@toruslabs/eccrypto
Advanced tools
Comparing version 3.0.0 to 4.0.0
@@ -66,12 +66,12 @@ /******/ (() => { // webpackBootstrap | ||
__webpack_require__.d(__webpack_exports__, { | ||
"decrypt": () => (/* binding */ decrypt), | ||
"derive": () => (/* binding */ derive), | ||
"derivePadded": () => (/* binding */ derivePadded), | ||
"deriveUnpadded": () => (/* binding */ deriveUnpadded), | ||
"encrypt": () => (/* binding */ encrypt), | ||
"generatePrivate": () => (/* binding */ generatePrivate), | ||
"getPublic": () => (/* binding */ getPublic), | ||
"getPublicCompressed": () => (/* binding */ getPublicCompressed), | ||
"sign": () => (/* binding */ sign), | ||
"verify": () => (/* binding */ verify) | ||
decrypt: () => (/* binding */ decrypt), | ||
derive: () => (/* binding */ derive), | ||
derivePadded: () => (/* binding */ derivePadded), | ||
deriveUnpadded: () => (/* binding */ deriveUnpadded), | ||
encrypt: () => (/* binding */ encrypt), | ||
generatePrivate: () => (/* binding */ generatePrivate), | ||
getPublic: () => (/* binding */ getPublic), | ||
getPublicCompressed: () => (/* binding */ getPublicCompressed), | ||
sign: () => (/* binding */ sign), | ||
verify: () => (/* binding */ verify) | ||
}); | ||
@@ -88,3 +88,5 @@ | ||
const ec = new external_elliptic_namespaceObject.ec("secp256k1"); | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const browserCrypto = __webpack_require__.g.crypto || __webpack_require__.g.msCrypto || {}; | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const subtle = browserCrypto.subtle || browserCrypto.webkitSubtle; | ||
@@ -324,3 +326,3 @@ const EC_GROUP_ORDER = Buffer.from("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", "hex"); | ||
const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]); | ||
const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac); | ||
const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac); | ||
if (!macGood && padding === false) { | ||
@@ -327,0 +329,0 @@ return decrypt(privateKey, opts, true); |
@@ -5,3 +5,5 @@ import nodeCrypto from 'crypto'; | ||
const ec = new ec$1("secp256k1"); | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const browserCrypto = global.crypto || global.msCrypto || {}; | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const subtle = browserCrypto.subtle || browserCrypto.webkitSubtle; | ||
@@ -26,2 +28,3 @@ const EC_GROUP_ORDER = Buffer.from("fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141", "hex"); | ||
} | ||
// Compare two buffers in constant time to prevent timing attacks. | ||
@@ -39,2 +42,3 @@ function equalConstTime(b1, b2) { | ||
} | ||
/* This must check if we're in the browser or | ||
@@ -112,2 +116,3 @@ not, since the functions are different and does | ||
} | ||
/** | ||
@@ -132,2 +137,3 @@ * Generate a new valid private key. Will use the window.crypto or window.msCrypto as source | ||
}; | ||
/** | ||
@@ -144,2 +150,3 @@ * Get compressed version of public key. | ||
}; | ||
// NOTE(Kagami): We don't use promise shim in Browser implementation | ||
@@ -241,3 +248,3 @@ // because it's supported natively in new browsers (see | ||
const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]); | ||
const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac); | ||
const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac); | ||
if (!macGood && padding === false) { | ||
@@ -244,0 +251,0 @@ return decrypt(privateKey, opts, true); |
{ | ||
"name": "@toruslabs/eccrypto", | ||
"version": "3.0.0", | ||
"version": "4.0.0", | ||
"description": "JavaScript Elliptic curve cryptography library, includes fix to browser.js so that encrypt/decrypt works", | ||
@@ -12,6 +12,7 @@ "main": "./dist/eccrypto.cjs.js", | ||
"test": "ECCRYPTO_NO_FALLBACK=1 mocha && karma start", | ||
"test:ci": "ECCRYPTO_NO_FALLBACK=1 mocha && npm run k", | ||
"m": "mocha", | ||
"k": "karma start", | ||
"kc": "karma start --browsers Chromium", | ||
"kf": "karma start --browsers Firefox" | ||
"k": "xvfb-run -a karma start", | ||
"kc": "xvfb-run -a karma start --browsers Chromium", | ||
"kf": "xvfb-run -a karma start --browsers Firefox" | ||
}, | ||
@@ -45,10 +46,12 @@ "repository": { | ||
"devDependencies": { | ||
"@babel/cli": "^7.21.5", | ||
"@babel/core": "^7.21.5", | ||
"@babel/plugin-transform-runtime": "^7.21.4", | ||
"@babel/preset-env": "^7.21.5", | ||
"@babel/runtime": "^7.21.5", | ||
"@toruslabs/eslint-config-typescript": "^2.0.0", | ||
"eslint-plugin-chai-expect": "^3.0.0", | ||
"@toruslabs/torus-scripts": "^4.0.0", | ||
"@babel/cli": "^7.22.10", | ||
"@babel/core": "^7.22.10", | ||
"@babel/plugin-transform-runtime": "^7.22.10", | ||
"@babel/preset-env": "^7.22.10", | ||
"@babel/runtime": "^7.22.10", | ||
"@toruslabs/config": "^2.0.1", | ||
"@toruslabs/eslint-config-node": "^3.0.0", | ||
"@toruslabs/torus-scripts": "^5.0.1", | ||
"@types/buffer-equal": "^1.0.0", | ||
"@types/chai": "^4.3.5", | ||
"@types/elliptic": "^6.4.14", | ||
@@ -58,3 +61,3 @@ "browserify": "^17.0.0", | ||
"chai": "^4.3.7", | ||
"eslint": "^8.39.0", | ||
"eslint": "^8.46.0", | ||
"karma": "^6.4.2", | ||
@@ -68,3 +71,5 @@ "karma-browserify": "^8.1.0", | ||
"karma-safari-launcher": "^1.0.0", | ||
"mocha": "^10.2.0" | ||
"mocha": "^10.2.0", | ||
"playwright": "^1.36.2", | ||
"typescript": "^5.1.6" | ||
}, | ||
@@ -75,5 +80,5 @@ "dependencies": { | ||
"engines": { | ||
"node": ">=16.18.1", | ||
"npm": ">=8.x" | ||
"node": ">=18.x", | ||
"npm": ">=9.x" | ||
} | ||
} |
@@ -1,2 +0,2 @@ | ||
# eccrypto [![Build Status](https://travis-ci.org/bitchan/eccrypto.svg?branch=master)](https://travis-ci.org/bitchan/eccrypto) | ||
# eccrypto [![Build Status](https://github.com/torusresearch/eccrypto/workflows/master/badge.svg)](https://github.com/torusresearch/eccrypto/actions) | ||
@@ -3,0 +3,0 @@ [![NPM](https://nodei.co/npm/eccrypto.png)](https://www.npmjs.com/package/eccrypto) |
@@ -5,3 +5,5 @@ import nodeCrypto from "crypto"; | ||
const ec = new EC("secp256k1"); | ||
const browserCrypto = global.crypto || global.msCrypto || {}; | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const browserCrypto = global.crypto || (global as any).msCrypto || {}; | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
const subtle = browserCrypto.subtle || (browserCrypto as any).webkitSubtle; | ||
@@ -126,3 +128,3 @@ | ||
} | ||
async function hmacSha256Verify(key, msg, sig) { | ||
async function hmacSha256Verify(key: Buffer, msg: Buffer, sig: Buffer): Promise<boolean> { | ||
const expectedSig = await hmacSha256Sign(key, msg); | ||
@@ -272,3 +274,3 @@ return equalConstTime(expectedSig, sig); | ||
const dataToMac = Buffer.concat([opts.iv, opts.ephemPublicKey, opts.ciphertext]); | ||
const macGood = await hmacSha256Verify(macKey, dataToMac, opts.mac); | ||
const macGood = await hmacSha256Verify(Buffer.from(macKey), dataToMac, opts.mac); | ||
if (!macGood && padding === false) { | ||
@@ -275,0 +277,0 @@ return decrypt(privateKey, opts, true); |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is too big to display
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
785000
1469
1
26