Update decoder.js

decoder.js

@@ -10,49 +10,104 @@ function pemToDer(pem) {
     return buffer;
 }
 
-async function decodeFromImageBuffer(imageBuffer, privateKeyPem) {
-    // 1. Extract data from image using Sharp
-    const { data: pixelData } = await sharp(imageBuffer).raw().toBuffer({ resolveWithObject: true });
+/**
+ * Extracts the hidden data from an image buffer by perfectly mirroring the Python LSB embedding logic.
+ * @param {Buffer} imageBuffer - The raw buffer of the PNG image.
+ * @returns {Promise<Uint8Array>} A promise that resolves with the extracted crypto payload.
+ */
+async function extractDataFromImage(imageBuffer) {
+    // 1. Ensure the image is processed as 3-channel RGB, just like the Python encryptor.
+    // .removeAlpha() converts RGBA to RGB. .toColourspace('srgb') handles other formats.
+    const { data: pixelData, info } = await sharp(imageBuffer)
+        .removeAlpha()
+        .toColourspace('srgb')
+        .raw()
+        .toBuffer({ resolveWithObject: true });
+
+    if (info.channels !== 3) {
+        throw new Error(`Image processing error: Expected 3 (RGB) channels, but got ${info.channels}.`);
+    }
+
+    // 2. Read the first 32 bits (4 bytes) from the LSB stream to get the data length.
     const HEADER_BITS = 32;
+    if (pixelData.length < HEADER_BITS) {
+        throw new Error("Image is too small to contain a valid LSB header.");
+    }
+
     let headerBinaryString = '';
-    for (let i = 0; headerBinaryString.length < HEADER_BITS; i++) {
-        const pixelIndex = i * 4;
-        if (pixelData.length < pixelIndex + 3) throw new Error("Image too small for header.");
-        headerBinaryString += pixelData[pixelIndex] & 1;
-        if (headerBinaryString.length < HEADER_BITS) headerBinaryString += pixelData[pixelIndex + 1] & 1;
-        if (headerBinaryString.length < HEADER_BITS) headerBinaryString += pixelData[pixelIndex + 2] & 1;
+    for (let i = 0; i < HEADER_BITS; i++) {
+        headerBinaryString += pixelData[i] & 1;
     }
+
     const headerBytes = new Uint8Array(HEADER_BITS / 8);
-    for (let i = 0; i < HEADER_BITS / 8; i++) { headerBytes[i] = parseInt(headerBinaryString.substring(i * 8, (i + 1) * 8), 2); }
-    const dataLengthInBytes = new DataView(headerBytes.buffer).getUint32(0, false);
-    if (dataLengthInBytes === 0) return {};
+    for (let i = 0; i < HEADER_BITS / 8; i++) {
+        headerBytes[i] = parseInt(headerBinaryString.substring(i * 8, (i + 1) * 8), 2);
+    }
+    const dataLengthInBytes = new DataView(headerBytes.buffer).getUint32(0, false); // Big-endian
+
+    if (dataLengthInBytes === 0) return new Uint8Array(0);
 
+    // 3. Read the main data payload from the LSB stream.
     const dataLengthInBits = dataLengthInBytes * 8;
-    const bitOffset = HEADER_BITS;
+    const startOffset = HEADER_BITS;
+    const endOffset = startOffset + dataLengthInBits;
+
+    if (pixelData.length < endOffset) {
+        throw new Error("Image data is corrupt or truncated: Header specifies a length greater than the available pixels.");
+    }
+
     let dataBinaryString = '';
-    for (let i = 0; dataBinaryString.length < dataLengthInBits; i++) {
-        const bitPosition = bitOffset + i;
-        const pixelIndex = Math.floor(bitPosition / 3) * 4;
-        const channelOffset = bitPosition % 3;
-        if (pixelData.length < pixelIndex + channelOffset) throw new Error("Image data is corrupt or truncated.");
-        dataBinaryString += pixelData[pixelIndex + channelOffset] & 1;
+    for (let i = startOffset; i < endOffset; i++) {
+        dataBinaryString += pixelData[i] & 1;
     }
+
     const cryptoPayload = new Uint8Array(dataLengthInBytes);
-    for (let i = 0; i < dataLengthInBytes; i++) { cryptoPayload[i] = parseInt(dataBinaryString.substring(i * 8, (i + 1) * 8), 2); }
+    for (let i = 0; i < dataLengthInBytes; i++) {
+        cryptoPayload[i] = parseInt(dataBinaryString.substring(i * 8, (i + 1) * 8), 2);
+    }
+
+    return cryptoPayload;
+}
+
 
-    // 2. Decrypt payload using Web Crypto API
+/**
+ * Decrypts the hybrid RSA-AES payload. This function remains the same as it was correct.
+ * @param {Uint8Array} cryptoPayload - The extracted encrypted payload.
+ * @param {string} privateKeyPem - The server's private key.
+ * @returns {Promise<object>} A promise that resolves with the decrypted data.
+ */
+async function decryptHybridPayload(cryptoPayload, privateKeyPem) {
     const privateKey = await webcrypto.subtle.importKey('pkcs8', pemToDer(privateKeyPem), { name: 'RSA-OAEP', hash: 'SHA-256' }, true, ['decrypt']);
     const encryptedAesKeyLen = new DataView(cryptoPayload.buffer, 0, 4).getUint32(0, false);
+    
     let offset = 4;
     const encryptedAesKey = cryptoPayload.slice(offset, offset + encryptedAesKeyLen);
     offset += encryptedAesKeyLen;
     const nonce = cryptoPayload.slice(offset, offset + 12);
     offset += 12;
     const ciphertextWithTag = cryptoPayload.slice(offset);
+    
     const decryptedAesKeyBytes = await webcrypto.subtle.decrypt({ name: 'RSA-OAEP' }, privateKey, encryptedAesKey);
     const aesKey = await webcrypto.subtle.importKey('raw', decryptedAesKeyBytes, { name: 'AES-GCM', length: 256 }, true, ['decrypt']);
     const decryptedDataBuffer = await webcrypto.subtle.decrypt({ name: 'AES-GCM', iv: nonce }, aesKey, ciphertextWithTag);
+    
     return JSON.parse(new TextDecoder().decode(decryptedDataBuffer));
 }
 
+
+/**
+ * Main public function. Decodes auth data from an image buffer.
+ * @param {Buffer} imageBuffer - The raw buffer of the uploaded image.
+ * @param {string} privateKeyPem - The PEM-formatted private key.
+ * @returns {Promise<object>} A promise that resolves to the decoded credentials object.
+ */
+async function decodeFromImageBuffer(imageBuffer, privateKeyPem) {
+    const cryptoPayload = await extractDataFromImage(imageBuffer);
+    if (cryptoPayload.length === 0) {
+        // This is a valid case if an empty message was embedded.
+        return {}; 
+    }
+    return await decryptHybridPayload(cryptoPayload, privateKeyPem);
+}
+
 module.exports = { decodeFromImageBuffer };