refactor: the whole thing (#102)

src/keys/ecdh-browser.js

@@ -0,0 +1,128 @@
+'use strict'
+
+const webcrypto = require('../webcrypto.js')()
+const nodeify = require('nodeify')
+const BN = require('asn1.js').bignum
+const Buffer = require('safe-buffer').Buffer
+
+const util = require('../util')
+const toBase64 = util.toBase64
+const toBn = util.toBn
+
+const bits = {
+  'P-256': 256,
+  'P-384': 384,
+  'P-521': 521
+}
+
+exports.generateEphmeralKeyPair = function (curve, callback) {
+  nodeify(webcrypto.subtle.generateKey(
+    {
+      name: 'ECDH',
+      namedCurve: curve
+    },
+    true,
+    ['deriveBits']
+  ).then((pair) => {
+    // forcePrivate is used for testing only
+    const genSharedKey = (theirPub, forcePrivate, cb) => {
+      if (typeof forcePrivate === 'function') {
+        cb = forcePrivate
+        forcePrivate = undefined
+      }
+
+      let privateKey
+
+      if (forcePrivate) {
+        privateKey = webcrypto.subtle.importKey(
+          'jwk',
+          unmarshalPrivateKey(curve, forcePrivate),
+          {
+            name: 'ECDH',
+            namedCurve: curve
+          },
+          false,
+          ['deriveBits']
+        )
+      } else {
+        privateKey = Promise.resolve(pair.privateKey)
+      }
+
+      const keys = Promise.all([
+        webcrypto.subtle.importKey(
+          'jwk',
+          unmarshalPublicKey(curve, theirPub),
+          {
+            name: 'ECDH',
+            namedCurve: curve
+          },
+          false,
+          []
+        ),
+        privateKey
+      ])
+
+      nodeify(keys.then((keys) => webcrypto.subtle.deriveBits(
+        {
+          name: 'ECDH',
+          namedCurve: curve,
+          public: keys[0]
+        },
+        keys[1],
+        bits[curve]
+      )).then((bits) => Buffer.from(bits)), cb)
+    }
+
+    return webcrypto.subtle.exportKey('jwk', pair.publicKey)
+      .then((publicKey) => {
+        return {
+          key: marshalPublicKey(publicKey),
+          genSharedKey
+        }
+      })
+  }), callback)
+}
+
+const curveLengths = {
+  'P-256': 32,
+  'P-384': 48,
+  'P-521': 66
+}
+
+// Marshal converts a jwk encodec ECDH public key into the
+// form specified in section 4.3.6 of ANSI X9.62. (This is the format
+// go-ipfs uses)
+function marshalPublicKey (jwk) {
+  const byteLen = curveLengths[jwk.crv]
+
+  return Buffer.concat([
+    Buffer.from([4]), // uncompressed point
+    toBn(jwk.x).toArrayLike(Buffer, 'be', byteLen),
+    toBn(jwk.y).toArrayLike(Buffer, 'be', byteLen)
+  ], 1 + byteLen * 2)
+}
+
+// Unmarshal converts a point, serialized by Marshal, into an jwk encoded key
+function unmarshalPublicKey (curve, key) {
+  const byteLen = curveLengths[curve]
+
+  if (!key.slice(0, 1).equals(Buffer.from([4]))) {
+    throw new Error('Invalid key format')
+  }
+  const x = new BN(key.slice(1, byteLen + 1))
+  const y = new BN(key.slice(1 + byteLen))
+
+  return {
+    kty: 'EC',
+    crv: curve,
+    x: toBase64(x, byteLen),
+    y: toBase64(y, byteLen),
+    ext: true
+  }
+}
+
+function unmarshalPrivateKey (curve, key) {
+  const result = unmarshalPublicKey(curve, key.public)
+  result.d = toBase64(new BN(key.private))
+  return result
+}

src/keys/ecdh.js

@@ -0,0 +1,41 @@
+'use strict'
+
+const crypto = require('crypto')
+const setImmediate = require('async/setImmediate')
+
+const curves = {
+  'P-256': 'prime256v1',
+  'P-384': 'secp384r1',
+  'P-521': 'secp521r1'
+}
+
+exports.generateEphmeralKeyPair = function (curve, callback) {
+  if (!curves[curve]) {
+    return callback(new Error(`Unkown curve: ${curve}`))
+  }
+  const ecdh = crypto.createECDH(curves[curve])
+  ecdh.generateKeys()
+
+  setImmediate(() => callback(null, {
+    key: ecdh.getPublicKey(),
+    genSharedKey (theirPub, forcePrivate, cb) {
+      if (typeof forcePrivate === 'function') {
+        cb = forcePrivate
+        forcePrivate = null
+      }
+
+      if (forcePrivate) {
+        ecdh.setPrivateKey(forcePrivate.private)
+      }
+
+      let secret
+      try {
+        secret = ecdh.computeSecret(theirPub)
+      } catch (err) {
+        return cb(err)
+      }
+
+      setImmediate(() => cb(null, secret))
+    }
+  }))
+}

src/keys/ed25519-class.js

@@ -0,0 +1,164 @@
+'use strict'
+
+const multihashing = require('multihashing-async')
+const protobuf = require('protocol-buffers')
+const Buffer = require('safe-buffer').Buffer
+
+const crypto = require('./ed25519')
+const pbm = protobuf(require('./keys.proto'))
+
+class Ed25519PublicKey {
+  constructor (key) {
+    this._key = ensureKey(key, crypto.publicKeyLength)
+  }
+
+  verify (data, sig, callback) {
+    ensure(callback)
+    crypto.hashAndVerify(this._key, sig, data, callback)
+  }
+
+  marshal () {
+    return Buffer.from(this._key)
+  }
+
+  get bytes () {
+    return pbm.PublicKey.encode({
+      Type: pbm.KeyType.Ed25519,
+      Data: this.marshal()
+    })
+  }
+
+  equals (key) {
+    return this.bytes.equals(key.bytes)
+  }
+
+  hash (callback) {
+    ensure(callback)
+    multihashing(this.bytes, 'sha2-256', callback)
+  }
+}
+
+class Ed25519PrivateKey {
+  // key       - 64 byte Uint8Array or Buffer containing private key
+  // publicKey - 32 byte Uint8Array or Buffer containing public key
+  constructor (key, publicKey) {
+    this._key = ensureKey(key, crypto.privateKeyLength)
+    this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
+  }
+
+  sign (message, callback) {
+    ensure(callback)
+    crypto.hashAndSign(this._key, message, callback)
+  }
+
+  get public () {
+    if (!this._publicKey) {
+      throw new Error('public key not provided')
+    }
+
+    return new Ed25519PublicKey(this._publicKey)
+  }
+
+  marshal () {
+    return Buffer.concat([Buffer.from(this._key), Buffer.from(this._publicKey)])
+  }
+
+  get bytes () {
+    return pbm.PrivateKey.encode({
+      Type: pbm.KeyType.Ed25519,
+      Data: this.marshal()
+    })
+  }
+
+  equals (key) {
+    return this.bytes.equals(key.bytes)
+  }
+
+  hash (callback) {
+    ensure(callback)
+    multihashing(this.bytes, 'sha2-256', callback)
+  }
+}
+
+function unmarshalEd25519PrivateKey (bytes, callback) {
+  try {
+    bytes = ensureKey(bytes, crypto.privateKeyLength + crypto.publicKeyLength)
+  } catch (err) {
+    return callback(err)
+  }
+  const privateKeyBytes = bytes.slice(0, crypto.privateKeyLength)
+  const publicKeyBytes = bytes.slice(crypto.privateKeyLength, bytes.length)
+  callback(null, new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes))
+}
+
+function unmarshalEd25519PublicKey (bytes) {
+  bytes = ensureKey(bytes, crypto.publicKeyLength)
+  return new Ed25519PublicKey(bytes)
+}
+
+function generateKeyPair (_bits, cb) {
+  if (cb === undefined && typeof _bits === 'function') {
+    cb = _bits
+  }
+
+  crypto.generateKey((err, keys) => {
+    if (err) {
+      return cb(err)
+    }
+    let privkey
+    try {
+      privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
+    } catch (err) {
+      cb(err)
+      return
+    }
+
+    cb(null, privkey)
+  })
+}
+
+function generateKeyPairFromSeed (seed, _bits, cb) {
+  if (cb === undefined && typeof _bits === 'function') {
+    cb = _bits
+  }
+
+  crypto.generateKeyFromSeed(seed, (err, keys) => {
+    if (err) {
+      return cb(err)
+    }
+    let privkey
+    try {
+      privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
+    } catch (err) {
+      cb(err)
+      return
+    }
+
+    cb(null, privkey)
+  })
+}
+
+function ensure (cb) {
+  if (typeof cb !== 'function') {
+    throw new Error('callback is required')
+  }
+}
+
+function ensureKey (key, length) {
+  if (Buffer.isBuffer(key)) {
+    key = new Uint8Array(key)
+  }
+  if (!(key instanceof Uint8Array) || key.length !== length) {
+    throw new Error('Key must be a Uint8Array or Buffer of length ' + length)
+  }
+  return key
+}
+
+module.exports = {
+  Ed25519PublicKey,
+  Ed25519PrivateKey,
+  unmarshalEd25519PrivateKey,
+  unmarshalEd25519PublicKey,
+  generateKeyPair,
+  generateKeyPairFromSeed
+}

src/keys/ed25519.js

@@ -1,164 +1,47 @@
 'use strict'
 
-const multihashing = require('multihashing-async')
-const protobuf = require('protocol-buffers')
+const nacl = require('tweetnacl')
+const setImmediate = require('async/setImmediate')
 const Buffer = require('safe-buffer').Buffer
 
-const crypto = require('../crypto').ed25519
-const pbm = protobuf(require('../crypto.proto'))
+exports.publicKeyLength = nacl.sign.publicKeyLength
+exports.privateKeyLength = nacl.sign.secretKeyLength
 
-class Ed25519PublicKey {
-  constructor (key) {
-    this._key = ensureKey(key, crypto.publicKeyLength)
-  }
+exports.generateKey = function (callback) {
+  const done = (err, res) => setImmediate(() => {
+    callback(err, res)
+  })
 
-  verify (data, sig, callback) {
-    ensure(callback)
-    crypto.hashAndVerify(this._key, sig, data, callback)
-  }
-
-  marshal () {
-    return Buffer.from(this._key)
-  }
-
-  get bytes () {
-    return pbm.PublicKey.encode({
-      Type: pbm.KeyType.Ed25519,
-      Data: this.marshal()
-    })
-  }
-
-  equals (key) {
-    return this.bytes.equals(key.bytes)
-  }
-
-  hash (callback) {
-    ensure(callback)
-    multihashing(this.bytes, 'sha2-256', callback)
-  }
-}
-
-class Ed25519PrivateKey {
-  // key       - 64 byte Uint8Array or Buffer containing private key
-  // publicKey - 32 byte Uint8Array or Buffer containing public key
-  constructor (key, publicKey) {
-    this._key = ensureKey(key, crypto.privateKeyLength)
-    this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
-  }
-
-  sign (message, callback) {
-    ensure(callback)
-    crypto.hashAndSign(this._key, message, callback)
-  }
-
-  get public () {
-    if (!this._publicKey) {
-      throw new Error('public key not provided')
-    }
-
-    return new Ed25519PublicKey(this._publicKey)
-  }
-
-  marshal () {
-    return Buffer.concat([Buffer.from(this._key), Buffer.from(this._publicKey)])
-  }
-
-  get bytes () {
-    return pbm.PrivateKey.encode({
-      Type: pbm.KeyType.Ed25519,
-      Data: this.marshal()
-    })
-  }
-
-  equals (key) {
-    return this.bytes.equals(key.bytes)
-  }
-
-  hash (callback) {
-    ensure(callback)
-    multihashing(this.bytes, 'sha2-256', callback)
-  }
-}
-
-function unmarshalEd25519PrivateKey (bytes, callback) {
+  let keys
   try {
-    bytes = ensureKey(bytes, crypto.privateKeyLength + crypto.publicKeyLength)
+    keys = nacl.sign.keyPair()
   } catch (err) {
-    return callback(err)
+    return done(err)
   }
-  const privateKeyBytes = bytes.slice(0, crypto.privateKeyLength)
-  const publicKeyBytes = bytes.slice(crypto.privateKeyLength, bytes.length)
-  callback(null, new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes))
+  done(null, keys)
 }
 
-function unmarshalEd25519PublicKey (bytes) {
-  bytes = ensureKey(bytes, crypto.publicKeyLength)
-  return new Ed25519PublicKey(bytes)
+// seed should be a 32 byte uint8array
+exports.generateKeyFromSeed = function (seed, callback) {
+  const done = (err, res) => setImmediate(() => callback(err, res))
+
+  let keys
+  try {
+    keys = nacl.sign.keyPair.fromSeed(seed)
+  } catch (err) {
+    return done(err)
+  }
+  done(null, keys)
 }
 
-function generateKeyPair (_bits, cb) {
-  if (cb === undefined && typeof _bits === 'function') {
-    cb = _bits
-  }
-
-  crypto.generateKey((err, keys) => {
-    if (err) {
-      return cb(err)
-    }
-    let privkey
-    try {
-      privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
-    } catch (err) {
-      cb(err)
-      return
-    }
-
-    cb(null, privkey)
+exports.hashAndSign = function (key, msg, callback) {
+  setImmediate(() => {
+    callback(null, Buffer.from(nacl.sign.detached(msg, key)))
   })
 }
 
-function generateKeyPairFromSeed (seed, _bits, cb) {
-  if (cb === undefined && typeof _bits === 'function') {
-    cb = _bits
-  }
-
-  crypto.generateKeyFromSeed(seed, (err, keys) => {
-    if (err) {
-      return cb(err)
-    }
-    let privkey
-    try {
-      privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
-    } catch (err) {
-      cb(err)
-      return
-    }
-
-    cb(null, privkey)
+exports.hashAndVerify = function (key, sig, msg, callback) {
+  setImmediate(() => {
+    callback(null, nacl.sign.detached.verify(msg, sig, key))
   })
 }
-
-function ensure (cb) {
-  if (typeof cb !== 'function') {
-    throw new Error('callback is required')
-  }
-}
-
-function ensureKey (key, length) {
-  if (Buffer.isBuffer(key)) {
-    key = new Uint8Array(key)
-  }
-  if (!(key instanceof Uint8Array) || key.length !== length) {
-    throw new Error('Key must be a Uint8Array or Buffer of length ' + length)
-  }
-  return key
-}
-
-module.exports = {
-  Ed25519PublicKey,
-  Ed25519PrivateKey,
-  unmarshalEd25519PrivateKey,
-  unmarshalEd25519PublicKey,
-  generateKeyPair,
-  generateKeyPairFromSeed
-}

src/keys/ephemeral-keys.js

@@ -0,0 +1,11 @@
+'use strict'
+
+const ecdh = require('./ecdh')
+
+// Generates an ephemeral public key and returns a function that will compute
+// the shared secret key.
+//
+// Focuses only on ECDH now, but can be made more general in the future.
+module.exports = (curve, callback) => {
+  ecdh.generateEphmeralKeyPair(curve, callback)
+}

src/keys/index.js

@@ -1,7 +1,104 @@
 'use strict'
 
-module.exports = {
-  rsa: require('./rsa'),
-  ed25519: require('./ed25519'),
-  secp256k1: require('libp2p-crypto-secp256k1')
+const protobuf = require('protocol-buffers')
+const pbm = protobuf(require('./keys.proto'))
+
+const keys = exports.keys = require('./keys')
+
+exports = module.exports
+
+exports.pbm = pbm
+
+function isValidKeyType (keyType) {
+  const key = keys[keyType.toLowerCase()]
+  return key !== undefined
+}
+
+exports.keyStretcher = require('./key-stretcher')
+exports.generateEphemeralKeyPair = require('./ephemeral-keys')
+
+// Generates a keypair of the given type and bitsize
+exports.generateKeyPair = (type, bits, cb) => {
+  let key = keys[type.toLowerCase()]
+
+  if (!key) {
+    return cb(new Error('invalid or unsupported key type'))
+  }
+
+  key.generateKeyPair(bits, cb)
+}
+
+// Generates a keypair of the given type and bitsize
+// seed is a 32 byte uint8array
+exports.generateKeyPairFromSeed = (type, seed, bits, cb) => {
+  let key = keys[type.toLowerCase()]
+  if (!key) {
+    return cb(new Error('invalid or unsupported key type'))
+  }
+  if (type.toLowerCase() !== 'ed25519') {
+    return cb(new Error('Seed key derivation is unimplemented for RSA or secp256k1'))
+  }
+  key.generateKeyPairFromSeed(seed, bits, cb)
+}
+
+// Converts a protobuf serialized public key into its
+// representative object
+exports.unmarshalPublicKey = (buf) => {
+  const decoded = pbm.PublicKey.decode(buf)
+
+  switch (decoded.Type) {
+    case pbm.KeyType.RSA:
+      return keys.rsa.unmarshalRsaPublicKey(decoded.Data)
+    case pbm.KeyType.Ed25519:
+      return keys.ed25519.unmarshalEd25519PublicKey(decoded.Data)
+    case pbm.KeyType.Secp256k1:
+      if (keys.secp256k1) {
+        return keys.secp256k1.unmarshalSecp256k1PublicKey(decoded.Data)
+      } else {
+        throw new Error('secp256k1 support requires libp2p-crypto-secp256k1 package')
+      }
+    default:
+      throw new Error('invalid or unsupported key type')
+  }
+}
+
+// Converts a public key object into a protobuf serialized public key
+exports.marshalPublicKey = (key, type) => {
+  type = (type || 'rsa').toLowerCase()
+  if (!isValidKeyType(type)) {
+    throw new Error('invalid or unsupported key type')
+  }
+
+  return key.bytes
+}
+
+// Converts a protobuf serialized private key into its
+// representative object
+exports.unmarshalPrivateKey = (buf, callback) => {
+  const decoded = pbm.PrivateKey.decode(buf)
+
+  switch (decoded.Type) {
+    case pbm.KeyType.RSA:
+      return keys.rsa.unmarshalRsaPrivateKey(decoded.Data, callback)
+    case pbm.KeyType.Ed25519:
+      return keys.ed25519.unmarshalEd25519PrivateKey(decoded.Data, callback)
+    case pbm.KeyType.Secp256k1:
+      if (keys.secp256k1) {
+        return keys.secp256k1.unmarshalSecp256k1PrivateKey(decoded.Data, callback)
+      } else {
+        return callback(new Error('secp256k1 support requires libp2p-crypto-secp256k1 package'))
+      }
+    default:
+      callback(new Error('invalid or unsupported key type'))
+  }
+}
+
+// Converts a private key object into a protobuf serialized private key
+exports.marshalPrivateKey = (key, type) => {
+  type = (type || 'rsa').toLowerCase()
+  if (!isValidKeyType(type)) {
+    throw new Error('invalid or unsupported key type')
+  }
+
+  return key.bytes
 }

src/keys/key-stretcher.js

@@ -0,0 +1,109 @@
+'use strict'
+
+const whilst = require('async/whilst')
+const Buffer = require('safe-buffer').Buffer
+const hmac = require('../hmac')
+
+const cipherMap = {
+  'AES-128': {
+    ivSize: 16,
+    keySize: 16
+  },
+  'AES-256': {
+    ivSize: 16,
+    keySize: 32
+  },
+  Blowfish: {
+    ivSize: 8,
+    cipherKeySize: 32
+  }
+}
+
+// Generates a set of keys for each party by stretching the shared key.
+// (myIV, theirIV, myCipherKey, theirCipherKey, myMACKey, theirMACKey)
+module.exports = (cipherType, hash, secret, callback) => {
+  const cipher = cipherMap[cipherType]
+
+  if (!cipher) {
+    return callback(new Error('unkown cipherType passed'))
+  }
+
+  if (!hash) {
+    return callback(new Error('unkown hashType passed'))
+  }
+
+  const cipherKeySize = cipher.keySize
+  const ivSize = cipher.ivSize
+  const hmacKeySize = 20
+  const seed = Buffer.from('key expansion')
+  const resultLength = 2 * (ivSize + cipherKeySize + hmacKeySize)
+
+  hmac.create(hash, secret, (err, m) => {
+    if (err) {
+      return callback(err)
+    }
+
+    m.digest(seed, (err, a) => {
+      if (err) {
+        return callback(err)
+      }
+
+      let result = []
+      let j = 0
+
+      whilst(
+        () => j < resultLength,
+        stretch,
+        finish
+      )
+
+      function stretch (cb) {
+        m.digest(Buffer.concat([a, seed]), (err, b) => {
+          if (err) {
+            return cb(err)
+          }
+
+          let todo = b.length
+
+          if (j + todo > resultLength) {
+            todo = resultLength - j
+          }
+
+          result.push(b)
+
+          j += todo
+
+          m.digest(a, (err, _a) => {
+            if (err) {
+              return cb(err)
+            }
+            a = _a
+            cb()
+          })
+        })
+      }
+
+      function finish (err) {
+        if (err) {
+          return callback(err)
+        }
+
+        const half = resultLength / 2
+        const resultBuffer = Buffer.concat(result)
+        const r1 = resultBuffer.slice(0, half)
+        const r2 = resultBuffer.slice(half, resultLength)
+
+        const createKey = (res) => ({
+          iv: res.slice(0, ivSize),
+          cipherKey: res.slice(ivSize, ivSize + cipherKeySize),
+          macKey: res.slice(ivSize + cipherKeySize)
+        })
+
+        callback(null, {
+          k1: createKey(r1),
+          k2: createKey(r2)
+        })
+      }
+    })
+  })
+}

src/keys/keys.js

@@ -0,0 +1,7 @@
+'use strict'
+
+module.exports = {
+  rsa: require('./rsa-class'),
+  ed25519: require('./ed25519-class'),
+  secp256k1: require('libp2p-crypto-secp256k1')
+}

src/keys/keys.proto.js

@@ -0,0 +1,17 @@
+'use strict'
+
+module.exports = `enum KeyType {
+  RSA = 0;
+  Ed25519 = 1;
+  Secp256k1 = 2;
+}
+
+message PublicKey {
+  required KeyType Type = 1;
+  required bytes Data = 2;
+}
+
+message PrivateKey {
+  required KeyType Type = 1;
+  required bytes Data = 2;
+}`

src/keys/rsa-browser.js

@@ -0,0 +1,120 @@
+'use strict'
+
+const nodeify = require('nodeify')
+const Buffer = require('safe-buffer').Buffer
+
+const webcrypto = require('../webcrypto.js')()
+
+exports.utils = require('./rsa-utils')
+
+exports.generateKey = function (bits, callback) {
+  nodeify(webcrypto.subtle.generateKey(
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      modulusLength: bits,
+      publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
+      hash: {name: 'SHA-256'}
+    },
+    true,
+    ['sign', 'verify']
+  )
+  .then(exportKey)
+  .then((keys) => ({
+    privateKey: keys[0],
+    publicKey: keys[1]
+  })), callback)
+}
+
+// Takes a jwk key
+exports.unmarshalPrivateKey = function (key, callback) {
+  const privateKey = webcrypto.subtle.importKey(
+    'jwk',
+    key,
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      hash: {name: 'SHA-256'}
+    },
+    true,
+    ['sign']
+  )
+
+  nodeify(Promise.all([
+    privateKey,
+    derivePublicFromPrivate(key)
+  ]).then((keys) => exportKey({
+    privateKey: keys[0],
+    publicKey: keys[1]
+  })).then((keys) => ({
+    privateKey: keys[0],
+    publicKey: keys[1]
+  })), callback)
+}
+
+exports.getRandomValues = function (arr) {
+  return Buffer.from(webcrypto.getRandomValues(arr))
+}
+
+exports.hashAndSign = function (key, msg, callback) {
+  nodeify(webcrypto.subtle.importKey(
+    'jwk',
+    key,
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      hash: {name: 'SHA-256'}
+    },
+    false,
+    ['sign']
+  ).then((privateKey) => {
+    return webcrypto.subtle.sign(
+      {name: 'RSASSA-PKCS1-v1_5'},
+      privateKey,
+      Uint8Array.from(msg)
+    )
+  }).then((sig) => Buffer.from(sig)), callback)
+}
+
+exports.hashAndVerify = function (key, sig, msg, callback) {
+  nodeify(webcrypto.subtle.importKey(
+    'jwk',
+    key,
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      hash: {name: 'SHA-256'}
+    },
+    false,
+    ['verify']
+  ).then((publicKey) => {
+    return webcrypto.subtle.verify(
+      {name: 'RSASSA-PKCS1-v1_5'},
+      publicKey,
+      sig,
+      msg
+    )
+  }), callback)
+}
+
+function exportKey (pair) {
+  return Promise.all([
+    webcrypto.subtle.exportKey('jwk', pair.privateKey),
+    webcrypto.subtle.exportKey('jwk', pair.publicKey)
+  ])
+}
+
+function derivePublicFromPrivate (jwKey) {
+  return webcrypto.subtle.importKey(
+    'jwk',
+    {
+      kty: jwKey.kty,
+      n: jwKey.n,
+      e: jwKey.e,
+      alg: jwKey.alg,
+      kid: jwKey.kid
+    },
+    {
+      name: 'RSASSA-PKCS1-v1_5',
+      hash: {name: 'SHA-256'}
+    },
+    true,
+    ['verify']
+  )
+}

src/keys/rsa-class.js

@@ -0,0 +1,133 @@
+'use strict'
+
+const multihashing = require('multihashing-async')
+const protobuf = require('protocol-buffers')
+
+const crypto = require('./rsa')
+const pbm = protobuf(require('./keys.proto'))
+
+class RsaPublicKey {
+  constructor (key) {
+    this._key = key
+  }
+
+  verify (data, sig, callback) {
+    ensure(callback)
+    crypto.hashAndVerify(this._key, sig, data, callback)
+  }
+
+  marshal () {
+    return crypto.utils.jwkToPkix(this._key)
+  }
+
+  get bytes () {
+    return pbm.PublicKey.encode({
+      Type: pbm.KeyType.RSA,
+      Data: this.marshal()
+    })
+  }
+
+  encrypt (bytes) {
+    return this._key.encrypt(bytes, 'RSAES-PKCS1-V1_5')
+  }
+
+  equals (key) {
+    return this.bytes.equals(key.bytes)
+  }
+
+  hash (callback) {
+    ensure(callback)
+    multihashing(this.bytes, 'sha2-256', callback)
+  }
+}
+
+class RsaPrivateKey {
+  // key       - Object of the jwk format
+  // publicKey - Buffer of the spki format
+  constructor (key, publicKey) {
+    this._key = key
+    this._publicKey = publicKey
+  }
+
+  genSecret () {
+    return crypto.getRandomValues(new Uint8Array(16))
+  }
+
+  sign (message, callback) {
+    ensure(callback)
+    crypto.hashAndSign(this._key, message, callback)
+  }
+
+  get public () {
+    if (!this._publicKey) {
+      throw new Error('public key not provided')
+    }
+
+    return new RsaPublicKey(this._publicKey)
+  }
+
+  decrypt (msg, callback) {
+    crypto.decrypt(this._key, msg, callback)
+  }
+
+  marshal () {
+    return crypto.utils.jwkToPkcs1(this._key)
+  }
+
+  get bytes () {
+    return pbm.PrivateKey.encode({
+      Type: pbm.KeyType.RSA,
+      Data: this.marshal()
+    })
+  }
+
+  equals (key) {
+    return this.bytes.equals(key.bytes)
+  }
+
+  hash (callback) {
+    ensure(callback)
+    multihashing(this.bytes, 'sha2-256', callback)
+  }
+}
+
+function unmarshalRsaPrivateKey (bytes, callback) {
+  const jwk = crypto.utils.pkcs1ToJwk(bytes)
+  crypto.unmarshalPrivateKey(jwk, (err, keys) => {
+    if (err) {
+      return callback(err)
+    }
+
+    callback(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
+  })
+}
+
+function unmarshalRsaPublicKey (bytes) {
+  const jwk = crypto.utils.pkixToJwk(bytes)
+
+  return new RsaPublicKey(jwk)
+}
+
+function generateKeyPair (bits, cb) {
+  crypto.generateKey(bits, (err, keys) => {
+    if (err) {
+      return cb(err)
+    }
+
+    cb(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
+  })
+}
+
+function ensure (cb) {
+  if (typeof cb !== 'function') {
+    throw new Error('callback is required')
+  }
+}
+
+module.exports = {
+  RsaPublicKey,
+  RsaPrivateKey,
+  unmarshalRsaPublicKey,
+  unmarshalRsaPrivateKey,
+  generateKeyPair
+}

src/keys/rsa-utils.js

@@ -0,0 +1,114 @@
+'use strict'
+
+const asn1 = require('asn1.js')
+
+const util = require('./../util')
+const toBase64 = util.toBase64
+const toBn = util.toBn
+
+const RSAPrivateKey = asn1.define('RSAPrivateKey', function () {
+  this.seq().obj(
+    this.key('version').int(),
+    this.key('modulus').int(),
+    this.key('publicExponent').int(),
+    this.key('privateExponent').int(),
+    this.key('prime1').int(),
+    this.key('prime2').int(),
+    this.key('exponent1').int(),
+    this.key('exponent2').int(),
+    this.key('coefficient').int()
+  )
+})
+
+const AlgorithmIdentifier = asn1.define('AlgorithmIdentifier', function () {
+  this.seq().obj(
+    this.key('algorithm').objid({
+      '1.2.840.113549.1.1.1': 'rsa'
+    }),
+    this.key('none').optional().null_(),
+    this.key('curve').optional().objid(),
+    this.key('params').optional().seq().obj(
+      this.key('p').int(),
+      this.key('q').int(),
+      this.key('g').int()
+    )
+  )
+})
+
+const PublicKey = asn1.define('RSAPublicKey', function () {
+  this.seq().obj(
+    this.key('algorithm').use(AlgorithmIdentifier),
+    this.key('subjectPublicKey').bitstr()
+  )
+})
+
+const RSAPublicKey = asn1.define('RSAPublicKey', function () {
+  this.seq().obj(
+    this.key('modulus').int(),
+    this.key('publicExponent').int()
+  )
+})
+
+// Convert a PKCS#1 in ASN1 DER format to a JWK key
+exports.pkcs1ToJwk = function (bytes) {
+  const asn1 = RSAPrivateKey.decode(bytes, 'der')
+
+  return {
+    kty: 'RSA',
+    n: toBase64(asn1.modulus),
+    e: toBase64(asn1.publicExponent),
+    d: toBase64(asn1.privateExponent),
+    p: toBase64(asn1.prime1),
+    q: toBase64(asn1.prime2),
+    dp: toBase64(asn1.exponent1),
+    dq: toBase64(asn1.exponent2),
+    qi: toBase64(asn1.coefficient),
+    alg: 'RS256',
+    kid: '2011-04-29'
+  }
+}
+
+// Convert a JWK key into PKCS#1 in ASN1 DER format
+exports.jwkToPkcs1 = function (jwk) {
+  return RSAPrivateKey.encode({
+    version: 0,
+    modulus: toBn(jwk.n),
+    publicExponent: toBn(jwk.e),
+    privateExponent: toBn(jwk.d),
+    prime1: toBn(jwk.p),
+    prime2: toBn(jwk.q),
+    exponent1: toBn(jwk.dp),
+    exponent2: toBn(jwk.dq),
+    coefficient: toBn(jwk.qi)
+  }, 'der')
+}
+
+// Convert a PKCIX in ASN1 DER format to a JWK key
+exports.pkixToJwk = function (bytes) {
+  const ndata = PublicKey.decode(bytes, 'der')
+  const asn1 = RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
+
+  return {
+    kty: 'RSA',
+    n: toBase64(asn1.modulus),
+    e: toBase64(asn1.publicExponent),
+    alg: 'RS256',
+    kid: '2011-04-29'
+  }
+}
+
+// Convert a JWK key to PKCIX in ASN1 DER format
+exports.jwkToPkix = function (jwk) {
+  return PublicKey.encode({
+    algorithm: {
+      algorithm: 'rsa',
+      none: null
+    },
+    subjectPublicKey: {
+      data: RSAPublicKey.encode({
+        modulus: toBn(jwk.n),
+        publicExponent: toBn(jwk.e)
+      }, 'der')
+    }
+  }, 'der')
+}

src/keys/rsa.js

@@ -1,133 +1,56 @@
 'use strict'
 
-const multihashing = require('multihashing-async')
-const protobuf = require('protocol-buffers')
+const crypto = require('crypto')
+const keypair = require('keypair')
+const setImmediate = require('async/setImmediate')
+const pemToJwk = require('pem-jwk').pem2jwk
+const jwkToPem = require('pem-jwk').jwk2pem
 
-const crypto = require('../crypto').rsa
-const pbm = protobuf(require('../crypto.proto'))
+exports.utils = require('./rsa-utils')
 
-class RsaPublicKey {
-  constructor (key) {
-    this._key = key
+exports.generateKey = function (bits, callback) {
+  const done = (err, res) => setImmediate(() => callback(err, res))
+
+  let key
+  try {
+    key = keypair({ bits: bits })
+  } catch (err) {
+    return done(err)
   }
 
-  verify (data, sig, callback) {
-    ensure(callback)
-    crypto.hashAndVerify(this._key, sig, data, callback)
-  }
-
-  marshal () {
-    return crypto.utils.jwkToPkix(this._key)
-  }
-
-  get bytes () {
-    return pbm.PublicKey.encode({
-      Type: pbm.KeyType.RSA,
-      Data: this.marshal()
-    })
-  }
-
-  encrypt (bytes) {
-    return this._key.encrypt(bytes, 'RSAES-PKCS1-V1_5')
-  }
-
-  equals (key) {
-    return this.bytes.equals(key.bytes)
-  }
-
-  hash (callback) {
-    ensure(callback)
-    multihashing(this.bytes, 'sha2-256', callback)
-  }
-}
-
-class RsaPrivateKey {
-  // key       - Object of the jwk format
-  // publicKey - Buffer of the spki format
-  constructor (key, publicKey) {
-    this._key = key
-    this._publicKey = publicKey
-  }
-
-  genSecret () {
-    return crypto.getRandomValues(new Uint8Array(16))
-  }
-
-  sign (message, callback) {
-    ensure(callback)
-    crypto.hashAndSign(this._key, message, callback)
-  }
-
-  get public () {
-    if (!this._publicKey) {
-      throw new Error('public key not provided')
-    }
-
-    return new RsaPublicKey(this._publicKey)
-  }
-
-  decrypt (msg, callback) {
-    crypto.decrypt(this._key, msg, callback)
-  }
-
-  marshal () {
-    return crypto.utils.jwkToPkcs1(this._key)
-  }
-
-  get bytes () {
-    return pbm.PrivateKey.encode({
-      Type: pbm.KeyType.RSA,
-      Data: this.marshal()
-    })
-  }
-
-  equals (key) {
-    return this.bytes.equals(key.bytes)
-  }
-
-  hash (callback) {
-    ensure(callback)
-    multihashing(this.bytes, 'sha2-256', callback)
-  }
-}
-
-function unmarshalRsaPrivateKey (bytes, callback) {
-  const jwk = crypto.utils.pkcs1ToJwk(bytes)
-  crypto.unmarshalPrivateKey(jwk, (err, keys) => {
-    if (err) {
-      return callback(err)
-    }
-
-    callback(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
+  done(null, {
+    privateKey: pemToJwk(key.private),
+    publicKey: pemToJwk(key.public)
   })
 }
 
-function unmarshalRsaPublicKey (bytes) {
-  const jwk = crypto.utils.pkixToJwk(bytes)
-
-  return new RsaPublicKey(jwk)
-}
-
-function generateKeyPair (bits, cb) {
-  crypto.generateKey(bits, (err, keys) => {
-    if (err) {
-      return cb(err)
+// Takes a jwk key
+exports.unmarshalPrivateKey = function (key, callback) {
+  callback(null, {
+    privateKey: key,
+    publicKey: {
+      kty: key.kty,
+      n: key.n,
+      e: key.e
     }
-
-    cb(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
   })
 }
 
-function ensure (cb) {
-  if (typeof cb !== 'function') {
-    throw new Error('callback is required')
-  }
+exports.getRandomValues = function (arr) {
+  return crypto.randomBytes(arr.length)
 }
 
-module.exports = {
-  RsaPublicKey,
-  RsaPrivateKey,
-  unmarshalRsaPublicKey,
-  unmarshalRsaPrivateKey,
-  generateKeyPair
+exports.hashAndSign = function (key, msg, callback) {
+  const sign = crypto.createSign('RSA-SHA256')
+
+  sign.update(msg)
+  setImmediate(() => callback(null, sign.sign(jwkToPem(key))))
+}
+
+exports.hashAndVerify = function (key, sig, msg, callback) {
+  const verify = crypto.createVerify('RSA-SHA256')
+
+  verify.update(msg)
+
+  setImmediate(() => callback(null, verify.verify(jwkToPem(key), sig)))
 }