From bdc39e3ba57e0dbcd6188e52d4be56e276c5de36 Mon Sep 17 00:00:00 2001 From: Matija Petrunic Date: Mon, 6 Apr 2020 17:33:52 +0200 Subject: [PATCH] Replace bcrypto with standalone libraries --- package.json | 7 +++++-- src/handshakes/abstract-handshake.ts | 13 +++++++------ src/noise.ts | 4 ++-- src/utils.ts | 18 +++++++++++------- 4 files changed, 25 insertions(+), 17 deletions(-) diff --git a/package.json b/package.json index 599e46d..30804c1 100644 --- a/package.json +++ b/package.json @@ -64,10 +64,12 @@ }, "dependencies": { "@types/bn.js": "^4.11.6", - "bcrypto": "5.0.3", + "aead-js": "^0.1.0", "bn.js": "^5.0.0", "buffer": "^5.4.3", "debug": "^4.1.1", + "futoin-hkdf": "^1.3.2", + "hash.js": "^1.1.7", "it-buffer": "^0.1.1", "it-length-prefixed": "^3.0.0", "it-pair": "^1.0.0", @@ -75,6 +77,7 @@ "it-pipe": "^1.1.0", "libp2p-crypto": "^0.17.1", "peer-id": "^0.13.5", - "protobufjs": "6.8.8" + "protobufjs": "6.8.8", + "tweetnacl": "^1.0.3" } } diff --git a/src/handshakes/abstract-handshake.ts b/src/handshakes/abstract-handshake.ts index c9db6df..a2753c4 100644 --- a/src/handshakes/abstract-handshake.ts +++ b/src/handshakes/abstract-handshake.ts @@ -1,5 +1,7 @@ import {Buffer} from "buffer"; -import { AEAD, x25519, SHA256 } from 'bcrypto'; +import hash from 'hash.js'; +import {box} from 'tweetnacl'; +import {AEAD} from 'aead-js'; import {bytes, bytes32, uint32} from "../@types/basic"; import {CipherState, MessageBuffer, SymmetricState} from "../@types/handshake"; @@ -104,10 +106,7 @@ export abstract class AbstractHandshake { protected dh(privateKey: bytes32, publicKey: bytes32): bytes32 { try { - const derived = x25519.derive(publicKey, privateKey); - const result = Buffer.alloc(32); - derived.copy(result); - return result; + return Buffer.from(box.before(publicKey, privateKey)) } catch (e) { logger(e.message); return Buffer.alloc(32); @@ -119,7 +118,9 @@ export abstract class AbstractHandshake { } protected getHash(a: bytes, b: bytes): bytes32 { - return SHA256.digest(Buffer.from([...a, ...b])); + return Buffer.from( + hash.sha256().update(Buffer.from([...a, ...b])).digest('hex') + ) } protected mixKey(ss: SymmetricState, ikm: bytes32): void { diff --git a/src/noise.ts b/src/noise.ts index 404d9a7..8f75087 100644 --- a/src/noise.ts +++ b/src/noise.ts @@ -1,4 +1,4 @@ -import {x25519} from 'bcrypto'; +import {box} from 'tweetnacl'; import {Buffer} from "buffer"; import Wrap from 'it-pb-rpc'; import DuplexPair from 'it-pair/duplex'; @@ -49,7 +49,7 @@ export class Noise implements INoiseConnection { this.useNoisePipes = false; if (staticNoiseKey) { - const publicKey = x25519.publicKeyCreate(staticNoiseKey); + const publicKey = Buffer.from(box.keyPair.fromSecretKey(staticNoiseKey)['publicKey']); this.staticKeys = { privateKey: staticNoiseKey, publicKey, diff --git a/src/utils.ts b/src/utils.ts index a4004f9..77832b0 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -1,4 +1,5 @@ -import {HKDF, SHA256, x25519} from 'bcrypto'; +import hkdf from 'futoin-hkdf'; +import {box} from 'tweetnacl'; import {Buffer} from "buffer"; import PeerId from "peer-id"; import * as crypto from 'libp2p-crypto'; @@ -10,8 +11,9 @@ import {pb} from "./proto/payload"; const NoiseHandshakePayloadProto = pb.NoiseHandshakePayload; export function generateKeypair(): KeyPair { - const privateKey = x25519.privateKeyGenerate(); - const publicKey = x25519.publicKeyCreate(privateKey); + const keyPair = box.keyPair() + const publicKey = Buffer.from(keyPair['publicKey']) + const privateKey = Buffer.from(keyPair['secretKey']) return { publicKey, @@ -99,9 +101,7 @@ export async function verifySignedPayload( } export function getHkdf(ck: bytes32, ikm: bytes): Hkdf { - const info = Buffer.alloc(0); - const prk = HKDF.extract(SHA256, ikm, ck); - const okm = HKDF.expand(SHA256, prk, info, 96); + const okm = hkdf(ikm, 96, {salt: ck, hash: 'SHA-256'}) const k1 = okm.slice(0, 32); const k2 = okm.slice(32, 64); @@ -111,5 +111,9 @@ export function getHkdf(ck: bytes32, ikm: bytes): Hkdf { } export function isValidPublicKey(pk: bytes): boolean { - return x25519.publicKeyVerify(pk.slice(0, 32)); + if(pk.length !== 32 || pk.compare(Buffer.alloc(32))){ + return false; + } + + return true; }