@shardus/crypto-utils - npm Package Compare versions

Comparing version 4.1.3 to 4.1.4

build/src/index.d.ts

@@ -62,19 +62,2 @@ /// <reference types="node" />
 /**
- * Returns a payload obtained by encrypting and tagging the message string with a key produced from the given sk and pk
- * @param message
- * @param curveSk
- * @param curvePk
- */
-export declare function encrypt(message: string, curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer): string;
-/**
- * Returns the message string obtained by decrypting the payload with the given sk and pk and authenticating the attached tag
- * @param payload
- * @param curveSk
- * @param curvePk
- */
-export declare function decrypt(payload: string, curveSk: curveSecretKey | Buffer, curvePk: curvePublicKey | Buffer): {
-    isValid: boolean;
-    message: string;
-};
-/**
  * Returns an authentication tag obtained by encrypting the hash of the message string with a key produced from the given sk and pk
@@ -81,0 +64,0 @@ * @param message

build/src/index.js

@@ -6,3 +6,3 @@ "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bufferToHex = exports._getAuthKey = exports.generateSharedKey = exports._ensureBuffer = exports.init = exports.verifyObj = exports.verify = exports.signObj = exports.sign = exports.setCustomStringifier = exports.authenticateObj = exports.authenticate = exports.tagObj = exports.tag = exports.decrypt = exports.encrypt = exports.convertPkToCurve = exports.convertSkToCurve = exports.generateKeypair = exports.hashObj = exports.hash = exports.randomBytes = exports.stringifierName = exports.stringify = void 0;
+exports.bufferToHex = exports._getAuthKey = exports.generateSharedKey = exports._ensureBuffer = exports.init = exports.verifyObj = exports.verify = exports.signObj = exports.sign = exports.setCustomStringifier = exports.authenticateObj = exports.authenticate = exports.tagObj = exports.tag = exports.convertPkToCurve = exports.convertSkToCurve = exports.generateKeypair = exports.hashObj = exports.hash = exports.randomBytes = exports.stringifierName = exports.stringify = void 0;
 const sodium_native_1 = __importDefault(require("sodium-native"));
@@ -154,38 +154,56 @@ const buffer_xor_1 = __importDefault(require("buffer-xor"));
 exports.convertPkToCurve = convertPkToCurve;
+// Vulns were found in encryp decrypt.  would need a security pass if we ever 
+// need them. GOLD-264
+// /**
+//  * Returns a payload obtained by encrypting and tagging the message string with a key produced from the given sk and pk
+//  * @param message
+//  * @param curveSk
+//  * @param curvePk
+//  */
+// export function encrypt( read notes above
+//   message: string,
+//   curveSk: curveSecretKey | Buffer,
+//   curvePk: curvePublicKey | Buffer
+// ): string {
+//   const messageBuf = Buffer.from(message, 'utf8');
+//   const curveSkBuf = _ensureBuffer(curveSk, 'Secret key');
+//   const curvePkBuf = _ensureBuffer(curvePk, 'Public key');
+//   const ciphertext = Buffer.allocUnsafe(
+//     messageBuf.length + sodium.crypto_box_MACBYTES
+//   );
+//   const nonce = Buffer.allocUnsafe(sodium.crypto_box_NONCEBYTES);
+//   sodium.randombytes_buf(nonce);
+//   sodium.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf as Buffer, curveSkBuf as Buffer);
+//   const payload = [ciphertext.toString('hex'), nonce.toString('hex')];
+//   return JSON.stringify(payload);
+// }
+// /**
+//  * Returns the message string obtained by decrypting the payload with the given sk and pk and authenticating the attached tag
+//  * @param payload
+//  * @param curveSk
+//  * @param curvePk
+//  */
+// export function decrypt(  read notes above
+//   payload: string,
+//   curveSk: curveSecretKey | Buffer,
+//   curvePk: curvePublicKey | Buffer
+// ): { isValid: boolean; message: string } {
+//   payload = JSON.parse(payload);
+//   const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext');
+//   const nonce = _ensureBuffer(payload[1], 'Tag nonce');
+//   const secretKey = _ensureBuffer(curveSk, 'Secret key');
+//   const publicKey = _ensureBuffer(curvePk, 'Public key');
+//   const message = Buffer.allocUnsafe(
+//     ciphertext.length - sodium.crypto_box_MACBYTES
+//   );
+//   const isValid = sodium.crypto_box_open_easy(
+//     message,
+//     ciphertext as Buffer,
+//     nonce as Buffer,
+//     publicKey as Buffer,
+//     secretKey as Buffer
+//   );
+//   return { isValid, message: message.toString('utf8') };
+// }
 /**
- * Returns a payload obtained by encrypting and tagging the message string with a key produced from the given sk and pk
- * @param message
- * @param curveSk
- * @param curvePk
- */
-function encrypt(message, curveSk, curvePk) {
-    const messageBuf = Buffer.from(message, 'utf8');
-    const curveSkBuf = _ensureBuffer(curveSk, 'Secret key');
-    const curvePkBuf = _ensureBuffer(curvePk, 'Public key');
-    const ciphertext = Buffer.allocUnsafe(messageBuf.length + sodium_native_1.default.crypto_box_MACBYTES);
-    const nonce = Buffer.allocUnsafe(sodium_native_1.default.crypto_box_NONCEBYTES);
-    sodium_native_1.default.randombytes_buf(nonce);
-    sodium_native_1.default.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf, curveSkBuf);
-    const payload = [ciphertext.toString('hex'), nonce.toString('hex')];
-    return JSON.stringify(payload);
-}
-exports.encrypt = encrypt;
-/**
- * Returns the message string obtained by decrypting the payload with the given sk and pk and authenticating the attached tag
- * @param payload
- * @param curveSk
- * @param curvePk
- */
-function decrypt(payload, curveSk, curvePk) {
-    payload = JSON.parse(payload);
-    const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext');
-    const nonce = _ensureBuffer(payload[1], 'Tag nonce');
-    const secretKey = _ensureBuffer(curveSk, 'Secret key');
-    const publicKey = _ensureBuffer(curvePk, 'Public key');
-    const message = Buffer.allocUnsafe(ciphertext.length - sodium_native_1.default.crypto_box_MACBYTES);
-    const isValid = sodium_native_1.default.crypto_box_open_easy(message, ciphertext, nonce, publicKey, secretKey);
-    return { isValid, message: message.toString('utf8') };
-}
-exports.decrypt = decrypt;
-/**
  * Returns an authentication tag obtained by encrypting the hash of the message string with a key produced from the given sk and pk
@@ -192,0 +210,0 @@ * @param message

package.json

 {
   "name": "@shardus/crypto-utils",
-  "version": "4.1.3",
+  "version": "4.1.4",
   "description": "Provides simple crypto functions, as used by the ULC Project.",
@@ -5,0 +5,0 @@ "main": "./build/src/index.js",

README.md

@@ -1,5 +0,15 @@
-# shardus-crypto-utils
+# Shardus Crypto Utils
 
-Provides a simple interface to node-sodium cryptographic functions, as used by the Shardus project.
+Shardus Crypto Utils is a tool providing a set of cryptographic utility functions specifically designed for developers working with the Shardus core. It offers a simplified interface to node-sodium cryptographic functions, which are fundamental to the Shardus project.
 
+## Installation
+
+You can install Shardus Crypto Utils via npm:
+
+```bash
+npm install @shardus/crypto-utils
+```
+
+## Usage
+
 ```JavaScript
@@ -52,8 +62,4 @@ const crypto = require('shardus-crypto-utils')
 
-## Install
+Here's how you can use Shardus Crypto Utils in your Node.js application:
 
-`npm install @shardus/crypto-utils`
-
-## Use
-
 ```JavaScript
@@ -69,3 +75,3 @@ const crypto = require('shardus-crypto-utils')
 
-For your releasing pleasure, oh shardus Maintainer, please run the command
+To release a new version of Shardus Crypto Utils, run the following command:
 
@@ -75,1 +81,7 @@ ```sh
 ```
+
+This will handle version bumping, generating release notes, tagging, and publishing to npm.
+
+## Contributing
+
+Contributions are very welcome! Everyone interacting in our codebases, issue trackers, and any other form of communication, including chat rooms and mailing lists, is expected to follow our [code of conduct](./CODE_OF_CONDUCT.md) so we can all enjoy the effort we put into this project.

src/index.ts

@@ -184,55 +184,58 @@ export type hexstring = string;
 
-/**
- * Returns a payload obtained by encrypting and tagging the message string with a key produced from the given sk and pk
- * @param message
- * @param curveSk
- * @param curvePk
- */
-export function encrypt(
-  message: string,
-  curveSk: curveSecretKey | Buffer,
-  curvePk: curvePublicKey | Buffer
-): string {
-  const messageBuf = Buffer.from(message, 'utf8');
-  const curveSkBuf = _ensureBuffer(curveSk, 'Secret key');
-  const curvePkBuf = _ensureBuffer(curvePk, 'Public key');
-  const ciphertext = Buffer.allocUnsafe(
-    messageBuf.length + sodium.crypto_box_MACBYTES
-  );
-  const nonce = Buffer.allocUnsafe(sodium.crypto_box_NONCEBYTES);
-  sodium.randombytes_buf(nonce);
-  sodium.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf as Buffer, curveSkBuf as Buffer);
-  const payload = [ciphertext.toString('hex'), nonce.toString('hex')];
-  return JSON.stringify(payload);
-}
+// Vulns were found in encryp decrypt.  would need a security pass if we ever 
+// need them. GOLD-264
 
-/**
- * Returns the message string obtained by decrypting the payload with the given sk and pk and authenticating the attached tag
- * @param payload
- * @param curveSk
- * @param curvePk
- */
-export function decrypt(
-  payload: string,
-  curveSk: curveSecretKey | Buffer,
-  curvePk: curvePublicKey | Buffer
-): { isValid: boolean; message: string } {
-  payload = JSON.parse(payload);
-  const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext');
-  const nonce = _ensureBuffer(payload[1], 'Tag nonce');
-  const secretKey = _ensureBuffer(curveSk, 'Secret key');
-  const publicKey = _ensureBuffer(curvePk, 'Public key');
-  const message = Buffer.allocUnsafe(
-    ciphertext.length - sodium.crypto_box_MACBYTES
-  );
-  const isValid = sodium.crypto_box_open_easy(
-    message,
-    ciphertext as Buffer,
-    nonce as Buffer,
-    publicKey as Buffer,
-    secretKey as Buffer
-  );
-  return { isValid, message: message.toString('utf8') };
-}
+// /**
+//  * Returns a payload obtained by encrypting and tagging the message string with a key produced from the given sk and pk
+//  * @param message
+//  * @param curveSk
+//  * @param curvePk
+//  */
+// export function encrypt( read notes above
+//   message: string,
+//   curveSk: curveSecretKey | Buffer,
+//   curvePk: curvePublicKey | Buffer
+// ): string {
+//   const messageBuf = Buffer.from(message, 'utf8');
+//   const curveSkBuf = _ensureBuffer(curveSk, 'Secret key');
+//   const curvePkBuf = _ensureBuffer(curvePk, 'Public key');
+//   const ciphertext = Buffer.allocUnsafe(
+//     messageBuf.length + sodium.crypto_box_MACBYTES
+//   );
+//   const nonce = Buffer.allocUnsafe(sodium.crypto_box_NONCEBYTES);
+//   sodium.randombytes_buf(nonce);
+//   sodium.crypto_box_easy(ciphertext, messageBuf, nonce, curvePkBuf as Buffer, curveSkBuf as Buffer);
+//   const payload = [ciphertext.toString('hex'), nonce.toString('hex')];
+//   return JSON.stringify(payload);
+// }
 
+// /**
+//  * Returns the message string obtained by decrypting the payload with the given sk and pk and authenticating the attached tag
+//  * @param payload
+//  * @param curveSk
+//  * @param curvePk
+//  */
+// export function decrypt(  read notes above
+//   payload: string,
+//   curveSk: curveSecretKey | Buffer,
+//   curvePk: curvePublicKey | Buffer
+// ): { isValid: boolean; message: string } {
+//   payload = JSON.parse(payload);
+//   const ciphertext = _ensureBuffer(payload[0], 'Tag ciphertext');
+//   const nonce = _ensureBuffer(payload[1], 'Tag nonce');
+//   const secretKey = _ensureBuffer(curveSk, 'Secret key');
+//   const publicKey = _ensureBuffer(curvePk, 'Public key');
+//   const message = Buffer.allocUnsafe(
+//     ciphertext.length - sodium.crypto_box_MACBYTES
+//   );
+//   const isValid = sodium.crypto_box_open_easy(
+//     message,
+//     ciphertext as Buffer,
+//     nonce as Buffer,
+//     publicKey as Buffer,
+//     secretKey as Buffer
+//   );
+//   return { isValid, message: message.toString('utf8') };
+// }
+
 /**
@@ -239,0 +242,0 @@ * Returns an authentication tag obtained by encrypting the hash of the message string with a key produced from the given sk and pk

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Lines of code

2483

increased by0.12%

Number of lines in readme file

85

increased by16.44%

Worsened metrics

Total package byte prevSize

104380

decreased by-0.01%

No dependency changes