feat: dumb key rotation system

Author: RomainLanz

src/drivers/aes_256_cbc.ts

@@ -48,7 +48,7 @@ export class AES256CBC extends BaseDriver implements EncryptionDriverContract {
     /**
      * Creating chiper
      */
-    const cipher = createCipheriv('aes-256-cbc', this.cryptoKey, iv)
+    const cipher = createCipheriv('aes-256-cbc', this.getFirstKey().key, iv)
 
     /**
      * Encoding value to a string so that we can set it on the cipher
@@ -70,7 +70,7 @@ export class AES256CBC extends BaseDriver implements EncryptionDriverContract {
     /**
      * Returns the id + result + hmac
      */
-    const hmac = new Hmac(this.cryptoKey).generate(result)
+    const hmac = new Hmac(this.getFirstKey().key).generate(result)
     return this.computeReturns([this.#config.id, result, hmac])
   }
 
@@ -118,25 +118,27 @@ export class AES256CBC extends BaseDriver implements EncryptionDriverContract {
      * Make sure the hash is correct, it means the first 2 parts of the
      * string are not tampered.
      */
-    const isValidHmac = new Hmac(this.cryptoKey).compare(
-      `${encryptedEncoded}${this.separator}${ivEncoded}`,
-      hash
-    )
-
-    if (!isValidHmac) {
-      return null
+    for (const { key } of this.cryptoKeys) {
+      const isValidHmac = new Hmac(key).compare(
+        `${encryptedEncoded}${this.separator}${ivEncoded}`,
+        hash
+      )
+
+      if (!isValidHmac) {
+        continue
+      }
+
+      /**
+       * The Decipher can raise exceptions with malformed input, so we wrap it
+       * to avoid leaking sensitive information
+       */
+      try {
+        const decipher = createDecipheriv('aes-256-cbc', key, iv)
+        const decrypted = decipher.update(encrypted) + decipher.final('utf8')
+        return new MessageBuilder().verify(decrypted, purpose)
+      } catch {}
     }
 
-    /**
-     * The Decipher can raise exceptions with malformed input, so we wrap it
-     * to avoid leaking sensitive information
-     */
-    try {
-      const decipher = createDecipheriv('aes-256-cbc', this.cryptoKey, iv)
-      const decrypted = decipher.update(encrypted) + decipher.final('utf8')
-      return new MessageBuilder().verify(decrypted, purpose)
-    } catch {
-      return null
-    }
+    return null
   }
 }

src/drivers/aes_256_gcm.ts

@@ -48,7 +48,7 @@ export class AES256GCM extends BaseDriver implements EncryptionDriverContract {
     /**
      * Creating chiper
      */
-    const cipher = createCipheriv('aes-256-gcm', this.cryptoKey, iv)
+    const cipher = createCipheriv('aes-256-gcm', this.getFirstKey().key, iv)
 
     if (purpose) {
       cipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
@@ -76,7 +76,7 @@ export class AES256GCM extends BaseDriver implements EncryptionDriverContract {
     /**
      * Returns the id + result + nounce + hmac
      */
-    const hmac = new Hmac(this.cryptoKey).generate(result)
+    const hmac = new Hmac(this.getFirstKey().key).generate(result)
     return this.computeReturns([this.#config.id, result, nounce, hmac])
   }
 
@@ -132,38 +132,40 @@ export class AES256GCM extends BaseDriver implements EncryptionDriverContract {
      * Make sure the hash is correct, it means the first 2 parts of the
      * string are not tampered.
      */
-    const isValidHmac = new Hmac(this.cryptoKey).compare(
-      `${encryptedEncoded}${this.separator}${ivEncoded}`,
-      hash
-    )
-
-    if (!isValidHmac) {
-      return null
-    }
-
-    /**
-     * The Decipher can raise exceptions with malformed input, so we wrap it
-     * to avoid leaking sensitive information
-     */
-    try {
-      const decipher = createDecipheriv('aes-256-gcm', this.cryptoKey, iv)
-
-      /**
-       * Set the purpose to decipher
-       */
-      if (purpose) {
-        decipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
+    for (const { key } of this.cryptoKeys) {
+      const isValidHmac = new Hmac(key).compare(
+        `${encryptedEncoded}${this.separator}${ivEncoded}`,
+        hash
+      )
+
+      if (!isValidHmac) {
+        continue
       }
 
       /**
-       * Set the nounce
+       * The Decipher can raise exceptions with malformed input, so we wrap it
+       * to avoid leaking sensitive information
        */
-      decipher.setAuthTag(nounce)
-
-      const decrypted = decipher.update(encrypted) + decipher.final('utf8')
-      return new MessageBuilder().verify(decrypted)
-    } catch {
-      return null
+      try {
+        const decipher = createDecipheriv('aes-256-gcm', key, iv)
+
+        /**
+         * Set the purpose to decipher
+         */
+        if (purpose) {
+          decipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
+        }
+
+        /**
+         * Set the nounce
+         */
+        decipher.setAuthTag(nounce)
+
+        const decrypted = decipher.update(encrypted) + decipher.final('utf8')
+        return new MessageBuilder().verify(decrypted)
+      } catch {}
     }
+
+    return null
   }
 }

src/drivers/base_driver.ts

@@ -15,31 +15,32 @@ export abstract class BaseDriver {
    * The key for signing and encrypting values. It is derived
    * from the user provided secret.
    */
-  cryptoKey: Buffer
+  cryptoKeys = new Set<{ key: Buffer; verifier: MessageVerifier }>()
 
   /**
    * Use `dot` as a separator for joining encrypted value, iv and the
    * hmac hash. The idea is borrowed from JWTs.
    */
   separator = '.'
 
-  /**
-   * Reference to the instance of message verifier for signing
-   * and verifying values.
-   */
-  verifier: MessageVerifier
-
   protected constructor(config: BaseConfig) {
-    this.#validateSecret(config.key)
-    this.cryptoKey = createHash('sha256').update(config.key).digest()
-    this.verifier = new MessageVerifier(config.key)
+    if (!config.keys || !Array.isArray(config.keys)) {
+      throw new errors.E_MISSING_ENCRYPTER_KEY()
+    }
+
+    for (const key of config.keys) {
+      this.#validateSecret(key)
+
+      const cryptoKey = createHash('sha256').update(key).digest()
+      this.cryptoKeys.add({ key: cryptoKey, verifier: new MessageVerifier(key) })
+    }
   }
 
   /**
    * Validates the app secret
    */
-  #validateSecret(secret?: string) {
-    if (typeof secret !== 'string') {
+  #validateSecret(secret: string) {
+    if (!secret) {
       throw new errors.E_MISSING_ENCRYPTER_KEY()
     }
 
@@ -52,11 +53,9 @@ export abstract class BaseDriver {
     return values.join(this.separator)
   }
 
-  /**
-   * Returns the message verifier instance
-   */
-  getMessageVerifier() {
-    return this.verifier
+  getFirstKey() {
+    const [firstKey] = this.cryptoKeys
+    return firstKey
   }
 
   /**

src/drivers/chacha20_poly1305.ts

@@ -48,7 +48,9 @@ export class ChaCha20Poly1305 extends BaseDriver implements EncryptionDriverCont
     /**
      * Creating cipher
      */
-    const cipher = createCipheriv('chacha20-poly1305', this.cryptoKey, iv, { authTagLength: 16 })
+    const cipher = createCipheriv('chacha20-poly1305', this.getFirstKey().key, iv, {
+      authTagLength: 16,
+    })
 
     if (purpose) {
       cipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
@@ -76,7 +78,7 @@ export class ChaCha20Poly1305 extends BaseDriver implements EncryptionDriverCont
     /**
      * Returns the id + result + nounce + hmac
      */
-    const hmac = new Hmac(this.cryptoKey).generate(result)
+    const hmac = new Hmac(this.getFirstKey().key).generate(result)
     return this.computeReturns([this.#config.id, result, nounce, hmac])
   }
 
@@ -90,10 +92,10 @@ export class ChaCha20Poly1305 extends BaseDriver implements EncryptionDriverCont
 
     /**
      * Make sure the encrypted value is in correct format. ie
-     * [id].[encrypted value].[iv].[nounce].[hash]
+     * [id].[encrypted value].[iv].[nounce].[hmac]
      */
-    const [id, encryptedEncoded, ivEncoded, nounceEncoded, hash] = value.split(this.separator)
-    if (!id || !encryptedEncoded || !ivEncoded || !nounceEncoded || !hash) {
+    const [id, encryptedEncoded, ivEncoded, nounceEncoded, hmac] = value.split(this.separator)
+    if (!id || !encryptedEncoded || !ivEncoded || !nounceEncoded || !hmac) {
       return null
     }
 
@@ -132,39 +134,42 @@ export class ChaCha20Poly1305 extends BaseDriver implements EncryptionDriverCont
      * Make sure the hash is correct, it means the first 2 parts of the
      * string are not tampered.
      */
-    const isValidHmac = new Hmac(this.cryptoKey).compare(
-      `${encryptedEncoded}${this.separator}${ivEncoded}`,
-      hash
-    )
-    if (!isValidHmac) {
-      return null
-    }
-
-    /**
-     * The Decipher can raise exceptions with malformed input, so we wrap it
-     * to avoid leaking sensitive information
-     */
-    try {
-      const decipher = createDecipheriv('chacha20-poly1305', this.cryptoKey, iv, {
-        authTagLength: 16,
-      })
-
-      /**
-       * Set the purpose to decipher
-       */
-      if (purpose) {
-        decipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
+    for (const { key } of this.cryptoKeys) {
+      const isValidHmac = new Hmac(key).compare(
+        `${encryptedEncoded}${this.separator}${ivEncoded}`,
+        hmac
+      )
+
+      if (!isValidHmac) {
+        continue
       }
 
       /**
-       * Set the nounce
+       * The Decipher can raise exceptions with malformed input, so we wrap it
+       * to avoid leaking sensitive information
        */
-      decipher.setAuthTag(nounce)
-
-      const decrypted = decipher.update(encrypted) + decipher.final('utf8')
-      return new MessageBuilder().verify(decrypted)
-    } catch {
-      return null
+      try {
+        const decipher = createDecipheriv('chacha20-poly1305', key, iv, {
+          authTagLength: 16,
+        })
+
+        /**
+         * Set the purpose to decipher
+         */
+        if (purpose) {
+          decipher.setAAD(Buffer.from(purpose), { plaintextLength: Buffer.byteLength(purpose) })
+        }
+
+        /**
+         * Set the nounce
+         */
+        decipher.setAuthTag(nounce)
+
+        const decrypted = decipher.update(encrypted) + decipher.final('utf8')
+        return new MessageBuilder().verify(decrypted)
+      } catch {}
     }
+
+    return null
   }
 }

src/drivers/legacy.ts

@@ -49,7 +49,7 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
     /**
      * Creating chiper
      */
-    const cipher = createCipheriv('aes-256-cbc', this.cryptoKey, iv)
+    const cipher = createCipheriv('aes-256-cbc', this.getFirstKey().key, iv)
 
     /**
      * Encoding value to a string so that we can set it on the cipher
@@ -73,7 +73,7 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
     /**
      * Returns the result + hmac
      */
-    const hmac = new Hmac(this.cryptoKey).generate(result)
+    const hmac = new Hmac(this.getFirstKey().key).generate(result)
     return this.computeReturns([result, hmac])
   }
 
@@ -114,25 +114,28 @@ export class Legacy extends BaseDriver implements EncryptionDriverContract {
      * Make sure the hash is correct, it means the first 2 parts of the
      * string are not tampered.
      */
-    const isValidHmac = new Hmac(this.cryptoKey).compare(
-      `${encryptedEncoded}${this.separator}${ivEncoded}`,
-      hash
-    )
-
-    if (!isValidHmac) {
-      return null
+    for (const { key } of this.cryptoKeys) {
+      const isValidHmac = new Hmac(key).compare(
+        `${encryptedEncoded}${this.separator}${ivEncoded}`,
+        hash
+      )
+
+      if (!isValidHmac) {
+        continue
+      }
+
+      /**
+       * The Decipher can raise exceptions with malformed input, so we wrap it
+       * to avoid leaking sensitive information
+       */
+      try {
+        const decipher = createDecipheriv('aes-256-cbc', key, iv)
+        const decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8')
+
+        return new MessageBuilder().verify(decrypted, purpose)
+      } catch {}
     }
 
-    /**
-     * The Decipher can raise exceptions with malformed input, so we wrap it
-     * to avoid leaking sensitive information
-     */
-    try {
-      const decipher = createDecipheriv('aes-256-cbc', this.cryptoKey, iv)
-      const decrypted = decipher.update(encrypted, 'base64', 'utf8') + decipher.final('utf8')
-      return new MessageBuilder().verify(decrypted, purpose)
-    } catch {
-      return null
-    }
+    return null
   }
 }