Commit 8db3f5554f2454d89f10568cee609dc9a6304907
strip down public api: hide sign, verify, remove eccjs curves, add hmac_key option to signObj, verifyObj.
Dominic Tarr committed on 10/3/2016, 8:48:21 PMParent: 21deb97a3ee7ca191aa07a8ae90da508fd57388b
Files changed
| index.js | changed |
| index.js | ||
|---|---|---|
| @@ -25,8 +25,10 @@ | ||
| 25 | 25 … | |
| 26 | 26 … | var isLink = ssbref.isLink |
| 27 | 27 … | var isFeedId = ssbref.isFeedId |
| 28 | 28 … | |
| 29 … | +var hmac = sodium.crypto_auth | |
| 30 … | + | |
| 29 | 31 … | exports.hash = u.hash |
| 30 | 32 … | |
| 31 | 33 … | exports.getTag = u.getTag |
| 32 | 34 … | |
| @@ -43,10 +45,8 @@ | ||
| 43 | 45 … | } |
| 44 | 46 … | |
| 45 | 47 … | var curves = {} |
| 46 | 48 … | curves.ed25519 = require('./sodium') |
| 47 | -try { curves.k256 = require('./eccjs') } | |
| 48 | -catch (_) {} | |
| 49 | 49 … | |
| 50 | 50 … | function getCurve(keys) { |
| 51 | 51 … | var curve = keys.curve |
| 52 | 52 … | |
| @@ -101,9 +101,9 @@ | ||
| 101 | 101 … | |
| 102 | 102 … | //takes a public key and a hash and returns a signature. |
| 103 | 103 … | //(a signature must be a node buffer) |
| 104 | 104 … | |
| 105 | -exports.sign = function (keys, msg) { | |
| 105 … | +function sign (keys, msg) { | |
| 106 | 106 … | if(isString(msg)) |
| 107 | 107 … | msg = new Buffer(msg) |
| 108 | 108 … | if(!isBuffer(msg)) |
| 109 | 109 … | throw new Error('msg should be buffer') |
| @@ -116,9 +116,9 @@ | ||
| 116 | 116 … | } |
| 117 | 117 … | |
| 118 | 118 … | //takes a public key, signature, and a hash |
| 119 | 119 … | //and returns true if the signature was valid. |
| 120 | -exports.verify = function (keys, sig, msg) { | |
| 120 … | +function verify (keys, sig, msg) { | |
| 121 | 121 … | if(isObject(sig)) |
| 122 | 122 … | throw new Error('signature should be base64 string, did you mean verifyObj(public, signed_obj)') |
| 123 | 123 … | return curves[getCurve(keys)].verify( |
| 124 | 124 … | u.toBuffer(keys.public || keys), |
| @@ -128,21 +128,25 @@ | ||
| 128 | 128 … | } |
| 129 | 129 … | |
| 130 | 130 … | // OTHER CRYTPO FUNCTIONS |
| 131 | 131 … | |
| 132 | -exports.signObj = function (keys, obj) { | |
| 132 … | +exports.signObj = function (keys, hmac_key, obj) { | |
| 133 … | + if(!obj) obj = hmac_key, hmac_key = null | |
| 133 | 134 … | var _obj = clone(obj) |
| 134 | 135 … | var b = new Buffer(JSON.stringify(_obj, null, 2)) |
| 135 | - _obj.signature = exports.sign(keys, b) | |
| 136 … | + if(hmac_key) b = hmac(b, hmac_key) | |
| 137 … | + _obj.signature = sign(keys, b) | |
| 136 | 138 … | return _obj |
| 137 | 139 … | } |
| 138 | 140 … | |
| 139 | -exports.verifyObj = function (keys, obj) { | |
| 141 … | +exports.verifyObj = function (keys, hmac_key, obj) { | |
| 142 … | + if(!obj) obj = hmac_key, hmac_key = null | |
| 140 | 143 … | obj = clone(obj) |
| 141 | 144 … | var sig = obj.signature |
| 142 | 145 … | delete obj.signature |
| 143 | 146 … | var b = new Buffer(JSON.stringify(obj, null, 2)) |
| 144 | - return exports.verify(keys, sig, b) | |
| 147 … | + if(hmac_key) b = hmac(b, hmac_key) | |
| 148 … | + return verify(keys, sig, b) | |
| 145 | 149 … | } |
| 146 | 150 … | |
| 147 | 151 … | exports.box = function (msg, recipients) { |
| 148 | 152 … | msg = new Buffer(JSON.stringify(msg)) |
| @@ -151,11 +155,8 @@ | ||
| 151 | 155 … | var public = keys.public || keys |
| 152 | 156 … | return sodium.crypto_sign_ed25519_pk_to_curve25519(u.toBuffer(public)) |
| 153 | 157 … | }) |
| 154 | 158 … | |
| 155 | - //it's since the nonce is 24 bytes (a multiple of 3) | |
| 156 | - //it's possible to concatenate the base64 strings | |
| 157 | - //and still have a valid base64 string. | |
| 158 | 159 … | return pb.multibox(msg, recipients).toString('base64')+'.box' |
| 159 | 160 … | } |
| 160 | 161 … | |
| 161 | 162 … | exports.unbox = function (boxed, keys) { |
Built with git-ssb-web