From 8e7a5369ccf13a4ed17a58e2e5bb7e45eec91aec Mon Sep 17 00:00:00 2001 From: Hadar Date: Sat, 21 Sep 2019 23:09:32 +0300 Subject: [PATCH] refactor: according to mhelander review --- sea.js | 43 +++++++++++++++++++------------------------ sea/aeskey.js | 5 +++-- sea/secret.js | 6 +++--- sea/settings.js | 10 +++++----- sea/shim.js | 24 +++++++++--------------- 5 files changed, 39 insertions(+), 49 deletions(-) diff --git a/sea.js b/sea.js index 2ba1ef6c..99165467 100644 --- a/sea.js +++ b/sea.js @@ -176,29 +176,23 @@ } api.subtle = (api.crypto||o).subtle || (api.crypto||o).webkitSubtle; api.TextEncoder = window.TextEncoder; - api.TextDecoder = window.TextDecoder; - api.random = (len) => Buffer.from(api.crypto.getRandomValues(new Uint8Array(Buffer.alloc(len)))) + api.TextDecoder = window.TextDecoder; + api.random = (len) => Buffer.from(api.crypto.getRandomValues(new Uint8Array(Buffer.alloc(len)))); } if(!api.TextDecoder) { - const { TextEncoder, TextDecoder } = require('text-encoding') - api.TextDecoder = TextDecoder - api.TextEncoder = TextEncoder + const { TextEncoder, TextDecoder } = require('text-encoding'); + api.TextDecoder = TextDecoder; + api.TextEncoder = TextEncoder; } if(!api.crypto){try{ var crypto = USE('crypto', 1); Object.assign(api, { crypto, random: (len) => Buffer.from(crypto.randomBytes(len)) - }); - //try{ - // const WebCrypto = USE('node-webcrypto-ossl', 1); - // api.ossl = api.subtle = new WebCrypto({directory: 'ossl'}).subtle // ECDH - const isocrypto = require('isomorphic-webcrypto'); - api.ossl = api.subtle = isocrypto.subtle - //}catch(e){ - //console.log("node-webcrypto-ossl is optionally needed for ECDH, please install if needed."); - //} + }); + const isocrypto = require('isomorphic-webcrypto'); + api.ossl = api.subtle = isocrypto.subtle; }catch(e){ console.log("node-webcrypto-ossl and text-encoding may not be included by default, please add it to your package.json!"); OSSL_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED; @@ -228,12 +222,12 @@ return jwk; }; - s.keyTojwk = function(keyBytes) { - var jwkKeyString = keyBytes.toString('base64') - jwkKeyString = jwkKeyString.replace(/\+/g, "-").replace(/\//g, "_").replace(/\=/g, ""); - jwkKeyString = { kty: "oct", k: jwkKeyString, ext: false, alg: "A256GCM"}; - return jwkKeyString + s.keyToJwk = function(keyBytes) { + const keyB64 = keyBytes.toString('base64'); + const k = keyB64.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, ''); + return { kty: 'oct', k: k, ext: false, alg: 'A256GCM' }; } + s.recall = { validity: 12 * 60 * 60, // internally in seconds : 12 hours hook: function(props){ return props } // { iat, exp, alias, remember } // or return new Promise((resolve, reject) => resolve(props) @@ -517,8 +511,9 @@ var opt = opt || {}; const combo = key + (salt || shim.random(8)).toString('utf8'); // new const hash = shim.Buffer.from(await sha256hash(combo), 'binary') - const jwkHash = S.keyTojwk(hash) - return await shim.subtle.importKey('jwk', jwkHash, {name:'AES-GCM'}, false, ['encrypt', 'decrypt']) + + const jwkKey = S.keyToJwk(hash) + return await shim.subtle.importKey('jwk', jwkKey, {name:'AES-GCM'}, false, ['encrypt', 'decrypt']) } module.exports = importGen; })(USE, './aeskey'); @@ -624,9 +619,9 @@ var privKeyData = keysToEcdhJwk(epub, epriv); var derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveBits']).then(async (privKey) => { // privateKey scope doesn't leak out from here! - var derivedBits = await ecdhSubtle.deriveBits(props,privKey,256); - derivedBits = new Uint8Array(derivedBits); - const derivedKey = await ecdhSubtle.importKey("raw",derivedBits,{ name: "AES-GCM", length: 256 },true,["encrypt", "decrypt"]); + var derivedBits = await ecdhSubtle.deriveBits(props, privKey, 256); + var rawBits = new Uint8Array(derivedBits); + var derivedKey = await ecdhSubtle.importKey('raw', rawBits,{ name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ]); return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k); }) var r = derived; diff --git a/sea/aeskey.js b/sea/aeskey.js index e1ff9663..dcd4d560 100644 --- a/sea/aeskey.js +++ b/sea/aeskey.js @@ -8,8 +8,9 @@ var opt = opt || {}; const combo = key + (salt || shim.random(8)).toString('utf8'); // new const hash = shim.Buffer.from(await sha256hash(combo), 'binary') - const jwkHash = S.keyTojwk(hash) - return await shim.subtle.importKey('jwk', jwkHash, {name:'AES-GCM'}, false, ['encrypt', 'decrypt']) + + const jwkKey = S.keyToJwk(hash) + return await shim.subtle.importKey('jwk', jwkKey, {name:'AES-GCM'}, false, ['encrypt', 'decrypt']) } module.exports = importGen; \ No newline at end of file diff --git a/sea/secret.js b/sea/secret.js index 0eaeb797..b53830b6 100644 --- a/sea/secret.js +++ b/sea/secret.js @@ -17,9 +17,9 @@ var privKeyData = keysToEcdhJwk(epub, epriv); var derived = await ecdhSubtle.importKey(...privKeyData, false, ['deriveBits']).then(async (privKey) => { // privateKey scope doesn't leak out from here! - var derivedBits = await ecdhSubtle.deriveBits(props,privKey,256); - derivedBits = new Uint8Array(derivedBits); - const derivedKey = await ecdhSubtle.importKey("raw",derivedBits,{ name: "AES-GCM", length: 256 },true,["encrypt", "decrypt"]); + var derivedBits = await ecdhSubtle.deriveBits(props, privKey, 256); + var rawBits = new Uint8Array(derivedBits); + var derivedKey = await ecdhSubtle.importKey('raw', rawBits,{ name: 'AES-GCM', length: 256 }, true, [ 'encrypt', 'decrypt' ]); return ecdhSubtle.exportKey('jwk', derivedKey).then(({ k }) => k); }) var r = derived; diff --git a/sea/settings.js b/sea/settings.js index fed2df12..2843bb0d 100644 --- a/sea/settings.js +++ b/sea/settings.js @@ -19,12 +19,12 @@ return jwk; }; - s.keyTojwk = function(keyBytes) { - var jwkKeyString = keyBytes.toString('base64') - jwkKeyString = jwkKeyString.replace(/\+/g, "-").replace(/\//g, "_").replace(/\=/g, ""); - jwkKeyString = { kty: "oct", k: jwkKeyString, ext: false, alg: "A256GCM"}; - return jwkKeyString + s.keyToJwk = function(keyBytes) { + const keyB64 = keyBytes.toString('base64'); + const k = keyB64.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, ''); + return { kty: 'oct', k: k, ext: false, alg: 'A256GCM' }; } + s.recall = { validity: 12 * 60 * 60, // internally in seconds : 12 hours hook: function(props){ return props } // { iat, exp, alias, remember } // or return new Promise((resolve, reject) => resolve(props) diff --git a/sea/shim.js b/sea/shim.js index a6e8f8a1..6f73e259 100644 --- a/sea/shim.js +++ b/sea/shim.js @@ -5,35 +5,29 @@ var o = {}; if(SEA.window){ - api.crypto = window.crypto || window.msCrypto; + api.crypto = window.crypto || window.msCrypto || require('isomorphic-webcrypto'); if(!api.crypto) { api.crypto = require('isomorphic-webcrypto'); } api.subtle = (api.crypto||o).subtle || (api.crypto||o).webkitSubtle; api.TextEncoder = window.TextEncoder; - api.TextDecoder = window.TextDecoder; - api.random = (len) => Buffer.from(api.crypto.getRandomValues(new Uint8Array(Buffer.alloc(len)))) + api.TextDecoder = window.TextDecoder; + api.random = (len) => Buffer.from(api.crypto.getRandomValues(new Uint8Array(Buffer.alloc(len)))); } if(!api.TextDecoder) { - const { TextEncoder, TextDecoder } = require('text-encoding') - api.TextDecoder = TextDecoder - api.TextEncoder = TextEncoder + const { TextEncoder, TextDecoder } = require('text-encoding'); + api.TextDecoder = TextDecoder; + api.TextEncoder = TextEncoder; } if(!api.crypto){try{ var crypto = require('crypto', 1); Object.assign(api, { crypto, random: (len) => Buffer.from(crypto.randomBytes(len)) - }); - //try{ - // const WebCrypto = require('node-webcrypto-ossl', 1); - // api.ossl = api.subtle = new WebCrypto({directory: 'ossl'}).subtle // ECDH - const isocrypto = require('isomorphic-webcrypto'); - api.ossl = api.subtle = isocrypto.subtle - //}catch(e){ - //console.log("node-webcrypto-ossl is optionally needed for ECDH, please install if needed."); - //} + }); + const isocrypto = require('isomorphic-webcrypto'); + api.ossl = api.subtle = isocrypto.subtle; }catch(e){ console.log("node-webcrypto-ossl and text-encoding may not be included by default, please add it to your package.json!"); OSSL_WEBCRYPTO_OR_TEXT_ENCODING_NOT_INSTALLED;