crypto-browserify - npm Package Compare versions

Comparing version 3.3.0 to 3.4.0

create-hash.js

 var createHash = require('sha.js')
 
-var md5 = toConstructor(require('./md5'))
-var rmd160 = toConstructor(require('ripemd160'))
+var md5 = require('./md5')
+var rmd160 = require('ripemd160')
+var Transform = require('stream').Transform;
+var inherits = require('util').inherits
 
-function toConstructor (fn) {
-  return function () {
-    var buffers = []
-    var m= {
-      update: function (data, enc) {
-        if(!Buffer.isBuffer(data)) data = new Buffer(data, enc)
-        buffers.push(data)
-        return this
-      },
-      digest: function (enc) {
-        var buf = Buffer.concat(buffers)
-        var r = fn(buf)
-        buffers = null
-        return enc ? r.toString(enc) : r
-      }
-    }
-    return m
+module.exports = function (alg) {
+  if('md5' === alg) return new HashNoConstructor(md5)
+  if('rmd160' === alg) return new HashNoConstructor(rmd160)
+  return new Hash(createHash(alg))
+}
+inherits(HashNoConstructor, Transform)
+
+function HashNoConstructor(hash) {
+  Transform.call(this);
+  this._hash = hash
+  this.buffers = []
+}
+
+HashNoConstructor.prototype._transform = function (data, _, done) {
+  this.buffers.push(data)
+  done()
+}
+HashNoConstructor.prototype._flush = function (done) {
+  var buf = Buffer.concat(this.buffers)
+  var r = this._hash(buf)
+  this.buffers = null
+  this.push(r)
+  done()
+}
+HashNoConstructor.prototype.update = function (data, enc) {
+  this.write(data, enc)
+  return this
+}
+
+HashNoConstructor.prototype.digest = function (enc) {
+  this.end()
+  var outData = new Buffer('')
+  var chunk
+  while ((chunk = this.read())) {
+    outData = Buffer.concat([outData, chunk])
   }
+  if (enc) {
+    outData = outData.toString(enc)
+  }
+  return outData
 }
 
-module.exports = function (alg) {
-  if('md5' === alg) return new md5()
-  if('rmd160' === alg) return new rmd160()
-  return createHash(alg)
+inherits(Hash, Transform)
+
+function Hash(hash) {
+  Transform.call(this);
+  this._hash = hash
 }
+
+Hash.prototype._transform = function (data, _, done) {
+  this._hash.update(data)
+  done()
+}
+Hash.prototype._flush = function (done) {
+  this.push(this._hash.digest())
+  this._hash = null
+  done()
+}
+Hash.prototype.update = function (data, enc) {
+  this.write(data, enc)
+  return this
+}
+
+Hash.prototype.digest = function (enc) {
+  this.end()
+  var outData = new Buffer('')
+  var chunk
+  while ((chunk = this.read())) {
+    outData = Buffer.concat([outData, chunk])
+  }
+  if (enc) {
+    outData = outData.toString(enc)
+  }
+  return outData
+}

create-hmac.js

 var createHash = require('./create-hash')
-
+var Transform = require('stream').Transform;
+var inherits = require('util').inherits
 var zeroBuffer = new Buffer(128)
@@ -7,5 +8,7 @@ zeroBuffer.fill(0)
 module.exports = Hmac
-
+inherits(Hmac, Transform)
 function Hmac (alg, key) {
   if(!(this instanceof Hmac)) return new Hmac(alg, key)
+
+  Transform.call(this)
   this._opad = opad
@@ -36,10 +39,29 @@ this._alg = alg
 Hmac.prototype.update = function (data, enc) {
-  this._hash.update(data, enc)
+  this.write(data, enc)
   return this
 }
 
-Hmac.prototype.digest = function (enc) {
+Hmac.prototype._transform = function (data, _, next) {
+  this._hash.update(data)
+  next()
+}
+
+Hmac.prototype._flush = function (next) {
   var h = this._hash.digest()
-  return createHash(this._alg).update(this._opad).update(h).digest(enc)
+  this.push(createHash(this._alg).update(this._opad).update(h).digest())
+  next()
 }
 
+Hmac.prototype.digest = function (enc) {
+  this.end()
+  var outData = new Buffer('')
+  var chunk
+  while ((chunk = this.read())) {
+    outData = Buffer.concat([outData, chunk])
+  }
+  if (enc) {
+    outData = outData.toString(enc)
+  }
+  return outData
+}
+

index.js

@@ -39,8 +39,8 @@ var rng = require('./rng')
 require('browserify-aes/inject')(exports, module.exports);
+require('browserify-sign/inject')(module.exports, exports);
+require('diffie-hellman/inject')(exports, module.exports);
 
 // the least I can do is make error messages for the rest of the node.js/crypto api.
-each(['createCredentials'
-, 'createSign'
-, 'createVerify'
-, 'createDiffieHellman'
+each([
+  'createCredentials',
 ], function (name) {
@@ -47,0 +47,0 @@ exports[name] = function () {

package.json

@@ -5,3 +5,3 @@ {
   "description": "partial implementation of crypto for the browser",
-  "version": "3.3.0",
+  "version": "3.4.0",
   "homepage": "https://github.com/dominictarr/crypto-browserify",
@@ -13,3 +13,3 @@ "repository": {
   "scripts": {
-    "test": "set -e; for t in test/*.js; do node $t; done"
+    "test": "set -e; for t in test/node/*.js test/*.js; do node $t; done"
   },
@@ -20,6 +20,7 @@ "engines": {
   "dependencies": {
+    "browserify-aes": "0.4.0",
+    "browserify-sign": "2.4.0",
     "pbkdf2-compat": "2.0.1",
     "ripemd160": "0.2.0",
-    "sha.js": "2.2.6",
-    "browserify-aes": "0.4.0"
+    "diffie-hellman": "2.2.0"
   },
@@ -26,0 +27,0 @@ "devDependencies": {

test/create-hash.js

@@ -12,3 +12,2 @@ var fs = require('fs')
   test('test ' + algorithm + ' against test vectors', function (t) {
-
     vectors.forEach(function (obj, i) {
@@ -29,3 +28,10 @@ var input = new Buffer(obj.input, 'base64')
     });
-
+    vectors.forEach(function (obj, i) {
+      var input = new Buffer(obj.input, 'base64')
+      var node = obj[algorithm]
+      var hash = createHash(algorithm);
+      hash.end(input)
+      var js = hash.read().toString('hex')
+      t.equal(js, node, algorithm + '(testVector['+i+']) == ' + node)
+    })
     t.end()
@@ -32,0 +38,0 @@ })

test/create-hmac.js

@@ -21,2 +21,15 @@
 
+  test('hmac('+alg+')', function (t) {
+    vectors.forEach(function (input, i) {
+      var hmac = createHmac(alg, new Buffer(input.key, 'hex'))
+
+      hmac.end(input.data, 'hex')
+      var output = hmac.read()
+
+      output = input.truncate ? output.slice(0, input.truncate) : output
+      t.equal(output.toString('hex'), input[alg])
+    })
+    t.end()
+  })
+
 })
@@ -23,0 +36,0 @@

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Number of package files

23

increased by9.52%

Worsened metrics

Total package byte prevSize

47157

decreased by-96.57%

Dependency count

5

increased by25%

Lines of code

1190

decreased by-94.05%

Number of lines in readme file

47

decreased by-2.08%

Number of low supply chain risk alerts

10

increased by11.11%

Number of medium supply chain risk alerts

1

increased byInfinity%

Dependency changes

• + Addedbrowserify-sign@2.4.0

• + Addeddiffie-hellman@2.2.0

• + Addedasn1.js@0.6.7(transitive)

• + Addedasn1.js-rfc3280@0.5.2(transitive)

• + Addedbn.js@0.15.20.16.11.3.0(transitive)

• + Addedbrorand@1.1.0(transitive)

• + Addedbrowserify-sign@2.4.0(transitive)

• + Addedcore-util-is@1.0.3(transitive)

• + Addeddiffie-hellman@2.2.0(transitive)

• + Addedelliptic@0.15.17(transitive)

• + Addedhash.js@0.2.1(transitive)

• + Addedisarray@0.0.1(transitive)

• + Addedmiller-rabin@1.1.5(transitive)

• + Addedpemstrip@0.0.1(transitive)

• + Addedreadable-stream@1.1.14(transitive)

• + Addedstring_decoder@0.10.31(transitive)

• - Removedsha.js@2.2.6

• - Removedsha.js@2.2.6(transitive)