#26 Fix a number of vulnerable sub dependencies (#27)

* #26 Fix a number of vulnerable sub dependencies

* Remove Node 9 and 11, add Node 12 as supported versions

* Try to use forked version of neon as patch to get Node 12 working

* Change to point to direct git hash

* Upgrade to Recrypt 0.8 and consume all breaking changes. Remove export of hash256 method since it isnt needed or used

* Update README to add support for Node 12 and remove support for Node 9/11

* Update version and add changelog entry

Author: Ernie Turner

.travis.yml

@@ -1,6 +1,6 @@
 language: rust
 rust:
-    - 1.34.0
+    - 1.36.0
 
 # all unlabeled jobs run at test. Only if all "test" jobs finish, will the publish job run
 stages:
@@ -23,18 +23,6 @@ jobs:
               - TRAVIS_NODE_VERSION="8"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "Linux - Node 9"
-          os: linux
-          env:
-              - TRAVIS_NODE_VERSION="9"
-              - SKIP_DEPLOY=0
-          if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "OSX - Node 9"
-          os: osx
-          env:
-              - TRAVIS_NODE_VERSION="9"
-              - SKIP_DEPLOY=0
-          if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
         - name: "Linux - Node 10"
           os: linux
           env:
@@ -47,16 +35,16 @@ jobs:
               - TRAVIS_NODE_VERSION="10"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "Linux - Node 11"
+        - name: "Linux - Node 12"
           os: linux
           env:
-              - TRAVIS_NODE_VERSION="11"
+              - TRAVIS_NODE_VERSION="12"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
-        - name: "OSX - Node 11"
+        - name: "OSX - Node 12"
           os: osx
           env:
-              - TRAVIS_NODE_VERSION="11"
+              - TRAVIS_NODE_VERSION="12"
               - SKIP_DEPLOY=0
           if: tag =~ /^\d+\.\d+\.\d+/ OR branch = master OR type = pull_request
 

CHANGELOG.md

@@ -1,3 +1,15 @@
+## 0.5.0
+
+### Breaking Changes
+
++ Added support for Node 12
++ Removed support for Node 9 and 11
++ Removed the `hash256` method from the API. Use the `deriveSymmetricKey` method instead.
+
+### Changed
+
++ Updated all dependencies to their latest versions, including Recrypt to 0.8.
+
 ## 0.4.2
 
 ### Added

README.md

@@ -9,10 +9,10 @@ This library uses the [Neon Bindings](https://www.neon-bindings.com) toolchain t
 
 ## Supported Platforms
 
-|           | Node 8 | Node 9  | Node 10 | Node 11  |
-| --------- | ------ | ------- | ------  | -------  |
-| Linux x64 |    ✓   |    ✓    |    ✓    |    ✓     |
-| OSX x64   |    ✓   |    ✓    |    ✓    |    ✓     |
+|           | Node 8 | Node 10 | Node 12 |
+| --------- | ------ | ------- | ------  |
+| Linux x64 |    ✓   |    ✓    |    ✓    |
+| OSX x64   |    ✓   |    ✓    |    ✓    |
 
 ## Install
 

index.d.ts

@@ -52,7 +52,6 @@ export class Api256 {
     generatePlaintext(): Plaintext;
     generateTransformKey(fromPrivateKey: PrivateKey, toPublicKey: PublicKey, privateSigningKey: PrivateSigningKey): TransformKey;
     computePublicKey(privateKey: PrivateKey): PublicKey;
-    hash256(hashable_buffer: Buffer): Buffer;
     deriveSymmetricKey(plaintext: Plaintext): Buffer;
     encrypt(plaintext: Plaintext, toPublicKey: PublicKey, privateSigningKey: PrivateSigningKey): EncryptedValue;
     transform(encryptedValue: EncryptedValue, transformKey: TransformKey, privateSigningKey: PrivateSigningKey): EncryptedValue;

native/Cargo.toml

@@ -8,10 +8,13 @@ name = "recrypt_node"
 crate-type = ["dylib"]
 
 [dependencies]
-rand = "~0.6.1"
-recrypt = "~0.6"
+recrypt = "~0.8"
 neon = "~0.2.0"
 
+[patch.crates-io]
+neon = { git = 'https://github.com/kjvalencik/neon', rev = '5d877ac0' }
+neon-runtime = { git = 'https://github.com/kjvalencik/neon', rev = '5d877ac0' }
+
 [build-dependencies]
 neon-build = "0.2.0"
 

native/src/api256.rs

@@ -1,28 +1,27 @@
 use neon::prelude::*;
 use neon::types::JsBuffer;
-use rand;
 use recrypt::api::Hashable;
 use recrypt::api::{
-    Api, CryptoOps, Ed25519, Ed25519Ops, KeyGenOps, PublicSigningKey, RandomBytes, SchnorrOps,
-    Sha256, SigningKeypair,
+    CryptoOps, DefaultRng, Ed25519, Ed25519Ops, KeyGenOps, PublicSigningKey, RandomBytes, Recrypt,
+    SchnorrOps, Sha256, SigningKeypair,
 };
 use util;
 
 pub struct RecryptApi256 {
-    api: Api<Sha256, Ed25519, RandomBytes<rand::rngs::ThreadRng>>,
+    api: Recrypt<Sha256, Ed25519, RandomBytes<DefaultRng>>,
 }
 
 declare_types! {
     pub class Api256 for RecryptApi256 {
         init(_cx) {
-            Ok(RecryptApi256 {api: Api::new()})
+            Ok(RecryptApi256 {api: Recrypt::new()})
         }
 
         method generateKeyPair(mut cx) {
             let (priv_key, pub_key) = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.generate_key_pair().unwrap()
             };
 
@@ -41,12 +40,12 @@ declare_types! {
             let signing_key_pair = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.generate_ed25519_key_pair()
             };
 
             let signing_key_pair_obj: Handle<JsObject> = cx.empty_object();
-            let priv_key_buffer = util::bytes_to_buffer(&mut cx, &signing_key_pair.bytes())?;
+            let priv_key_buffer = util::bytes_to_buffer(&mut cx, signing_key_pair.bytes())?;
             let pub_key_buffer = util::bytes_to_buffer(&mut cx, signing_key_pair.public_key().bytes())?;
 
             signing_key_pair_obj.set(&mut cx, "privateKey", priv_key_buffer)?;
@@ -94,7 +93,7 @@ declare_types! {
             let plaintext = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.gen_plaintext()
             };
 
@@ -113,10 +112,10 @@ declare_types! {
             let transform_key = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.generate_transform_key(
                     &util::buffer_to_private_key(&cx, from_private_key_buffer),
-                    to_public_key,
+                    &to_public_key,
                     &signing_key_pair
                 ).unwrap()
             };
@@ -136,26 +135,13 @@ declare_types! {
             Ok(util::public_key_to_js_object(&mut cx, &derived_public_key)?.upcast())
         }
 
-        method hash256(mut cx) {
-            let hashable_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
-
-            let hashed_bytes = {
-                let mut this = cx.this();
-                let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
-                recrypt_api_256.api.hash_256(&util::buffer_to_variable_bytes(&cx, hashable_buffer))
-            };
-
-            Ok(util::bytes_to_buffer(&mut cx, &hashed_bytes)?.upcast())
-        }
-
         method deriveSymmetricKey(mut cx){
             let plaintext_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
 
             let decrypted_symmetric_key = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.derive_symmetric_key(&util::buffer_to_plaintext(&cx, plaintext_buffer))
             };
 
@@ -173,10 +159,10 @@ declare_types! {
             let encrypted_value = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.encrypt(
                     &util::buffer_to_plaintext(&cx, plaintext_buffer),
-                    public_key,
+                    &public_key,
                     &signing_key_pair
                 ).unwrap()
             };
@@ -196,7 +182,7 @@ declare_types! {
             let transformed_encrypted_value = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.transform(encrypted_value, transform_key, &signing_key_pair).unwrap()
             };
 
@@ -232,10 +218,10 @@ declare_types! {
             let signature = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.schnorr_sign(
                     &util::buffer_to_private_key(&cx, private_key_buffer),
-                    public_key,
+                    &public_key,
                     &util::buffer_to_variable_bytes(&cx, message_buffer)
                 )
             };
@@ -269,9 +255,9 @@ declare_types! {
             let verified = {
                 let mut this = cx.this();
                 let guard = cx.lock();
-                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                let recrypt_api_256 = this.borrow_mut(&guard);
                 recrypt_api_256.api.schnorr_verify(
-                    public_key,
+                    &public_key,
                     augmented_private_key.as_ref(),
                     &util::buffer_to_variable_bytes(&cx, message_buffer),
                     signature

native/src/lib.rs

@@ -1,6 +1,5 @@
 #[macro_use]
 extern crate neon;
-extern crate rand;
 extern crate recrypt;
 
 mod api256;

native/src/util.rs

@@ -25,23 +25,21 @@ macro_rules! buffer_to_fixed_bytes { ($($fn_name: ident, $n: expr); *) => {
     })+
 }}
 
-///
-/// Create the various methods we need to convert buffers into fixed length bytes
-///
+// Create the various methods we need to convert buffers into fixed length bytes
 buffer_to_fixed_bytes! {buffer_to_fixed_32_bytes, 32; buffer_to_fixed_64_bytes, 64; buffer_to_fixed_128_bytes, 128; buffer_to_fixed_384_bytes, 384}
 
 ///
-/// Create a macro for converting JsBuffers to different types of signature objects which all have the same size
+/// Create a macro for converting JsBuffers to different types of signature objects which all have the same size. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust.
 ///
 macro_rules! buffer_to_signature { ($($fn_name: ident, $sig_type: expr, $ret_type: ty); *) => {
+    #[allow(dead_code)]
     $(pub fn $fn_name<'a, T: Context<'a>>(cx: &T, buffer: Handle<JsBuffer>) -> $ret_type {
         $sig_type(buffer_to_fixed_64_bytes(cx, buffer, "signature"))
     })+
 }}
 
-///
-/// Create two methods from the macro for Schnorr and ED25519 signatures
-///
+// Create two methods from the macro for Schnorr and ED25519 signatures
 buffer_to_signature! {buffer_to_schnorr_signature, SchnorrSignature::new, SchnorrSignature; buffer_to_ed25519_signature, Ed25519Signature::new, Ed25519Signature}
 
 ///
@@ -78,8 +76,10 @@ pub fn buffer_to_private_key<'a, T: Context<'a>>(cx: &T, buffer: Handle<JsBuffer
 }
 
 ///
-/// Convert a JsBuffer handle to a Plaintext object
+/// Convert a JsBuffer handle to a Plaintext object. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust
 ///
+#[allow(dead_code)]
 pub fn buffer_to_plaintext<'a, T: Context<'a>>(cx: &T, buffer: Handle<JsBuffer>) -> Plaintext {
     Plaintext::new(buffer_to_fixed_384_bytes(cx, buffer, "plaintext"))
 }
@@ -207,8 +207,10 @@ pub fn transform_key_to_js_object<'a, T: Context<'a>>(
 }
 
 ///
-/// Convert an array of transform blocks into a non-empty vector of internal recrypt TransformBlock structs
+/// Convert an array of transform blocks into a non-empty vector of internal recrypt TransformBlock structs. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust
 ///
+#[allow(dead_code)]
 pub fn js_object_to_transform_blocks<'a, T: Context<'a>>(
     cx: &mut T,
     js_array: Handle<JsArray>,
@@ -262,8 +264,10 @@ pub fn js_object_to_transform_blocks<'a, T: Context<'a>>(
 }
 
 ///
-/// Iterate through the provided internal TransformBlocks and convert each block to an external array of transform block objects.
+/// Iterate through the provided internal TransformBlocks and convert each block to an external array of transform block objects. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust
 ///
+#[allow(dead_code)]
 pub fn transform_blocks_to_js_object<'a, T: Context<'a>>(
     cx: &mut T,
     transform_blocks: Vec<TransformBlock>,
@@ -300,8 +304,10 @@ pub fn transform_blocks_to_js_object<'a, T: Context<'a>>(
 }
 
 ///
-/// Convert a JsObject with various encrypted value keys into a EncryptedOnce or TransformedValue value
+/// Convert a JsObject with various encrypted value keys into a EncryptedOnce or TransformedValue value. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust
 ///
+#[allow(dead_code)]
 pub fn js_object_to_encrypted_value<'a, T: Context<'a>>(
     cx: &mut T,
     object: Handle<JsObject>,
@@ -375,8 +381,10 @@ pub fn js_object_to_encrypted_value<'a, T: Context<'a>>(
 }
 
 ///
-/// Convert a Recrypt EncryptedValue into a JsObbject with expeted properties and bytes converted to Buffers
+/// Convert a Recrypt EncryptedValue into a JsObbject with expeted properties and bytes converted to Buffers. Marked as dead code because usage
+/// of this function in the wrapped macro in `api256.rs` can't be parsed by Rust
 ///
+#[allow(dead_code)]
 pub fn encrypted_value_to_js_object<'a, T: Context<'a>>(
     cx: &mut T,
     encrypted_value: EncryptedValue,

package.json

@@ -1,6 +1,6 @@
 {
     "name": "@ironcorelabs/recrypt-node-binding",
-    "version": "0.4.2",
+    "version": "0.5.0",
     "description": "Bindings to allow the recrypt-rs library to work via NodeJS.",
     "repository": {
         "type": "git",
@@ -27,13 +27,16 @@
         "benchmark": "node benchmark/index.js",
         "test": "jest"
     },
+    "dependencies": {
+        "node-pre-gyp": "^0.13.0"
+    },
     "devDependencies": {
-        "@types/node": "^10.11.0",
+        "@types/node": "^12.7.1",
         "benchmark": "^2.1.4",
-        "jest": "^23.6.0",
-        "jest-extended": "^0.11.0",
+        "jest": "^24.8.0",
+        "jest-extended": "^0.11.2",
         "neon-cli": "^0.2.0",
-        "shelljs": "^0.8.2"
+        "shelljs": "^0.8.3"
     },
     "prettier": {
         "printWidth": 160,
@@ -45,10 +48,9 @@
     },
     "jest": {
         "testEnvironment": "node",
-        "setupTestFrameworkScriptFile": "jest-extended"
-    },
-    "dependencies": {
-        "node-pre-gyp": "^0.11.0"
+        "setupFilesAfterEnv": [
+            "jest-extended"
+        ]
     },
     "binary": {
         "module_name": "index",