, password, rounds, salt }));
 
   return result.join('$');
 }

lib/sha2.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const { createHash } = require('crypto');
-const { DICTIONNARY } = require('./utils');
+const { to64 } = require('./utils');
 
 // #1, #2, #3: byte number in group
 const blocksOrder = {
@@ -45,15 +45,15 @@ const blocksOrder = {
 };
 
 /**
- * Crypt compliant sha256 and sha512 hash generator
+ * sha256 and sha512 checksum hash generator following the Modular Crypt Format
  *
- * @param {string} password - the password to encrypt
  * @param {object} options - options
+ * @param {string} options.password - the password to encrypt
  * @param {'sha256'|'sha512'} options.algorithm
  * @param {number} options.rounds
  * @param {string} options.salt
  */
-function sha2Crypt (password, { algorithm, rounds, salt }) {
+function sha2Crypt ({ algorithm, password, rounds, salt }) {
   if (
     !algorithm
     || !(algorithm === 'sha256' || algorithm === 'sha512')
@@ -74,7 +74,7 @@ function sha2Crypt (password, { algorithm, rounds, salt }) {
     .update(salt);
 
   // step 4
-  const B = createHash(algorithm)
+  const digestB = createHash(algorithm)
     // step 5
     .update(password)
     // step 6
@@ -86,11 +86,11 @@ function sha2Crypt (password, { algorithm, rounds, salt }) {
 
   // step 9
   for (let offset = 0; offset + digestSize < passwordByteLength; offset += digestSize) {
-    A.update(B);
+    A.update(digestB);
   }
 
   // step 10
-  A.update(B.slice(0, passwordByteLength % digestSize));
+  A.update(digestB.slice(0, passwordByteLength % digestSize));
 
   // step 11
   passwordByteLength.toString(2)
@@ -100,7 +100,7 @@ function sha2Crypt (password, { algorithm, rounds, salt }) {
       A.update(
         bit !== '0'
           // step 11 - a
-          ? B
+          ? digestB
           // step 11 - b
           : password
       );
@@ -189,43 +189,7 @@ function sha2Crypt (password, { algorithm, rounds, salt }) {
     }, digestA);
 
   // step 22
-  const hash = [];
-
-  for (let index = 0; index < digestC.length; index += 3) {
-    const buffer = Buffer.alloc(3);
-
-    buffer[0] = digestC[blocksOrder[algorithm][index]];
-    buffer[1] = digestC[blocksOrder[algorithm][index + 1]];
-    buffer[2] = digestC[blocksOrder[algorithm][index + 2]];
-
-    const b64Encode = [];
-
-    // 1st
-    b64Encode.push(DICTIONNARY.charAt(
-      buffer[0] & parseInt('00111111', 2)
-    ));
-
-    // 2nd
-    b64Encode.push(DICTIONNARY.charAt(
-      (buffer[0] & parseInt('11000000', 2)) >>> 6 | (buffer[1] & parseInt('00001111', 2)) << 2
-    ));
-
-    // 3rd
-    b64Encode.push(DICTIONNARY.charAt(
-      (buffer[1] & parseInt('11110000', 2)) >>> 4 | (buffer[2] & parseInt('00000011', 2)) << 4
-    ));
-
-    // 4th
-    b64Encode.push(DICTIONNARY.charAt(
-      (buffer[2] & parseInt('11111100', 2)) >>> 2
-    ));
-
-    hash.push(b64Encode.join(''));
-  }
-
-  return hash
-    .join('')
-    .slice(0, digestC.length === 32 ? -1 : -2);
+  return to64(digestC, blocksOrder[algorithm]).slice(0, digestC.length === 32 ? -1 : -2);
 }
 
 module.exports = { sha2Crypt };

lib/utils.js

@@ -35,6 +35,12 @@ function randomCryptSalt (length) {
   return salt.join('');
 }
 
+/**
+ * Magic salt parser
+ *
+ * @param {string} magic
+ * @returns {{ algorithm: string; prefix: number|string; rounds: number; salt: string}}
+ */
 function parseMagicSalt (magic) {
   const params = magic.slice(1).split('$');
 
@@ -48,7 +54,9 @@ function parseMagicSalt (magic) {
   }
 
   if (
+    // SHA256-CRYPT
     prefix !== 5
+    // SHA512-CRYPT
     && prefix !== 6
   ) {
     throw new Error('Only sha256-crypt and sha512-crypt algorithms are supported');
@@ -76,13 +84,67 @@ function parseMagicSalt (magic) {
 
   return {
     algorithm,
+    prefix,
     rounds,
     salt
   };
 }
 
+/**
+ * @param {Buffer} data
+ * @param {Number[]} blocksOrder
+ */
+function to64 (data, blocksOrder) {
+  if (!Buffer.isBuffer(data)) {
+    throw new Error('data must be a buffer');
+  }
+
+  if (!Array.isArray(blocksOrder)) {
+    throw new Error('blocksOrder must be an array of integers');
+  }
+
+  const hash64 = [];
+
+  for (let index = 0; index < data.length; index += 3) {
+    const buffer = Buffer.alloc(3);
+
+    buffer[0] = data[blocksOrder[index]];
+    buffer[1] = data[blocksOrder[index + 1]];
+    buffer[2] = data[blocksOrder[index + 2]];
+
+    // 1st
+    hash64.push(DICTIONNARY.charAt(
+      // (base 16) 0x3f === (base 2) 00111111 === (base 10) 63
+      buffer[0] & parseInt('0x3f')
+    ));
+
+    // 2nd
+    hash64.push(DICTIONNARY.charAt(
+      // (base 16) 0xc0 === (base 2) 11000000 === (base 10) 192
+      // (base 16) 0xf === (base 2) 00001111 === (base 10) 15
+      (buffer[0] & parseInt('0xc0')) >>> 6 | (buffer[1] & parseInt('0xf')) << 2
+    ));
+
+    // 3rd
+    hash64.push(DICTIONNARY.charAt(
+      // (base 16) 0xf0 === (base 2) 11110000 === (base 10) 240
+      // (base 16) 0x3 === (base 2) 00000011 === (base 10) 3
+      (buffer[1] & parseInt('0xf0')) >>> 4 | (buffer[2] & parseInt('0x3')) << 4
+    ));
+
+    // 4th
+    hash64.push(DICTIONNARY.charAt(
+      // (base 16) 0xfc === (base 2) 11111100 === (base 10) 252
+      (buffer[2] & parseInt('0xfc')) >>> 2
+    ));
+  }
+
+  return hash64.join('');
+}
+
 module.exports = {
   DICTIONNARY,
+  parseMagicSalt,
   randomCryptSalt,
-  parseMagicSalt
+  to64
 };

test/lib.test.js

@@ -3,7 +3,7 @@
 const { test } = require('tap');
 const { crypt, verify } = require('..');
 const { sha2Crypt } = require('../lib/sha2');
-const { parseMagicSalt } = require('../lib/utils');
+const { parseMagicSalt, to64 } = require('../lib/utils');
 
 // We conditionnally execute this test as it can take more than 4 hours to complete
 if (!process.env.FAST_CRYPT === 'true') {
@@ -114,14 +114,14 @@ test('It should throw when trying to use an unsupported algorithm', async (t) =>
     }
   });
 
-  const sha2UnsupportedAlgorithms = [null, undefined, 'md5'];
+  const sha2UnsupportedAlgorithms = [null, undefined, 'scrypt'];
 
   for (const algorithm of sha2UnsupportedAlgorithms) {
     t.test(`inside the internal private sha2Crypt() method with the algorithm option set to '${algorithm}'`, async (t) => {
       t.plan(2);
 
       try {
-        sha2Crypt('password', { algorithm });
+        sha2Crypt({ algorithm, password: 'password' });
       } catch (err) {
         t.ok(err);
         t.equal(err.message, `Unknown algorithm '${algorithm}', only sha256 and sha512 algorithms are supported`);
@@ -153,3 +153,19 @@ test('It should correctly parse the magic salt', async (t) => {
     t.equal(salt, 'roundstoohigh');
   });
 });
+
+test('It should throw on bad `to64()` options :', async (t) => {
+  t.test('when `data` is not a buffer', async (t) => {
+    t.plan(1);
+
+    t.throws(() => to64('not a buffer', [0, 12]), 'data must be a buffer');
+  });
+
+  t.test('when `blocksOrder` is not an array of integers', async (t) => {
+    t.plan(1);
+
+    t.throws(
+      () => to64(Buffer.alloc(16), 'not an array of integers'),
+      'blocksOrder must be an array of integers');
+  });
+});