TerribleDev/ente
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch to libsodium-wrappers-sumo

Browse Source
This commit is contained in:
Manav Rathi
2024-08-23 13:21:32 +05:30
parent 89effbabc1
commit c509bffaa3
2 changed files with 8 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
web/docs/dependencies.md
View File

@@ -48,25 +48,13 @@ The root `package.json` also has a convenience dev dependency:
## Cryptography
We use [libsodium](https://libsodium.gitbook.io/doc/) for encryption, key
generation etc. Specifically, we use its WebAssembly and JS wrappers made using
Emscripten, maintained by the original authors of libsodium themselves -
We use [libsodium](https://libsodium.gitbook.io/doc/) for our cryptography
primitives. Specifically, we use its WebAssembly target, accessible via
JavaScript wrappers maintained by the original authors of libsodium themselves -
[libsodium-wrappers](https://github.com/jedisct1/libsodium.js).
Currently, we've pinned the version to 0.7.9 since later versions remove the
`crypto_pwhash_*` functionality that we use (they've not been deprecated,
they've just been moved to a different NPM package). From the (upstream)
[release notes](https://github.com/jedisct1/libsodium/releases/tag/1.0.19-RELEASE):
> Emscripten: the `crypto_pwhash_*()` functions have been removed from Sumo
> builds, as they reserve a substantial amount of JavaScript memory, even when
> not used.
This wording is a bit incorrect, they've actually been _added_ to the sumo
builds (See this [issue](https://github.com/jedisct1/libsodium.js/issues/326)).
Updating it is not a big problem, it is just a pending chore - we want to test a
bit more exhaustively when changing the crypto layer.
We need to use the "sumo" variant, _libsodium-wrappers-sumo_, to get access to
the `crypto_pwhash_*()` functions.
## Meta frameworks

4
web/packages/base/crypto/index.ts
View File

@@ -8,7 +8,9 @@
* 3. libsodium-wrappers (JavaScript bindings to libsodium)
*
* Our cryptography primitives are provided by libsodium, specifically, its
* JavaScript bindings ("libsodium-wrappers"). This is the lowest layer.
* JavaScript bindings ("libsodium-wrappers"). This is the lowest layer. Note
* that we use the sumo variant, "libsodium-wrappers-sumo", since the standard
* variant does not provide the `crypto_pwhash_*` functions.
*
* Direct usage of "libsodium-wrappers" is restricted to `crypto/libsodium.ts`.
* This is the next higher layer. Usually the functions in this file are thin