From ff77a9594a0c769d3e89920ba28539e2f4333b7c Mon Sep 17 00:00:00 2001 From: kyranjamie Date: Thu, 23 Jul 2020 15:26:11 +0200 Subject: [PATCH] refactor: replace bcrypt with argon2, closes #175 --- app/api/api.ts | 2 +- app/argon2.wasm | Bin 0 -> 31212 bytes app/crypto/key-generation.spec.ts | 31 +++++++++++++++++++----------- app/crypto/key-generation.ts | 20 +++++++++++++++---- app/store/keys/keys.actions.ts | 6 +++--- configs/webpack.config.base.js | 20 +++++++++++++++++++ package.json | 4 +++- yarn.lock | 20 ++++++++++++++----- 8 files changed, 78 insertions(+), 25 deletions(-) create mode 100644 app/argon2.wasm diff --git a/app/api/api.ts b/app/api/api.ts index d952008cb..a1de7bcb8 100644 --- a/app/api/api.ts +++ b/app/api/api.ts @@ -28,7 +28,7 @@ async function getAddressTransactions(address: string) { } async function getTxDetails(txid: string) { - return await axios.get(api + `/v1/tx/${txid}/transactions`); + return await axios.get(api + `/v1/tx/${txid}`); } export const Api = { diff --git a/app/argon2.wasm b/app/argon2.wasm new file mode 100644 index 0000000000000000000000000000000000000000..e2e934fc63d1b225502ecb29d26e615e128236bb GIT binary patch literal 31212 zcmd6w50GD1b>H8g-`{<|-F>@SNh|HH_WqtlBVz#q9LX4C?-iD8+4v6uQg=G3E!%5b zzg~p?tM?u(WSfND2n1!qqih0E72|K%F0T- za!af~R9G?8Mz_>>rkcjesj_4>(JjeoRo7Jsh-Bq-bW23VpjA|Vs7Oy+e>Fc%r_=g- zY9&6E{F7EXd;Da4G^*M4)+n{>ZBb&^+oRa7vr$La&doP3AH8*c_U2oUF3qMZk?IuK5^ilSOGN*i%XgIdyvqI#UfabqxPG+~op-J3OcG~zp=H^g^F z|1iEQ`sw&sG#K}yJf4egY7fWJ1yR=C|Jt7{hF(=%><51M7x5dnL@x4YBNxw|dAs9s z=Aj3&UDUbwl#35O%g^xJTy!vg`@tVlo_^cuQ`z_8xVGXFexpM!KD1a{@hf!~U6|f@ zqv~C>CwVF^(q7T@)ayA=j9ofc)bea6Kv(0u%SiSxcU+_W^mMVS^}2Nc z)#i$%1kv!%zNP0^R~CwzUrl-d>89z-8jL#q>$J6wwCjbQgHh(d;&cyK-2}*KuNwyh z>#p97eU#N*n)UH>iD6a|(GxyCs{55JtJ5~y2DW>W$h(C@wHd%cZ2syjdmxU}l?&o- z;{qs5db?xSfB-N(TU$6pqx6~un%AL!eA$oRtD3n&O~sMq$V5K0lhU&=YbFr~p{^tJ`xKlU{5u<6A8H{kh3&(1 z>(*$N^tzgvbOHG3!r|JChNML6MC8@f(#3nD=+X$#9_DhZ3xxX^hIZmCbE!YI0Jmpg zeZcv3VL14-KcSzC_awFbiAJQ<+Ml#Ssk1-ngi^jg$wO&ue=-(IbSS@9C24UH@Qh*R;U5#ps%a%qHcsFYqBiOripg#puYzzW8C9vgFO zS=(5+KZ>#s4#sWiTy17J^IzNre>IK%zFr~tr+QQ{5BDt;QP6^TLAqB*qEfZhq@|Ku zrZq+1=~X*occ3XcQ~#uZA_zRMGigX%y5Q5R2IHOnbGw{Pr-brE_0Gar-gZQ*1K9Y61mf|Dfk?gc3JB)o^*`fY?vV+)YLgDy*3sS3~ z&WYv%(PMu47D02Us$qIyMoyYF3G;)-FZ*xo!h!_N791BZ7iNAU-vTfQ*Lf(3#$ZH9 zL#v1GMVY_^xxz-s0-y|9AV7*cWFhgblSL%A!sC84@h1E8jsNn8ZL_{ zY$jm?*o=is9yFW*jmQS7m9So#TTtK|)L^B|0%k}unE1%=!0^N;=lDB)cw)I*)9S%= z;vY<(WGwt7_!CSS2w^-Co)XX?#cpIPL8GsKW+Wn>>|!28=}wfsgxF=z%!?>ph|+&3orltMDBXtAXDA(pHE%&!8V>bx)efSpgUv}XM?6J~PTG17bi{GN$4d^|o|eih(QP5r zXloPfU_307?Pk43nzWd?q*|+`np|BStNY}nuSub+`xs@~bRYNc zS+6%x8uuxc{Y(3lnok0yCh#n*W{1>5Rw?P?eB;}fq*Ce?a`Pb{M}n}Xq!^=yc1t?2 z`@w|5(6%N4+Zl{y3R@HPi_A+CI(;*V?wEF(c3~g0E;SNzm=kmvrU;>6G&31z4aZQf zu2v<>OH-908IjB8T=w_D*wR``q-#)#dnFSHI}{Ei2%DB9Ijt&CJzt5Q5d48WwL+kBQ&$}1tYb@ zw~C6UkdXzhZiP__?##;%JTVY&1o9wR@21#b$1cqrUy+N%JQk_hy z11fcvS}cD{%XrPTU=7Q-2BU}Z#StHk3wCY`f=zeMJktgjkovK;`mw4W>yKL_U#SN3 z;Mj92BP8|3w?n6(p>@~k1;JU9S7cZ6TG95MVOU6Rp2;S~dvL1bw(Qkepa7|kw)n6k1V zLVu&t(1KXh`$nU@mAW=Twq6A7`|B$z#t(AV75a58LS8OAqcQ~1(2bh?x3x| zFw)Ejb0i+FnGuqCNK$`IuO}jgIL#LL2Hk=ok+}{FAB&=51SRVv>VNAPp&;K{l zcbhWFrN;;HWG4EK5VuO~4&&%*1z_D}C59_V()MRpCR0 z#W?;W<@K>5pt4$C-&=soJq!NH5C8Fp>r3jo>afd-ts^XP(ZFQ7=5@6hf_ndht_%x7 z6L0pE24lZ+)nKEpM1%&; zut+{qJHK*Ri(b7#pP7qcmXReNKIs|RB$($Y#P|*qs)XUyh%))t;!%{$XfPTBU&o(@ zIH2J=bw#&^Saf($YbD5AHr^7@hFu@t0=!GE4cU2N7a$~cSV@R#^IFKmOy)||iYU;2 z!=R=p!IvQT8aBdQEg#+qbsz)I3FJe&XR6D2kV3Qmtnn_*hqa{uXCRhvfVtb#yH+b6 zWa88EM`4%PM!*A85tfy!;Es!qC?H#u4~R&@P6#rQK%5zccF#yaB)-pdZMDeCc~7;n z*u+a1QYOnLPd)~-UNm}#2dzev9tpUsDc0+dH_?j5a&;YDQszLM$2_s;p^y$Ol#dt9 z`Q`#Q_&o~~g{6s;DlaJ6fnG9$!qN1~aD}v>z0lk9BcH1n?X-YCb~(8;PSJ zy8Lnw_lOuNY? z?gMrK0ccgWM$;x4!erDcs*P4?wm?hJj8?6PNw9G0pnxnGzc7Kaa~nIr?0U$(YEBZ( z6%IF2KzDP!5u0|odh)b|NO9>DRZw0f(JeF&fjKm5d5q0kXNHlyA1S$YExn%vr(RK# zlIXT#$O1K4WE~dBSo`ErZpfF`eiT0kM>euBn9-lp&q<#LgLQt6@!Qy5@>>_vBO|x+b6WCqvTV}| zi;>g{Yi0^4@?C#6~TZi!*q@THRD|O zug9{;Lf1+wR+AM|N>B1F4JYqc^Aj?NHPF5=i4GuAHPW|M%&8Ndk$>^8Mp!1ezsbZZ0zrMf3ECaPg6KyM z3*?BLyLAAEv~|D;!V>!4MK zAQB-gAi)xp#=-)|-l#Oy?jXqF#6I8N0pUo!3Jw5jN@IjDc_M^;z=|y89*rKk^9cT$ z(!}NkLZ~thCg{P+}tL7V3;hAa5s`*Y;Sap}D68hnRpD!nvTD9k6`ppKRr8Ii@Vxd{vM%4w>@O>2X@9XGefvuUv)O^o zf+vU?RN-U@XaRodb9M?6`0aOYS#x|MzkT4mRV(&grM3-**}Xpyd#I6 zOu3!fkk`_UlNs4!4vXM_?mI$e2f!w1HCWXSR>&0F+=Sb~qjvSEB>>yhAt0h+VTg2h5J=Hl&onAs4TtVF z`X^QYp@2Z6x*rw-)AZ4{`%qPz_Yv6cCfziT2C7FR0{RrI!&u%)f5*SRU9=*sFZjwja-1r*YT`q6~ z;mK$%N!X^wjnGwMV)tn|sND>!WgqSoLUVzeqUTn(BS6+vmiUglq4g3r$PJAIcdN!} z0!kunH(S)Q4|l@tc9PbuZh8&sgya)B2H(;3aPv)YB~X3166-a%!E*W5RXU4MshvWT zjcVt5=TkdQr{*Sndy^6}rX-gT>CH|X78_OUrv@jl&u_W!7Pc{OCIdHbsS4Vw3K zf0%Ps?}`4iA6NHAs^wDeR^G?czCh zK~g8}+iu!v3ie}Y-=uRG=TZZMJWClFB1rQ&+J|1Q)4nk1b7c39NLFo_O-f&>HiV5k0gNBL^5((6FHdtOY&w|J5$!qnYrDBIdUXez~w*q zE3{7+<(KFXIX&e#B%UM3te~Ddc?VpGFAhcrA`*SNa8y(m_ONuB442*EvNv2V7L@%F zM}1j|53#VXuwCd$nr`WFp(9d>NnJe&44mhr{| zY3KyH*J>J`-bgx)F$d-eyH}R3#qf~pP5iq*`qj_HN91;pOU5v!6Us0_KZz8%A3gI| zHVvXfPPOt3MEwvcuYFf>%wA4Kz_Zpfw)#0NymdA?xxPd(@=E_F5f%xpf)!RynwI>Mj&vr#?(i&tYVk=^;o4)SMYL~DpaBm3fLvK7Y`@`o$(hsoG? z2i&kWUBeimlx(6n>)D-JZQVGln@Rl#u+$}i#!Hd`1<6>}QK zn783j27XB}FG40ij92CAbCxO{OvVIBjR`v5QI!sW}VpN=RP6weJqjZXJ z7;1W>K-&d|BJlDphj`ox7?VVTpq1{RCuQ8?q`TkEE|5wwQmpE3-KVfx#f&o>{UJGr zb_+>(KYgu_U2EC@(=YIPMA+qN$?}eSXZ38f zh_B4ukZW{X9LLH3L6L{Uff`Md$fLTLqG9SF!p!@ZLL>yrjxaP;v46299uW~SK+&vO z4?`Zx^DTN#RYCJqGe>`MWFsG{s&#w-sz@^;6z4i5^T*;vDL)<|6eDDj1BaSSI|J&l zPtU(fdt4>ac0!5FsEAPmrs2~0o_}`GZ03k2noV0ewUmvlbA*J~Zln!v1hFtE%-JCN z*d3Eob1do*uYqm+k9c@eqLdtl6+lp{3p;$L6co9

#-`VZ!ZdrZ5S&?6+T+V z*A1ceKfh26;vWxbVi!2drm>&@KcsfWh-&zoIXlPgFfU#lhG0Tgo!|U)G&gifd!RYc zZnp>4ep)JK)qQ)Qp6Yq3iYSQ(1{wo3J!cPm<9`5_me|5I)QaLHtu^b7Cd45cIz9u=&kwX1snO83=-1X(Bx6$8V*O*I>>;U6gv(^Z@@SW9E{wK zw-h^sb!>3-w!>R=M2MvIv9t3Qg8U10=UL90P}1>mk>O)Y^d`OxG&I% znVb|B2N0I4CyEh)&-t&(jrOiZV}$j{z&G;yG_(YAwI+zF7y+xu8a3RYHF8xW8&->j zSwR~U!=;0U2xkPZm{TowniDw|EM8jZSbJp9Pz`PJ3>+CGwTP|b^a=jNT9>}nT-TC5 zVyFBWBz8BaoU?zP*fDoG^^6lPHP4C16@S{!ak7UXb9!9QJGjMgMyLB?U2;9S+y9)4 zCrE~p6IHjLtLxFY9?h#XX|GFBaH^V9)$XclFB{v|X%Q<8+g9}ks$bwn&Gzv$T^39p zbH4}lba0H<6w0?tPFVfLY%i{_y^UHz7w9<@@VpEV$6P#6_jlp-4rKWD@Zom7CVCIQ z%Op?rBZsr@?<6aHPQ-yq6Uy5+_p%fv>uh$4ka8+Bl zs;g;lH*ONntyHI_cNsagfU$X+#T6CPg2^ceUK)h5Pe(cw$>FVh8!dR_fK#Vf1eSnW z-rP{bjt(_RXp^W7{qqUYfhOTlZ{v)D0cfuQkVXTtshV>E)YNTa4W`cVy4r=2x$jnL z9f%Ng)#V2wy#`8Y{6NGz8{YNc32KIdDk8B`>p-dK45T-G>lR4qZ3Qdh`tg+m>D4Yd_#03E(RY6He|+M1E<2Fk$nCej`JHDz_~`$6^n*OUNjL#T zmih}1zWaav&3}65FMJ_-uxK7gZwcsLeeiuxe(%pd^UGhl|2-=Y7NC4rsK4>x*Z=12 zU;5N<|L;#vKUg#lr1ymCn+|^OGta!|mw)}EPyab!$iLjjk{GX{fR~Y6m|oH)!Ej+Z z-W^_tO?SKM9F98|T*7s95f)Onrwa=&Ok3TNbtHDlSX`Ly>u%L0?`}czIM(kQ%l>Rj z<~Ym>06DIgpE{)l;z3XLzZh_%r;4_vXILoOI04q{vzvOcn9!?C!R|bzY&`j4OaEH? z$2YadMW#JM6Gmyf&Z&YCNdgs|eqtQ!^|?*GT5dqSLP`j{NM>o2j8$|f^mt-Z4|2cs zXuC!jr+KPiM2*sLZ9Xs{27Ga2ms15RZy15t=#)YtHx$OfHws;z+}H(IY0O3;Jtm$t z-S&0kh#nj0%bR)$g;PZ*jMaeWVU%HL!CDHnr#AJ#)zLU>w79IIra#J8HuVXk(8tn# zr;3smCcq7bQNFgR$3QtZq~460^U?B+O??_RGb3RXxE%He5Vzql#?zbH54$Z;GU!Ib z806J$Uc<~F7NOU7Hub{cpx2f#O6ycXZ_WQ$CCkrjYTt3=fy1I>&`nC>$kbQZ za3qesiG5s3qcCJv#|>*KN!*xLip0q zySTcs>_MmxMJ;01rJ^Dvt?C%f$$^IR*Y% z3x_O^u>KFn^h-`FuyfHTi}c{d4;3}GUxzu*i*LsX+hKy;PFlxB$EpMV%BcLgl?A)H zd-}ESXF<83%Tg~pG-H`X90+-jED{FL-+!N-2TE;27gy;QR#)D35a&uiPhauCr@9Of zWjV+SGVm^wQtQ(P*x~cjy%x0_a9ouip@YFDOj}PMp&^0Gdiv_G3aJjsd21w+cX7Ek+VPUL z&#uG~lCHZVQ7$I-1M_5!?3@8zVq+6eNEVvc5+kWdG~b@dE}*r8rTY%Xh_I9{wkIrx zOs3jw&E8s123JyfE_$nVbzBbafOgthUAS^`x5i0*PLuYf$j(Ou=_eBK@!U{?2qCnj z$uw=eaHKmBMkcB3)D#i0WuLOG@A=e6s7;YnBHi!=!W7UEf~tK93kcoRn?iK*ml4SG zt9SP}VK3IoKf`aQNY=s$I7Nki@TxfbyywFDEH`v>pY*(4rwc z+S)>B*gIWv13UR1pOF1C)ier81Pb;TOP+9;=R~o+{9|a$D>z`1b;ueAoeUG}TJxR> z4i%a!sGJispgN8nE3$3F6QbKlFN|SA$}y1~nY65DV<`(au-wzZfnwyKdq^XWpSeHq zpkT>{F)oFX*=me$dTdhh98|5L{i7NvOMDyIPdQ(6v~yY z({R+WS`JB4^eK(d2)hmxnL2wG>scsDpkR%b3&T0*bU&~yTH>`i+kR2V+3XjAw2Ty#|jnUHtF@$1e(&ft_^|7xj;z6Os07TN9oS);t zNq@yc{$lOBS)2X~cEta(>(XuZt5T$;(2M?hcU!$ZfajL`eGM$U1iro(r0g!Xub%ze zIIvZ3p!g^H%vxITuj0g&ShJ3+WPpoU_^OsBUxHto+x)K0&->Ox`kT$ojL#PZK3~4z zFJH2XmxYQe7MKDUzX(sDc|Ck<_UXvl@jZwy#Khb-6Eb=EUSjKKIe@SCJTV8B%+SgN zi<_2SDMd{2RAX68Zh3nf*Up|QfR!~u7TKRdo%tRM`IeJnd@3Gmwqum6&U+@Vu{NMm z`fT$s4zjO-jmdf^+DAw{{TlXm3e%-8GD$)>_04ouFA5=$S~2OCWG`kmQh5jFvG7Et zDh$+A69}){D8w+aQ8=_S`xCJO>#R>)?UQk4Oc&)-g}sp}%WAuQcbLBID->Mn6xN<( zFT%;O(j#npBHTs&xUJ#AbJ&5iO)^nRK?nZ=j1UK~~0mcZqqR9;Bt zKeUxJfdAN5RuKRAR+y?@cZFSSZIwP9iv=~2B8TS?gruLGm}+ zmOUHgAyuM1Ksdu=%dBW$nu-v^YhSXS?LeIOMqe{MJE-s%rPB4rtbtRMNAdw<^8qPD zR`^GzWD*ov5awU!%Wy@sw+?R1b9CI-4o@&qoSa67^YW#9zUV?@`*;*)Mpi%62tVz_ z+E>K_a_re=KWS(0Gy|k+wD9naHV!Jggk-&B8c7RZP}4*53^s4sQNvC|U1RF~Y~163 z;5C8}p@c2HQZDP`bPQVjfh-AwU1X|gNMcVjPBX#eqRM>?K;}Ekz9<_SG*t^Ac8a;a zROI0G|FZP-o8_zq8sbv&^OI5=0jg$Ut91d#I zAFH^kI~3Vi;8$m;Ih!69?8j0a;TB-MH~!RGFJSaL+T-dDvr>XtJ;jIn$cQToDFCA< z5vTsJfUCMNqdZ;*(Wa;WIQ6x<_R#}5%B^AupU~=}c~55Oi{C^a%_ZAr!Cz$^AS~Sik7hPf?y$Aw~ z;Hn9_Ky1K;N>Ih@N5KivngR}-2XN7iph1U#H0N&ho?3OJHhrkzdFf)m@|?!d|EM+( zA0F*7TwwFT+WI~pPl6>+v13n}9ZOlMQvZl-e>nSL7i@7j`(YQN;_~c=e}abC5hPE7 z70J4L&V-@aNj_=WU{m2e$?J3yf~^O|f|wFIuu{qh`1op*Chc}=VKP;=8sG}bPD}tQ zkCkRE4PWQsBJJmb_A_4iSP!q|MX~`rsk-vDHh9g#1#dQJwrL$eSMu6%&P07<){76)L8LQrVq=Af5-0$ATqg zA;o7_z`#27=crK>Vmkt zl_`C!rlo1Cf0vFLiyV~dlf}-k4;sI_nBtYq|2##ia_W=aotm3Jp7Kvl`9GSH-@xW4 zZ^N+p$@5ydKbmpKWvg=W4Y#%EbVpprzZckpzSG0O-&v&ro_RKU+q&}WrS0Bf(6+FP z!5X3SFh9Rw`&OfFi|t!|bIN~9d#+CUTGS`}UrqV{rtMO=8Q(g=QYQuphPs!VYW6`x zV#EA`E2Ho;^Zp{P%F(U1**IWZgy_6U7b7edL;f!#8OKrI?s3ReqZaK6z9qs-D|37k z1|iO_Rj5^hax>j2ba1M?-8b|8?i8U1W~3=6nBy*yf63w6DNg#v?{-ta_Q<;>fK!i9 zv=x?3TSKB~%;9OX<$CqRN8E5eS~P{lpgv~O^!u>W85~L$34TI^=BMxFJ4XJZp8Ue5 zTtw~v4cjel;?GUUUGQ}(k9+nzzqSr@yb8H?4L35UH%wO? z5szDA+R+8Azzyy4yi~&yhV-=OBhO^5)veIYQj{Lz`Dq~WPQmpSn-0UfgwMP3@+@z+ z%k0+)^+xnIt-RW%g4}8z2Zcq=#GqAfUs@JU6I||b>ZA$1IsK*S=X{xgYvXA2q)uV) zvx%coNrz4hl+w}A=rRDM1l-PfBU6Er8ISq*cjLNEOqa}%Cgu@sfNFY*!Ege}#lKP5 zn{MUqF>d0=0yAen|9QVb*h~_9r1M^b_Q}?kp90v_)ohgmnx%leu-;_I&UD#7?zWMr z_8E&?&$x-VlR-bY`p&O^IbH4UBXbu>9dv?CKeV(mFLI7D1CgTg}~4p0Fe0azq_)1c;J&8^7UpaOJYT zZHBEGn}9<(p0F|=Jf8E(y)I`To(&A`p#YPC1WS4er70^-3sL3t6#@iHn&F1iLy*q6 z@|h?IkZ;e^+TKBJ+iNO*z$mlCg0@abV$2tf8z2H7C4#pw5>*ZyoS5VKU!%jE*QfTX zV*7%hUPk9dc+2JG0RGKA<)`>`@#DgjNeKHOj4igez?o4cO%`%O6k{?A4c`e5q~hFssOb8#^+A!PIfHDa@lA4fe9&bc-3xSm#{ORW^6r03&NM z%zVbT(uGYEH-MO{mYDlj(Fr9lM6Ru9ChL+E+VcHj))%Wcg@!`ex($6b7w4J3folH5 z$#VVzFN?O#AHAB!RujyYSVo}3z>*M@Q^gF6%=QcVhH;d3D3=3DVztoYIE-AuvW;4x zlXyfX9UL-p+nDL?%Ji`$@Y4S^u<_^lV6?!HplkCjXs1(daRax^8@!-DoDxAZi*PRATX68rj^ z9Lj+kob5!A0iq)bBRcF1U7B4y>W)6{jl{{7WeJ^QeUk~~$)Mgc=X|4-+NS*w){Xoa z%E}7)-6^sGEM{6OS+tMX1R*~NqF(wntYB+@;AVf|;Lel-GcGgg$w$kiGkA&>GI28; z3~t-x662_4rK#y9P10tO(5hTF3``khxrZi-T)3=QpWw5M20r3aGUX$4=1juQL9~QL z88a%+M2d5U^G~CNMYDrp!Uqx1M3%vLYqG59fC8w>pNp^7H%x>Z%2shj_aNyy*Rd*! z>!};*1+Gh*km5D2BOxZmFp)0Thy~?}1Rd1ik%$;l3z|s?AMN?k(j95x@U)mQjVy=N zq$ivL<78BqgLS)!5WqKb$<-6t+m)`sVOK7RxQk~s@@|ie`iDan0RM`&QOi%u;5c(Q z$)(5|NiWH!f|PLKWd|{VcsAt9xL8&!N8RCuWjkz8vLJ`cmB#Y3$PwYp4NB+4hsa=6 zU-8cmB9LWv5bh|f3Hd>%7jD+SP7pRQvD(C$`;)H_TxZ!Y*5gcc>Ga9NMprm}qLcU> z=r?KNu##Dp9tO0o$TNRAW;DsCwB*X_>DO|r!Col}M(@Z=$h|l!Dck+(2%=phAJIoU zVq_+oV{eFyydECVChjSpLL@Gm*YR&r{L%@>(0~#94}9ahc0j5vCXtIIv~=x!yFW_r zngCxn$k*}-Jo>PV&lnGl$O!tl0Z>z(+u=5#*8B&)6rd736Tb>7tAs(tvInSqhz}oW z9aI*p5-PCH3-u#k3s9SaN}4pnMm9^RtpK$ysIstuZl>jhp*|I$4hX8gKr6#lLTv`9 z4M9cCHbP|?A%_)kWp2cQYHn&_ZuA(Sx&Dmh7eU|3VU&Qdj+b8?4qYs%_2PLnA(9jF zOE$T&0U(2Vl&3M{0$kfv*aZElFRTlM?x z9g_f789q5xEV{#lX;)}8#P3j4kh z^R9b`%}<13i=%aP&9CA1ao#DyW6_r|l&Md%)ijK=?zA1U&h7xB7R;&y!VW=hlQAK0 zv@hrN3}m0fmt{@uoSMDo)a*H@=8}yy$;Mj->a4Hfo`2OqxIm0OWOS}q;s{Zz$D!K3 zSHt!TBpSM7o1la*OO{Z^prLFxxvAaw`q3sutBq#=6al4i-A?A^Xp_}wyEj2`>!Iwn z(Ih|YrA#oe4$r(V4qC32lv4ubOlt(ll8E70ME9mkR zK6M$hy=W}MOXX5LU$dBZh6pg#Qr<{m-NzNXYR{BiGZHl*csAi*?I@Q-C;aMsmIV`3 zS|hAPexNi$h@DPGV{ka(jj@PHwFYO^n$GNNm1n(FiyC{ z`o;j%8@2Ci@t!nSI}D{a^6bHRaEY^sVGU>}ZNx5SJj zFoS))5y z)OjsYJP>n`vlVi3To09gAFrN*IIT&b(?w^-pT9BGG-{_0YKhXgtW$@>t&JFtL&UxL zGtyoLJLA$bE;+-rHcxXfM89u2W#gT>|IupW8UD+mw7>W$%7{m*gIOp|ctiEKOP$sZ zMflc6D&59{Yo{V2Y(vIuhbI`b$P`!F=vVLS@#-;Tje8FM&v;x>^u|mcZo9QB8uR$| z@J1bYL)kK;_NY`|j9Y$#@V13Puj--9)8H6%I$Uf_`_su^5B*H;OSz@h03TelcTVkn zfg%c;3ECVUY4%1q8o^fIV3yq&^REG@xz-BJuD6f0w2r%k1CF*|a+&odxjK?k0acOt z3z#oUr==2^scGNiJd#fw{P1zwqU+O zXIJL`TvC z&Q`v;v$Hb>oSmI5ng7L|ozcwy`Hl|njeTf`UK@LQoPR9DKRMnR%KYz)cLp>6E90F` z=D)q2h0H&(o%gZ)$F}P&vJY<8OI`2W&VfIF|8@@a`Tw;TqI2h;5HT);tiu98s7DDv23ipTnN8&GHrZn8~X2(;F3!e(IX zNI97m!*b-jDn&mo2y$@A>@-D`{ZbPAA-zu>C>X|7m(gdy)5534Af&4j66S75gYj7O zkOB~%K-SuXdoRj35GIlbgJWnHMv%`TuCdwGk*z} zj5!cPhd^Y&4dsI}pxQ4WJxdkuRgg%+zToC*2bnmHBoDom$O(O@2|fK$mT0{Q+lK{9 z<(z8i3NJ%N*#x4)jN(9Epl}$r@K4d)vw#~w&%Yko8evVc->tWP{}bQ7^Q-ONs~`Q3 z4?Os<@BH{h&%E=8i{Cze*|+vj-F)eHZ}{LB?*HnUm7f}V{q+3h7ro=I`g`U+>A(LQ zfA+TNpY5LBvg7kl{o{zAnBRool;0Y^b$%QCHu-Jw+vazG-;Cc5zk~epFA7G($uYOe<)vH|vL$EcL+EzFTrf|}jf~B&at6t*@mf)(N zV5y(rR(Mi0_!Yjo*K@&Ad%;!Piax=uXcsK?(|8(7?KPh2)ki-SO==@pYFE*`9;WbC zUyZFXs%L6n;Xu*)3clc}kH!=Z8b@t)6@1Yvc!E{66>R+owqUBCU08i6_ zW)yEB701&Cf3m2d9_r_Rc{qz{{qEsx99U{CT$8A+k=h!Mr++}BPUQb|INNH-*q?U5 zi@!X2Fwf#4pykIQ zYp*1S+9ne)?y6eQ^GD9rR9=-h-)pr~{Hh=HpY;@%;-K&b(+oMAQx9cOO0ev*09POVRaUIeYxXy>|-DP<6w-%lF*7?Cv>n>^K;?yN@jy z86pwfj)^kJfv%I_d+fw<5fXS;vh3#9o}lM_%Wx)K>2v*?UiUg<($V?(6So~*o^|1$ zl6ALHaqH3B<^;Ik=#ItN=WcMF{TsBd1SAA(9wNWAbmF#SfMx=YE+6d^Py*iTZiT9& zx4Ze-<99CK6$n{&`=U3@-nKZqM(>8^OX1l$U5?H_R|h@W-2BE$Fe;vI7^5#Xo4fTV zYyRl**)Vr^%)Z%$yOImHomg5HDJC+^^K5jU2Tb7neDua+2;I5uZrORiL)k;aNq zWmOQ$%}ih4{yCn7j&Bg7*0)|?5t{Vbw!Ycs%Fwiw+4T)KR&8juX&Ry%u8nq|d`-0b z?$< crypto.randomBytes(arr.length), + }, +}); + describe(generateDerivedKey.name, () => { - test('a bcrypt hash is returned', async () => { + test('a argon2id hash is returned', async () => { const salt = '$2a$12$BwnByfKrfRbpxsazN712T.'; - const password = 'f255cadb0af84854819c63f26c53e1a9'; - const result = await generateDerivedKey({ salt, password }); - expect(result).toEqual('$2a$12$BwnByfKrfRbpxsazN712T.ckDPUEMy2RJR6pyE8kOf2l3IMaxZ7R6'); + const pass = 'f255cadb0af84854819c63f26c53e1a9'; + const result = await generateDerivedKey({ salt, pass }); + expect(result).toEqual( + '5d46ddfd7273e1a74ba1db937693bfd59de4881d58b86ed4002ee24abf156a77cf12885ee0e50de19af8c67e0115eb0a82576b11864226a6c157aac8a500e9f8' + ); }); }); describe(generateSalt.name, () => { - test('that bcrypt salt is returned', async () => { - const salt = await generateSalt(); + test('that a 32char hex salt is returned', () => { + const salt = generateSalt(); expect(salt).toBeDefined(); - expect(salt[0]).toEqual('$'); - expect(salt.length).toEqual(29); + expect(salt.length).toEqual(32); }); - test('that salt fn is memoized per client', async () => { - const salt1 = await generateSalt(); - const salt2 = await generateSalt(); + test('that salt fn is memoized per client', () => { + const salt1 = generateSalt(); + const salt2 = generateSalt(); expect(salt1).toEqual(salt2); }); }); diff --git a/app/crypto/key-generation.ts b/app/crypto/key-generation.ts index da9007ebf..61e679640 100644 --- a/app/crypto/key-generation.ts +++ b/app/crypto/key-generation.ts @@ -1,8 +1,20 @@ -import bcryptjs from 'bcryptjs'; import { memoizeWith, identity } from 'ramda'; +import argon2 from 'argon2-browser'; -export async function generateDerivedKey({ password, salt }: { password: string; salt: string }) { - return bcryptjs.hash(password, salt); +export async function generateDerivedKey({ pass, salt }: { pass: string; salt: string }) { + const { hashHex } = await argon2.hash({ + pass, + salt, + hashLen: 64, + type: argon2.ArgonType.Argon2id, + }); + return hashHex; } -export const generateSalt = memoizeWith(identity, async () => await bcryptjs.genSalt(12)); +export function generateRandomHexString() { + const size = 16; + const randomValues = [...crypto.getRandomValues(new Uint8Array(size))]; + return randomValues.map(val => ('00' + val.toString(16)).slice(-2)).join(''); +} + +export const generateSalt = memoizeWith(identity, () => generateRandomHexString()); diff --git a/app/store/keys/keys.actions.ts b/app/store/keys/keys.actions.ts index 8de322782..95d0e49b2 100644 --- a/app/store/keys/keys.actions.ts +++ b/app/store/keys/keys.actions.ts @@ -43,8 +43,8 @@ export function onboardingMnemonicGenerationStep({ stepDelayMs }: { stepDelayMs: export function setPassword({ password, history }: { password: string; history: History }) { return async (dispatch: Dispatch, getState: () => RootState) => { const mnemonic = selectMnemonic(getState()); - const salt = await generateSalt(); - const derivedEncryptionKey = await generateDerivedKey({ password, salt }); + const salt = generateSalt(); + const derivedEncryptionKey = await generateDerivedKey({ pass: password, salt }); if (!mnemonic) { log.error('Cannot derive encryption key unless a mnemonic has been generated'); @@ -82,7 +82,7 @@ export function decryptWallet({ password, history }: { password: string; history return; } - const key = await generateDerivedKey({ password, salt }); + const key = await generateDerivedKey({ pass: password, salt }); // // TODO: remove casting within blockstack.js library diff --git a/configs/webpack.config.base.js b/configs/webpack.config.base.js index c4c004a73..7acffd698 100644 --- a/configs/webpack.config.base.js +++ b/configs/webpack.config.base.js @@ -10,6 +10,7 @@ export default { externals: [...Object.keys(externals || {})], module: { + noParse: /\.wasm$/, rules: [ { test: /\.tsx?$/, @@ -21,9 +22,28 @@ export default { }, }, }, + // Rule added to support `argon2-browser` library + { + test: /\.wasm$/, + // Tells WebPack that this module should be included as + // base64-encoded binary file and not as code + loaders: ['base64-loader'], + // Disables WebPack's opinion where WebAssembly should be, + // makes it think that it's not WebAssembly + // + // Error: WebAssembly module is included in initial chunk. + type: 'javascript/auto', + }, ], }, + node: { + __dirname: false, + fs: 'empty', + Buffer: false, + process: false, + }, + output: { path: path.join(__dirname, '..', 'app'), // https://github.com/webpack/webpack/issues/1114 diff --git a/package.json b/package.json index 700f1d9cc..d46cb82d5 100644 --- a/package.json +++ b/package.json @@ -112,6 +112,7 @@ "@blockstack/prettier-config": "0.0.6", "@blockstack/stacks-blockchain-sidecar-types": "0.0.20", "@commitlint/config-conventional": "9.0.1", + "@types/argon2-browser": "1.12.0", "@types/bcryptjs": "2.4.2", "@types/bn.js": "4.11.6", "@types/css-font-loading-module": "0.0.4", @@ -145,6 +146,7 @@ "babel-loader": "8.1.0", "babel-plugin-dev-expression": "0.2.2", "babel-plugin-transform-react-remove-prop-types": "0.4.24", + "base64-loader": "1.0.0", "browserslist-config-erb": "0.0.1", "chalk": "4.1.0", "circular-dependency-plugin": "5.2.0", @@ -197,8 +199,8 @@ "@hot-loader/react-dom": "16.13.0", "@reduxjs/toolkit": "1.4.0", "@styled-system/theme-get": "5.1.2", + "argon2-browser": "1.13.0", "axios": "0.19.2", - "bcryptjs": "2.4.3", "bignumber.js": "9.0.0", "bn.js": "5.1.2", "buffer": "5.6.0", diff --git a/yarn.lock b/yarn.lock index 0f7f5db74..6a6a54c2e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2321,6 +2321,11 @@ resolved "https://registry.yarnpkg.com/@types/anymatch/-/anymatch-1.3.1.tgz#336badc1beecb9dacc38bea2cf32adf627a8421a" integrity sha512-/+CRPXpBDpo2RK9C68N3b2cOvO0Cf5B9aPijHsoDQTHivnGSObdOF2BRQOYjojWTDy6nQvMjmqRXIxH55VjxxA== +"@types/argon2-browser@1.12.0": + version "1.12.0" + resolved "https://registry.yarnpkg.com/@types/argon2-browser/-/argon2-browser-1.12.0.tgz#b9c3c4a996a80cb3c4f5ad097e8d0debda459072" + integrity sha512-ZPpKOoLuyXf+dKUJKcbUAzAajnJ1+ABXqSyHtsjfDaKhdHh19wXNWC3/hpDdzIO8ykiSONnGCWy38juDZVocvg== + "@types/babel__core@^7.0.0": version "7.1.9" resolved "https://registry.yarnpkg.com/@types/babel__core/-/babel__core-7.1.9.tgz#77e59d438522a6fb898fa43dc3455c6e72f3963d" @@ -3375,6 +3380,11 @@ are-we-there-yet@~1.1.2: delegates "^1.0.0" readable-stream "^2.0.6" +argon2-browser@1.13.0: + version "1.13.0" + resolved "https://registry.yarnpkg.com/argon2-browser/-/argon2-browser-1.13.0.tgz#8b59b159f6d84a6a0d96806793edbc68d1b0456c" + integrity sha512-N96O9SUCzBL4EfPjkfjbeUTGSua6ULMwo8P3pWUhvu2HQcPKQBbEVhT7s3Ffp9G6Z+v21qh6wcwYKPRjVROChA== + argparse@^1.0.7: version "1.0.10" resolved "https://registry.yarnpkg.com/argparse/-/argparse-1.0.10.tgz#bcd6791ea5ae09725e17e5ad988134cd40b3d911" @@ -3769,6 +3779,11 @@ base64-js@^1.0.2: resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.3.1.tgz#58ece8cb75dd07e71ed08c736abc5fac4dbf8df1" integrity sha512-mLQ4i2QO1ytvGWFWmcngKO//JXAQueZvwEKtjgQFM4jIK0kU+ytMfplL8j+n5mspOfjHwoAg+9yhb7BwAHm36g== +base64-loader@1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/base64-loader/-/base64-loader-1.0.0.tgz#e530bad88e906dd2a1fad0af2d9e683fa8bd92a8" + integrity sha1-5TC62I6QbdKh+tCvLZ5oP6i9kqg= + base@^0.11.1: version "0.11.2" resolved "https://registry.yarnpkg.com/base/-/base-0.11.2.tgz#7bde5ced145b6d551a90db87f83c558b4eb48a8f" @@ -3794,11 +3809,6 @@ bcrypt-pbkdf@^1.0.0: dependencies: tweetnacl "^0.14.3" -bcryptjs@2.4.3: - version "2.4.3" - resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb" - integrity sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms= - bfj@^6.1.1: version "6.1.2" resolved "https://registry.yarnpkg.com/bfj/-/bfj-6.1.2.tgz#325c861a822bcb358a41c78a33b8e6e2086dde7f"