53 lines
1.5 KiB
TypeScript
53 lines
1.5 KiB
TypeScript
|
// Copyright 2024 Signal Messenger, LLC
|
||
|
// SPDX-License-Identifier: AGPL-3.0-only
|
||
|
|
||
|
import { Buffer } from 'node:buffer';
|
||
|
import { type Hmac } from 'node:crypto';
|
||
|
import { Transform } from 'node:stream';
|
||
|
|
||
|
import { MAC_LENGTH } from '../types/Crypto';
|
||
|
|
||
|
/**
|
||
|
* Updates an hmac with the stream except for the last MAC_LENGTH
|
||
|
* bytes. The last MAC_LENGTH bytes are passed to the callback.
|
||
|
*/
|
||
|
export function getMacAndUpdateHmac(
|
||
|
hmac: Hmac,
|
||
|
onTheirMac: (theirMac: Uint8Array) => void
|
||
|
): Transform {
|
||
|
// Because we don't have a view of the entire stream, we don't know when we're
|
||
|
// at the end. We need to omit the last MAC_LENGTH bytes from
|
||
|
// `hmac.update` so we only push what we know is not the mac.
|
||
|
let maybeMacBytes = Buffer.alloc(0);
|
||
|
|
||
|
function updateWithKnownNonMacBytes() {
|
||
|
let knownNonMacBytes = null;
|
||
|
if (maybeMacBytes.byteLength > MAC_LENGTH) {
|
||
|
knownNonMacBytes = maybeMacBytes.subarray(0, -MAC_LENGTH);
|
||
|
maybeMacBytes = maybeMacBytes.subarray(-MAC_LENGTH);
|
||
|
hmac.update(knownNonMacBytes);
|
||
|
}
|
||
|
return knownNonMacBytes;
|
||
|
}
|
||
|
|
||
|
return new Transform({
|
||
|
transform(chunk, _encoding, callback) {
|
||
|
try {
|
||
|
maybeMacBytes = Buffer.concat([maybeMacBytes, chunk]);
|
||
|
const knownNonMac = updateWithKnownNonMacBytes();
|
||
|
callback(null, knownNonMac);
|
||
|
} catch (error) {
|
||
|
callback(error);
|
||
|
}
|
||
|
},
|
||
|
flush(callback) {
|
||
|
try {
|
||
|
onTheirMac(maybeMacBytes);
|
||
|
callback(null, null);
|
||
|
} catch (error) {
|
||
|
callback(error);
|
||
|
}
|
||
|
},
|
||
|
});
|
||
|
}
|