From c00ac1ff51c795d4d93c32e0a913e2cebf917d0c Mon Sep 17 00:00:00 2001 From: Biswakalyan Bhuyan Date: Thu, 25 Jul 2024 12:09:28 +0530 Subject: added backend and login portal --- .../bcryptjs/src/bcrypt/prng/README.md | 5 + .../node_modules/bcryptjs/src/bcrypt/prng/accum.js | 133 ++++++++++++++++++++ .../node_modules/bcryptjs/src/bcrypt/prng/isaac.js | 140 +++++++++++++++++++++ 3 files changed, 278 insertions(+) create mode 100644 backend/node_modules/bcryptjs/src/bcrypt/prng/README.md create mode 100644 backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js create mode 100644 backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js (limited to 'backend/node_modules/bcryptjs/src/bcrypt/prng') diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md b/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md new file mode 100644 index 0000000..e6c2c68 --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/README.md @@ -0,0 +1,5 @@ +Because of [reasonable security doubts](https://github.com/dcodeIO/bcrypt.js/issues/16), these files, which used to be +a part of bcrypt-isaac.js, are no longer used but are kept here for reference only. + +What is required instead is a proper way to collect entropy sources (using an intermediate stream cipher) which is then +used to seed the CSPRNG. Pick one and use `bcrypt.setRandomFallback` instead. diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js b/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js new file mode 100644 index 0000000..025d5c8 --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/accum.js @@ -0,0 +1,133 @@ +/* basic entropy accumulator */ +var accum = (function() { + + var pool, // randomness pool + time, // start timestamp + last; // last step timestamp + + /* initialize with default pool */ + function init() { + pool = []; + time = new Date().getTime(); + last = time; + // use Math.random + pool.push((Math.random() * 0xffffffff)|0); + // use current time + pool.push(time|0); + } + + /* perform one step */ + function step() { + if (!to) + return; + if (pool.length >= 255) { // stop at 255 values (1 more is added on fetch) + stop(); + return; + } + var now = new Date().getTime(); + // use actual time difference + pool.push(now-last); + // always compute, occasionally use Math.random + var rnd = (Math.random() * 0xffffffff)|0; + if (now % 2) + pool[pool.length-1] += rnd; + last = now; + to = setTimeout(step, 100+Math.random()*512); // use hypothetical time difference + } + + var to = null; + + /* starts accumulating */ + function start() { + if (to) return; + to = setTimeout(step, 100+Math.random()*512); + if (console.log) + console.log("bcrypt-isaac: collecting entropy..."); + // install collectors + if (typeof window !== 'undefined' && window && window.addEventListener) + window.addEventListener("load", loadCollector, false), + window.addEventListener("mousemove", mouseCollector, false), + window.addEventListener("touchmove", touchCollector, false); + else if (typeof document !== 'undefined' && document && document.attachEvent) + document.attachEvent("onload", loadCollector), + document.attachEvent("onmousemove", mouseCollector); + } + + /* stops accumulating */ + function stop() { + if (!to) return; + clearTimeout(to); to = null; + // uninstall collectors + if (typeof window !== 'undefined' && window && window.removeEventListener) + window.removeEventListener("load", loadCollector, false), + window.removeEventListener("mousemove", mouseCollector, false), + window.removeEventListener("touchmove", touchCollector, false); + else if (typeof document !== 'undefined' && document && document.detachEvent) + document.detachEvent("onload", loadCollector), + document.detachEvent("onmousemove", mouseCollector); + } + + /* fetches the randomness pool */ + function fetch() { + // add overall time difference + pool.push((new Date().getTime()-time)|0); + var res = pool; + init(); + if (console.log) + console.log("bcrypt-isaac: using "+res.length+"/256 samples of entropy"); + // console.log(res); + return res; + } + + /* adds the current time to the top of the pool */ + function addTime() { + pool[pool.length-1] += new Date().getTime() - time; + } + + /* page load collector */ + function loadCollector() { + if (!to || pool.length >= 255) + return; + pool.push(0); + addTime(); + } + + /* mouse events collector */ + function mouseCollector(ev) { + if (!to || pool.length >= 255) + return; + try { + var x = ev.x || ev.clientX || ev.offsetX || 0, + y = ev.y || ev.clientY || ev.offsetY || 0; + if (x != 0 || y != 0) + pool[pool.length-1] += ((x-mouseCollector.last[0]) ^ (y-mouseCollector.last[1])), + addTime(), + mouseCollector.last = [x,y]; + } catch (e) {} + } + mouseCollector.last = [0,0]; + + /* touch events collector */ + function touchCollector(ev) { + if (!to || pool.length >= 255) + return; + try { + var touch = ev.touches[0] || ev.changedTouches[0]; + var x = touch.pageX || touch.clientX || 0, + y = touch.pageY || touch.clientY || 0; + if (x != 0 || y != 0) + pool[pool.length-1] += (x-touchCollector.last[0]) ^ (y-touchCollector.last[1]), + addTime(), + touchCollector.last = [x,y]; + } catch (e) {} + } + touchCollector.last = [0,0]; + + init(); + return { + "start": start, + "stop": stop, + "fetch": fetch + } + +})(); diff --git a/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js b/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js new file mode 100644 index 0000000..e4ce30f --- /dev/null +++ b/backend/node_modules/bcryptjs/src/bcrypt/prng/isaac.js @@ -0,0 +1,140 @@ +/* + isaac.js Copyright (c) 2012 Yves-Marie K. Rinquin + + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ + +/* isaac module pattern */ +var isaac = (function(){ + + /* internal states */ + var m = Array(256), // internal memory + acc = 0, // accumulator + brs = 0, // last result + cnt = 0, // counter + r = Array(256), // result array + gnt = 0, // generation counter + isd = false; // initially seeded + + + /* 32-bit integer safe adder */ + function add(x, y) { + var lsb = (x & 0xffff) + (y & 0xffff), + msb = (x >>> 16) + (y >>> 16) + (lsb >>> 16); + return (msb << 16) | (lsb & 0xffff); + } + + /* initialisation */ + function reset() { + acc = brs = cnt = 0; + for (var i = 0; i < 256; ++i) + m[i] = r[i] = 0; + gnt = 0; + } + + /* seeding function */ + function seed(s) { + var a, b, c, d, e, f, g, h, i; + + /* seeding the seeds of love */ + a = b = c = d = e = f = g = h = 0x9e3779b9; /* the golden ratio */ + + if (s && typeof(s) === 'number') + s = [s]; + + if (s instanceof Array) { + reset(); + for (i = 0; i < s.length; ++i) + r[i & 0xff] += typeof(s[i]) === 'number' ? s[i] : 0; + } + + /* private: seed mixer */ + function seed_mix() { + a ^= b << 11; d = add(d, a); b = add(b, c); + b ^= c >>> 2; e = add(e, b); c = add(c, d); + c ^= d << 8; f = add(f, c); d = add(d, e); + d ^= e >>> 16; g = add(g, d); e = add(e, f); + e ^= f << 10; h = add(h, e); f = add(f, g); + f ^= g >>> 4; a = add(a, f); g = add(g, h); + g ^= h << 8; b = add(b, g); h = add(h, a); + h ^= a >>> 9; c = add(c, h); a = add(a, b); + } + + for (i = 0; i < 4; i++) /* scramble it */ + seed_mix(); + + for (i = 0; i < 256; i += 8) { + if (s) /* use all the information in the seed */ + a = add(a, r[i + 0]), b = add(b, r[i + 1]), + c = add(c, r[i + 2]), d = add(d, r[i + 3]), + e = add(e, r[i + 4]), f = add(f, r[i + 5]), + g = add(g, r[i + 6]), h = add(h, r[i + 7]); + seed_mix(); + /* fill in m[] with messy stuff */ + m[i + 0] = a; m[i + 1] = b; m[i + 2] = c; m[i + 3] = d; + m[i + 4] = e; m[i + 5] = f; m[i + 6] = g; m[i + 7] = h; + } + if (s) + /* do a second pass to make all of the seed affect all of m[] */ + for (i = 0; i < 256; i += 8) + a = add(a, m[i + 0]), b = add(b, m[i + 1]), + c = add(c, m[i + 2]), d = add(d, m[i + 3]), + e = add(e, m[i + 4]), f = add(f, m[i + 5]), + g = add(g, m[i + 6]), h = add(h, m[i + 7]), + seed_mix(), + /* fill in m[] with messy stuff (again) */ + m[i + 0] = a, m[i + 1] = b, m[i + 2] = c, m[i + 3] = d, + m[i + 4] = e, m[i + 5] = f, m[i + 6] = g, m[i + 7] = h; + prng(); /* fill in the first set of results */ + gnt = 256; /* prepare to use the first set of results */; + } + + /* isaac generator, n = number of run */ + function prng(n) { + var i, x, y; + n = n && typeof(n) === 'number' ? Math.abs(Math.floor(n)) : 1; + while (n--) { + cnt = add(cnt, 1); + brs = add(brs, cnt); + for(i = 0; i < 256; i++) { + switch(i & 3) { + case 0: acc ^= acc << 13; break; + case 1: acc ^= acc >>> 6; break; + case 2: acc ^= acc << 2; break; + case 3: acc ^= acc >>> 16; break; + } + acc = add(m[(i + 128) & 0xff], acc); x = m[i]; + m[i] = y = add(m[(x >>> 2) & 0xff], add(acc, brs)); + r[i] = brs = add(m[(y >>> 10) & 0xff], x); + } + } + } + + /* return a random number between */ + return function() { + if (!isd) // seed from accumulator + isd = true, + accum.stop(), + seed(accum.fetch()); + if (!gnt--) + prng(), gnt = 255; + return r[gnt]; + }; +})(); -- cgit v1.2.3-59-g8ed1b