remove some crypto functions

2025-12-17 08:43:33 +00:00 · 2018-05-07 12:14:40 -04:00
parent dfcde8a29a
commit e614cffffb
6 changed files with 39 additions and 39 deletions
--- a/src/abstractions/cryptoFunction.service.ts
+++ b/src/abstractions/cryptoFunction.service.ts
@@ -6,15 +6,15 @@ export abstract class CryptoFunctionService {
        iterations: number) => Promise<ArrayBuffer>;
    hash: (value: string | ArrayBuffer, algorithm: 'sha1' | 'sha256' | 'sha512') => Promise<ArrayBuffer>;
    hmac: (value: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256' | 'sha512') => Promise<ArrayBuffer>;
-    timeSafeEqual: (a: ArrayBuffer, b: ArrayBuffer) => Promise<boolean>;
+    compare: (a: ArrayBuffer, b: ArrayBuffer) => Promise<boolean>;
    hmacFast: (value: ArrayBuffer | string, key: ArrayBuffer | string, algorithm: 'sha1' | 'sha256' | 'sha512') =>
        Promise<ArrayBuffer | string>;
-    timeSafeEqualFast: (a: ArrayBuffer | string, b: ArrayBuffer | string) => Promise<boolean>;
+    compareFast: (a: ArrayBuffer | string, b: ArrayBuffer | string) => Promise<boolean>;
    aesEncrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
    aesDecryptFastParameters: (data: string, iv: string, mac: string, key: SymmetricCryptoKey) =>
        DecryptParameters<ArrayBuffer | string>;
    aesDecryptFast: (parameters: DecryptParameters<ArrayBuffer | string>) => Promise<string>;
-    aesDecryptLarge: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
+    aesDecrypt: (data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer) => Promise<ArrayBuffer>;
    rsaEncrypt: (data: ArrayBuffer, publicKey: ArrayBuffer, algorithm: 'sha1' | 'sha256') => Promise<ArrayBuffer>;
    rsaDecrypt: (data: ArrayBuffer, key: ArrayBuffer, algorithm: 'sha1' | 'sha256') => Promise<ArrayBuffer>;
    randomBytes: (length: number) => Promise<ArrayBuffer>;
--- a/src/services/crypto.service.ts
+++ b/src/services/crypto.service.ts
@@ -430,7 +430,7 @@ export class CryptoService implements CryptoServiceAbstraction {
        if (fastParams.macKey != null && fastParams.mac != null) {
            const computedMac = await this.cryptoFunctionService.hmacFast(fastParams.macData,
                fastParams.macKey, 'sha256');
-            const macsEqual = await this.cryptoFunctionService.timeSafeEqualFast(fastParams.mac, computedMac);
+            const macsEqual = await this.cryptoFunctionService.compareFast(fastParams.mac, computedMac);
            if (!macsEqual) {
                // tslint:disable-next-line
                console.error('mac failed.');
@@ -463,7 +463,7 @@ export class CryptoService implements CryptoServiceAbstraction {
                return null;
            }

-            const macsMatch = await this.cryptoFunctionService.timeSafeEqual(mac, computedMac);
+            const macsMatch = await this.cryptoFunctionService.compare(mac, computedMac);
            if (!macsMatch) {
                // tslint:disable-next-line
                console.error('mac failed.');
@@ -471,7 +471,7 @@ export class CryptoService implements CryptoServiceAbstraction {
            }
        }

-        return await this.cryptoFunctionService.aesDecryptLarge(ct, iv, theKey.encKey);
+        return await this.cryptoFunctionService.aesDecrypt(ct, iv, theKey.encKey);
    }

    private async rsaDecrypt(encValue: string): Promise<ArrayBuffer> {
@@ -515,7 +515,7 @@ export class CryptoService implements CryptoServiceAbstraction {
        if (key != null && key.macKey != null && encPieces.length > 1) {
            const mac = Utils.fromB64ToArray(encPieces[1]).buffer;
            const computedMac = await this.cryptoFunctionService.hmac(ct, key.macKey, 'sha256');
-            const macsEqual = await this.cryptoFunctionService.timeSafeEqual(mac, computedMac);
+            const macsEqual = await this.cryptoFunctionService.compare(mac, computedMac);
            if (!macsEqual) {
                throw new Error('MAC failed.');
            }
--- a/src/services/nodeCryptoFunction.service.ts
+++ b/src/services/nodeCryptoFunction.service.ts
@@ -41,7 +41,7 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
        return Promise.resolve(this.toArrayBuffer(hmac.digest()));
    }

-    async timeSafeEqual(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
+    async compare(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
        const key = await this.randomBytes(32);
        const mac1 = await this.hmac(a, key, 'sha256');
        const mac2 = await this.hmac(b, key, 'sha256');
@@ -64,8 +64,8 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
        return this.hmac(value, key, algorithm);
    }

-    timeSafeEqualFast(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
-        return this.timeSafeEqual(a, b);
+    compareFast(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
+        return this.compare(a, b);
    }

    aesEncrypt(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
@@ -100,11 +100,11 @@ export class NodeCryptoFunctionService implements CryptoFunctionService {
    }

    async aesDecryptFast(parameters: DecryptParameters<ArrayBuffer>): Promise<string> {
-        const decBuf = await this.aesDecryptLarge(parameters.data, parameters.iv, parameters.encKey);
+        const decBuf = await this.aesDecrypt(parameters.data, parameters.iv, parameters.encKey);
        return Utils.fromBufferToUtf8(decBuf);
    }

-    aesDecryptLarge(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
+    aesDecrypt(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
        const nodeData = this.toNodeBuffer(data);
        const nodeIv = this.toNodeBuffer(iv);
        const nodeKey = this.toNodeBuffer(key);
--- a/src/services/webCryptoFunction.service.ts
+++ b/src/services/webCryptoFunction.service.ts
@@ -69,7 +69,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
    // Safely compare two values in a way that protects against timing attacks (Double HMAC Verification).
    // ref: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/
    // ref: https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy
-    async timeSafeEqual(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
+    async compare(a: ArrayBuffer, b: ArrayBuffer): Promise<boolean> {
        const macKey = await this.randomBytes(32);
        const signingAlgorithm = {
            name: 'HMAC',
@@ -102,7 +102,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
        return Promise.resolve(bytes);
    }

-    async timeSafeEqualFast(a: string, b: string): Promise<boolean> {
+    async compareFast(a: string, b: string): Promise<boolean> {
        const rand = await this.randomBytes(32);
        const bytes = new Uint32Array(rand);
        const buffer = forge.util.createBuffer();
@@ -155,7 +155,7 @@ export class WebCryptoFunctionService implements CryptoFunctionService {
        return Promise.resolve(val);
    }

-    async aesDecryptLarge(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
+    async aesDecrypt(data: ArrayBuffer, iv: ArrayBuffer, key: ArrayBuffer): Promise<ArrayBuffer> {
        const impKey = await this.subtle.importKey('raw', key, { name: 'AES-CBC' }, false, ['decrypt']);
        return await this.subtle.decrypt({ name: 'AES-CBC', iv: iv }, impKey, data);
    }