search

EOSIO / eosjs-ecc

Elliptic curve cryptography functions: Private Key, Public Key, Signature, AES, Encryption, Decryption
288 stars 119 forks source link

Buffer not exported prevents using various functions, like recover #2

Closed ellipticasec closed 6 years ago

ellipticasec commented 6 years ago

You are not exporting Buffer (safe-buffer) in the root object and this prevents from using certain function like recover, which expects a Buffer object.

ellipticasec commented 6 years ago 
diff --git a/src/index.js b/src/index.js
index d2d30c8..e01873a 100644
--- a/src/index.js
+++ b/src/index.js
@@ -1,6 +1,7 @@
 const commonApi = require('./api_common')
 const objectApi = require('./api_object')
+const Buffer = require('safe-buffer')

-const ecc = Object.assign({}, commonApi, objectApi)
+const ecc = Object.assign({}, commonApi, objectApi, Buffer)
chris-allnutt commented 6 years ago

@ellipticasec can you put that into a PR request?

jcalfee commented 6 years ago

It should probably be {Buffer} or better yet ecc.exports = {Buffer} in the line below.. I think I can add it, that is very easy. Package and package-lock.json needs to be updated too..

jcalfee commented 6 years ago

I'm not using safe-buffer so I looked into this. I am using babel es2015 though and I noticed that the new Buffer.from is being used in the transpiler's output (egrep Buffer.from lib/ -or) .. I'm not sure if es2015 includes a safe-buffer implementation or not.

That said, I should be es2015 complaint already so I believe that I should not require this safe-buffer package. If you know otherwise let me know.

So, the alternatives are: a) make sure you realize that a Buffer is never required. You can always use a string version: hex, etc.. b) if you want safe buffer grab your own copy so you are not dependent on another library exporting it..

Let me know if you think I'm overlooking something about safe-buffer..

ellipticasec commented 6 years ago

Well in my test cases , when I'm interfacing with the library in the browser, I do not have native Buffer object in Chrome... so the only I could play with it was by exposing that safe-buffer.

jcalfee commented 6 years ago

Ok .. I'm going on vacation next week so I'm closing out tickets..

So can you use a string? (option a)

jcalfee commented 6 years ago

In dawn2 a signature is hex string .. in dawn3 is it a long EOS prefixed base58 string..

jcalfee commented 6 years ago

Here is an API improvement that will let you provide the data string and specify the encoding hex .. so the buffer will not be needed.

moved to: https://github.com/EOSIO/eosjs-ecc/issues/4

jcalfee commented 6 years ago

Recover, sign, and verify have an encoding parameter that should help your case. I released eosjs-ecc 3.1.0 at npm (eosjs-ecc@dawn3) .. Let me know if you need eosjs released too with this new version, otherwise I'll put that out on the next release of eosjs..

https://github.com/EOSIO/eosjs-ecc/commit/08911edb815ba87eaf5e89b160a29eee2c874d53