delete useless code & verify servername

Author: shiyuhang0

lib/stream.js

@@ -32,7 +32,9 @@ module.exports.secureStream = function secureStream(connection) {
     return
   }
   try {
-    connection.stream.startTls({});
+    // Configuration of TLS will not work in Cloudflare Workers because startTls doesn't have the corresponding options.
+    // See https://developers.cloudflare.com/workers/runtime-apis/tcp-sockets/#opportunistic-tls-starttls
+    connection.stream.startTls({expectedServerHostname: connection.config.host});
   }catch (err) {
     // SSL negotiation error are fatal
     err.code = 'HANDSHAKE_SSL_ERROR';

lib/utils/nodecrypto.js

@@ -4,21 +4,6 @@
 
 const nodeCrypto = require('crypto')
 
-function md5(string) {
-  return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
-}
-
-// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
-function postgresMd5PasswordHash(user, password, salt) {
-  const inner = md5(password + user);
-  const outer = md5(Buffer.concat([Buffer.from(inner), salt]));
-  return `md5${outer}`
-}
-
-function sha256(text) {
-  return nodeCrypto.createHash('sha256').update(text).digest()
-}
-
 async function sha1(msg,msg1,msg2) {
   const hash = nodeCrypto.createHash('sha1');
   hash.update(msg);
@@ -31,39 +16,6 @@ async function sha1(msg,msg1,msg2) {
   return hash.digest();
 }
 
-function xorRotating(a, seed) {
-  const result = Buffer.allocUnsafe(a.length);
-  const seedLen = seed.length;
-
-  for (let i = 0; i < a.length; i++) {
-    result[i] = a[i] ^ seed[i % seedLen];
-  }
-  return result;
-}
-
-function encrypt(password, scramble, key) {
-  const stage1 = xorRotating(
-    Buffer.from(`${password}\0`, 'utf8'),
-    scramble
-  );
-  return nodeCrypto.publicEncrypt(key, stage1);
-}
-
-function hmacSha256(key, msg) {
-  return nodeCrypto.createHmac('sha256', key).update(msg).digest()
-}
-
-function deriveKey(password, salt, iterations) {
-  return nodeCrypto.pbkdf2Sync(password, salt, iterations, 32, 'sha256')
-}
-
 module.exports = {
-  postgresMd5PasswordHash,
-  randomBytes: nodeCrypto.randomBytes,
-  deriveKey,
-  sha256,
-  hmacSha256,
-  md5,
-  sha1,
-  encrypt,
+  sha1
 }

lib/utils/webcrypto.js

@@ -15,75 +15,13 @@ const webCrypto = nodeCrypto.webcrypto || globalThis.crypto
 const subtleCrypto = webCrypto.subtle
 const textEncoder = new TextEncoder()
 
-/**
- *
- * @param {*} length
- * @returns
- */
-function randomBytes(length) {
-  return webCrypto.getRandomValues(Buffer.alloc(length))
-}
-
-async function md5(string) {
-  try {
-    return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
-  } catch (e) {
-    // `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead.
-    // Note that the MD5 algorithm on WebCrypto is not available in Node.js.
-    // This is why we cannot just use WebCrypto in all environments.
-    const data = typeof string === 'string' ? textEncoder.encode(string) : string
-    const hash = await subtleCrypto.digest('MD5', data)
-    return Array.from(new Uint8Array(hash))
-      .map(b => b.toString(16).padStart(2, '0'))
-      .join('')
-  }
-}
-
-// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
-async function postgresMd5PasswordHash(user, password, salt) {
-  const inner = await md5(password + user);
-  const outer = await md5(Buffer.concat([Buffer.from(inner), salt]));
-  return `md5${outer}`
-}
-
-/**
- * Create a SHA-256 digest of the given data
- * @param {Buffer} data
- */
-async function sha256(text) {
-  return await subtleCrypto.digest('SHA-256', text)
-}
-
-/**
- * Sign the message with the given key
- * @param {ArrayBuffer} keyBuffer
- * @param {string} msg
- */
-async function hmacSha256(keyBuffer, msg) {
-  const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])
-  return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg))
-}
-
-/**
- * Derive a key from the password and salt
- * @param {string} password
- * @param {Uint8Array} salt
- * @param {number} iterations
- */
-async function deriveKey(password, salt, iterations) {
-  const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits'])
-  const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations }
-  return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits'])
-}
-
 function concatenateBuffers(buffer1, buffer2) {
   const combined = new Uint8Array(buffer1.length + buffer2.length);
   combined.set(new Uint8Array(buffer1), 0);
   combined.set(new Uint8Array(buffer2), buffer1.length);
   return combined;
 }
 
-
 async function sha1(msg,msg1,msg2) {
   let concatenatedData = typeof msg === 'string' ? textEncoder.encode(msg) : msg;
   if (msg1) {
@@ -97,11 +35,5 @@ async function sha1(msg,msg1,msg2) {
 }
 
 module.exports = {
-  postgresMd5PasswordHash,
-  randomBytes,
-  deriveKey,
-  sha256,
-  hmacSha256,
-  md5,
-  sha1,
+  sha1
 }