Skip to content

Commit

Permalink
fix: maps an IPFS hash name to its forge equivalent
Browse files Browse the repository at this point in the history
Fixes #12
  • Loading branch information
richardschneider committed Dec 10, 2017
1 parent 3b8d05a commit f71d3a6
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
22 changes: 20 additions & 2 deletions src/keychain.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,26 @@ const NIST = {
minIterationCount: 1000
}

/**
* Maps an IPFS hash name to its forge equivalent.
*
* See https://github.com/multiformats/multihash/blob/master/hashtable.csv
*
* @private
*/
const hashName2Forge = {
'sha1': 'sha1',
'sha2-256': 'sha256',
'sha2-512': 'sha512',

}
const defaultOptions = {
// See https://cryptosense.com/parametesr-choice-for-pbkdf2/
dek: {
keyLength: 512 / 8,
iterationCount: 10000,
salt: 'you should override this value with a crypto secure random number',
hash: 'sha512'
hash: 'sha2-512'
}
}

Expand Down Expand Up @@ -120,13 +133,18 @@ class Keychain {
}
this.dek = opts.dek

// Get the hashing alogorithm
const hashAlgorithm = hashName2Forge[opts.dek.hash]
if (!hashAlgorithm)
throw new Error(`dek.hash '${opts.dek.hash}' is unknown or not supported`)

// Create the derived encrypting key
let dek = forge.pkcs5.pbkdf2(
opts.passPhrase,
opts.dek.salt,
opts.dek.iterationCount,
opts.dek.keyLength,
opts.dek.hash)
hashAlgorithm)
dek = forge.util.bytesToHex(dek)
Object.defineProperty(this, '_', { value: () => dek })

Expand Down
6 changes: 6 additions & 0 deletions test/keychain.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,12 @@ module.exports = (datastore1, datastore2) => {
expect(Keychain.options).to.exist()
})

it('needs a supported hashing alorithm', () => {
const ok = new Keychain(datastore2, { passPhrase: passPhrase, dek: { hash: 'sha2-256' } })
expect(ok).to.exist()
expect(() => new Keychain(datastore2, { passPhrase: passPhrase, dek: { hash: 'my-hash' } })).to.throw()
})

describe('key name', () => {
it('is a valid filename and non-ASCII', () => {
ks.removeKey('../../nasty', (err) => {
Expand Down

0 comments on commit f71d3a6

Please sign in to comment.