From 57484cdb0ec9ea420b3b7cee92910adf1291b0b8 Mon Sep 17 00:00:00 2001 From: moreal Date: Thu, 16 May 2024 13:21:45 +0900 Subject: [PATCH] fix: replace keccak256 with @noble/hashes --- background/package.json | 2 +- background/src/utils/aes256.js | 6 +++--- pnpm-lock.yaml | 21 ++++++--------------- popup/package.json | 2 +- popup/src/api/background.js | 2 +- popup/src/components/AccountManager.vue | 4 ++-- popup/src/utils/aes256.js | 6 +++--- popup/src/views/Initiate.vue | 4 ++-- popup/src/views/Login.vue | 4 ++-- 9 files changed, 21 insertions(+), 30 deletions(-) diff --git a/background/package.json b/background/package.json index 8bc3b87..cc90183 100644 --- a/background/package.json +++ b/background/package.json @@ -10,6 +10,7 @@ "test": "jest --coverage --detectOpenHandles" }, "dependencies": { + "@noble/hashes": "^1.4.0", "@planetarium/account": "~4.4.2", "@planetarium/bencodex": "0.2.2", "@planetarium/tx": "^4.4.2", @@ -19,7 +20,6 @@ "core-js": "^3.6.5", "decimal.js": "^10.4.3", "ethers": "^5.5.1", - "keccak256": "^1.0.3", "nanoid": "^5.0.7", "web3": "^1.6.0" }, diff --git a/background/src/utils/aes256.js b/background/src/utils/aes256.js index e88f6c0..31ef0b3 100644 --- a/background/src/utils/aes256.js +++ b/background/src/utils/aes256.js @@ -1,9 +1,9 @@ // const crypto = require('crypto') -import keccak256 from "keccak256" +import { keccak_256 } from "@noble/hashes/sha3" const IV_LENGTH = 16 export default { encrypt: async (text, passphrase) => { - const key = await window.crypto.subtle.importKey("raw", Buffer.from(keccak256(passphrase)), {name: 'AES-CBC'}, true, ['encrypt', 'decrypt']); + const key = await window.crypto.subtle.importKey("raw", Buffer.from(keccak_256(passphrase)), {name: 'AES-CBC'}, true, ['encrypt', 'decrypt']); const iv = window.crypto.getRandomValues(new Uint8Array(IV_LENGTH)); const encrypted = await window.crypto.subtle.encrypt({ name: 'AES-CBC', @@ -21,7 +21,7 @@ export default { const textParts = text.split(':') const iv = Buffer.from(textParts.shift(), 'hex') const encryptedText = Buffer.from(textParts.join(':'), 'hex') - const key = await window.crypto.subtle.importKey("raw", Buffer.from(keccak256(passphrase)), {name: 'AES-CBC'}, true, ['encrypt', 'decrypt']); + const key = await window.crypto.subtle.importKey("raw", Buffer.from(keccak_256(passphrase)), {name: 'AES-CBC'}, true, ['encrypt', 'decrypt']); const decrypted = await window.crypto.subtle.decrypt({ name: 'AES-CBC', iv, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a839357..8bed430 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -15,6 +15,9 @@ importers: background: dependencies: + '@noble/hashes': + specifier: ^1.4.0 + version: 1.4.0 '@planetarium/account': specifier: ~4.4.2 version: 4.4.2(patch_hash=jb6dglqvmbazko2rjmsq6cngsy) @@ -42,9 +45,6 @@ importers: ethers: specifier: ^5.5.1 version: 5.7.2(bufferutil@4.0.8)(utf-8-validate@5.0.10) - keccak256: - specifier: ^1.0.3 - version: 1.0.6 nanoid: specifier: ^5.0.7 version: 5.0.7 @@ -238,6 +238,9 @@ importers: '@mdi/font': specifier: ^5.9.55 version: 5.9.55 + '@noble/hashes': + specifier: ^1.4.0 + version: 1.4.0 '@vue/vue3-jest': specifier: '27' version: 27.0.0(@babel/core@7.24.4)(babel-jest@27.5.1(@babel/core@7.24.4))(jest@27.5.1(bufferutil@4.0.8)(utf-8-validate@5.0.10))(typescript@5.4.5)(vue@3.4.24(typescript@5.4.5)) @@ -262,9 +265,6 @@ importers: ethers: specifier: ^6.12.1 version: 6.12.1(bufferutil@4.0.8)(utf-8-validate@5.0.10) - keccak256: - specifier: ^1.0.6 - version: 1.0.6 moment: specifier: ^2.30.1 version: 2.30.1 @@ -4052,9 +4052,6 @@ packages: resolution: {integrity: sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==} engines: {node: '>=0.6.0'} - keccak256@1.0.6: - resolution: {integrity: sha512-8GLiM01PkdJVGUhR1e6M/AvWnSqYS0HaERI+K/QtStGDGlSTx2B1zTqZk4Zlqu5TxHJNTxWAdP9Y+WI50OApUw==} - keccak@3.0.4: resolution: {integrity: sha512-3vKuW0jV8J3XNTzvfyicFR5qvxrSAGl7KIhvgOu5cmWwM7tZRj3fMbj/pfIf4be7aznbc+prBWGjywox/g2Y6Q==} engines: {node: '>=10.0.0'} @@ -11011,12 +11008,6 @@ snapshots: json-schema: 0.4.0 verror: 1.10.0 - keccak256@1.0.6: - dependencies: - bn.js: 5.2.1 - buffer: 6.0.3 - keccak: 3.0.4 - keccak@3.0.4: dependencies: node-addon-api: 2.0.2 diff --git a/popup/package.json b/popup/package.json index eb178ab..23648bd 100644 --- a/popup/package.json +++ b/popup/package.json @@ -10,6 +10,7 @@ }, "dependencies": { "@mdi/font": "^5.9.55", + "@noble/hashes": "^1.4.0", "@vue/vue3-jest": "27", "axios": "^0.21.4", "bencodex": "^0.1.2", @@ -18,7 +19,6 @@ "countup.js": "^2.8.0", "eccrypto": "^1.1.6", "ethers": "^6.12.1", - "keccak256": "^1.0.6", "moment": "^2.30.1", "underscore": "^1.13.6", "vue": "3", diff --git a/popup/src/api/background.js b/popup/src/api/background.js index 0e587e5..9705b2f 100644 --- a/popup/src/api/background.js +++ b/popup/src/api/background.js @@ -10,7 +10,7 @@ const callBackground = function(action, method, params = []) { if (res.error == 'NotSignedIn') { location.reload() } else { - console.log('error callBackground', res) + console.log('error callBackground', action, method, params, res) reject(res.error) } } else { diff --git a/popup/src/components/AccountManager.vue b/popup/src/components/AccountManager.vue index 21239cf..fb428de 100644 --- a/popup/src/components/AccountManager.vue +++ b/popup/src/components/AccountManager.vue @@ -103,7 +103,7 @@ import AccountSelector from "@/components/buttons/AccountSelector.vue"; import CopyBtn from "@/components/buttons/CopyBtn.vue"; import rule from "@/utils/rules" -import keccak256 from "keccak256"; +import { keccak_256 } from "@noble/hashes/sha3"; import t from "@/utils/i18n" import utils from "@/utils/utils"; import { Wallet } from "ethers"; @@ -261,7 +261,7 @@ export default { if (this.pkview.dialog && this.pkview.password) { try { this.pkview.loading = true - let passphrase = keccak256(this.pkview.password).toString('hex') + let passphrase = Buffer.from(keccak_256(this.pkview.password)).toString('hex') let pk = await this.$store.dispatch('Account/getPrivateKey', { address: this.account.address, passphrase: passphrase diff --git a/popup/src/utils/aes256.js b/popup/src/utils/aes256.js index 1a0d85e..983bba7 100644 --- a/popup/src/utils/aes256.js +++ b/popup/src/utils/aes256.js @@ -1,12 +1,12 @@ const crypto = require('crypto') -import keccak256 from "keccak256" +import { keccak_256 } from "@noble/hashes/sha3" const IV_LENGTH = 16 export default { encrypt: (text, passphrase) => { const iv = crypto.randomBytes(IV_LENGTH) const cipher = crypto.createCipheriv( 'aes-256-cbc', - Buffer.from(keccak256(passphrase)), + Buffer.from(keccak_256(passphrase)), iv, ) const encrypted = cipher.update(text) @@ -23,7 +23,7 @@ export default { const encryptedText = Buffer.from(textParts.join(':'), 'hex') const decipher = crypto.createDecipheriv( 'aes-256-cbc', - Buffer.from(keccak256(passphrase)), + Buffer.from(keccak_256(passphrase)), iv, ) const decrypted = decipher.update(encryptedText) diff --git a/popup/src/views/Initiate.vue b/popup/src/views/Initiate.vue index 666fc26..a8c08cd 100644 --- a/popup/src/views/Initiate.vue +++ b/popup/src/views/Initiate.vue @@ -52,7 +52,7 @@