js-libp2p-crypto/src/keys/rsa-browser.js

'use strict'

const webcrypto = require('../webcrypto')
const randomBytes = require('../random-bytes')

exports.utils = require('./rsa-utils')

exports.generateKey = async function (bits) {
  const pair = await webcrypto.get().subtle.generateKey(
    {
      name: 'RSASSA-PKCS1-v1_5',
      modulusLength: bits,
      publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
      hash: { name: 'SHA-256' }
    },
    true,
    ['sign', 'verify']
  )

  const keys = await exportKey(pair)

  return {
    privateKey: keys[0],
    publicKey: keys[1]
  }
}

// Takes a jwk key
exports.unmarshalPrivateKey = async function (key) {
  const privateKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
      name: 'RSASSA-PKCS1-v1_5',
      hash: { name: 'SHA-256' }
    },
    true,
    ['sign']
  )

  const pair = [
    privateKey,
    await derivePublicFromPrivate(key)
  ]

  const keys = await exportKey({
    privateKey: pair[0],
    publicKey: pair[1]
  })

  return {
    privateKey: keys[0],
    publicKey: keys[1]
  }
}

exports.getRandomValues = randomBytes

exports.hashAndSign = async function (key, msg) {
  const privateKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
      name: 'RSASSA-PKCS1-v1_5',
      hash: { name: 'SHA-256' }
    },
    false,
    ['sign']
  )

  const sig = await webcrypto.get().subtle.sign(
    { name: 'RSASSA-PKCS1-v1_5' },
    privateKey,
    Uint8Array.from(msg)
  )

  return Buffer.from(sig)
}

exports.hashAndVerify = async function (key, sig, msg) {
  const publicKey = await webcrypto.get().subtle.importKey(
    'jwk',
    key,
    {
      name: 'RSASSA-PKCS1-v1_5',
      hash: { name: 'SHA-256' }
    },
    false,
    ['verify']
  )

  return webcrypto.get().subtle.verify(
    { name: 'RSASSA-PKCS1-v1_5' },
    publicKey,
    sig,
    msg
  )
}

function exportKey (pair) {
  return Promise.all([
    webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
    webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
  ])
}

function derivePublicFromPrivate (jwKey) {
  return webcrypto.get().subtle.importKey(
    'jwk',
    {
      kty: jwKey.kty,
      n: jwKey.n,
      e: jwKey.e
    },
    {
      name: 'RSASSA-PKCS1-v1_5',
      hash: { name: 'SHA-256' }
    },
    true,
    ['verify']
  )
}

/*

RSA encryption/decryption for the browser with webcrypto workarround
"bloody dark magic. webcrypto's why."

Explanation:
  - Convert JWK to PEM
  - Load PEM with nodeForge
  - Convert msg buffer to nodeForge buffer: it's already uint8array, so do nothing
  - Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array

*/

const forge = require('node-forge')
const pki = forge.pki
const jwkToPem = require('pem-jwk').jwk2pem
function convertKey (key, pub, msg, handle) {
  const pem = jwkToPem(key)
  const fkey = pki[pub ? 'publicKeyFromPem' : 'privateKeyFromPem'](pem)
  const fomsg = handle(Buffer.from(msg), fkey)
  return Buffer.from(fomsg, 'binary')
}

exports.encrypt = function (key, msg) {
  return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))
}

exports.decrypt = function (key, msg) {
  return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))
}
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`'use strict'`

fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const webcrypto = require('../webcrypto')`
fix: clean up, bundle size reduction BREAKING CHANGE: getRandomValues method exported from src/keys/rsa-browser.js and src/keys/rsa.js signature has changed from accepting an array to a number for random byte length 2019-01-08 18:37:03 +00:00			`const randomBytes = require('../random-bytes')`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00
			`exports.utils = require('./rsa-utils')`

feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`exports.generateKey = async function (bits) {`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const pair = await webcrypto.get().subtle.generateKey(`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`{`
			`name: 'RSASSA-PKCS1-v1_5',`
			`modulusLength: bits,`
			`publicExponent: new Uint8Array([0x01, 0x00, 0x01]),`
feat: nextTick instead of setImmediate, and fix sync in async (#136) * fix: avoid sync callback in async function * chore: fix linting * chore: remove non jenkins ci * refactor: use nextTick over setImmediate * refactor: async/nextTick for better browser support 2019-01-03 08:13:07 -08:00			`hash: { name: 'SHA-256' }`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`true,`
			`['sign', 'verify']`
			`)`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00
			`const keys = await exportKey(pair)`

			`return {`
			`privateKey: keys[0],`
			`publicKey: keys[1]`
			`}`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`}`

			`// Takes a jwk key`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`exports.unmarshalPrivateKey = async function (key) {`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const privateKey = await webcrypto.get().subtle.importKey(`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`'jwk',`
			`key,`
			`{`
			`name: 'RSASSA-PKCS1-v1_5',`
feat: nextTick instead of setImmediate, and fix sync in async (#136) * fix: avoid sync callback in async function * chore: fix linting * chore: remove non jenkins ci * refactor: use nextTick over setImmediate * refactor: async/nextTick for better browser support 2019-01-03 08:13:07 -08:00			`hash: { name: 'SHA-256' }`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`true,`
			`['sign']`
			`)`

feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`const pair = [`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`privateKey,`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`await derivePublicFromPrivate(key)`
			`]`

			`const keys = await exportKey({`
			`privateKey: pair[0],`
			`publicKey: pair[1]`
			`})`

			`return {`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`privateKey: keys[0],`
			`publicKey: keys[1]`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`}`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`}`

fix: clean up, bundle size reduction BREAKING CHANGE: getRandomValues method exported from src/keys/rsa-browser.js and src/keys/rsa.js signature has changed from accepting an array to a number for random byte length 2019-01-08 18:37:03 +00:00			`exports.getRandomValues = randomBytes`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`exports.hashAndSign = async function (key, msg) {`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const privateKey = await webcrypto.get().subtle.importKey(`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`'jwk',`
			`key,`
			`{`
			`name: 'RSASSA-PKCS1-v1_5',`
feat: nextTick instead of setImmediate, and fix sync in async (#136) * fix: avoid sync callback in async function * chore: fix linting * chore: remove non jenkins ci * refactor: use nextTick over setImmediate * refactor: async/nextTick for better browser support 2019-01-03 08:13:07 -08:00			`hash: { name: 'SHA-256' }`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`false,`
			`['sign']`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`)`

fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const sig = await webcrypto.get().subtle.sign(`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`{ name: 'RSASSA-PKCS1-v1_5' },`
			`privateKey,`
			`Uint8Array.from(msg)`
			`)`

			`return Buffer.from(sig)`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`}`

feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`exports.hashAndVerify = async function (key, sig, msg) {`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`const publicKey = await webcrypto.get().subtle.importKey(`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`'jwk',`
			`key,`
			`{`
			`name: 'RSASSA-PKCS1-v1_5',`
feat: nextTick instead of setImmediate, and fix sync in async (#136) * fix: avoid sync callback in async function * chore: fix linting * chore: remove non jenkins ci * refactor: use nextTick over setImmediate * refactor: async/nextTick for better browser support 2019-01-03 08:13:07 -08:00			`hash: { name: 'SHA-256' }`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`false,`
			`['verify']`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`)`

fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`return webcrypto.get().subtle.verify(`
feat: refactor to use async/await (#131) BREAKING CHANGE: API refactored to use async/await feat: WIP use async await fix: passing tests chore: update travis node.js versions fix: skip ursa optional tests on windows fix: benchmarks docs: update docs fix: remove broken and intested private key decrypt chore: update deps 2019-07-10 17:15:26 +01:00			`{ name: 'RSASSA-PKCS1-v1_5' },`
			`publicKey,`
			`sig,`
			`msg`
			`)`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`}`

			`function exportKey (pair) {`
			`return Promise.all([`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`webcrypto.get().subtle.exportKey('jwk', pair.privateKey),`
			`webcrypto.get().subtle.exportKey('jwk', pair.publicKey)`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`])`
			`}`

			`function derivePublicFromPrivate (jwKey) {`
fix: better error for missing web crypto This PR simply detects missing web crypto and throws an error with an appropriate message. This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation. refs https://github.com/libp2p/js-libp2p-crypto/pull/149 refs https://github.com/libp2p/js-libp2p-crypto/pull/150 refs https://github.com/libp2p/js-libp2p-crypto/issues/105 refs https://github.com/ipfs/js-ipfs/issues/2153 refs https://github.com/ipfs/js-ipfs/issues/2017 License: MIT Signed-off-by: Alan Shaw <alan@tableflip.io> 2019-07-17 11:17:18 +01:00			`return webcrypto.get().subtle.importKey(`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`'jwk',`
			`{`
			`kty: jwKey.kty,`
			`n: jwKey.n,`
feat: key exchange with jsrsasign (#115) * feat: export/import password protected RSA key * docs: crypto.key.import * test: import with wrong password * fix: lint * test: importing openssl keys * just to trigger circle with new ubuntu * feat: get the RSA key id * feat: get the ED 25519 key id * feat: pbkdf2 * fix(pbkdf2): base64 has more chars to guess than hex * chore: update deps 2017-12-20 21:11:47 +13:00			`e: jwKey.e`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`{`
			`name: 'RSASSA-PKCS1-v1_5',`
feat: nextTick instead of setImmediate, and fix sync in async (#136) * fix: avoid sync callback in async function * chore: fix linting * chore: remove non jenkins ci * refactor: use nextTick over setImmediate * refactor: async/nextTick for better browser support 2019-01-03 08:13:07 -08:00			`hash: { name: 'SHA-256' }`
feat(rsa): add fallback pure js fallback for webcrypto-ossl 2016-11-29 17:54:41 +01:00			`},`
			`true,`
			`['verify']`
			`)`
			`}`
feat: browser enc/dec 2019-07-12 18:53:56 +02:00
fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00			`/*`

refactor: cleanup 2019-10-23 12:57:23 +02:00			`RSA encryption/decryption for the browser with webcrypto workarround`
			`"bloody dark magic. webcrypto's why."`

fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00			`Explanation:`
			`- Convert JWK to PEM`
			`- Load PEM with nodeForge`
fix: use direct buffers instead of converting to hex 2019-10-23 13:33:48 +02:00			`- Convert msg buffer to nodeForge buffer: it's already uint8array, so do nothing`
			`- Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array`
fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00
			`*/`

			`const forge = require('node-forge')`
			`const pki = forge.pki`
			`const jwkToPem = require('pem-jwk').jwk2pem`
			`function convertKey (key, pub, msg, handle) {`
			`const pem = jwkToPem(key)`
			`const fkey = pki[pub ? 'publicKeyFromPem' : 'privateKeyFromPem'](pem)`
fix: use direct buffers instead of converting to hex 2019-10-23 13:33:48 +02:00			`const fomsg = handle(Buffer.from(msg), fkey)`
			`return Buffer.from(fomsg, 'binary')`
fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00			`}`

refactor: cleanup 2019-10-23 12:57:23 +02:00			`exports.encrypt = function (key, msg) {`
fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00			`return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))`
feat: browser enc/dec 2019-07-12 18:53:56 +02:00			`}`

refactor: cleanup 2019-10-23 12:57:23 +02:00			`exports.decrypt = function (key, msg) {`
fix: browser rsa enc/dec 2019-10-23 12:55:43 +02:00			`return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))`
feat: browser enc/dec 2019-07-12 18:53:56 +02:00			`}`