/**
* @module SecurePass
*/
///
import { SecurePassError } from './error';
export { SecurePassError, SecurePassOptionsError } from './error';
export { bufferFromSafeBase64, bufferToSafeBase64 } from './base64';
/** A set of configuration options used to configure a new instance of SecurePass */
export interface SecurePassOptions {
/**
* Configures the memory limit of Argon2ID. This value is in bytes.
* The default value is 64MB.
*/
memLimit?: number;
/**
* Configures the operation limit of Argon2ID.
* The default value is 2.
*/
opsLimit?: number;
}
/** The callback function signature when hashPassword is used with a callback. */
export declare type HashPasswordCallback = (err: SecurePassError | null, hash?: Buffer) => void;
/** The callback function signature when verifyHash is used with a callback. */
export declare type VerifyHashCallback = (err: SecurePassError | null, result?: VerificationResult) => void;
export declare enum VerificationResult {
/** Returned if the hash is in an invalid format or wasn't created by SecurePass. */
InvalidOrUnrecognized = 0,
/** Returned if the hash doesn't match the supplied plaintext password. */
Invalid = 1,
/** Returned if the hash is valid and matches the supplied plaintext password. */
Valid = 2,
/** Returned if the hash is valid, but could be improved with the currently set difficulty options. */
ValidNeedsRehash = 3
}
/** Used to return a One Time Authentication mac and key as well as the message it was derrived from. */
export interface GenerateOneTimeAuthResult {
/** One Time Authentication mac. */
mac: Buffer;
/** One Time Authentication message. */
message: Buffer;
/** One Time Authentication randomly generated key. This value should be kept secret. */
key: Buffer;
}
/** Used to return a One Time Authentication Code and randomly generated key. */
export interface GenerateOneTimeAuthCodeResult {
/** One Time Authentication mac and message stored as a specifically formatted base64 string. */
code: string;
/** One Time Authentication randomly generated key. This value should be kept secret. */
key: Buffer;
}
export declare class SecurePass {
/**
* Minimum Length for the Password input buffer.
* @readonly
*/
static readonly PasswordBytesMin: number;
/**
* Maxium Length for the Password input buffer.
* @readonly
*/
static readonly PasswordBytesMax: number;
/**
* Length of the Password Hash output buffer.
* @readonly
*/
static readonly HashBytes: number;
/**
* Length of the Salt buffer.
* @readonly
*/
static readonly SaltBytes: number;
/**
* Length of the Mac buffer returned by generateOneTimeAuth.
* @readonly
*/
static readonly MacBytes: number;
/**
* Length of the secret Key buffer returned by generateOneTimeAuth and generateOneTimeAuthCode.
* @readonly
*/
static readonly KeyBytes: number;
/**
* Default Memory Limit. 64MB.
* @readonly
*/
static readonly MemLimitDefault: number;
/**
* Interactive Memory Limit. 64MB. This value is the same as MemLimitDefault.
* This memory limit is recommended for interactive "online" applications, when combined with OpsLimitInteractive,
* this option requires 64 MiB of dedicated RAM and provides a baseline configuration for web app security.
* Choosing a higher value such as MemLimitModerate, MemLimitSensitive or a custom value may improve security.
* @readonly
*/
static readonly MemLimitInteractive: number;
/**
* Moderate Memory Limit. 256MB.
* This memory limit, combined with OpsLimitModerate provides a good performance and security baseline for
* applications that require higher security than the default/interactive preset.
* Use of this option requires a minimum of 256 MiB of dedicated RAM.
* @readonly
*/
static readonly MemLimitModerate: number;
/**
* Sensitive Memory Limit. 1GB.
* This memory limit, combined with OpsLimitSensitive, is recommended for highly sensitive data
* and non-interactive operations.
* Use of this option requires a minimum of 1024 MiB of dedicated RAM.
* @readonly
*/
static readonly MemLimitSensitive: number;
/**
* The Minimum Allowed Memory Limit. 8KB.
* @readonly
*/
static readonly MemLimitMinimum: number;
/**
* The Maximum Allowed Memory Limit. 4TB.
* @readonly
*/
static readonly MemLimitMaximum: number;
/**
* Default Operations Limit. 2 Operations.
* @readonly
*/
static readonly OpsLimitDefault: number;
/**
* Interactive Operations Limit. 2 Operations.This value is the same as OpsLimitDefault.
* This operations limit is recommended for interactive "online" applications, when combined with MemLimitInteractive,
* this option provides a baseline configuration for web app security.
* Choosing a higher value such as MemLimitModerate, MemLimitSensitive or a custom value may improve security.
* @readonly
*/
static readonly OpsLimitInteractive: number;
/**
* Moderate Operations Limit. 3 Operations.
* This operations limit, combined with MemLimitModerate provides a good performance and security baseline for
* applications that require higher security than the default/interactive preset.
* Using this options takes around 0.7 seconds to derrive a hash on a 2.8Ghz Core i7 CPU.
* @readonly
*/
static readonly OpsLimitModerate: number;
/**
* Sensitive Operations Limit. 4 Operations.
* This memory limit, combined with OpsLimitSensitive, is recommended for highly sensitive data
* and non-interactive operations.
* Using this option it takes around 3.5 seconds to derrive a hash on a 2.8Ghz Core i7 CPU.
* @readonly
*/
static readonly OpsLimitSensitive: number;
/**
* The Minimum Allowed Operations Limit. 1 Operation.
* @readonly
*/
static readonly OpsLimitMinimum: number;
/**
* The Maximum Allowed Operations Limit. 4294967295 Operations.
* @readonly
*/
static readonly OpsLimitMaximum: number;
/**
* Generates a random key, and then uses that key and the supplied message,
* to generate a one time authentication mac.
* @param message - The message to be used as the base of the one time authentication key.
*/
static generateOneTimeAuth(message: Buffer): GenerateOneTimeAuthResult;
/**
* Verifys the authenticity of the mac using the supplied message and,
* the key returned when generating the mac.
* @param mac - The authentication mac generated by generateOneTimeAuth.
* @param message - The original message used to generate the mac.
* @param key - The authentication key generated by generateOneTimeAuth.
*/
static verifyOneTimeAuth(mac: Buffer, message: Buffer, key: Buffer): boolean;
/**
* Generates a random key, and then uses that key and the supplied message,
* to generate a one time authentication code.
* @param message - The message to be used as the base of the one time authentication code.
*/
static generateOneTimeAuthCode(message: Buffer): GenerateOneTimeAuthCodeResult;
/**
* Verifys the authenticity of the supplied authentication code using the key returned when generating the code.
* @param code - The one time authentication code generated by generateOneTimeAuthCode.
* @param key - The authentication key generated by generateOneTimeAuthCode.
*/
static verifyOneTimeAuthCode(code: string, key: Buffer): boolean;
/**
* Tests a VerificationResult enumeration and returns true if the value is InvalidOrUnrecognized.
* @param vr - The VerificationResult to Test.
*/
static isInvalidOrUnrecognized(vr: VerificationResult): boolean;
/**
* Tests a VerificationResult enumeration and returns true if the value is Invalid.
* @param vr - The VerificationResult to Test.
*/
static isInvalid(vr: VerificationResult): boolean;
/**
* Tests a VerificationResult enumeration and returns true if the value is Valid.
* @param vr - The VerificationResult to Test.
*/
static isValid(vr: VerificationResult): boolean;
/**
* Tests a VerificationResult enumeration and returns true if the value is ValidNeedsRehash.
* @param vr - The VerificationResult to Test.
*/
static isValidNeedsRehash(vr: VerificationResult): boolean;
/**
* Configured memory limit for Argon2ID.
*/
private memLimit;
/**
* Configured operations limit for Argon2ID.
*/
private opsLimit;
/**
* Create a new instance of SecurePass to hash passwords, verify passwords,
* generate one time reset tokens and verify one time reset tokens.
* @param options - SecurePassOptions to configure work settings of Argon2ID.
* @param options.memLimit - Configures the memory limit of Argon2ID.
* @param options.opsLimit - Configures the operations limit of Argon2ID.
*/
constructor(options?: SecurePassOptions);
/**
* Returns the currently configured Memory Limit.
*/
/**
* Sets the Memory Limit to the new value provided.
* @param newValue - The new Memory Limit.
*/
MemLimit: number;
/**
* Returns the currently configured Operations Limit.
*/
/**
* Sets the Operations Limit to the new value provided.
*/
OpsLimit: number;
/**
* Takes the provided password and returns the derived Argon2ID hash.
* @param password - The password to be hashed.
* @param callback - Optional callback function.
*/
hashPassword(password: Buffer): Promise;
hashPassword(password: Buffer, callback: HashPasswordCallback): void;
/**
* Takes the provided password and returns the derived Argon2ID hash.
* @param password - The password to be hashed.
*/
hashPasswordSync(password: Buffer): Buffer;
/**
* Takes the provided password and the hash buffer
* and returns the result of the verification as an enumeration value.
* @param password - The password to be verified.
* @param hash - The hash to be verified against.
*/
verifyHash(password: Buffer, hash: Buffer): Promise;
verifyHash(password: Buffer, hash: Buffer, callback: VerifyHashCallback): void;
/**
* Takes the provided password and the hash buffer
* and returns the result of the verification as an enumeration value.
* @param password - The password to be verified.
* @param hash - The hash to be verified against.
*/
verifyHashSync(password: Buffer, hash: Buffer): VerificationResult;
private hashPasswordAsync;
private verifyHashAsync;
private recognizedAlgorithm;
}
export default SecurePass;