From a052467ebc28bf5b3bad9d30fe4d0a74a8148cff Mon Sep 17 00:00:00 2001 From: Vishesh Handa Date: Sun, 15 Nov 2020 00:25:39 +0100 Subject: [PATCH] Migrate from steel_crypt to crypton SteelCrypt is deprecating asymetric key crypto functions and recommends using crypton. This also simplifies our code. --- lib/ssh/rsa_key_pair.dart | 58 ++++++++++----------------------------- pubspec.lock | 20 +++++++------- pubspec.yaml | 4 +-- 3 files changed, 26 insertions(+), 56 deletions(-) diff --git a/lib/ssh/rsa_key_pair.dart b/lib/ssh/rsa_key_pair.dart index d6120ec7..6c200a15 100644 --- a/lib/ssh/rsa_key_pair.dart +++ b/lib/ssh/rsa_key_pair.dart @@ -1,16 +1,11 @@ import 'dart:async'; import 'dart:convert'; -import 'dart:math'; -import 'dart:typed_data'; import 'package:isolate/isolate_runner.dart'; import 'package:meta/meta.dart'; import 'package:ssh_key/ssh_key.dart' as ssh_key; -import 'package:steel_crypt/PointyCastleN/key_generators/rsa_key_generator.dart'; -import 'package:steel_crypt/PointyCastleN/pointycastle.dart'; -import 'package:steel_crypt/PointyCastleN/random/fortuna_random.dart'; -import 'package:steel_crypt/steel_crypt.dart'; +import 'package:crypton/crypton.dart'; import 'package:gitjournal/error_reporting.dart'; import 'package:gitjournal/ssh/binary_length_value.dart'; import 'package:gitjournal/utils/logger.dart'; @@ -23,8 +18,6 @@ class RsaKeyPair { @required String privateKey, @required String publicKey, }) { - var encrypter = RsaCrypt(); - publicKey = publicKey.trim(); try { var key = ssh_key.publicKeyDecode(publicKey); @@ -37,41 +30,43 @@ class RsaKeyPair { if (publicKey == null) { try { - this.publicKey = encrypter.parseKeyFromString(publicKey); + this.publicKey = RSAPublicKey.fromString(publicKey); } catch (e) { // Ignore } } try { - this.privateKey = encrypter.parseKeyFromString(privateKey); + this.privateKey = RSAPrivateKey.fromPEM(privateKey); } catch (e) { // Ignore } } RsaKeyPair.generate() { - var keyPair = _getRsaKeyPair(_getSecureRandom()); - publicKey = keyPair.publicKey as RSAPublicKey; - privateKey = keyPair.privateKey as RSAPrivateKey; + var keyPair = RSAKeypair.fromRandom(); + + publicKey = keyPair.publicKey; + privateKey = keyPair.privateKey; } // Tries to encrypt and decrypt bool isValid() { - var encrypter = RsaCrypt(); var orig = 'word'; - var enc = encrypter.encrypt(orig, publicKey); - var dec = encrypter.decrypt(enc, privateKey); + var enc = publicKey.encrypt(orig); + var dec = privateKey.decrypt(enc); return orig == dec; } // OpenSSH Public Key (single-line format) String publicKeyString({String comment = ""}) { + var pk = publicKey.asPointyCastle; + var data = BinaryLengthValue.encode([ BinaryLengthValue.fromString("ssh-rsa"), - BinaryLengthValue.fromBigInt(publicKey.exponent), - BinaryLengthValue.fromBigInt(publicKey.modulus), + BinaryLengthValue.fromBigInt(pk.exponent), + BinaryLengthValue.fromBigInt(pk.modulus), ]); if (comment.isNotEmpty) { @@ -84,8 +79,7 @@ class RsaKeyPair { } String privateKeyString() { - var encrypter = RsaCrypt(); - return encrypter.encodeKeyToString(privateKey); + return privateKey.toPEM(); } static Future generateAsync() async { @@ -102,30 +96,6 @@ class RsaKeyPair { } } -SecureRandom _getSecureRandom() { - final secureRandom = FortunaRandom(); - final random = Random.secure(); - var seeds = List.of([]); - for (var i = 0; i < 32; i++) { - seeds.add(random.nextInt(255)); - } - secureRandom.seed(KeyParameter(Uint8List.fromList(seeds))); - return secureRandom; -} - -///Create RSA keypair given SecureRandom. -AsymmetricKeyPair _getRsaKeyPair( - SecureRandom secureRandom, -) { - // See URL for why these values - // https://crypto.stackexchange.com/questions/15449/rsa-key-generation-parameters-public-exponent-certainty-string-to-key-count/15450#15450?newreg=e734eafab61e42f1b155b62839ccce8f - final rsapars = RSAKeyGeneratorParameters(BigInt.from(65537), 2048 * 2, 5); - final params = ParametersWithRandom(rsapars, secureRandom); - final keyGenerator = RSAKeyGenerator(); - keyGenerator.init(params); - return keyGenerator.generateKeyPair(); -} - FutureOr _gen(void _) async { return RsaKeyPair.generate(); } diff --git a/pubspec.lock b/pubspec.lock index 7d1d39c3..daf15e62 100644 --- a/pubspec.lock +++ b/pubspec.lock @@ -35,7 +35,7 @@ packages: name: asn1lib url: "https://pub.dartlang.org" source: hosted - version: "0.6.4" + version: "0.8.1" async: dependency: transitive description: @@ -162,6 +162,13 @@ packages: url: "https://pub.dartlang.org" source: hosted version: "2.1.5" + crypton: + dependency: "direct main" + description: + name: crypton + url: "https://pub.dartlang.org" + source: hosted + version: "1.1.3" csslib: dependency: transitive description: @@ -759,7 +766,7 @@ packages: name: pointycastle url: "https://pub.dartlang.org" source: hosted - version: "1.0.2" + version: "2.0.0" pool: dependency: transitive description: @@ -953,7 +960,7 @@ packages: name: ssh_key url: "https://pub.dartlang.org" source: hosted - version: "0.5.1" + version: "0.6.0" stack_trace: dependency: transitive description: @@ -961,13 +968,6 @@ packages: url: "https://pub.dartlang.org" source: hosted version: "1.10.0-nullsafety.1" - steel_crypt: - dependency: "direct main" - description: - name: steel_crypt - url: "https://pub.dartlang.org" - source: hosted - version: "1.7.1+1" stream_channel: dependency: transitive description: diff --git a/pubspec.yaml b/pubspec.yaml index d0c5ec13..ebef67f4 100644 --- a/pubspec.yaml +++ b/pubspec.yaml @@ -41,13 +41,13 @@ dependencies: git_url_parse2: ^0.0.1 synchronized: ^2.2.0 mutex: ^1.0.3 - steel_crypt: ^1.7.1+1 + crypton: ^1.1.3 font_awesome_flutter: ^8.7.0 sentry: ">=3.0.0 <4.0.0" flutter_sentry: ^0.4.4 equatable: ^1.1.0 cached_network_image: ^2.2.0+1 - ssh_key: ^0.5.1 + ssh_key: ^0.6.0 isolate: ^2.0.3 image_picker: ^0.6.7 easy_localization: ^2.3.2