Socket
Socket
Sign inDemoInstall

@toruslabs/eccrypto

Package Overview
Dependencies
Maintainers
4
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@toruslabs/eccrypto - npm Package Compare versions

Comparing version 2.0.0 to 2.1.0

46

browser.js

@@ -187,3 +187,4 @@ "use strict";

var derive = exports.derive = function(privateKeyA, publicKeyB) {
var deriveUnpadded = exports.derive = function(privateKeyA, publicKeyB) {
return new Promise(function(resolve) {

@@ -210,2 +211,24 @@ assert(Buffer.isBuffer(privateKeyA), "Bad private key");

var derivePadded = exports.derivePadded = function(privateKeyA, publicKeyB) {
return new Promise(function(resolve) {
assert(Buffer.isBuffer(privateKeyA), "Bad private key");
assert(Buffer.isBuffer(publicKeyB), "Bad public key");
assert(privateKeyA.length === 32, "Bad private key");
assert(isValidPrivateKey(privateKeyA), "Bad private key");
assert(publicKeyB.length === 65 || publicKeyB.length === 33, "Bad public key");
if (publicKeyB.length === 65)
{
assert(publicKeyB[0] === 4, "Bad public key");
}
if (publicKeyB.length === 33)
{
assert(publicKeyB[0] === 2 || publicKeyB[0] === 3, "Bad public key");
}
var keyA = ec.keyFromPrivate(privateKeyA);
var keyB = ec.keyFromPublic(publicKeyB);
var Px = keyA.derive(keyB.getPublic()); // BN instance
resolve(Buffer.from(Px.toString(16, 64), 'hex'));
});
};
exports.encrypt = function(publicKeyTo, msg, opts) {

@@ -223,3 +246,3 @@ opts = opts || {};

ephemPublicKey = getPublic(ephemPrivateKey);
resolve(derive(ephemPrivateKey, publicKeyTo));
resolve(derivePadded(ephemPrivateKey, publicKeyTo));
}).then(function(Px) {

@@ -246,5 +269,6 @@ return sha512(Px);

exports.decrypt = function(privateKey, opts) {
const decrypt = function(privateKey, opts, padding = false) {
// Tmp variable to save context from flat promises;
var encryptionKey;
const derive = padding ? derivePadded : deriveUnpadded;
return derive(privateKey, opts.ephemPublicKey).then(function(Px) {

@@ -262,8 +286,14 @@ return sha512(Px);

}).then(function(macGood) {
assert(macGood, "Bad MAC");
return aesCbcDecrypt(opts.iv, encryptionKey, opts.ciphertext);
}).then(function(msg) {
return Buffer.from(new Uint8Array(msg));
});
if (!macGood && padding === false) {
return decrypt(privateKey, opts, true);
} else if (!macGood && padding === true) {
throw new Error("bad MAC after trying padded");
}
return aesCbcDecrypt(opts.iv, encryptionKey, opts.ciphertext).then(function(msg) {
return Buffer.from(new Uint8Array(msg));
});
})
};
exports.decrypt = decrypt;

2

package.json
{
"name": "@toruslabs/eccrypto",
"version": "2.0.0",
"version": "2.1.0",
"description": "JavaScript Elliptic curve cryptography library, includes fix to browser.js so that encrypt/decrypt works",

@@ -5,0 +5,0 @@ "main": "browser.js",

18

test.js

@@ -313,2 +313,20 @@ var expect = require("chai").expect;

});
it("should successfully decrypt if bad MAC is caused by inconsistent padding in derive", function(done) {
var encryption = {
ciphertext: Buffer.from('e614aff7db97b01d4b0d5cfb1387b4763cb369f74d743bed95020330d57e3ae91a574bd7ae89da0885eb5f6e332a296f', 'hex'),
ephemPublicKey: Buffer.from('04fb0a7c19defeaeeb34defbc47be3c9a4c1de500895c1e1e8ce6d0991595217f8e76c4594968e8c77d83c26f4f1ee496c40c7ac48816a4ee2edf38c550d8916a0', 'hex'),
iv: Buffer.from('456f0c039cb2224849082c3d0feebec1', 'hex'),
mac: Buffer.from('df7352dcdf2ee10c939276791515340479b526920a155b8ac932a5a26ea4c924', 'hex')
};
var decryptionKey = Buffer.from('78bb3f8efcd59ebc8c4f0dee865ba10e375869921c62caa5b3b46699504bb280', 'hex');
eccrypto.decrypt(decryptionKey, encryption)
.then(function(msg) {
done();
}).catch(function(e) {
done(e);
});
})
});
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc