Constructor
new SalmonStream(key, nonce, encryptionMode, baseStream, headerData, integrity, chunkSize, hashKey)
Instantiate a new Salmon stream with a base stream and optional header data and hash integrity.
If you read from the stream it will decrypt the data from the baseStream.
If you write to the stream it will encrypt the data from the baseStream.
The transformation is based on AES CTR Mode.
Notes:
The initial value of the counter is a result of the concatenation of an 12 byte nonce and an additional 4 bytes counter.
The counter is then: incremented every block, encrypted by the key, and xored with the plain text.
Parameters:
Name | Type | Default | Description |
---|---|---|---|
key |
Uint8Array | The AES key that is used to encrypt decrypt | |
nonce |
Uint8Array | The nonce used for the initial counter | |
encryptionMode |
EncryptionMode | Encryption mode Encrypt or Decrypt this cannot change later | |
baseStream |
RandomAccessStream | The base Stream that will be used to read the data | |
headerData |
Uint8Array | null | null | The data to store in the header when encrypting. |
integrity |
boolean | false | enable integrity |
chunkSize |
number | null | null | the chunk size to be used with integrity |
hashKey |
Uint8Array | null | null | Hash key to be used with integrity |
Throws:
-
IOException Thrown if there is an IO error.
-
SalmonSecurityException Thrown when error with security
-
IntegrityException Thrown if the data are corrupt or tampered with.
Classes
Methods
(async) actualLength() → {Promise.<number>}
Provides the total length of the base stream including header and integrity data if available.
Returns:
The actual length of the base stream.
- Type
- Promise.<number>
(async) canRead() → {Promise.<boolean>}
If the stream is readable (only if EncryptionMode == Decrypted)
Returns:
True if mode is decryption.
- Type
- Promise.<boolean>
(async) canSeek() → {Promise.<boolean>}
If the stream is seekable (supported only if base stream is seekable).
Returns:
True if stream is seekable.
- Type
- Promise.<boolean>
(async) canWrite() → {Promise.<boolean>}
If the stream is writeable (only if EncryptionMode is Encrypt)
Returns:
True if mode is decryption.
- Type
- Promise.<boolean>
(async) close()
Closes the stream and all resources associated with it (including the base stream).
Throws:
IOException Thrown if there is an IO error.
(async) flush()
Flushes any buffered data to the base stream.
(async) getBlock() → {Promise.<number>}
Returns the current Block value
Returns:
The current block value.
- Type
- Promise.<number>
getBufferSize() → {number}
Get the internal buffer size.
Returns:
The buffer size.
- Type
- number
getChunkSize() → {number}
Returns the chunk size used to apply hash signature
Returns:
The chunk size
- Type
- number
(async) getCounter() → {Promise.<Uint8Array>}
Returns the current Counter value.
Returns:
The current Counter value.
- Type
- Promise.<Uint8Array>
getEncryptionMode() → {EncryptionMode}
Get the encryption mode.
Returns:
The encryption mode.
- Type
- EncryptionMode
getHashKey() → {Uint8Array}
Returns a copy of the hash key.
Returns:
A copy of the hash key
- Type
- Uint8Array
(async) getKey() → {Promise.<Uint8Array>}
Returns a copy of the encryption key.
Returns:
A copy of the key.
- Type
- Promise.<Uint8Array>
(async) getNonce() → {Promise.<Uint8Array>}
Returns a copy of the initial vector.
Returns:
A copy of the initial vector
- Type
- Promise.<Uint8Array>
(async) getPosition() → {Promise.<number>}
Provides the position of the stream relative to the data to be transformed.
Throws:
IOException Thrown if there is an IO error.
Returns:
The current position of the stream.
- Type
- Promise.<number>
getTransformer() → {ISalmonCTRTransformer}
Get the current transformer for this stream.
Returns:
- Type
- ISalmonCTRTransformer
hasIntegrity() → {boolean}
If the stream has integrity enabled
Returns:
- Type
- boolean
isAllowRangeWrite() → {boolean}
Get the allowed range write option. This can check if you can use random access write.
This is generally not a good option since it prevents reusing the same nonce/counter.
Returns:
True if the stream allowed to seek and write.
- Type
- boolean
isIntegrityEnabled() → {boolean}
True if the stream has integrity enabled.
Returns:
If integrity is enabled for this stream.
- Type
- boolean
(async) length() → {Promise.<number>}
Provides the length of the actual transformed data (minus the header and integrity data).
Returns:
The length of the stream.
- Type
- Promise.<number>
(async) read(buffer, offset, count) → {Promise.<number>}
Decrypts the data from the baseStream and stores them in the buffer provided.
Parameters:
Name | Type | Description |
---|---|---|
buffer |
Uint8Array | The buffer that the data will be stored after decryption |
offset |
number | The start position on the buffer that data will be written. |
count |
number | The requested count of the data bytes that should be decrypted |
Returns:
The number of data bytes that were decrypted.
- Type
- Promise.<number>
(async) seek(offset, origin) → {Promise.<number>}
Seek to a specific position on the stream. This does not include the header and any hash Signatures.
Parameters:
Name | Type | Description |
---|---|---|
offset |
number | The offset that seek will use |
origin |
SeekOrigin.Begin | If it is Begin the offset will be the absolute position from the start of the stream If it is Current the offset will be added to the current position of the stream If it is End the offset will be the absolute position starting from the end of the stream. |
Returns:
The new position after seeking.
- Type
- Promise.<number>
setAllowRangeWrite(value)
Warning! Allow byte range encryption writes on a current stream. Overwriting is not a good idea because it will re-use the same IV.
This is not recommended if you use the stream on storing files or generally data if prior version can be inspected by others.
You should only use this setting for initial encryption with parallel streams and not for overwriting!
Parameters:
Name | Type | Description |
---|---|---|
value |
boolean | True to allow byte range encryption write operations |
setBufferSize(bufferSize)
Set the internal buffer size.
Parameters:
Name | Type | Description |
---|---|---|
bufferSize |
number | The new buffer size. |
setFailSilently(value)
Set to True if you want the stream to fail silently when integrity cannot be verified.
In that case read() operations will return -1 instead of raising an exception.
This prevents 3rd party code like media players from crashing.
Parameters:
Name | Type | Description |
---|---|---|
value |
boolean | True to fail silently. |
(async) setLength(value)
Set the length of the base stream. Currently unsupported.
Parameters:
Name | Type | Description |
---|---|---|
value |
number | The new length. |
(async) setPosition(value) → {Promise.<void>}
Sets the current position of the stream relative to the data to be transformed.
Parameters:
Name | Type | Description |
---|---|---|
value |
number | The new position |
Throws:
IOException Thrown if there is an IO error.
Returns:
- Type
- Promise.<void>
(async) write(buffer, offset, count)
Encrypts the data from the buffer and writes the result to the baseStream.
If you are using integrity you will need to align all write operations to the chunk size
otherwise align to the encryption block size.
Parameters:
Name | Type | Description |
---|---|---|
buffer |
Uint8Array | The buffer that contains the data that will be encrypted |
offset |
number | The offset in the buffer that the bytes will be encrypted. |
count |
number | The length of the bytes that will be encrypted. |
(async, static) getActualSize(data, key, nonce, mode, headerData, integrity, The, hashKey) → {Promise.<number>}
Get the output size of the data to be transformed(encrypted or decrypted) including
header and hash without executing any operations. This can be used to prevent over-allocating memory
where creating your output buffers.
Parameters:
Name | Type | Default | Description |
---|---|---|---|
data |
Uint8Array | The data to be transformed. | |
key |
Uint8Array | The AES key. | |
nonce |
Uint8Array | The nonce for the CTR. | |
mode |
EncryptionMode | The EncryptionMode Encrypt or Decrypt. | |
headerData |
Uint8Array | null | The header data to be embedded if you use Encryption. | |
integrity |
boolean | false | True if you want to enable integrity. |
The |
number | null | chunk size for integrity chunks. | |
hashKey |
Uint8Array | null | The hash key to be used for integrity checks. |
Throws:
-
SalmonSecurityException Thrown when error with security
-
IntegrityException Thrown if the data are corrupt or tampered with.
-
IOException Thrown if there is an IO error.
Returns:
The size of the output data.
- Type
- Promise.<number>
(static) getAesProviderType() → {ProviderType}
Get the global AES provider type. Supported types: ProviderType.
Returns:
The provider Type.
- Type
- ProviderType
(static) setAesProviderType(providerType)
Set the global AES provider type. Supported types: ProviderType.
Parameters:
Name | Type | Description |
---|---|---|
providerType |
ProviderType | The provider Type. |