;(function () {
'use strict';

  var createHash = require('create-hash');
  var pbkdf2 = require('pbkdf2');
  var aes = require('browserify-aes');

  exports.sha256 = function (buf) {
    var hash = createHash('sha256');
    hash.update(buf);
    hash.end();
    return Promise.resolve(hash.read());
  };

  exports.encrypt = function (data, password, salt, iv) {
    // Derived AES key is 128 bit, and the function takes a size in bytes.
    var aesKey = pbkdf2.pbkdf2Sync(password, Buffer(salt), 8192, 16, 'sha256');
    var cipher = aes.createCipheriv('aes-128-gcm', aesKey, Buffer(iv));
    var result = Buffer.concat([cipher.update(Buffer(data)), cipher.final(), cipher.getAuthTag()]);
    return Promise.resolve(result);
  };

  exports.decrypt = function (data, password, salt, iv) {
    var aesKey = pbkdf2.pbkdf2Sync(password, Buffer(salt), 8192, 16, 'sha256');
    var decipher = aes.createDecipheriv('aes-128-gcm', aesKey, Buffer(iv));

    decipher.setAuthTag(Buffer(data.slice(-16)));
    var result = Buffer.concat([decipher.update(Buffer(data.slice(0, -16))), decipher.final()]);
    return Promise.resolve(result);
  };

}());