browserify-sign - npm Package Compare versions

Comparing version 3.0.3 to 3.0.8

algos.js

@@ -23,10 +23,10 @@ 'use strict'
 exports['RSA-SHA1'] = {
-	sign: 'rsa',
-	hash: 'sha1',
-	id: new Buffer('3021300906052b0e03021a05000414', 'hex')
+  sign: 'rsa',
+  hash: 'sha1',
+  id: new Buffer('3021300906052b0e03021a05000414', 'hex')
 }
 exports['ecdsa-with-SHA1'] = {
-	sign: 'ecdsa',
-	hash: 'sha1',
-	id: new Buffer('', 'hex')
+  sign: 'ecdsa',
+  hash: 'sha1',
+  id: new Buffer('', 'hex')
 }
@@ -33,0 +33,0 @@ exports.DSA = exports['DSA-SHA1'] = exports['DSA-SHA'] = {

browser.js

@@ -1,8 +0,8 @@
-'use strict'
+var _algos = require('./algos')
+var createHash = require('create-hash')
+var inherits = require('inherits')
 var sign = require('./sign')
+var stream = require('stream')
 var verify = require('./verify')
-var stream = require('stream')
-var inherits = require('inherits')
-var _algos = require('./algos')
-var createHash = require('create-hash')
+
 var algos = {}
@@ -13,21 +13,9 @@ Object.keys(_algos).forEach(function (key) {
 
-exports.createSign = exports.Sign = createSign
-
-function createSign (algorithm) {
-  return new Sign(algorithm)
-}
-
-exports.createVerify = exports.Verify = createVerify
-
-function createVerify (algorithm) {
-  return new Verify(algorithm)
-}
-
-inherits(Sign, stream.Writable)
-
 function Sign (algorithm) {
   stream.Writable.call(this)
+
   var data = algos[algorithm]
-  if (!data)
+  if (!data) {
     throw new Error('Unknown message digest')
+  }
 
@@ -39,2 +27,3 @@ this._hashType = data.hash
 }
+inherits(Sign, stream.Writable)
 
@@ -47,4 +36,6 @@ Sign.prototype._write = function _write (data, _, done) {
 Sign.prototype.update = function update (data, enc) {
-  if (typeof data === 'string')
+  if (typeof data === 'string') {
     data = new Buffer(data, enc)
+  }
+
   this._hash.update(data)
@@ -58,14 +49,13 @@ return this
   var sig = sign(Buffer.concat([this._tag, hash]), key, this._hashType, this._signType)
-  if (enc) {
-    sig = sig.toString(enc)
-  }
-  return sig
+
+  return enc ? sig.toString(enc) : sig
 }
 
-inherits(Verify, stream.Writable)
 function Verify (algorithm) {
   stream.Writable.call(this)
+
   var data = algos[algorithm]
-  if (!data)
+  if (!data) {
     throw new Error('Unknown message digest')
+  }
 
@@ -76,5 +66,7 @@ this._hash = createHash(data.hash)
 }
+inherits(Verify, stream.Writable)
 
 Verify.prototype._write = function _write (data, _, done) {
   this._hash.update(data)
+
   done()
@@ -84,4 +76,5 @@ }
 Verify.prototype.update = function update (data, enc) {
-  if (typeof data === 'string')
+  if (typeof data === 'string') {
     data = new Buffer(data, enc)
+  }
 
@@ -93,8 +86,25 @@ this._hash.update(data)
 Verify.prototype.verify = function verifyMethod (key, sig, enc) {
+  if (typeof sig === 'string') {
+    sig = new Buffer(sig, enc)
+  }
+
   this.end()
   var hash = this._hash.digest()
-  if (typeof sig === 'string')
-    sig = new Buffer(sig, enc)
 
   return verify(sig, Buffer.concat([this._tag, hash]), key, this._signType)
 }
+
+function createSign (algorithm) {
+  return new Sign(algorithm)
+}
+
+function createVerify (algorithm) {
+  return new Verify(algorithm)
+}
+
+module.exports = {
+  Sign: createSign,
+  Verify: createVerify,
+  createSign: createSign,
+  createVerify: createVerify
+}

package.json

 {
   "name": "browserify-sign",
-  "version": "3.0.3",
+  "version": "3.0.8",
   "description": "",
@@ -8,3 +8,5 @@ "main": "index.js",
   "scripts": {
-    "test": "node test/index.js | tspec"
+    "unit": "node test/index.js | tspec",
+    "standard": "standard",
+    "test": "npm run standard && npm run unit"
   },
@@ -28,4 +30,5 @@ "repository": {
     "tap-spec": "^1.0.1",
-    "tape": "^3.0.3"
+    "tape": "^3.0.3",
+    "standard": "^5.0.0"
   }
 }

sign.js

 // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
-var parseKeys = require('parse-asn1')
-var BN = require('bn.js')
-var elliptic = require('elliptic')
+var createHmac = require('create-hmac')
 var crt = require('browserify-rsa')
-var createHmac = require('create-hmac')
 var curves = require('./curves')
+var elliptic = require('elliptic')
+var parseKeys = require('parse-asn1')
 
-module.exports = sign
+var BN = require('bn.js')
+var EC = elliptic.ec
+
 function sign (hash, key, hashType, signType) {
   var priv = parseKeys(key)
   if (priv.curve) {
-    if (signType !== 'ecdsa') {
-      throw new Error('wrong private key type')
-    }
+    if (signType !== 'ecdsa') throw new Error('wrong private key type')
+
     return ecSign(hash, priv)
   } else if (priv.type === 'dsa') {
-    return dsaSign(hash, priv, hashType)
     if (signType !== 'dsa') {
       throw new Error('wrong private key type')
     }
+    return dsaSign(hash, priv, hashType)
   } else {
-    if (signType !== 'rsa') {
-      throw new Error('wrong private key type')
-    }
+    if (signType !== 'rsa') throw new Error('wrong private key type')
   }
+
   var len = priv.modulus.byteLength()
@@ -41,14 +40,16 @@ var pad = [ 0, 1 ]
 }
+
 function ecSign (hash, priv) {
   var curveId = curves[priv.curve.join('.')]
-  if (!curveId)
-    throw new Error('unknown curve ' + priv.curve.join('.'))
+  if (!curveId) throw new Error('unknown curve ' + priv.curve.join('.'))
 
-  var curve = new elliptic.ec(curveId)
+  var curve = new EC(curveId)
+  var key = curve.genKeyPair()
 
-  var key = curve.genKeyPair()
   key._importPrivate(priv.privateKey)
   var out = key.sign(hash)
+
   return new Buffer(out.toDER())
 }
+
 function dsaSign (hash, priv, algo) {
@@ -58,3 +59,2 @@ var x = priv.params.priv_key
   var q = priv.params.q
-  var montq = BN.mont(q)
   var g = priv.params.g
@@ -77,2 +77,3 @@ var r = new BN(0)
 }
+
 function toDER (r, s) {
@@ -83,7 +84,9 @@ r = r.toArray()
   // Pad values
-  if (r[0] & 0x80)
+  if (r[0] & 0x80) {
     r = [ 0 ].concat(r)
+  }
   // Pad values
-  if (s[0] & 0x80)
+  if (s[0] & 0x80) {
     s = [0].concat(s)
+  }
 
@@ -95,3 +98,3 @@ var total = r.length + s.length + 4
 }
-module.exports.getKey = getKey
+
 function getKey (x, q, hash, algo) {
@@ -133,2 +136,3 @@ x = new Buffer(x.toArray())
 }
+
 function bits2int (obits, q) {
@@ -142,2 +146,3 @@ var bits = new BN(obits)
 }
+
 function bits2octets (bits, q) {
@@ -154,8 +159,9 @@ bits = bits2int(bits, q)
 }
-module.exports.makeKey = makeKey
+
 function makeKey (q, kv, algo) {
-  var t
-  var k
-  while (true) {
+  var t, k
+
+  do {
     t = new Buffer('')
+
     while (t.length * 8 < q.bitLength()) {
@@ -167,17 +173,22 @@ kv.v = createHmac(algo, kv.k)
     }
+
     k = bits2int(t, q)
-    kv.k =  createHmac(algo, kv.k)
-        .update(kv.v)
-        .update(new Buffer([0]))
-        .digest()
+    kv.k = createHmac(algo, kv.k)
+      .update(kv.v)
+      .update(new Buffer([0]))
+      .digest()
     kv.v = createHmac(algo, kv.k)
-        .update(kv.v)
-        .digest()
-    if (k.cmp(q) === -1) {
-      return k
-    }
-  }
+      .update(kv.v)
+      .digest()
+  } while (k.cmp(q) !== -1)
+
+  return k
 }
+
 function makeR (g, k, p, q) {
   return g.toRed(BN.mont(p)).redPow(k).fromRed().mod(q)
 }
+
+module.exports = sign
+module.exports.getKey = getKey
+module.exports.makeKey = makeKey

verify.js

@@ -1,8 +0,8 @@
-'use strict'
 // much of this based on https://github.com/indutny/self-signed/blob/gh-pages/lib/rsa.js
+var curves = require('./curves')
+var elliptic = require('elliptic')
 var parseKeys = require('parse-asn1')
-var elliptic = require('elliptic')
-var curves = require('./curves')
+
 var BN = require('bn.js')
-module.exports = verify
+var EC = elliptic.ec
 
@@ -60,12 +60,13 @@ function verify (sig, hash, key, signType) {
 }
+
 function ecVerify (sig, hash, pub) {
   var curveId = curves[pub.data.algorithm.curve.join('.')]
-  if (!curveId)
-    throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.'))
+  if (!curveId) throw new Error('unknown curve ' + pub.data.algorithm.curve.join('.'))
 
-  var curve = new elliptic.ec(curveId)
+  var curve = new EC(curveId)
+  var pubkey = pub.data.subjectPrivateKey.data
 
-  var pubkey = pub.data.subjectPrivateKey.data
   return curve.verify(hash, sig, pubkey)
 }
+
 function dsaVerify (sig, hash, pub) {
@@ -81,15 +82,15 @@ var p = pub.data.p
   checkValue(r, q)
-  var montq = BN.mont(q)
   var montp = BN.mont(p)
-  var w =  s.invm(q)
+  var w = s.invm(q)
   var v = g.toRed(montp)
-  .redPow(new BN(hash).mul(w).mod(q))
-  .fromRed()
-  .mul(
-    y.toRed(montp)
-    .redPow(r.mul(w).mod(q))
+    .redPow(new BN(hash).mul(w).mod(q))
     .fromRed()
+    .mul(
+      y.toRed(montp)
+        .redPow(r.mul(w).mod(q))
+        .fromRed()
   ).mod(p).mod(q)
   return !v.cmp(r)
 }
+
 function checkValue (b, q) {
@@ -103,1 +104,3 @@ if (b.cmpn(0) <= 0) {
 }
+
+module.exports = verify

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

13189

decreased by-10.49%

Dev dependency count

3

increased by50%

Number of package files

13

decreased by-7.14%

Lines of code

424

decreased by-15.2%

Number of lines in readme file

5

decreased by-72.22%

No dependency changes