Mirroristas/gun
2
0
Fork 0
mirror of https://github.com/amark/gun.git synced 2025-10-14 00:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed Spark-MD5 and replaced MD5 key hashing with SHA-256 from Web Crypto subtle

Browse Source
This commit is contained in:
mhelander 2018-01-15 23:05:14 +02:00
parent 59e5b01b17
commit 21c49b41a0
2 changed files with 16 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
package.json
View File

@ -66,7 +66,6 @@
"panic-manager": "^1.2.0", "panic-manager": "^1.2.0",
"panic-server": "^1.1.0", "panic-server": "^1.1.0",
"safe-buffer": "^5.1.1", "safe-buffer": "^5.1.1",
"spark-md5": "^3.0.0",
"text-encoding": "^0.6.4", "text-encoding": "^0.6.4",
"uglify-js": ">=2.8.22", "uglify-js": ">=2.8.22",
"uws": "~>0.14.1" "uws": "~>0.14.1"

35
sea.js
View File

@ -27,9 +27,6 @@
var sessionStorage, localStorage, indexedDB; var sessionStorage, localStorage, indexedDB;
if(typeof window !== 'undefined'){ if(typeof window !== 'undefined'){
if(typeof window.SparkMD5 !== 'undefined'){
var SparkMD5 = window.SparkMD5;
}
var wc = window.crypto || window.msCrypto; // STD or M$ var wc = window.crypto || window.msCrypto; // STD or M$
subtle = wc.subtle || wc.webkitSubtle; // STD or iSafari subtle = wc.subtle || wc.webkitSubtle; // STD or iSafari
getRandomBytes = function(len){ return wc.getRandomValues(new Buffer(len)) }; getRandomBytes = function(len){ return wc.getRandomValues(new Buffer(len)) };
@ -58,10 +55,6 @@
} }
} }
if(typeof SparkMD5 === 'undefined'){
var SparkMD5 = require('spark-md5'); //eslint-disable-line no-redeclare
}
// Encryption parameters - TODO: maybe to be changed via init? // Encryption parameters - TODO: maybe to be changed via init?
var pbkdf2 = { var pbkdf2 = {
hash: 'SHA-256', hash: 'SHA-256',
@ -456,13 +449,18 @@
// This recalls Web Cryptography API CryptoKeys from IndexedDB or creates & stores // This recalls Web Cryptography API CryptoKeys from IndexedDB or creates & stores
function recallCryptoKey(p,s,o){ // {pub, key}|proof, salt, optional:['sign'] function recallCryptoKey(p,s,o){ // {pub, key}|proof, salt, optional:['sign']
o = o || ['encrypt', 'decrypt']; // Default operations o = o || ['encrypt', 'decrypt']; // Default operations
var importKey = function(key){ return subtle.importKey( var importKey = function(key){
'raw', return makeKey((Gun.obj.has(key, 'key') && key.key) || key, s || getRandomBytes(8))
makeKey((Gun.obj.has(key, 'key') && key.key) || key, s || getRandomBytes(8)), .then(function(hashedKey){
'AES-CBC', return subtle.importKey(
false, 'raw',
o hashedKey,
); }; 'AES-CBC',
false,
o
);
});
};
return new Promise(function(resolve){ return new Promise(function(resolve){
if(authsettings.validity && typeof window !== 'undefined' if(authsettings.validity && typeof window !== 'undefined'
&& Gun.obj.has(p, 'pub') && Gun.obj.has(p, 'key')){ && Gun.obj.has(p, 'pub') && Gun.obj.has(p, 'key')){
@ -957,14 +955,11 @@
to.next(msg); // pass forward any data we do not know how to handle or process (this allows custom security protocols). to.next(msg); // pass forward any data we do not know how to handle or process (this allows custom security protocols).
} }
// Does enc/dec key like OpenSSL - works with CryptoJS encryption/decryption
function makeKey(p,s){ function makeKey(p,s){
var ps = Buffer.concat([new Buffer(p, 'utf8'), s]); var ps = Buffer.concat([new Buffer(p, 'utf8'), s]);
var h128 = new Buffer((new SparkMD5()).appendBinary(ps).end(true), 'binary'); return sha256hash(ps.toString('utf8')).then(function(s){
return Buffer.concat([ return new Buffer(s, 'binary');
h128, });
new Buffer((new SparkMD5()).appendBinary(Buffer.concat([h128, ps])).end(true), 'binary')
]);
} }
// These SEA functions support both callback AND Promises // These SEA functions support both callback AND Promises