diff options
Diffstat (limited to 'deps/npm/node_modules/request/node_modules')
29 files changed, 41 insertions, 2744 deletions
diff --git a/deps/npm/node_modules/request/node_modules/hawk/README.md b/deps/npm/node_modules/request/node_modules/hawk/README.md index 63725034fc..63725034fc 100755..100644 --- a/deps/npm/node_modules/request/node_modules/hawk/README.md +++ b/deps/npm/node_modules/request/node_modules/hawk/README.md diff --git a/deps/npm/node_modules/request/node_modules/hawk/node_modules/boom/README.md b/deps/npm/node_modules/request/node_modules/hawk/node_modules/boom/README.md index cbd91c9319..cbd91c9319 100755..100644 --- a/deps/npm/node_modules/request/node_modules/hawk/node_modules/boom/README.md +++ b/deps/npm/node_modules/request/node_modules/hawk/node_modules/boom/README.md diff --git a/deps/npm/node_modules/request/node_modules/hawk/node_modules/sntp/README.md b/deps/npm/node_modules/request/node_modules/hawk/node_modules/sntp/README.md index 98a6e025db..98a6e025db 100755..100644 --- a/deps/npm/node_modules/request/node_modules/hawk/node_modules/sntp/README.md +++ b/deps/npm/node_modules/request/node_modules/hawk/node_modules/sntp/README.md diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/dhe.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/dhe.js index 74f5e04702..b4d366289b 100644 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/dhe.js +++ b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/dhe.js @@ -10,7 +10,6 @@ var assert = require('assert-plus'); var crypto = require('crypto'); var algs = require('./algs'); var utils = require('./utils'); -var ed; var nacl; var Key = require('./key'); @@ -76,14 +75,11 @@ function DiffieHellman(key) { this._dh.setPublicKey(key.part.Q.data); } else if (key.type === 'curve25519') { - if (ed === undefined) - ed = require('jodid25519'); + if (nacl === undefined) + nacl = require('tweetnacl'); if (this._isPriv) { this._priv = key.part.r.data; - if (this._priv[0] === 0x00) - this._priv = this._priv.slice(1); - this._priv = this._priv.slice(0, 32); } } else { @@ -180,14 +176,17 @@ DiffieHellman.prototype.computeSecret = function (otherpk) { } else if (this._algo === 'curve25519') { pub = otherpk.part.R.data; - if (pub[0] === 0x00) + while (pub[0] === 0x00 && pub.length > 32) pub = pub.slice(1); + assert.strictEqual(pub.length, 32); + assert.strictEqual(this._priv.length, 64); - var secret = ed.dh.computeKey( - this._priv.toString('binary'), - pub.toString('binary')); + var priv = this._priv.slice(0, 32); - return (new Buffer(secret, 'binary')); + var secret = nacl.box.before(new Uint8Array(pub), + new Uint8Array(priv)); + + return (new Buffer(secret)); } throw (new Error('Invalid algorithm: ' + this._algo)); @@ -255,13 +254,15 @@ DiffieHellman.prototype.generateKey = function () { } } else if (this._algo === 'curve25519') { - priv = ed.dh.generateKey(); - pub = ed.dh.publicKey(priv); - this._priv = priv = new Buffer(priv, 'binary'); - pub = new Buffer(pub, 'binary'); + var pair = nacl.box.keyPair(); + priv = new Buffer(pair.secretKey); + pub = new Buffer(pair.publicKey); + priv = Buffer.concat([priv, pub]); + assert.strictEqual(priv.length, 64); + assert.strictEqual(pub.length, 32); parts.push({name: 'R', data: pub}); - parts.push({name: 'r', data: Buffer.concat([priv, pub])}); + parts.push({name: 'r', data: priv}); this._key = new PrivateKey({ type: 'curve25519', parts: parts diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/key.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/key.js index 56b8cb4f05..64e24b4db7 100644 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/key.js +++ b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/key.js @@ -64,7 +64,7 @@ function Key(opts) { var curve = this.part.curve.data.toString(); this.curve = curve; sz = algs.curves[curve].size; - } else if (this.type === 'ed25519') { + } else if (this.type === 'ed25519' || this.type === 'curve25519') { sz = 256; this.curve = 'curve25519'; } else { diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/private-key.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/private-key.js index b56201a189..36b6f8ceb8 100644 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/private-key.js +++ b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/lib/private-key.js @@ -14,7 +14,7 @@ var dhe = require('./dhe'); var generateECDSA = dhe.generateECDSA; var generateED25519 = dhe.generateED25519; var edCompat; -var ed; +var nacl; try { edCompat = require('./ed-compat'); @@ -83,22 +83,22 @@ PrivateKey.prototype.toPublic = function () { return (this._pubCache); }; -PrivateKey.prototype.derive = function (newType, newSize) { +PrivateKey.prototype.derive = function (newType) { assert.string(newType, 'type'); - assert.optionalNumber(newSize, 'size'); - var priv, pub; + var priv, pub, pair; if (this.type === 'ed25519' && newType === 'curve25519') { - if (ed === undefined) - ed = require('jodid25519'); + if (nacl === undefined) + nacl = require('tweetnacl'); priv = this.part.r.data; if (priv[0] === 0x00) priv = priv.slice(1); priv = priv.slice(0, 32); - pub = ed.dh.publicKey(priv); - priv = utils.mpNormalize(Buffer.concat([priv, pub])); + pair = nacl.box.keyPair.fromSecretKey(new Uint8Array(priv)); + pub = new Buffer(pair.publicKey); + priv = Buffer.concat([priv, pub]); return (new PrivateKey({ type: 'curve25519', @@ -108,18 +108,17 @@ PrivateKey.prototype.derive = function (newType, newSize) { ] })); } else if (this.type === 'curve25519' && newType === 'ed25519') { - if (ed === undefined) - ed = require('jodid25519'); + if (nacl === undefined) + nacl = require('tweetnacl'); priv = this.part.r.data; if (priv[0] === 0x00) priv = priv.slice(1); priv = priv.slice(0, 32); - pub = ed.eddsa.publicKey(priv.toString('binary')); - pub = new Buffer(pub, 'binary'); - - priv = utils.mpNormalize(Buffer.concat([priv, pub])); + pair = nacl.sign.keyPair.fromSeed(new Uint8Array(priv)); + pub = new Buffer(pair.publicKey); + priv = Buffer.concat([priv, pub]); return (new PrivateKey({ type: 'ed25519', diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.npmignore b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.npmignore deleted file mode 100644 index 877830c065..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.npmignore +++ /dev/null @@ -1,11 +0,0 @@ -# Editor, IDE and dev environment stuff -*~ -.project -.settings - -# Build files and directories -/coverage -/doc/api -/build/ -/test/ -/jodid25519-*.tgz diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.travis.yml b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.travis.yml deleted file mode 100644 index 92a990f679..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: node_js -node_js: - - "0.10" - - "0.11" -branches: - only: - - master diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/AUTHORS.md b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/AUTHORS.md deleted file mode 100644 index 0c17097375..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/AUTHORS.md +++ /dev/null @@ -1,3 +0,0 @@ -* Michele Bini (original Curve25519 core code: curve25519.js) -* Ron Garret (original Ed25519 code: fast-djbec.js) -* Guy Kloss (package refactoring, unit testing) diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/LICENSE b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/LICENSE deleted file mode 100644 index 32ee158584..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/LICENSE +++ /dev/null @@ -1,23 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2012 Ron Garret -Copyright (c) 2007, 2013, 2014 Michele Bini -Copyright (c) 2014 Mega Limited - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/README.md b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/README.md deleted file mode 100644 index 5335b2dec3..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/README.md +++ /dev/null @@ -1,51 +0,0 @@ -Jodid25519 [](https://travis-ci.org/meganz/jodid25519) -=================================================================================================================================== - -Javascript implementation of the Curve25519 and Ed25519 elliptic cryptography functions by Daniel J. Bernstein. - -For the API, please consult the generated documentation under doc/ (you can run `make` to generate it). - -To run the tests do the following on the console from the project's root directory: - - $ npm install - $ make test - - -Contributors ------------- - -If you are one of the contributors and want to add yourself or change the information here, please do submit a pull request. Contributors appear in no particular order. - -### For the Curve25519 submodule - -* [Graydon Hoare](https://github.com/graydon): suggested clamping the private key by default for increased safety and uniformity with other implementations. -* [liliakai](https://github.com/liliakai): spotted an unused argument in some of the functions -* [RyanC](https://github.com/ryancdotorg): removed dependency of a function to the Javascript Math library -* [Guy Kloss](https://github.com/pohutukawa): performance improvements through bit-shift operations, performance and conformance testing, documentation, compatibility with the npm package ecosystem, and more -* [Michele Bini](https://github.com/rev22): originally wrote the Javascript implementation - - -Copyright and MIT licensing ---------------------------- - -* Copyright (c) 2012 Ron Garret -* Copyright (c) 2007, 2013, 2014 Michele Bini <michele.bini@gmail.com> -* Copyright (c) 2014 Mega Limited - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is furnished -to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.0 b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.0 deleted file mode 100644 index 55ffcc47ce..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.0 +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Curve 25519-based cryptography collection. - * - * EC Diffie-Hellman (ECDH) based on Curve25519 and digital signatures (EdDSA) - * based on Ed25519. - * - * Copyright (c) 2012 Ron Garret - * Copyright (c) 2007, 2013, 2014 Michele Bini - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * You should have received a copy of the license along with this program. - */ -// See https://github.com/jrburke/almond#exporting-a-public-api -(function (root, factory) { - if (typeof define === 'function' && define.amd) { - // Allow using this built library as an AMD module - // in another project. That other project will only - // see this AMD call, not the internal modules in - // the closure below. - define([], factory); - } else if (typeof module === 'object' && module.exports) { - // Allow using this built library as a CommonJS module - module.exports = factory(); - } else { - // Browser globals case. Just assign the - // result to a property on the global. - root.jodid25519 = factory(); - } -}(this, function () { - if (typeof module === 'object' && module.exports) { - // If we're running under CommonJS, our dependencies get confused and - // each clobber module.exports which leads to bad behaviour because - // almond does asynchronous loading. So just pretend we're in the - // browser globals case, and make them write to those values instead. - // TODO: ditch requirejs/almond and use browserify or something. - var __oldModule = module; - var __oldExports = exports; - var window = global; - module = undefined; - exports = undefined; - } diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.1 b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.1 deleted file mode 100644 index cdb5e67283..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/almond.1 +++ /dev/null @@ -1,13 +0,0 @@ - if (typeof module === 'object' && module.exports) { - // Restore CommonJS exports once our dependencies have all finished - // loading. - module = __oldModule; - exports = __oldExports; - } - // The modules for your project will be inlined above - // this snippet. Ask almond to synchronously require the - // module value for 'main' here and return it as the - // value to use for the public API for the built file. - return require('jodid25519'); -})); -// See https://github.com/jrburke/almond#exporting-a-public-api diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/index.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/index.js deleted file mode 100644 index 870983984b..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/index.js +++ /dev/null @@ -1,35 +0,0 @@ -"use strict"; - -/* - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss - * - * You should have received a copy of the license along with this program. - */ - -var dh = require('./lib/dh'); -var eddsa = require('./lib/eddsa'); -var curve255 = require('./lib/curve255'); -var utils = require('./lib/utils'); - - /** - * @exports jodid25519 - * Curve 25519-based cryptography collection. - * - * @description - * EC Diffie-Hellman (ECDH) based on Curve25519 and digital signatures - * (EdDSA) based on Ed25519. - */ - var ns = {}; - - /** Module version indicator as string (format: [major.minor.patch]). */ - ns.VERSION = '0.7.1'; - - ns.dh = dh; - ns.eddsa = eddsa; - ns.curve255 = curve255; - ns.utils = utils; - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/jsdoc.json b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/jsdoc.json deleted file mode 100644 index 21eba9bd66..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/jsdoc.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "templates": { - "applicationName": "jodid25519 Library", - "disqus": "", - "googleAnalytics": "", - "openGraph": { - "title": "jodid25519 Library", - "type": "website", - "image": "", - "site_name": "", - "url": "" - }, - "meta": { - "title": "jodid25519 Library", - "description": "", - "keyword": "" - } - } -} diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/core.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/core.js deleted file mode 100644 index f78fd74ddb..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/core.js +++ /dev/null @@ -1,481 +0,0 @@ -"use strict"; -/** - * @fileOverview - * Core operations on curve 25519 required for the higher level modules. - */ - -/* - * Copyright (c) 2007, 2013, 2014 Michele Bini - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss, Michele Bini - * - * You should have received a copy of the license along with this program. - */ - -var crypto = require('crypto'); - - /** - * @exports jodid25519/core - * Core operations on curve 25519 required for the higher level modules. - * - * @description - * Core operations on curve 25519 required for the higher level modules. - * - * <p> - * This core code is extracted from Michele Bini's curve255.js implementation, - * which is used as a base for Curve25519 ECDH and Ed25519 EdDSA operations. - * </p> - */ - var ns = {}; - - function _setbit(n, c, v) { - var i = c >> 4; - var a = n[i]; - a = a + (1 << (c & 0xf)) * v; - n[i] = a; - } - - function _getbit(n, c) { - return (n[c >> 4] >> (c & 0xf)) & 1; - } - - function _ZERO() { - return [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - } - - function _ONE() { - return [1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - } - - // Basepoint. - function _BASE() { - return [9, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - } - - // return -1, 0, +1 when a is less than, equal, or greater than b - function _bigintcmp(a, b) { - // The following code is a bit tricky to avoid code branching - var c, abs_r, mask; - var r = 0; - for (c = 15; c >= 0; c--) { - var x = a[c]; - var y = b[c]; - r = r + (x - y) * (1 - r * r); - // http://graphics.stanford.edu/~seander/bithacks.html#IntegerAbs - // correct for [-294967295, 294967295] - mask = r >> 31; - abs_r = (r + mask) ^ mask; - // http://stackoverflow.com/questions/596467/how-do-i-convert-a-number-to-an-integer-in-javascript - // this rounds towards zero - r = ~~((r << 1) / (abs_r + 1)); - } - return r; - } - - function _bigintadd(a, b) { - var r = []; - var v; - r[0] = (v = a[0] + b[0]) & 0xffff; - r[1] = (v = (v >>> 16) + a[1] + b[1]) & 0xffff; - r[2] = (v = (v >>> 16) + a[2] + b[2]) & 0xffff; - r[3] = (v = (v >>> 16) + a[3] + b[3]) & 0xffff; - r[4] = (v = (v >>> 16) + a[4] + b[4]) & 0xffff; - r[5] = (v = (v >>> 16) + a[5] + b[5]) & 0xffff; - r[6] = (v = (v >>> 16) + a[6] + b[6]) & 0xffff; - r[7] = (v = (v >>> 16) + a[7] + b[7]) & 0xffff; - r[8] = (v = (v >>> 16) + a[8] + b[8]) & 0xffff; - r[9] = (v = (v >>> 16) + a[9] + b[9]) & 0xffff; - r[10] = (v = (v >>> 16) + a[10] + b[10]) & 0xffff; - r[11] = (v = (v >>> 16) + a[11] + b[11]) & 0xffff; - r[12] = (v = (v >>> 16) + a[12] + b[12]) & 0xffff; - r[13] = (v = (v >>> 16) + a[13] + b[13]) & 0xffff; - r[14] = (v = (v >>> 16) + a[14] + b[14]) & 0xffff; - r[15] = (v >>> 16) + a[15] + b[15]; - return r; - } - - function _bigintsub(a, b) { - var r = []; - var v; - r[0] = (v = 0x80000 + a[0] - b[0]) & 0xffff; - r[1] = (v = (v >>> 16) + 0x7fff8 + a[1] - b[1]) & 0xffff; - r[2] = (v = (v >>> 16) + 0x7fff8 + a[2] - b[2]) & 0xffff; - r[3] = (v = (v >>> 16) + 0x7fff8 + a[3] - b[3]) & 0xffff; - r[4] = (v = (v >>> 16) + 0x7fff8 + a[4] - b[4]) & 0xffff; - r[5] = (v = (v >>> 16) + 0x7fff8 + a[5] - b[5]) & 0xffff; - r[6] = (v = (v >>> 16) + 0x7fff8 + a[6] - b[6]) & 0xffff; - r[7] = (v = (v >>> 16) + 0x7fff8 + a[7] - b[7]) & 0xffff; - r[8] = (v = (v >>> 16) + 0x7fff8 + a[8] - b[8]) & 0xffff; - r[9] = (v = (v >>> 16) + 0x7fff8 + a[9] - b[9]) & 0xffff; - r[10] = (v = (v >>> 16) + 0x7fff8 + a[10] - b[10]) & 0xffff; - r[11] = (v = (v >>> 16) + 0x7fff8 + a[11] - b[11]) & 0xffff; - r[12] = (v = (v >>> 16) + 0x7fff8 + a[12] - b[12]) & 0xffff; - r[13] = (v = (v >>> 16) + 0x7fff8 + a[13] - b[13]) & 0xffff; - r[14] = (v = (v >>> 16) + 0x7fff8 + a[14] - b[14]) & 0xffff; - r[15] = (v >>> 16) - 8 + a[15] - b[15]; - return r; - } - - function _sqr8h(a7, a6, a5, a4, a3, a2, a1, a0) { - // 'division by 0x10000' can not be replaced by '>> 16' because - // more than 32 bits of precision are needed similarly - // 'multiplication by 2' cannot be replaced by '<< 1' - var r = []; - var v; - r[0] = (v = a0 * a0) & 0xffff; - r[1] = (v = (0 | (v / 0x10000)) + 2 * a0 * a1) & 0xffff; - r[2] = (v = (0 | (v / 0x10000)) + 2 * a0 * a2 + a1 * a1) & 0xffff; - r[3] = (v = (0 | (v / 0x10000)) + 2 * a0 * a3 + 2 * a1 * a2) & 0xffff; - r[4] = (v = (0 | (v / 0x10000)) + 2 * a0 * a4 + 2 * a1 * a3 + a2 - * a2) & 0xffff; - r[5] = (v = (0 | (v / 0x10000)) + 2 * a0 * a5 + 2 * a1 * a4 + 2 - * a2 * a3) & 0xffff; - r[6] = (v = (0 | (v / 0x10000)) + 2 * a0 * a6 + 2 * a1 * a5 + 2 - * a2 * a4 + a3 * a3) & 0xffff; - r[7] = (v = (0 | (v / 0x10000)) + 2 * a0 * a7 + 2 * a1 * a6 + 2 - * a2 * a5 + 2 * a3 * a4) & 0xffff; - r[8] = (v = (0 | (v / 0x10000)) + 2 * a1 * a7 + 2 * a2 * a6 + 2 - * a3 * a5 + a4 * a4) & 0xffff; - r[9] = (v = (0 | (v / 0x10000)) + 2 * a2 * a7 + 2 * a3 * a6 + 2 - * a4 * a5) & 0xffff; - r[10] = (v = (0 | (v / 0x10000)) + 2 * a3 * a7 + 2 * a4 * a6 - + a5 * a5) & 0xffff; - r[11] = (v = (0 | (v / 0x10000)) + 2 * a4 * a7 + 2 * a5 * a6) & 0xffff; - r[12] = (v = (0 | (v / 0x10000)) + 2 * a5 * a7 + a6 * a6) & 0xffff; - r[13] = (v = (0 | (v / 0x10000)) + 2 * a6 * a7) & 0xffff; - r[14] = (v = (0 | (v / 0x10000)) + a7 * a7) & 0xffff; - r[15] = 0 | (v / 0x10000); - return r; - } - - function _sqrmodp(a) { - var x = _sqr8h(a[15], a[14], a[13], a[12], a[11], a[10], a[9], - a[8]); - var z = _sqr8h(a[7], a[6], a[5], a[4], a[3], a[2], a[1], a[0]); - var y = _sqr8h(a[15] + a[7], a[14] + a[6], a[13] + a[5], a[12] - + a[4], - a[11] + a[3], a[10] + a[2], a[9] + a[1], a[8] - + a[0]); - var r = []; - var v; - r[0] = (v = 0x800000 + z[0] + (y[8] - x[8] - z[8] + x[0] - 0x80) - * 38) & 0xffff; - r[1] = (v = 0x7fff80 + (v >>> 16) + z[1] - + (y[9] - x[9] - z[9] + x[1]) * 38) & 0xffff; - r[2] = (v = 0x7fff80 + (v >>> 16) + z[2] - + (y[10] - x[10] - z[10] + x[2]) * 38) & 0xffff; - r[3] = (v = 0x7fff80 + (v >>> 16) + z[3] - + (y[11] - x[11] - z[11] + x[3]) * 38) & 0xffff; - r[4] = (v = 0x7fff80 + (v >>> 16) + z[4] - + (y[12] - x[12] - z[12] + x[4]) * 38) & 0xffff; - r[5] = (v = 0x7fff80 + (v >>> 16) + z[5] - + (y[13] - x[13] - z[13] + x[5]) * 38) & 0xffff; - r[6] = (v = 0x7fff80 + (v >>> 16) + z[6] - + (y[14] - x[14] - z[14] + x[6]) * 38) & 0xffff; - r[7] = (v = 0x7fff80 + (v >>> 16) + z[7] - + (y[15] - x[15] - z[15] + x[7]) * 38) & 0xffff; - r[8] = (v = 0x7fff80 + (v >>> 16) + z[8] + y[0] - x[0] - z[0] - + x[8] * 38) & 0xffff; - r[9] = (v = 0x7fff80 + (v >>> 16) + z[9] + y[1] - x[1] - z[1] - + x[9] * 38) & 0xffff; - r[10] = (v = 0x7fff80 + (v >>> 16) + z[10] + y[2] - x[2] - z[2] - + x[10] * 38) & 0xffff; - r[11] = (v = 0x7fff80 + (v >>> 16) + z[11] + y[3] - x[3] - z[3] - + x[11] * 38) & 0xffff; - r[12] = (v = 0x7fff80 + (v >>> 16) + z[12] + y[4] - x[4] - z[4] - + x[12] * 38) & 0xffff; - r[13] = (v = 0x7fff80 + (v >>> 16) + z[13] + y[5] - x[5] - z[5] - + x[13] * 38) & 0xffff; - r[14] = (v = 0x7fff80 + (v >>> 16) + z[14] + y[6] - x[6] - z[6] - + x[14] * 38) & 0xffff; - r[15] = 0x7fff80 + (v >>> 16) + z[15] + y[7] - x[7] - z[7] - + x[15] * 38; - _reduce(r); - return r; - } - - function _mul8h(a7, a6, a5, a4, a3, a2, a1, a0, b7, b6, b5, b4, b3, - b2, b1, b0) { - // 'division by 0x10000' can not be replaced by '>> 16' because - // more than 32 bits of precision are needed - var r = []; - var v; - r[0] = (v = a0 * b0) & 0xffff; - r[1] = (v = (0 | (v / 0x10000)) + a0 * b1 + a1 * b0) & 0xffff; - r[2] = (v = (0 | (v / 0x10000)) + a0 * b2 + a1 * b1 + a2 * b0) & 0xffff; - r[3] = (v = (0 | (v / 0x10000)) + a0 * b3 + a1 * b2 + a2 * b1 - + a3 * b0) & 0xffff; - r[4] = (v = (0 | (v / 0x10000)) + a0 * b4 + a1 * b3 + a2 * b2 - + a3 * b1 + a4 * b0) & 0xffff; - r[5] = (v = (0 | (v / 0x10000)) + a0 * b5 + a1 * b4 + a2 * b3 - + a3 * b2 + a4 * b1 + a5 * b0) & 0xffff; - r[6] = (v = (0 | (v / 0x10000)) + a0 * b6 + a1 * b5 + a2 * b4 - + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0) & 0xffff; - r[7] = (v = (0 | (v / 0x10000)) + a0 * b7 + a1 * b6 + a2 * b5 - + a3 * b4 + a4 * b3 + a5 * b2 + a6 * b1 + a7 * b0) & 0xffff; - r[8] = (v = (0 | (v / 0x10000)) + a1 * b7 + a2 * b6 + a3 * b5 - + a4 * b4 + a5 * b3 + a6 * b2 + a7 * b1) & 0xffff; - r[9] = (v = (0 | (v / 0x10000)) + a2 * b7 + a3 * b6 + a4 * b5 - + a5 * b4 + a6 * b3 + a7 * b2) & 0xffff; - r[10] = (v = (0 | (v / 0x10000)) + a3 * b7 + a4 * b6 + a5 * b5 - + a6 * b4 + a7 * b3) & 0xffff; - r[11] = (v = (0 | (v / 0x10000)) + a4 * b7 + a5 * b6 + a6 * b5 - + a7 * b4) & 0xffff; - r[12] = (v = (0 | (v / 0x10000)) + a5 * b7 + a6 * b6 + a7 * b5) & 0xffff; - r[13] = (v = (0 | (v / 0x10000)) + a6 * b7 + a7 * b6) & 0xffff; - r[14] = (v = (0 | (v / 0x10000)) + a7 * b7) & 0xffff; - r[15] = (0 | (v / 0x10000)); - return r; - } - - function _mulmodp(a, b) { - // Karatsuba multiplication scheme: x*y = (b^2+b)*x1*y1 - - // b*(x1-x0)*(y1-y0) + (b+1)*x0*y0 - var x = _mul8h(a[15], a[14], a[13], a[12], a[11], a[10], a[9], - a[8], b[15], b[14], b[13], b[12], b[11], b[10], - b[9], b[8]); - var z = _mul8h(a[7], a[6], a[5], a[4], a[3], a[2], a[1], a[0], - b[7], b[6], b[5], b[4], b[3], b[2], b[1], b[0]); - var y = _mul8h(a[15] + a[7], a[14] + a[6], a[13] + a[5], a[12] - + a[4], - a[11] + a[3], a[10] + a[2], a[9] + a[1], a[8] - + a[0], - b[15] + b[7], b[14] + b[6], b[13] + b[5], b[12] - + b[4], - b[11] + b[3], b[10] + b[2], b[9] + b[1], b[8] - + b[0]); - var r = []; - var v; - r[0] = (v = 0x800000 + z[0] + (y[8] - x[8] - z[8] + x[0] - 0x80) - * 38) & 0xffff; - r[1] = (v = 0x7fff80 + (v >>> 16) + z[1] - + (y[9] - x[9] - z[9] + x[1]) * 38) & 0xffff; - r[2] = (v = 0x7fff80 + (v >>> 16) + z[2] - + (y[10] - x[10] - z[10] + x[2]) * 38) & 0xffff; - r[3] = (v = 0x7fff80 + (v >>> 16) + z[3] - + (y[11] - x[11] - z[11] + x[3]) * 38) & 0xffff; - r[4] = (v = 0x7fff80 + (v >>> 16) + z[4] - + (y[12] - x[12] - z[12] + x[4]) * 38) & 0xffff; - r[5] = (v = 0x7fff80 + (v >>> 16) + z[5] - + (y[13] - x[13] - z[13] + x[5]) * 38) & 0xffff; - r[6] = (v = 0x7fff80 + (v >>> 16) + z[6] - + (y[14] - x[14] - z[14] + x[6]) * 38) & 0xffff; - r[7] = (v = 0x7fff80 + (v >>> 16) + z[7] - + (y[15] - x[15] - z[15] + x[7]) * 38) & 0xffff; - r[8] = (v = 0x7fff80 + (v >>> 16) + z[8] + y[0] - x[0] - z[0] - + x[8] * 38) & 0xffff; - r[9] = (v = 0x7fff80 + (v >>> 16) + z[9] + y[1] - x[1] - z[1] - + x[9] * 38) & 0xffff; - r[10] = (v = 0x7fff80 + (v >>> 16) + z[10] + y[2] - x[2] - z[2] - + x[10] * 38) & 0xffff; - r[11] = (v = 0x7fff80 + (v >>> 16) + z[11] + y[3] - x[3] - z[3] - + x[11] * 38) & 0xffff; - r[12] = (v = 0x7fff80 + (v >>> 16) + z[12] + y[4] - x[4] - z[4] - + x[12] * 38) & 0xffff; - r[13] = (v = 0x7fff80 + (v >>> 16) + z[13] + y[5] - x[5] - z[5] - + x[13] * 38) & 0xffff; - r[14] = (v = 0x7fff80 + (v >>> 16) + z[14] + y[6] - x[6] - z[6] - + x[14] * 38) & 0xffff; - r[15] = 0x7fff80 + (v >>> 16) + z[15] + y[7] - x[7] - z[7] - + x[15] * 38; - _reduce(r); - return r; - } - - function _reduce(arr) { - var aCopy = arr.slice(0); - var choice = [arr, aCopy]; - var v = arr[15]; - // Use the dummy copy instead of just returning to be more constant time. - var a = choice[(v < 0x8000) & 1]; - a[15] = v & 0x7fff; - // >32-bits of precision are required here so '/ 0x8000' can not be - // replaced by the arithmetic equivalent '>>> 15' - v = (0 | (v / 0x8000)) * 19; - a[0] = (v += a[0]) & 0xffff; - v = v >>> 16; - a[1] = (v += a[1]) & 0xffff; - v = v >>> 16; - a[2] = (v += a[2]) & 0xffff; - v = v >>> 16; - a[3] = (v += a[3]) & 0xffff; - v = v >>> 16; - a[4] = (v += a[4]) & 0xffff; - v = v >>> 16; - a[5] = (v += a[5]) & 0xffff; - v = v >>> 16; - a[6] = (v += a[6]) & 0xffff; - v = v >>> 16; - a[7] = (v += a[7]) & 0xffff; - v = v >>> 16; - a[8] = (v += a[8]) & 0xffff; - v = v >>> 16; - a[9] = (v += a[9]) & 0xffff; - v = v >>> 16; - a[10] = (v += a[10]) & 0xffff; - v = v >>> 16; - a[11] = (v += a[11]) & 0xffff; - v = v >>> 16; - a[12] = (v += a[12]) & 0xffff; - v = v >>> 16; - a[13] = (v += a[13]) & 0xffff; - v = v >>> 16; - a[14] = (v += a[14]) & 0xffff; - v = v >>> 16; - a[15] += v; - } - - function _addmodp(a, b) { - var r = []; - var v; - r[0] = (v = ((0 | (a[15] >>> 15)) + (0 | (b[15] >>> 15))) * 19 - + a[0] + b[0]) & 0xffff; - r[1] = (v = (v >>> 16) + a[1] + b[1]) & 0xffff; - r[2] = (v = (v >>> 16) + a[2] + b[2]) & 0xffff; - r[3] = (v = (v >>> 16) + a[3] + b[3]) & 0xffff; - r[4] = (v = (v >>> 16) + a[4] + b[4]) & 0xffff; - r[5] = (v = (v >>> 16) + a[5] + b[5]) & 0xffff; - r[6] = (v = (v >>> 16) + a[6] + b[6]) & 0xffff; - r[7] = (v = (v >>> 16) + a[7] + b[7]) & 0xffff; - r[8] = (v = (v >>> 16) + a[8] + b[8]) & 0xffff; - r[9] = (v = (v >>> 16) + a[9] + b[9]) & 0xffff; - r[10] = (v = (v >>> 16) + a[10] + b[10]) & 0xffff; - r[11] = (v = (v >>> 16) + a[11] + b[11]) & 0xffff; - r[12] = (v = (v >>> 16) + a[12] + b[12]) & 0xffff; - r[13] = (v = (v >>> 16) + a[13] + b[13]) & 0xffff; - r[14] = (v = (v >>> 16) + a[14] + b[14]) & 0xffff; - r[15] = (v >>> 16) + (a[15] & 0x7fff) + (b[15] & 0x7fff); - return r; - } - - function _submodp(a, b) { - var r = []; - var v; - r[0] = (v = 0x80000 - + ((0 | (a[15] >>> 15)) - (0 | (b[15] >>> 15)) - 1) - * 19 + a[0] - b[0]) & 0xffff; - r[1] = (v = (v >>> 16) + 0x7fff8 + a[1] - b[1]) & 0xffff; - r[2] = (v = (v >>> 16) + 0x7fff8 + a[2] - b[2]) & 0xffff; - r[3] = (v = (v >>> 16) + 0x7fff8 + a[3] - b[3]) & 0xffff; - r[4] = (v = (v >>> 16) + 0x7fff8 + a[4] - b[4]) & 0xffff; - r[5] = (v = (v >>> 16) + 0x7fff8 + a[5] - b[5]) & 0xffff; - r[6] = (v = (v >>> 16) + 0x7fff8 + a[6] - b[6]) & 0xffff; - r[7] = (v = (v >>> 16) + 0x7fff8 + a[7] - b[7]) & 0xffff; - r[8] = (v = (v >>> 16) + 0x7fff8 + a[8] - b[8]) & 0xffff; - r[9] = (v = (v >>> 16) + 0x7fff8 + a[9] - b[9]) & 0xffff; - r[10] = (v = (v >>> 16) + 0x7fff8 + a[10] - b[10]) & 0xffff; - r[11] = (v = (v >>> 16) + 0x7fff8 + a[11] - b[11]) & 0xffff; - r[12] = (v = (v >>> 16) + 0x7fff8 + a[12] - b[12]) & 0xffff; - r[13] = (v = (v >>> 16) + 0x7fff8 + a[13] - b[13]) & 0xffff; - r[14] = (v = (v >>> 16) + 0x7fff8 + a[14] - b[14]) & 0xffff; - r[15] = (v >>> 16) + 0x7ff8 + (a[15] & 0x7fff) - - (b[15] & 0x7fff); - return r; - } - - function _invmodp(a) { - var c = a; - var i = 250; - while (--i) { - a = _sqrmodp(a); - a = _mulmodp(a, c); - } - a = _sqrmodp(a); - a = _sqrmodp(a); - a = _mulmodp(a, c); - a = _sqrmodp(a); - a = _sqrmodp(a); - a = _mulmodp(a, c); - a = _sqrmodp(a); - a = _mulmodp(a, c); - return a; - } - - function _mulasmall(a) { - // 'division by 0x10000' can not be replaced by '>> 16' because - // more than 32 bits of precision are needed - var m = 121665; - var r = []; - var v; - r[0] = (v = a[0] * m) & 0xffff; - r[1] = (v = (0 | (v / 0x10000)) + a[1] * m) & 0xffff; - r[2] = (v = (0 | (v / 0x10000)) + a[2] * m) & 0xffff; - r[3] = (v = (0 | (v / 0x10000)) + a[3] * m) & 0xffff; - r[4] = (v = (0 | (v / 0x10000)) + a[4] * m) & 0xffff; - r[5] = (v = (0 | (v / 0x10000)) + a[5] * m) & 0xffff; - r[6] = (v = (0 | (v / 0x10000)) + a[6] * m) & 0xffff; - r[7] = (v = (0 | (v / 0x10000)) + a[7] * m) & 0xffff; - r[8] = (v = (0 | (v / 0x10000)) + a[8] * m) & 0xffff; - r[9] = (v = (0 | (v / 0x10000)) + a[9] * m) & 0xffff; - r[10] = (v = (0 | (v / 0x10000)) + a[10] * m) & 0xffff; - r[11] = (v = (0 | (v / 0x10000)) + a[11] * m) & 0xffff; - r[12] = (v = (0 | (v / 0x10000)) + a[12] * m) & 0xffff; - r[13] = (v = (0 | (v / 0x10000)) + a[13] * m) & 0xffff; - r[14] = (v = (0 | (v / 0x10000)) + a[14] * m) & 0xffff; - r[15] = (0 | (v / 0x10000)) + a[15] * m; - _reduce(r); - return r; - } - - function _dbl(x, z) { - var x_2, z_2, m, n, o; - m = _sqrmodp(_addmodp(x, z)); - n = _sqrmodp(_submodp(x, z)); - o = _submodp(m, n); - x_2 = _mulmodp(n, m); - z_2 = _mulmodp(_addmodp(_mulasmall(o), m), o); - return [x_2, z_2]; - } - - function _sum(x, z, x_p, z_p, x_1) { - var x_3, z_3, p, q; - p = _mulmodp(_submodp(x, z), _addmodp(x_p, z_p)); - q = _mulmodp(_addmodp(x, z), _submodp(x_p, z_p)); - x_3 = _sqrmodp(_addmodp(p, q)); - z_3 = _mulmodp(_sqrmodp(_submodp(p, q)), x_1); - return [x_3, z_3]; - } - - function _generateKey(curve25519) { - var buffer = crypto.randomBytes(32); - - // For Curve25519 DH keys, we need to apply some bit mask on generated - // keys: - // * clear bit 0, 1, 2 of first byte - // * clear bit 7 of last byte - // * set bit 6 of last byte - if (curve25519 === true) { - buffer[0] &= 0xf8; - buffer[31] = (buffer[31] & 0x7f) | 0x40; - } - var result = []; - for (var i = 0; i < buffer.length; i++) { - result.push(String.fromCharCode(buffer[i])); - } - return result.join(''); - } - - // Expose some functions to the outside through this name space. - // Note: This is not part of the public API. - ns.getbit = _getbit; - ns.setbit = _setbit; - ns.addmodp = _addmodp; - ns.invmodp = _invmodp; - ns.mulmodp = _mulmodp; - ns.reduce = _reduce; - ns.dbl = _dbl; - ns.sum = _sum; - ns.ZERO = _ZERO; - ns.ONE = _ONE; - ns.BASE = _BASE; - ns.bigintadd = _bigintadd; - ns.bigintsub = _bigintsub; - ns.bigintcmp = _bigintcmp; - ns.mulmodp = _mulmodp; - ns.sqrmodp = _sqrmodp; - ns.generateKey = _generateKey; - - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/curve255.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/curve255.js deleted file mode 100644 index 3978b46e31..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/curve255.js +++ /dev/null @@ -1,221 +0,0 @@ -"use strict"; -/** - * @fileOverview - * Core operations on curve 25519 required for the higher level modules. - */ - -/* - * Copyright (c) 2007, 2013, 2014 Michele Bini - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss, Michele Bini - * - * You should have received a copy of the license along with this program. - */ - -var core = require('./core'); -var utils = require('./utils'); - - /** - * @exports jodid25519/curve255 - * Legacy compatibility module for Michele Bini's previous curve255.js. - * - * @description - * Legacy compatibility module for Michele Bini's previous curve255.js. - * - * <p> - * This code presents an API with all key formats as previously available - * from Michele Bini's curve255.js implementation. - * </p> - */ - var ns = {}; - - function curve25519_raw(f, c) { - var a, x_1, q; - - x_1 = c; - a = core.dbl(x_1, core.ONE()); - q = [x_1, core.ONE()]; - - var n = 255; - - while (core.getbit(f, n) == 0) { - n--; - // For correct constant-time operation, bit 255 should always be - // set to 1 so the following 'while' loop is never entered. - if (n < 0) { - return core.ZERO(); - } - } - n--; - - var aq = [a, q]; - - while (n >= 0) { - var r, s; - var b = core.getbit(f, n); - r = core.sum(aq[0][0], aq[0][1], aq[1][0], aq[1][1], x_1); - s = core.dbl(aq[1 - b][0], aq[1 - b][1]); - aq[1 - b] = s; - aq[b] = r; - n--; - } - q = aq[1]; - - q[1] = core.invmodp(q[1]); - q[0] = core.mulmodp(q[0], q[1]); - core.reduce(q[0]); - return q[0]; - } - - function curve25519b32(a, b) { - return _base32encode(curve25519(_base32decode(a), - _base32decode(b))); - } - - function curve25519(f, c) { - if (!c) { - c = core.BASE(); - } - f[0] &= 0xFFF8; - f[15] = (f[15] & 0x7FFF) | 0x4000; - return curve25519_raw(f, c); - } - - function _hexEncodeVector(k) { - var hexKey = utils.hexEncode(k); - // Pad with '0' at the front. - hexKey = new Array(64 + 1 - hexKey.length).join('0') + hexKey; - // Invert bytes. - return hexKey.split(/(..)/).reverse().join(''); - } - - function _hexDecodeVector(v) { - // assert(length(x) == 64); - // Invert bytes. - var hexKey = v.split(/(..)/).reverse().join(''); - return utils.hexDecode(hexKey); - } - - - // Expose some functions to the outside through this name space. - - /** - * Computes the scalar product of a point on the curve 25519. - * - * This function is used for the DH key-exchange protocol. - * - * Before multiplication, some bit operations are applied to the - * private key to ensure it is a valid Curve25519 secret key. - * It is the user's responsibility to make sure that the private - * key is a uniformly random, secret value. - * - * @function - * @param f {array} - * Private key. - * @param c {array} - * Public point on the curve. If not given, the curve's base point is used. - * @returns {array} - * Key point resulting from scalar product. - */ - ns.curve25519 = curve25519; - - /** - * Computes the scalar product of a point on the curve 25519. - * - * This variant does not make sure that the private key is valid. - * The user has the responsibility to ensure the private key is - * valid or that this results in a safe protocol. Unless you know - * exactly what you are doing, you should not use this variant, - * please use 'curve25519' instead. - * - * @function - * @param f {array} - * Private key. - * @param c {array} - * Public point on the curve. If not given, the curve's base point is used. - * @returns {array} - * Key point resulting from scalar product. - */ - ns.curve25519_raw = curve25519_raw; - - /** - * Encodes the internal representation of a key to a canonical hex - * representation. - * - * This is the format commonly used in other libraries and for - * test vectors, and is equivalent to the hex dump of the key in - * little-endian binary format. - * - * @function - * @param n {array} - * Array representation of key. - * @returns {string} - * Hexadecimal string representation of key. - */ - ns.hexEncodeVector = _hexEncodeVector; - - /** - * Decodes a canonical hex representation of a key - * to an internally compatible array representation. - * - * @function - * @param n {string} - * Hexadecimal string representation of key. - * @returns {array} - * Array representation of key. - */ - ns.hexDecodeVector = _hexDecodeVector; - - /** - * Encodes the internal representation of a key into a - * hexadecimal representation. - * - * This is a strict positional notation, most significant digit first. - * - * @function - * @param n {array} - * Array representation of key. - * @returns {string} - * Hexadecimal string representation of key. - */ - ns.hexencode = utils.hexEncode; - - /** - * Decodes a hex representation of a key to an internally - * compatible array representation. - * - * @function - * @param n {string} - * Hexadecimal string representation of key. - * @returns {array} - * Array representation of key. - */ - ns.hexdecode = utils.hexDecode; - - /** - * Encodes the internal representation of a key to a base32 - * representation. - * - * @function - * @param n {array} - * Array representation of key. - * @returns {string} - * Base32 string representation of key. - */ - ns.base32encode = utils.base32encode; - - /** - * Decodes a base32 representation of a key to an internally - * compatible array representation. - * - * @function - * @param n {string} - * Base32 string representation of key. - * @returns {array} - * Array representation of key. - */ - ns.base32decode = utils.base32decode; - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/dh.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/dh.js deleted file mode 100644 index 2f75494a48..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/dh.js +++ /dev/null @@ -1,111 +0,0 @@ -"use strict"; -/** - * @fileOverview - * EC Diffie-Hellman operations on Curve25519. - */ - -/* - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss - * - * You should have received a copy of the license along with this program. - */ - -var core = require('./core'); -var utils = require('./utils'); -var curve255 = require('./curve255'); - - - /** - * @exports jodid25519/dh - * EC Diffie-Hellman operations on Curve25519. - * - * @description - * EC Diffie-Hellman operations on Curve25519. - */ - var ns = {}; - - - function _toString(vector) { - var u = new Uint16Array(vector); - return (new Buffer(new Uint8Array(u.buffer))); - } - - function _fromString(vector) { - if (Buffer.isBuffer(vector)) { - var u = new Uint8Array(vector); - return (new Uint16Array(u.buffer)); - } - - var result = new Array(16); - for (var i = 0, l = 0; i < vector.length; i += 2) { - result[l] = (vector.charCodeAt(i + 1) << 8) | vector.charCodeAt(i); - l++; - } - return result; - } - - - /** - * Computes a key through scalar multiplication of a point on the curve 25519. - * - * This function is used for the DH key-exchange protocol. It computes a - * key based on a secret key with a public component (opponent's public key - * or curve base point if not given) by using scalar multiplication. - * - * Before multiplication, some bit operations are applied to the - * private key to ensure it is a valid Curve25519 secret key. - * It is the user's responsibility to make sure that the private - * key is a uniformly random, secret value. - * - * @function - * @param privateComponent {string} - * Private point as byte string on the curve. - * @param publicComponent {string} - * Public point as byte string on the curve. If not given, the curve's - * base point is used. - * @returns {string} - * Key point as byte string resulting from scalar product. - */ - ns.computeKey = function(privateComponent, publicComponent) { - if (publicComponent) { - return _toString(curve255.curve25519(_fromString(privateComponent), - _fromString(publicComponent))); - } else { - return _toString(curve255.curve25519(_fromString(privateComponent))); - } - }; - - /** - * Computes the public key to a private key on the curve 25519. - * - * Before multiplication, some bit operations are applied to the - * private key to ensure it is a valid Curve25519 secret key. - * It is the user's responsibility to make sure that the private - * key is a uniformly random, secret value. - * - * @function - * @param privateKey {string} - * Private point as byte string on the curve. - * @returns {string} - * Public key point as byte string resulting from scalar product. - */ - ns.publicKey = function(privateKey) { - return _toString(curve255.curve25519(_fromString(privateKey))); - }; - - - /** - * Generates a new random private key of 32 bytes length (256 bit). - * - * @function - * @returns {string} - * Byte string containing a new random private key seed. - */ - ns.generateKey = function() { - return core.generateKey(true); - }; - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/eddsa.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/eddsa.js deleted file mode 100644 index c384f3293d..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/eddsa.js +++ /dev/null @@ -1,573 +0,0 @@ -"use strict"; -/** - * @fileOverview - * Digital signature scheme based on Curve25519 (Ed25519 or EdDSA). - */ - -/* - * Copyright (c) 2011, 2012, 2014 Ron Garret - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss, Ron Garret - * - * You should have received a copy of the license along with this program. - */ - -var core = require('./core'); -var curve255 = require('./curve255'); -var utils = require('./utils'); -var BigInteger = require('jsbn').BigInteger; -var crypto = require('crypto'); - - /** - * @exports jodid25519/eddsa - * Digital signature scheme based on Curve25519 (Ed25519 or EdDSA). - * - * @description - * Digital signature scheme based on Curve25519 (Ed25519 or EdDSA). - * - * <p> - * This code is adapted from fast-djbec.js, a faster but more complicated - * version of the Ed25519 encryption scheme (as compared to djbec.js). - * It uses two different representations for big integers: The jsbn - * BigInteger class, which can represent arbitrary-length numbers, and a - * special fixed-length representation optimised for 256-bit integers. - * The reason both are needed is that the Ed25519 algorithm requires some - * 512-bit numbers.</p> - */ - var ns = {}; - - function _bi255(value) { - if (!(this instanceof _bi255)) { - return new _bi255(value); - } - if (typeof value === 'undefined') { - return _ZERO; - } - var c = value.constructor; - if ((c === Array || c === Uint16Array || c === Uint32Array) && (value.length === 16)) { - this.n = value; - } else if ((c === Array) && (value.length === 32)) { - this.n = _bytes2bi255(value).n; - } else if (c === String) { - this.n = utils.hexDecode(value); - } else if (c === Number) { - this.n = [value & 0xffff, - value >> 16, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - } else if (value instanceof _bi255) { - this.n = value.n.slice(0); // Copy constructor - } else { - throw "Bad argument for bignum: " + value; - } - } - - _bi255.prototype = { - 'toString' : function() { - return utils.hexEncode(this.n); - }, - 'toSource' : function() { - return '_' + utils.hexEncode(this.n); - }, - 'plus' : function(n1) { - return _bi255(core.bigintadd(this.n, n1.n)); - }, - 'minus' : function(n1) { - return _bi255(core.bigintsub(this.n, n1.n)).modq(); - }, - 'times' : function(n1) { - return _bi255(core.mulmodp(this.n, n1.n)); - }, - 'divide' : function(n1) { - return this.times(n1.inv()); - }, - 'sqr' : function() { - return _bi255(core.sqrmodp(this.n)); - }, - 'cmp' : function(n1) { - return core.bigintcmp(this.n, n1.n); - }, - 'equals' : function(n1) { - return this.cmp(n1) === 0; - }, - 'isOdd' : function() { - return (this.n[0] & 1) === 1; - }, - 'shiftLeft' : function(cnt) { - _shiftL(this.n, cnt); - return this; - }, - 'shiftRight' : function(cnt) { - _shiftR(this.n, cnt); - return this; - }, - 'inv' : function() { - return _bi255(core.invmodp(this.n)); - }, - 'pow' : function(e) { - return _bi255(_pow(this.n, e.n)); - }, - 'modq' : function() { - return _modq(this); - }, - 'bytes' : function() { - return _bi255_bytes(this); - } - }; - - function _shiftL(n, cnt) { - var lastcarry = 0; - for (var i = 0; i < 16; i++) { - var carry = n[i] >> (16 - cnt); - n[i] = (n[i] << cnt) & 0xffff | lastcarry; - lastcarry = carry; - } - return n; - } - - function _shiftR(n, cnt) { - var lastcarry = 0; - for (var i = 15; i >= 0; i--) { - var carry = n[i] << (16 - cnt) & 0xffff; - n[i] = (n[i] >> cnt) | lastcarry; - lastcarry = carry; - } - return n; - } - - function _bi255_bytes(n) { - n = _bi255(n); // Make a copy because shiftRight is destructive - var a = new Array(32); - for (var i = 31; i >= 0; i--) { - a[i] = n.n[0] & 0xff; - n.shiftRight(8); - } - return a; - } - - function _bytes2bi255(a) { - var n = _ZERO; - for (var i = 0; i < 32; i++) { - n.shiftLeft(8); - n = n.plus(_bi255(a[i])); - } - return n; - } - - function _pow(n, e) { - var result = core.ONE(); - for (var i = 0; i < 256; i++) { - if (core.getbit(e, i) === 1) { - result = core.mulmodp(result, n); - } - n = core.sqrmodp(n); - } - return result; - } - - var _ZERO = _bi255(0); - var _ONE = _bi255(1); - var _TWO = _bi255(2); - // This is the core prime. - var _Q = _bi255([0xffff - 18, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, - 0xffff, 0xffff, 0x7fff]); - - function _modq(n) { - core.reduce(n.n); - if (n.cmp(_Q) >= 0) { - return _modq(n.minus(_Q)); - } - if (n.cmp(_ZERO) === -1) { - return _modq(n.plus(_Q)); - } else { - return n; - } - } - - // _RECOVERY_EXPONENT = _Q.plus(_bi255(3)).divide(_bi255(8)); - var _RECOVERY_EXPONENT = _bi255('0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe'); - // _D = _Q.minus(_bi255(121665)).divide(_bi255(121666)); - var _D = _bi255('52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3'); - // _I = _TWO.pow(_Q.minus(_ONE).divide(_bi255(4))); - var _I = _bi255('2b8324804fc1df0b2b4d00993dfbd7a72f431806ad2fe478c4ee1b274a0ea0b0'); - // _L = _TWO.pow(_bi255(252)).plus(_bi255('14def9dea2f79cd65812631a5cf5d3ed')); - var _L = _bi255('1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed'); - var _L_BI = _bi('1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed', 16); - - - // //////////////////////////////////////////////////////////// - - function _isoncurve(p) { - var x = p[0]; - var y = p[1]; - var xsqr = x.sqr(); - var ysqr = y.sqr(); - var v = _D.times(xsqr).times(ysqr); - return ysqr.minus(xsqr).minus(_ONE).minus(v).modq().equals(_ZERO); - } - - function _xrecover(y) { - var ysquared = y.sqr(); - var xx = ysquared.minus(_ONE).divide(_ONE.plus(_D.times(ysquared))); - var x = xx.pow(_RECOVERY_EXPONENT); - if (!(x.times(x).minus(xx).equals(_ZERO))) { - x = x.times(_I); - } - if (x.isOdd()) { - x = _Q.minus(x); - } - return x; - } - - function _x_pt_add(pt1, pt2) { - var x1 = pt1[0]; - var y1 = pt1[1]; - var z1 = pt1[2]; - var t1 = pt1[3]; - var x2 = pt2[0]; - var y2 = pt2[1]; - var z2 = pt2[2]; - var t2 = pt2[3]; - var A = y1.minus(x1).times(y2.plus(x2)); - var B = y1.plus(x1).times(y2.minus(x2)); - var C = z1.times(_TWO).times(t2); - var D = t1.times(_TWO).times(z2); - var E = D.plus(C); - var F = B.minus(A); - var G = B.plus(A); - var H = D.minus(C); - return [E.times(F), G.times(H), F.times(G), E.times(H)]; - } - - function _xpt_double(pt1) { - var x1 = pt1[0]; - var y1 = pt1[1]; - var z1 = pt1[2]; - var A = x1.times(x1); - var B = y1.times(y1); - var C = _TWO.times(z1).times(z1); - var D = _Q.minus(A); - var J = x1.plus(y1); - var E = J.times(J).minus(A).minus(B); - var G = D.plus(B); - var F = G.minus(C); - var H = D.minus(B); - return [E.times(F), G.times(H), F.times(G), E.times(H)]; - } - - function _xpt_mult(pt, n) { - if (n.equals(_ZERO)) { - return [_ZERO, _ONE, _ONE, _ZERO]; - } - var odd = n.isOdd(); - n.shiftRight(1); - var value = _xpt_double(_xpt_mult(pt, n)); - return odd ? _x_pt_add(value, pt) : value; - } - - function _pt_xform(pt) { - var x = pt[0]; - var y = pt[1]; - return [x, y, _ONE, x.times(y)]; - } - - function _pt_unxform(pt) { - var x = pt[0]; - var y = pt[1]; - var z = pt[2]; - var invz = z.inv(); - return [x.times(invz), y.times(invz)]; - } - - function _scalarmult(pt, n) { - return _pt_unxform(_xpt_mult(_pt_xform(pt), n)); - } - - function _bytesgetbit(bytes, n) { - return (bytes[bytes.length - (n >>> 3) - 1] >> (n & 7)) & 1; - } - - function _xpt_mult_bytes(pt, bytes) { - var r = [_ZERO, _ONE, _ONE, _ZERO]; - for (var i = (bytes.length << 3) - 1; i >= 0; i--) { - r = _xpt_double(r); - if (_bytesgetbit(bytes, i) === 1) { - r = _x_pt_add(r, pt); - } - } - return r; - } - - function _scalarmultBytes(pt, bytes) { - return _pt_unxform(_xpt_mult_bytes(_pt_xform(pt), bytes)); - } - - var _by = _bi255(4).divide(_bi255(5)); - var _bx = _xrecover(_by); - var _bp = [_bx, _by]; - - function _encodeint(n) { - return n.bytes(32).reverse(); - } - function _decodeint(b) { - return _bi255(b.slice(0).reverse()); - } - - function _encodepoint(p) { - var v = _encodeint(p[1]); - if (p[0].isOdd()) { - v[31] |= 0x80; - } - return v; - } - - function _decodepoint(v) { - v = v.slice(0); - var signbit = v[31] >> 7; - v[31] &= 127; - var y = _decodeint(v); - var x = _xrecover(y); - if ((x.n[0] & 1) !== signbit) { - x = _Q.minus(x); - } - var p = [x, y]; - if (!_isoncurve(p)) { - throw ('Point is not on curve'); - } - return p; - } - - // ////////////////////////////////////////////////// - - /** - * Factory function to create a suitable BigInteger. - * - * @param value - * The value for the big integer. - * @param base {integer} - * Base of the conversion of elements in ``value``. - * @returns - * A BigInteger object. - */ - function _bi(value, base) { - if (base !== undefined) { - if (base === 256) { - return _bi(utils.string2bytes(value)); - } - return new BigInteger(value, base); - } else if (typeof value === 'string') { - return new BigInteger(value, 10); - } else if ((value instanceof Array) || (value instanceof Uint8Array) - || Buffer.isBuffer(value)) { - return new BigInteger(value); - } else if (typeof value === 'number') { - return new BigInteger(value.toString(), 10); - } else { - throw "Can't convert " + value + " to BigInteger"; - } - } - - function _bi2bytes(n, cnt) { - if (cnt === undefined) { - cnt = (n.bitLength() + 7) >>> 3; - } - var bytes = new Array(cnt); - for (var i = cnt - 1; i >= 0; i--) { - bytes[i] = n[0] & 255; // n.and(0xff); - n = n.shiftRight(8); - } - return bytes; - } - - BigInteger.prototype.bytes = function(n) { - return _bi2bytes(this, n); - }; - - // ///////////////////////////////////////////////////////// - - function _bytehash(s) { - var sha = crypto.createHash('sha512').update(s).digest(); - return _bi2bytes(_bi(sha), 64).reverse(); - } - - function _stringhash(s) { - var sha = crypto.createHash('sha512').update(s).digest(); - return _map(_chr, _bi2bytes(_bi(sha), 64)).join(''); - } - - function _inthash(s) { - // Need a leading 0 to prevent sign extension - return _bi([0].concat(_bytehash(s))); - } - - function _inthash_lo(s) { - return _bi255(_bytehash(s).slice(32, 64)); - } - - function _inthash_mod_l(s) { - return _inthash(s).mod(_L_BI); - } - - function _get_a(sk) { - var a = _inthash_lo(sk); - a.n[0] &= 0xfff8; - a.n[15] &= 0x3fff; - a.n[15] |= 0x4000; - return a; - } - - function _publickey(sk) { - return _encodepoint(_scalarmult(_bp, _get_a(sk))); - } - - function _map(f, l) { - var result = new Array(l.length); - for (var i = 0; i < l.length; i++) { - result[i] = f(l[i]); - } - return result; - } - - function _chr(n) { - return String.fromCharCode(n); - } - - function _ord(c) { - return c.charCodeAt(0); - } - - function _pt_add(p1, p2) { - return _pt_unxform(_x_pt_add(_pt_xform(p1), _pt_xform(p2))); - } - - - // Exports for the API. - - /** - * Checks whether a point is on the curve. - * - * @function - * @param point {string} - * The point to check for in a byte string representation. - * @returns {boolean} - * true if the point is on the curve, false otherwise. - */ - ns.isOnCurve = function(point) { - try { - _isoncurve(_decodepoint(utils.string2bytes(point))); - } catch(e) { - if (e === 'Point is not on curve') { - return false; - } else { - throw e; - } - } - return true; - }; - - - /** - * Computes the EdDSA public key. - * - * <p>Note: Seeds should be a byte string, not a unicode string containing - * multi-byte characters.</p> - * - * @function - * @param keySeed {string} - * Private key seed in the form of a byte string. - * @returns {string} - * Public key as byte string computed from the private key seed - * (32 bytes). - */ - ns.publicKey = function(keySeed) { - return utils.bytes2string(_publickey(keySeed)); - }; - - - /** - * Computes an EdDSA signature of a message. - * - * <p>Notes:</p> - * - * <ul> - * <li>Unicode messages need to be converted to a byte representation - * (e. g. UTF-8).</li> - * <li>If `publicKey` is given, and it is *not* a point of the curve, - * the signature will be faulty, but no error will be thrown.</li> - * </ul> - * - * @function - * @param message {string} - * Message in the form of a byte string. - * @param keySeed {string} - * Private key seed in the form of a byte string. - * @param publicKey {string} - * Public key as byte string (if not present, it will be computed from - * the private key seed). - * @returns {string} - * Detached message signature in the form of a byte string (64 bytes). - */ - ns.sign = function(message, keySeed, publicKey) { - if (publicKey === undefined) { - publicKey = _publickey(keySeed); - } else { - publicKey = utils.string2bytes(publicKey); - } - var a = _bi(_get_a(keySeed).toString(), 16); - var hs = _stringhash(keySeed); - var r = _bytehash(hs.slice(32, 64) + message); - var rp = _scalarmultBytes(_bp, r); - var erp = _encodepoint(rp); - r = _bi(r).mod(_bi(1, 10).shiftLeft(512)); - var s = _map(_chr, erp).join('') + _map(_chr, publicKey).join('') + message; - s = _inthash_mod_l(s).multiply(a).add(r).mod(_L_BI); - return utils.bytes2string(erp.concat(_encodeint(s))); - }; - - - /** - * Verifies an EdDSA signature of a message with the public key. - * - * <p>Note: Unicode messages need to be converted to a byte representation - * (e. g. UTF-8).</p> - * - * @function - * @param signature {string} - * Message signature in the form of a byte string. Can be detached - * (64 bytes), or attached to be sliced off. - * @param message {string} - * Message in the form of a byte string. - * @param publicKey {string} - * Public key as byte string (if not present, it will be computed from - * the private key seed). - * @returns {boolean} - * true, if the signature verifies. - */ - ns.verify = function(signature, message, publicKey) { - signature = utils.string2bytes(signature.slice(0, 64)); - publicKey = utils.string2bytes(publicKey); - var rpe = signature.slice(0, 32); - var rp = _decodepoint(rpe); - var a = _decodepoint(publicKey); - var s = _decodeint(signature.slice(32, 64)); - var h = _inthash(utils.bytes2string(rpe.concat(publicKey)) + message); - var v1 = _scalarmult(_bp, s); - var value = _scalarmultBytes(a, _bi2bytes(h)); - var v2 = _pt_add(rp, value); - return v1[0].equals(v2[0]) && v1[1].equals(v2[1]); - }; - - - /** - * Generates a new random private key seed of 32 bytes length (256 bit). - * - * @function - * @returns {string} - * Byte string containing a new random private key seed. - */ - ns.generateKeySeed = function() { - return core.generateKey(false); - }; - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/utils.js b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/utils.js deleted file mode 100644 index c795231ad7..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/lib/utils.js +++ /dev/null @@ -1,198 +0,0 @@ -"use strict"; -/** - * @fileOverview - * A collection of general utility functions.. - */ - -/* - * Copyright (c) 2011, 2012, 2014 Ron Garret - * Copyright (c) 2007, 2013, 2014 Michele Bini - * Copyright (c) 2014 Mega Limited - * under the MIT License. - * - * Authors: Guy K. Kloss, Michele Bini, Ron Garret - * - * You should have received a copy of the license along with this program. - */ - -var core = require('./core'); - - /** - * @exports jodid25519/utils - * A collection of general utility functions.. - * - * @description - * A collection of general utility functions.. - */ - var ns = {}; - - var _HEXCHARS = "0123456789abcdef"; - - function _hexencode(vector) { - var result = []; - for (var i = vector.length - 1; i >= 0; i--) { - var value = vector[i]; - result.push(_HEXCHARS.substr((value >>> 12) & 0x0f, 1)); - result.push(_HEXCHARS.substr((value >>> 8) & 0x0f, 1)); - result.push(_HEXCHARS.substr((value >>> 4) & 0x0f, 1)); - result.push(_HEXCHARS.substr(value & 0x0f, 1)); - } - return result.join(''); - } - - function _hexdecode(vector) { - var result = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]; - for (var i = vector.length - 1, l = 0; i >= 0; i -= 4) { - result[l] = (_HEXCHARS.indexOf(vector.charAt(i))) - | (_HEXCHARS.indexOf(vector.charAt(i - 1)) << 4) - | (_HEXCHARS.indexOf(vector.charAt(i - 2)) << 8) - | (_HEXCHARS.indexOf(vector.charAt(i - 3)) << 12); - l++; - } - return result; - } - - var _BASE32CHARS = "abcdefghijklmnopqrstuvwxyz234567"; - - var _BASE32VALUES = (function () { - var result = {}; - for (var i = 0; i < _BASE32CHARS.length; i++) { - result[_BASE32CHARS.charAt(i)] = i; - } - return result; - })(); - - function _base32encode(n) { - var c; - var r = ""; - for (c = 0; c < 255; c += 5) { - r = _BASE32CHARS.substr(core.getbit(n, c) - + (core.getbit(n, c + 1) << 1) - + (core.getbit(n, c + 2) << 2) - + (core.getbit(n, c + 3) << 3) - + (core.getbit(n, c + 4) << 4), 1) - + r; - } - return r; - } - - function _base32decode(n) { - var c = 0; - var r = core.ZERO(); - var l = n.length; - for (c = 0; (l > 0) && (c < 255); c += 5) { - l--; - var v = _BASE32VALUES[n.substr(l, 1)]; - core.setbit(r, c, v & 1); - v >>= 1; - core.setbit(r, c + 1, v & 1); - v >>= 1; - core.setbit(r, c + 2, v & 1); - v >>= 1; - core.setbit(r, c + 3, v & 1); - v >>= 1; - core.setbit(r, c + 4, v & 1); - } - return r; - } - - function _map(f, l) { - var result = new Array(l.length); - for (var i = 0; i < l.length; i++) { - result[i] = f(l[i]); - } - return result; - } - - function _chr(n) { - return String.fromCharCode(n); - } - - function _ord(c) { - return c.charCodeAt(0); - } - - function _bytes2string(bytes) { - return _map(_chr, bytes).join(''); - } - - function _string2bytes(s) { - return _map(_ord, s); - } - - - // Expose some functions to the outside through this name space. - - /** - * Encodes an array of unsigned 8-bit integers to a hex string. - * - * @function - * @param vector {array} - * Array containing the byte values. - * @returns {string} - * String containing vector in a hexadecimal representation. - */ - ns.hexEncode = _hexencode; - - - /** - * Decodes a hex string to an array of unsigned 8-bit integers. - * - * @function - * @param vector {string} - * String containing vector in a hexadecimal representation. - * @returns {array} - * Array containing the byte values. - */ - ns.hexDecode = _hexdecode; - - - /** - * Encodes an array of unsigned 8-bit integers using base32 encoding. - * - * @function - * @param vector {array} - * Array containing the byte values. - * @returns {string} - * String containing vector in a hexadecimal representation. - */ - ns.base32encode = _base32encode; - - - /** - * Decodes a base32 encoded string to an array of unsigned 8-bit integers. - * - * @function - * @param vector {string} - * String containing vector in a hexadecimal representation. - * @returns {array} - * Array containing the byte values. - */ - ns.base32decode = _base32decode; - - - /** - * Converts an unsigned 8-bit integer array representation to a byte string. - * - * @function - * @param vector {array} - * Array containing the byte values. - * @returns {string} - * Byte string representation of vector. - */ - ns.bytes2string = _bytes2string; - - - /** - * Converts a byte string representation to an array of unsigned - * 8-bit integers. - * - * @function - * @param vector {array} - * Array containing the byte values. - * @returns {string} - * Byte string representation of vector. - */ - ns.string2bytes = _string2bytes; - -module.exports = ns; diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/package.json b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/package.json deleted file mode 100644 index 06e0fc4455..0000000000 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/node_modules/jodid25519/package.json +++ /dev/null @@ -1,77 +0,0 @@ -{ - "_from": "jodid25519@^1.0.0", - "_id": "jodid25519@1.0.2", - "_integrity": "sha1-BtSRIlUJNBlHfUJWM2BuDpB4KWc=", - "_location": "/request/http-signature/sshpk/jodid25519", - "_phantomChildren": {}, - "_requested": { - "type": "range", - "registry": true, - "raw": "jodid25519@^1.0.0", - "name": "jodid25519", - "escapedName": "jodid25519", - "rawSpec": "^1.0.0", - "saveSpec": null, - "fetchSpec": "^1.0.0" - }, - "_requiredBy": [ - "/request/http-signature/sshpk" - ], - "_resolved": "https://registry.npmjs.org/jodid25519/-/jodid25519-1.0.2.tgz", - "_shasum": "06d4912255093419477d425633606e0e90782967", - "_shrinkwrap": null, - "_spec": "jodid25519@^1.0.0", - "_where": "/Users/zkat/Documents/code/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk", - "author": { - "name": "Michele Bini, Ron Garret, Guy K. Kloss" - }, - "bin": null, - "bugs": { - "url": "https://github.com/meganz/jodid25519/issues" - }, - "bundleDependencies": false, - "dependencies": { - "jsbn": "~0.1.0" - }, - "deprecated": false, - "description": "jodid25519 - Curve 25519-based cryptography", - "devDependencies": { - "almond": "~0.3.1", - "chai": "^3.0.0", - "dateformat": "~1.0.7-1.2.3", - "ibrik": "~2.0.0", - "istanbul": "~0.3.5", - "jsdoc": "<=3.3.0", - "mocha": "~2.0.1", - "sinon": "~1.10.3", - "sinon-chai": "^2.8.0" - }, - "directories": { - "src": "src", - "test": "test", - "doc": "doc" - }, - "homepage": "https://github.com/meganz/jodid25519", - "keywords": [ - "Curve25519", - "Ed25519", - "ECDH", - "EdDSA", - "ECDSA", - "encryption", - "signing" - ], - "license": "MIT", - "main": "index.js", - "name": "jodid25519", - "optionalDependencies": {}, - "peerDependencies": {}, - "repository": { - "type": "git", - "url": "git+https://github.com/meganz/jodid25519.git" - }, - "scripts": { - "test": "mocha test/*_test.js" - }, - "version": "1.0.2" -} diff --git a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json index a69d7c4f18..07f1551a4e 100644 --- a/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json +++ b/deps/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/package.json @@ -1,7 +1,8 @@ { "_from": "sshpk@^1.7.0", - "_id": "sshpk@1.13.0", - "_integrity": "sha1-/yo+T9BEl1Vf7Zezmg/YL6+zozw=", + "_id": "sshpk@1.13.1", + "_inBundle": false, + "_integrity": "sha1-US322mKHFEMW3EwY/hzx2UBzm+M=", "_location": "/request/http-signature/sshpk", "_phantomChildren": {}, "_requested": { @@ -17,11 +18,10 @@ "_requiredBy": [ "/request/http-signature" ], - "_resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.13.0.tgz", - "_shasum": "ff2a3e4fd04497555fed97b39a0fd82fafb3a33c", - "_shrinkwrap": null, + "_resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz", + "_shasum": "512df6da6287144316dc4c18fe1cf1d940739be3", "_spec": "sshpk@^1.7.0", - "_where": "/Users/zkat/Documents/code/npm/node_modules/request/node_modules/http-signature", + "_where": "/Users/rebecca/code/npm/node_modules/request/node_modules/http-signature", "author": { "name": "Joyent, Inc" }, @@ -55,7 +55,6 @@ "dashdash": "^1.12.0", "ecc-jsbn": "~0.1.1", "getpass": "^0.1.1", - "jodid25519": "^1.0.0", "jsbn": "~0.1.0", "tweetnacl": "~0.14.0" }, @@ -79,19 +78,17 @@ "license": "MIT", "main": "lib/index.js", "man": [ - "/Users/zkat/Documents/code/npm/node_modules/.staging/sshpk-37547eb5/man/man1/sshpk-conv.1", - "/Users/zkat/Documents/code/npm/node_modules/.staging/sshpk-37547eb5/man/man1/sshpk-sign.1", - "/Users/zkat/Documents/code/npm/node_modules/.staging/sshpk-37547eb5/man/man1/sshpk-verify.1" + "/Users/rebecca/code/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/man/man1/sshpk-conv.1", + "/Users/rebecca/code/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/man/man1/sshpk-sign.1", + "/Users/rebecca/code/npm/node_modules/request/node_modules/http-signature/node_modules/sshpk/man/man1/sshpk-verify.1" ], "name": "sshpk", "optionalDependencies": { "bcrypt-pbkdf": "^1.0.0", "ecc-jsbn": "~0.1.1", - "jodid25519": "^1.0.0", "jsbn": "~0.1.0", "tweetnacl": "~0.14.0" }, - "peerDependencies": {}, "repository": { "type": "git", "url": "git+https://github.com/arekinath/node-sshpk.git" @@ -99,5 +96,5 @@ "scripts": { "test": "tape test/*.js" }, - "version": "1.13.0" + "version": "1.13.1" } diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/.travis.yml b/deps/npm/node_modules/request/node_modules/safe-buffer/.travis.yml deleted file mode 100644 index 7b20f28cb0..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: node_js -node_js: - - 'node' - - '5' - - '4' - - '0.12' - - '0.10' diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/LICENSE b/deps/npm/node_modules/request/node_modules/safe-buffer/LICENSE deleted file mode 100644 index 0c068ceecb..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) Feross Aboukhadijeh - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/README.md b/deps/npm/node_modules/request/node_modules/safe-buffer/README.md deleted file mode 100644 index 96eb387aa0..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/README.md +++ /dev/null @@ -1,581 +0,0 @@ -# safe-buffer [![travis][travis-image]][travis-url] [![npm][npm-image]][npm-url] [![downloads][downloads-image]][npm-url] - -#### Safer Node.js Buffer API - -**Use the new Node.js v6 Buffer APIs (`Buffer.from`, `Buffer.alloc`, -`Buffer.allocUnsafe`, `Buffer.allocUnsafeSlow`) in Node.js v0.10, v0.12, v4.x, and v5.x.** - -**Uses the built-in implementations when available.** - -[travis-image]: https://img.shields.io/travis/feross/safe-buffer.svg -[travis-url]: https://travis-ci.org/feross/safe-buffer -[npm-image]: https://img.shields.io/npm/v/safe-buffer.svg -[npm-url]: https://npmjs.org/package/safe-buffer -[downloads-image]: https://img.shields.io/npm/dm/safe-buffer.svg - -## install - -``` -npm install safe-buffer -``` - -## usage - -The goal of this package is to provide a safe replacement for the node.js `Buffer`. - -It's a drop-in replacement for `Buffer`. You can use it by adding one `require` line to -the top of your node.js modules: - -```js -var Buffer = require('safe-buffer').Buffer - -// Existing buffer code will continue to work without issues: - -new Buffer('hey', 'utf8') -new Buffer([1, 2, 3], 'utf8') -new Buffer(obj) -new Buffer(16) // create an uninitialized buffer (potentially unsafe) - -// But you can use these new explicit APIs to make clear what you want: - -Buffer.from('hey', 'utf8') // convert from many types to a Buffer -Buffer.alloc(16) // create a zero-filled buffer (safe) -Buffer.allocUnsafe(16) // create an uninitialized buffer (potentially unsafe) -``` - -## api - -### Class Method: Buffer.from(array) -<!-- YAML -added: v3.0.0 ---> - -* `array` {Array} - -Allocates a new `Buffer` using an `array` of octets. - -```js -const buf = Buffer.from([0x62,0x75,0x66,0x66,0x65,0x72]); - // creates a new Buffer containing ASCII bytes - // ['b','u','f','f','e','r'] -``` - -A `TypeError` will be thrown if `array` is not an `Array`. - -### Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]]) -<!-- YAML -added: v5.10.0 ---> - -* `arrayBuffer` {ArrayBuffer} The `.buffer` property of a `TypedArray` or - a `new ArrayBuffer()` -* `byteOffset` {Number} Default: `0` -* `length` {Number} Default: `arrayBuffer.length - byteOffset` - -When passed a reference to the `.buffer` property of a `TypedArray` instance, -the newly created `Buffer` will share the same allocated memory as the -TypedArray. - -```js -const arr = new Uint16Array(2); -arr[0] = 5000; -arr[1] = 4000; - -const buf = Buffer.from(arr.buffer); // shares the memory with arr; - -console.log(buf); - // Prints: <Buffer 88 13 a0 0f> - -// changing the TypedArray changes the Buffer also -arr[1] = 6000; - -console.log(buf); - // Prints: <Buffer 88 13 70 17> -``` - -The optional `byteOffset` and `length` arguments specify a memory range within -the `arrayBuffer` that will be shared by the `Buffer`. - -```js -const ab = new ArrayBuffer(10); -const buf = Buffer.from(ab, 0, 2); -console.log(buf.length); - // Prints: 2 -``` - -A `TypeError` will be thrown if `arrayBuffer` is not an `ArrayBuffer`. - -### Class Method: Buffer.from(buffer) -<!-- YAML -added: v3.0.0 ---> - -* `buffer` {Buffer} - -Copies the passed `buffer` data onto a new `Buffer` instance. - -```js -const buf1 = Buffer.from('buffer'); -const buf2 = Buffer.from(buf1); - -buf1[0] = 0x61; -console.log(buf1.toString()); - // 'auffer' -console.log(buf2.toString()); - // 'buffer' (copy is not changed) -``` - -A `TypeError` will be thrown if `buffer` is not a `Buffer`. - -### Class Method: Buffer.from(str[, encoding]) -<!-- YAML -added: v5.10.0 ---> - -* `str` {String} String to encode. -* `encoding` {String} Encoding to use, Default: `'utf8'` - -Creates a new `Buffer` containing the given JavaScript string `str`. If -provided, the `encoding` parameter identifies the character encoding. -If not provided, `encoding` defaults to `'utf8'`. - -```js -const buf1 = Buffer.from('this is a tést'); -console.log(buf1.toString()); - // prints: this is a tést -console.log(buf1.toString('ascii')); - // prints: this is a tC)st - -const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex'); -console.log(buf2.toString()); - // prints: this is a tést -``` - -A `TypeError` will be thrown if `str` is not a string. - -### Class Method: Buffer.alloc(size[, fill[, encoding]]) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} -* `fill` {Value} Default: `undefined` -* `encoding` {String} Default: `utf8` - -Allocates a new `Buffer` of `size` bytes. If `fill` is `undefined`, the -`Buffer` will be *zero-filled*. - -```js -const buf = Buffer.alloc(5); -console.log(buf); - // <Buffer 00 00 00 00 00> -``` - -The `size` must be less than or equal to the value of -`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is -`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will -be created if a `size` less than or equal to 0 is specified. - -If `fill` is specified, the allocated `Buffer` will be initialized by calling -`buf.fill(fill)`. See [`buf.fill()`][] for more information. - -```js -const buf = Buffer.alloc(5, 'a'); -console.log(buf); - // <Buffer 61 61 61 61 61> -``` - -If both `fill` and `encoding` are specified, the allocated `Buffer` will be -initialized by calling `buf.fill(fill, encoding)`. For example: - -```js -const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64'); -console.log(buf); - // <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64> -``` - -Calling `Buffer.alloc(size)` can be significantly slower than the alternative -`Buffer.allocUnsafe(size)` but ensures that the newly created `Buffer` instance -contents will *never contain sensitive data*. - -A `TypeError` will be thrown if `size` is not a number. - -### Class Method: Buffer.allocUnsafe(size) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} - -Allocates a new *non-zero-filled* `Buffer` of `size` bytes. The `size` must -be less than or equal to the value of `require('buffer').kMaxLength` (on 64-bit -architectures, `kMaxLength` is `(2^31)-1`). Otherwise, a [`RangeError`][] is -thrown. A zero-length Buffer will be created if a `size` less than or equal to -0 is specified. - -The underlying memory for `Buffer` instances created in this way is *not -initialized*. The contents of the newly created `Buffer` are unknown and -*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such -`Buffer` instances to zeroes. - -```js -const buf = Buffer.allocUnsafe(5); -console.log(buf); - // <Buffer 78 e0 82 02 01> - // (octets will be different, every time) -buf.fill(0); -console.log(buf); - // <Buffer 00 00 00 00 00> -``` - -A `TypeError` will be thrown if `size` is not a number. - -Note that the `Buffer` module pre-allocates an internal `Buffer` instance of -size `Buffer.poolSize` that is used as a pool for the fast allocation of new -`Buffer` instances created using `Buffer.allocUnsafe(size)` (and the deprecated -`new Buffer(size)` constructor) only when `size` is less than or equal to -`Buffer.poolSize >> 1` (floor of `Buffer.poolSize` divided by two). The default -value of `Buffer.poolSize` is `8192` but can be modified. - -Use of this pre-allocated internal memory pool is a key difference between -calling `Buffer.alloc(size, fill)` vs. `Buffer.allocUnsafe(size).fill(fill)`. -Specifically, `Buffer.alloc(size, fill)` will *never* use the internal Buffer -pool, while `Buffer.allocUnsafe(size).fill(fill)` *will* use the internal -Buffer pool if `size` is less than or equal to half `Buffer.poolSize`. The -difference is subtle but can be important when an application requires the -additional performance that `Buffer.allocUnsafe(size)` provides. - -### Class Method: Buffer.allocUnsafeSlow(size) -<!-- YAML -added: v5.10.0 ---> - -* `size` {Number} - -Allocates a new *non-zero-filled* and non-pooled `Buffer` of `size` bytes. The -`size` must be less than or equal to the value of -`require('buffer').kMaxLength` (on 64-bit architectures, `kMaxLength` is -`(2^31)-1`). Otherwise, a [`RangeError`][] is thrown. A zero-length Buffer will -be created if a `size` less than or equal to 0 is specified. - -The underlying memory for `Buffer` instances created in this way is *not -initialized*. The contents of the newly created `Buffer` are unknown and -*may contain sensitive data*. Use [`buf.fill(0)`][] to initialize such -`Buffer` instances to zeroes. - -When using `Buffer.allocUnsafe()` to allocate new `Buffer` instances, -allocations under 4KB are, by default, sliced from a single pre-allocated -`Buffer`. This allows applications to avoid the garbage collection overhead of -creating many individually allocated Buffers. This approach improves both -performance and memory usage by eliminating the need to track and cleanup as -many `Persistent` objects. - -However, in the case where a developer may need to retain a small chunk of -memory from a pool for an indeterminate amount of time, it may be appropriate -to create an un-pooled Buffer instance using `Buffer.allocUnsafeSlow()` then -copy out the relevant bits. - -```js -// need to keep around a few small chunks of memory -const store = []; - -socket.on('readable', () => { - const data = socket.read(); - // allocate for retained data - const sb = Buffer.allocUnsafeSlow(10); - // copy the data into the new allocation - data.copy(sb, 0, 0, 10); - store.push(sb); -}); -``` - -Use of `Buffer.allocUnsafeSlow()` should be used only as a last resort *after* -a developer has observed undue memory retention in their applications. - -A `TypeError` will be thrown if `size` is not a number. - -### All the Rest - -The rest of the `Buffer` API is exactly the same as in node.js. -[See the docs](https://nodejs.org/api/buffer.html). - - -## Related links - -- [Node.js issue: Buffer(number) is unsafe](https://github.com/nodejs/node/issues/4660) -- [Node.js Enhancement Proposal: Buffer.from/Buffer.alloc/Buffer.zalloc/Buffer() soft-deprecate](https://github.com/nodejs/node-eps/pull/4) - -## Why is `Buffer` unsafe? - -Today, the node.js `Buffer` constructor is overloaded to handle many different argument -types like `String`, `Array`, `Object`, `TypedArrayView` (`Uint8Array`, etc.), -`ArrayBuffer`, and also `Number`. - -The API is optimized for convenience: you can throw any type at it, and it will try to do -what you want. - -Because the Buffer constructor is so powerful, you often see code like this: - -```js -// Convert UTF-8 strings to hex -function toHex (str) { - return new Buffer(str).toString('hex') -} -``` - -***But what happens if `toHex` is called with a `Number` argument?*** - -### Remote Memory Disclosure - -If an attacker can make your program call the `Buffer` constructor with a `Number` -argument, then they can make it allocate uninitialized memory from the node.js process. -This could potentially disclose TLS private keys, user data, or database passwords. - -When the `Buffer` constructor is passed a `Number` argument, it returns an -**UNINITIALIZED** block of memory of the specified `size`. When you create a `Buffer` like -this, you **MUST** overwrite the contents before returning it to the user. - -From the [node.js docs](https://nodejs.org/api/buffer.html#buffer_new_buffer_size): - -> `new Buffer(size)` -> -> - `size` Number -> -> The underlying memory for `Buffer` instances created in this way is not initialized. -> **The contents of a newly created `Buffer` are unknown and could contain sensitive -> data.** Use `buf.fill(0)` to initialize a Buffer to zeroes. - -(Emphasis our own.) - -Whenever the programmer intended to create an uninitialized `Buffer` you often see code -like this: - -```js -var buf = new Buffer(16) - -// Immediately overwrite the uninitialized buffer with data from another buffer -for (var i = 0; i < buf.length; i++) { - buf[i] = otherBuf[i] -} -``` - - -### Would this ever be a problem in real code? - -Yes. It's surprisingly common to forget to check the type of your variables in a -dynamically-typed language like JavaScript. - -Usually the consequences of assuming the wrong type is that your program crashes with an -uncaught exception. But the failure mode for forgetting to check the type of arguments to -the `Buffer` constructor is more catastrophic. - -Here's an example of a vulnerable service that takes a JSON payload and converts it to -hex: - -```js -// Take a JSON payload {str: "some string"} and convert it to hex -var server = http.createServer(function (req, res) { - var data = '' - req.setEncoding('utf8') - req.on('data', function (chunk) { - data += chunk - }) - req.on('end', function () { - var body = JSON.parse(data) - res.end(new Buffer(body.str).toString('hex')) - }) -}) - -server.listen(8080) -``` - -In this example, an http client just has to send: - -```json -{ - "str": 1000 -} -``` - -and it will get back 1,000 bytes of uninitialized memory from the server. - -This is a very serious bug. It's similar in severity to the -[the Heartbleed bug](http://heartbleed.com/) that allowed disclosure of OpenSSL process -memory by remote attackers. - - -### Which real-world packages were vulnerable? - -#### [`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht) - -[Mathias Buus](https://github.com/mafintosh) and I -([Feross Aboukhadijeh](http://feross.org/)) found this issue in one of our own packages, -[`bittorrent-dht`](https://www.npmjs.com/package/bittorrent-dht). The bug would allow -anyone on the internet to send a series of messages to a user of `bittorrent-dht` and get -them to reveal 20 bytes at a time of uninitialized memory from the node.js process. - -Here's -[the commit](https://github.com/feross/bittorrent-dht/commit/6c7da04025d5633699800a99ec3fbadf70ad35b8) -that fixed it. We released a new fixed version, created a -[Node Security Project disclosure](https://nodesecurity.io/advisories/68), and deprecated all -vulnerable versions on npm so users will get a warning to upgrade to a newer version. - -#### [`ws`](https://www.npmjs.com/package/ws) - -That got us wondering if there were other vulnerable packages. Sure enough, within a short -period of time, we found the same issue in [`ws`](https://www.npmjs.com/package/ws), the -most popular WebSocket implementation in node.js. - -If certain APIs were called with `Number` parameters instead of `String` or `Buffer` as -expected, then uninitialized server memory would be disclosed to the remote peer. - -These were the vulnerable methods: - -```js -socket.send(number) -socket.ping(number) -socket.pong(number) -``` - -Here's a vulnerable socket server with some echo functionality: - -```js -server.on('connection', function (socket) { - socket.on('message', function (message) { - message = JSON.parse(message) - if (message.type === 'echo') { - socket.send(message.data) // send back the user's message - } - }) -}) -``` - -`socket.send(number)` called on the server, will disclose server memory. - -Here's [the release](https://github.com/websockets/ws/releases/tag/1.0.1) where the issue -was fixed, with a more detailed explanation. Props to -[Arnout Kazemier](https://github.com/3rd-Eden) for the quick fix. Here's the -[Node Security Project disclosure](https://nodesecurity.io/advisories/67). - - -### What's the solution? - -It's important that node.js offers a fast way to get memory otherwise performance-critical -applications would needlessly get a lot slower. - -But we need a better way to *signal our intent* as programmers. **When we want -uninitialized memory, we should request it explicitly.** - -Sensitive functionality should not be packed into a developer-friendly API that loosely -accepts many different types. This type of API encourages the lazy practice of passing -variables in without checking the type very carefully. - -#### A new API: `Buffer.allocUnsafe(number)` - -The functionality of creating buffers with uninitialized memory should be part of another -API. We propose `Buffer.allocUnsafe(number)`. This way, it's not part of an API that -frequently gets user input of all sorts of different types passed into it. - -```js -var buf = Buffer.allocUnsafe(16) // careful, uninitialized memory! - -// Immediately overwrite the uninitialized buffer with data from another buffer -for (var i = 0; i < buf.length; i++) { - buf[i] = otherBuf[i] -} -``` - - -### How do we fix node.js core? - -We sent [a PR to node.js core](https://github.com/nodejs/node/pull/4514) (merged as -`semver-major`) which defends against one case: - -```js -var str = 16 -new Buffer(str, 'utf8') -``` - -In this situation, it's implied that the programmer intended the first argument to be a -string, since they passed an encoding as a second argument. Today, node.js will allocate -uninitialized memory in the case of `new Buffer(number, encoding)`, which is probably not -what the programmer intended. - -But this is only a partial solution, since if the programmer does `new Buffer(variable)` -(without an `encoding` parameter) there's no way to know what they intended. If `variable` -is sometimes a number, then uninitialized memory will sometimes be returned. - -### What's the real long-term fix? - -We could deprecate and remove `new Buffer(number)` and use `Buffer.allocUnsafe(number)` when -we need uninitialized memory. But that would break 1000s of packages. - -~~We believe the best solution is to:~~ - -~~1. Change `new Buffer(number)` to return safe, zeroed-out memory~~ - -~~2. Create a new API for creating uninitialized Buffers. We propose: `Buffer.allocUnsafe(number)`~~ - -#### Update - -We now support adding three new APIs: - -- `Buffer.from(value)` - convert from any type to a buffer -- `Buffer.alloc(size)` - create a zero-filled buffer -- `Buffer.allocUnsafe(size)` - create an uninitialized buffer with given size - -This solves the core problem that affected `ws` and `bittorrent-dht` which is -`Buffer(variable)` getting tricked into taking a number argument. - -This way, existing code continues working and the impact on the npm ecosystem will be -minimal. Over time, npm maintainers can migrate performance-critical code to use -`Buffer.allocUnsafe(number)` instead of `new Buffer(number)`. - - -### Conclusion - -We think there's a serious design issue with the `Buffer` API as it exists today. It -promotes insecure software by putting high-risk functionality into a convenient API -with friendly "developer ergonomics". - -This wasn't merely a theoretical exercise because we found the issue in some of the -most popular npm packages. - -Fortunately, there's an easy fix that can be applied today. Use `safe-buffer` in place of -`buffer`. - -```js -var Buffer = require('safe-buffer').Buffer -``` - -Eventually, we hope that node.js core can switch to this new, safer behavior. We believe -the impact on the ecosystem would be minimal since it's not a breaking change. -Well-maintained, popular packages would be updated to use `Buffer.alloc` quickly, while -older, insecure packages would magically become safe from this attack vector. - - -## links - -- [Node.js PR: buffer: throw if both length and enc are passed](https://github.com/nodejs/node/pull/4514) -- [Node Security Project disclosure for `ws`](https://nodesecurity.io/advisories/67) -- [Node Security Project disclosure for`bittorrent-dht`](https://nodesecurity.io/advisories/68) - - -## credit - -The original issues in `bittorrent-dht` -([disclosure](https://nodesecurity.io/advisories/68)) and -`ws` ([disclosure](https://nodesecurity.io/advisories/67)) were discovered by -[Mathias Buus](https://github.com/mafintosh) and -[Feross Aboukhadijeh](http://feross.org/). - -Thanks to [Adam Baldwin](https://github.com/evilpacket) for helping disclose these issues -and for his work running the [Node Security Project](https://nodesecurity.io/). - -Thanks to [John Hiesey](https://github.com/jhiesey) for proofreading this README and -auditing the code. - - -## license - -MIT. Copyright (C) [Feross Aboukhadijeh](http://feross.org) diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/browser.js b/deps/npm/node_modules/request/node_modules/safe-buffer/browser.js deleted file mode 100644 index 0bd12027d3..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/browser.js +++ /dev/null @@ -1 +0,0 @@ -module.exports = require('buffer') diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/index.js b/deps/npm/node_modules/request/node_modules/safe-buffer/index.js deleted file mode 100644 index 74a7358ee8..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/index.js +++ /dev/null @@ -1,58 +0,0 @@ -var buffer = require('buffer') - -if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) { - module.exports = buffer -} else { - // Copy properties from require('buffer') - Object.keys(buffer).forEach(function (prop) { - exports[prop] = buffer[prop] - }) - exports.Buffer = SafeBuffer -} - -function SafeBuffer (arg, encodingOrOffset, length) { - return Buffer(arg, encodingOrOffset, length) -} - -// Copy static methods from Buffer -Object.keys(Buffer).forEach(function (prop) { - SafeBuffer[prop] = Buffer[prop] -}) - -SafeBuffer.from = function (arg, encodingOrOffset, length) { - if (typeof arg === 'number') { - throw new TypeError('Argument must not be a number') - } - return Buffer(arg, encodingOrOffset, length) -} - -SafeBuffer.alloc = function (size, fill, encoding) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - var buf = Buffer(size) - if (fill !== undefined) { - if (typeof encoding === 'string') { - buf.fill(fill, encoding) - } else { - buf.fill(fill) - } - } else { - buf.fill(0) - } - return buf -} - -SafeBuffer.allocUnsafe = function (size) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - return Buffer(size) -} - -SafeBuffer.allocUnsafeSlow = function (size) { - if (typeof size !== 'number') { - throw new TypeError('Argument must be a number') - } - return buffer.SlowBuffer(size) -} diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/package.json b/deps/npm/node_modules/request/node_modules/safe-buffer/package.json deleted file mode 100644 index fff36a269d..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/package.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "_from": "safe-buffer@^5.0.1", - "_id": "safe-buffer@5.0.1", - "_integrity": "sha1-0mPKVGls2KMGtcplUekt5XkY++c=", - "_location": "/request/safe-buffer", - "_phantomChildren": {}, - "_requested": { - "type": "range", - "registry": true, - "raw": "safe-buffer@^5.0.1", - "name": "safe-buffer", - "escapedName": "safe-buffer", - "rawSpec": "^5.0.1", - "saveSpec": null, - "fetchSpec": "^5.0.1" - }, - "_requiredBy": [ - "/request", - "/request/tunnel-agent" - ], - "_resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.0.1.tgz", - "_shasum": "d263ca54696cd8a306b5ca6551e92de57918fbe7", - "_shrinkwrap": null, - "_spec": "safe-buffer@^5.0.1", - "_where": "/Users/zkat/Documents/code/npm/node_modules/request", - "author": { - "name": "Feross Aboukhadijeh", - "email": "feross@feross.org", - "url": "http://feross.org" - }, - "bin": null, - "browser": "./browser.js", - "bugs": { - "url": "https://github.com/feross/safe-buffer/issues" - }, - "bundleDependencies": false, - "dependencies": {}, - "deprecated": false, - "description": "Safer Node.js Buffer API", - "devDependencies": { - "standard": "^7.0.0", - "tape": "^4.0.0", - "zuul": "^3.0.0" - }, - "homepage": "https://github.com/feross/safe-buffer", - "keywords": [ - "buffer", - "buffer allocate", - "node security", - "safe", - "safe-buffer", - "security", - "uninitialized" - ], - "license": "MIT", - "main": "index.js", - "name": "safe-buffer", - "optionalDependencies": {}, - "peerDependencies": {}, - "repository": { - "type": "git", - "url": "git://github.com/feross/safe-buffer.git" - }, - "scripts": { - "test": "standard && tape test.js" - }, - "version": "5.0.1" -} diff --git a/deps/npm/node_modules/request/node_modules/safe-buffer/test.js b/deps/npm/node_modules/request/node_modules/safe-buffer/test.js deleted file mode 100644 index 7da8ad761e..0000000000 --- a/deps/npm/node_modules/request/node_modules/safe-buffer/test.js +++ /dev/null @@ -1,99 +0,0 @@ -var test = require('tape') -var SafeBuffer = require('./').Buffer - -test('new SafeBuffer(value) works just like Buffer', function (t) { - t.deepEqual(new SafeBuffer('hey'), new Buffer('hey')) - t.deepEqual(new SafeBuffer('hey', 'utf8'), new Buffer('hey', 'utf8')) - t.deepEqual(new SafeBuffer('686579', 'hex'), new Buffer('686579', 'hex')) - t.deepEqual(new SafeBuffer([1, 2, 3]), new Buffer([1, 2, 3])) - t.deepEqual(new SafeBuffer(new Uint8Array([1, 2, 3])), new Buffer(new Uint8Array([1, 2, 3]))) - - t.equal(typeof SafeBuffer.isBuffer, 'function') - t.equal(SafeBuffer.isBuffer(new SafeBuffer('hey')), true) - t.equal(Buffer.isBuffer(new SafeBuffer('hey')), true) - t.notOk(SafeBuffer.isBuffer({})) - - t.end() -}) - -test('SafeBuffer.from(value) converts to a Buffer', function (t) { - t.deepEqual(SafeBuffer.from('hey'), new Buffer('hey')) - t.deepEqual(SafeBuffer.from('hey', 'utf8'), new Buffer('hey', 'utf8')) - t.deepEqual(SafeBuffer.from('686579', 'hex'), new Buffer('686579', 'hex')) - t.deepEqual(SafeBuffer.from([1, 2, 3]), new Buffer([1, 2, 3])) - t.deepEqual(SafeBuffer.from(new Uint8Array([1, 2, 3])), new Buffer(new Uint8Array([1, 2, 3]))) - - t.end() -}) - -test('SafeBuffer.alloc(number) returns zeroed-out memory', function (t) { - for (var i = 0; i < 10; i++) { - var expected1 = new Buffer(1000) - expected1.fill(0) - t.deepEqual(SafeBuffer.alloc(1000), expected1) - - var expected2 = new Buffer(1000 * 1000) - expected2.fill(0) - t.deepEqual(SafeBuffer.alloc(1000 * 1000), expected2) - } - t.end() -}) - -test('SafeBuffer.allocUnsafe(number)', function (t) { - var buf = SafeBuffer.allocUnsafe(100) // unitialized memory - t.equal(buf.length, 100) - t.equal(SafeBuffer.isBuffer(buf), true) - t.equal(Buffer.isBuffer(buf), true) - t.end() -}) - -test('SafeBuffer.from() throws with number types', function (t) { - t.plan(5) - t.throws(function () { - SafeBuffer.from(0) - }) - t.throws(function () { - SafeBuffer.from(-1) - }) - t.throws(function () { - SafeBuffer.from(NaN) - }) - t.throws(function () { - SafeBuffer.from(Infinity) - }) - t.throws(function () { - SafeBuffer.from(99) - }) -}) - -test('SafeBuffer.allocUnsafe() throws with non-number types', function (t) { - t.plan(4) - t.throws(function () { - SafeBuffer.allocUnsafe('hey') - }) - t.throws(function () { - SafeBuffer.allocUnsafe('hey', 'utf8') - }) - t.throws(function () { - SafeBuffer.allocUnsafe([1, 2, 3]) - }) - t.throws(function () { - SafeBuffer.allocUnsafe({}) - }) -}) - -test('SafeBuffer.alloc() throws with non-number types', function (t) { - t.plan(4) - t.throws(function () { - SafeBuffer.alloc('hey') - }) - t.throws(function () { - SafeBuffer.alloc('hey', 'utf8') - }) - t.throws(function () { - SafeBuffer.alloc([1, 2, 3]) - }) - t.throws(function () { - SafeBuffer.alloc({}) - }) -}) |