From: Chris Duncan <chris@zoso.dev>
Date: Mon, 4 Aug 2025 18:23:23 +0000 (-0700)
Subject: Implement entropy in safe.
X-Git-Tag: v0.10.5~46^2~9
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=9343db54cbffc9ee504fb411a7865785147944aa;p=libnemo.git

Implement entropy in safe.
---

diff --git a/src/lib/safe.ts b/src/lib/safe.ts
index de5657b..76a6c2f 100644
--- a/src/lib/safe.ts
+++ b/src/lib/safe.ts
@@ -11,6 +11,7 @@ import { Blake2b } from './blake2b'
 import { Blake2bCkd } from './blake2b-ckd'
 import { BIP39_ITERATIONS } from './constants'
 import { default as Convert, bytes, hex, utf8 } from './convert.js'
+import { Entropy } from './entropy'
 import { NanoNaCl } from './nano-nacl'
 import { NamedData } from '#types'
 
@@ -112,8 +113,8 @@ export class Safe {
 	*/
 	static async create (type?: 'BIP-44' | 'BLAKE2b', key?: CryptoKey, keySalt?: ArrayBuffer, mnemonicSalt?: string): Promise<NamedData<ArrayBuffer>> {
 		try {
-			const entropy = crypto.getRandomValues(new Uint8Array(32))
-			const mnemonicPhrase = (await Bip39Mnemonic.fromEntropy(entropy)).phrase
+			const entropy = new Entropy()
+			const { phrase: mnemonicPhrase } = await Bip39Mnemonic.fromEntropy(entropy.bytes)
 			const record = await this.import(type, key, keySalt, mnemonicPhrase, mnemonicSalt)
 			if (this.#seed == null || this.#mnemonic?.phrase == null) {
 				throw new Error('Failed to generate seed and mnemonic')
@@ -369,7 +370,7 @@ export class Safe {
 			seed: bytes.toHex(new Uint8Array(this.#seed))
 		}
 		if (this.#mnemonic?.phrase != null) data.mnemonic = this.#mnemonic.phrase
-		const iv = crypto.getRandomValues(new Uint8Array(32)).buffer
+		const iv = new Entropy().buffer
 		const encoded = utf8.toBytes(JSON.stringify(data))
 		const encrypted = await crypto.subtle.encrypt({ name: 'AES-GCM', iv }, key, encoded)
 		return { iv, encrypted }
@@ -416,7 +417,7 @@ export class Safe {
 		}
 		const iv: ArrayBuffer = action === 'unlock' && messageData.iv instanceof ArrayBuffer
 			? messageData.iv
-			: crypto.getRandomValues(new Uint8Array(32)).buffer
+			: new Entropy().buffer
 
 		// Salt for decryption key to unlock
 		if (action === 'unlock' && !(messageData.keySalt instanceof ArrayBuffer)) {
@@ -424,7 +425,7 @@ export class Safe {
 		}
 		const keySalt: ArrayBuffer = action === 'unlock' && messageData.keySalt instanceof ArrayBuffer
 			? messageData.keySalt
-			: crypto.getRandomValues(new Uint8Array(32)).buffer
+			: new Entropy().buffer
 
 		// CryptoKey from password, decryption key if unlocking else encryption key
 		const key = password instanceof ArrayBuffer
@@ -515,6 +516,7 @@ export default `
 	const Bip44Ckd = ${Bip44Ckd}
 	const Blake2b = ${Blake2b}
 	const Blake2bCkd = ${Blake2bCkd}
+	const Entropy = ${Entropy}
 	const NanoNaCl = ${NanoNaCl}
 	const Safe = ${Safe}
 `