eosjs-ecc - npm Package Compare versions

Comparing version 1.6.3 to 2.0.0

lib/api_common.js

@@ -23,2 +23,18 @@ "use strict";
     /**
+      Initialize by running some self-checking code.  This should take a
+      second to gather additional CPU entropy used during private key
+      generation.
+       Initialization happens once even if called multiple times.
+       @return {Promise}
+    */
+    initialize: PrivateKey.initialize,
+
+    /**
+      @return {PrivateKey} for testing, does not require initialize().
+    */
+    unsafeRandomKey: function unsafeRandomKey() {
+        return PrivateKey.unsafeRandomKey().toString();
+    },
+
+    /**
         @arg {number} [cpuEntropyBits = 128] gather additional entropy
@@ -126,5 +142,4 @@ from a CPU mining algorithm.  Set to 0 for testing.
     }
-
 };
 
 module.exports = ecc;

lib/common.test.js

 'use strict';
 
+var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; };
+
 /* eslint-env mocha */
-assert = require('assert');
+var assert = require('assert');
 
-ecc = require('.');
+var ecc = require('.');
 
+var wif = '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss';
+
 describe('Common API', function () {
-  it('randomKey', function () {
-    cpuEntropyBits = 1;
-    ecc.key_utils.addEntropy(1, 2, 3);
-    assert(/^5[HJK]/.test(ecc.randomKey(cpuEntropyBits)));
+  it('unsafeRandomKey', function () {
+    var wif = ecc.unsafeRandomKey();
+    assert.equal(typeof wif === 'undefined' ? 'undefined' : _typeof(wif), 'string', 'wif');
+    assert(/^5[HJK]/.test(ecc.unsafeRandomKey()));
   });
 
   it('seedPrivate', function () {
-    wif = '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss';
     assert.equal(ecc.seedPrivate(''), wif);
@@ -21,3 +24,3 @@ });
   it('privateToPublic', function () {
-    pub = 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM';
+    var pub = 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM';
     assert.equal(ecc.privateToPublic(wif), pub);
@@ -27,3 +30,3 @@ });
   it('isValidPublic', function () {
-    keys = [[true, 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM'], [false, 'MMM859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM'], [false, 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhTo']];
+    var keys = [[true, 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM'], [false, 'MMM859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM'], [false, 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhTo']];
     var _iteratorNormalCompletion = true;
@@ -56,3 +59,3 @@ var _didIteratorError = false;
   it('isValidPrivate', function () {
-    keys = [[true, '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss'], [false, '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjsm']];
+    var keys = [[true, '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss'], [false, '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjsm']];
     var _iteratorNormalCompletion2 = true;
@@ -85,3 +88,3 @@ var _didIteratorError2 = false;
   it('hashs', function () {
-    hashes = [
+    var hashes = [
     // ['sha1', 'da39a3ee5e6b4b0d3255bfef95601890afd80709'],
@@ -95,3 +98,3 @@ ['sha256', 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855']];
       for (var _iterator3 = hashes[Symbol.iterator](), _step3; !(_iteratorNormalCompletion3 = (_step3 = _iterator3.next()).done); _iteratorNormalCompletion3 = true) {
-        hash = _step3.value;
+        var hash = _step3.value;
 
@@ -118,9 +121,9 @@ assert.equal(ecc[hash[0]](''), hash[1]);
   it('signatures', function () {
-    wif = ecc.seedPrivate('');
-    pubkey = ecc.privateToPublic(wif);
+    var wif = ecc.seedPrivate('');
+    var pubkey = ecc.privateToPublic(wif);
 
-    data = 'hi';
-    dataSha256 = ecc.sha256(data);
+    var data = 'hi';
+    var dataSha256 = ecc.sha256(data);
 
-    sigs = [ecc.sign(data, wif), ecc.sign(dataSha256, wif, false)];
+    var sigs = [ecc.sign(data, wif), ecc.sign(dataSha256, wif, false)];
 
@@ -133,3 +136,3 @@ var _iteratorNormalCompletion4 = true;
       for (var _iterator4 = sigs[Symbol.iterator](), _step4; !(_iteratorNormalCompletion4 = (_step4 = _iterator4.next()).done); _iteratorNormalCompletion4 = true) {
-        sig = _step4.value;
+        var sig = _step4.value;
 
@@ -157,2 +160,16 @@ assert.equal(65, Buffer.from(sig, 'hex').length);
   });
+});
+
+describe('Common API (initialized)', function () {
+  it('initialize', function () {
+    return ecc.initialize();
+  });
+
+  it('randomKey', function () {
+    var cpuEntropyBits = 1;
+    ecc.key_utils.addEntropy(1, 2, 3);
+    var wif = ecc.randomKey(cpuEntropyBits);
+    assert.equal(typeof wif === 'undefined' ? 'undefined' : _typeof(wif), 'string', 'wif');
+    assert(/^5[HJK]/.test(wif));
+  });
 });

lib/key_private.js

@@ -5,2 +5,4 @@ 'use strict';
 
+function _toConsumableArray(arr) { if (Array.isArray(arr)) { for (var i = 0, arr2 = Array(arr.length); i < arr.length; i++) { arr2[i] = arr[i]; } return arr2; } else { return Array.from(arr); } }
+
 var ecurve = require('ecurve');
@@ -12,2 +14,3 @@ var Point = ecurve.Point;
 var assert = require('assert');
+
 var hash = require('./hash');
@@ -17,2 +20,3 @@ var PublicKey = require('./key_public');
 var createHash = require('create-hash');
+var promiseAsync = require('./promise-async');
 
@@ -210,4 +214,83 @@ var G = secp256k1.G;
 
-PrivateKey.randomKey = function (cpuEntropyBits) {
+/**
+  Create a new random private key.
+
+  Call initialize() first to run some self-checking code and gather some CPU
+  entropy.
+
+  @arg {number} [cpuEntropyBits = 0] - additional CPU entropy (in addition
+  to initialize())
+
+  @return {PrivateKey} - random private key
+*/
+PrivateKey.randomKey = function () {
+    var cpuEntropyBits = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 0;
+
+    assert(unitTested, 'Call initialize() before creating a safe private key');
     return PrivateKey.fromBuffer(keyUtils.random32ByteBuffer({ cpuEntropyBits: cpuEntropyBits }));
+};
+
+/**
+  @return {PrivateKey} for testing, does not require initialize().
+*/
+PrivateKey.unsafeRandomKey = function () {
+    return PrivateKey.fromBuffer(keyUtils.random32ByteBuffer({ safe: false }));
+};
+
+var initialized = false,
+    unitTested = false;
+
+/**
+  Run self-checking code and gather CPU entropy.
+
+  Initialization happens once even if called multiple times.
+
+  @return {Promise}
+*/
+function initialize() {
+    if (initialized) {
+        return;
+    }
+
+    unitTest();
+    keyUtils.addEntropy.apply(keyUtils, _toConsumableArray(keyUtils.cpuEntropy()));
+    assert(keyUtils.entropyCount() >= 128, 'insufficient entropy');
+
+    initialized = true;
+}
+
+PrivateKey.initialize = promiseAsync(initialize);
+
+/**
+  Unit test basic private and public key functionality.
+
+  @throws {AssertError}
+*/
+function unitTest() {
+    var privateKey = PrivateKey(hash.sha256(''));
+    var wif = privateKey.toWif();
+
+    assert.equal(wif, '5KYZdUEo39z3FPrtuX2QbbwGnNP5zTd7yyr2SC1j299sBCnWjss', 'wif comparison test failed on a known private key');
+
+    var pubkey = privateKey.toPublic().toString();
+    assert.equal(pubkey, 'EOS859gxfnXyUriMgUeThh1fWv3oqcpLFyHa3TfFYC4PK2HqhToVM', 'pubkey string comparison test failed on a known public key');
+
+    doesNotThrow(function () {
+        return PrivateKey.fromWif(wif);
+    }, 'converting known wif from string');
+    doesNotThrow(function () {
+        return PublicKey.fromString(pubkey);
+    }, 'converting known public key from string');
+
+    unitTested = true;
+}
+
+/** @private */
+var doesNotThrow = function doesNotThrow(cb, msg) {
+    try {
+        cb();
+    } catch (error) {
+        error.message = msg + ' ==> ' + error.message;
+        throw error;
+    }
 };

lib/key_utils.js

 'use strict';
 
+var _typeof = typeof Symbol === "function" && typeof Symbol.iterator === "symbol" ? function (obj) { return typeof obj; } : function (obj) { return obj && typeof Symbol === "function" && obj.constructor === Symbol && obj !== Symbol.prototype ? "symbol" : typeof obj; };
+
+var assert = require('assert');
 var randomBytes = require('randombytes');
+
 var hash = require('./hash');
@@ -8,13 +12,24 @@
     random32ByteBuffer: random32ByteBuffer,
-    addEntropy: addEntropy
+    addEntropy: addEntropy,
+    cpuEntropy: cpuEntropy,
+    entropyCount: function entropyCount() {
+        return _entropyCount;
+    }
 };
 
 var entropyPos = 0,
-    entropyCount = 0;
+    _entropyCount = 0;
+
 var externalEntropyArray = randomBytes(101);
 
 /**
+    Additional forms of entropy are used.  A week random number generator can run out of entropy.  This should ensure even the worst random number implementation will be reasonably safe.
+
+    @arg {number} [cpuEntropyBits = 0] generate entropy on the fly.  This is
+    not required, entropy can be added in advanced via addEntropy or initialize().
+
+    @arg {boolean} [safe = true] false for testing, otherwise this will be
+    true to ensure initialize() was called.
+
     @return a random buffer obtained from the secure random number generator.  Additional entropy is used.
-
-    Additional forms of entropy are used.  A week random number generator can run out of entropy.  This should ensure even the worst random number implementation will be reasonably safe.
 */
@@ -24,8 +39,17 @@ function random32ByteBuffer() {
         _ref$cpuEntropyBits = _ref.cpuEntropyBits,
-        cpuEntropyBits = _ref$cpuEntropyBits === undefined ? 128 : _ref$cpuEntropyBits;
+        cpuEntropyBits = _ref$cpuEntropyBits === undefined ? 0 : _ref$cpuEntropyBits,
+        _ref$safe = _ref.safe,
+        safe = _ref$safe === undefined ? true : _ref$safe;
 
-    if (entropyCount > 0) {
-        console.log('Additional private key entropy: ' + entropyCount + ' events');
-        entropyCount = 0;
+    assert(typeof cpuEntropyBits === 'undefined' ? 'undefined' : _typeof(cpuEntropyBits), 'number', 'cpuEntropyBits');
+    assert(typeof safe === 'undefined' ? 'undefined' : _typeof(safe), 'boolean', 'boolean');
+
+    if (safe) {
+        assert(_entropyCount >= 128, 'Call initialize() to add entropy');
     }
+
+    // if(entropyCount > 0) {
+    //     console.log(`Additional private key entropy: ${entropyCount} events`)
+    // }
+
     var hash_array = [];
@@ -40,3 +64,5 @@ hash_array.push(randomBytes(32));
 /**
-    Add entropy via external events (like mouse events).  This may be called many times while the amount of data saved is limited.  Data is retained in RAM for the life of this module.
+    Adds entropy.  This may be called many times while the amount of data saved
+    is accumulatively reduced to 101 integers.  Data is retained in RAM for the
+    life of this module.
 
@@ -59,2 +85,4 @@ @example React <code>
 function addEntropy() {
+    assert.equal(externalEntropyArray.length, 101, 'externalEntropyArray');
+
     for (var _len = arguments.length, ints = Array(_len), _key = 0; _key < _len; _key++) {
@@ -64,3 +92,3 @@ ints[_key] = arguments[_key];
 
-    entropyCount += ints.length;
+    _entropyCount += ints.length;
     var _iteratorNormalCompletion = true;
@@ -95,10 +123,13 @@ var _didIteratorError = false;
 /**
-    This runs in just under 1 second and ensures a minimum of 512 bits of entropy are gathered.
+    This runs in just under 1 second and ensures a minimum of cpuEntropyBits
+    bits of entropy are gathered.
 
+    Based on more-entropy. @see https://github.com/keybase/more-entropy/blob/master/src/generator.iced
+
+    @arg {number} [cpuEntropyBits = 128]
     @return {array} counts gathered by measuring variations in the CPU speed during floating point operations.
+*/
+function cpuEntropy() {
+    var cpuEntropyBits = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : 128;
 
-    Based on more-entropy.
-    @see https://github.com/keybase/more-entropy/blob/master/src/generator.iced
-*/
-function cpuEntropy(cpuEntropyBits) {
     var collected = [];
@@ -136,2 +167,3 @@ var lastCount = null;
 /**
+    @private
     Count while performing floating point operations during a fixed time
@@ -157,2 +189,3 @@ (7 ms for example).  Using a fixed time makes this algorithm
 /**
+    @private
     Attempt to gather and hash information from the browser's window, history, and supported mime types.  For non-browser environments this simply includes secure random data.  In any event, the information is re-hashed in a loop for 25 milliseconds seconds.
@@ -159,0 +192,0 @@

lib/object.test.js

 'use strict';
 
 /* eslint-env mocha */
-assert = require('assert');
+var assert = require('assert');
 
-ecc = require('.');
+var ecc = require('.');
 
-var _ecc = ecc,
-    PublicKey = _ecc.PublicKey,
-    PrivateKey = _ecc.PrivateKey;
+var PublicKey = ecc.PublicKey,
+    PrivateKey = ecc.PrivateKey;
 
@@ -15,3 +14,3 @@
   it('PrivateKey constructor', function () {
-    privateKey = PrivateKey.randomKey({ cpuEntropyBits: 0 });
+    var privateKey = PrivateKey.randomKey({ cpuEntropyBits: 0 });
     assert(privateKey.toWif() === PrivateKey(privateKey.toWif()).toWif());
@@ -26,3 +25,3 @@ assert(privateKey.toWif() === PrivateKey(privateKey.toBuffer()).toWif());
   it('PublicKey constructor', function () {
-    publicKey = PrivateKey.randomKey({ cpuEntropyBits: 0 }).toPublic();
+    var publicKey = PrivateKey.randomKey({ cpuEntropyBits: 0 }).toPublic();
     assert(publicKey.toString() === PublicKey(publicKey.toString()).toString());
@@ -29,0 +28,0 @@ assert(publicKey.toString() === PublicKey(publicKey.toBuffer()).toString());

package.json

 {
   "name": "eosjs-ecc",
-  "version": "1.6.3",
+  "version": "2.0.0",
   "description": "Elliptic curve cryptography functions",
@@ -8,3 +8,3 @@ "keywords": "ECC, Private Key, Public Key, Signature, AES, Encryption, Decryption",
   "scripts": {
-    "test": "mocha src/*.test.js",
+    "test": "mocha --use_strict src/*.test.js",
     "coverage": "istanbul cover _mocha -- -R spec src/*.test.js",
@@ -17,3 +17,4 @@ "coveralls": "npm run coverage && cat ./coverage/lcov.info | ./node_modules/.bin/coveralls",
     "build_lib": "node_modules/babel-cli/bin/babel.js src --out-dir lib",
-    "build_browser": "mkdir -p dist && browserify -o dist/eosjs-ecc.js -s eosjs_ecc src/index.js && sha256sum dist/eosjs-ecc.js"
+    "build_browser": "mkdir -p dist && browserify -o dist/eosjs-ecc.js -s eosjs_ecc src/index.js && sha256sum dist/eosjs-ecc.js",
+    "build_browser_test": "mkdir -p dist && browserify -o dist/eosjs-ecc-test.js src/*.test.js"
   },
@@ -20,0 +21,0 @@ "repository": {

README.md

@@ -28,2 +28,16 @@ [![NPM](https://img.shields.io/npm/v/eosjs-ecc.svg)](https://www.npmjs.org/package/eosjs-ecc)
 
+### initialize
+
+Initialize by running some self-checking code.  This should take a
+second to gather additional CPU entropy used during private key
+generation.
+
+Initialization happens once even if called multiple times.
+
+Returns **[Promise](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise)** 
+
+### unsafeRandomKey
+
+Returns **PrivateKey** for testing, does not require initialize().
+
 ### randomKey
@@ -30,0 +44,0 @@

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

1972001

increased by45.06%

Number of package files

43

increased by10.26%

Lines of code

50440

increased by50.59%

Number of lines in readme file

243

increased by6.11%

Worsened metrics

Number of low supply chain risk alerts

12

increased by50%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes