Use okio for hashing and another library for secure random

supabase-community · Dec 4, 2024 · f13e1e0 · f13e1e0
1 parent c2c25c6
commit f13e1e0
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 12 deletions.
diff --git a/Auth/build.gradle.kts b/Auth/build.gradle.kts
@@ -38,7 +38,9 @@ kotlin {
         val commonMain by getting {
             dependencies {
                 addModules(SupabaseModule.SUPABASE)
-                implementation(libs.krypto)
+             //   implementation(libs.krypto)
+                implementation(libs.secure.random)
+                api(libs.okio)
             }
         }
         val desktopMain by getting {

diff --git a/Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/PKCE.kt b/Auth/src/commonMain/kotlin/io/github/jan/supabase/auth/PKCE.kt
@@ -1,8 +1,8 @@
 @file:Suppress("MatchingDeclarationName")
 package io.github.jan.supabase.auth
 
-import korlibs.crypto.SHA256
-import korlibs.crypto.SecureRandom
+import okio.ByteString.Companion.toByteString
+import org.kotlincrypto.SecureRandom
 import kotlin.io.encoding.Base64
 import kotlin.io.encoding.ExperimentalEncodingApi
 
@@ -14,13 +14,13 @@ internal object PKCEConstants {
 @OptIn(ExperimentalEncodingApi::class)
 internal fun generateCodeVerifier(): String {
     val bytes = ByteArray(PKCEConstants.VERIFIER_LENGTH)
-    SecureRandom.nextBytes(bytes)
+    SecureRandom().nextBytesCopyTo(bytes)
     return Base64.UrlSafe.encode(bytes)
 }
 
 @OptIn(ExperimentalEncodingApi::class)
 internal fun generateCodeChallenge(codeVerifier: String): String {
-    val bytes = codeVerifier.encodeToByteArray()
-    val hash = SHA256.digest(bytes)
-    return Base64.UrlSafe.encode(hash.bytes).replace("=", "")
+    val byteString = codeVerifier.encodeToByteArray().toByteString()
+    val hash = byteString.sha256()
+    return Base64.UrlSafe.encode(hash.toByteArray()).replace("=", "")
 }
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -34,6 +34,7 @@ androidx-compat = "1.7.0"
 androidx-lifecycle = "2.8.7"
 filekit = "0.8.7"
 kotlinx-browser = "0.3"
+secure-random = "0.3.2"
 
 [plugins]
 kotlin-multiplatform = { id = "org.jetbrains.kotlin.multiplatform", version.ref = "kotlin" }
@@ -101,6 +102,7 @@ multiplatform-settings-test = { module = "com.russhwolf:multiplatform-settings-t
 apollo-kotlin = { module = "com.apollographql.apollo:apollo-runtime", version.ref = "apollo-kotlin" }
 
 krypto = { module = "com.soywiz:korlibs-crypto", version.ref = "korlibs" }
+secure-random = { module = "org.kotlincrypto:secure-random", version.ref = "secure-random" }
 okio = { module = "com.squareup.okio:okio", version.ref = "okio" }
 
 moshi = { module = "com.squareup.moshi:moshi", version.ref = "moshi" }

diff --git a/plugins/ComposeAuth/build.gradle.kts b/plugins/ComposeAuth/build.gradle.kts
@@ -34,7 +34,7 @@ kotlin {
             dependencies {
                 addModules(SupabaseModule.AUTH)
                 implementation(compose.runtime)
-                implementation(libs.krypto)
+          //      implementation(libs.krypto)
             }
         }
         val androidMain by getting {

diff --git a/...ins/ComposeAuth/src/commonMain/kotlin/io/github/jan/supabase/compose/auth/Utils.common.kt b/...ins/ComposeAuth/src/commonMain/kotlin/io/github/jan/supabase/compose/auth/Utils.common.kt
@@ -1,9 +1,8 @@
 package io.github.jan.supabase.compose.auth
 
-import io.ktor.utils.io.core.toByteArray
-import korlibs.crypto.SHA256
+import okio.ByteString.Companion.toByteString
 
 internal fun String.hash(): String {
-    val hash = SHA256.digest(this.toByteArray())
-    return hash.hex
+    val hash = this.encodeToByteArray().toByteString()
+    return hash.sha256().hex()
 }