-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use proper authenticated encryption instead of insecure self-baked scheme #61
Open
angelol
wants to merge
19
commits into
EOSIO:master
Choose a base branch
from
rawrat:merge
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 1 commit
Commits
Show all changes
19 commits
Select commit
Hold shift + click to select a range
6a9f3bc
experimental version of eosjs-ecc that uses tweetnacl instead of aes-…
angelol c4a6241
fix for browser
angelol 145d9e6
ignore
angelol e609eeb
add package-lock
angelol 86bdb91
installation instruction for eosjs-ecc-priveos
fabifrank 7eb50fa
bump version
angelol f1e1caf
no need to hash twice
angelol 9ffac4b
add support for encryption with pre-existing shared secret
angelol dc8918e
bump version
angelol f838ddc
use terser instead of uglifyjs to support es6
angelol 5a120f9
disable slow entropy collection (it’s pointless on modern browsers)
angelol f1dbc5f
version bump
angelol 75bc6d4
don’t unnecessarily leak a hash of the shared secret
angelol ac446b9
version bump
angelol bbb48a8
Merge github.com:EOSIO/eosjs-ecc into merge
angelol fbeb396
remove references to eosjs-ecc-priveos
angelol 078e2d9
rename & version
angelol 81c0684
use upstream package.json
angelol 8d96114
cleanup dependencies
angelol File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* eslint-env mocha */ | ||
const assert = require('assert') | ||
const ecc = require('.') | ||
|
||
const alice = { | ||
public_key: 'EOS81xEWcDyZCxACZcYQekiWXLjuSoPMwmRv16nZMuqm2BtQMvXbg', | ||
private_key: '5JxhzyqYERz5MRSswNnDUXL1gFyM2m5Zxde9gGWfMkndbnjB8kD', | ||
} | ||
const bob = { | ||
public_key: 'EOS7jAEWX9d4nZJWNckkaxBsHyqbe6yrVH6VUoCzP6DLxHAEvsBKM', | ||
private_key: '5HrR1D5UbeeMETVR6Ud3Xc6PchVKbtAHmHiPmkmMQDqXY53bQKZ', | ||
} | ||
|
||
describe('encrypt/decrypt', () => { | ||
it('Decrypt should recover the original message', async function() { | ||
const message = Buffer.from("My first message") | ||
let box = ecc.Aes.encrypt(alice.private_key, bob.public_key, message) | ||
const decrypted = ecc.Aes.decrypt(bob.private_key, alice.public_key, box) | ||
assert.deepEqual(decrypted, message) | ||
}) | ||
|
||
/* The following test fails with the normal eosjs-ecc */ | ||
it('Tampered message should throw', async function() { | ||
const message = Buffer.from("My first message") | ||
let box = ecc.Aes.encrypt(alice.private_key, bob.public_key, message) | ||
|
||
// a little tampering | ||
box = Buffer.concat([box, box]) | ||
|
||
assert.throws(function() { | ||
ecc.Aes.decrypt(bob.private_key, alice.public_key, box) | ||
}) | ||
}) | ||
|
||
}) | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should remain
eosjs-ecc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Of course, my bad