libp2p · daviddias · Jan 16, 2017 · Dec 23, 2016 · Jan 14, 2017
diff --git a/package.json b/package.json
@@ -42,6 +42,7 @@
     "pem-jwk": "^1.5.1",
     "protocol-buffers": "^3.2.1",
     "rsa-pem-to-jwk": "^1.1.3",
+    "safe-buffer": "^5.0.1",
     "tweetnacl": "^0.14.5",
     "webcrypto-shim": "github:dignifiedquire/webcrypto-shim#master"
   },

diff --git a/src/crypto/ecdh-browser.js b/src/crypto/ecdh-browser.js
@@ -3,6 +3,7 @@
 const crypto = require('./webcrypto')()
 const nodeify = require('nodeify')
 const BN = require('asn1.js').bignum
+const Buffer = require('safe-buffer').Buffer
 
 const util = require('./util')
 const toBase64 = util.toBase64
@@ -97,7 +98,7 @@ function marshalPublicKey (jwk) {
   const byteLen = curveLengths[jwk.crv]
 
   return Buffer.concat([
-    new Buffer([4]), // uncompressed point
+    Buffer.from([4]), // uncompressed point
     toBn(jwk.x).toArrayLike(Buffer, 'be', byteLen),
     toBn(jwk.y).toArrayLike(Buffer, 'be', byteLen)
   ], 1 + byteLen * 2)
@@ -107,7 +108,7 @@ function marshalPublicKey (jwk) {
 function unmarshalPublicKey (curve, key) {
   const byteLen = curveLengths[curve]
 
-  if (!key.slice(0, 1).equals(new Buffer([4]))) {
+  if (!key.slice(0, 1).equals(Buffer.from([4]))) {
     throw new Error('Invalid key format')
   }
   const x = new BN(key.slice(1, byteLen + 1))

diff --git a/src/crypto/ed25519.js b/src/crypto/ed25519.js
@@ -2,6 +2,7 @@
 
 const nacl = require('tweetnacl')
 const setImmediate = require('async/setImmediate')
+const Buffer = require('safe-buffer').Buffer
 
 exports.publicKeyLength = nacl.sign.publicKeyLength
 exports.privateKeyLength = nacl.sign.secretKeyLength

diff --git a/src/crypto/hmac-browser.js b/src/crypto/hmac-browser.js
@@ -1,6 +1,7 @@
 'use strict'
 
 const nodeify = require('nodeify')
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('./webcrypto')()
 const lengths = require('./hmac-lengths')

diff --git a/src/crypto/rsa-browser.js b/src/crypto/rsa-browser.js
@@ -1,6 +1,7 @@
 'use strict'
 
 const nodeify = require('nodeify')
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('./webcrypto')()
 

diff --git a/src/crypto/util.js b/src/crypto/util.js
@@ -1,6 +1,7 @@
 'use strict'
 
 const BN = require('asn1.js').bignum
+const Buffer = require('safe-buffer').Buffer
 
 // Convert a BN.js instance to a base64 encoded string without padding
 // Adapted from https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#appendix-C

diff --git a/src/index.js b/src/index.js
@@ -1,6 +1,7 @@
 'use strict'
 
 const protobuf = require('protocol-buffers')
+
 const pbm = protobuf(require('./crypto.proto'))
 const c = require('./crypto')
 
@@ -78,7 +79,6 @@ exports.randomBytes = (number) => {
   if (!number || typeof number !== 'number') {
     throw new Error('first argument must be a Number bigger than 0')
   }
-  const buf = new Buffer(number)
-  c.rsa.getRandomValues(buf)
-  return buf
+
+  return c.rsa.getRandomValues(new Uint8Array(number))
 }
diff --git a/src/key-stretcher.js b/src/key-stretcher.js
@@ -2,6 +2,7 @@
 
 const crypto = require('./crypto')
 const whilst = require('async/whilst')
+const Buffer = require('safe-buffer').Buffer
 
 const cipherMap = {
   'AES-128': {

diff --git a/src/keys/ed25519.js b/src/keys/ed25519.js
@@ -2,6 +2,7 @@
 
 const multihashing = require('multihashing-async')
 const protobuf = require('protocol-buffers')
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../crypto').ed25519
 const pbm = protobuf(require('../crypto.proto'))

diff --git a/test/aes.spec.js b/test/aes.spec.js
@@ -4,6 +4,7 @@
 
 const expect = require('chai').expect
 const series = require('async/series')
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../src')
 const fixtures = require('./fixtures/aes')
@@ -17,10 +18,10 @@ const bytes = {
 describe('AES-CTR', () => {
   Object.keys(bytes).forEach((byte) => {
     it(`${bytes[byte]} - encrypt and decrypt`, (done) => {
-      const key = new Buffer(parseInt(byte, 10))
+      const key = Buffer.alloc(parseInt(byte, 10))
       key.fill(5)
 
-      const iv = new Buffer(16)
+      const iv = Buffer.alloc(16)
       iv.fill(1)
 
       crypto.aes.create(key, iv, (err, cipher) => {
@@ -38,18 +39,18 @@ describe('AES-CTR', () => {
   })
   Object.keys(bytes).forEach((byte) => {
     it(`${bytes[byte]} - fixed - encrypt and decrypt`, (done) => {
-      const key = new Buffer(parseInt(byte, 10))
+      const key = Buffer.alloc(parseInt(byte, 10))
       key.fill(5)
 
-      const iv = new Buffer(16)
+      const iv = Buffer.alloc(16)
       iv.fill(1)
 
       crypto.aes.create(key, iv, (err, cipher) => {
         expect(err).to.not.exist
 
         series(fixtures[byte].inputs.map((rawIn, i) => (cb) => {
-          const input = new Buffer(rawIn)
-          const output = new Buffer(fixtures[byte].outputs[i])
+          const input = Buffer.from(rawIn)
+          const output = Buffer.from(fixtures[byte].outputs[i])
           cipher.encrypt(input, (err, res) => {
             expect(err).to.not.exist
             expect(res).to.have.length(output.length)
@@ -71,18 +72,18 @@ describe('AES-CTR', () => {
     }
 
     it(`${bytes[byte]} - go interop - encrypt and decrypt`, (done) => {
-      const key = new Buffer(parseInt(byte, 10))
+      const key = Buffer.alloc(parseInt(byte, 10))
       key.fill(5)
 
-      const iv = new Buffer(16)
+      const iv = Buffer.alloc(16)
       iv.fill(1)
 
       crypto.aes.create(key, iv, (err, cipher) => {
         expect(err).to.not.exist
 
         series(goFixtures[byte].inputs.map((rawIn, i) => (cb) => {
-          const input = new Buffer(rawIn)
-          const output = new Buffer(goFixtures[byte].outputs[i])
+          const input = Buffer.from(rawIn)
+          const output = Buffer.from(goFixtures[byte].outputs[i])
           cipher.encrypt(input, (err, res) => {
             expect(err).to.not.exist
             expect(res).to.have.length(output.length)
@@ -100,7 +101,7 @@ describe('AES-CTR', () => {
 })
 
 function encryptAndDecrypt (cipher) {
-  const data = new Buffer(100)
+  const data = Buffer.alloc(100)
   data.fill(Math.ceil(Math.random() * 100))
   return (cb) => {
     cipher.encrypt(data, (err, res) => {

diff --git a/test/ed25519.spec.js b/test/ed25519.spec.js
@@ -2,6 +2,7 @@
 'use strict'
 
 const expect = require('chai').expect
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../src')
 const ed25519 = crypto.keys.ed25519
@@ -129,7 +130,7 @@ describe('ed25519', () => {
   })
 
   it('sign and verify', (done) => {
-    const data = new Buffer('hello world')
+    const data = Buffer.from('hello world')
     key.sign(data, (err, sig) => {
       if (err) {
         return done(err)
@@ -146,13 +147,13 @@ describe('ed25519', () => {
   })
 
   it('fails to verify for different data', (done) => {
-    const data = new Buffer('hello world')
+    const data = Buffer.from('hello world')
     key.sign(data, (err, sig) => {
       if (err) {
         return done(err)
       }
 
-      key.public.verify(new Buffer('hello'), sig, (err, valid) => {
+      key.public.verify(Buffer.from('hello'), sig, (err, valid) => {
         if (err) {
           return done(err)
         }

diff --git a/test/fixtures/go-elliptic-key.js b/test/fixtures/go-elliptic-key.js
@@ -1,12 +1,14 @@
 'use strict'
 
+const Buffer = require('safe-buffer').Buffer
+
 module.exports = {
   curve: 'P-256',
   bob: {
-    private: new Buffer([
+    private: Buffer.from([
       181, 217, 162, 151, 225, 36, 53, 253, 107, 66, 27, 27, 232, 72, 0, 0, 103, 167, 84, 62, 203, 91, 97, 137, 131, 193, 230, 126, 98, 242, 216, 170
     ]),
-    public: new Buffer([
+    public: Buffer.from([
       4, 53, 59, 128, 56, 162, 250, 72, 141, 206, 117, 232, 57, 96, 39, 39, 247, 7, 27, 57, 251, 232, 120, 186, 21, 239, 176, 139, 195, 129, 125, 85, 11, 188, 191, 32, 227, 0, 6, 163, 101, 68, 208, 1, 43, 131, 124, 112, 102, 91, 104, 79, 16, 119, 152, 208, 4, 147, 155, 83, 20, 146, 104, 55, 90
     ])
   }

diff --git a/test/fixtures/go-key-ed25519.js b/test/fixtures/go-key-ed25519.js
@@ -1,5 +1,7 @@
 'use strict'
 
+const Buffer = require('safe-buffer').Buffer
+
 module.exports = {
   // These were generated in a gore (https://github.com/motemen/gore) repl session:
   //

diff --git a/test/fixtures/go-key-rsa.js b/test/fixtures/go-key-rsa.js
diff --git a/test/fixtures/go-stretch-key.js b/test/fixtures/go-stretch-key.js
@@ -1,30 +1,32 @@
 'use strict'
 
+const Buffer = require('safe-buffer').Buffer
+
 module.exports = [{
   cipher: 'AES-256',
   hash: 'SHA256',
-  secret: new Buffer([
+  secret: Buffer.from([
     195, 191, 209, 165, 209, 201, 127, 122, 136, 111, 31, 66, 111, 68, 38, 155, 216, 204, 46, 181, 200, 188, 170, 204, 104, 74, 239, 251, 173, 114, 222, 234
   ]),
   k1: {
-    iv: new Buffer([
+    iv: Buffer.from([
       208, 132, 203, 169, 253, 52, 40, 83, 161, 91, 17, 71, 33, 136, 67, 96
     ]),
-    cipherKey: new Buffer([
+    cipherKey: Buffer.from([
       156, 48, 241, 157, 92, 248, 153, 186, 114, 127, 195, 114, 106, 104, 215, 133, 35, 11, 131, 137, 123, 70, 74, 26, 15, 60, 189, 32, 67, 221, 115, 137
     ]),
-    macKey: new Buffer([
+    macKey: Buffer.from([
       6, 179, 91, 245, 224, 56, 153, 120, 77, 140, 29, 5, 15, 213, 187, 65, 137, 230, 202, 120
     ])
   },
   k2: {
-    iv: new Buffer([
+    iv: Buffer.from([
       236, 17, 34, 141, 90, 106, 197, 56, 197, 184, 157, 135, 91, 88, 112, 19
     ]),
-    cipherKey: new Buffer([
+    cipherKey: Buffer.from([
       151, 145, 195, 219, 76, 195, 102, 109, 187, 231, 100, 150, 132, 245, 251, 130, 254, 37, 178, 55, 227, 34, 114, 39, 238, 34, 2, 193, 107, 130, 32, 87
     ]),
-    macKey: new Buffer([
+    macKey: Buffer.from([
       3, 229, 77, 212, 241, 217, 23, 113, 220, 126, 38, 255, 18, 117, 108, 205, 198, 89, 1, 236
     ])
   }

diff --git a/test/hmac.spec.js b/test/hmac.spec.js
@@ -2,18 +2,20 @@
 /* eslint-env mocha */
 'use strict'
 
+const Buffer = require('safe-buffer').Buffer
 const expect = require('chai').expect
+
 const crypto = require('../src')
 
 const hashes = ['SHA1', 'SHA256', 'SHA512']
 
 describe('HMAC', () => {
   hashes.forEach((hash) => {
     it(`${hash} - sign and verify`, (done) => {
-      crypto.hmac.create(hash, new Buffer('secret'), (err, hmac) => {
+      crypto.hmac.create(hash, Buffer.from('secret'), (err, hmac) => {
         expect(err).to.not.exist
 
-        hmac.digest(new Buffer('hello world'), (err, sig) => {
+        hmac.digest(Buffer.from('hello world'), (err, sig) => {
           expect(err).to.not.exist
           expect(sig).to.have.length(hmac.length)
           done()

diff --git a/test/index.spec.js b/test/index.spec.js
@@ -97,14 +97,16 @@ describe('libp2p-crypto', () => {
         true
       )
     })
+  })
 
-    it('randomBytes throws with no number passed', () => {
+  describe('randomBytes', () => {
+    it('throws with no number passed', () => {
       expect(() => {
         crypto.randomBytes()
       }).to.throw
     })
 
-    it('randomBytes', () => {
+    it('generates different random things', () => {
       const buf1 = crypto.randomBytes(10)
       expect(buf1.length).to.equal(10)
       const buf2 = crypto.randomBytes(10)

diff --git a/test/rsa.spec.js b/test/rsa.spec.js
@@ -2,6 +2,7 @@
 'use strict'
 
 const expect = require('chai').expect
+const Buffer = require('safe-buffer').Buffer
 
 const crypto = require('../src')
 const rsa = crypto.keys.rsa
@@ -129,7 +130,7 @@ describe('RSA', () => {
   })
 
   it('sign and verify', (done) => {
-    const data = new Buffer('hello world')
+    const data = Buffer.from('hello world')
     key.sign(data, (err, sig) => {
       if (err) {
         return done(err)
@@ -146,13 +147,13 @@ describe('RSA', () => {
   })
 
   it('fails to verify for different data', (done) => {
-    const data = new Buffer('hello world')
+    const data = Buffer.from('hello world')
     key.sign(data, (err, sig) => {
       if (err) {
         return done(err)
       }
 
-      key.public.verify(new Buffer('hello'), sig, (err, valid) => {
+      key.public.verify(Buffer.from('hello'), sig, (err, valid) => {
         if (err) {
           return done(err)
         }