libp2p-crypto - npm Package Compare versions

Comparing version 0.10.3 to 0.10.4

CHANGELOG.md

@@ -0,1 +1,11 @@
+<a name="0.10.4"></a>
+## [0.10.4](https://github.com/libp2p/js-libp2p-crypto/compare/v0.10.3...v0.10.4) (2017-12-01)
+
+
+### Bug Fixes
+
+* catch error when unmarshaling instead of crashing ([#113](https://github.com/libp2p/js-libp2p-crypto/issues/113)) ([7608fdd](https://github.com/libp2p/js-libp2p-crypto/commit/7608fdd))
+
+
+
 <a name="0.10.3"></a>
@@ -2,0 +12,0 @@ ## [0.10.3](https://github.com/libp2p/js-libp2p-crypto/compare/v0.10.2...v0.10.3) (2017-09-07)

package.json

 {
   "name": "libp2p-crypto",
-  "version": "0.10.3",
+  "version": "0.10.4",
   "description": "Crypto primitives for libp2p",
@@ -33,8 +33,8 @@ "main": "src/index.js",
   "dependencies": {
-    "asn1.js": "^4.9.1",
-    "async": "^2.5.0",
-    "browserify-aes": "^1.0.8",
+    "asn1.js": "^5.0.0",
+    "async": "^2.6.0",
+    "browserify-aes": "^1.1.1",
     "keypair": "^1.0.1",
     "libp2p-crypto-secp256k1": "~0.2.2",
-    "multihashing-async": "~0.4.6",
+    "multihashing-async": "~0.4.7",
     "pem-jwk": "^1.5.1",
@@ -47,3 +47,3 @@ "protons": "^1.0.0",
   "devDependencies": {
-    "aegir": "^12.0.5",
+    "aegir": "^12.2.0",
     "benchmark": "^2.1.4",
@@ -76,2 +76,3 @@ "chai": "^4.1.2",
     "Jack Kleeman <jackkleeman@gmail.com>",
+    "Maciej Krüger <mkg20001@gmail.com>",
     "Richard Littauer <richard.littauer@gmail.com>",
@@ -78,0 +79,0 @@ "Tom Swindell <t.swindell@rubyx.co.uk>",

src/keys/ed25519.js

@@ -10,13 +10,11 @@ 'use strict'
 exports.generateKey = function (callback) {
-  const done = (err, res) => setImmediate(() => {
-    callback(err, res)
+  setImmediate(() => {
+    let result
+    try {
+      result = nacl.sign.keyPair()
+    } catch (err) {
+      return callback(err)
+    }
+    callback(null, result)
   })
-
-  let keys
-  try {
-    keys = nacl.sign.keyPair()
-  } catch (err) {
-    return done(err)
-  }
-  done(null, keys)
 }
@@ -26,11 +24,11 @@
 exports.generateKeyFromSeed = function (seed, callback) {
-  const done = (err, res) => setImmediate(() => callback(err, res))
-
-  let keys
-  try {
-    keys = nacl.sign.keyPair.fromSeed(seed)
-  } catch (err) {
-    return done(err)
-  }
-  done(null, keys)
+  setImmediate(() => {
+    let result
+    try {
+      result = nacl.sign.keyPair.fromSeed(seed)
+    } catch (err) {
+      return callback(err)
+    }
+    callback(null, result)
+  })
 }
@@ -46,4 +44,11 @@
   setImmediate(() => {
-    callback(null, nacl.sign.detached.verify(msg, sig, key))
+    let result
+    try {
+      result = nacl.sign.detached.verify(msg, sig, key)
+    } catch (err) {
+      return callback(err)
+    }
+
+    callback(null, result)
   })
 }

src/keys/index.js

@@ -84,3 +84,9 @@ 'use strict'
 exports.unmarshalPrivateKey = (buf, callback) => {
-  const decoded = keysPBM.PrivateKey.decode(buf)
+  let decoded
+  try {
+    decoded = keysPBM.PrivateKey.decode(buf)
+  } catch (err) {
+    return callback(err)
+  }
+
   const data = decoded.Data
@@ -87,0 +93,0 @@

src/keys/rsa.js

@@ -12,14 +12,15 @@ 'use strict'
 exports.generateKey = function (bits, callback) {
-  const done = (err, res) => setImmediate(() => callback(err, res))
+  setImmediate(() => {
+    let result
+    try {
+      const key = keypair({ bits: bits })
+      result = {
+        privateKey: pemToJwk(key.private),
+        publicKey: pemToJwk(key.public)
+      }
+    } catch (err) {
+      return callback(err)
+    }
 
-  let key
-  try {
-    key = keypair({ bits: bits })
-  } catch (err) {
-    return done(err)
-  }
-
-  done(null, {
-    privateKey: pemToJwk(key.private),
-    publicKey: pemToJwk(key.public)
+    callback(null, result)
   })
@@ -30,9 +31,14 @@ }
 exports.unmarshalPrivateKey = function (key, callback) {
-  callback(null, {
-    privateKey: key,
-    publicKey: {
-      kty: key.kty,
-      n: key.n,
-      e: key.e
+  setImmediate(() => {
+    if (!key) {
+      return callback(new Error('Key is invalid'))
     }
+    callback(null, {
+      privateKey: key,
+      publicKey: {
+        kty: key.kty,
+        n: key.n,
+        e: key.e
+      }
+    })
   })
@@ -46,14 +52,31 @@ }
 exports.hashAndSign = function (key, msg, callback) {
-  const sign = crypto.createSign('RSA-SHA256')
+  setImmediate(() => {
+    let result
+    try {
+      const sign = crypto.createSign('RSA-SHA256')
+      sign.update(msg)
+      const pem = jwkToPem(key)
+      result = sign.sign(pem)
+    } catch (err) {
+      return callback(new Error('Key or message is invalid!: ' + err.message))
+    }
 
-  sign.update(msg)
-  setImmediate(() => callback(null, sign.sign(jwkToPem(key))))
+    callback(null, result)
+  })
 }
 
 exports.hashAndVerify = function (key, sig, msg, callback) {
-  const verify = crypto.createVerify('RSA-SHA256')
+  setImmediate(() => {
+    let result
+    try {
+      const verify = crypto.createVerify('RSA-SHA256')
+      verify.update(msg)
+      const pem = jwkToPem(key)
+      result = verify.verify(pem, sig)
+    } catch (err) {
+      return callback(new Error('Key or message is invalid!:' + err.message))
+    }
 
-  verify.update(msg)
-
-  setImmediate(() => callback(null, verify.verify(jwkToPem(key), sig)))
+    callback(null, result)
+  })
 }

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2189501

increased by9.59%

Lines of code

24591

increased by11.1%

Dependency changes

• + Addedasn1.js@5.4.1(transitive)

• + Addedsafer-buffer@2.1.2(transitive)

• - Removedasn1.js@4.10.1(transitive)

• Updatedasn1.js@^5.0.0

• Updatedasync@^2.6.0

• Updatedbrowserify-aes@^1.1.1

• Updatedmultihashing-async@~0.4.7