-
Notifications
You must be signed in to change notification settings - Fork 94
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
refactor: remove crypto-js which is now deprecated (#5866)
### Description This removes [crypto-js](https://github.com/brix/crypto-js) which is now discontinued: > Active development of CryptoJS has been discontinued. This library is no longer maintained. > > Nowadays, NodeJS and modern browsers have a native Crypto module. The latest version of CryptoJS already uses the native Crypto module for random number generation, since Math.random() is not crypto-safe. Further development of CryptoJS would result in it only being a wrapper of native Crypto. Therefore, development and maintenance has been discontinued, it is time to go for the native crypto module. Bonus, because it now uses the native crypto module (via [react-native-quick-crypto](https://github.com/margelo/react-native-quick-crypto)) AES encryption/decryption should be faster. Though the gains are probably not noticeable given the small use we have. Note: there's an important change for tests too, they now all use real encryption. - I feel this is less surprising than what we used to do. - I was able to refactor tests that expected mocked encryption without too much trouble ### Test plan - Updated tests (ensuring backward compat with CryptoJS encrypted strings) - Manually tested existing keychain items encrypted by CryptoJS can still be decrypted in Valora ### Related issues - Part of RET-1185 ### Backwards compatibility Yes ### Network scalability If a new NetworkId and/or Network are added in the future, the changes in this PR will: - [x] Continue to work without code changes, OR trigger a compilation error (guaranteeing we find it when a new network is added)
- Loading branch information
1 parent
737cfd5
commit d4171f3
Showing
14 changed files
with
145 additions
and
66 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
// This test was initially copied from https://github.com/RaisinTen/aes-crypto-js/blob/2978af8e004d47539d767e751def003fe134b6e2/test.js | ||
// And adapted for this project | ||
import { aesDecrypt, aesEncrypt } from './aes' | ||
|
||
describe.each([ | ||
[ | ||
'normal characters', | ||
'Hello, world!', | ||
'umm, shhh ...', | ||
'U2FsdGVkX1+W9o0WI1QJGehALRoGMaRfoN2YH36BGTk=', | ||
], | ||
[ | ||
'weird characters in secret', | ||
'Hello, world!', | ||
'umm, šhhh ... 😀D◌̇랆탆𝐿 𑒹◌̴◌𑒺', | ||
'U2FsdGVkX1/Eq6lXayqOFwfqTdefS3Zqi7LqOeWKrtA=', | ||
], | ||
[ | ||
'bytes corresponding to a single character that are split between two buffers', | ||
'\u{30a8}\u{30b9}\u{30af}\u{30fc}\u{30c8}\u{3099}', | ||
'umm, shhh ...', | ||
'U2FsdGVkX18JW+58n/s+37y5831hmabBUuwtVf+JkaDZjeVyRNDHc+I/1w8kpAEA', | ||
], | ||
])('AES encryption and decryption: %s', (scenario, plainText, secret, encryptedByCryptoJS) => { | ||
it('decrypts strings encrypted by crypto-js', () => { | ||
// Note: encryptedByCryptoJS is the result of CryptoJS.AES.encrypt(plainText, secret).toString() | ||
const decrypted = aesDecrypt(encryptedByCryptoJS, secret) | ||
expect(decrypted).toBe(plainText) | ||
}) | ||
|
||
it('decrypts strings encrypted with encryptAES', () => { | ||
const encrypted = aesEncrypt(plainText, secret) | ||
const decrypted = aesDecrypt(encrypted, secret) | ||
expect(decrypted).toBe(plainText) | ||
}) | ||
}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
// This file was copied from https://github.com/RaisinTen/aes-crypto-js/blob/2978af8e004d47539d767e751def003fe134b6e2/index.js | ||
// and modified slightly for TS compatibility. | ||
import crypto from 'crypto' | ||
|
||
// Refs: https://github.com/brix/crypto-js/issues/468#issuecomment-2060562277 | ||
export function aesEncrypt(plainText: string, secret: string) { | ||
const salt = crypto.randomBytes(8) | ||
const password = Buffer.concat([Buffer.from(secret), salt]) | ||
const hash = [] | ||
let digest = password | ||
for (let i = 0; i < 3; i++) { | ||
hash[i] = crypto.createHash('md5').update(digest).digest() | ||
digest = Buffer.concat([hash[i], password]) | ||
} | ||
const keyDerivation = Buffer.concat(hash) | ||
const key = keyDerivation.subarray(0, 32) | ||
const iv = keyDerivation.subarray(32) | ||
const cipher = crypto.createCipheriv('aes-256-cbc', key, iv) | ||
return Buffer.concat([ | ||
Buffer.from('Salted__', 'utf8'), | ||
salt, | ||
cipher.update(plainText), | ||
cipher.final(), | ||
]).toString('base64') | ||
} | ||
|
||
// Refs: https://github.com/brix/crypto-js/issues/468#issuecomment-1783351942 | ||
export function aesDecrypt(encryptedText: string, secret: string) { | ||
// From https://gist.github.com/schakko/2628689?permalink_comment_id=3321113#gistcomment-3321113 | ||
// From https://gist.github.com/chengen/450129cb95c7159cb05001cc6bdbf6a1 | ||
const cypher = Buffer.from(encryptedText, 'base64') | ||
const salt = cypher.slice(8, 16) | ||
const password = Buffer.concat([Buffer.from(secret), salt]) | ||
const md5Hashes = [] | ||
let digest = password | ||
for (let i = 0; i < 3; i++) { | ||
md5Hashes[i] = crypto.createHash('md5').update(digest).digest() | ||
digest = Buffer.concat([md5Hashes[i], password]) | ||
} | ||
const key = Buffer.concat([md5Hashes[0], md5Hashes[1]]) | ||
const iv = md5Hashes[2] | ||
const contents = cypher.slice(16) | ||
const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv) | ||
|
||
return Buffer.concat([decipher.update(contents), decipher.final()]).toString('utf8') | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.