@platynum/rocatest
Advanced tools
@platynum/rocatest - npm Package Compare versions
Comparing version 1.0.4 to 1.1.0
| { | ||
| "name": "@platynum/rocatest", | ||
| "version": "1.0.4", | ||
| "version": "1.1.0", | ||
| "description": "Test jsrsasign keys for the ROCA vulnerability", | ||
| "main": "rocatest.js", | ||
| "main": "./bin/keytest.js", | ||
| "scripts": { | ||
@@ -18,2 +18,3 @@ "test": "mocha --slow 1000 --timeout 200000 test" | ||
| "keywords": [ | ||
| "cab", | ||
| "rsa", | ||
@@ -29,7 +30,11 @@ "roca" | ||
| "bin": { | ||
| "rocatest": "./bin/rocatest.js" | ||
| "keytest": "./bin/keytest.js" | ||
| }, | ||
| "dependencies": { | ||
| "big-integer": "^1.6.48" | ||
| "big-integer": "^1.6.51", | ||
| "bigint-isqrt": "^0.2.1" | ||
| }, | ||
| "optionalDependencies": { | ||
| "yargs": "^17.3.1" | ||
| }, | ||
| "peerDependencies": { | ||
@@ -40,5 +45,6 @@ "jsrsasign": "8.x || 9.x || 10.x" | ||
| "chai": "^4.3.4", | ||
| "eslint": "^7.22.0", | ||
| "mocha": "^8.3.2" | ||
| "eslint": "^8.16.0", | ||
| "mocha": "^10.0.0", | ||
| "pkg": "^5.5.2" | ||
| } | ||
| } |
@@ -26,9 +26,9 @@ # Javascript ROCA test | ||
| ```javascript | ||
| var jsrsasign = require('jsrsasign'); | ||
| var roca = require('../rocatest'); | ||
| const jsrsasign = require('jsrsasign'); | ||
| const { rocatest } = require('@platynum/rocatest'); | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 512); | ||
| if (roca.check(key.pubKeyObj) === true) | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 512); | ||
| if (rocatest.check(key.pubKeyObj) === true) | ||
| console.log('Key is vulnerable'); | ||
| ``` | ||
@@ -1,41 +0,41 @@ | ||
| var jsrsasign = require('jsrsasign'); | ||
| var fs = require('fs'); | ||
| var expect = require('chai').expect; | ||
| const jsrsasign = require('jsrsasign'); | ||
| const fs = require('node:fs'); | ||
| const expect = require('chai').expect; | ||
| var roca = require('../rocatest'); | ||
| const roca = require('../scripts/rocatest'); | ||
| describe('roca', function() { | ||
| describe('ROCA', function() { | ||
| describe('check', function() { | ||
| it('should recognize ROCA-1 key', function() { | ||
| var pem = fs.readFileSync('test/roca-1.key.pem', 'utf-8'); | ||
| var key = jsrsasign.KEYUTIL.getKey(pem); | ||
| let pem = fs.readFileSync('test/roca/1.key.pem', 'utf8'); | ||
| let key = jsrsasign.KEYUTIL.getKey(pem); | ||
| expect(roca.check(key)).to.be.true; | ||
| }); | ||
| it('should recognize ROCA-2 key', function() { | ||
| var pem = fs.readFileSync('test/roca-2.key.pem', 'utf-8'); | ||
| var key = jsrsasign.KEYUTIL.getKey(pem); | ||
| let pem = fs.readFileSync('test/roca/2.key.pem', 'utf8'); | ||
| let key = jsrsasign.KEYUTIL.getKey(pem); | ||
| expect(roca.check(key)).to.be.true; | ||
| }); | ||
| it('should pass EC key', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('EC', 'secp256r1'); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('EC', 'secp256r1'); | ||
| expect(roca.check(key.prvKeyObj)).to.be.false; | ||
| }); | ||
| it('should pass generated public key (512 bit)', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 512); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 512); | ||
| expect(roca.check(key.prvKeyObj)).to.be.false; | ||
| }); | ||
| it('should pass generated private key (1024 bit)', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 1024); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 1024); | ||
| expect(roca.check(key.pubKeyObj)).to.be.false; | ||
| }); | ||
| it('should pass generated private key (2048 bit)', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 2048); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 2048); | ||
| expect(roca.check(key.pubKeyObj)).to.be.false; | ||
| }); | ||
| it('should pass generated public key (3072 bit)', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 3072); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 3072); | ||
| expect(roca.check(key.prvKeyObj)).to.be.false; | ||
| }); | ||
| it('should pass generated public key (4096 bit)', function() { | ||
| var key = jsrsasign.KEYUTIL.generateKeypair('RSA', 4096); | ||
| let key = jsrsasign.KEYUTIL.generateKeypair('RSA', 4096); | ||
| expect(roca.check(key.prvKeyObj)).to.be.false; | ||
@@ -42,0 +42,0 @@ }); |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by2283.8%
272802
- Number of package files
- increased by1236.36%
147
- Lines of code
- increased by135.17%
341
- Number of low supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Dependency count
- increased by100%
4
- Dev dependency count
- increased by33.33%
4
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedbigint-isqrt@^0.2.1
+ Addedansi-regex@5.0.1(transitive)
+ Addedansi-styles@4.3.0(transitive)
+ Addedbigint-isqrt@0.2.1(transitive)
+ Addedcliui@8.0.1(transitive)
+ Addedcolor-convert@2.0.1(transitive)
+ Addedcolor-name@1.1.4(transitive)
+ Addedemoji-regex@8.0.0(transitive)
+ Addedescalade@3.2.0(transitive)
+ Addedget-caller-file@2.0.5(transitive)
+ Addedis-fullwidth-code-point@3.0.0(transitive)
+ Addedrequire-directory@2.1.1(transitive)
+ Addedstring-width@4.2.3(transitive)
+ Addedstrip-ansi@6.0.1(transitive)
+ Addedwrap-ansi@7.0.0(transitive)
+ Addedy18n@5.0.8(transitive)
+ Addedyargs@17.7.2(transitive)
+ Addedyargs-parser@21.1.1(transitive)
Updatedbig-integer@^1.6.51