Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove outdated mcrypt dependency and rely on native node crypto #23

Merged
merged 5 commits into from
Feb 26, 2023
+16 −42
Merged

Remove outdated mcrypt dependency and rely on native node crypto #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
606dc1a
Replace mcrypt with native cryptor functions + update alogrithm name
Aug 2, 2021
1331afb
Remove legacy mode setting + unnecessary padding functions
Aug 2, 2021
ddbd2bf
Remove unnecessary dependencies + bump version
Aug 2, 2021
8b632f1
Remove unnecessary dependencies + add new node versions
Aug 2, 2021
914aaa5
Update README
Aug 2, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,6 @@ addons:
- ubuntu-toolchain-r-test
packages:
- g++-4.8
- libmcrypt4
- libmcrypt-dev

node_js:
- "0.10"
Expand All @@ -22,3 +20,7 @@ node_js:
- "5"
- "6"
- "8"
- "10"
- "12"
- "14"
- "16"
9 changes: 1 addition & 8 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,8 @@ This code is based on the [PHP implementation of RNCryptor](https://github.com/R
## Important Recent Changes
Now a `Buffer` is returned, use `.toString()` to convert the result to whatever format you need.

## Install on Linux (Debian)
## Install
```bash
sudo apt-get install libmcrypt4 libmcrypt-dev
npm install jscryptor
```

## Install on Mac OS X w/ Homebrew
```bash
brew install libmcrypt
npm install jscryptor
```

Expand Down
33 changes: 6 additions & 27 deletions lib/RNCryptor.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,11 @@
(function() {
var crypto = require('crypto');
var MCrypt = require('mcrypt').MCrypt;

var _settings = {};

var _configure_settings = function(version) {
var settings = {
algorithm: 'rijndael-128',
algorithm: 'aes-256-cbc',
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are rijndael-128 and aes-256-cbc compatible would these break implementations that need backward compatibility?

salt_length: 8,
iv_length: 16,
pbkdf2: {
Expand All @@ -20,7 +19,6 @@

switch(version) {
case 3:
settings.mode = 'cbc';
settings.options = 1;
settings.hmac.includes_header = true;
settings.hmac.algorithm = 'sha256';
Expand Down Expand Up @@ -109,11 +107,6 @@
return crypto.createHmac(_settings.hmac.algorithm, hmac_key).update(hmac_message).digest();
};

var _strip_pkcs7_padding = function(plain_text) {
var pad_length = plain_text.slice(-1).toString().charCodeAt();
return plain_text.slice(0, plain_text.length - pad_length);
};

var _generate_initialized_components = function(version) {
return {
headers: {
Expand All @@ -128,17 +121,12 @@
};

var _generate_iv = function (block_size) {
var mcrypt = new MCrypt(_settings.algorithm, _settings.mode);
var iv = mcrypt.generateIv();

return iv.slice(0, block_size);
return crypto.randomBytes(block_size)
};

var _encrypt = function(plain_text, components, encryption_key, hmac_key) {
var padded_plain_text = _add_pkcs7_padding(plain_text, components.headers.iv.length);
var mcrypt = new MCrypt(_settings.algorithm, _settings.mode);
mcrypt.open(encryption_key, components.headers.iv);
components.cipher_text = mcrypt.encrypt(padded_plain_text);
const cipher = crypto.createCipheriv(_settings.algorithm, encryption_key, components.headers.iv)
components.cipher_text = Buffer.concat([cipher.update(plain_text), cipher.final()])

var data = Buffer.concat([
components.headers.version,
Expand All @@ -154,12 +142,6 @@
return Buffer.concat([data, hmac]).toString('base64');
};

var _add_pkcs7_padding = function (plain_text, block_size) {
var pad_size = block_size - (plain_text.length % block_size);
var padding = new Buffer(new Array(pad_size + 1).join(String.fromCharCode(pad_size)), 'binary');
return Buffer.concat([plain_text, padding]);
};

var RNCryptor = {};

RNCryptor.GenerateKey = _generate_key;
Expand Down Expand Up @@ -228,11 +210,8 @@
}

var key = _generate_key(password, components.headers.encryption_salt);
var mcrypt = new MCrypt(_settings.algorithm, _settings.mode);
mcrypt.open(key, components.headers.iv);

var padded_plain_text = mcrypt.decrypt(components.cipher_text);
return _strip_pkcs7_padding(padded_plain_text);
const decipher = crypto.createDecipheriv(_settings.algorithm, key, components.headers.iv)
return Buffer.concat([decipher.update(components.cipher_text), decipher.final()]).toString()
};

module.exports = RNCryptor;
Expand Down
10 changes: 5 additions & 5 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,11 @@
{
"name": "jscryptor",
"version": "0.0.12",
"version": "0.0.13",
"description": "Javascript implementation of RNCryptor",
"main": "index.js",
"scripts": {
"test": "mocha"
},
"dependencies": {
"mcrypt": "^0.1"
},
"devDependencies": {
"chai": "^3.5.0",
"mocha": "^2.5.3"
Expand All @@ -28,5 +25,8 @@
"bugs": {
"url": "https://github.com/chesstrian/JSCryptor/issues"
},
"homepage": "https://github.com/chesstrian/JSCryptor"
"homepage": "https://github.com/chesstrian/JSCryptor",
"dependencies": {
"mcrypt": "^0.1"
}
Comment on lines +29 to +31
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can probably delete this

}