From 5cbc4b90fbd527ba9d060dcdd303e033f5686830 Mon Sep 17 00:00:00 2001
From: Franck Royer <franck@royer.one>
Date: Tue, 19 Oct 2021 11:26:09 +1100
Subject: [PATCH] Fix KDF algorithm

---
 ...es-pbkdf2-npm-3.1.0-9fa74ff7fb-d15024b195.zip | Bin 0 -> 2645 bytes
 packages/status-communities/package.json         |   2 ++
 .../status-communities/src/encryption.spec.ts    |  14 ++++++++++++++
 packages/status-communities/src/encryption.ts    |  10 ++++++++--
 yarn.lock                                        |  13 ++++++++++++-
 5 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 .yarn/cache/@types-pbkdf2-npm-3.1.0-9fa74ff7fb-d15024b195.zip
 create mode 100644 packages/status-communities/src/encryption.spec.ts

diff --git a/.yarn/cache/@types-pbkdf2-npm-3.1.0-9fa74ff7fb-d15024b195.zip b/.yarn/cache/@types-pbkdf2-npm-3.1.0-9fa74ff7fb-d15024b195.zip
new file mode 100644
index 0000000000000000000000000000000000000000..7afb6d838864b55e4fbe5dad23d0d4546b85ab93
GIT binary patch
literal 2645
zcmaKudpy(MAIHZgHj()XYo%z+C2Mj?Qn@Xf<}!sankcz#lCt^owdPW;iCl7@%U7jQ
z(W<XYa~}!0Jm!*`!u0#eCBG!$yDsXN$0O(Sczn+J<Gi2eoX6|D-{)mx2?WUizBD6d
zpV-&I_n(BI_a}LHy7`ejf_yy#cia4S>KDK-Q;p73$m>SHe-lA=_whKr=lfE^0I{#T
za*Wn73Ka$bf<OR(()xi%kC<Yt>@Wm;yZ;DUs%Bp8aF&zWK=o8R$gUJO(xT<LFRDSR
z%p}hDehH~oTe8Bt$f7H5d=U-@<jHJ-3}&dM|BWnFyqI>8WNjKT{!RotNRb=Ta)0TT
zMJfpDPNdw^TlO`5vVjYr&x}n=B41i{&B3--YrRV7l(=&!V<Urpff^k<BP8@r%6WhP
z1W5CINxE2ofuse7%IbrI<~pNZ84M~R=a~QGw96!e^#{5@!3lI4CeVDB>optFfR@$(
znEyFo<6gMv#rRja%flBMl6f|JT|;JP^%W-jhmVWp^g*Q+uekw>6+2*A1XAMMUbT@?
zs=S~49=>MRb|y5FcH?X<Y;<A55TyO=!_`LjsFcNS&l@|7#5MJY9b`)a;X?~PO8XZL
zT$duAtMI7N8b@3I!pYq<y;=Y_zgUo-ok_Kvs4H7g(N$oH&UX~Lyq~m2F(&&Vgx1mb
z52nnCUd>R+u^OYErXbc!2IU@9=^$h<A$+&$L|EdVf7w#&^OJn4PsPx^^6Y1Er5_=(
zrEF>v+ln7Q<oyKPs9r7lXoLMEk5yt1n?6)If&=1}4Q%@&UvcG*yZSmXsFBL<8dt1c
zU)7ttYbNuvt)`>IESa+sslIBE{P`0~&f)~<yp#G#8|@-Yjb{2K>TU0Sa>ZSfx7cGo
zk=Uv?*OzInT;Ot)hz{Id29frWE1Rr33wcyJkFE08@%6Yn!gV=!z9m&8cNBfn6>WRE
z++8_j6s(+d_Sunw`*vJE{mLV0yfhz0jhK`+ti~?wqos4Ae<HW!2-z|6M@z5o8ZWPK
zH{+N^aAP`-RxFpXB6c1l!IzC88qXkae8fIqUIZ8}iGItI)yoUAc9=600swXhE-+&K
z%ZtYto8d4hKM%hooMk;)zIiG#ELxNrFw%EN6}yR{zbz)`!Jt&Cp7lRm9WbZ6JuIaA
zf)^$cyu$h{&AxxGq0j?S0iio{)$Hi<D562of5XY<cZ}sSOGhyG#OdhECtvjF-uILD
z{ZL0EQW~)lE*kE`64^j~S(7WMe&c-2jY8xH$UUg|*Z9sF&gn<Y*Fz7Y=5+3V;&;X{
z4pib!o4$|^Wu7NaBM=7q49pYj0!_u}y0=@F!34=A)xr4O`jsq>Qj>0Agr35o0Dhd(
z!||%zjyD|u{b&agt%*F=X6LB=IJ{A!N=Nz{WlwbDaVjNSMclF4kGdo+p`M^F$H#MX
z$m;DgOPP_)%e+s$$kZ7Ny@^xy_%mS~8mG9;)`<rgXER<-JgzmGhlgx>>m>qJZ*k)K
zo88%LcuU$-_ttjX0xOzlZ~lt#uPSJEwgj9LsE{itA<FBkaMs_$GZ^K8Iv?1JZ?mdL
zOI3|)*k?K2?D39OPdO;nsicUAFyp;z$m~H>7E}&O+b(ZI;wDTVk&T3N`(9@d+Dl>d
z6FG`vafR3Hy*+n42c5WjxkSABLi4GOITp1<uh4YoOjzz+$AN`CUeQ#xNvrnl4&ZYi
zI-(%UuQJmAT&HeJXgVj-9(`P^7+hCgoT(`<k9_?HWs?7PTX)s;4y!4q2wjmF5ut8Y
zE~!(XT_lnt1P^JvY%T$@4et$~%1{x%fQompX*=1V3+*7jq3wr1bog-3?ABszDbU}p
zhI?eb&T1tkI8Gm17J}V(_#M9eKY7a-utZg>X~i)j)VZ?hFsJ>YmJhB@^wg1C+$*Hi
zB=P3WqV{{yywqB(3k#dUySbF#a3?&tQm@hlWZ`VcHpB$QMH=FO3MvP6uC_$0B^9SG
zCL$bE6*`x0Otz@RHI+ZdS5y_d$*y!UuWH?x5~`JD2Quqwx7YU`j2?UT`pMvlPan4i
zyZtI!;npioE&|ay1*wBvUo<lDln?QYC(1jJ<R6O1SvH`hs;A0S55&yvd=S*1oOek9
z#O{p^wn*ma`DUgdHm4P>yg)3Kzo73^en0%QYH#v;m2#xaLmF8w;^J7(rG&v*3mBwK
zbQ+#AhS&eBf-UffvFkLO>5JnI7uPHp8PNjR+wy=a$IF=xfx;$>VY@pP)v$%=n6&I9
ztTVsc{KdWw*7cqPq(U);MxnPm<1nZ3e|tCIj63^3RKljAV+0tqzoDs!%?r-ZvKiJb
zxygQ-b)~vCH2xC&Y4sE*e0#Py*_el9Bz65!n0Nh#^BH99%EF8qs$S2HzhJ&pk9I7v
z_8*v=-A0gMxCp@pqi*+7tq!%q`}h^PixifoBm5G1>TEvcvyusZ_mVfEm0m_T5lEmt
zX6+Xt=9DwH%AEn%vtX7mOI3G{EcDtqxM?4*%`Zt2U;(v)szGg@Q0xJ%iW-nqXe#^M
z^Lpz=$FO$9&|IyJrI7F;;O`BCK&7v3()dgFiziqw^c!$BRAX)E4?FSu#lIMe)i!BN
z5Db4={5#=?z4!)Nt<h@@#ww_gmbyOZyWLnl+A42t&Hu@>1FpNVA1}aK;@bN4lh`k)
qXzLvHXEj@kT$^1#kqH~tMgD)T*;tAQCIbMXf=^12rn|pd$bSJI>Kn8G

literal 0
HcmV?d00001

diff --git a/packages/status-communities/package.json b/packages/status-communities/package.json
index 3f7d396b..eec56752 100644
--- a/packages/status-communities/package.json
+++ b/packages/status-communities/package.json
@@ -25,6 +25,7 @@
   "devDependencies": {
     "@types/chai": "^4.2.22",
     "@types/mocha": "^9.0.0",
+    "@types/pbkdf2": "^3.1.0",
     "@types/secp256k1": "^4.0.3",
     "@typescript-eslint/eslint-plugin": "^4.31.1",
     "@typescript-eslint/parser": "^4.31.1",
@@ -47,6 +48,7 @@
     "ecies-geth": "^1.5.3",
     "js-sha3": "^0.8.0",
     "js-waku": "^0.13.1",
+    "pbkdf2": "^3.1.2",
     "protobufjs": "^6.11.2",
     "secp256k1": "^4.0.2"
   }
diff --git a/packages/status-communities/src/encryption.spec.ts b/packages/status-communities/src/encryption.spec.ts
new file mode 100644
index 00000000..2c16ed94
--- /dev/null
+++ b/packages/status-communities/src/encryption.spec.ts
@@ -0,0 +1,14 @@
+import { expect } from "chai";
+
+import { createSymKeyFromPassword } from "./encryption";
+
+describe("Encryption", () => {
+  it("Generate symmetric key from password", async function () {
+    const str = "arbitrary data here";
+    const symKey = await createSymKeyFromPassword(str);
+
+    expect(Buffer.from(symKey).toString("hex")).to.eq(
+      "c49ad65ebf2a7b7253bf400e3d27719362a91b2c9b9f54d50a69117021666c33"
+    );
+  });
+});
diff --git a/packages/status-communities/src/encryption.ts b/packages/status-communities/src/encryption.ts
index 4aa297b2..e27d06af 100644
--- a/packages/status-communities/src/encryption.ts
+++ b/packages/status-communities/src/encryption.ts
@@ -1,9 +1,15 @@
-import { kdf } from "ecies-geth";
+import pbkdf2 from "pbkdf2";
 
 const AESKeyLength = 32; // bytes
 
 export async function createSymKeyFromPassword(
   password: string
 ): Promise<Uint8Array> {
-  return kdf(Buffer.from(password, "utf-8"), AESKeyLength);
+  return pbkdf2.pbkdf2Sync(
+    Buffer.from(password, "utf-8"),
+    "",
+    65356,
+    AESKeyLength,
+    "sha256"
+  );
 }
diff --git a/yarn.lock b/yarn.lock
index 9e2ff6ec..dc797f0c 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -938,6 +938,15 @@ __metadata:
   languageName: node
   linkType: hard
 
+"@types/pbkdf2@npm:^3.1.0":
+  version: 3.1.0
+  resolution: "@types/pbkdf2@npm:3.1.0"
+  dependencies:
+    "@types/node": "*"
+  checksum: d15024b1957c21cf3b8887329d9bd8dfde754cf13a09d76ae25f1391cfc62bb8b8d7b760773c5dbaa748172fba8b3e0c3dbe962af6ccbd69b76df12a48dfba40
+  languageName: node
+  linkType: hard
+
 "@types/prettier@npm:^1.19.0":
   version: 1.19.1
   resolution: "@types/prettier@npm:1.19.1"
@@ -8755,7 +8764,7 @@ fsevents@~2.3.2:
   languageName: node
   linkType: hard
 
-"pbkdf2@npm:^3.0.3":
+"pbkdf2@npm:^3.0.3, pbkdf2@npm:^3.1.2":
   version: 3.1.2
   resolution: "pbkdf2@npm:3.1.2"
   dependencies:
@@ -10487,6 +10496,7 @@ resolve@^2.0.0-next.3:
   dependencies:
     "@types/chai": ^4.2.22
     "@types/mocha": ^9.0.0
+    "@types/pbkdf2": ^3.1.0
     "@types/secp256k1": ^4.0.3
     "@typescript-eslint/eslint-plugin": ^4.31.1
     "@typescript-eslint/parser": ^4.31.1
@@ -10503,6 +10513,7 @@ resolve@^2.0.0-next.3:
     js-waku: ^0.13.1
     mocha: ^9.1.1
     npm-run-all: ^4.1.5
+    pbkdf2: ^3.1.2
     prettier: ^2.4.0
     protobufjs: ^6.11.2
     secp256k1: ^4.0.2