sshpk - npm Package Compare versions

sshpk

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 1.13.0 to 1.13.1

lib/dhe.js

		@@ -13,3 +13,2 @@ // Copyright 2017 Joyent, Inc.
		var utils = require('./utils');
		var ed;
		var nacl;
		@@ -80,10 +79,7 @@
		} else if (key.type === 'curve25519') {
		if (ed === undefined)
		ed = require('jodid25519');
		if (nacl === undefined)
		nacl = require('tweetnacl');

		if (this._isPriv) {
		this._priv = key.part.r.data;
		if (this._priv[0] === 0x00)
		this._priv = this._priv.slice(1);
		this._priv = this._priv.slice(0, 32);
		}
		@@ -185,10 +181,13 @@
		pub = otherpk.part.R.data;
		if (pub[0] === 0x00)
		while (pub[0] === 0x00 && pub.length > 32)
		pub = pub.slice(1);
		assert.strictEqual(pub.length, 32);
		assert.strictEqual(this._priv.length, 64);

		var secret = ed.dh.computeKey(
		this._priv.toString('binary'),
		pub.toString('binary'));
		var priv = this._priv.slice(0, 32);

		return (new Buffer(secret, 'binary'));
		var secret = nacl.box.before(new Uint8Array(pub),
		new Uint8Array(priv));

		return (new Buffer(secret));
		}
		@@ -261,9 +260,11 @@
		} else if (this._algo === 'curve25519') {
		priv = ed.dh.generateKey();
		pub = ed.dh.publicKey(priv);
		this._priv = priv = new Buffer(priv, 'binary');
		pub = new Buffer(pub, 'binary');
		var pair = nacl.box.keyPair();
		priv = new Buffer(pair.secretKey);
		pub = new Buffer(pair.publicKey);
		priv = Buffer.concat([priv, pub]);
		assert.strictEqual(priv.length, 64);
		assert.strictEqual(pub.length, 32);

		parts.push({name: 'R', data: pub});
		parts.push({name: 'r', data: Buffer.concat([priv, pub])});
		parts.push({name: 'r', data: priv});
		this._key = new PrivateKey({
		@@ -270,0 +271,0 @@ type: 'curve25519',

lib/key.js

		@@ -67,3 +67,3 @@ // Copyright 2017 Joyent, Inc.
		sz = algs.curves[curve].size;
		} else if (this.type === 'ed25519') {
		} else if (this.type === 'ed25519' \|\| this.type === 'curve25519') {
		sz = 256;
		@@ -70,0 +70,0 @@ this.curve = 'curve25519';

lib/private-key.js

		@@ -17,3 +17,3 @@ // Copyright 2017 Joyent, Inc.
		var edCompat;
		var ed;
		var nacl;

		@@ -87,10 +87,9 @@ try {

		PrivateKey.prototype.derive = function (newType, newSize) {
		PrivateKey.prototype.derive = function (newType) {
		assert.string(newType, 'type');
		assert.optionalNumber(newSize, 'size');
		var priv, pub;
		var priv, pub, pair;

		if (this.type === 'ed25519' && newType === 'curve25519') {
		if (ed === undefined)
		ed = require('jodid25519');
		if (nacl === undefined)
		nacl = require('tweetnacl');

		@@ -102,4 +101,5 @@ priv = this.part.r.data;

		pub = ed.dh.publicKey(priv);
		priv = utils.mpNormalize(Buffer.concat([priv, pub]));
		pair = nacl.box.keyPair.fromSecretKey(new Uint8Array(priv));
		pub = new Buffer(pair.publicKey);
		priv = Buffer.concat([priv, pub]);

		@@ -114,4 +114,4 @@ return (new PrivateKey({
		} else if (this.type === 'curve25519' && newType === 'ed25519') {
		if (ed === undefined)
		ed = require('jodid25519');
		if (nacl === undefined)
		nacl = require('tweetnacl');

		@@ -123,7 +123,6 @@ priv = this.part.r.data;

		pub = ed.eddsa.publicKey(priv.toString('binary'));
		pub = new Buffer(pub, 'binary');
		pair = nacl.sign.keyPair.fromSeed(new Uint8Array(priv));
		pub = new Buffer(pair.publicKey);
		priv = Buffer.concat([priv, pub]);

		priv = utils.mpNormalize(Buffer.concat([priv, pub]));

		return (new PrivateKey({
		@@ -130,0 +129,0 @@ type: 'ed25519',

package.json

		{
		"name": "sshpk",
		"version": "1.13.0",
		"version": "1.13.1",
		"description": "A library for finding and using SSH public keys",
		@@ -50,3 +50,2 @@ "main": "lib/index.js",
		"tweetnacl": "~0.14.0",
		"jodid25519": "^1.0.0",
		"ecc-jsbn": "~0.1.1",
		@@ -53,0 +52,0 @@ "bcrypt-pbkdf": "^1.0.0"

Improved metrics