From e06ec920f7a5d784e674c4c4b4e6d1da3dc7391d Mon Sep 17 00:00:00 2001 From: Piotr Russ Date: Mon, 16 Nov 2020 00:10:28 +0100 Subject: api, login, auth --- node_modules/evp_bytestokey/LICENSE | 21 +++++++++ node_modules/evp_bytestokey/README.md | 51 +++++++++++++++++++++ node_modules/evp_bytestokey/index.js | 45 ++++++++++++++++++ node_modules/evp_bytestokey/package.json | 78 ++++++++++++++++++++++++++++++++ 4 files changed, 195 insertions(+) create mode 100644 node_modules/evp_bytestokey/LICENSE create mode 100644 node_modules/evp_bytestokey/README.md create mode 100644 node_modules/evp_bytestokey/index.js create mode 100644 node_modules/evp_bytestokey/package.json (limited to 'node_modules/evp_bytestokey') diff --git a/node_modules/evp_bytestokey/LICENSE b/node_modules/evp_bytestokey/LICENSE new file mode 100644 index 0000000..f06007a --- /dev/null +++ b/node_modules/evp_bytestokey/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2017 crypto-browserify contributors + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/node_modules/evp_bytestokey/README.md b/node_modules/evp_bytestokey/README.md new file mode 100644 index 0000000..36da238 --- /dev/null +++ b/node_modules/evp_bytestokey/README.md @@ -0,0 +1,51 @@ +# EVP\_BytesToKey +[![NPM Package](https://img.shields.io/npm/v/evp_bytestokey.svg?style=flat-square)](https://www.npmjs.org/package/evp_bytestokey) +[![Build Status](https://img.shields.io/travis/crypto-browserify/EVP_BytesToKey.svg?branch=master&style=flat-square)](https://travis-ci.org/crypto-browserify/EVP_BytesToKey) +[![Dependency status](https://img.shields.io/david/crypto-browserify/EVP_BytesToKey.svg?style=flat-square)](https://david-dm.org/crypto-browserify/EVP_BytesToKey#info=dependencies) + +[![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard) + +The insecure [key derivation algorithm from OpenSSL.][1] + +**WARNING: DO NOT USE, except for compatibility reasons.** + +MD5 is insecure. + +Use at least `scrypt` or `pbkdf2-hmac-sha256` instead. + + +## API +`EVP_BytesToKey(password, salt, keyLen, ivLen)` + +* `password` - `Buffer`, password used to derive the key data. +* `salt` - 8 byte `Buffer` or `null`, salt is used as a salt in the derivation. +* `keyBits` - `number`, key length in **bits**. +* `ivLen` - `number`, iv length in bytes. + +*Returns*: `{ key: Buffer, iv: Buffer }` + + +## Examples +MD5 with `aes-256-cbc`: + +```js +const crypto = require('crypto') +const EVP_BytesToKey = require('evp_bytestokey') + +const result = EVP_BytesToKey( + 'my-secret-password', + null, + 32, + 16 +) +// => +// { key: , +// iv: } + +const cipher = crypto.createCipheriv('aes-256-cbc', result.key, result.iv) +``` + +## LICENSE [MIT](LICENSE) + +[1]: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3) +[2]: https://nodejs.org/api/crypto.html#crypto_class_hash diff --git a/node_modules/evp_bytestokey/index.js b/node_modules/evp_bytestokey/index.js new file mode 100644 index 0000000..f9d4757 --- /dev/null +++ b/node_modules/evp_bytestokey/index.js @@ -0,0 +1,45 @@ +var Buffer = require('safe-buffer').Buffer +var MD5 = require('md5.js') + +/* eslint-disable camelcase */ +function EVP_BytesToKey (password, salt, keyBits, ivLen) { + if (!Buffer.isBuffer(password)) password = Buffer.from(password, 'binary') + if (salt) { + if (!Buffer.isBuffer(salt)) salt = Buffer.from(salt, 'binary') + if (salt.length !== 8) throw new RangeError('salt should be Buffer with 8 byte length') + } + + var keyLen = keyBits / 8 + var key = Buffer.alloc(keyLen) + var iv = Buffer.alloc(ivLen || 0) + var tmp = Buffer.alloc(0) + + while (keyLen > 0 || ivLen > 0) { + var hash = new MD5() + hash.update(tmp) + hash.update(password) + if (salt) hash.update(salt) + tmp = hash.digest() + + var used = 0 + + if (keyLen > 0) { + var keyStart = key.length - keyLen + used = Math.min(keyLen, tmp.length) + tmp.copy(key, keyStart, 0, used) + keyLen -= used + } + + if (used < tmp.length && ivLen > 0) { + var ivStart = iv.length - ivLen + var length = Math.min(ivLen, tmp.length - used) + tmp.copy(iv, ivStart, used, used + length) + ivLen -= length + } + } + + tmp.fill(0) + return { key: key, iv: iv } +} + +module.exports = EVP_BytesToKey diff --git a/node_modules/evp_bytestokey/package.json b/node_modules/evp_bytestokey/package.json new file mode 100644 index 0000000..316521a --- /dev/null +++ b/node_modules/evp_bytestokey/package.json @@ -0,0 +1,78 @@ +{ + "_from": "evp_bytestokey@^1.0.0", + "_id": "evp_bytestokey@1.0.3", + "_inBundle": false, + "_integrity": "sha512-/f2Go4TognH/KvCISP7OUsHn85hT9nUkxxA9BEWxFn+Oj9o8ZNLm/40hdlgSLyuOimsrTKLUMEorQexp/aPQeA==", + "_location": "/evp_bytestokey", + "_phantomChildren": {}, + "_requested": { + "type": "range", + "registry": true, + "raw": "evp_bytestokey@^1.0.0", + "name": "evp_bytestokey", + "escapedName": "evp_bytestokey", + "rawSpec": "^1.0.0", + "saveSpec": null, + "fetchSpec": "^1.0.0" + }, + "_requiredBy": [ + "/browserify-aes", + "/browserify-cipher", + "/parse-asn1" + ], + "_resolved": "https://registry.npmjs.org/evp_bytestokey/-/evp_bytestokey-1.0.3.tgz", + "_shasum": "7fcbdb198dc71959432efe13842684e0525acb02", + "_spec": "evp_bytestokey@^1.0.0", + "_where": "/home/pruss/Dev/3-minute-website/node_modules/browserify-cipher", + "author": { + "name": "Calvin Metcalf", + "email": "calvin.metcalf@gmail.com" + }, + "bugs": { + "url": "https://github.com/crypto-browserify/EVP_BytesToKey/issues" + }, + "bundleDependencies": false, + "contributors": [ + { + "name": "Kirill Fomichev", + "email": "fanatid@ya.ru" + } + ], + "dependencies": { + "md5.js": "^1.3.4", + "safe-buffer": "^5.1.1" + }, + "deprecated": false, + "description": "The insecure key derivation algorithm from OpenSSL", + "devDependencies": { + "bindings": "^1.2.1", + "nan": "^2.4.0", + "nyc": "^8.1.0", + "standard": "^8.0.0", + "tape": "^4.6.0" + }, + "files": [ + "index.js" + ], + "gypfile": false, + "homepage": "https://github.com/crypto-browserify/EVP_BytesToKey", + "keywords": [ + "crypto", + "openssl" + ], + "license": "MIT", + "main": "index.js", + "name": "evp_bytestokey", + "repository": { + "type": "git", + "url": "git+https://github.com/crypto-browserify/EVP_BytesToKey.git" + }, + "scripts": { + "coverage": "nyc tape test/*.js", + "lint": "standard", + "test": "npm run lint && npm run unit", + "test:prepare": "node-gyp rebuild", + "unit": "tape test/*.js" + }, + "version": "1.0.3" +} -- cgit v1.2.3