All files / src/classes/MFKDFDerivedKey strengthening.js

100% Statements 11/11
100% Branches 12/12
100% Functions 1/1
100% Lines 11/11

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 
 
 
 
 
 
 
 
 
 
1x
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
12x
2x
 
10x
2x
 
 
8x
8x
 
8x
 
 
 
 
 
 
 
 
 
 
 
8x
 
1x
 
/**
 * @file Multi-Factor Derived Key Reconstitution Functions
 * @copyright Multifactor, Inc. 2022–2025
 *
 * @description
 * Operations for strengthening a multi-factor derived key
 *
 * @author Vivek Nair (https://nair.me) <[email protected]>
 */
 
const { encrypt } = require('../../crypt')
const { argon2id } = require('hash-wasm')
 
/**
 * Update the time and/or memory cost of an existing multi-factor derived key.
 * (This can also be used to 'weaken' a key if necessary, but that is not recommended.)
 *
 * @example
 * const setup = await mfkdf.setup.key(
 *   [
 *     await mfkdf.setup.factors.password('password1', {
 *       id: 'password1'
 *     })
 *   ],
 *   { time: 3, memory: 16384 }
 * )
 *
 * setup.policy.time.should.equal(3)
 * setup.policy.memory.should.equal(16384)
 *
 * const derive = await mfkdf.derive.key(setup.policy, {
 *   password1: mfkdf.derive.factors.password('password1')
 * })
 *
 * derive.policy.time.should.equal(3)
 * derive.policy.memory.should.equal(16384)
 *
 * derive.key.toString('hex').should.equal(setup.key.toString('hex'))
 *
 * @param {number} [time] - Additional rounds of argon2 time cost to add; 0 by default
 * @param {number} [memory] - Additional argon2 memory cost to add (in KiB); 0 by default
 * @author Vivek Nair (https://nair.me) <[email protected]>
 * @since 2.0.0
 * @memberOf MFKDFDerivedKey
 * @async
 */
async function strenthen (time = 0, memory = 0) {
  if (typeof time !== 'number' || time < 0 || !Number.isInteger(time)) {
    throw new TypeError('time must be a non-negative integer')
  }
  if (typeof memory !== 'number' || memory < 0 || !Number.isInteger(memory)) {
    throw new TypeError('memory must be a non-negative integer')
  }
 
  this.policy.time = time
  this.policy.memory = memory
 
  const kek = Buffer.from(
    await argon2id({
      password: this.secret,
      salt: Buffer.from(this.policy.salt, 'base64'),
      hashLength: 32,
      parallelism: 1,
      iterations: 2 + Math.max(0, time),
      memorySize: 19456 + Math.max(0, memory),
      outputType: 'binary'
    })
  )
 
  this.policy.key = encrypt(this.key, kek).toString('base64')
}
module.exports.strenthen = strenthen
 
Code coverage generated by istanbul at Sat Sep 13 2025 13:27:36 GMT-0700 (Pacific Daylight Time)