@zilliqa-js/crypto - npm Package Compare versions

Comparing version 0.3.0 to 0.3.2

dist/keystore.js

@@ -13,2 +13,3 @@ "use strict";
 var util_2 = require("./util");
+var ALGO_IDENTIFIER = 'aes-128-ctr';
 /**
@@ -82,3 +83,3 @@ * getDerivedKey
                         crypto: {
-                            cipher: 'aes-128-ctr',
+                            cipher: ALGO_IDENTIFIER,
                             cipherparams: {
@@ -91,4 +92,10 @@ iv: iv.toString('hex'),
                             mac: hash_js_1.default
-                                .sha256()
-                                .update(Buffer.concat([derivedKey.slice(16, 32), ciphertext]), 'hex')
+                                // @ts-ignore
+                                .hmac(hash_js_1.default.sha256, derivedKey, 'hex')
+                                .update(Buffer.concat([
+                                derivedKey.slice(16, 32),
+                                ciphertext,
+                                iv,
+                                Buffer.from(ALGO_IDENTIFIER),
+                            ]), 'hex')
                                 .digest('hex'),
@@ -123,4 +130,10 @@ },
                 mac = hash_js_1.default
-                    .sha256()
-                    .update(Buffer.concat([derivedKey.slice(16, 32), ciphertext]), 'hex')
+                    // @ts-ignore
+                    .hmac(hash_js_1.default.sha256, derivedKey, 'hex')
+                    .update(Buffer.concat([
+                    derivedKey.slice(16, 32),
+                    ciphertext,
+                    iv,
+                    Buffer.from(ALGO_IDENTIFIER),
+                ]), 'hex')
                     .digest('hex');
@@ -127,0 +140,0 @@ // we need to do a byte-by-byte comparison to avoid non-constant time side

package.json

 {
   "name": "@zilliqa-js/crypto",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "Core crypto utilities for signing/verification/hashing Zilliqa transactions.",
@@ -32,3 +32,3 @@ "main": "dist/index.js",
   },
-  "gitHead": "7099301a8c3cde45cf083f9f947ba6461001c927"
+  "gitHead": "03c1bc68e13d609f6a9c951ae5fe78459d821ec4"
 }

src/keystore.ts

@@ -19,2 +19,4 @@ import aes from 'aes-js';
 
+const ALGO_IDENTIFIER = 'aes-128-ctr';
+
 /**
@@ -100,3 +102,3 @@ * getDerivedKey
     crypto: {
-      cipher: 'aes-128-ctr',
+      cipher: ALGO_IDENTIFIER,
       cipherparams: {
@@ -109,4 +111,13 @@ iv: iv.toString('hex'),
       mac: hashjs
-        .sha256()
-        .update(Buffer.concat([derivedKey.slice(16, 32), ciphertext]), 'hex')
+        // @ts-ignore
+        .hmac(hashjs.sha256, derivedKey, 'hex')
+        .update(
+          Buffer.concat([
+            derivedKey.slice(16, 32),
+            ciphertext,
+            iv,
+            Buffer.from(ALGO_IDENTIFIER),
+          ]),
+          'hex',
+        )
         .digest('hex'),
@@ -143,4 +154,13 @@ },
   const mac = hashjs
-    .sha256()
-    .update(Buffer.concat([derivedKey.slice(16, 32), ciphertext]), 'hex')
+    // @ts-ignore
+    .hmac(hashjs.sha256, derivedKey, 'hex')
+    .update(
+      Buffer.concat([
+        derivedKey.slice(16, 32),
+        ciphertext,
+        iv,
+        Buffer.from(ALGO_IDENTIFIER),
+      ]),
+      'hex',
+    )
     .digest('hex');
@@ -147,0 +167,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

4917290

increased by0.07%

Lines of code

44371

increased by0.13%

No dependency changes