@iov/crypto
Advanced tools
Comparing version 2.0.0 to 2.0.1
"use strict"; | ||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
return new (P || (P = Promise))(function (resolve, reject) { | ||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } | ||
step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
}); | ||
}; | ||
var __importStar = (this && this.__importStar) || function (mod) { | ||
@@ -35,24 +26,20 @@ if (mod && mod.__esModule) return mod; | ||
} | ||
static mnemonicToSeed(mnemonic, password) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
// reimplementation of bip39.mnemonicToSeed using the asynchronous | ||
// interface of https://www.npmjs.com/package/pbkdf2 | ||
const mnemonicBytes = Buffer.from(unorm.nfkd(mnemonic.toString()), "utf8"); | ||
const salt = "mnemonic" + (password ? unorm.nfkd(password) : ""); | ||
const saltBytes = Buffer.from(salt, "utf8"); | ||
return this.pbkdf2(mnemonicBytes, saltBytes, 2048, 64, "sha512"); | ||
}); | ||
static async mnemonicToSeed(mnemonic, password) { | ||
// reimplementation of bip39.mnemonicToSeed using the asynchronous | ||
// interface of https://www.npmjs.com/package/pbkdf2 | ||
const mnemonicBytes = Buffer.from(unorm.nfkd(mnemonic.toString()), "utf8"); | ||
const salt = "mnemonic" + (password ? unorm.nfkd(password) : ""); | ||
const saltBytes = Buffer.from(salt, "utf8"); | ||
return this.pbkdf2(mnemonicBytes, saltBytes, 2048, 64, "sha512"); | ||
} | ||
// convert pbkdf2's calllback interface to Promise interface | ||
static pbkdf2(secret, salt, iterations, keylen, digest) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
return new Promise((resolve, reject) => { | ||
pbkdf2_1.pbkdf2(secret, salt, iterations, keylen, digest, (err, derivedKey) => { | ||
if (err) { | ||
reject(err); | ||
} | ||
else { | ||
resolve(new Uint8Array(derivedKey)); | ||
} | ||
}); | ||
static async pbkdf2(secret, salt, iterations, keylen, digest) { | ||
return new Promise((resolve, reject) => { | ||
pbkdf2_1.pbkdf2(secret, salt, iterations, keylen, digest, (err, derivedKey) => { | ||
if (err) { | ||
reject(err); | ||
} | ||
else { | ||
resolve(new Uint8Array(derivedKey)); | ||
} | ||
}); | ||
@@ -59,0 +46,0 @@ }); |
@@ -6,11 +6,2 @@ "use strict"; | ||
// libsodium.js API: https://gist.github.com/webmaster128/b2dbe6d54d36dd168c9fabf441b9b09c | ||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
return new (P || (P = Promise))(function (resolve, reject) { | ||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } | ||
step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
}); | ||
}; | ||
var __importDefault = (this && this.__importDefault) || function (mod) { | ||
@@ -22,8 +13,6 @@ return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
class Argon2id { | ||
static execute(password, salt, options) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_pwhash(options.outputLength, password, salt, // libsodium only supports 16 byte salts and will throw when you don't respect that | ||
options.opsLimit, options.memLimitKib * 1024, libsodium_wrappers_1.default.crypto_pwhash_ALG_ARGON2ID13); | ||
}); | ||
static async execute(password, salt, options) { | ||
await libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_pwhash(options.outputLength, password, salt, // libsodium only supports 16 byte salts and will throw when you don't respect that | ||
options.opsLimit, options.memLimitKib * 1024, libsodium_wrappers_1.default.crypto_pwhash_ALG_ARGON2ID13); | ||
} | ||
@@ -58,20 +47,14 @@ } | ||
*/ | ||
static makeKeypair(seed) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
const keypair = libsodium_wrappers_1.default.crypto_sign_seed_keypair(seed); | ||
return Ed25519Keypair.fromLibsodiumPrivkey(keypair.privateKey); | ||
}); | ||
static async makeKeypair(seed) { | ||
await libsodium_wrappers_1.default.ready; | ||
const keypair = libsodium_wrappers_1.default.crypto_sign_seed_keypair(seed); | ||
return Ed25519Keypair.fromLibsodiumPrivkey(keypair.privateKey); | ||
} | ||
static createSignature(message, keyPair) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_sign_detached(message, keyPair.toLibsodiumPrivkey()); | ||
}); | ||
static async createSignature(message, keyPair) { | ||
await libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_sign_detached(message, keyPair.toLibsodiumPrivkey()); | ||
} | ||
static verifySignature(signature, message, pubkey) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_sign_verify_detached(signature, message, pubkey); | ||
}); | ||
static async verifySignature(signature, message, pubkey) { | ||
await libsodium_wrappers_1.default.ready; | ||
return libsodium_wrappers_1.default.crypto_sign_verify_detached(signature, message, pubkey); | ||
} | ||
@@ -81,17 +64,13 @@ } | ||
class Xchacha20poly1305Ietf { | ||
static encrypt(message, key, nonce) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
const additionalData = null; | ||
return libsodium_wrappers_1.default.crypto_aead_xchacha20poly1305_ietf_encrypt(message, additionalData, null, // secret nonce: unused and should be null (https://download.libsodium.org/doc/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction) | ||
nonce, key); | ||
}); | ||
static async encrypt(message, key, nonce) { | ||
await libsodium_wrappers_1.default.ready; | ||
const additionalData = null; | ||
return libsodium_wrappers_1.default.crypto_aead_xchacha20poly1305_ietf_encrypt(message, additionalData, null, // secret nonce: unused and should be null (https://download.libsodium.org/doc/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction) | ||
nonce, key); | ||
} | ||
static decrypt(ciphertext, key, nonce) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
yield libsodium_wrappers_1.default.ready; | ||
const additionalData = null; | ||
return libsodium_wrappers_1.default.crypto_aead_xchacha20poly1305_ietf_decrypt(null, // secret nonce: unused and should be null (https://download.libsodium.org/doc/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction) | ||
ciphertext, additionalData, nonce, key); | ||
}); | ||
static async decrypt(ciphertext, key, nonce) { | ||
await libsodium_wrappers_1.default.ready; | ||
const additionalData = null; | ||
return libsodium_wrappers_1.default.crypto_aead_xchacha20poly1305_ietf_decrypt(null, // secret nonce: unused and should be null (https://download.libsodium.org/doc/secret-key_cryptography/aead/chacha20-poly1305/xchacha20-poly1305_construction) | ||
ciphertext, additionalData, nonce, key); | ||
} | ||
@@ -98,0 +77,0 @@ } |
"use strict"; | ||
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
return new (P || (P = Promise))(function (resolve, reject) { | ||
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } | ||
step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
}); | ||
}; | ||
var __importDefault = (this && this.__importDefault) || function (mod) { | ||
@@ -22,29 +13,27 @@ return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
class Secp256k1 { | ||
static makeKeypair(privkey) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
if (privkey.length !== 32) { | ||
// is this check missing in secp256k1.validatePrivateKey? | ||
// https://github.com/bitjson/bitcoin-ts/issues/4 | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
const keypair = secp256k1.keyFromPrivate(privkey); | ||
if (keypair.validate().result !== true) { | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
// range test that is not part of the elliptic implementation | ||
const privkeyAsBigInteger = new bn_js_1.default(privkey); | ||
if (privkeyAsBigInteger.gte(secp256k1N)) { | ||
// not strictly smaller than N | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
const out = { | ||
privkey: encoding_1.Encoding.fromHex(keypair.getPrivate("hex")), | ||
// encodes uncompressed as | ||
// - 1-byte prefix "04" | ||
// - 32-byte x coordinate | ||
// - 32-byte y coordinate | ||
pubkey: encoding_1.Encoding.fromHex(keypair.getPublic().encode("hex")), | ||
}; | ||
return out; | ||
}); | ||
static async makeKeypair(privkey) { | ||
if (privkey.length !== 32) { | ||
// is this check missing in secp256k1.validatePrivateKey? | ||
// https://github.com/bitjson/bitcoin-ts/issues/4 | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
const keypair = secp256k1.keyFromPrivate(privkey); | ||
if (keypair.validate().result !== true) { | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
// range test that is not part of the elliptic implementation | ||
const privkeyAsBigInteger = new bn_js_1.default(privkey); | ||
if (privkeyAsBigInteger.gte(secp256k1N)) { | ||
// not strictly smaller than N | ||
throw new Error("input data is not a valid secp256k1 private key"); | ||
} | ||
const out = { | ||
privkey: encoding_1.Encoding.fromHex(keypair.getPrivate("hex")), | ||
// encodes uncompressed as | ||
// - 1-byte prefix "04" | ||
// - 32-byte x coordinate | ||
// - 32-byte y coordinate | ||
pubkey: encoding_1.Encoding.fromHex(keypair.getPublic().encode("hex")), | ||
}; | ||
return out; | ||
} | ||
@@ -55,45 +44,41 @@ // Creates a signature that is | ||
// - DER encoded | ||
static createSignature(messageHash, privkey) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
if (messageHash.length === 0) { | ||
throw new Error("Message hash must not be empty"); | ||
} | ||
if (messageHash.length > 32) { | ||
throw new Error("Message hash length must not exceed 32 bytes"); | ||
} | ||
const keypair = secp256k1.keyFromPrivate(privkey); | ||
// the `canonical` option ensures creation of lowS signature representations | ||
const signature = keypair.sign(messageHash, { canonical: true }); | ||
return new secp256k1signature_1.ExtendedSecp256k1Signature(signature.r.toArrayLike(Uint8Array), signature.s.toArrayLike(Uint8Array), signature.recoveryParam); | ||
}); | ||
static async createSignature(messageHash, privkey) { | ||
if (messageHash.length === 0) { | ||
throw new Error("Message hash must not be empty"); | ||
} | ||
if (messageHash.length > 32) { | ||
throw new Error("Message hash length must not exceed 32 bytes"); | ||
} | ||
const keypair = secp256k1.keyFromPrivate(privkey); | ||
// the `canonical` option ensures creation of lowS signature representations | ||
const signature = keypair.sign(messageHash, { canonical: true }); | ||
return new secp256k1signature_1.ExtendedSecp256k1Signature(signature.r.toArrayLike(Uint8Array), signature.s.toArrayLike(Uint8Array), signature.recoveryParam); | ||
} | ||
static verifySignature(signature, messageHash, pubkey) { | ||
return __awaiter(this, void 0, void 0, function* () { | ||
if (messageHash.length === 0) { | ||
throw new Error("Message hash must not be empty"); | ||
} | ||
if (messageHash.length > 32) { | ||
throw new Error("Message hash length must not exceed 32 bytes"); | ||
} | ||
const keypair = secp256k1.keyFromPublic(pubkey); | ||
// From https://github.com/indutny/elliptic: | ||
// | ||
// Sign the message's hash (input must be an array, or a hex-string) | ||
// | ||
// Signature MUST be either: | ||
// 1) DER-encoded signature as hex-string; or | ||
// 2) DER-encoded signature as buffer; or | ||
// 3) object with two hex-string properties (r and s); or | ||
// 4) object with two buffer properties (r and s) | ||
// | ||
// Uint8Array is not a Buffer, but elliptic seems to be happy with the interface | ||
// common to both types. Uint8Array is not an array of ints but the interface is | ||
// similar | ||
try { | ||
return keypair.verify(messageHash, signature.toDer()); | ||
} | ||
catch (error) { | ||
return false; | ||
} | ||
}); | ||
static async verifySignature(signature, messageHash, pubkey) { | ||
if (messageHash.length === 0) { | ||
throw new Error("Message hash must not be empty"); | ||
} | ||
if (messageHash.length > 32) { | ||
throw new Error("Message hash length must not exceed 32 bytes"); | ||
} | ||
const keypair = secp256k1.keyFromPublic(pubkey); | ||
// From https://github.com/indutny/elliptic: | ||
// | ||
// Sign the message's hash (input must be an array, or a hex-string) | ||
// | ||
// Signature MUST be either: | ||
// 1) DER-encoded signature as hex-string; or | ||
// 2) DER-encoded signature as buffer; or | ||
// 3) object with two hex-string properties (r and s); or | ||
// 4) object with two buffer properties (r and s) | ||
// | ||
// Uint8Array is not a Buffer, but elliptic seems to be happy with the interface | ||
// common to both types. Uint8Array is not an array of ints but the interface is | ||
// similar | ||
try { | ||
return keypair.verify(messageHash, signature.toDer()); | ||
} | ||
catch (error) { | ||
return false; | ||
} | ||
} | ||
@@ -100,0 +85,0 @@ static recoverPubkey(signature, messageHash) { |
@@ -37,3 +37,3 @@ "use strict"; | ||
static hardened(hardenedIndex) { | ||
return new Slip10RawIndex(hardenedIndex + Math.pow(2, 31)); | ||
return new Slip10RawIndex(hardenedIndex + 2 ** 31); | ||
} | ||
@@ -44,3 +44,3 @@ static normal(normalIndex) { | ||
isHardened() { | ||
return this.data >= Math.pow(2, 31); | ||
return this.data >= 2 ** 31; | ||
} | ||
@@ -47,0 +47,0 @@ } |
{ | ||
"name": "@iov/crypto", | ||
"version": "2.0.0", | ||
"version": "2.0.1", | ||
"description": "Cryptography resources for IOV projects", | ||
@@ -41,3 +41,3 @@ "author": "IOV SAS <admin@iov.one>", | ||
"dependencies": { | ||
"@iov/encoding": "^2.0.0", | ||
"@iov/encoding": "^2.0.1", | ||
"bip39": "^3.0.2", | ||
@@ -57,3 +57,3 @@ "bn.js": "^4.11.8", | ||
}, | ||
"gitHead": "a4108f9f268974b0f4b6b53f2668aa4925820feb" | ||
"gitHead": "d7c41b4c42b2a03bb1cda99eebff6b2ce991803a" | ||
} |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
0
75216
984
Updated@iov/encoding@^2.0.1