From f812fe7be976b666d6f18f0deb497e2ab0be1b0d Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Tue, 25 Jan 2022 19:14:43 +0100 Subject: [PATCH] Remove SHA1 --- CHANGELOG.md | 8 +++++ packages/crypto/src/hmac.spec.ts | 62 +++++--------------------------- packages/crypto/src/index.ts | 2 +- packages/crypto/src/sha.ts | 28 --------------- 4 files changed, 18 insertions(+), 82 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 467c8bfb..836eead8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,14 @@ and this project adheres to ## [Unreleased] +### Removed + +- @cosmjs/crypto: Remove the SHA1 implementation (`Sha1` and `sha1`) as it is + not used in the Cosmos tech stack and not implemented in the hashing lib we + want to migrate to ([#1003]). Also it has known weaknesses. + +[#1003]: https://github.com/cosmos/cosmjs/issues/1003 + ## [0.27.1] - 2022-01-26 ### Added diff --git a/packages/crypto/src/hmac.spec.ts b/packages/crypto/src/hmac.spec.ts index 2a992c2b..16729636 100644 --- a/packages/crypto/src/hmac.spec.ts +++ b/packages/crypto/src/hmac.spec.ts @@ -1,59 +1,9 @@ import { fromHex } from "@cosmjs/encoding"; import { Hmac } from "./hmac"; -import { Sha1, Sha256, Sha512 } from "./sha"; +import { Sha256, Sha512 } from "./sha"; describe("HMAC", () => { - it("can perform HMAC(SHA1) according to Botan test vectors", () => { - // https://github.com/randombit/botan/blob/a5a260c/src/tests/data/mac/hmac.vec - { - const hmac = new Hmac(Sha1, fromHex("0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B")); - hmac.update(fromHex("4869205468657265")); - expect(hmac.digest()).toEqual(fromHex("B617318655057264E28BC0B6FB378C8EF146BE00")); - } - { - const hmac = new Hmac(Sha1, fromHex("0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C0C")); - hmac.update(fromHex("546573742057697468205472756E636174696F6E")); - expect(hmac.digest()).toEqual(fromHex("4C1A03424B55E07FE7F27BE1D58BB9324A9A5A04")); - } - { - const hmac = new Hmac(Sha1, fromHex("4CA0EF38F1794B28A8F8EE110EE79D48CE13BE25")); - hmac.update( - fromHex( - "54657374205573696E67204C6172676572205468616E20426C6F636B2D53697A65204B6579202D2048617368204B6579204669727374", - ), - ); - expect(hmac.digest()).toEqual(fromHex("AA4AE5E15272D00E95705637CE8A3B55ED402112")); - } - { - const hmac = new Hmac(Sha1, fromHex("4CA0EF38F1794B28A8F8EE110EE79D48CE13BE25")); - hmac.update( - fromHex( - "54657374205573696E67204C6172676572205468616E20426C6F636B2D53697A65204B657920616E64204C6172676572205468616E204F6E6520426C6F636B2D53697A652044617461", - ), - ); - expect(hmac.digest()).toEqual(fromHex("E8E99D0F45237D786D6BBAA7965C7808BBFF1A91")); - } - { - const hmac = new Hmac(Sha1, fromHex("0102030405060708090A0B0C0D0E0F10111213141516171819")); - hmac.update( - fromHex( - "CDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCDCD", - ), - ); - expect(hmac.digest()).toEqual(fromHex("4C9007F4026250C6BC8414F9BF50C86C2D7235DA")); - } - { - const hmac = new Hmac(Sha1, fromHex("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA")); - hmac.update( - fromHex( - "DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD", - ), - ); - expect(hmac.digest()).toEqual(fromHex("125D7342B9AC11CD91A39AF48AA17B4F63F175D3")); - } - }); - it("can perform HMAC(SHA256) according to Botan test vectors", () => { // https://github.com/randombit/botan/blob/a5a260c/src/tests/data/mac/hmac.vec#L60 { @@ -199,7 +149,11 @@ describe("HMAC", () => { }); it("can perform incremental hashing", () => { - const hmac = new Hmac(Sha1, fromHex("0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B")); + // https://github.com/randombit/botan/blob/a5a260c/src/tests/data/mac/hmac.vec#L73-L75 + const hmac = new Hmac( + Sha256, + fromHex("0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B"), + ); // full message: 4869205468657265 hmac.update(fromHex("")); hmac.update(fromHex("48")); @@ -210,7 +164,9 @@ describe("HMAC", () => { hmac.update(fromHex("5468")); hmac.update(fromHex("657265")); hmac.update(fromHex("")); - expect(hmac.digest()).toEqual(fromHex("B617318655057264E28BC0B6FB378C8EF146BE00")); + expect(hmac.digest()).toEqual( + fromHex("198A607EB44BFBC69903A0F1CF2BBDC5BA0AA3F3D9AE3C1C7A3B1696A0B68CF7"), + ); }); it("works with empty keys", () => { diff --git a/packages/crypto/src/index.ts b/packages/crypto/src/index.ts index f0e9c39a..0f2c73ed 100644 --- a/packages/crypto/src/index.ts +++ b/packages/crypto/src/index.ts @@ -16,7 +16,7 @@ export { Random } from "./random"; export { Ripemd160, ripemd160 } from "./ripemd"; export { Secp256k1, Secp256k1Keypair } from "./secp256k1"; export { ExtendedSecp256k1Signature, Secp256k1Signature } from "./secp256k1signature"; -export { Sha1, sha1, Sha256, sha256, Sha512, sha512 } from "./sha"; +export { Sha256, sha256, Sha512, sha512 } from "./sha"; export { HdPath, pathToString, diff --git a/packages/crypto/src/sha.ts b/packages/crypto/src/sha.ts index 319633c3..47a3df01 100644 --- a/packages/crypto/src/sha.ts +++ b/packages/crypto/src/sha.ts @@ -3,34 +3,6 @@ import shajs from "sha.js"; import { HashFunction } from "./hash"; -export class Sha1 implements HashFunction { - public readonly blockSize = 512 / 8; - - private readonly impl: Hash; - - public constructor(firstData?: Uint8Array) { - this.impl = shajs("sha1"); - - if (firstData) { - this.update(firstData); - } - } - - public update(data: Uint8Array): Sha1 { - this.impl.update(data); - return this; - } - - public digest(): Uint8Array { - return new Uint8Array(this.impl.digest()); - } -} - -/** Convenience function equivalent to `new Sha1(data).digest()` */ -export function sha1(data: Uint8Array): Uint8Array { - return new Sha1(data).digest(); -} - export class Sha256 implements HashFunction { public readonly blockSize = 512 / 8;