improved skipBuffer by calculating IV instead of using all starting aes blocks

larryrider · larryrider · commit d17c486f2f38 · 2024-12-18T16:19:31.000+01:00
diff --git a/src/services/crypto.service.ts b/src/services/crypto.service.ts
@@ -1,6 +1,6 @@
 import { CryptoProvider } from '@internxt/sdk';
 import { Keys, Password } from '@internxt/sdk/dist/auth';
-import { createCipheriv, createDecipheriv, createHash, pbkdf2Sync, randomBytes } from 'node:crypto';
+import { createCipheriv, createDecipheriv, createHash, Decipher, pbkdf2Sync, randomBytes } from 'node:crypto';
 import { Transform } from 'node:stream';
 import { KeysService } from './keys.service';
 import { ConfigService } from '../services/config.service';
@@ -120,12 +120,24 @@ export class CryptoService {
     inputSlices: ReadableStream<Uint8Array>[],
     key: Buffer,
     iv: Buffer,
-    skipOptions?: { total: number },
+    startOffsetByte?: number,
   ) {
-    const decipher = createDecipheriv('aes-256-ctr', key, iv);
-    if (skipOptions) {
-      const skipBuffer = Buffer.alloc(skipOptions.total, 0);
+    let decipher: Decipher;
+    if (startOffsetByte) {
+      const aesBlockSize = 16;
+      const startOffset = startOffsetByte % aesBlockSize;
+      const startBlockFirstByte = startOffsetByte - startOffset;
+      const startBlockNumber = startBlockFirstByte / aesBlockSize;
+
+      const ivForRange = (BigInt('0x' + iv.toString('hex')) + BigInt(startBlockNumber)).toString(16).padStart(32, '0');
+      const newIv = Buffer.from(ivForRange, 'hex');
+
+      const skipBuffer = Buffer.alloc(startOffset, 0);
+
+      decipher = createDecipheriv('aes-256-ctr', key, newIv);
       decipher.update(skipBuffer);
+    } else {
+      decipher = createDecipheriv('aes-256-ctr', key, iv);
     }
     const encryptedStream = StreamUtils.joinReadableBinaryStreams(inputSlices);
 
diff --git a/src/services/network/network-facade.service.ts b/src/services/network/network-facade.service.ts
@@ -72,15 +72,15 @@ export class NetworkFacade {
     };
 
     const decryptFile: DecryptFileFunction = async (_, key, iv) => {
-      let skipOptions;
+      let startOffsetByte;
       if (rangeOptions) {
-        skipOptions = { total: rangeOptions.parsed.start };
+        startOffsetByte = rangeOptions.parsed.start;
       }
       fileStream = await this.cryptoService.decryptStream(
         encryptedContentStreams,
         Buffer.from(key as ArrayBuffer),
         Buffer.from(iv as ArrayBuffer),
-        skipOptions,
+        startOffsetByte,
       );
 
       await fileStream.pipeTo(to);
