fluencelabs/js-libp2p-crypto
1
0
Fork 0
mirror of https://github.com/fluencelabs/js-libp2p-crypto synced 2025-07-15 09:01:36 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: fluencelabs:automatic-ci-script-update
Branches Tags
fluencelabs:master fluencelabs:chore/update-deps-07-04-2021 fluencelabs:gh-pages fluencelabs:fix/default-ed-type fluencelabs:v0.16.x fluencelabs:chore/deps fluencelabs:automatic-ci-script-update
fluencelabs:v0.19.2 fluencelabs:v0.19.1 fluencelabs:v0.19.0 fluencelabs:v0.18.0 fluencelabs:v0.17.9 fluencelabs:v0.17.8 fluencelabs:v0.17.7 fluencelabs:v0.17.6 fluencelabs:v0.17.5 fluencelabs:v0.17.4 fluencelabs:v0.17.3 fluencelabs:v0.17.2 fluencelabs:v0.16.3 fluencelabs:v0.17.1 fluencelabs:v0.16.2 fluencelabs:v0.17.0 fluencelabs:v0.16.1 fluencelabs:v0.16.0 fluencelabs:v0.15.0 fluencelabs:v0.14.1 fluencelabs:v0.14.0 fluencelabs:v0.13.0 fluencelabs:v0.12.1 fluencelabs:v0.12.0 fluencelabs:v0.11.0 fluencelabs:v0.10.4 fluencelabs:v0.10.3 fluencelabs:v0.10.2 fluencelabs:v0.10.1 fluencelabs:v0.10.0 fluencelabs:v0.9.4 fluencelabs:v0.9.3 fluencelabs:v0.9.2 fluencelabs:v0.9.1 fluencelabs:v0.9.0 fluencelabs:v0.8.8 fluencelabs:v0.8.7 fluencelabs:v0.8.6 fluencelabs:v0.8.5 fluencelabs:v0.8.4 fluencelabs:v0.8.3 fluencelabs:v0.8.2 fluencelabs:v0.8.1 fluencelabs:v0.8.0 fluencelabs:v0.7.7 fluencelabs:v0.7.6 fluencelabs:v0.7.5 fluencelabs:v0.7.4 fluencelabs:v0.7.3 fluencelabs:v0.7.2 fluencelabs:v0.7.1 fluencelabs:v0.7.0 fluencelabs:v0.6.1 fluencelabs:v0.6.0 fluencelabs:v0.5.0 fluencelabs:v0.4.0 fluencelabs:v0.3.1 fluencelabs:v0.3.0 fluencelabs:v0.2.0
..
compare: fluencelabs:v0.17.8
Branches Tags
fluencelabs:master fluencelabs:chore/update-deps-07-04-2021 fluencelabs:gh-pages fluencelabs:fix/default-ed-type fluencelabs:v0.16.x fluencelabs:chore/deps fluencelabs:automatic-ci-script-update
fluencelabs:v0.19.2 fluencelabs:v0.19.1 fluencelabs:v0.19.0 fluencelabs:v0.18.0 fluencelabs:v0.17.9 fluencelabs:v0.17.8 fluencelabs:v0.17.7 fluencelabs:v0.17.6 fluencelabs:v0.17.5 fluencelabs:v0.17.4 fluencelabs:v0.17.3 fluencelabs:v0.17.2 fluencelabs:v0.16.3 fluencelabs:v0.17.1 fluencelabs:v0.16.2 fluencelabs:v0.17.0 fluencelabs:v0.16.1 fluencelabs:v0.16.0 fluencelabs:v0.15.0 fluencelabs:v0.14.1 fluencelabs:v0.14.0 fluencelabs:v0.13.0 fluencelabs:v0.12.1 fluencelabs:v0.12.0 fluencelabs:v0.11.0 fluencelabs:v0.10.4 fluencelabs:v0.10.3 fluencelabs:v0.10.2 fluencelabs:v0.10.1 fluencelabs:v0.10.0 fluencelabs:v0.9.4 fluencelabs:v0.9.3 fluencelabs:v0.9.2 fluencelabs:v0.9.1 fluencelabs:v0.9.0 fluencelabs:v0.8.8 fluencelabs:v0.8.7 fluencelabs:v0.8.6 fluencelabs:v0.8.5 fluencelabs:v0.8.4 fluencelabs:v0.8.3 fluencelabs:v0.8.2 fluencelabs:v0.8.1 fluencelabs:v0.8.0 fluencelabs:v0.7.7 fluencelabs:v0.7.6 fluencelabs:v0.7.5 fluencelabs:v0.7.4 fluencelabs:v0.7.3 fluencelabs:v0.7.2 fluencelabs:v0.7.1 fluencelabs:v0.7.0 fluencelabs:v0.6.1 fluencelabs:v0.6.0 fluencelabs:v0.5.0 fluencelabs:v0.4.0 fluencelabs:v0.3.1 fluencelabs:v0.3.0 fluencelabs:v0.2.0

158 Commits
automatic- ... v0.17.8

Author SHA1 Message Date
Jacob Heun
609297be65 chore: release version v0.17.8 2020-07-20 15:23:49 +02:00
Jacob Heun
89a297793d chore: update contributors 2020-07-20 15:23:49 +02:00
Jacob Heun
32fae9b505 chore: fix lint 2020-07-20 15:13:46 +02:00
Jacob Heun
c2dd0a535d chore(types): fix typing 2020-07-20 15:13:46 +02:00
Jacob Heun
2f18a077b4 fix: go ed25519 interop 
fixes https://github.com/libp2p/js-libp2p-crypto/issues/175
 2020-07-20 15:13:46 +02:00
Jacob Heun
4aa77a6b12 chore: release version v0.17.7 2020-06-09 13:00:09 +02:00
Jacob Heun
210dd27479 chore: update contributors 2020-06-09 13:00:09 +02:00
Alex Potsides
437a76fbe3 chore: update node forge version 
Use `^` so it's the same as libp2p
 2020-06-09 12:57:27 +02:00
dependabot-preview[bot]
75d250c876 chore(deps-dev): bump aegir from 21.10.2 to 22.0.0 (#174) 
Bumps [aegir](https://github.com/ipfs/aegir) from 21.10.2 to 22.0.0.
- [Release notes](https://github.com/ipfs/aegir/releases)
- [Changelog](https://github.com/ipfs/aegir/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ipfs/aegir/compare/v21.10.2...v22.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
 2020-05-08 10:54:15 +02:00
Jacob Heun
e761427153 chore: release version v0.17.6 2020-04-07 16:15:48 +02:00
Jacob Heun
90d51ee8c7 chore: update contributors 2020-04-07 16:15:47 +02:00
Jacob Heun
ccda21fe91 Merge pull request #173 from ChainSafe/cayman/secp-migration 
Integrate libp2p-crypto-secp256k1
 2020-04-07 15:55:14 +02:00
Cayman
206999ce11 chore: fix secp256k1 references in readme 2020-04-06 15:44:36 -05:00
Cayman
3272688489 chore: integrate libp2p-crypto-secp256k1 2020-04-06 12:46:39 -05:00
Cayman
456a365378 Merge branch 'cayman/secp' into cayman/secp-migration 2020-04-06 11:56:27 -05:00
Cayman
42bd594068 chore: move files to secp256k1 directory 2020-04-06 11:55:35 -05:00
dependabot-preview[bot]
ab12e6f068 chore(deps-dev): bump @types/sinon from 7.5.2 to 9.0.0 (#172) 
Bumps [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) from 7.5.2 to 9.0.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
 2020-04-01 16:47:39 +02:00
Jacob Heun
6bbf12c169 chore: release version v0.4.3 2020-03-25 12:59:04 +01:00
Jacob Heun
a68fc2e98d chore: update contributors 2020-03-25 12:59:03 +01:00
dependabot-preview[bot]
d73a0ca52e chore(deps): bump multibase from 0.6.1 to 0.7.0 (#26) 
Bumps [multibase](https://github.com/multiformats/js-multibase) from 0.6.1 to 0.7.0.
- [Release notes](https://github.com/multiformats/js-multibase/releases)
- [Changelog](https://github.com/multiformats/js-multibase/blob/master/CHANGELOG.md)
- [Commits](https://github.com/multiformats/js-multibase/compare/v0.6.1...v0.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
 2020-03-25 12:55:12 +01:00
Jacob Heun
1b0fac84a8 chore: release version v0.17.5 2020-03-24 14:27:31 +01:00
Jacob Heun
efaafa9c06 chore: update contributors 2020-03-24 14:27:30 +01:00
dependabot-preview[bot]
88b3018c9c chore(deps): bump multibase from 0.6.1 to 0.7.0 (#171) 
Bumps [multibase](https://github.com/multiformats/js-multibase) from 0.6.1 to 0.7.0.
- [Release notes](https://github.com/multiformats/js-multibase/releases)
- [Changelog](https://github.com/multiformats/js-multibase/blob/master/CHANGELOG.md)
- [Commits](https://github.com/multiformats/js-multibase/compare/v0.6.1...v0.7.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
 2020-03-24 14:11:07 +01:00
Jacob Heun
9aacb478c4 chore: release version v0.17.4 2020-03-23 17:06:35 +01:00
Jacob Heun
269d169f7c chore: update contributors 2020-03-23 17:06:35 +01:00
Hugo Dias
c956d1ad2a fix: add buffer, cleanup, reduce size (#170) 
* fix: add buffer, cleanup, reduce size

- add buffer related to https://github.com/ipfs/js-ipfs/issues/2924
- remove unnecessary eslint ignore
- remove tweelnacl and use node-forge
- remove browserify-aes  and use node-forge
- use multibase to encode b58
- require only sha256 from multihashing
- reduce bundle size

after all the deps here https://github.com/ipfs/js-ipfs/issues/2924 are merged libp2p-crypto will be able to be bundle with `node: false` 🎉

* fix: reduce bundle size

* fix: use new secp

* fix: bundle size

* chore: update secp

Co-Authored-By: Jacob Heun <jacobheun@gmail.com>

Co-authored-by: Jacob Heun <jacobheun@gmail.com>
 2020-03-23 16:55:35 +01:00
Jacob Heun
9b4231eb75 chore: release version v0.4.2 2020-03-17 12:11:28 +01:00
Jacob Heun
fdab19b7d9 chore: update contributors 2020-03-17 12:11:28 +01:00
Hugo Dias
35f196ea4d fix: add buffer and update deps (#25) 
* fix: add buffer and update deps

update secp256k1 dep and fix code
use multibase to encode b58
avoid un-necessary circular dependency no libp2p-crypto
use  only sha256 from multihashing-async

* Update src/crypto.js

Co-Authored-By: Jacob Heun <jacobheun@gmail.com>

* chore: remove commitlint from CI

Co-authored-by: Jacob Heun <jacobheun@gmail.com>
 2020-03-17 11:59:23 +01:00
Jacob Heun
d3601fa936 chore: release version v0.17.3 2020-02-26 17:21:45 +01:00
Jacob Heun
f01e3812e9 chore: update contributors 2020-02-26 17:21:45 +01:00
Alan Shaw
00477e3bcb perf: remove asn1.js and use node-forge (#166) 
* perf: remove asn1.js from rsa

* fix: tweaks

* fix: it works, but I do not know 100% why

* chore: remove asn1.js

* fix: ensure jwk params encoded as uint

* fix: util tests

* fix: zero pad base64urlToBuffer

* fix: more zero pad

* test: add round trip test

* test: base64url to Buffer with padding
 2020-02-26 17:16:32 +01:00
dependabot-preview[bot]
0f4c533dfa chore(deps-dev): bump sinon from 8.1.1 to 9.0.0 
Bumps [sinon](https://github.com/sinonjs/sinon) from 8.1.1 to 9.0.0.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v8.1.1...v9.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-19 08:27:36 -05:00
dependabot-preview[bot]
d566e7ef3b chore(deps-dev): bump @types/mocha from 5.2.7 to 7.0.1 
Bumps [@types/mocha](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/mocha) from 5.2.7 to 7.0.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/mocha)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-18 08:31:56 -05:00
dependabot-preview[bot]
78e2ddd2bd chore(deps-dev): bump sinon from 7.5.0 to 8.1.1 
Bumps [sinon](https://github.com/sinonjs/sinon) from 7.5.0 to 8.1.1.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sinonjs/sinon/compare/v7.5.0...v8.1.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-18 08:31:41 -05:00
dependabot-preview[bot]
0ad513887a chore(deps): bump err-code from 1.1.2 to 2.0.0 (#165) 
Bumps [err-code](https://github.com/IndigoUnited/js-err-code) from 1.1.2 to 2.0.0.
- [Release notes](https://github.com/IndigoUnited/js-err-code/releases)
- [Commits](https://github.com/IndigoUnited/js-err-code/compare/1.1.2...v2.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-18 07:57:07 -05:00
dependabot-preview[bot]
e7468d830d chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 (#167) 
Bumps [aegir](https://github.com/ipfs/aegir) from 20.6.1 to 21.0.2.
- [Release notes](https://github.com/ipfs/aegir/releases)
- [Changelog](https://github.com/ipfs/aegir/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ipfs/aegir/compare/v20.6.1...v21.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-18 07:56:49 -05:00
dependabot-preview[bot]
ae109d46f7 chore(deps-dev): bump aegir from 20.6.1 to 21.0.2 
Bumps [aegir](https://github.com/ipfs/aegir) from 20.6.1 to 21.0.2.
- [Release notes](https://github.com/ipfs/aegir/releases)
- [Changelog](https://github.com/ipfs/aegir/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ipfs/aegir/compare/v20.6.1...v21.0.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-18 12:41:51 +01:00
dependabot-preview[bot]
41c9cd1691 chore(deps-dev): bump aegir from 19.0.5 to 20.6.0 
Bumps [aegir](https://github.com/ipfs/aegir) from 19.0.5 to 20.6.0.
- [Release notes](https://github.com/ipfs/aegir/releases)
- [Changelog](https://github.com/ipfs/aegir/blob/master/CHANGELOG.md)
- [Commits](https://github.com/ipfs/aegir/compare/v19.0.5...v20.6.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-05 13:18:46 +01:00
dependabot-preview[bot]
3e88839c2b chore(deps-dev): bump libp2p-crypto from 0.16.3 to 0.17.2 
Bumps [libp2p-crypto](https://github.com/libp2p/js-libp2p-crypto) from 0.16.3 to 0.17.2.
- [Release notes](https://github.com/libp2p/js-libp2p-crypto/releases)
- [Changelog](https://github.com/libp2p/js-libp2p-crypto/blob/master/CHANGELOG.md)
- [Commits](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.3...v0.17.2)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
 2020-02-05 13:18:16 +01:00
Alan Shaw
cc2094975b perf: remove jwk2privPem and jwk2pubPem (#162) 
These 2 unused functions required us to import the whole of the node-forge PKI implementation when we only use some RSA stuffs.

BREAKING CHANGE: removes unused jwk2pem methods `jwk2pubPem` and `jwk2privPem`. These methods are not being used in any js libp2p modules, so only users referencing these directly will be impacted.
 2020-02-03 14:28:23 +01:00
Jacob Heun
ad4bf3b357 chore: release version v0.17.2 2020-01-17 12:08:41 +01:00
Jacob Heun
730d762717 chore: update contributors 2020-01-17 12:08:40 +01:00
Carson Farmer
e01977c5a3 feat: add typescript types + linting/tests (#161) 
* feat: adds typescript types + linting/tests

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>

* feat: much better types testing

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>

* chore: revert eslintignore

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>

* feat: update types entry

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>

* chore: exclude has no effect here

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>

* feat: more nuanced return types on keypair

Signed-off-by: Carson Farmer <carson.farmer@gmail.com>
 2020-01-17 12:04:52 +01:00
Jacob Heun
89901f7097 chore: release version v0.4.1 2020-01-06 18:10:59 +01:00
Jacob Heun
9894c34f94 chore: update contributors 2020-01-06 18:10:49 +01:00
Alan Shaw
e36a9f6b79 chore: update multihashing-async dep (#19) 2020-01-06 10:07:09 -07:00
Jacob Heun
b5d94ecae7 chore: release version v0.17.1 2019-10-25 13:56:54 +02:00
Jacob Heun
1f9c2ddadb chore: update contributors 2019-10-25 13:56:53 +02:00
Jacob Heun
d6d06a8404 chore: remove commitlint 
chore: update deps

chore: add bundlesize to ci
 2019-10-25 13:51:00 +02:00
Maciej Krüger
8b8d0c1510 fix: jwk var naming 2019-10-25 13:51:00 +02:00
Maciej Krüger
b998f63aec feat: use forge to convert jwk2forge 2019-10-25 13:51:00 +02:00
Maciej Krüger
adc6eb478c test: add interop test 2019-10-25 13:51:00 +02:00
Maciej Krüger
2c1bac5ce9 fix: padding error 2019-10-25 13:51:00 +02:00
Maciej Krüger
027a5a9332 fix: use direct buffers instead of converting to hex 2019-10-25 13:51:00 +02:00
Maciej Krüger
2c294b56ab fix: lint 2019-10-25 13:51:00 +02:00
Maciej Krüger
487cd076fb refactor: cleanup 2019-10-25 13:51:00 +02:00
Maciej Krüger
b8e2414420 fix: browser rsa enc/dec 2019-10-25 13:51:00 +02:00
Maciej Krüger
9f747a173f feat: browser enc/dec 2019-10-25 13:51:00 +02:00
Maciej Krüger
34c5f5c8f0 feat: add (rsa)pubKey.encrypt and (rsa)privKey.decrypt 
nodeJS only for now
 2019-10-25 13:51:00 +02:00
Jacob Heun
a008bc2fcb chore: update lead maintainer (#159) 2019-09-26 12:51:16 +02:00
Friedel Ziegelmayer
b68060388f Merge pull request #157 from libp2p/fix/better-err-missing-webcrypto 
fix: better error for missing web crypto
 2019-08-13 15:28:33 +02:00
Alan Shaw
afe94ded6b docs: problem resolution 2019-07-22 11:21:24 +01:00
Alan Shaw
a5e05603ef fix: better error for missing web crypto 
This PR simply detects missing web crypto and throws an error with an appropriate message.

This is a stepping stone that will help users understand the problem until we have time to do a refactor of this module and of all the modules that use it to enable optionally passing your own crypto implementation.

refs https://github.com/libp2p/js-libp2p-crypto/pull/149
refs https://github.com/libp2p/js-libp2p-crypto/pull/150
refs https://github.com/libp2p/js-libp2p-crypto/issues/105
refs https://github.com/ipfs/js-ipfs/issues/2153
refs https://github.com/ipfs/js-ipfs/issues/2017

License: MIT
Signed-off-by: Alan Shaw <alan@tableflip.io>
 2019-07-22 11:21:22 +01:00
dirkmc
0b686d363c chore: add error codes (#155) 
* chore: add error codes

* chore: create errors with new Error()

* fix: better error testin

* refactor: simplify random bytes error checks
 2019-07-22 11:16:02 +01:00
dignifiedquire
2d15e717e4 chore: release version v0.17.0 2019-07-11 15:23:54 +02:00
dignifiedquire
6775dbf670 chore: update contributors 2019-07-11 15:23:54 +02:00
Friedel Ziegelmayer
4b09aae8ca fix(deps): update to ursa-optiona@0.10 (#156) 
fix(deps): update to ursa-optiona@0.10
 2019-07-11 15:22:40 +02:00
dignifiedquire
764d8bff3e chore(ci): run on node@12 2019-07-11 15:05:24 +02:00
dignifiedquire
26b6217041 fix(deps): update to ursa-optiona@0.10 
This brings compatiability with node@12 for the native dependency
 2019-07-11 15:04:08 +02:00
Arve Knudsen
5500ac4a6e test: upgrade libp2p-crypto-secp256k1; ensure secp256k1 is tested (#151) 2019-07-10 23:32:51 +01:00
dirkmc
d675670ed9 fix: put optional args last for key export (#154) 
BREAKING CHANGE: key export arguments are now swapped so that the optional format is last
 2019-07-10 18:03:34 +01:00
Alan Shaw
ad7107233e feat: refactor to use async/await (#131) 
BREAKING CHANGE: API refactored to use async/await

feat: WIP use async await
fix: passing tests
chore: update travis node.js versions
fix: skip ursa optional tests on windows
fix: benchmarks
docs: update docs
fix: remove broken and intested private key decrypt
chore: update deps
 2019-07-10 17:15:26 +01:00
Jacob Heun
a521cd9b11 chore: release version v0.4.0 2019-07-10 11:45:02 +01:00
Jacob Heun
ed670209ad chore: update contributors 2019-07-10 11:45:02 +01:00
Alex Potsides
1974eb92be feat: use async await (#18) 
BREAKING CHANGE: Callback support has been dropped in favor of async/await.

* feat: use async/await

This PR changes this module to remove callbacks and use async/await. The API is unchanged aside from the obvious removal of the `callback` parameter.

refs https://github.com/ipfs/js-ipfs/issues/1670

* fix: use latest multihashing-async as it is all promises now
 2019-07-10 11:35:58 +01:00
Jacob Heun
fbd42385e3 chore: release version v0.3.1 2019-07-10 10:05:54 +01:00
Jacob Heun
9f01868c6c chore: update contributors 2019-07-10 10:05:53 +01:00
Arve Knudsen
3bb84514d1 fix(unmarshal): provide only one arg to callback (#17) 2019-07-10 09:56:11 +01:00
Arve Knudsen
5cd0e8cc1a fix: fix links in README (#148) 2019-07-04 14:31:43 +02:00
Vasco Santos
3f131d4a0a chore: add discourse badge (#15) 2019-04-18 19:30:06 +02:00
Vasco Santos
0ffe31821a chore: add discourse badge (#147) 2019-04-18 19:29:45 +02:00
dignifiedquire
7b3625888c chore: release version v0.16.1 2019-02-26 09:28:41 +01:00
dignifiedquire
b7bce77ad5 chore: update contributors 2019-02-26 09:28:41 +01:00
Yusef Napora
c1f867bd9c chore: update badges for consistency across libp2p org 2019-02-26 09:25:15 +01:00
Alberto Elias
e3f02eb6f1 chore: updates libp2p-crypto-secp256k1 2019-02-26 09:24:40 +01:00
Vasco Santos
a0874389a9 chore(ci): use travis 
This PR changes Jenkins to travis for CI. In addition, 2 dependencies were missing in the `package.json` and the `dep-check` was not passing.
 2019-02-20 20:57:36 +01:00
dignifiedquire
ce22cf13f0 chore: release version v0.3.0 2019-02-20 13:29:17 +01:00
dignifiedquire
5fc391c8e0 chore: update contributors 2019-02-20 13:29:17 +01:00
dignifiedquire
53a2b590a9 chore(dev-deps): update libp2p-crypto 2019-02-20 13:28:46 +01:00
Alberto Elias
f4dbd62e49 feat: add id() method to Secp256k1PrivateKey 
Feature parity with ed25519 and rsa
 2019-02-20 13:23:05 +01:00
David Dias
567d68c855 chore: release version v0.16.0 2019-01-08 21:33:49 +01:00
David Dias
af782c5906 chore: update contributors 2019-01-08 21:33:49 +01:00
David Dias
f0593c9e6d chore: update deps 2019-01-08 21:33:02 +01:00
Hugo Dias
8d8294dc3f fix: clean up, bundle size reduction 
BREAKING CHANGE: getRandomValues method exported from src/keys/rsa-browser.js and src/keys/rsa.js signature has changed from accepting an array to a number for random byte length
 2019-01-08 21:29:42 +01:00
David Dias
3a8bab9f44 chore: release version v0.2.3 2019-01-08 16:44:54 +01:00
David Dias
c983edfdb9 chore: update contributors 2019-01-08 16:44:54 +01:00
David Dias
6c9928abd6 chore: update deps 2019-01-08 16:43:36 +01:00
Hugo Dias
720246f012 chore: update deps 2019-01-08 16:42:39 +01:00
Hugo Dias
cfdcbe08d4 fix: update deps and repo setup 2019-01-08 16:42:39 +01:00
David Dias
df23d634c5 chore: release version v0.15.0 2019-01-03 16:15:45 +00:00
David Dias
88e1bcf75f chore: update contributors 2019-01-03 16:15:45 +00:00
Jacob Heun
c54ea206f0 feat: nextTick instead of setImmediate, and fix sync in async (#136) 
* fix: avoid sync callback in async function

* chore: fix linting

* chore: remove non jenkins ci

* refactor: use nextTick over setImmediate

* refactor: async/nextTick for better browser support
 2019-01-03 16:13:07 +00:00
David Dias
857d2bd902 chore: release version v0.14.1 2018-11-05 18:29:00 +00:00
David Dias
200110cb9d chore: update contributors 2018-11-05 18:29:00 +00:00
Jacob Heun
9e5778694c fix: dont setimmediate when its not needed 2018-11-05 19:26:45 +01:00
Jacob Heun
87e8f1c86f chore: remove lint warnings 2018-11-05 19:26:45 +01:00
Jacob Heun
df75980a88 chore: update deps 2018-11-05 19:26:45 +01:00
David Dias
934390acd3 chore: release version v0.14.0 2018-09-17 15:35:20 -07:00
David Dias
8b80b46667 chore: update contributors 2018-09-17 15:35:20 -07:00
David Dias
e8efad546f chore: update deps 2018-09-17 15:33:43 -07:00
Maciej Krüger
e8cbf13d85 fix(lint): use ~ for ursa-optional version 2018-09-17 15:32:13 -07:00
Maciej Krüger
c7e0409c1c fix: windows build 2018-09-17 15:32:13 -07:00
Maciej Krüger
f4c00893ad test: add test for different rsa crypto libs 2018-09-17 15:32:13 -07:00
Maciej Krüger
b05e77f375 feat: use ursa-optional for lightning fast key generation 
The difference between ursa and ursa-optional is that ursa-optional does not cause any problems if it fails to compile
 2018-09-17 15:32:13 -07:00
David Dias
1602c440ad chore: update deps 2018-06-04 09:48:43 +01:00
David Dias
937cc76714 add lead maintainer 2018-06-04 09:48:43 +01:00
Joao Santos
ad478454d8 docs: adds usage examples to AES and HMAC 2018-05-29 14:23:29 +01:00
David Dias
8c69ffb20f docs: Lead maintainer (#119) 
* add lead maintainer

* chore: update deps

* Update package.json
 2018-05-29 14:22:48 +01:00
David Dias
e689a402a3 chore: release version v0.13.0 2018-04-05 17:32:18 +01:00
David Dias
4bd032a6ae chore: update contributors 2018-04-05 17:32:18 +01:00
David Dias
50c61ba46e chore: update deps 2018-04-05 17:30:34 +01:00
David Dias
3a90f70350 chore: release version v0.12.1 2018-02-12 09:27:25 +00:00
David Dias
743c69524c chore: update contributors 2018-02-12 09:27:24 +00:00
David Dias
1a347fa04c chore: update deps 2018-02-12 09:25:50 +00:00
David Dias
71339e08e7 chore: release version v0.12.0 2018-01-27 10:55:54 -08:00
David Dias
0ab2c2d2d6 chore: update contributors 2018-01-27 10:55:54 -08:00
Richard Schneider
cdcca5f828 feat: improve perf (#117) 2018-01-27 10:54:04 -08:00
ᴠɪᴄᴛᴏʀ ʙᴊᴇʟᴋʜᴏʟᴍ
651d08f67e Merge pull request #5 from libp2p/automatic-ci-script-update 
Updating CI files
 2017-12-22 15:00:13 +01:00
Victor Bjelkholm
f2b67f7d82 Updating CI files 
This commit updates all CI scripts to the latest version
 2017-12-22 14:16:17 +01:00
ᴠɪᴄᴛᴏʀ ʙᴊᴇʟᴋʜᴏʟᴍ
2c0dc706b7 Merge pull request #116 from libp2p/automatic-ci-script-update 
Updating CI files
 2017-12-21 17:29:43 +01:00
David Dias
98b285a840 chore: release version v0.2.2 2017-07-22 13:32:01 -07:00
David Dias
ce5fb8c1b9 chore: update contributors 2017-07-22 13:32:00 -07:00
David Dias
0dcf1a6f52 fix: circular circular dep -> DI 2017-07-22 13:31:42 -07:00
David Dias
8401154102 chore: update deps 2017-07-22 12:28:53 -07:00
David Dias
838ecdbaef chore: release version v0.2.1 2017-07-22 12:19:08 -07:00
David Dias
d14c11310e chore: update contributors 2017-07-22 12:19:08 -07:00
David Dias
41c03a86a5 chore: update deps 2017-07-22 11:40:00 -07:00
David Dias
1013becd66 chore: release version v0.2.0 2017-07-22 11:30:07 -07:00
David Dias
c21454c4e8 chore: update contributors 2017-07-22 11:30:07 -07:00
David Dias
4ee48a737a feat: next libp2p-crypto (#4) 
* feat: next libp2p-crypto

* chore: update deps
 2017-07-22 11:12:30 -07:00
David Dias
363cda56da chore: update ci 2017-07-21 11:38:33 -07:00
David Dias
d8b0c74ec9 chore: release version v0.1.4 2017-02-11 17:27:51 -08:00
David Dias
647fab7170 chore: update contributors 2017-02-11 17:27:51 -08:00
David Dias
e66383137f chore: add missing dependency 2017-02-11 17:27:29 -08:00
David Dias
638ea963e6 chore: release version v0.1.3 2017-02-10 18:36:19 -08:00
David Dias
35abf8fcb4 chore: update contributors 2017-02-10 18:36:19 -08:00
David Dias
9430e7f91e chore: update deps 2017-02-10 18:33:54 -08:00
David Dias
42678bba30 chore: release version v0.1.2 2017-02-09 14:08:25 -08:00
David Dias
f637ff2485 chore: update contributors 2017-02-09 14:08:25 -08:00
David Dias
4c2d42984d chore: release version v0.1.1 2017-02-09 08:05:13 -08:00
David Dias
de8b16b00b chore: update contributors 2017-02-09 08:05:13 -08:00
David Dias
73b8b39de5 chore: ^ to ~ 2017-02-09 08:03:23 -08:00
Friedel Ziegelmayer
288c9cff8f chore: release version v0.1.0 2017-02-09 12:43:44 +01:00
Friedel Ziegelmayer
418a0885ad chore: update contributors 2017-02-09 12:43:43 +01:00
Friedel Ziegelmayer
4c744d3b60 chore: update dependencies 2017-02-09 12:36:35 +01:00
Yusef Napora
4c36aeba17 feat: initial implementation 2017-02-09 12:35:39 +01:00
Friedel Ziegelmayer
e57e4ffa0d Initial commit 2017-01-19 17:50:23 +01:00
64 changed files with 2609 additions and 1674 deletions
Expand all files Collapse all files

3
.aegir.js Normal file
View File

@ -0,0 +1,3 @@
module.exports = {
bundlesize: { maxSize: '124kB' }
}

1
.eslintignore
View File

@ -1 +0,0 @@
src/keys/keys.proto.js

34
.npmignore
View File

@ -1,34 +0,0 @@
**/node_modules/
**/*.log
test/repo-tests*
# Logs
logs
*.log
coverage
# Runtime data
pids
*.pid
*.seed
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# node-waf configuration
.lock-wscript
build
# Dependency directory
# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
node_modules
test

65
.travis.yml
View File

@ -1,32 +1,45 @@
# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
sudo: false
language: node_js
matrix:
cache: npm
stages:
- check
- test
- cov
node_js:
- '10'
- '12'
os:
- linux
- osx
- windows
script: npx nyc -s npm run test:node -- --bail
after_success: npx nyc report --reporter=text-lcov > coverage.lcov && npx codecov
jobs:
include:
- node_js: 6
env: CXX=g++-4.8
- node_js: 8
env: CXX=g++-4.8
# - node_js: stable
# env: CXX=g++-4.8
- stage: check
script:
- npx aegir build --bundlesize
- npx aegir dep-check
- npm run lint
script:
- npm run lint
- npm run test
- npm run coverage
- stage: test
name: chrome
addons:
chrome: stable
script:
- npx aegir test -t browser
before_script:
- export DISPLAY=:99.0
- sh -e /etc/init.d/xvfb start
- stage: test
name: firefox
addons:
firefox: latest
script:
- npx aegir test -t browser -- --browsers FirefoxHeadless
after_success:
- npm run coverage-publish
addons:
firefox: 'latest'
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- g++-4.8
notifications:
email: false

220
CHANGELOG.md
View File

@ -1,3 +1,223 @@
<a name="0.17.8"></a>
## [0.17.8](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.7...v0.17.8) (2020-07-20)
### Bug Fixes
* go ed25519 interop ([2f18a07](https://github.com/libp2p/js-libp2p-crypto/commit/2f18a07))
<a name="0.17.7"></a>
## [0.17.7](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.6...v0.17.7) (2020-06-09)
<a name="0.17.6"></a>
## [0.17.6](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.5...v0.17.6) (2020-04-07)
### Bug Fixes
* add buffer and update deps ([#25](https://github.com/libp2p/js-libp2p-crypto/issues/25)) ([35f196e](https://github.com/libp2p/js-libp2p-crypto/commit/35f196e))
* **unmarshal:** provide only one arg to callback ([#17](https://github.com/libp2p/js-libp2p-crypto/issues/17)) ([3bb8451](https://github.com/libp2p/js-libp2p-crypto/commit/3bb8451))
* circular circular dep -> DI ([0dcf1a6](https://github.com/libp2p/js-libp2p-crypto/commit/0dcf1a6))
* update deps and repo setup ([cfdcbe0](https://github.com/libp2p/js-libp2p-crypto/commit/cfdcbe0))
### Features
* add `id()` method to Secp256k1PrivateKey ([f4dbd62](https://github.com/libp2p/js-libp2p-crypto/commit/f4dbd62))
* initial implementation ([4c36aeb](https://github.com/libp2p/js-libp2p-crypto/commit/4c36aeb))
* next libp2p-crypto ([#4](https://github.com/libp2p/js-libp2p-crypto/issues/4)) ([4ee48a7](https://github.com/libp2p/js-libp2p-crypto/commit/4ee48a7))
* use async await ([#18](https://github.com/libp2p/js-libp2p-crypto/issues/18)) ([1974eb9](https://github.com/libp2p/js-libp2p-crypto/commit/1974eb9))
### BREAKING CHANGES
* Callback support has been dropped in favor of async/await.
* feat: use async/await
This PR changes this module to remove callbacks and use async/await. The API is unchanged aside from the obvious removal of the `callback` parameter.
refs https://github.com/ipfs/js-ipfs/issues/1670
* fix: use latest multihashing-async as it is all promises now
<a name="0.17.5"></a>
## [0.17.5](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.4...v0.17.5) (2020-03-24)
<a name="0.17.4"></a>
## [0.17.4](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.3...v0.17.4) (2020-03-23)
### Bug Fixes
* add buffer, cleanup, reduce size ([#170](https://github.com/libp2p/js-libp2p-crypto/issues/170)) ([c956d1a](https://github.com/libp2p/js-libp2p-crypto/commit/c956d1a))
<a name="0.17.3"></a>
## [0.17.3](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.2...v0.17.3) (2020-02-26)
### Performance Improvements
* remove asn1.js and use node-forge ([#166](https://github.com/libp2p/js-libp2p-crypto/issues/166)) ([00477e3](https://github.com/libp2p/js-libp2p-crypto/commit/00477e3))
* remove jwk2privPem and jwk2pubPem ([#162](https://github.com/libp2p/js-libp2p-crypto/issues/162)) ([cc20949](https://github.com/libp2p/js-libp2p-crypto/commit/cc20949))
### BREAKING CHANGES
* removes unused jwk2pem methods `jwk2pubPem` and `jwk2privPem`. These methods are not being used in any js libp2p modules, so only users referencing these directly will be impacted.
<a name="0.17.2"></a>
## [0.17.2](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.1...v0.17.2) (2020-01-17)
### Features
* add typescript types + linting/tests ([#161](https://github.com/libp2p/js-libp2p-crypto/issues/161)) ([e01977c](https://github.com/libp2p/js-libp2p-crypto/commit/e01977c))
<a name="0.17.1"></a>
## [0.17.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.17.0...v0.17.1) (2019-10-25)
### Bug Fixes
* better error for missing web crypto ([a5e0560](https://github.com/libp2p/js-libp2p-crypto/commit/a5e0560))
* browser rsa enc/dec ([b8e2414](https://github.com/libp2p/js-libp2p-crypto/commit/b8e2414))
* jwk var naming ([8b8d0c1](https://github.com/libp2p/js-libp2p-crypto/commit/8b8d0c1))
* lint ([2c294b5](https://github.com/libp2p/js-libp2p-crypto/commit/2c294b5))
* padding error ([2c1bac5](https://github.com/libp2p/js-libp2p-crypto/commit/2c1bac5))
* use direct buffers instead of converting to hex ([027a5a9](https://github.com/libp2p/js-libp2p-crypto/commit/027a5a9))
### Features
* add (rsa)pubKey.encrypt and (rsa)privKey.decrypt ([34c5f5c](https://github.com/libp2p/js-libp2p-crypto/commit/34c5f5c))
* browser enc/dec ([9f747a1](https://github.com/libp2p/js-libp2p-crypto/commit/9f747a1))
* use forge to convert jwk2forge ([b998f63](https://github.com/libp2p/js-libp2p-crypto/commit/b998f63))
<a name="0.17.0"></a>
# [0.17.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.1...v0.17.0) (2019-07-11)
### Bug Fixes
* **deps:** update to ursa-optiona@0.10 ([26b6217](https://github.com/libp2p/js-libp2p-crypto/commit/26b6217))
* fix links in README ([#148](https://github.com/libp2p/js-libp2p-crypto/issues/148)) ([5cd0e8c](https://github.com/libp2p/js-libp2p-crypto/commit/5cd0e8c))
* put optional args last for key export ([#154](https://github.com/libp2p/js-libp2p-crypto/issues/154)) ([d675670](https://github.com/libp2p/js-libp2p-crypto/commit/d675670))
### Features
* refactor to use async/await ([#131](https://github.com/libp2p/js-libp2p-crypto/issues/131)) ([ad71072](https://github.com/libp2p/js-libp2p-crypto/commit/ad71072))
### BREAKING CHANGES
* key export arguments are now swapped so that the optional format is last
* API refactored to use async/await
feat: WIP use async await
fix: passing tests
chore: update travis node.js versions
fix: skip ursa optional tests on windows
fix: benchmarks
docs: update docs
fix: remove broken and intested private key decrypt
chore: update deps
<a name="0.16.1"></a>
## [0.16.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.0...v0.16.1) (2019-02-26)
<a name="0.16.0"></a>
# [0.16.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.15.0...v0.16.0) (2019-01-08)
### Bug Fixes
* clean up, bundle size reduction ([8d8294d](https://github.com/libp2p/js-libp2p-crypto/commit/8d8294d))
### BREAKING CHANGES
* getRandomValues method exported from src/keys/rsa-browser.js and src/keys/rsa.js signature has changed from accepting an array to a number for random byte length
<a name="0.15.0"></a>
# [0.15.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.14.1...v0.15.0) (2019-01-03)
### Features
* nextTick instead of setImmediate, and fix sync in async ([#136](https://github.com/libp2p/js-libp2p-crypto/issues/136)) ([c54ea20](https://github.com/libp2p/js-libp2p-crypto/commit/c54ea20))
<a name="0.14.1"></a>
## [0.14.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.14.0...v0.14.1) (2018-11-05)
### Bug Fixes
* dont setimmediate when its not needed ([9e57786](https://github.com/libp2p/js-libp2p-crypto/commit/9e57786))
<a name="0.14.0"></a>
# [0.14.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.13.0...v0.14.0) (2018-09-17)
### Bug Fixes
* windows build ([c7e0409](https://github.com/libp2p/js-libp2p-crypto/commit/c7e0409))
* **lint:** use ~ for ursa-optional version ([e8cbf13](https://github.com/libp2p/js-libp2p-crypto/commit/e8cbf13))
### Features
* use ursa-optional for lightning fast key generation ([b05e77f](https://github.com/libp2p/js-libp2p-crypto/commit/b05e77f))
<a name="0.13.0"></a>
# [0.13.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.12.1...v0.13.0) (2018-04-05)
<a name="0.12.1"></a>
## [0.12.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.12.0...v0.12.1) (2018-02-12)
<a name="0.12.0"></a>
# [0.12.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.11.0...v0.12.0) (2018-01-27)
### Features
* improve perf ([#117](https://github.com/libp2p/js-libp2p-crypto/issues/117)) ([cdcca5f](https://github.com/libp2p/js-libp2p-crypto/commit/cdcca5f))
<a name="0.11.0"></a>
# [0.11.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.10.4...v0.11.0) (2017-12-20)

215
README.md
View File

@ -1,44 +1,49 @@
# js-libp2p-crypto
[![](https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square)](http://ipn.io)
[![](https://img.shields.io/badge/project-IPFS-blue.svg?style=flat-square)](http://ipfs.io/)
[![](https://img.shields.io/badge/freenode-%23ipfs-blue.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23ipfs)
[![standard-readme compliant](https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme)
[![Coverage Status](https://coveralls.io/repos/github/libp2p/js-libp2p-crypto/badge.svg?branch=master)](https://coveralls.io/github/libp2p/js-libp2p-crypto?branch=master)
[![Travis CI](https://travis-ci.org/libp2p/js-libp2p-crypto.svg?branch=master)](https://travis-ci.org/libp2p/js-libp2p-crypto)
[![Circle CI](https://circleci.com/gh/libp2p/js-libp2p-crypto.svg?style=svg)](https://circleci.com/gh/libp2p/js-libp2p-crypto)
[![](https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square)](http://protocol.ai)
[![](https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square)](http://libp2p.io/)
[![](https://img.shields.io/badge/freenode-%23libp2p-yellow.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23libp2p)
[![Discourse posts](https://img.shields.io/discourse/https/discuss.libp2p.io/posts.svg)](https://discuss.libp2p.io)
[![](https://img.shields.io/codecov/c/github/libp2p/js-libp2p-crypto.svg?style=flat-square)](https://codecov.io/gh/libp2p/js-libp2p-crypto)
[![](https://img.shields.io/travis/libp2p/js-libp2p-crypto.svg?style=flat-square)](https://travis-ci.com/libp2p/js-libp2p-crypto)
[![Dependency Status](https://david-dm.org/libp2p/js-libp2p-crypto.svg?style=flat-square)](https://david-dm.org/libp2p/js-libp2p-crypto)
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat-square)](https://github.com/feross/standard)
![](https://img.shields.io/badge/npm-%3E%3D3.0.0-orange.svg?style=flat-square)
![](https://img.shields.io/badge/Node.js-%3E%3D6.0.0-orange.svg?style=flat-square)
> Crypto primitives for libp2p in JavaScript
This repo contains the JavaScript implementation of the crypto primitives needed for libp2p. This is based on this [go implementation](https://github.com/libp2p/go-libp2p-crypto).
## Lead Maintainer
[Jacob Heun](https://github.com/jacobheun/)
## Table of Contents
- [Install](#install)
- [API](#api)
- [`crypto.hmac`](#hmac)
- [`create(hash, secret, callback)`](#createhash-secret-callback)
- [`digest(data, callback)`](#digestdata-callback)
- [`crypto.aes`](#aes)
- [`create(key, iv, callback)`](#createkey-iv-callback)
- [`encrypt(data, callback)`](#encryptdata-callback)
- [`decrypt(data, callback)`](#decryptdata-callback)
- [`keys`](#keys)
- [`generateKeyPair(type, bits, callback)`](#generatekeypairtype-bits-callback)
- [`generateEphemeralKeyPair(curve, callback)`](#generateephemeralkeypaircurve-callback)
- [`keyStretcher(cipherType, hashType, secret, callback)`](#keystretcherciphertype-hashtype-secret-callback)
- [`marshalPublicKey(key[, type], callback)`](#marshalpublickeykey-type-callback)
- [`unmarshalPublicKey(buf)`](#unmarshalpublickeybuf)
- [`marshalPrivateKey(key[, type])`](#marshalprivatekeykey-type)
- [`unmarshalPrivateKey(buf, callback)`](#unmarshalprivatekeybuf-callback)
- [`import(pem, password, callback)`](#importpem-password-callback)
- [`webcrypto`](#webcrypto)
- [Contribute](#contribute)
- [License](#license)
- [js-libp2p-crypto](#js-libp2p-crypto)
- [Lead Maintainer](#Lead-Maintainer)
- [Table of Contents](#Table-of-Contents)
- [Install](#Install)
- [API](#API)
- [`crypto.aes`](#cryptoaes)
- [`crypto.aes.create(key, iv)`](#cryptoaescreatekey-iv)
- [`decrypt(data)`](#decryptdata)
- [`encrypt(data)`](#encryptdata)
- [`crypto.hmac`](#cryptohmac)
- [`crypto.hmac.create(hash, secret)`](#cryptohmaccreatehash-secret)
- [`digest(data)`](#digestdata)
- [`crypto.keys`](#cryptokeys)
- [`crypto.keys.generateKeyPair(type, bits)`](#cryptokeysgenerateKeyPairtype-bits)
- [`crypto.keys.generateEphemeralKeyPair(curve)`](#cryptokeysgenerateEphemeralKeyPaircurve)
- [`crypto.keys.keyStretcher(cipherType, hashType, secret)`](#cryptokeyskeyStretchercipherType-hashType-secret)
- [`crypto.keys.marshalPublicKey(key, [type])`](#cryptokeysmarshalPublicKeykey-type)
- [`crypto.keys.unmarshalPublicKey(buf)`](#cryptokeysunmarshalPublicKeybuf)
- [`crypto.keys.marshalPrivateKey(key, [type])`](#cryptokeysmarshalPrivateKeykey-type)
- [`crypto.keys.unmarshalPrivateKey(buf)`](#cryptokeysunmarshalPrivateKeybuf)
- [`crypto.keys.import(pem, password)`](#cryptokeysimportpem-password)
- [`crypto.randomBytes(number)`](#cryptorandomBytesnumber)
- [`crypto.pbkdf2(password, salt, iterations, keySize, hash)`](#cryptopbkdf2password-salt-iterations-keySize-hash)
- [Contribute](#Contribute)
- [License](#License)
## Install
@ -46,83 +51,148 @@ This repo contains the JavaScript implementation of the crypto primitives needed
npm install --save libp2p-crypto
```
## Usage
```js
const crypto = require('libp2p-crypto')
// Now available to you:
//
// crypto.aes
// crypto.hmac
// crypto.keys
// etc.
//
// See full API details below...
```
### Web Crypto API
The `libp2p-crypto` library depends on the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) in the browser. Web Crypto is available in all modern browsers, however browsers restrict its usage to [Secure Contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).
**This means you will not be able to use some `libp2p-crypto` functions in the browser when the page is served over HTTP.** To enable the Web Crypto API and allow `libp2p-crypto` to work fully, please serve your page over HTTPS.
## API
### `crypto.aes`
Expoes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
Exposes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
This uses `CTR` mode.
#### `crypto.aes.create(key, iv, callback)`
#### `crypto.aes.create(key, iv)`
- `key: Buffer` The key, if length `16` then `AES 128` is used. For length `32`, `AES 256` is used.
- `iv: Buffer` Must have length `16`.
- `callback: Function`
##### `decrypt(data, callback)`
Returns `Promise<{decrypt<Function>, encrypt<Function>}>`
##### `decrypt(data)`
- `data: Buffer`
- `callback: Function`
##### `encrypt(data, callback)`
Returns `Promise<Buffer>`
##### `encrypt(data)`
- `data: Buffer`
- `callback: Function`
```
TODO: Example of using aes
Returns `Promise<Buffer>`
```js
const crypto = require('libp2p-crypto')
// Setting up Key and IV
// A 16 bytes array, 128 Bits, AES-128 is chosen
const key128 = Buffer.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
// A 16 bytes array, 128 Bits,
const IV = Buffer.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
async function main () {
const decryptedMessage = 'Hello, world!'
// Encrypting
const cipher = await crypto.aes.create(key128, IV)
const encryptedBuffer = await cipher.encrypt(Buffer.from(decryptedMessage))
console.log(encryptedBuffer)
// prints: <Buffer 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
// Decrypting
const decipher = await crypto.aes.create(key128, IV)
const decryptedBuffer = await cipher.decrypt(encryptedBuffer)
console.log(decryptedBuffer)
// prints: <Buffer 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
console.log(decryptedBuffer.toString('utf-8'))
// prints: Hello, world!
}
main()
```
### `crypto.hmac`
Exposes an interface to the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198. An HMAC is a cryptographic hash that uses a key to sign a message. The receiver verifies the hash by recomputing it using the same key.
#### `crypto.hmac.create(hash, secret, callback)`
#### `crypto.hmac.create(hash, secret)`
- `hash: String`
- `secret: Buffer`
- `callback: Function`
##### `digest(data, callback)`
Returns `Promise<{digest<Function>}>`
##### `digest(data)`
- `data: Buffer`
- `callback: Function`
Returns `Promise<Buffer>`
Example:
```
TODO: Example of using hmac
```js
const crypto = require('libp2p-crypto')
async function main () {
const hash = 'SHA1' // 'SHA256' || 'SHA512'
const hmac = await crypto.hmac.create(hash, Buffer.from('secret'))
const sig = await hmac.digest(Buffer.from('hello world'))
console.log(sig)
}
main()
```
### `crypto.keys`
**Supported Key Types**
The [`generateKeyPair`](#generatekeypairtype-bits-callback), [`marshalPublicKey`](#marshalpublickeykey-type-callback), and [`marshalPrivateKey`](#marshalprivatekeykey-type) functions accept a string `type` argument.
The [`generateKeyPair`](#generatekeypairtype-bits), [`marshalPublicKey`](#marshalpublickeykey-type), and [`marshalPrivateKey`](#marshalprivatekeykey-type) functions accept a string `type` argument.
Currently the `'RSA'` and `'ed25519'` types are supported, although ed25519 keys support only signing and verification of messages. For encryption / decryption support, RSA keys should be used.
Currently the `'RSA'`, `'ed25519'`, and `secp256k1` types are supported, although ed25519 and secp256k1 keys support only signing and verification of messages. For encryption / decryption support, RSA keys should be used.
Installing the [libp2p-crypto-secp256k1](https://github.com/libp2p/js-libp2p-crypto-secp256k1) module adds support for the `'secp256k1'` type, which supports ECDSA signatures using the secp256k1 elliptic curve popularized by Bitcoin. This module is not installed by default, and should be explicitly depended on if your project requires secp256k1 support.
### `crypto.keys.generateKeyPair(type, bits, callback)`
### `crypto.keys.generateKeyPair(type, bits)`
- `type: String`, see [Supported Key Types](#supported-key-types) above.
- `bits: Number` Minimum of 1024
- `callback: Function`
Returns `Promise<{privateKey<Buffer>, publicKey<Buffer>}>`
Generates a keypair of the given type and bitsize.
### `crypto.keys.generateEphemeralKeyPair(curve, callback)`
### `crypto.keys.generateEphemeralKeyPair(curve)`
- `curve: String`, one of `'P-256'`, `'P-384'`, `'P-521'` is currently supported
- `callback: Function`
Returns `Promise`
Generates an ephemeral public key and returns a function that will compute the shared secret key.
Focuses only on ECDH now, but can be made more general in the future.
Calls back with an object of the form
Resolves to an object of the form:
```js
{
@ -131,16 +201,17 @@ Calls back with an object of the form
}
```
### `crypto.keys.keyStretcher(cipherType, hashType, secret, callback)`
### `crypto.keys.keyStretcher(cipherType, hashType, secret)`
- `cipherType: String`, one of `'AES-128'`, `'AES-256'`, `'Blowfish'`
- `hashType: String`, one of `'SHA1'`, `SHA256`, `SHA512`
- `secret: Buffer`
- `callback: Function`
Returns `Promise`
Generates a set of keys for each party by stretching the shared key.
Calls back with an object of the form:
Resolves to an object of the form:
```js
{
@ -157,10 +228,12 @@ Calls back with an object of the form:
}
```
### `crypto.keys.marshalPublicKey(key[, type], callback)`
### `crypto.keys.marshalPublicKey(key, [type])`
- `key: keys.rsa.RsaPublicKey | keys.ed25519.Ed25519PublicKey | require('libp2p-crypto-secp256k1').Secp256k1PublicKey`
- `type: String`, see [Supported Key Types](#supported-key-types) above.
- `key: keys.rsa.RsaPublicKey | keys.ed25519.Ed25519PublicKey | keys.secp256k1.Secp256k1PublicKey`
- `type: String`, see [Supported Key Types](#supported-key-types) above. Defaults to 'rsa'.
Returns `Buffer`
Converts a public key object into a protobuf serialized public key.
@ -168,27 +241,33 @@ Converts a public key object into a protobuf serialized public key.
- `buf: Buffer`
Converts a protobuf serialized public key into its representative object.
Returns `RsaPublicKey|Ed25519PublicKey|Secp256k1PublicKey`
### `crypto.keys.marshalPrivateKey(key[, type])`
Converts a protobuf serialized public key into its representative object.
- `key: keys.rsa.RsaPrivateKey | keys.ed25519.Ed25519PrivateKey | require('libp2p-crypto-secp256k1').Secp256k1PrivateKey`
### `crypto.keys.marshalPrivateKey(key, [type])`
- `key: keys.rsa.RsaPrivateKey | keys.ed25519.Ed25519PrivateKey | keys.secp256k1.Secp256k1PrivateKey`
- `type: String`, see [Supported Key Types](#supported-key-types) above.
Returns `Buffer`
Converts a private key object into a protobuf serialized private key.
### `crypto.keys.unmarshalPrivateKey(buf, callback)`
### `crypto.keys.unmarshalPrivateKey(buf)`
- `buf: Buffer`
- `callback: Function`
Returns `Promise<RsaPrivateKey|Ed25519PrivateKey|Secp256k1PrivateKey>`
Converts a protobuf serialized private key into its representative object.
### `crypto.keys.import(pem, password, callback)`
### `crypto.keys.import(pem, password)`
- `pem: string`
- `password: string`
- `callback: Function`
Returns `Promise<RsaPrivateKey>`
Converts a PEM password protected private key into its representative object.
@ -196,6 +275,8 @@ Converts a PEM password protected private key into its representative object.
- `number: Number`
Returns `Buffer`
Generates a Buffer with length `number` populated by random bytes.
### `crypto.pbkdf2(password, salt, iterations, keySize, hash)`

29
appveyor.yml
View File

@ -1,29 +0,0 @@
# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
version: "{build}"
environment:
matrix:
- nodejs_version: "6"
- nodejs_version: "8"
matrix:
fast_finish: true
install:
# Install Node.js
- ps: Install-Product node $env:nodejs_version
# Upgrade npm
- npm install -g npm
# Output our current versions for debugging
- node --version
- npm --version
# Install our package dependencies
- npm install
test_script:
- npm run test:node
build: off

18
benchmarks/ephemeral-keys.js
View File

@ -1,3 +1,4 @@
/* eslint-disable no-console */
'use strict'
const Benchmark = require('benchmark')
@ -9,19 +10,14 @@ const secrets = []
const curves = ['P-256', 'P-384', 'P-521']
curves.forEach((curve) => {
suite.add(`ephemeral key with secrect ${curve}`, (d) => {
crypto.keys.generateEphemeralKeyPair('P-256', (err, res) => {
if (err) { throw err }
res.genSharedKey(res.key, (err, secret) => {
if (err) { throw err }
secrets.push(secret)
d.resolve()
})
})
suite.add(`ephemeral key with secrect ${curve}`, async (d) => {
const res = await crypto.keys.generateEphemeralKeyPair('P-256')
const secret = await res.genSharedKey(res.key)
secrets.push(secret)
d.resolve()
}, { defer: true })
})
suite
.on('cycle', (event) => console.log(String(event.target)))
.run({async: true})
.run({ async: true })

25
benchmarks/key-stretcher.js
View File

@ -1,7 +1,7 @@
/* eslint-disable no-console */
'use strict'
const Benchmark = require('benchmark')
const async = require('async')
const crypto = require('../src')
@ -12,11 +12,9 @@ const keys = []
const ciphers = ['AES-128', 'AES-256', 'Blowfish']
const hashes = ['SHA1', 'SHA256', 'SHA512']
async.waterfall([
(cb) => crypto.keys.generateEphemeralKeyPair('P-256', cb),
(res, cb) => res.genSharedKey(res.key, cb)
], (err, secret) => {
if (err) { throw err }
;(async () => {
const res = await crypto.keys.generateEphemeralKeyPair('P-256')
const secret = await res.genSharedKey(res.key)
ciphers.forEach((cipher) => hashes.forEach((hash) => {
setup(cipher, hash, secret)
@ -24,16 +22,13 @@ async.waterfall([
suite
.on('cycle', (event) => console.log(String(event.target)))
.run({async: true})
})
.run({ async: true })
})()
function setup (cipher, hash, secret) {
suite.add(`keyStretcher ${cipher} ${hash}`, (d) => {
crypto.keys.keyStretcher(cipher, hash, secret, (err, k) => {
if (err) { throw err }
keys.push(k)
d.resolve()
})
suite.add(`keyStretcher ${cipher} ${hash}`, async (d) => {
const k = await crypto.keys.keyStretcher(cipher, hash, secret)
keys.push(k)
d.resolve()
}, { defer: true })
}

27
benchmarks/rsa.js
View File

@ -1,3 +1,4 @@
/* eslint-disable no-console */
'use strict'
const Benchmark = require('benchmark')
@ -9,34 +10,28 @@ const keys = []
const bits = [1024, 2048, 4096]
bits.forEach((bit) => {
suite.add(`generateKeyPair ${bit}bits`, (d) => {
crypto.keys.generateKeyPair('RSA', bit, (err, key) => {
if (err) { throw err }
keys.push(key)
d.resolve()
})
suite.add(`generateKeyPair ${bit}bits`, async (d) => {
const key = await crypto.keys.generateKeyPair('RSA', bit)
keys.push(key)
d.resolve()
}, {
defer: true
})
})
suite.add('sign and verify', (d) => {
suite.add('sign and verify', async (d) => {
const key = keys[0]
const text = key.genSecret()
key.sign(text, (err, sig) => {
if (err) { throw err }
const sig = await key.sign(text)
const res = await key.public.verify(text, sig)
key.public.verify(text, sig, (err, res) => {
if (err) { throw err }
if (res !== true) { throw new Error('failed to verify') }
d.resolve()
})
})
if (res !== true) { throw new Error('failed to verify') }
d.resolve()
}, {
defer: true
})
suite
.on('cycle', (event) => console.log(String(event.target)))
.run({async: true})
.run({ async: true })

2
ci/Jenkinsfile vendored
View File

@ -1,2 +0,0 @@
// Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
javascript()

15
circle.yml
View File

@ -1,15 +0,0 @@
# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
machine:
node:
version: stable
dependencies:
pre:
- google-chrome --version
- curl -L -o google-chrome.deb https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
- sudo dpkg -i google-chrome.deb || true
- sudo apt-get update
- sudo apt-get install -f
- sudo apt-get install --only-upgrade lsb-base
- sudo dpkg -i google-chrome.deb
- google-chrome --version

80
package.json
View File

@ -1,14 +1,20 @@
{
"name": "libp2p-crypto",
"version": "0.11.0",
"version": "0.17.8",
"description": "Crypto primitives for libp2p",
"main": "src/index.js",
"types": "src/index.d.ts",
"leadMaintainer": "Jacob Heun <jacobheun@gmail.com>",
"browser": {
"./src/hmac/index.js": "./src/hmac/index-browser.js",
"./src/keys/ecdh.js": "./src/keys/ecdh-browser.js",
"./src/aes/ciphers.js": "./src/aes/ciphers-browser.js",
"./src/keys/rsa.js": "./src/keys/rsa-browser.js"
},
"files": [
"src",
"dist"
],
"scripts": {
"lint": "aegir lint",
"build": "aegir build",
@ -19,46 +25,48 @@
"release": "aegir release",
"release-minor": "aegir release --type minor",
"release-major": "aegir release --type major",
"coverage": "aegir coverage --ignore src/keys/keys.proto.js"
"coverage": "aegir coverage --ignore src/keys/keys.proto.js",
"size": "aegir build --bundlesize",
"test:types": "npx tsc"
},
"keywords": [
"IPFS",
"libp2p",
"crypto",
"rsa"
"rsa",
"secp256k1"
],
"author": "Friedel Ziegelmayer <dignifiedquire@gmail.com>",
"license": "MIT",
"dependencies": {
"asn1.js": "^5.0.0",
"async": "^2.6.0",
"browserify-aes": "^1.1.1",
"bs58": "^4.0.1",
"jsrsasign": "^8.0.4",
"buffer": "^5.5.0",
"err-code": "^2.0.0",
"is-typedarray": "^1.0.0",
"iso-random-stream": "^1.1.0",
"keypair": "^1.0.1",
"libp2p-crypto-secp256k1": "~0.2.2",
"multihashing-async": "~0.4.7",
"pem-jwk": "^1.5.1",
"multibase": "^0.7.0",
"multihashing-async": "^0.8.1",
"node-forge": "^0.9.1",
"pem-jwk": "^2.0.0",
"protons": "^1.0.1",
"rsa-pem-to-jwk": "^1.1.3",
"tweetnacl": "^1.0.0",
"webcrypto-shim": "github:dignifiedquire/webcrypto-shim#master"
"secp256k1": "^4.0.0",
"ursa-optional": "~0.10.1"
},
"devDependencies": {
"aegir": "^12.3.0",
"@types/chai": "^4.2.11",
"@types/chai-string": "^1.4.2",
"@types/dirty-chai": "^2.0.2",
"@types/mocha": "^7.0.1",
"@types/sinon": "^9.0.0",
"aegir": "^22.0.0",
"benchmark": "^2.1.4",
"chai": "^4.1.2",
"chai-string": "^1.4.0",
"chai": "^4.2.0",
"chai-string": "^1.5.0",
"dirty-chai": "^2.0.1",
"pre-commit": "^1.2.2"
"sinon": "^9.0.0"
},
"pre-commit": [
"lint",
"test"
],
"engines": {
"node": ">=6.0.0",
"npm": ">=3.0.0"
"node": ">=10.0.0",
"npm": ">=6.0.0"
},
"repository": {
"type": "git",
@ -70,16 +78,26 @@
"homepage": "https://github.com/libp2p/js-libp2p-crypto",
"contributors": [
"David Dias <daviddias.p@gmail.com>",
"Dmitriy Ryajov <dryajov@gmail.com>",
"Friedel Ziegelmayer <dignifiedquire@gmail.com>",
"Greenkeeper <support@greenkeeper.io>",
"Jack Kleeman <jackkleeman@gmail.com>",
"Jacob Heun <jacobheun@gmail.com>",
"Maciej Krüger <mkg20001@gmail.com>",
"dryajov <dryajov@gmail.com>",
"Alan Shaw <alan.shaw@protocol.ai>",
"Hugo Dias <hugomrdias@gmail.com>",
"Yusef Napora <yusef@napora.org>",
"Cayman <caymannava@gmail.com>",
"Victor Bjelkholm <victorbjelkholm@gmail.com>",
"Arve Knudsen <arve.knudsen@gmail.com>",
"Vasco Santos <vasco.santos@ua.pt>",
"Jack Kleeman <jackkleeman@gmail.com>",
"Richard Littauer <richard.littauer@gmail.com>",
"Richard Schneider <makaretu@gmail.com>",
"Alex Potsides <alex@achingbrain.net>",
"dirkmc <dirkmdev@gmail.com>",
"Alberto Elias <hi@albertoelias.me>",
"nikuda <nikuda@gmail.com>",
"Tom Swindell <t.swindell@rubyx.co.uk>",
"Yusef Napora <yusef@napora.org>",
"greenkeeper[bot] <greenkeeper[bot]@users.noreply.github.com>",
"nikuda <nikuda@gmail.com>"
"Carson Farmer <carson.farmer@gmail.com>",
"Joao Santos <jrmsantos15@gmail.com>"
]
}

17
src/aes/cipher-mode.js Normal file
View File

@ -0,0 +1,17 @@
'use strict'
const errcode = require('err-code')
const CIPHER_MODES = {
16: 'aes-128-ctr',
32: 'aes-256-ctr'
}
module.exports = function (key) {
const mode = CIPHER_MODES[key.length]
if (!mode) {
const modes = Object.entries(CIPHER_MODES).map(([k, v]) => `${k} (${v})`).join(' / ')
throw errcode(new Error(`Invalid key length ${key.length} bytes. Must be ${modes}`), 'ERR_INVALID_KEY_LENGTH')
}
return mode
}

27
src/aes/ciphers-browser.js
View File

@ -1,8 +1,27 @@
'use strict'
const crypto = require('browserify-aes')
const { Buffer } = require('buffer')
require('node-forge/lib/aes')
const forge = require('node-forge/lib/forge')
module.exports = {
createCipheriv: crypto.createCipheriv,
createDecipheriv: crypto.createDecipheriv
createCipheriv: (mode, key, iv) => {
const cipher2 = forge.cipher.createCipher('AES-CTR', key.toString('binary'))
cipher2.start({ iv: iv.toString('binary') })
return {
update: (data) => {
cipher2.update(forge.util.createBuffer(data.toString('binary')))
return Buffer.from(cipher2.output.getBytes(), 'binary')
}
}
},
createDecipheriv: (mode, key, iv) => {
const cipher2 = forge.cipher.createDecipher('AES-CTR', key.toString('binary'))
cipher2.start({ iv: iv.toString('binary') })
return {
update: (data) => {
cipher2.update(forge.util.createBuffer(data.toString('binary')))
return Buffer.from(cipher2.output.getBytes(), 'binary')
}
}
}
}

55
src/aes/index-browser.js
View File

@ -1,55 +0,0 @@
'use strict'
const asm = require('asmcrypto.js')
const setImmediate = require('async/setImmediate')
exports.create = function (key, iv, callback) {
const done = (err, res) => setImmediate(() => callback(err, res))
if (key.length !== 16 && key.length !== 32) {
return done(new Error('Invalid key length'))
}
const enc = new asm.AES_CTR.Encrypt({
key: key,
nonce: iv
})
const dec = new asm.AES_CTR.Decrypt({
key: key,
nonce: iv
})
const res = {
encrypt (data, cb) {
const done = (err, res) => setImmediate(() => cb(err, res))
let res
try {
res = Buffer.from(
enc.process(data).result
)
} catch (err) {
return done(err)
}
done(null, res)
},
decrypt (data, cb) {
const done = (err, res) => setImmediate(() => cb(err, res))
let res
try {
res = Buffer.from(
dec.process(data).result
)
} catch (err) {
return done(err)
}
done(null, res)
}
}
done(null, res)
}

24
src/aes/index.js
View File

@ -1,30 +1,22 @@
'use strict'
const ciphers = require('./ciphers')
const cipherMode = require('./cipher-mode')
const CIPHER_MODES = {
16: 'aes-128-ctr',
32: 'aes-256-ctr'
}
exports.create = function (key, iv, callback) {
const mode = CIPHER_MODES[key.length]
if (!mode) {
return callback(new Error('Invalid key length'))
}
exports.create = async function (key, iv) { // eslint-disable-line require-await
const mode = cipherMode(key)
const cipher = ciphers.createCipheriv(mode, key, iv)
const decipher = ciphers.createDecipheriv(mode, key, iv)
const res = {
encrypt (data, cb) {
cb(null, cipher.update(data))
async encrypt (data) { // eslint-disable-line require-await
return cipher.update(data)
},
decrypt (data, cb) {
cb(null, decipher.update(data))
async decrypt (data) { // eslint-disable-line require-await
return decipher.update(data)
}
}
callback(null, res)
return res
}

33
src/hmac/index-browser.js
View File

@ -1,8 +1,6 @@
'use strict'
const nodeify = require('../nodeify')
const crypto = require('../webcrypto.js')()
const { Buffer } = require('buffer')
const webcrypto = require('../webcrypto')
const lengths = require('./lengths')
const hashTypes = {
@ -11,29 +9,28 @@ const hashTypes = {
SHA512: 'SHA-512'
}
const sign = (key, data, cb) => {
nodeify(crypto.subtle.sign({name: 'HMAC'}, key, data)
.then((raw) => Buffer.from(raw)), cb)
const sign = async (key, data) => {
return Buffer.from(await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data))
}
exports.create = function (hashType, secret, callback) {
exports.create = async function (hashType, secret) {
const hash = hashTypes[hashType]
nodeify(crypto.subtle.importKey(
const key = await webcrypto.get().subtle.importKey(
'raw',
secret,
{
name: 'HMAC',
hash: {name: hash}
hash: { name: hash }
},
false,
['sign']
).then((key) => {
return {
digest (data, cb) {
sign(key, data, cb)
},
length: lengths[hashType]
}
}), callback)
)
return {
async digest (data) { // eslint-disable-line require-await
return sign(key, data)
},
length: lengths[hashType]
}
}

12
src/hmac/index.js
View File

@ -3,19 +3,15 @@
const crypto = require('crypto')
const lengths = require('./lengths')
exports.create = function (hash, secret, callback) {
exports.create = async function (hash, secret) { // eslint-disable-line require-await
const res = {
digest (data, cb) {
async digest (data) { // eslint-disable-line require-await
const hmac = crypto.createHmac(hash.toLowerCase(), secret)
hmac.update(data)
setImmediate(() => {
cb(null, hmac.digest())
})
return hmac.digest()
},
length: lengths[hash]
}
callback(null, res)
return res
}

345
src/index.d.ts vendored Normal file
View File

@ -0,0 +1,345 @@
/// <reference types="node" />
/**
* Supported key types.
*/
export type KeyType = "Ed25519" | "RSA" | "secp256k1";
/**
* Maps an IPFS hash name to its node-forge equivalent.
* See https://github.com/multiformats/multihash/blob/master/hashtable.csv
*/
export type HashType = "SHA1" | "SHA256" | "SHA512";
/**
* Supported curve types.
*/
export type CurveType = "P-256" | "P-384" | "P-521";
/**
* Supported cipher types.
*/
export type CipherType = "AES-128" | "AES-256" | "Blowfish";
/**
* Exposes an interface to AES encryption (formerly Rijndael),
* as defined in U.S. Federal Information Processing Standards Publication 197.
* This uses CTR mode.
*/
export namespace aes {
/**
* AES Cipher in CTR mode.
*/
interface Cipher {
encrypt(data: Buffer): Promise<Buffer>;
decrypt(data: Buffer): Promise<Buffer>;
}
/**
* Create a new AES Cipher.
* @param key The key, if length 16 then AES 128 is used. For length 32, AES 256 is used.
* @param iv Must have length 16.
*/
function create(key: Buffer, iv: Buffer): Promise<Cipher>;
}
/**
* Exposes an interface to the Keyed-Hash Message Authentication Code (HMAC)
* as defined in U.S. Federal Information Processing Standards Publication 198.
* An HMAC is a cryptographic hash that uses a key to sign a message.
* The receiver verifies the hash by recomputing it using the same key.
*/
export namespace hmac {
/**
* HMAC Digest.
*/
interface Digest {
digest(data: Buffer): Promise<Buffer>;
length: 20 | 32 | 64 | number;
}
/**
* Create a new HMAC Digest.
*/
function create(
hash: "SHA1" | "SHA256" | "SHA512" | string,
secret: Buffer
): Promise<Digest>;
}
/**
* Generic public key interface.
*/
export interface PublicKey {
readonly bytes: Buffer;
verify(data: Buffer, sig: Buffer): Promise<boolean>;
marshal(): Buffer;
equals(key: PublicKey): boolean;
hash(): Promise<Buffer>;
}
/**
* Generic private key interface.
*/
export interface PrivateKey {
readonly public: PublicKey;
readonly bytes: Buffer;
sign(data: Buffer): Promise<Buffer>;
marshal(): Buffer;
equals(key: PrivateKey): boolean;
hash(): Promise<Buffer>;
/**
* Gets the ID of the key.
*
* The key id is the base58 encoding of the SHA-256 multihash of its public key.
* The public key is a protobuf encoding containing a type and the DER encoding
* of the PKCS SubjectPublicKeyInfo.
*/
id(): Promise<string>;
}
export interface Keystretcher {
(res: Buffer): Keystretcher;
iv: Buffer;
cipherKey: Buffer;
macKey: Buffer;
}
export interface StretchPair {
k1: Keystretcher;
k2: Keystretcher;
}
/**
* Exposes an interface to various cryptographic key generation routines.
* Currently the 'RSA' and 'ed25519' types are supported, although ed25519 keys
* support only signing and verification of messages. For encryption / decryption
* support, RSA keys should be used.
* Installing the libp2p-crypto-secp256k1 module adds support for the 'secp256k1'
* type, which supports ECDSA signatures using the secp256k1 elliptic curve
* popularized by Bitcoin. This module is not installed by default, and should be
* explicitly depended on if your project requires secp256k1 support.
*/
export namespace keys {
export {};
export namespace supportedKeys {
namespace rsa {
class RsaPublicKey implements PublicKey {
constructor(key: Buffer);
readonly bytes: Buffer;
verify(data: Buffer, sig: Buffer): Promise<boolean>;
marshal(): Buffer;
encrypt(bytes: Buffer): Buffer;
equals(key: PublicKey): boolean;
hash(): Promise<Buffer>;
}
// Type alias for export method
export type KeyInfo = any;
class RsaPrivateKey implements PrivateKey {
constructor(key: any, publicKey: Buffer);
readonly public: RsaPublicKey;
readonly bytes: Buffer;
genSecret(): Buffer;
sign(data: Buffer): Promise<Buffer>;
decrypt(bytes: Buffer): Buffer;
marshal(): Buffer;
equals(key: PrivateKey): boolean;
hash(): Promise<Buffer>;
id(): Promise<string>;
/**
* Exports the key into a password protected PEM format
*
* @param password The password to read the encrypted PEM
* @param format Defaults to 'pkcs-8'.
*/
export(password: string, format?: "pkcs-8" | string): KeyInfo;
}
function unmarshalRsaPublicKey(buf: Buffer): RsaPublicKey;
function unmarshalRsaPrivateKey(buf: Buffer): Promise<RsaPrivateKey>;
function generateKeyPair(bits: number): Promise<RsaPrivateKey>;
function fromJwk(jwk: Buffer): Promise<RsaPrivateKey>;
}
namespace ed25519 {
class Ed25519PublicKey implements PublicKey {
constructor(key: Buffer);
readonly bytes: Buffer;
verify(data: Buffer, sig: Buffer): Promise<boolean>;
marshal(): Buffer;
encrypt(bytes: Buffer): Buffer;
equals(key: PublicKey): boolean;
hash(): Promise<Buffer>;
}
class Ed25519PrivateKey implements PrivateKey {
constructor(key: Buffer, publicKey: Buffer);
readonly public: Ed25519PublicKey;
readonly bytes: Buffer;
sign(data: Buffer): Promise<Buffer>;
marshal(): Buffer;
equals(key: PrivateKey): boolean;
hash(): Promise<Buffer>;
id(): Promise<string>;
}
function unmarshalEd25519PrivateKey(
buf: Buffer
): Promise<Ed25519PrivateKey>;
function unmarshalEd25519PublicKey(buf: Buffer): Ed25519PublicKey;
function generateKeyPair(): Promise<Ed25519PrivateKey>;
function generateKeyPairFromSeed(
seed: Buffer
): Promise<Ed25519PrivateKey>;
}
namespace secp256k1 {
class Secp256k1PublicKey implements PublicKey {
constructor(key: Buffer);
readonly bytes: Buffer;
verify(data: Buffer, sig: Buffer): Promise<boolean>;
marshal(): Buffer;
encrypt(bytes: Buffer): Buffer;
equals(key: PublicKey): boolean;
hash(): Promise<Buffer>;
}
class Secp256k1PrivateKey implements PrivateKey {
constructor(key: Uint8Array | Buffer, publicKey: Uint8Array | Buffer);
readonly public: Secp256k1PublicKey;
readonly bytes: Buffer;
sign(data: Buffer): Promise<Buffer>;
marshal(): Buffer;
equals(key: PrivateKey): boolean;
hash(): Promise<Buffer>;
id(): Promise<string>;
}
function unmarshalSecp256k1PrivateKey(
bytes: Buffer
): Promise<Secp256k1PrivateKey>;
function unmarshalSecp256k1PublicKey(bytes: Buffer): Secp256k1PublicKey;
function generateKeyPair(): Promise<Secp256k1PrivateKey>;
}
}
export const keysPBM: any;
/**
* Generates a keypair of the given type and bitsize.
* @param type One of the supported key types.
* @param bits Number of bits. Minimum of 1024.
*/
export function generateKeyPair(
type: KeyType | string,
bits: number
): Promise<PrivateKey>;
export function generateKeyPair(
type: "Ed25519",
bits: number
): Promise<keys.supportedKeys.ed25519.Ed25519PrivateKey>;
export function generateKeyPair(
type: "RSA",
bits: number
): Promise<keys.supportedKeys.rsa.RsaPrivateKey>;
export function generateKeyPair(
type: "secp256k1",
bits: number
): Promise<keys.supportedKeys.secp256k1.Secp256k1PrivateKey>;
/**
* Generates a keypair of the given type and bitsize.
* @param type One of the supported key types. Currently only 'Ed25519' is supported.
* @param seed A 32 byte uint8array.
* @param bits Number of bits. Minimum of 1024.
*/
export function generateKeyPairFromSeed(
type: KeyType | string,
seed: Uint8Array,
bits: number
): Promise<PrivateKey>;
export function generateKeyPairFromSeed(
type: "Ed25519",
seed: Uint8Array,
bits: number
): Promise<keys.supportedKeys.ed25519.Ed25519PrivateKey>;
/**
* Generates an ephemeral public key and returns a function that will compute the shared secret key.
* Focuses only on ECDH now, but can be made more general in the future.
* @param curve The curve to use. One of 'P-256', 'P-384', 'P-521' is currently supported.
*/
export function generateEphemeralKeyPair(
curve: CurveType | string
): Promise<{
key: Buffer;
genSharedKey: (theirPub: Buffer, forcePrivate?: any) => Promise<Buffer>;
}>;
/**
* Generates a set of keys for each party by stretching the shared key.
* @param cipherType The cipher type to use. One of 'AES-128', 'AES-256', or 'Blowfish'
* @param hashType The hash type to use. One of 'SHA1', 'SHA2256', or 'SHA2512'.
* @param secret The shared key secret.
*/
export function keyStretcher(
cipherType: CipherType | string,
hashType: HashType | string,
secret: Buffer | string
): Promise<StretchPair>;
/**
* Converts a protobuf serialized public key into its representative object.
* @param buf The protobuf serialized public key.
*/
export function unmarshalPublicKey(buf: Buffer): PublicKey;
/**
* Converts a public key object into a protobuf serialized public key.
* @param key An RSA, Ed25519, or Secp256k1 public key object.
* @param type One of the supported key types.
*/
export function marshalPublicKey(key: PublicKey, type?: KeyType | string): Buffer;
/**
* Converts a protobuf serialized private key into its representative object.
* @param buf The protobuf serialized private key.
*/
export function unmarshalPrivateKey(buf: Buffer): Promise<PrivateKey>;
/**
* Converts a private key object into a protobuf serialized private key.
* @param key An RSA, Ed25519, or Secp256k1 private key object.
* @param type One of the supported key types.
*/
export function marshalPrivateKey(key: PrivateKey, type?: KeyType | string): Buffer;
/**
* Converts a PEM password protected private key into its representative object.
* @param pem Password protected private key in PEM format.
* @param password The password used to protect the key.
*/
function _import(pem: string, password: string): Promise<supportedKeys.rsa.RsaPrivateKey>;
export { _import as import };
}
/**
* Generates a Buffer populated by random bytes.
* @param The size of the random bytes Buffer.
*/
export function randomBytes(number: number): Buffer;
/**
* Computes the Password-Based Key Derivation Function 2.
* @param password The password.
* @param salt The salt.
* @param iterations Number of iterations to use.
* @param keySize The size of the output key in bytes.
* @param hash The hash name ('sha1', 'sha2-512, ...)
*/
export function pbkdf2(
password: string | Buffer,
salt: string | Buffer,
iterations: number,
keySize: number,
hash: string
): Buffer;

2
src/index.js
View File

@ -4,8 +4,6 @@ const hmac = require('./hmac')
const aes = require('./aes')
const keys = require('./keys')
exports = module.exports
exports.aes = aes
exports.hmac = hmac
exports.keys = keys

134
src/keys/ecdh-browser.js
View File

@ -1,12 +1,10 @@
'use strict'
const webcrypto = require('../webcrypto.js')()
const nodeify = require('../nodeify')
const BN = require('asn1.js').bignum
const util = require('../util')
const toBase64 = util.toBase64
const toBn = util.toBn
const errcode = require('err-code')
const { Buffer } = require('buffer')
const webcrypto = require('../webcrypto')
const { bufferToBase64url, base64urlToBuffer } = require('../util')
const validateCurveType = require('./validate-curve-type')
const bits = {
'P-256': 256,
@ -14,72 +12,67 @@ const bits = {
'P-521': 521
}
exports.generateEphmeralKeyPair = function (curve, callback) {
nodeify(webcrypto.subtle.generateKey(
exports.generateEphmeralKeyPair = async function (curve) {
validateCurveType(Object.keys(bits), curve)
const pair = await webcrypto.get().subtle.generateKey(
{
name: 'ECDH',
namedCurve: curve
},
true,
['deriveBits']
).then((pair) => {
// forcePrivate is used for testing only
const genSharedKey = (theirPub, forcePrivate, cb) => {
if (typeof forcePrivate === 'function') {
cb = forcePrivate
forcePrivate = undefined
}
)
let privateKey
// forcePrivate is used for testing only
const genSharedKey = async (theirPub, forcePrivate) => {
let privateKey
if (forcePrivate) {
privateKey = webcrypto.subtle.importKey(
'jwk',
unmarshalPrivateKey(curve, forcePrivate),
{
name: 'ECDH',
namedCurve: curve
},
false,
['deriveBits']
)
} else {
privateKey = Promise.resolve(pair.privateKey)
}
const keys = Promise.all([
webcrypto.subtle.importKey(
'jwk',
unmarshalPublicKey(curve, theirPub),
{
name: 'ECDH',
namedCurve: curve
},
false,
[]
),
privateKey
])
nodeify(keys.then((keys) => webcrypto.subtle.deriveBits(
if (forcePrivate) {
privateKey = await webcrypto.get().subtle.importKey(
'jwk',
unmarshalPrivateKey(curve, forcePrivate),
{
name: 'ECDH',
namedCurve: curve,
public: keys[0]
namedCurve: curve
},
keys[1],
bits[curve]
)).then((bits) => Buffer.from(bits)), cb)
false,
['deriveBits']
)
} else {
privateKey = pair.privateKey
}
return webcrypto.subtle.exportKey('jwk', pair.publicKey)
.then((publicKey) => {
return {
key: marshalPublicKey(publicKey),
genSharedKey
}
})
}), callback)
const keys = [
await webcrypto.get().subtle.importKey(
'jwk',
unmarshalPublicKey(curve, theirPub),
{
name: 'ECDH',
namedCurve: curve
},
false,
[]
),
privateKey
]
return Buffer.from(await webcrypto.get().subtle.deriveBits(
{
name: 'ECDH',
namedCurve: curve,
public: keys[0]
},
keys[1],
bits[curve]
))
}
const publicKey = await webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
return {
key: marshalPublicKey(publicKey),
genSharedKey
}
}
const curveLengths = {
@ -96,8 +89,8 @@ function marshalPublicKey (jwk) {
return Buffer.concat([
Buffer.from([4]), // uncompressed point
toBn(jwk.x).toArrayLike(Buffer, 'be', byteLen),
toBn(jwk.y).toArrayLike(Buffer, 'be', byteLen)
base64urlToBuffer(jwk.x, byteLen),
base64urlToBuffer(jwk.y, byteLen)
], 1 + byteLen * 2)
}
@ -106,22 +99,19 @@ function unmarshalPublicKey (curve, key) {
const byteLen = curveLengths[curve]
if (!key.slice(0, 1).equals(Buffer.from([4]))) {
throw new Error('Invalid key format')
throw errcode(new Error('Cannot unmarshal public key - invalid key format'), 'ERR_INVALID_KEY_FORMAT')
}
const x = new BN(key.slice(1, byteLen + 1))
const y = new BN(key.slice(1 + byteLen))
return {
kty: 'EC',
crv: curve,
x: toBase64(x, byteLen),
y: toBase64(y, byteLen),
x: bufferToBase64url(key.slice(1, byteLen + 1), byteLen),
y: bufferToBase64url(key.slice(1 + byteLen), byteLen),
ext: true
}
}
function unmarshalPrivateKey (curve, key) {
const result = unmarshalPublicKey(curve, key.public)
result.d = toBase64(new BN(key.private))
return result
}
const unmarshalPrivateKey = (curve, key) => ({
...unmarshalPublicKey(curve, key.public),
d: bufferToBase64url(key.private)
})

29
src/keys/ecdh.js
View File

@ -1,7 +1,7 @@
'use strict'
const crypto = require('crypto')
const setImmediate = require('async/setImmediate')
const validateCurveType = require('./validate-curve-type')
const curves = {
'P-256': 'prime256v1',
@ -9,33 +9,20 @@ const curves = {
'P-521': 'secp521r1'
}
exports.generateEphmeralKeyPair = function (curve, callback) {
if (!curves[curve]) {
return callback(new Error(`Unkown curve: ${curve}`))
}
exports.generateEphmeralKeyPair = async function (curve) { // eslint-disable-line require-await
validateCurveType(Object.keys(curves), curve)
const ecdh = crypto.createECDH(curves[curve])
ecdh.generateKeys()
setImmediate(() => callback(null, {
return {
key: ecdh.getPublicKey(),
genSharedKey (theirPub, forcePrivate, cb) {
if (typeof forcePrivate === 'function') {
cb = forcePrivate
forcePrivate = null
}
async genSharedKey (theirPub, forcePrivate) { // eslint-disable-line require-await
if (forcePrivate) {
ecdh.setPrivateKey(forcePrivate.private)
}
let secret
try {
secret = ecdh.computeSecret(theirPub)
} catch (err) {
return cb(err)
}
setImmediate(() => cb(null, secret))
return ecdh.computeSecret(theirPub)
}
}))
}
}

117
src/keys/ed25519-class.js
View File

@ -1,8 +1,10 @@
'use strict'
const multihashing = require('multihashing-async')
const { Buffer } = require('buffer')
const sha = require('multihashing-async/src/sha')
const protobuf = require('protons')
const bs58 = require('bs58')
const multibase = require('multibase')
const errcode = require('err-code')
const crypto = require('./ed25519')
const pbm = protobuf(require('./keys.proto'))
@ -12,9 +14,8 @@ class Ed25519PublicKey {
this._key = ensureKey(key, crypto.publicKeyLength)
}
verify (data, sig, callback) {
ensure(callback)
crypto.hashAndVerify(this._key, sig, data, callback)
async verify (data, sig) { // eslint-disable-line require-await
return crypto.hashAndVerify(this._key, sig, data)
}
marshal () {
@ -32,9 +33,8 @@ class Ed25519PublicKey {
return this.bytes.equals(key.bytes)
}
hash (callback) {
ensure(callback)
multihashing(this.bytes, 'sha2-256', callback)
async hash () { // eslint-disable-line require-await
return sha.multihashing(this.bytes, 'sha2-256')
}
}
@ -46,16 +46,11 @@ class Ed25519PrivateKey {
this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
}
sign (message, callback) {
ensure(callback)
crypto.hashAndSign(this._key, message, callback)
async sign (message) { // eslint-disable-line require-await
return crypto.hashAndSign(this._key, message)
}
get public () {
if (!this._publicKey) {
throw new Error('public key not provided')
}
return new Ed25519PublicKey(this._publicKey)
}
@ -74,9 +69,8 @@ class Ed25519PrivateKey {
return this.bytes.equals(key.bytes)
}
hash (callback) {
ensure(callback)
multihashing(this.bytes, 'sha2-256', callback)
async hash () { // eslint-disable-line require-await
return sha.multihashing(this.bytes, 'sha2-256')
}
/**
@ -86,28 +80,27 @@ class Ed25519PrivateKey {
* The public key is a protobuf encoding containing a type and the DER encoding
* of the PKCS SubjectPublicKeyInfo.
*
* @param {function(Error, id)} callback
* @returns {undefined}
* @returns {Promise<String>}
*/
id (callback) {
this.public.hash((err, hash) => {
if (err) {
return callback(err)
}
callback(null, bs58.encode(hash))
})
async id () {
const hash = await this.public.hash()
return multibase.encode('base58btc', hash).toString().slice(1)
}
}
function unmarshalEd25519PrivateKey (bytes, callback) {
try {
function unmarshalEd25519PrivateKey (bytes) {
// Try the old, redundant public key version
if (bytes.length > crypto.privateKeyLength) {
bytes = ensureKey(bytes, crypto.privateKeyLength + crypto.publicKeyLength)
} catch (err) {
return callback(err)
const privateKeyBytes = bytes.slice(0, crypto.privateKeyLength)
const publicKeyBytes = bytes.slice(crypto.privateKeyLength, bytes.length)
return new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes)
}
bytes = ensureKey(bytes, crypto.privateKeyLength)
const privateKeyBytes = bytes.slice(0, crypto.privateKeyLength)
const publicKeyBytes = bytes.slice(crypto.privateKeyLength, bytes.length)
callback(null, new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes))
const publicKeyBytes = bytes.slice(crypto.publicKeyLength)
return new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes)
}
function unmarshalEd25519PublicKey (bytes) {
@ -115,60 +108,20 @@ function unmarshalEd25519PublicKey (bytes) {
return new Ed25519PublicKey(bytes)
}
function generateKeyPair (_bits, cb) {
if (cb === undefined && typeof _bits === 'function') {
cb = _bits
}
crypto.generateKey((err, keys) => {
if (err) {
return cb(err)
}
let privkey
try {
privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
} catch (err) {
cb(err)
return
}
cb(null, privkey)
})
async function generateKeyPair () {
const { privateKey, publicKey } = await crypto.generateKey()
return new Ed25519PrivateKey(privateKey, publicKey)
}
function generateKeyPairFromSeed (seed, _bits, cb) {
if (cb === undefined && typeof _bits === 'function') {
cb = _bits
}
crypto.generateKeyFromSeed(seed, (err, keys) => {
if (err) {
return cb(err)
}
let privkey
try {
privkey = new Ed25519PrivateKey(keys.secretKey, keys.publicKey)
} catch (err) {
cb(err)
return
}
cb(null, privkey)
})
}
function ensure (cb) {
if (typeof cb !== 'function') {
throw new Error('callback is required')
}
async function generateKeyPairFromSeed (seed) {
const { privateKey, publicKey } = await crypto.generateKeyFromSeed(seed)
return new Ed25519PrivateKey(privateKey, publicKey)
}
function ensureKey (key, length) {
if (Buffer.isBuffer(key)) {
key = new Uint8Array(key)
}
if (!(key instanceof Uint8Array) || key.length !== length) {
throw new Error('Key must be a Uint8Array or Buffer of length ' + length)
key = Uint8Array.from(key || [])
if (key.length !== length) {
throw errcode(new Error(`Key must be a Uint8Array or Buffer of length ${length}, got ${key.length}`), 'ERR_INVALID_KEY_TYPE')
}
return key
}

53
src/keys/ed25519.js
View File

@ -1,51 +1,24 @@
'use strict'
const nacl = require('tweetnacl')
const setImmediate = require('async/setImmediate')
require('node-forge/lib/ed25519')
const forge = require('node-forge/lib/forge')
exports.publicKeyLength = forge.pki.ed25519.constants.PUBLIC_KEY_BYTE_LENGTH
exports.privateKeyLength = forge.pki.ed25519.constants.PRIVATE_KEY_BYTE_LENGTH
exports.publicKeyLength = nacl.sign.publicKeyLength
exports.privateKeyLength = nacl.sign.secretKeyLength
exports.generateKey = function (callback) {
setImmediate(() => {
let result
try {
result = nacl.sign.keyPair()
} catch (err) {
return callback(err)
}
callback(null, result)
})
exports.generateKey = async function () { // eslint-disable-line require-await
return forge.pki.ed25519.generateKeyPair()
}
// seed should be a 32 byte uint8array
exports.generateKeyFromSeed = function (seed, callback) {
setImmediate(() => {
let result
try {
result = nacl.sign.keyPair.fromSeed(seed)
} catch (err) {
return callback(err)
}
callback(null, result)
})
exports.generateKeyFromSeed = async function (seed) { // eslint-disable-line require-await
return forge.pki.ed25519.generateKeyPair({ seed })
}
exports.hashAndSign = function (key, msg, callback) {
setImmediate(() => {
callback(null, Buffer.from(nacl.sign.detached(msg, key)))
})
exports.hashAndSign = async function (key, msg) { // eslint-disable-line require-await
return forge.pki.ed25519.sign({ message: msg, privateKey: key })
// return Buffer.from(nacl.sign.detached(msg, key))
}
exports.hashAndVerify = function (key, sig, msg, callback) {
setImmediate(() => {
let result
try {
result = nacl.sign.detached.verify(msg, sig, key)
} catch (err) {
return callback(err)
}
callback(null, result)
})
exports.hashAndVerify = async function (key, sig, msg) { // eslint-disable-line require-await
return forge.pki.ed25519.verify({ signature: sig, message: msg, publicKey: key })
}

4
src/keys/ephemeral-keys.js
View File

@ -6,6 +6,4 @@ const ecdh = require('./ecdh')
// the shared secret key.
//
// Focuses only on ECDH now, but can be made more general in the future.
module.exports = (curve, callback) => {
ecdh.generateEphmeralKeyPair(curve, callback)
}
module.exports = async (curve) => ecdh.generateEphmeralKeyPair(curve) // eslint-disable-line require-await

97
src/keys/index.js
View File

@ -1,51 +1,54 @@
'use strict'
const { Buffer } = require('buffer')
const protobuf = require('protons')
const keysPBM = protobuf(require('./keys.proto'))
const jsrsasign = require('jsrsasign')
const KEYUTIL = jsrsasign.KEYUTIL
require('node-forge/lib/asn1')
require('node-forge/lib/pbe')
const forge = require('node-forge/lib/forge')
const errcode = require('err-code')
exports = module.exports
const supportedKeys = {
rsa: require('./rsa-class'),
ed25519: require('./ed25519-class'),
secp256k1: require('libp2p-crypto-secp256k1')(keysPBM, require('../random-bytes'))
secp256k1: require('./secp256k1-class')(keysPBM, require('../random-bytes'))
}
exports.supportedKeys = supportedKeys
exports.keysPBM = keysPBM
function isValidKeyType (keyType) {
const key = supportedKeys[keyType.toLowerCase()]
return key !== undefined
const ErrMissingSecp256K1 = {
message: 'secp256k1 support requires libp2p-crypto-secp256k1 package',
code: 'ERR_MISSING_PACKAGE'
}
function typeToKey (type) {
const key = supportedKeys[type.toLowerCase()]
if (!key) {
const supported = Object.keys(supportedKeys).join(' / ')
throw errcode(new Error(`invalid or unsupported key type ${type}. Must be ${supported}`), 'ERR_UNSUPPORTED_KEY_TYPE')
}
return key
}
exports.keyStretcher = require('./key-stretcher')
exports.generateEphemeralKeyPair = require('./ephemeral-keys')
// Generates a keypair of the given type and bitsize
exports.generateKeyPair = (type, bits, cb) => {
let key = supportedKeys[type.toLowerCase()]
if (!key) {
return cb(new Error('invalid or unsupported key type'))
}
key.generateKeyPair(bits, cb)
exports.generateKeyPair = async (type, bits) => { // eslint-disable-line require-await
return typeToKey(type).generateKeyPair(bits)
}
// Generates a keypair of the given type and bitsize
// seed is a 32 byte uint8array
exports.generateKeyPairFromSeed = (type, seed, bits, cb) => {
let key = supportedKeys[type.toLowerCase()]
if (!key) {
return cb(new Error('invalid or unsupported key type'))
}
exports.generateKeyPairFromSeed = async (type, seed, bits) => { // eslint-disable-line require-await
const key = typeToKey(type)
if (type.toLowerCase() !== 'ed25519') {
return cb(new Error('Seed key derivation is unimplemented for RSA or secp256k1'))
throw errcode(new Error('Seed key derivation is unimplemented for RSA or secp256k1'), 'ERR_UNSUPPORTED_KEY_DERIVATION_TYPE')
}
key.generateKeyPairFromSeed(seed, bits, cb)
return key.generateKeyPairFromSeed(seed, bits)
}
// Converts a protobuf serialized public key into its
@ -63,71 +66,55 @@ exports.unmarshalPublicKey = (buf) => {
if (supportedKeys.secp256k1) {
return supportedKeys.secp256k1.unmarshalSecp256k1PublicKey(data)
} else {
throw new Error('secp256k1 support requires libp2p-crypto-secp256k1 package')
throw errcode(new Error(ErrMissingSecp256K1.message), ErrMissingSecp256K1.code)
}
default:
throw new Error('invalid or unsupported key type')
typeToKey(decoded.Type) // throws because type is not supported
}
}
// Converts a public key object into a protobuf serialized public key
exports.marshalPublicKey = (key, type) => {
type = (type || 'rsa').toLowerCase()
if (!isValidKeyType(type)) {
throw new Error('invalid or unsupported key type')
}
typeToKey(type) // check type
return key.bytes
}
// Converts a protobuf serialized private key into its
// representative object
exports.unmarshalPrivateKey = (buf, callback) => {
let decoded
try {
decoded = keysPBM.PrivateKey.decode(buf)
} catch (err) {
return callback(err)
}
exports.unmarshalPrivateKey = async (buf) => { // eslint-disable-line require-await
const decoded = keysPBM.PrivateKey.decode(buf)
const data = decoded.Data
switch (decoded.Type) {
case keysPBM.KeyType.RSA:
return supportedKeys.rsa.unmarshalRsaPrivateKey(data, callback)
return supportedKeys.rsa.unmarshalRsaPrivateKey(data)
case keysPBM.KeyType.Ed25519:
return supportedKeys.ed25519.unmarshalEd25519PrivateKey(data, callback)
return supportedKeys.ed25519.unmarshalEd25519PrivateKey(data)
case keysPBM.KeyType.Secp256k1:
if (supportedKeys.secp256k1) {
return supportedKeys.secp256k1.unmarshalSecp256k1PrivateKey(data, callback)
return supportedKeys.secp256k1.unmarshalSecp256k1PrivateKey(data)
} else {
return callback(new Error('secp256k1 support requires libp2p-crypto-secp256k1 package'))
throw errcode(new Error(ErrMissingSecp256K1.message), ErrMissingSecp256K1.code)
}
default:
callback(new Error('invalid or unsupported key type'))
typeToKey(decoded.Type) // throws because type is not supported
}
}
// Converts a private key object into a protobuf serialized private key
exports.marshalPrivateKey = (key, type) => {
type = (type || 'rsa').toLowerCase()
if (!isValidKeyType(type)) {
throw new Error('invalid or unsupported key type')
}
typeToKey(type) // check type
return key.bytes
}
exports.import = (pem, password, callback) => {
try {
const key = KEYUTIL.getKey(pem, password)
if (key instanceof jsrsasign.RSAKey) {
const jwk = KEYUTIL.getJWKFromKey(key)
return supportedKeys.rsa.fromJwk(jwk, callback)
} else {
throw new Error(`Unknown key type '${key.prototype.toString()}'`)
}
} catch (err) {
callback(err)
exports.import = async (pem, password) => { // eslint-disable-line require-await
const key = forge.pki.decryptRsaPrivateKey(pem, password)
if (key === null) {
throw errcode(new Error('Cannot read the key, most likely the password is wrong or not a RSA key'), 'ERR_CANNOT_DECRYPT_PEM')
}
let der = forge.asn1.toDer(forge.pki.privateKeyToAsn1(key))
der = Buffer.from(der.getBytes(), 'binary')
return supportedKeys.rsa.unmarshalRsaPrivateKey(der)
}

22
src/keys/jwk2pem.js Normal file
View File

@ -0,0 +1,22 @@
'use strict'
require('node-forge/lib/rsa')
const forge = require('node-forge/lib/forge')
const { base64urlToBigInteger } = require('../util')
function convert (key, types) {
return types.map(t => base64urlToBigInteger(key[t]))
}
function jwk2priv (key) {
return forge.pki.setRsaPrivateKey(...convert(key, ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']))
}
function jwk2pub (key) {
return forge.pki.setRsaPublicKey(...convert(key, ['n', 'e']))
}
module.exports = {
jwk2pub,
jwk2priv
}

103
src/keys/key-stretcher.js
View File

@ -1,6 +1,6 @@
'use strict'
const whilst = require('async/whilst')
const { Buffer } = require('buffer')
const errcode = require('err-code')
const hmac = require('../hmac')
const cipherMap = {
@ -20,15 +20,16 @@ const cipherMap = {
// Generates a set of keys for each party by stretching the shared key.
// (myIV, theirIV, myCipherKey, theirCipherKey, myMACKey, theirMACKey)
module.exports = (cipherType, hash, secret, callback) => {
module.exports = async (cipherType, hash, secret) => {
const cipher = cipherMap[cipherType]
if (!cipher) {
return callback(new Error('unkown cipherType passed'))
const allowed = Object.keys(cipherMap).join(' / ')
throw errcode(new Error(`unknown cipher type '${cipherType}'. Must be ${allowed}`), 'ERR_INVALID_CIPHER_TYPE')
}
if (!hash) {
return callback(new Error('unkown hashType passed'))
throw errcode(new Error('missing hash type'), 'ERR_MISSING_HASH_TYPE')
}
const cipherKeySize = cipher.keySize
@ -37,72 +38,38 @@ module.exports = (cipherType, hash, secret, callback) => {
const seed = Buffer.from('key expansion')
const resultLength = 2 * (ivSize + cipherKeySize + hmacKeySize)
hmac.create(hash, secret, (err, m) => {
if (err) {
return callback(err)
const m = await hmac.create(hash, secret)
let a = await m.digest(seed)
const result = []
let j = 0
while (j < resultLength) {
const b = await m.digest(Buffer.concat([a, seed]))
let todo = b.length
if (j + todo > resultLength) {
todo = resultLength - j
}
m.digest(seed, (err, a) => {
if (err) {
return callback(err)
}
result.push(b)
j += todo
a = await m.digest(a)
}
let result = []
let j = 0
const half = resultLength / 2
const resultBuffer = Buffer.concat(result)
const r1 = resultBuffer.slice(0, half)
const r2 = resultBuffer.slice(half, resultLength)
whilst(
() => j < resultLength,
stretch,
finish
)
function stretch (cb) {
m.digest(Buffer.concat([a, seed]), (err, b) => {
if (err) {
return cb(err)
}
let todo = b.length
if (j + todo > resultLength) {
todo = resultLength - j
}
result.push(b)
j += todo
m.digest(a, (err, _a) => {
if (err) {
return cb(err)
}
a = _a
cb()
})
})
}
function finish (err) {
if (err) {
return callback(err)
}
const half = resultLength / 2
const resultBuffer = Buffer.concat(result)
const r1 = resultBuffer.slice(0, half)
const r2 = resultBuffer.slice(half, resultLength)
const createKey = (res) => ({
iv: res.slice(0, ivSize),
cipherKey: res.slice(ivSize, ivSize + cipherKeySize),
macKey: res.slice(ivSize + cipherKeySize)
})
callback(null, {
k1: createKey(r1),
k2: createKey(r2)
})
}
})
const createKey = (res) => ({
iv: res.slice(0, ivSize),
cipherKey: res.slice(ivSize, ivSize + cipherKeySize),
macKey: res.slice(ivSize + cipherKeySize)
})
return {
k1: createKey(r1),
k2: createKey(r2)
}
}

2
src/keys/keys.proto.js
View File

@ -12,4 +12,4 @@ message PublicKey {
message PrivateKey {
required KeyType Type = 1;
required bytes Data = 2;
}`
}`

133
src/keys/rsa-browser.js
View File

@ -1,106 +1,112 @@
'use strict'
const nodeify = require('../nodeify')
const webcrypto = require('../webcrypto.js')()
const { Buffer } = require('buffer')
const webcrypto = require('../webcrypto')
const randomBytes = require('../random-bytes')
exports.utils = require('./rsa-utils')
exports.generateKey = function (bits, callback) {
nodeify(webcrypto.subtle.generateKey(
exports.generateKey = async function (bits) {
const pair = await webcrypto.get().subtle.generateKey(
{
name: 'RSASSA-PKCS1-v1_5',
modulusLength: bits,
publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
hash: {name: 'SHA-256'}
hash: { name: 'SHA-256' }
},
true,
['sign', 'verify']
)
.then(exportKey)
.then((keys) => ({
privateKey: keys[0],
publicKey: keys[1]
})), callback)
const keys = await exportKey(pair)
return {
privateKey: keys[0],
publicKey: keys[1]
}
}
// Takes a jwk key
exports.unmarshalPrivateKey = function (key, callback) {
const privateKey = webcrypto.subtle.importKey(
exports.unmarshalPrivateKey = async function (key) {
const privateKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
name: 'RSASSA-PKCS1-v1_5',
hash: {name: 'SHA-256'}
hash: { name: 'SHA-256' }
},
true,
['sign']
)
nodeify(Promise.all([
const pair = [
privateKey,
derivePublicFromPrivate(key)
]).then((keys) => exportKey({
await derivePublicFromPrivate(key)
]
const keys = await exportKey({
privateKey: pair[0],
publicKey: pair[1]
})
return {
privateKey: keys[0],
publicKey: keys[1]
})).then((keys) => ({
privateKey: keys[0],
publicKey: keys[1]
})), callback)
}
}
exports.getRandomValues = function (arr) {
return Buffer.from(webcrypto.getRandomValues(arr))
}
exports.getRandomValues = randomBytes
exports.hashAndSign = function (key, msg, callback) {
nodeify(webcrypto.subtle.importKey(
exports.hashAndSign = async function (key, msg) {
const privateKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
name: 'RSASSA-PKCS1-v1_5',
hash: {name: 'SHA-256'}
hash: { name: 'SHA-256' }
},
false,
['sign']
).then((privateKey) => {
return webcrypto.subtle.sign(
{name: 'RSASSA-PKCS1-v1_5'},
privateKey,
Uint8Array.from(msg)
)
}).then((sig) => Buffer.from(sig)), callback)
)
const sig = await webcrypto.get().subtle.sign(
{ name: 'RSASSA-PKCS1-v1_5' },
privateKey,
Uint8Array.from(msg)
)
return Buffer.from(sig)
}
exports.hashAndVerify = function (key, sig, msg, callback) {
nodeify(webcrypto.subtle.importKey(
exports.hashAndVerify = async function (key, sig, msg) {
const publicKey = await webcrypto.get().subtle.importKey(
'jwk',
key,
{
name: 'RSASSA-PKCS1-v1_5',
hash: {name: 'SHA-256'}
hash: { name: 'SHA-256' }
},
false,
['verify']
).then((publicKey) => {
return webcrypto.subtle.verify(
{name: 'RSASSA-PKCS1-v1_5'},
publicKey,
sig,
msg
)
}), callback)
)
return webcrypto.get().subtle.verify(
{ name: 'RSASSA-PKCS1-v1_5' },
publicKey,
sig,
msg
)
}
function exportKey (pair) {
return Promise.all([
webcrypto.subtle.exportKey('jwk', pair.privateKey),
webcrypto.subtle.exportKey('jwk', pair.publicKey)
webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
])
}
function derivePublicFromPrivate (jwKey) {
return webcrypto.subtle.importKey(
return webcrypto.get().subtle.importKey(
'jwk',
{
kty: jwKey.kty,
@ -109,9 +115,38 @@ function derivePublicFromPrivate (jwKey) {
},
{
name: 'RSASSA-PKCS1-v1_5',
hash: {name: 'SHA-256'}
hash: { name: 'SHA-256' }
},
true,
['verify']
)
}
/*
RSA encryption/decryption for the browser with webcrypto workarround
"bloody dark magic. webcrypto's why."
Explanation:
- Convert JWK to nodeForge
- Convert msg buffer to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our buffer a binary string
- Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array(buffer)
*/
const { jwk2pub, jwk2priv } = require('./jwk2pem')
function convertKey (key, pub, msg, handle) {
const fkey = pub ? jwk2pub(key) : jwk2priv(key)
const fmsg = Buffer.from(msg).toString('binary')
const fomsg = handle(fmsg, fkey)
return Buffer.from(fomsg, 'binary')
}
exports.encrypt = function (key, msg) {
return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))
}
exports.decrypt = function (key, msg) {
return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))
}

138
src/keys/rsa-class.js
View File

@ -1,22 +1,23 @@
'use strict'
const multihashing = require('multihashing-async')
const sha = require('multihashing-async/src/sha')
const protobuf = require('protons')
const bs58 = require('bs58')
const multibase = require('multibase')
const errcode = require('err-code')
const crypto = require('./rsa')
const pbm = protobuf(require('./keys.proto'))
const KEYUTIL = require('jsrsasign').KEYUTIL
const setImmediate = require('async/setImmediate')
require('node-forge/lib/sha512')
require('node-forge/lib/ed25519')
const forge = require('node-forge/lib/forge')
class RsaPublicKey {
constructor (key) {
this._key = key
}
verify (data, sig, callback) {
ensure(callback)
crypto.hashAndVerify(this._key, sig, data, callback)
async verify (data, sig) { // eslint-disable-line require-await
return crypto.hashAndVerify(this._key, sig, data)
}
marshal () {
@ -31,16 +32,15 @@ class RsaPublicKey {
}
encrypt (bytes) {
return this._key.encrypt(bytes, 'RSAES-PKCS1-V1_5')
return crypto.encrypt(this._key, bytes)
}
equals (key) {
return this.bytes.equals(key.bytes)
}
hash (callback) {
ensure(callback)
multihashing(this.bytes, 'sha2-256', callback)
async hash () { // eslint-disable-line require-await
return sha.multihashing(this.bytes, 'sha2-256')
}
}
@ -53,24 +53,23 @@ class RsaPrivateKey {
}
genSecret () {
return crypto.getRandomValues(new Uint8Array(16))
return crypto.getRandomValues(16)
}
sign (message, callback) {
ensure(callback)
crypto.hashAndSign(this._key, message, callback)
async sign (message) { // eslint-disable-line require-await
return crypto.hashAndSign(this._key, message)
}
get public () {
if (!this._publicKey) {
throw new Error('public key not provided')
throw errcode(new Error('public key not provided'), 'ERR_PUBKEY_NOT_PROVIDED')
}
return new RsaPublicKey(this._publicKey)
}
decrypt (msg, callback) {
crypto.decrypt(this._key, msg, callback)
decrypt (bytes) {
return crypto.decrypt(this._key, bytes)
}
marshal () {
@ -88,9 +87,8 @@ class RsaPrivateKey {
return this.bytes.equals(key.bytes)
}
hash (callback) {
ensure(callback)
multihashing(this.bytes, 'sha2-256', callback)
async hash () { // eslint-disable-line require-await
return sha.multihashing(this.bytes, 'sha2-256')
}
/**
@ -100,95 +98,61 @@ class RsaPrivateKey {
* The public key is a protobuf encoding containing a type and the DER encoding
* of the PKCS SubjectPublicKeyInfo.
*
* @param {function(Error, id)} callback
* @returns {undefined}
* @returns {Promise<String>}
*/
id (callback) {
this.public.hash((err, hash) => {
if (err) {
return callback(err)
}
callback(null, bs58.encode(hash))
})
async id () {
const hash = await this.public.hash()
return multibase.encode('base58btc', hash).toString().slice(1)
}
/**
* Exports the key into a password protected PEM format
*
* @param {string} [format] - Defaults to 'pkcs-8'.
* @param {string} password - The password to read the encrypted PEM
* @param {function(Error, KeyInfo)} callback
* @returns {undefined}
* @param {string} [format] - Defaults to 'pkcs-8'.
*/
export (format, password, callback) {
if (typeof password === 'function') {
callback = password
password = format
format = 'pkcs-8'
async export (password, format = 'pkcs-8') { // eslint-disable-line require-await
let pem = null
const buffer = new forge.util.ByteBuffer(this.marshal())
const asn1 = forge.asn1.fromDer(buffer)
const privateKey = forge.pki.privateKeyFromAsn1(asn1)
if (format === 'pkcs-8') {
const options = {
algorithm: 'aes256',
count: 10000,
saltSize: 128 / 8,
prfAlgorithm: 'sha512'
}
pem = forge.pki.encryptRsaPrivateKey(privateKey, password, options)
} else {
throw errcode(new Error(`Unknown export format '${format}'. Must be pkcs-8`), 'ERR_INVALID_EXPORT_FORMAT')
}
setImmediate(() => {
ensure(callback)
let err = null
let pem = null
try {
const key = KEYUTIL.getKey(this._key) // _key is a JWK (JSON Web Key)
if (format === 'pkcs-8') {
pem = KEYUTIL.getPEM(key, 'PKCS8PRV', password)
} else {
err = new Error(`Unknown export format '${format}'`)
}
} catch (e) {
err = e
}
callback(err, pem)
})
return pem
}
}
function unmarshalRsaPrivateKey (bytes, callback) {
async function unmarshalRsaPrivateKey (bytes) {
const jwk = crypto.utils.pkcs1ToJwk(bytes)
crypto.unmarshalPrivateKey(jwk, (err, keys) => {
if (err) {
return callback(err)
}
callback(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
})
const keys = await crypto.unmarshalPrivateKey(jwk)
return new RsaPrivateKey(keys.privateKey, keys.publicKey)
}
function unmarshalRsaPublicKey (bytes) {
const jwk = crypto.utils.pkixToJwk(bytes)
return new RsaPublicKey(jwk)
}
function fromJwk (jwk, callback) {
crypto.unmarshalPrivateKey(jwk, (err, keys) => {
if (err) {
return callback(err)
}
callback(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
})
async function fromJwk (jwk) {
const keys = await crypto.unmarshalPrivateKey(jwk)
return new RsaPrivateKey(keys.privateKey, keys.publicKey)
}
function generateKeyPair (bits, cb) {
crypto.generateKey(bits, (err, keys) => {
if (err) {
return cb(err)
}
cb(null, new RsaPrivateKey(keys.privateKey, keys.publicKey))
})
}
function ensure (cb) {
if (typeof cb !== 'function') {
throw new Error('callback is required')
}
async function generateKeyPair (bits) {
const keys = await crypto.generateKey(bits)
return new RsaPrivateKey(keys.privateKey, keys.publicKey)
}
module.exports = {

122
src/keys/rsa-utils.js
View File

@ -1,68 +1,27 @@
'use strict'
const asn1 = require('asn1.js')
const util = require('./../util')
const toBase64 = util.toBase64
const toBn = util.toBn
const RSAPrivateKey = asn1.define('RSAPrivateKey', function () {
this.seq().obj(
this.key('version').int(),
this.key('modulus').int(),
this.key('publicExponent').int(),
this.key('privateExponent').int(),
this.key('prime1').int(),
this.key('prime2').int(),
this.key('exponent1').int(),
this.key('exponent2').int(),
this.key('coefficient').int()
)
})
const AlgorithmIdentifier = asn1.define('AlgorithmIdentifier', function () {
this.seq().obj(
this.key('algorithm').objid({
'1.2.840.113549.1.1.1': 'rsa'
}),
this.key('none').optional().null_(),
this.key('curve').optional().objid(),
this.key('params').optional().seq().obj(
this.key('p').int(),
this.key('q').int(),
this.key('g').int()
)
)
})
const PublicKey = asn1.define('RSAPublicKey', function () {
this.seq().obj(
this.key('algorithm').use(AlgorithmIdentifier),
this.key('subjectPublicKey').bitstr()
)
})
const RSAPublicKey = asn1.define('RSAPublicKey', function () {
this.seq().obj(
this.key('modulus').int(),
this.key('publicExponent').int()
)
})
const { Buffer } = require('buffer')
require('node-forge/lib/asn1')
require('node-forge/lib/rsa')
const forge = require('node-forge/lib/forge')
const { bigIntegerToUintBase64url, base64urlToBigInteger } = require('./../util')
// Convert a PKCS#1 in ASN1 DER format to a JWK key
exports.pkcs1ToJwk = function (bytes) {
const asn1 = RSAPrivateKey.decode(bytes, 'der')
const asn1 = forge.asn1.fromDer(bytes.toString('binary'))
const privateKey = forge.pki.privateKeyFromAsn1(asn1)
// https://tools.ietf.org/html/rfc7518#section-6.3.1
return {
kty: 'RSA',
n: toBase64(asn1.modulus),
e: toBase64(asn1.publicExponent),
d: toBase64(asn1.privateExponent),
p: toBase64(asn1.prime1),
q: toBase64(asn1.prime2),
dp: toBase64(asn1.exponent1),
dq: toBase64(asn1.exponent2),
qi: toBase64(asn1.coefficient),
n: bigIntegerToUintBase64url(privateKey.n),
e: bigIntegerToUintBase64url(privateKey.e),
d: bigIntegerToUintBase64url(privateKey.d),
p: bigIntegerToUintBase64url(privateKey.p),
q: bigIntegerToUintBase64url(privateKey.q),
dp: bigIntegerToUintBase64url(privateKey.dP),
dq: bigIntegerToUintBase64url(privateKey.dQ),
qi: bigIntegerToUintBase64url(privateKey.qInv),
alg: 'RS256',
kid: '2011-04-29'
}
@ -70,28 +29,29 @@ exports.pkcs1ToJwk = function (bytes) {
// Convert a JWK key into PKCS#1 in ASN1 DER format
exports.jwkToPkcs1 = function (jwk) {
return RSAPrivateKey.encode({
version: 0,
modulus: toBn(jwk.n),
publicExponent: toBn(jwk.e),
privateExponent: toBn(jwk.d),
prime1: toBn(jwk.p),
prime2: toBn(jwk.q),
exponent1: toBn(jwk.dp),
exponent2: toBn(jwk.dq),
coefficient: toBn(jwk.qi)
}, 'der')
const asn1 = forge.pki.privateKeyToAsn1({
n: base64urlToBigInteger(jwk.n),
e: base64urlToBigInteger(jwk.e),
d: base64urlToBigInteger(jwk.d),
p: base64urlToBigInteger(jwk.p),
q: base64urlToBigInteger(jwk.q),
dP: base64urlToBigInteger(jwk.dp),
dQ: base64urlToBigInteger(jwk.dq),
qInv: base64urlToBigInteger(jwk.qi)
})
return Buffer.from(forge.asn1.toDer(asn1).getBytes(), 'binary')
}
// Convert a PKCIX in ASN1 DER format to a JWK key
exports.pkixToJwk = function (bytes) {
const ndata = PublicKey.decode(bytes, 'der')
const asn1 = RSAPublicKey.decode(ndata.subjectPublicKey.data, 'der')
const asn1 = forge.asn1.fromDer(bytes.toString('binary'))
const publicKey = forge.pki.publicKeyFromAsn1(asn1)
return {
kty: 'RSA',
n: toBase64(asn1.modulus),
e: toBase64(asn1.publicExponent),
n: bigIntegerToUintBase64url(publicKey.n),
e: bigIntegerToUintBase64url(publicKey.e),
alg: 'RS256',
kid: '2011-04-29'
}
@ -99,16 +59,10 @@ exports.pkixToJwk = function (bytes) {
// Convert a JWK key to PKCIX in ASN1 DER format
exports.jwkToPkix = function (jwk) {
return PublicKey.encode({
algorithm: {
algorithm: 'rsa',
none: null
},
subjectPublicKey: {
data: RSAPublicKey.encode({
modulus: toBn(jwk.n),
publicExponent: toBn(jwk.e)
}, 'der')
}
}, 'der')
const asn1 = forge.pki.publicKeyToAsn1({
n: base64urlToBigInteger(jwk.n),
e: base64urlToBigInteger(jwk.e)
})
return Buffer.from(forge.asn1.toDer(asn1).getBytes(), 'binary')
}

122
src/keys/rsa.js
View File

@ -1,79 +1,83 @@
'use strict'
const crypto = require('crypto')
const keypair = require('keypair')
const setImmediate = require('async/setImmediate')
const errcode = require('err-code')
const randomBytes = require('../random-bytes')
// @ts-check
/**
* @type {PrivateKey}
*/
let keypair
try {
if (process.env.LP2P_FORCE_CRYPTO_LIB === 'keypair') {
throw new Error('Force keypair usage')
}
const ursa = require('ursa-optional') // throws if not compiled
keypair = ({ bits }) => {
const key = ursa.generatePrivateKey(bits)
return {
private: key.toPrivatePem(),
public: key.toPublicPem()
}
}
} catch (e) {
if (process.env.LP2P_FORCE_CRYPTO_LIB === 'ursa') {
throw e
}
keypair = require('keypair')
}
const pemToJwk = require('pem-jwk').pem2jwk
const jwkToPem = require('pem-jwk').jwk2pem
exports.utils = require('./rsa-utils')
exports.generateKey = function (bits, callback) {
setImmediate(() => {
let result
try {
const key = keypair({ bits: bits })
result = {
privateKey: pemToJwk(key.private),
publicKey: pemToJwk(key.public)
}
} catch (err) {
return callback(err)
}
callback(null, result)
})
exports.generateKey = async function (bits) { // eslint-disable-line require-await
const key = keypair({ bits })
return {
privateKey: pemToJwk(key.private),
publicKey: pemToJwk(key.public)
}
}
// Takes a jwk key
exports.unmarshalPrivateKey = function (key, callback) {
setImmediate(() => {
if (!key) {
return callback(new Error('Key is invalid'))
exports.unmarshalPrivateKey = async function (key) { // eslint-disable-line require-await
if (!key) {
throw errcode(new Error('Missing key parameter'), 'ERR_MISSING_KEY')
}
return {
privateKey: key,
publicKey: {
kty: key.kty,
n: key.n,
e: key.e
}
callback(null, {
privateKey: key,
publicKey: {
kty: key.kty,
n: key.n,
e: key.e
}
})
})
}
}
exports.getRandomValues = function (arr) {
return crypto.randomBytes(arr.length)
exports.getRandomValues = randomBytes
exports.hashAndSign = async function (key, msg) { // eslint-disable-line require-await
const sign = crypto.createSign('RSA-SHA256')
sign.update(msg)
const pem = jwkToPem(key)
return sign.sign(pem)
}
exports.hashAndSign = function (key, msg, callback) {
setImmediate(() => {
let result
try {
const sign = crypto.createSign('RSA-SHA256')
sign.update(msg)
const pem = jwkToPem(key)
result = sign.sign(pem)
} catch (err) {
return callback(new Error('Key or message is invalid!: ' + err.message))
}
callback(null, result)
})
exports.hashAndVerify = async function (key, sig, msg) { // eslint-disable-line require-await
const verify = crypto.createVerify('RSA-SHA256')
verify.update(msg)
const pem = jwkToPem(key)
return verify.verify(pem, sig)
}
exports.hashAndVerify = function (key, sig, msg, callback) {
setImmediate(() => {
let result
try {
const verify = crypto.createVerify('RSA-SHA256')
verify.update(msg)
const pem = jwkToPem(key)
result = verify.verify(pem, sig)
} catch (err) {
return callback(new Error('Key or message is invalid!:' + err.message))
}
const padding = crypto.constants.RSA_PKCS1_PADDING
callback(null, result)
})
exports.encrypt = function (key, bytes) {
return crypto.publicEncrypt({ key: jwkToPem(key), padding }, bytes)
}
exports.decrypt = function (key, bytes) {
return crypto.privateDecrypt({ key: jwkToPem(key), padding }, bytes)
}

109
src/keys/secp256k1-class.js Normal file
View File

@ -0,0 +1,109 @@
'use strict'
const multibase = require('multibase')
const sha = require('multihashing-async/src/sha')
module.exports = (keysProtobuf, randomBytes, crypto) => {
crypto = crypto || require('./secp256k1')(randomBytes)
class Secp256k1PublicKey {
constructor (key) {
crypto.validatePublicKey(key)
this._key = key
}
verify (data, sig) {
return crypto.hashAndVerify(this._key, sig, data)
}
marshal () {
return crypto.compressPublicKey(this._key)
}
get bytes () {
return keysProtobuf.PublicKey.encode({
Type: keysProtobuf.KeyType.Secp256k1,
Data: this.marshal()
})
}
equals (key) {
return this.bytes.equals(key.bytes)
}
hash () {
return sha.multihashing(this.bytes, 'sha2-256')
}
}
class Secp256k1PrivateKey {
constructor (key, publicKey) {
this._key = key
this._publicKey = publicKey || crypto.computePublicKey(key)
crypto.validatePrivateKey(this._key)
crypto.validatePublicKey(this._publicKey)
}
sign (message) {
return crypto.hashAndSign(this._key, message)
}
get public () {
return new Secp256k1PublicKey(this._publicKey)
}
marshal () {
return this._key
}
get bytes () {
return keysProtobuf.PrivateKey.encode({
Type: keysProtobuf.KeyType.Secp256k1,
Data: this.marshal()
})
}
equals (key) {
return this.bytes.equals(key.bytes)
}
hash () {
return sha.multihashing(this.bytes, 'sha2-256')
}
/**
* Gets the ID of the key.
*
* The key id is the base58 encoding of the SHA-256 multihash of its public key.
* The public key is a protobuf encoding containing a type and the DER encoding
* of the PKCS SubjectPublicKeyInfo.
*
* @returns {Promise<string>}
*/
async id () {
const hash = await this.public.hash()
return multibase.encode('base58btc', hash).toString().slice(1)
}
}
function unmarshalSecp256k1PrivateKey (bytes) {
return new Secp256k1PrivateKey(bytes)
}
function unmarshalSecp256k1PublicKey (bytes) {
return new Secp256k1PublicKey(bytes)
}
async function generateKeyPair () {
const privateKeyBytes = await crypto.generateKey()
return new Secp256k1PrivateKey(privateKeyBytes)
}
return {
Secp256k1PublicKey,
Secp256k1PrivateKey,
unmarshalSecp256k1PrivateKey,
unmarshalSecp256k1PublicKey,
generateKeyPair
}
}

86
src/keys/secp256k1.js Normal file
View File

@ -0,0 +1,86 @@
'use strict'
const { Buffer } = require('buffer')
var isTypedArray = require('is-typedarray').strict
const secp256k1 = require('secp256k1')
const sha = require('multihashing-async/src/sha')
const HASH_ALGORITHM = 'sha2-256'
function typedArrayTobuffer (arr) {
if (isTypedArray(arr)) {
// To avoid a copy, use the typed array's underlying ArrayBuffer to back new Buffer
var buf = Buffer.from(arr.buffer)
if (arr.byteLength !== arr.buffer.byteLength) {
// Respect the "view", i.e. byteOffset and byteLength, without doing a copy
buf = buf.slice(arr.byteOffset, arr.byteOffset + arr.byteLength)
}
return buf
} else {
// Pass through all other types to `Buffer.from`
return Buffer.from(arr)
}
}
module.exports = (randomBytes) => {
const privateKeyLength = 32
function generateKey () {
let privateKey
do {
privateKey = randomBytes(32)
} while (!secp256k1.privateKeyVerify(privateKey))
return privateKey
}
async function hashAndSign (key, msg) {
const digest = await sha.digest(msg, HASH_ALGORITHM)
const sig = secp256k1.ecdsaSign(digest, key)
return typedArrayTobuffer(secp256k1.signatureExport(sig.signature))
}
async function hashAndVerify (key, sig, msg) {
const digest = await sha.digest(msg, HASH_ALGORITHM)
sig = typedArrayTobuffer(secp256k1.signatureImport(sig))
return secp256k1.ecdsaVerify(sig, digest, key)
}
function compressPublicKey (key) {
if (!secp256k1.publicKeyVerify(key)) {
throw new Error('Invalid public key')
}
return typedArrayTobuffer(secp256k1.publicKeyConvert(key, true))
}
function decompressPublicKey (key) {
return typedArrayTobuffer(secp256k1.publicKeyConvert(key, false))
}
function validatePrivateKey (key) {
if (!secp256k1.privateKeyVerify(key)) {
throw new Error('Invalid private key')
}
}
function validatePublicKey (key) {
if (!secp256k1.publicKeyVerify(key)) {
throw new Error('Invalid public key')
}
}
function computePublicKey (privateKey) {
validatePrivateKey(privateKey)
return typedArrayTobuffer(secp256k1.publicKeyCreate(privateKey))
}
return {
generateKey,
privateKeyLength,
hashAndSign,
hashAndVerify,
compressPublicKey,
decompressPublicKey,
validatePrivateKey,
validatePublicKey,
computePublicKey
}
}

10
src/keys/validate-curve-type.js Normal file
View File

@ -0,0 +1,10 @@
'use strict'
const errcode = require('err-code')
module.exports = function (curveTypes, type) {
if (!curveTypes.includes(type)) {
const names = curveTypes.join(' / ')
throw errcode(new Error(`Unknown curve: ${type}. Must be ${names}`), 'ERR_INVALID_CURVE')
}
}

11
src/nodeify.js
View File

@ -1,11 +0,0 @@
'use strict'
// Based on npmjs.com/nodeify but without additional `nextTick` calls
// to keep the overhead low
module.exports = function nodeify (promise, cb) {
return promise.then((res) => {
cb(null, res)
}, (err) => {
cb(err)
})
}

32
src/pbkdf2.js
View File

@ -1,18 +1,20 @@
'use strict'
const crypto = require('jsrsasign').CryptoJS
const forgePbkdf2 = require('node-forge/lib/pbkdf2')
const forgeUtil = require('node-forge/lib/util')
const errcode = require('err-code')
/**
* Maps an IPFS hash name to its jsrsasign equivalent.
* Maps an IPFS hash name to its node-forge equivalent.
*
* See https://github.com/multiformats/multihash/blob/master/hashtable.csv
*
* @private
*/
const hashName = {
sha1: crypto.algo.SHA1,
'sha2-256': crypto.algo.SHA256,
'sha2-512': crypto.algo.SHA512
sha1: 'sha1',
'sha2-256': 'sha256',
'sha2-512': 'sha512'
}
/**
@ -26,16 +28,18 @@ const hashName = {
* @returns {string} - A new password
*/
function pbkdf2 (password, salt, iterations, keySize, hash) {
const opts = {
iterations: iterations,
keySize: keySize / 4, // convert bytes to words (32 bits)
hasher: hashName[hash]
const hasher = hashName[hash]
if (!hasher) {
const types = Object.keys(hashName).join(' / ')
throw errcode(new Error(`Hash '${hash}' is unknown or not supported. Must be ${types}`), 'ERR_UNSUPPORTED_HASH_TYPE')
}
if (!opts.hasher) {
throw new Error(`Hash '${hash}' is unknown or not supported`)
}
const words = crypto.PBKDF2(password, salt, opts)
return crypto.enc.Base64.stringify(words)
const dek = forgePbkdf2(
password,
salt,
iterations,
keySize,
hasher)
return forgeUtil.encode64(dek)
}
module.exports = pbkdf2

15
src/random-bytes.js
View File

@ -1,13 +1,10 @@
'use strict'
const randomBytes = require('iso-random-stream/src/random')
const errcode = require('err-code')
const rsa = require('./keys/rsa')
function randomBytes (number) {
if (!number || typeof number !== 'number') {
throw new Error('first argument must be a Number bigger than 0')
module.exports = function (length) {
if (isNaN(length) || length <= 0) {
throw errcode(new Error('random bytes length must be a Number bigger than 0'), 'ERR_INVALID_LENGTH')
}
return rsa.getRandomValues(new Uint8Array(number))
return randomBytes(length)
}
module.exports = randomBytes

57
src/util.js
View File

@ -1,20 +1,55 @@
'use strict'
const BN = require('asn1.js').bignum
const { Buffer } = require('buffer')
require('node-forge/lib/util')
require('node-forge/lib/jsbn')
const forge = require('node-forge/lib/forge')
// Convert a BN.js instance to a base64 encoded string without padding
exports.bigIntegerToUintBase64url = (num, len) => {
// Call `.abs()` to convert to unsigned
let buf = Buffer.from(num.abs().toByteArray()) // toByteArray converts to big endian
// toByteArray() gives us back a signed array, which will include a leading 0
// byte if the most significant bit of the number is 1:
// https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-integer
// Our number will always be positive so we should remove the leading padding.
buf = buf[0] === 0 ? buf.slice(1) : buf
if (len != null) {
if (buf.length > len) throw new Error('byte array longer than desired length')
buf = Buffer.concat([Buffer.alloc(len - buf.length), buf])
}
return exports.bufferToBase64url(buf)
}
// Convert a Buffer to a base64 encoded string without padding
// Adapted from https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#appendix-C
exports.toBase64 = function toBase64 (bn, len) {
// if len is defined then the bytes are leading-0 padded to the length
let s = bn.toArrayLike(Buffer, 'be', len).toString('base64')
return s
.replace(/(=*)$/, '') // Remove any trailing '='s
exports.bufferToBase64url = buf => {
return buf
.toString('base64')
.split('=')[0] // Remove any trailing '='s
.replace(/\+/g, '-') // 62nd char of encoding
.replace(/\//g, '_') // 63rd char of encoding
}
// Convert a base64 encoded string to a BN.js instance
exports.toBn = function toBn (str) {
return new BN(Buffer.from(str, 'base64'))
// Convert a base64url encoded string to a BigInteger
exports.base64urlToBigInteger = str => {
const buf = exports.base64urlToBuffer(str)
return new forge.jsbn.BigInteger(buf.toString('hex'), 16)
}
exports.base64urlToBuffer = (str, len) => {
str = (str + '==='.slice((str.length + 3) % 4))
.replace(/-/g, '+')
.replace(/_/g, '/')
let buf = Buffer.from(str, 'base64')
if (len != null) {
if (buf.length > len) throw new Error('byte array longer than desired length')
buf = Buffer.concat([Buffer.alloc(len - buf.length), buf])
}
return buf
}

26
src/webcrypto.js
View File

@ -1,16 +1,24 @@
/* global self */
/* eslint-env browser */
'use strict'
module.exports = () => {
// This is only a shim for interfaces, not for functionality
if (typeof self !== 'undefined') {
require('webcrypto-shim')(self)
// Check native crypto exists and is enabled (In insecure context `self.crypto`
// exists but `self.crypto.subtle` does not).
exports.get = (win = self) => {
const nativeCrypto = win.crypto || win.msCrypto
if (self.crypto) {
return self.crypto
}
if (!nativeCrypto || !nativeCrypto.subtle) {
throw Object.assign(
new Error(
'Missing Web Crypto API. ' +
'The most likely cause of this error is that this page is being accessed ' +
'from an insecure context (i.e. not HTTPS). For more information and ' +
'possible resolutions see ' +
'https://github.com/libp2p/js-libp2p-crypto/blob/master/README.md#web-crypto-api'
),
{ code: 'ERR_MISSING_WEB_CRYPTO' }
)
}
throw new Error('Please use an environment with crypto support')
return nativeCrypto
}

112
test/aes/aes.spec.js
View File

@ -1,12 +1,13 @@
/* eslint max-nested-callbacks: ["error", 8] */
/* eslint-disable valid-jsdoc */
/* eslint-env mocha */
'use strict'
const { Buffer } = require('buffer')
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const series = require('async/series')
const { expectErrCode } = require('../util')
const crypto = require('../../src')
const fixtures = require('./../fixtures/aes')
@ -17,55 +18,47 @@ const bytes = {
32: 'AES-256'
}
/** @typedef {import("libp2p-crypto").aes.Cipher} Cipher */
describe('AES-CTR', () => {
Object.keys(bytes).forEach((byte) => {
it(`${bytes[byte]} - encrypt and decrypt`, (done) => {
it(`${bytes[byte]} - encrypt and decrypt`, async () => {
const key = Buffer.alloc(parseInt(byte, 10))
key.fill(5)
const iv = Buffer.alloc(16)
iv.fill(1)
crypto.aes.create(key, iv, (err, cipher) => {
expect(err).to.not.exist()
const cipher = await crypto.aes.create(key, iv)
series([
encryptAndDecrypt(cipher),
encryptAndDecrypt(cipher),
encryptAndDecrypt(cipher),
encryptAndDecrypt(cipher),
encryptAndDecrypt(cipher)
], done)
})
await encryptAndDecrypt(cipher)
await encryptAndDecrypt(cipher)
await encryptAndDecrypt(cipher)
await encryptAndDecrypt(cipher)
await encryptAndDecrypt(cipher)
})
})
Object.keys(bytes).forEach((byte) => {
it(`${bytes[byte]} - fixed - encrypt and decrypt`, (done) => {
it(`${bytes[byte]} - fixed - encrypt and decrypt`, async () => {
const key = Buffer.alloc(parseInt(byte, 10))
key.fill(5)
const iv = Buffer.alloc(16)
iv.fill(1)
crypto.aes.create(key, iv, (err, cipher) => {
expect(err).to.not.exist()
const cipher = await crypto.aes.create(key, iv)
series(fixtures[byte].inputs.map((rawIn, i) => (cb) => {
const input = Buffer.from(rawIn)
const output = Buffer.from(fixtures[byte].outputs[i])
cipher.encrypt(input, (err, res) => {
expect(err).to.not.exist()
expect(res).to.have.length(output.length)
expect(res).to.eql(output)
cipher.decrypt(res, (err, res) => {
expect(err).to.not.exist()
expect(res).to.eql(input)
cb()
})
})
}), done)
})
for (let i = 0; i < fixtures[byte].inputs.length; i++) {
const rawIn = fixtures[byte].inputs[i]
const input = Buffer.from(rawIn)
const output = Buffer.from(fixtures[byte].outputs[i])
const encrypted = await cipher.encrypt(input)
expect(encrypted).to.have.length(output.length)
expect(encrypted).to.eql(output)
const decrypted = await cipher.decrypt(encrypted)
expect(decrypted).to.eql(input)
}
})
})
@ -74,46 +67,45 @@ describe('AES-CTR', () => {
return
}
it(`${bytes[byte]} - go interop - encrypt and decrypt`, (done) => {
it(`${bytes[byte]} - go interop - encrypt and decrypt`, async () => {
const key = Buffer.alloc(parseInt(byte, 10))
key.fill(5)
const iv = Buffer.alloc(16)
iv.fill(1)
crypto.aes.create(key, iv, (err, cipher) => {
expect(err).to.not.exist()
const cipher = await crypto.aes.create(key, iv)
series(goFixtures[byte].inputs.map((rawIn, i) => (cb) => {
const input = Buffer.from(rawIn)
const output = Buffer.from(goFixtures[byte].outputs[i])
cipher.encrypt(input, (err, res) => {
expect(err).to.not.exist()
expect(res).to.have.length(output.length)
expect(res).to.be.eql(output)
cipher.decrypt(res, (err, res) => {
expect(err).to.not.exist()
expect(res).to.be.eql(input)
cb()
})
})
}), done)
})
for (let i = 0; i < goFixtures[byte].inputs.length; i++) {
const rawIn = goFixtures[byte].inputs[i]
const input = Buffer.from(rawIn)
const output = Buffer.from(goFixtures[byte].outputs[i])
const encrypted = await cipher.encrypt(input)
expect(encrypted).to.have.length(output.length)
expect(encrypted).to.eql(output)
const decrypted = await cipher.decrypt(encrypted)
expect(decrypted).to.eql(input)
}
})
})
it('checks key length', () => {
const key = Buffer.alloc(5)
const iv = Buffer.alloc(16)
return expectErrCode(crypto.aes.create(key, iv), 'ERR_INVALID_KEY_LENGTH')
})
})
function encryptAndDecrypt (cipher) {
// @ts-check
/**
* @type {function(Cipher): Promise<void>}
*/
async function encryptAndDecrypt (cipher) {
const data = Buffer.alloc(100)
data.fill(Math.ceil(Math.random() * 100))
return (cb) => {
cipher.encrypt(data, (err, res) => {
expect(err).to.not.exist()
cipher.decrypt(res, (err, res) => {
expect(err).to.not.exist()
expect(res).to.be.eql(data)
cb()
})
})
}
const encrypted = await cipher.encrypt(data)
const decrypted = await cipher.decrypt(encrypted)
expect(decrypted).to.be.eql(data)
}

61
test/browser.js Normal file
View File

@ -0,0 +1,61 @@
/* eslint-env mocha */
'use strict'
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const crypto = require('../')
const webcrypto = require('../src/webcrypto')
async function expectMissingWebCrypto (fn) {
try {
await fn()
} catch (err) {
expect(err.code).to.equal('ERR_MISSING_WEB_CRYPTO')
return
}
throw new Error('Expected missing web crypto error')
}
describe('Missing web crypto', () => {
let webcryptoGet
let rsaPrivateKey
before(async () => {
rsaPrivateKey = await crypto.keys.generateKeyPair('RSA', 512)
})
before(() => {
webcryptoGet = webcrypto.get
webcrypto.get = () => webcryptoGet({})
})
after(() => {
webcrypto.get = webcryptoGet
})
it('should error for hmac create when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.hmac.create('SHA256', Buffer.from('secret')))
})
it('should error for generate ephemeral key pair when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.generateEphemeralKeyPair('P-256'))
})
it('should error for generate rsa key pair when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.generateKeyPair('rsa', 256))
})
it('should error for unmarshal RSA private key when web crypto is missing', () => {
return expectMissingWebCrypto(() => crypto.keys.unmarshalPrivateKey(crypto.keys.marshalPrivateKey(rsaPrivateKey)))
})
it('should error for sign RSA private key when web crypto is missing', () => {
return expectMissingWebCrypto(() => rsaPrivateKey.sign(Buffer.from('test')))
})
it('should error for verify RSA public key when web crypto is missing', () => {
return expectMissingWebCrypto(() => rsaPrivateKey.public.verify(Buffer.from('test'), Buffer.from('test')))
})
})

97
test/crypto.spec.js
View File

@ -8,18 +8,19 @@ const expect = chai.expect
chai.use(dirtyChai)
const crypto = require('../src')
const fixtures = require('./fixtures/go-key-rsa')
const { expectErrCode } = require('./util')
/** @typedef {import("libp2p-crypto").PrivateKey} PrivateKey */
describe('libp2p-crypto', function () {
this.timeout(20 * 1000)
// @ts-check
/**
* @type {PrivateKey}
*/
let key
before((done) => {
crypto.keys.generateKeyPair('RSA', 2048, (err, _key) => {
if (err) {
return done(err)
}
key = _key
done()
})
before(async () => {
key = await crypto.keys.generateKeyPair('RSA', 512)
})
it('marshalPublicKey and unmarshalPublicKey', () => {
@ -33,71 +34,50 @@ describe('libp2p-crypto', function () {
}).to.throw()
})
it('marshalPrivateKey and unmarshalPrivateKey', (done) => {
it('marshalPrivateKey and unmarshalPrivateKey', async () => {
expect(() => {
crypto.keys.marshalPrivateKey(key, 'invalid-key-type')
}).to.throw()
crypto.keys.unmarshalPrivateKey(crypto.keys.marshalPrivateKey(key), (err, key2) => {
if (err) {
return done(err)
}
const key2 = await crypto.keys.unmarshalPrivateKey(crypto.keys.marshalPrivateKey(key))
expect(key2.equals(key)).to.be.eql(true)
expect(key2.public.equals(key.public)).to.be.eql(true)
done()
})
expect(key2.equals(key)).to.be.eql(true)
expect(key2.public.equals(key.public)).to.be.eql(true)
})
it('generateKeyPair', () => {
return expectErrCode(crypto.keys.generateKeyPair('invalid-key-type', 512), 'ERR_UNSUPPORTED_KEY_TYPE')
})
it('generateKeyPairFromSeed', () => {
var seed = crypto.randomBytes(32)
return expectErrCode(crypto.keys.generateKeyPairFromSeed('invalid-key-type', seed, 512), 'ERR_UNSUPPORTED_KEY_TYPE')
})
// marshalled keys seem to be slightly different
// unsure as to if this is just a difference in encoding
// or a bug
describe('go interop', () => {
it('unmarshals private key', (done) => {
crypto.keys.unmarshalPrivateKey(fixtures.private.key, (err, key) => {
if (err) {
return done(err)
}
const hash = fixtures.private.hash
expect(fixtures.private.key).to.eql(key.bytes)
key.hash((err, digest) => {
if (err) {
return done(err)
}
expect(digest).to.eql(hash)
done()
})
})
it('unmarshals private key', async () => {
const key = await crypto.keys.unmarshalPrivateKey(fixtures.private.key)
const hash = fixtures.private.hash
expect(fixtures.private.key).to.eql(key.bytes)
const digest = await key.hash()
expect(digest).to.eql(hash)
})
it('unmarshals public key', (done) => {
it('unmarshals public key', async () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.public.key)
const hash = fixtures.public.hash
expect(crypto.keys.marshalPublicKey(key)).to.eql(fixtures.public.key)
key.hash((err, digest) => {
if (err) {
return done(err)
}
expect(digest).to.eql(hash)
done()
})
const digest = await key.hash()
expect(digest).to.eql(hash)
})
it('unmarshal -> marshal, private key', (done) => {
crypto.keys.unmarshalPrivateKey(fixtures.private.key, (err, key) => {
if (err) {
return done(err)
}
const marshalled = crypto.keys.marshalPrivateKey(key)
expect(marshalled).to.eql(fixtures.private.key)
done()
})
it('unmarshal -> marshal, private key', async () => {
const key = await crypto.keys.unmarshalPrivateKey(fixtures.private.key)
const marshalled = crypto.keys.marshalPrivateKey(key)
expect(marshalled).to.eql(fixtures.private.key)
})
it('unmarshal -> marshal, public key', () => {
@ -129,14 +109,15 @@ describe('libp2p-crypto', function () {
})
it('throws on invalid hash name', () => {
expect(() => crypto.pbkdf2('password', 'at least 16 character salt', 500, 512 / 8, 'shaX-xxx')).to.throw()
const fn = () => crypto.pbkdf2('password', 'at least 16 character salt', 500, 512 / 8, 'shaX-xxx')
expect(fn).to.throw().with.property('code', 'ERR_UNSUPPORTED_HASH_TYPE')
})
})
describe('randomBytes', () => {
it('throws with no number passed', () => {
it('throws with invalid number passed', () => {
expect(() => {
crypto.randomBytes()
crypto.randomBytes(-1)
}).to.throw()
})

1
test/fixtures/go-elliptic-key.js vendored
View File

@ -1,4 +1,5 @@
'use strict'
const { Buffer } = require('buffer')
module.exports = {
curve: 'P-256',

47
test/fixtures/go-key-ed25519.js vendored
View File

@ -1,28 +1,43 @@
'use strict'
const { Buffer } = require('buffer')
module.exports = {
// These were generated in a gore (https://github.com/motemen/gore) repl session:
// Generation code from https://github.com/libp2p/js-libp2p-crypto/issues/175#issuecomment-634467463
//
// :import github.com/libp2p/go-libp2p-crypto
// :import crypto/rand
// priv, pub, err := crypto.GenerateEd25519Key(rand.Reader)
// pubkeyBytes, err := pub.Bytes()
// privkeyBytes, err := priv.Bytes()
// data := []byte("hello! and welcome to some awesome crypto primitives")
// sig, err := priv.Sign(data)
// package main
//
// :import io/ioutil
// ioutil.WriteFile("/tmp/pubkey_go.bin", pubkeyBytes, 0644)
// // etc..
// import (
// "crypto/rand"
// "fmt"
// "strings"
// "github.com/libp2p/go-libp2p-core/crypto"
// )
// func main() {
// priv, pub, _ := crypto.GenerateEd25519Key(rand.Reader)
// pubkeyBytes, _ := pub.Bytes()
// privkeyBytes, _ := priv.Bytes()
// data := []byte("hello! and welcome to some awesome crypto primitives")
// sig, _ := priv.Sign(data)
// fmt.Println("{\n publicKey: Buffer.from(", strings.Replace(fmt.Sprint(pubkeyBytes), " ", ",", -1), "),")
// fmt.Println(" privateKey: Buffer.from(", strings.Replace(fmt.Sprint(privkeyBytes), " ", ",", -1), "),")
// fmt.Println(" data: Buffer.from(", strings.Replace(fmt.Sprint(data), " ", ",", -1), "),")
// fmt.Println(" signature: Buffer.from(", strings.Replace(fmt.Sprint(sig), " ", ",", -1), ")\n}")
// }
//
// Then loaded into a node repl and dumped to arrays with:
//
// var pubkey = Array.from(fs.readFileSync('/tmp/pubkey_go.bin'))
// console.log(JSON.stringify(pubkey))
verify: {
// The legacy key unnecessarily appends the publickey. (It's already included) See https://github.com/libp2p/js-libp2p-crypto/issues/175
redundantPubKey: {
privateKey: Buffer.from([8, 1, 18, 96, 201, 208, 1, 110, 176, 16, 230, 37, 66, 184, 149, 252, 78, 56, 206, 136, 2, 38, 118, 152, 226, 197, 117, 200, 54, 189, 156, 218, 184, 7, 118, 57, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
publicKey: Buffer.from([8, 1, 18, 32, 233, 49, 221, 97, 164, 158, 241, 129, 73, 166, 225, 255, 193, 118, 22, 84, 55, 15, 249, 168, 225, 180, 198, 191, 14, 75, 187, 243, 150, 91, 232, 37]),
data: Buffer.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
signature: Buffer.from([7, 230, 175, 164, 228, 58, 78, 208, 62, 243, 73, 142, 83, 195, 176, 217, 166, 62, 41, 165, 168, 164, 75, 179, 163, 86, 102, 32, 18, 84, 150, 237, 39, 207, 213, 20, 134, 237, 50, 41, 176, 183, 229, 133, 38, 255, 42, 228, 68, 186, 100, 14, 175, 156, 243, 118, 125, 125, 120, 212, 124, 103, 252, 12])
},
verify: {
publicKey: Buffer.from([8, 1, 18, 32, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
privateKey: Buffer.from([8, 1, 18, 64, 232, 56, 175, 20, 240, 160, 19, 47, 92, 88, 115, 221, 164, 13, 36, 162, 158, 136, 247, 31, 29, 231, 76, 143, 12, 91, 193, 4, 88, 33, 67, 23, 163, 176, 195, 47, 254, 208, 49, 5, 192, 102, 32, 63, 58, 202, 171, 153, 146, 164, 25, 212, 25, 91, 146, 26, 117, 165, 148, 6, 207, 90, 217, 126]),
data: Buffer.from([104, 101, 108, 108, 111, 33, 32, 97, 110, 100, 32, 119, 101, 108, 99, 111, 109, 101, 32, 116, 111, 32, 115, 111, 109, 101, 32, 97, 119, 101, 115, 111, 109, 101, 32, 99, 114, 121, 112, 116, 111, 32, 112, 114, 105, 109, 105, 116, 105, 118, 101, 115]),
signature: Buffer.from([160, 125, 30, 62, 213, 189, 239, 92, 87, 76, 205, 169, 251, 149, 187, 57, 96, 85, 175, 213, 22, 132, 229, 60, 196, 18, 117, 194, 12, 174, 135, 31, 39, 168, 174, 103, 78, 55, 37, 222, 37, 172, 222, 239, 153, 63, 197, 152, 67, 167, 191, 215, 161, 212, 216, 163, 81, 77, 45, 228, 151, 79, 101, 1])
}
}

2
test/fixtures/go-key-rsa.js vendored
View File

@ -1,5 +1,5 @@
'use strict'
const { Buffer } = require('buffer')
module.exports = {
private: {
hash: Buffer.from([

31
test/fixtures/go-key-secp256k1.js vendored Normal file
View File

@ -0,0 +1,31 @@
'use strict'
const { Buffer } = require('buffer')
// The keypair and signature below were generated in a gore repl session (https://github.com/motemen/gore)
// using the secp256k1 fork of go-libp2p-crypto by github user @vyzo
//
// gore> :import github.com/vyzo/go-libp2p-crypto
// gore> :import crypto/rand
// gore> :import io/ioutil
// gore> priv, pub, err := crypto.GenerateKeyPairWithReader(crypto.Secp256k1, 256, rand.Reader)
// gore> privBytes, err := priv.Bytes()
// gore> pubBytes, err := pub.Bytes()
// gore> msg := []byte("hello! and welcome to some awesome crypto primitives")
// gore> sig, err := priv.Sign(msg)
// gore> ioutil.WriteFile("/tmp/secp-go-priv.bin", privBytes, 0644)
// gore> ioutil.WriteFile("/tmp/secp-go-pub.bin", pubBytes, 0644)
// gore> ioutil.WriteFile("/tmp/secp-go-sig.bin", sig, 0644)
//
// The generated files were then read in a node repl with e.g.:
// > fs.readFileSync('/tmp/secp-go-pub.bin').toString('hex')
// '08021221029c0ce5d53646ed47112560297a3e59b78b8cbd4bae37c7a0c236eeb91d0fbeaf'
//
// and the results copy/pasted in here
module.exports = {
privateKey: Buffer.from('08021220358f15db8c2014d570e8e3a622454e2273975a3cca443ec0c45375b13d381d18', 'hex'),
publicKey: Buffer.from('08021221029c0ce5d53646ed47112560297a3e59b78b8cbd4bae37c7a0c236eeb91d0fbeaf', 'hex'),
message: Buffer.from('hello! and welcome to some awesome crypto primitives', 'utf-8'),
signature: Buffer.from('304402200e4c629e9f5d99439115e60989cd40087f6978c36078b0b50cf3d30af5c38d4102204110342c8e7f0809897c1c7a66e49e1c6b7cb0a6ed6993640ec2fe742c1899a9', 'hex')
}

2
test/fixtures/go-stretch-key.js vendored
View File

@ -1,5 +1,5 @@
'use strict'
const { Buffer } = require('buffer')
module.exports = [{
cipher: 'AES-256',
hash: 'SHA256',

1
test/fixtures/secp256k1.js vendored
View File

@ -1,5 +1,6 @@
'use strict'
const { Buffer } = require('buffer')
module.exports = {
// protobuf marshaled key pair generated with libp2p-crypto-secp256k1
// and marshaled with libp2p-crypto.marshalPublicKey / marshalPrivateKey

33
test/helpers/test-garbage-error-handling.js
View File

@ -1,11 +1,7 @@
/* eslint-env mocha */
'use strict'
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const { Buffer } = require('buffer')
const util = require('util')
const garbage = [Buffer.from('00010203040506070809', 'hex'), {}, null, false, undefined, true, 1, 0, Buffer.from(''), 'aGVsbG93b3JsZA==', 'helloworld', '']
@ -19,28 +15,19 @@ function doTests (fncName, fnc, num, skipBuffersAndStrings) {
// skip this garbage because it's a buffer or a string and we were told do do that
return
}
let args = []
const args = []
for (let i = 0; i < num; i++) {
args.push(garbage)
}
it(fncName + '(' + args.map(garbage => util.inspect(garbage)).join(', ') + ')', cb => {
args.push((err, res) => {
expect(err).to.exist()
expect(res).to.not.exist()
cb()
})
fnc.apply(null, args)
it(fncName + '(' + args.map(garbage => util.inspect(garbage)).join(', ') + ')', async () => {
try {
await fnc.apply(null, args)
} catch (err) {
return // expected
}
throw new Error('Expected error to be thrown')
})
})
}
module.exports = (obj, fncs, num) => {
describe('returns error via cb instead of crashing', () => {
fncs.forEach(fnc => {
doTests(fnc, obj[fnc], num)
})
})
}
module.exports.doTests = doTests
module.exports = { doTests }

16
test/hmac/hmac.spec.js
View File

@ -1,7 +1,7 @@
/* eslint max-nested-callbacks: ["error", 8] */
/* eslint-env mocha */
'use strict'
const { Buffer } = require('buffer')
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
@ -13,16 +13,10 @@ const hashes = ['SHA1', 'SHA256', 'SHA512']
describe('HMAC', () => {
hashes.forEach((hash) => {
it(`${hash} - sign and verify`, (done) => {
crypto.hmac.create(hash, Buffer.from('secret'), (err, hmac) => {
expect(err).to.not.exist()
hmac.digest(Buffer.from('hello world'), (err, sig) => {
expect(err).to.not.exist()
expect(sig).to.have.length(hmac.length)
done()
})
})
it(`${hash} - sign and verify`, async () => {
const hmac = await crypto.hmac.create(hash, Buffer.from('secret'))
const sig = await hmac.digest(Buffer.from('hello world'))
expect(sig).to.have.length(hmac.length)
})
})
})

234
test/keys/ed25519.spec.js
View File

@ -1,6 +1,7 @@
/* eslint-env mocha */
'use strict'
const { Buffer } = require('buffer')
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
@ -12,118 +13,76 @@ const fixtures = require('../fixtures/go-key-ed25519')
const testGarbage = require('../helpers/test-garbage-error-handling')
/** @typedef {import("libp2p-crypto").PrivateKey} PrivateKey */
describe('ed25519', function () {
this.timeout(20 * 1000)
// @ts-check
/**
* @type {PrivateKey}
*/
let key
before((done) => {
crypto.keys.generateKeyPair('Ed25519', 512, (err, _key) => {
if (err) return done(err)
key = _key
done()
})
before(async () => {
key = await crypto.keys.generateKeyPair('Ed25519', 512)
})
it('generates a valid key', (done) => {
it('generates a valid key', async () => {
expect(key).to.be.an.instanceof(ed25519.Ed25519PrivateKey)
key.hash((err, digest) => {
if (err) {
return done(err)
}
expect(digest).to.have.length(34)
done()
})
const digest = await key.hash()
expect(digest).to.have.length(34)
})
it('generates a valid key from seed', (done) => {
it('generates a valid key from seed', async () => {
var seed = crypto.randomBytes(32)
crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512, (err, seededkey) => {
if (err) return done(err)
expect(seededkey).to.be.an.instanceof(ed25519.Ed25519PrivateKey)
seededkey.hash((err, digest) => {
if (err) {
return done(err)
}
expect(digest).to.have.length(34)
done()
})
})
const seededkey = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512)
expect(seededkey).to.be.an.instanceof(ed25519.Ed25519PrivateKey)
const digest = await seededkey.hash()
expect(digest).to.have.length(34)
})
it('generates the same key from the same seed', (done) => {
var seed = crypto.randomBytes(32)
crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512, (err, seededkey1) => {
if (err) return done(err)
crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512, (err, seededkey2) => {
if (err) return done(err)
expect(seededkey1.equals(seededkey2)).to.eql(true)
expect(seededkey1.public.equals(seededkey2.public)).to.eql(true)
done()
})
})
it('generates the same key from the same seed', async () => {
const seed = crypto.randomBytes(32)
const seededkey1 = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512)
const seededkey2 = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed, 512)
expect(seededkey1.equals(seededkey2)).to.eql(true)
expect(seededkey1.public.equals(seededkey2.public)).to.eql(true)
})
it('generates different keys for different seeds', (done) => {
it('generates different keys for different seeds', async () => {
const seed1 = crypto.randomBytes(32)
crypto.keys.generateKeyPairFromSeed('Ed25519', seed1, 512, (err, seededkey1) => {
expect(err).to.not.exist()
const seed2 = crypto.randomBytes(32)
crypto.keys.generateKeyPairFromSeed('Ed25519', seed2, 512, (err, seededkey2) => {
expect(err).to.not.exist()
expect(seededkey1.equals(seededkey2)).to.eql(false)
expect(seededkey1.public.equals(seededkey2.public))
.to.eql(false)
done()
})
})
const seededkey1 = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed1, 512)
const seed2 = crypto.randomBytes(32)
const seededkey2 = await crypto.keys.generateKeyPairFromSeed('Ed25519', seed2, 512)
expect(seededkey1.equals(seededkey2)).to.eql(false)
expect(seededkey1.public.equals(seededkey2.public)).to.eql(false)
})
it('signs', (done) => {
it('signs', async () => {
const text = crypto.randomBytes(512)
key.sign(text, (err, sig) => {
expect(err).to.not.exist()
key.public.verify(text, sig, (err, res) => {
expect(err).to.not.exist()
expect(res).to.be.eql(true)
done()
})
})
const sig = await key.sign(text)
const res = await key.public.verify(text, sig)
expect(res).to.be.eql(true)
})
it('encoding', (done) => {
it('encoding', async () => {
const keyMarshal = key.marshal()
ed25519.unmarshalEd25519PrivateKey(keyMarshal, (err, key2) => {
if (err) {
return done(err)
}
const keyMarshal2 = key2.marshal()
const key2 = await ed25519.unmarshalEd25519PrivateKey(keyMarshal)
const keyMarshal2 = key2.marshal()
expect(keyMarshal).to.eql(keyMarshal2)
expect(keyMarshal).to.eql(keyMarshal2)
const pk = key.public
const pkMarshal = pk.marshal()
const pk2 = ed25519.unmarshalEd25519PublicKey(pkMarshal)
const pkMarshal2 = pk2.marshal()
const pk = key.public
const pkMarshal = pk.marshal()
const pk2 = ed25519.unmarshalEd25519PublicKey(pkMarshal)
const pkMarshal2 = pk2.marshal()
expect(pkMarshal).to.eql(pkMarshal2)
done()
})
expect(pkMarshal).to.eql(pkMarshal2)
})
it('key id', (done) => {
key.id((err, id) => {
expect(err).to.not.exist()
expect(id).to.exist()
expect(id).to.be.a('string')
done()
})
it('key id', async () => {
const id = await key.id()
expect(id).to.exist()
expect(id).to.be.a('string')
})
describe('key equals', () => {
@ -141,86 +100,59 @@ describe('ed25519', function () {
)
})
it('not equals other key', (done) => {
crypto.keys.generateKeyPair('Ed25519', 512, (err, key2) => {
if (err) return done(err)
expect(key.equals(key2)).to.eql(false)
expect(key2.equals(key)).to.eql(false)
expect(key.public.equals(key2.public)).to.eql(false)
expect(key2.public.equals(key.public)).to.eql(false)
done()
})
it('not equals other key', async () => {
const key2 = await crypto.keys.generateKeyPair('Ed25519', 512)
expect(key.equals(key2)).to.eql(false)
expect(key2.equals(key)).to.eql(false)
expect(key.public.equals(key2.public)).to.eql(false)
expect(key2.public.equals(key.public)).to.eql(false)
})
})
it('sign and verify', (done) => {
it('sign and verify', async () => {
const data = Buffer.from('hello world')
key.sign(data, (err, sig) => {
if (err) {
return done(err)
}
key.public.verify(data, sig, (err, valid) => {
if (err) {
return done(err)
}
expect(valid).to.eql(true)
done()
})
})
const sig = await key.sign(data)
const valid = await key.public.verify(data, sig)
expect(valid).to.eql(true)
})
it('fails to verify for different data', (done) => {
it('fails to verify for different data', async () => {
const data = Buffer.from('hello world')
key.sign(data, (err, sig) => {
if (err) {
return done(err)
}
key.public.verify(Buffer.from('hello'), sig, (err, valid) => {
if (err) {
return done(err)
}
expect(valid).to.be.eql(false)
done()
})
})
const sig = await key.sign(data)
const valid = await key.public.verify(Buffer.from('hello'), sig)
expect(valid).to.be.eql(false)
})
describe('returns error via cb instead of crashing', () => {
describe('throws error instead of crashing', () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.verify.publicKey)
testGarbage.doTests('key.verify', key.verify.bind(key), 2)
testGarbage.doTests('crypto.keys.unmarshalPrivateKey', crypto.keys.unmarshalPrivateKey.bind(crypto.keys))
testGarbage.doTests('key.verify', key.verify.bind(key), 2, null)
testGarbage.doTests('crypto.keys.unmarshalPrivateKey', crypto.keys.unmarshalPrivateKey.bind(crypto.keys), null, null)
})
describe('go interop', () => {
let privateKey
before((done) => {
crypto.keys.unmarshalPrivateKey(fixtures.verify.privateKey, (err, key) => {
expect(err).to.not.exist()
privateKey = key
done()
})
})
it('verifies with data from go', (done) => {
// @ts-check
it('verifies with data from go', async () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.verify.publicKey)
key.verify(fixtures.verify.data, fixtures.verify.signature, (err, ok) => {
expect(err).to.not.exist()
expect(ok).to.eql(true)
done()
})
const ok = await key.verify(fixtures.verify.data, fixtures.verify.signature)
expect(ok).to.eql(true)
})
it('generates the same signature as go', (done) => {
privateKey.sign(fixtures.verify.data, (err, sig) => {
expect(err).to.not.exist()
expect(sig).to.eql(fixtures.verify.signature)
done()
})
it('verifies with data from go with redundant public key', async () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.redundantPubKey.publicKey)
const ok = await key.verify(fixtures.redundantPubKey.data, fixtures.redundantPubKey.signature)
expect(ok).to.eql(true)
})
it('generates the same signature as go', async () => {
const key = await crypto.keys.unmarshalPrivateKey(fixtures.verify.privateKey)
const sig = await key.sign(fixtures.verify.data)
expect(sig).to.eql(fixtures.verify.signature)
})
it('generates the same signature as go with redundant public key', async () => {
const key = await crypto.keys.unmarshalPrivateKey(fixtures.redundantPubKey.privateKey)
const sig = await key.sign(fixtures.redundantPubKey.data)
expect(sig).to.eql(fixtures.redundantPubKey.signature)
})
})
})

72
test/keys/ephemeral-keys.spec.js
View File

@ -6,12 +6,15 @@ const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const parallel = require('async/parallel')
const fixtures = require('../fixtures/go-elliptic-key')
const crypto = require('../../src')
const curves = ['P-256', 'P-384'] // 'P-521' fails in tests :( no clue why
// @ts-check
/**
* @type {Record<string, number>}
*/
const lengths = {
'P-256': 65,
'P-384': 97,
@ -25,49 +28,50 @@ const secretLengths = {
describe('generateEphemeralKeyPair', () => {
curves.forEach((curve) => {
it(`generate and shared key ${curve}`, (done) => {
parallel([
(cb) => crypto.keys.generateEphemeralKeyPair(curve, cb),
(cb) => crypto.keys.generateEphemeralKeyPair(curve, cb)
], (err, keys) => {
expect(err).to.not.exist()
expect(keys[0].key).to.have.length(lengths[curve])
expect(keys[1].key).to.have.length(lengths[curve])
it(`generate and shared key ${curve}`, async () => {
const keys = await Promise.all([
crypto.keys.generateEphemeralKeyPair(curve),
crypto.keys.generateEphemeralKeyPair(curve)
])
keys[0].genSharedKey(keys[1].key, (err, shared) => {
expect(err).to.not.exist()
expect(shared).to.have.length(secretLengths[curve])
done()
})
})
expect(keys[0].key).to.have.length(lengths[curve])
expect(keys[1].key).to.have.length(lengths[curve])
const shared = await keys[0].genSharedKey(keys[1].key)
expect(shared).to.have.length(secretLengths[curve])
})
})
describe('go interop', () => {
it('generates a shared secret', (done) => {
it('generates a shared secret', async () => {
const curve = fixtures.curve
parallel([
(cb) => crypto.keys.generateEphemeralKeyPair(curve, cb),
(cb) => crypto.keys.generateEphemeralKeyPair(curve, cb)
], (err, res) => {
expect(err).to.not.exist()
const alice = res[0]
const bob = res[1]
bob.key = fixtures.bob.public
const keys = await Promise.all([
crypto.keys.generateEphemeralKeyPair(curve),
crypto.keys.generateEphemeralKeyPair(curve)
])
parallel([
(cb) => alice.genSharedKey(bob.key, cb),
(cb) => bob.genSharedKey(alice.key, fixtures.bob, cb)
], (err, secrets) => {
expect(err).to.not.exist()
const alice = keys[0]
const bob = keys[1]
bob.key = fixtures.bob.public
expect(secrets[0]).to.eql(secrets[1])
expect(secrets[0]).to.have.length(32)
const secrets = await Promise.all([
alice.genSharedKey(bob.key),
bob.genSharedKey(alice.key, fixtures.bob)
])
done()
})
})
expect(secrets[0]).to.eql(secrets[1])
expect(secrets[0]).to.have.length(32)
})
})
it('handles bad curve name', async () => {
try {
await crypto.keys.generateEphemeralKeyPair('bad name')
} catch (err) {
expect(err.code).equals('ERR_INVALID_CURVE')
return
}
expect.fail('Did not throw error')
})
})

66
test/keys/key-stretcher.spec.js
View File

@ -6,6 +6,7 @@ const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const { expectErrCode } = require('../util')
const crypto = require('../../src')
const fixtures = require('../fixtures/go-stretch-key')
@ -14,62 +15,51 @@ describe('keyStretcher', () => {
const ciphers = ['AES-128', 'AES-256', 'Blowfish']
const hashes = ['SHA1', 'SHA256', 'SHA512']
let res
// @ts-check
/**
* @type {Buffer}
*/
let secret
before((done) => {
crypto.keys.generateEphemeralKeyPair('P-256', (err, _res) => {
if (err) {
return done(err)
}
res = _res
res.genSharedKey(res.key, (err, _secret) => {
if (err) {
return done(err)
}
secret = _secret
done()
})
})
before(async () => {
res = await crypto.keys.generateEphemeralKeyPair('P-256')
secret = await res.genSharedKey(res.key)
})
ciphers.forEach((cipher) => {
hashes.forEach((hash) => {
it(`${cipher} - ${hash}`, (done) => {
crypto.keys.keyStretcher(cipher, hash, secret, (err, keys) => {
if (err) {
return done(err)
}
expect(keys.k1).to.exist()
expect(keys.k2).to.exist()
done()
})
it(`${cipher} - ${hash}`, async () => {
const keys = await crypto.keys.keyStretcher(cipher, hash, secret)
expect(keys.k1).to.exist()
expect(keys.k2).to.exist()
})
})
})
it('handles invalid cipher type', () => {
return expectErrCode(crypto.keys.keyStretcher('invalid-cipher', 'SHA256', 'secret'), 'ERR_INVALID_CIPHER_TYPE')
})
it('handles missing hash type', () => {
return expectErrCode(crypto.keys.keyStretcher('AES-128', '', 'secret'), 'ERR_MISSING_HASH_TYPE')
})
})
describe('go interop', () => {
fixtures.forEach((test) => {
it(`${test.cipher} - ${test.hash}`, (done) => {
it(`${test.cipher} - ${test.hash}`, async () => {
const cipher = test.cipher
const hash = test.hash
const secret = test.secret
crypto.keys.keyStretcher(cipher, hash, secret, (err, keys) => {
if (err) {
return done(err)
}
const keys = await crypto.keys.keyStretcher(cipher, hash, secret)
expect(keys.k1.iv).to.be.eql(test.k1.iv)
expect(keys.k1.cipherKey).to.be.eql(test.k1.cipherKey)
expect(keys.k1.macKey).to.be.eql(test.k1.macKey)
expect(keys.k1.iv).to.be.eql(test.k1.iv)
expect(keys.k1.cipherKey).to.be.eql(test.k1.cipherKey)
expect(keys.k1.macKey).to.be.eql(test.k1.macKey)
expect(keys.k2.iv).to.be.eql(test.k2.iv)
expect(keys.k2.cipherKey).to.be.eql(test.k2.cipherKey)
expect(keys.k2.macKey).to.be.eql(test.k2.macKey)
done()
})
expect(keys.k2.iv).to.be.eql(test.k2.iv)
expect(keys.k2.cipherKey).to.be.eql(test.k2.cipherKey)
expect(keys.k2.macKey).to.be.eql(test.k2.macKey)
})
})
})

53
test/keys/rsa-crypto-libs.js Normal file
View File

@ -0,0 +1,53 @@
'use strict'
/* eslint-env mocha */
/* eslint max-nested-callbacks: ["error", 8] */
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
chai.use(require('chai-string'))
const LIBS = ['ursa', 'keypair']
describe('RSA crypto libs', function () {
this.timeout(20 * 1000)
LIBS.forEach(lib => {
describe(lib, () => {
let crypto
let rsa
before(() => {
process.env.LP2P_FORCE_CRYPTO_LIB = lib
for (const path in require.cache) { // clear module cache
if (path.endsWith('.js')) {
delete require.cache[path]
}
}
crypto = require('../../src')
rsa = crypto.keys.supportedKeys.rsa
})
it('generates a valid key', async () => {
const key = await crypto.keys.generateKeyPair('RSA', 512)
expect(key).to.be.an.instanceof(rsa.RsaPrivateKey)
const digest = await key.hash()
expect(digest).to.have.length(34)
})
after(() => {
for (const path in require.cache) { // clear module cache
if (path.endsWith('.js')) {
delete require.cache[path]
}
}
delete process.env.LP2P_FORCE_CRYPTO_LIB
})
})
})
})

341
test/keys/rsa.spec.js
View File

@ -2,11 +2,13 @@
/* eslint-env mocha */
'use strict'
const { Buffer } = require('buffer')
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
chai.use(require('chai-string'))
const { expectErrCode } = require('../util')
const crypto = require('../../src')
const rsa = crypto.keys.supportedKeys.rsa
@ -14,79 +16,52 @@ const fixtures = require('../fixtures/go-key-rsa')
const testGarbage = require('../helpers/test-garbage-error-handling')
/** @typedef {import('libp2p-crypto').keys.supportedKeys.rsa.RsaPrivateKey} RsaPrivateKey */
describe('RSA', function () {
this.timeout(20 * 1000)
// @ts-check
/**
* @type {RsaPrivateKey}
*/
let key
before((done) => {
crypto.keys.generateKeyPair('RSA', 2048, (err, _key) => {
if (err) {
return done(err)
}
key = _key
done()
})
before(async () => {
key = await rsa.generateKeyPair(512)
})
it('generates a valid key', (done) => {
it('generates a valid key', async () => {
expect(key).to.be.an.instanceof(rsa.RsaPrivateKey)
key.hash((err, digest) => {
if (err) {
return done(err)
}
expect(digest).to.have.length(34)
done()
})
const digest = await key.hash()
expect(digest).to.have.length(34)
})
it('signs', (done) => {
it('signs', async () => {
const text = key.genSecret()
key.sign(text, (err, sig) => {
if (err) {
return done(err)
}
key.public.verify(text, sig, (err, res) => {
if (err) {
return done(err)
}
expect(res).to.be.eql(true)
done()
})
})
const sig = await key.sign(text)
const res = await key.public.verify(text, sig)
expect(res).to.be.eql(true)
})
it('encoding', (done) => {
it('encoding', async () => {
const keyMarshal = key.marshal()
rsa.unmarshalRsaPrivateKey(keyMarshal, (err, key2) => {
if (err) {
return done(err)
}
const keyMarshal2 = key2.marshal()
const key2 = await rsa.unmarshalRsaPrivateKey(keyMarshal)
const keyMarshal2 = key2.marshal()
expect(keyMarshal).to.eql(keyMarshal2)
expect(keyMarshal).to.eql(keyMarshal2)
const pk = key.public
const pkMarshal = pk.marshal()
const pk2 = rsa.unmarshalRsaPublicKey(pkMarshal)
const pkMarshal2 = pk2.marshal()
const pk = key.public
const pkMarshal = pk.marshal()
const pk2 = rsa.unmarshalRsaPublicKey(pkMarshal)
const pkMarshal2 = pk2.marshal()
expect(pkMarshal).to.eql(pkMarshal2)
done()
})
expect(pkMarshal).to.eql(pkMarshal2)
})
it('key id', (done) => {
key.id((err, id) => {
expect(err).to.not.exist()
expect(id).to.exist()
expect(id).to.be.a('string')
done()
})
it('key id', async () => {
const id = await key.id()
expect(id).to.exist()
expect(id).to.be.a('string')
})
describe('key equals', () => {
@ -96,114 +71,106 @@ describe('RSA', function () {
expect(key.public.equals(key.public)).to.eql(true)
})
it('not equals other key', (done) => {
crypto.keys.generateKeyPair('RSA', 2048, (err, key2) => {
if (err) {
return done(err)
}
expect(key.equals(key2)).to.eql(false)
expect(key2.equals(key)).to.eql(false)
expect(key.public.equals(key2.public)).to.eql(false)
expect(key2.public.equals(key.public)).to.eql(false)
done()
})
it('not equals other key', async () => {
const key2 = await crypto.keys.generateKeyPair('RSA', 512)
expect(key.equals(key2)).to.eql(false)
expect(key2.equals(key)).to.eql(false)
expect(key.public.equals(key2.public)).to.eql(false)
expect(key2.public.equals(key.public)).to.eql(false)
})
})
it('sign and verify', (done) => {
it('sign and verify', async () => {
const data = Buffer.from('hello world')
key.sign(data, (err, sig) => {
if (err) {
return done(err)
}
key.public.verify(data, sig, (err, valid) => {
if (err) {
return done(err)
}
expect(valid).to.be.eql(true)
done()
})
})
const sig = await key.sign(data)
const valid = await key.public.verify(data, sig)
expect(valid).to.be.eql(true)
})
it('fails to verify for different data', (done) => {
it('encrypt and decrypt', async () => {
const data = Buffer.from('hello world')
key.sign(data, (err, sig) => {
if (err) {
return done(err)
}
const enc = await key.public.encrypt(data)
const dec = await key.decrypt(enc)
expect(dec).to.be.eql(data)
})
key.public.verify(Buffer.from('hello'), sig, (err, valid) => {
if (err) {
return done(err)
}
expect(valid).to.be.eql(false)
done()
})
})
it('encrypt decrypt browser/node interop', async () => {
// @ts-check
/**
* @type {any}
*/
const id = await crypto.keys.unmarshalPrivateKey(Buffer.from('CAASqAkwggSkAgEAAoIBAQCk0O+6oNRxhcdZe2GxEDrFBkDV4TZFZnp2ly/dL1cGMBql/8oXPZgei6h7+P5zzfDq2YCfwbjbf0IVY1AshRl6B5VGE1WS+9p1y1OZxJf5os6V1ENnTi6FTcyuBl4BN8dmIKOif0hqgqflaT5OhfYZDXfbJyVQj4vb2+Stu2Xpph3nwqAnTw/7GC/7jrt2Cq6Tu1PoZi36wSwEPYW3eQ1HAYxZjTYYDXl2iyHygnTcbkGRwAQ7vjk+mW7u60zyoolCm9f6Y7c/orJ33DDUocbaGJLlHcfd8bioBwaZy/2m7q43X8pQs0Q1/iwUt0HHZj1YARmHKbh0zR31ciFiV37dAgMBAAECggEADtJBNKnA4QKURj47r0YT2uLwkqtBi6UnDyISalQXAdXyl4n0nPlrhBewC5H9I+HZr+zmTbeIjaiYgz7el1pSy7AB4v7bG7AtWZlyx6mvtwHGjR+8/f3AXjl8Vgv5iSeAdXUq8fJ7SyS7v3wi38HZOzCEXj9bci6ud5ODMYJgLE4gZD0+i1+/V9cpuYfGpS/gLTLEMQLiw/9o8NSZ7sAnxg0UlYhotqaQY23hvXPBOe+0oa95zl2n6XTxCafa3dQl/B6CD1tUq9dhbQew4bxqMq/mhRO9pREEqZ083Uh+u4PTc1BeHgIQaS864pHPb+AY1F7KDvPtHhdojnghp8d70QKBgQDeRYFxo6sd04ohY86Z/i9icVYIyCvfXAKnaMKeGUjK7ou6sDJwFX8W97+CzXpZ/vffsk/l5GGhC50KqrITxHAy/h5IjyDODfps7NMIp0Dm9sO4PWibbw3OOVBRc8w3b3i7I8MrUUA1nLHE1T1HA1rKOTz5jYhE0fi9XKiT1ciKOQKBgQC903w+n9y7M7eaMW7Z5/13kZ7PS3HlM681eaPrk8J4J+c6miFF40/8HOsmarS38v0fgTeKkriPz5A7aLzRHhSiOnp350JNM6c3sLwPEs2qx/CRuWWx1rMERatfDdUH6mvlK6QHu0QgSfQR27EO6a6XvVSJXbvFmimjmtIaz/IpxQKBgQDWJ9HYVAGC81abZTaiWK3/A4QJYhQjWNuVwPICsgnYvI4Uib+PDqcs0ffLZ38DRw48kek5bxpBuJbOuDhro1EXUJCNCJpq7jzixituovd9kTRyR3iKii2bDM2+LPwOTXDdnk9lZRugjCEbrPkleq33Ob7uEtfAty4aBTTHe6uEwQKBgQCB+2q8RyMSXNuADhFlzOFXGrOwJm0bEUUMTPrduRQUyt4e1qOqA3klnXe3mqGcxBpnlEe/76/JacvNom6Ikxx16a0qpYRU8OWz0KU1fR6vrrEgV98241k5t6sdL4+MGA1Bo5xyXtzLb1hdUh3vpDwVU2OrnC+To3iXus/b5EBiMQKBgEI1OaBcFiyjgLGEyFKoZbtzH1mdatTExfrAQqCjOVjQByoMpGhHTXwEaosvyYu63Pa8AJPT7juSGaiKYEJFcXO9BiNyVfmQiqSHJcYeuh+fmO9IlHRHgy5xaIIC00AHS2vC/gXwmXAdPis6BZqDJeiCuOLWJ94QXn8JBT8IgGAI', 'base64'))
const msg = Buffer.from('hello')
// browser
const dec1 = id.decrypt(Buffer.from('YRFUDx8UjbWSfDS84cDA4WowaaOmd1qFNAv5QutodCKYb9uPtU/tDiAvJzOGu5DCJRo2J0l/35P2weiB4/C2Cb1aZgXKMx/QQC+2jSJiymhqcZaYerjTvkCFwkjCaqthoVo/YXxsaFZ1q7bdTZUDH1TaJR7hWfSyzyPcA8c0w43MIsw16pY8ZaPSclvnCwhoTg1JGjMk6te3we7+wR8QU7VrPhs54mZWxrpu3NQ8xZ6xQqIedsEiNhBUccrCSzYghgsP0Ae/8iKyGyl3U6IegsJNn8jcocvzOJrmU03rgIFPjvuBdaqB38xDSTjbA123KadB28jNoSZh18q/yH3ZIg==', 'base64'))
expect(dec1).to.be.eql(msg)
// node
const dec2 = id.decrypt(Buffer.from('e6yxssqXsWc27ozDy0PGKtMkCS28KwFyES2Ijz89yiz+w6bSFkNOhHPKplpPzgQEuNoUGdbseKlJFyRYHjIT8FQFBHZM8UgSkgoimbY5on4xSxXs7E5/+twjqKdB7oNveTaTf7JCwaeUYnKSjbiYFEawtMiQE91F8sTT7TmSzOZ48tUhnddAAZ3Ac/O3Z9MSAKOCDipi+JdZtXRT8KimGt36/7hjjosYmPuHR1Xy/yMTL6SMbXtBM3yAuEgbQgP+q/7kHMHji3/JvTpYdIUU+LVtkMusXNasRA+UWG2zAht18vqjFMsm9JTiihZw9jRHD4vxAhf75M992tnC+0ZuQg==', 'base64'))
expect(dec2).to.be.eql(msg)
})
it('fails to verify for different data', async () => {
const data = Buffer.from('hello world')
const sig = await key.sign(data)
const valid = await key.public.verify(Buffer.from('hello'), sig)
expect(valid).to.be.eql(false)
})
describe('export and import', () => {
it('password protected PKCS #8', (done) => {
key.export('pkcs-8', 'my secret', (err, pem) => {
expect(err).to.not.exist()
expect(pem).to.startsWith('-----BEGIN ENCRYPTED PRIVATE KEY-----')
crypto.keys.import(pem, 'my secret', (err, clone) => {
expect(err).to.not.exist()
expect(clone).to.exist()
expect(key.equals(clone)).to.eql(true)
done()
})
})
it('password protected PKCS #8', async () => {
const pem = await key.export('my secret', 'pkcs-8')
expect(pem).to.startsWith('-----BEGIN ENCRYPTED PRIVATE KEY-----')
const clone = await crypto.keys.import(pem, 'my secret')
expect(clone).to.exist()
expect(key.equals(clone)).to.eql(true)
})
it('defaults to PKCS #8', (done) => {
key.export('another secret', (err, pem) => {
expect(err).to.not.exist()
expect(pem).to.startsWith('-----BEGIN ENCRYPTED PRIVATE KEY-----')
crypto.keys.import(pem, 'another secret', (err, clone) => {
expect(err).to.not.exist()
expect(clone).to.exist()
expect(key.equals(clone)).to.eql(true)
done()
})
})
it('defaults to PKCS #8', async () => {
const pem = await key.export('another secret')
expect(pem).to.startsWith('-----BEGIN ENCRYPTED PRIVATE KEY-----')
const clone = await crypto.keys.import(pem, 'another secret')
expect(clone).to.exist()
expect(key.equals(clone)).to.eql(true)
})
it('needs correct password', (done) => {
key.export('another secret', (err, pem) => {
expect(err).to.not.exist()
crypto.keys.import(pem, 'not the secret', (err, clone) => {
expect(err).to.exist()
done()
})
})
it('needs correct password', async () => {
const pem = await key.export('another secret')
try {
await crypto.keys.import(pem, 'not the secret')
} catch (err) {
return // expected
}
throw new Error('Expected error to be thrown')
})
it('handles invalid export type', () => {
return expectErrCode(key.export('secret', 'invalid-type'), 'ERR_INVALID_EXPORT_FORMAT')
})
})
describe('returns error via cb instead of crashing', () => {
describe('throws error instead of crashing', () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.verify.publicKey)
testGarbage.doTests('key.verify', key.verify.bind(key), 2, true)
testGarbage.doTests('crypto.keys.unmarshalPrivateKey', crypto.keys.unmarshalPrivateKey.bind(crypto.keys))
testGarbage.doTests(
'crypto.keys.unmarshalPrivateKey',
crypto.keys.unmarshalPrivateKey.bind(crypto.keys),
null,
null
)
})
describe('go interop', () => {
it('verifies with data from go', (done) => {
it('verifies with data from go', async () => {
const key = crypto.keys.unmarshalPublicKey(fixtures.verify.publicKey)
key.verify(fixtures.verify.data, fixtures.verify.signature, (err, ok) => {
if (err) throw err
expect(err).to.not.exist()
expect(ok).to.equal(true)
done()
})
const ok = await key.verify(fixtures.verify.data, fixtures.verify.signature)
expect(ok).to.equal(true)
})
})
describe('openssl interop', () => {
it('can read a private key', (done) => {
it('can read a private key', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
@ -251,19 +218,14 @@ gnjREs10u7zyqBIZH7KYVgyh27WxLr859ap8cKAH6Fb+UOPtZo3sUeeume60aebn
4pMwXeXP+LO8NIfRXV8mgrm86g==
-----END PRIVATE KEY-----
`
crypto.keys.import(pem, '', (err, key) => {
expect(err).to.not.exist()
expect(key).to.exist()
key.id((err, id) => {
expect(err).to.not.exist()
expect(id).to.equal('QmfWu2Xp8DZzCkZZzoPB9rcrq4R4RZid6AWE6kmrUAzuHy')
done()
})
})
const key = await crypto.keys.import(pem, '')
expect(key).to.exist()
const id = await key.id()
expect(id).to.equal('QmfWu2Xp8DZzCkZZzoPB9rcrq4R4RZid6AWE6kmrUAzuHy')
})
// AssertionError: expected 'this only supports pkcs5PBES2' to not exist
it.skip('can read a private encrypted key (v1)', (done) => {
it.skip('can read a private encrypted key (v1)', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
@ -290,15 +252,43 @@ mBdkD5r+ixWF174naw53L8U9wF8kiK7pIE1N9TR4USEeovLwX6Ni/2MMDZedOfof
0uxzo5Y=
-----END ENCRYPTED PRIVATE KEY-----
`
crypto.keys.import(pem, 'mypassword', (err, key) => {
expect(err).to.not.exist()
expect(key).to.exist()
done()
})
const key = await crypto.keys.import(pem, 'mypassword')
expect(key).to.exist()
})
// AssertionError: expected 'this only supports TripleDES' to not exist
it.skip('can read a private encrypted key (v2 aes-256-cbc)', (done) => {
it('can read a private encrypted key (v2 aes-128-cbc)', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
* -pkeyopt rsa_keygen_bits:1024
* -pkeyopt rsa_keygen_pubexp:65537
* -out foo.pem
* openssl pkcs8 -in foo.pem -topk8 -v2 aes-128-cbc -passout pass:mypassword
*/
const pem = `-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIP5QK2RfqUl4CAggA
MB0GCWCGSAFlAwQBAgQQj3OyM9gnW2dd/eRHkxjGrgSCAoCpM5GZB0v27cxzZsGc
O4/xqgwB0c/bSJ6QogtYU2KVoc7ZNQ5q9jtzn3I4ONvneOkpm9arzYz0FWnJi2C3
BPiF0D1NkfvjvMLv56bwiG2A1oBECacyAb2pXYeJY7SdtYKvcbgs3jx65uCm6TF2
BylteH+n1ewTQN9DLfASp1n81Ajq9lQGaK03SN2MUtcAPp7N9gnxJrlmDGeqlPRs
KpQYRcot+kE6Ew8a5jAr7mAxwpqvr3SM4dMvADZmRQsM4Uc/9+YMUdI52DG87EWc
0OUB+fnQ8jw4DZgOE9KKM5/QTWc3aEw/dzXr/YJsrv01oLazhqVHnEMG0Nfr0+DP
q+qac1AsCsOb71VxaRlRZcVEkEfAq3gidSPD93qmlDrCnmLYTilcLanXUepda7ez
qhjkHtpwBLN5xRZxOn3oUuLGjk8VRwfmFX+RIMYCyihjdmbEDYpNUVkQVYFGi/F/
1hxOyl9yhGdL0hb9pKHH10GGIgoqo4jSTLlb4ennihGMHCjehAjLdx/GKJkOWShy
V9hj8rAuYnRNb+tUW7ChXm1nLq14x9x1tX0ciVVn3ap/NoMkbFTr8M3pJ4bQlpAn
wCT2erYqwQtgSpOJcrFeph9TjIrNRVE7Zlmr7vayJrB/8/oPssVdhf82TXkna4fB
PcmO0YWLa117rfdeNM/Duy0ThSdTl39Qd+4FxqRZiHjbt+l0iSa/nOjTv1TZ/QqF
wqrO6EtcM45fbFJ1Y79o2ptC2D6MB4HKJq9WCt064/8zQCVx3XPbb3X8Z5o/6koy
ePGbz+UtSb9xczvqpRCOiFLh2MG1dUgWuHazjOtUcVWvilKnkjCMzZ9s1qG0sUDj
nPyn
-----END ENCRYPTED PRIVATE KEY-----
`
const key = await crypto.keys.import(pem, 'mypassword')
expect(key).to.exist()
})
it('can read a private encrypted key (v2 aes-256-cbc)', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
@ -326,14 +316,42 @@ mBUuWAZMpz7njBi7h+JDfmSW/GAaMwrVFC2gef5375R0TejAh+COAjItyoeYEvv8
DQd8
-----END ENCRYPTED PRIVATE KEY-----
`
crypto.keys.import(pem, 'mypassword', (err, key) => {
expect(err).to.not.exist()
expect(key).to.exist()
done()
})
const key = await crypto.keys.import(pem, 'mypassword')
expect(key).to.exist()
})
it('can read a private encrypted key (v2 des3)', (done) => {
it('can read a private encrypted key (v2 des)', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
* -pkeyopt rsa_keygen_bits:1024
* -pkeyopt rsa_keygen_pubexp:65537
* -out foo.pem
* openssl pkcs8 -in foo.pem -topk8 -v2 des -passout pass:mypassword
*/
const pem = `-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQI0lXp62ozXvwCAggA
MBEGBSsOAwIHBAiR3Id5vH0u4wSCAoDQQYOrrkPFPIa0S5fQGXnJw1F/66g92Gs1
TkGydn4ouabWb++Vbi2chee1oyZsN2l8YNzDi0Gb2PfjsGpg2aJk0a3/efgA0u6T
leEH1dA/7Hr9NVspgHkaXpHt3X6wdbznLYJeAelfj7sDXpOkULGWCkCst0Txb6bi
Oxv4c0yYykiuUrp+2xvHbF9c2PrcDb58u/OBZcCg3QB1gTugQKM+ZIBRhcTEFLrm
8gWbzBfwYiUm6aJce4zoafP0NSlEOBbpbr73A08Q1IK6pISwltOUhhTvspSZnK41
y2CHt5Drnpl1pfOw9Q0svO3VrUP+omxP1SFP17ZfaRGw2uHd08HJZs438x5dIQoH
QgjlZ8A5rcT3FjnytSh3fln2ZxAGuObghuzmOEL/+8fkGER9QVjmQlsL6OMfB4j4
ZAkLf74uaTdegF3SqDQaGUwWgk7LyualmUXWTBoeP9kRIsRQLGzAEmd6duBPypED
HhKXP/ZFA1kVp3x1fzJ2llMFB3m1JBwy4PiohqrIJoR+YvKUvzVQtbOjxtCEAj87
JFnlQj0wjTd6lfNn+okewMNjKINZx+08ui7XANNU/l18lHIIz3ssXJSmqMW+hRZ9
9oB2tntLrnRMhkVZDVHadq7eMFOPu0rkekuaZm9CO2vu4V7Qa2h+gOoeczYza0H7
A+qCKbprxyL8SKI5vug2hE+mfC1leXVRtUYm1DnE+oet99bFd0fN20NwTw0rOeRg
0Z+/ZpQNizrXxfd3sU7zaJypWCxZ6TD/U/AKBtcb2gqmUjObZhbfbWq6jU2Ye//w
EBqQkwAUXR1tNekF8CWLOrfC/wbLRxVRkayb8bQUfdgukLpz0bgw
-----END ENCRYPTED PRIVATE KEY-----
`
const key = await crypto.keys.import(pem, 'mypassword')
expect(key).to.exist()
})
it('can read a private encrypted key (v2 des3)', async () => {
/*
* Generated with
* openssl genpkey -algorithm RSA
@ -360,11 +378,8 @@ NT2TO3kSzXpQ5M2VjOoHPm2fqxD/js+ThDB3QLi4+C7HqakfiTY1lYzXl9/vayt6
DUD29r9pYL9ErB9tYko2rat54EY7k7Ts6S5jf+8G7Zz234We1APhvqaG
-----END ENCRYPTED PRIVATE KEY-----
`
crypto.keys.import(pem, 'mypassword', (err, key) => {
expect(err).to.not.exist()
expect(key).to.exist()
done()
})
const key = await crypto.keys.import(pem, 'mypassword')
expect(key).to.exist()
})
})
})

330
test/keys/secp256k1.spec.js
View File

@ -1,99 +1,267 @@
/* eslint-env mocha */
'use strict'
const { Buffer } = require('buffer')
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const fixtures = require('../fixtures/secp256k1')
const crypto = require('../../src')
const secp256k1 = crypto.keys.supportedKeys.secp256k1
const keysPBM = crypto.keys.keysPBM
const randomBytes = crypto.randomBytes
const secp256k1Crypto = require('../../src/keys/secp256k1')(randomBytes)
const mockPublicKey = {
bytes: fixtures.pbmPublicKey
}
const mockPrivateKey = {
bytes: fixtures.pbmPrivateKey,
public: mockPublicKey
}
const mockSecp256k1Module = {
generateKeyPair (bits, callback) {
callback(null, mockPrivateKey)
},
unmarshalSecp256k1PrivateKey (buf, callback) {
callback(null, mockPrivateKey)
},
unmarshalSecp256k1PublicKey (buf) {
return mockPublicKey
}
}
describe('without libp2p-crypto-secp256k1 module present', () => {
crypto.keys.supportedKeys.secp256k1 = undefined
it('fails to generate a secp256k1 key', (done) => {
crypto.keys.generateKeyPair('secp256k1', 256, (err, key) => {
expect(err).to.exist()
expect(key).to.not.exist()
done()
})
})
it('fails to unmarshal a secp256k1 private key', (done) => {
crypto.keys.unmarshalPrivateKey(fixtures.pbmPrivateKey, (err, key) => {
expect(err).to.exist()
expect(key).to.not.exist()
done()
})
})
it('fails to unmarshal a secp256k1 public key', () => {
expect(() => {
crypto.keys.unmarshalPublicKey(fixtures.pbmPublicKey)
}).to.throw(Error)
})
})
describe('with libp2p-crypto-secp256k1 module present', () => {
describe('secp256k1 keys', () => {
let key
before((done) => {
crypto.keys.supportedKeys.secp256k1 = mockSecp256k1Module
crypto.keys.generateKeyPair('secp256k1', 256, (err, _key) => {
if (err) return done(err)
key = _key
done()
before(async () => {
key = await secp256k1.generateKeyPair()
})
it('generates a valid key', async () => {
expect(key).to.be.an.instanceof(secp256k1.Secp256k1PrivateKey)
expect(key.public).to.be.an.instanceof(secp256k1.Secp256k1PublicKey)
const digest = await key.hash()
expect(digest).to.have.length(34)
const publicDigest = await key.public.hash()
expect(publicDigest).to.have.length(34)
})
it('optionally accepts a `bits` argument when generating a key', async () => {
const _key = await secp256k1.generateKeyPair()
expect(_key).to.be.an.instanceof(secp256k1.Secp256k1PrivateKey)
})
it('signs', async () => {
const text = randomBytes(512)
const sig = await key.sign(text)
const res = await key.public.verify(text, sig)
expect(res).to.equal(true)
})
it('encoding', async () => {
const keyMarshal = key.marshal()
const key2 = await secp256k1.unmarshalSecp256k1PrivateKey(keyMarshal)
const keyMarshal2 = key2.marshal()
expect(keyMarshal).to.eql(keyMarshal2)
const pk = key.public
const pkMarshal = pk.marshal()
const pk2 = secp256k1.unmarshalSecp256k1PublicKey(pkMarshal)
const pkMarshal2 = pk2.marshal()
expect(pkMarshal).to.eql(pkMarshal2)
})
it('key id', async () => {
const id = await key.id()
expect(id).to.exist()
expect(id).to.be.a('string')
})
describe('key equals', () => {
it('equals itself', () => {
expect(key.equals(key)).to.eql(true)
expect(key.public.equals(key.public)).to.eql(true)
})
it('not equals other key', async () => {
const key2 = await secp256k1.generateKeyPair()
expect(key.equals(key2)).to.eql(false)
expect(key2.equals(key)).to.eql(false)
expect(key.public.equals(key2.public)).to.eql(false)
expect(key2.public.equals(key.public)).to.eql(false)
})
})
after((done) => {
delete crypto.keys.secp256k1
done()
it('sign and verify', async () => {
const data = Buffer.from('hello world')
const sig = await key.sign(data)
const valid = await key.public.verify(data, sig)
expect(valid).to.eql(true)
})
it('generates a valid key', (done) => {
expect(key).to.exist()
done()
})
it('protobuf encoding', (done) => {
const keyMarshal = crypto.keys.marshalPrivateKey(key)
crypto.keys.unmarshalPrivateKey(keyMarshal, (err, key2) => {
if (err) return done(err)
const keyMarshal2 = crypto.keys.marshalPrivateKey(key2)
expect(keyMarshal).to.eql(keyMarshal2)
const pk = key.public
const pkMarshal = crypto.keys.marshalPublicKey(pk)
const pk2 = crypto.keys.unmarshalPublicKey(pkMarshal)
const pkMarshal2 = crypto.keys.marshalPublicKey(pk2)
expect(pkMarshal).to.eql(pkMarshal2)
done()
})
it('fails to verify for different data', async () => {
const data = Buffer.from('hello world')
const sig = await key.sign(data)
const valid = await key.public.verify(Buffer.from('hello'), sig)
expect(valid).to.eql(false)
})
})
describe('key generation error', () => {
let generateKey
let secp256k1
before(() => {
generateKey = secp256k1Crypto.generateKey
secp256k1 = require('../../src/keys/secp256k1-class')(keysPBM, randomBytes, secp256k1Crypto)
secp256k1Crypto.generateKey = () => { throw new Error('Error generating key') }
})
after(() => {
secp256k1Crypto.generateKey = generateKey
})
it('returns an error if key generation fails', async () => {
try {
await secp256k1.generateKeyPair()
} catch (err) {
return expect(err.message).to.equal('Error generating key')
}
throw new Error('Expected error to be thrown')
})
})
describe('handles generation of invalid key', () => {
let generateKey
let secp256k1
before(() => {
generateKey = secp256k1Crypto.generateKey
secp256k1 = require('../../src/keys/secp256k1-class')(keysPBM, randomBytes, secp256k1Crypto)
secp256k1Crypto.generateKey = () => Buffer.from('not a real key')
})
after(() => {
secp256k1Crypto.generateKey = generateKey
})
it('returns an error if key generator returns an invalid key', async () => {
try {
await secp256k1.generateKeyPair()
} catch (err) {
return expect(err.message).to.equal('Expected private key to be an Uint8Array with length 32')
}
throw new Error('Expected error to be thrown')
})
})
describe('crypto functions', () => {
let privKey
let pubKey
before(async () => {
privKey = await secp256k1Crypto.generateKey()
pubKey = secp256k1Crypto.computePublicKey(privKey)
})
it('generates valid keys', () => {
expect(() => {
secp256k1Crypto.validatePrivateKey(privKey)
secp256k1Crypto.validatePublicKey(pubKey)
}).to.not.throw()
})
it('does not validate an invalid key', () => {
expect(() => secp256k1Crypto.validatePublicKey(Buffer.from('42'))).to.throw()
expect(() => secp256k1Crypto.validatePrivateKey(Buffer.from('42'))).to.throw()
})
it('validates a correct signature', async () => {
const sig = await secp256k1Crypto.hashAndSign(privKey, Buffer.from('hello'))
const valid = await secp256k1Crypto.hashAndVerify(pubKey, sig, Buffer.from('hello'))
expect(valid).to.equal(true)
})
it('errors if given a null buffer to sign', async () => {
try {
await secp256k1Crypto.hashAndSign(privKey, null)
} catch (err) {
return // expected
}
throw new Error('Expected error to be thrown')
})
it('errors when signing with an invalid key', async () => {
try {
await secp256k1Crypto.hashAndSign(Buffer.from('42'), Buffer.from('Hello'))
} catch (err) {
return expect(err.message).to.equal('Expected private key to be an Uint8Array with length 32')
}
throw new Error('Expected error to be thrown')
})
it('errors if given a null buffer to validate', async () => {
const sig = await secp256k1Crypto.hashAndSign(privKey, Buffer.from('hello'))
try {
await secp256k1Crypto.hashAndVerify(privKey, sig, null)
} catch (err) {
return // expected
}
throw new Error('Expected error to be thrown')
})
it('errors when validating a message with an invalid signature', async () => {
try {
await secp256k1Crypto.hashAndVerify(pubKey, Buffer.from('invalid-sig'), Buffer.from('hello'))
} catch (err) {
return expect(err.message).to.equal('Signature could not be parsed')
}
throw new Error('Expected error to be thrown')
})
it('errors when signing with an invalid key', async () => {
try {
await secp256k1Crypto.hashAndSign(Buffer.from('42'), Buffer.from('Hello'))
} catch (err) {
return expect(err.message).to.equal('Expected private key to be an Uint8Array with length 32')
}
throw new Error('Expected error to be thrown')
})
it('throws when compressing an invalid public key', () => {
expect(() => secp256k1Crypto.compressPublicKey(Buffer.from('42'))).to.throw()
})
it('throws when decompressing an invalid public key', () => {
expect(() => secp256k1Crypto.decompressPublicKey(Buffer.from('42'))).to.throw()
})
it('compresses/decompresses a valid public key', () => {
const decompressed = secp256k1Crypto.decompressPublicKey(pubKey)
expect(decompressed).to.exist()
expect(decompressed.length).to.be.eql(65)
const recompressed = secp256k1Crypto.compressPublicKey(decompressed)
expect(recompressed).to.eql(pubKey)
})
})
describe('go interop', () => {
const fixtures = require('../fixtures/go-key-secp256k1')
it('loads a private key marshaled by go-libp2p-crypto', async () => {
// we need to first extract the key data from the protobuf, which is
// normally handled by js-libp2p-crypto
const decoded = keysPBM.PrivateKey.decode(fixtures.privateKey)
expect(decoded.Type).to.eql(keysPBM.KeyType.Secp256k1)
const key = await secp256k1.unmarshalSecp256k1PrivateKey(decoded.Data)
expect(key).to.be.an.instanceof(secp256k1.Secp256k1PrivateKey)
expect(key.bytes).to.eql(fixtures.privateKey)
})
it('loads a public key marshaled by go-libp2p-crypto', () => {
const decoded = keysPBM.PublicKey.decode(fixtures.publicKey)
expect(decoded.Type).to.be.eql(keysPBM.KeyType.Secp256k1)
const key = secp256k1.unmarshalSecp256k1PublicKey(decoded.Data)
expect(key).to.be.an.instanceof(secp256k1.Secp256k1PublicKey)
expect(key.bytes).to.eql(fixtures.publicKey)
})
it('generates the same signature as go-libp2p-crypto', async () => {
const decoded = keysPBM.PrivateKey.decode(fixtures.privateKey)
expect(decoded.Type).to.eql(keysPBM.KeyType.Secp256k1)
const key = await secp256k1.unmarshalSecp256k1PrivateKey(decoded.Data)
const sig = await key.sign(fixtures.message)
expect(sig).to.eql(fixtures.signature)
})
})

3
test/node.js Normal file
View File

@ -0,0 +1,3 @@
'use strict'
require('./keys/rsa-crypto-libs')

27
test/random-bytes.spec.js Normal file
View File

@ -0,0 +1,27 @@
/* eslint-env mocha */
'use strict'
const chai = require('chai')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
const randomBytes = require('../src/random-bytes')
describe('randomBytes', () => {
it('produces random bytes', () => {
expect(randomBytes(16)).to.have.length(16)
})
it('throws if length is 0', () => {
expect(() => randomBytes(0)).to.throw(Error).with.property('code', 'ERR_INVALID_LENGTH')
})
it('throws if length is < 0', () => {
expect(() => randomBytes(-1)).to.throw(Error).with.property('code', 'ERR_INVALID_LENGTH')
})
it('throws if length is not a number', () => {
expect(() => randomBytes('hi')).to.throw(Error).with.property('code', 'ERR_INVALID_LENGTH')
})
})

32
test/util.spec.js
View File

@ -3,29 +3,37 @@
'use strict'
const chai = require('chai')
const { Buffer } = require('buffer')
const dirtyChai = require('dirty-chai')
const expect = chai.expect
chai.use(dirtyChai)
require('node-forge/lib/jsbn')
const forge = require('node-forge/lib/forge')
const util = require('../src/util')
const BN = require('bn.js')
describe('Util', () => {
let bn
before((done) => {
bn = new BN('dead', 16)
done()
before(() => {
bn = new forge.jsbn.BigInteger('dead', 16)
})
it('toBase64', (done) => {
expect(util.toBase64(bn)).to.eql('3q0')
done()
it('should convert BigInteger to a uint base64url encoded string', () => {
expect(util.bigIntegerToUintBase64url(bn)).to.eql('3q0')
})
it('toBase64 zero padding', (done) => {
let bnpad = new BN('ff', 16)
expect(util.toBase64(bnpad, 2)).to.eql('AP8')
done()
it('should convert BigInteger to a uint base64url encoded string with padding', () => {
const bnpad = new forge.jsbn.BigInteger('ff', 16)
expect(util.bigIntegerToUintBase64url(bnpad, 2)).to.eql('AP8')
})
it('should convert base64url encoded string to BigInteger', () => {
const num = util.base64urlToBigInteger('3q0')
expect(num.equals(bn)).to.be.true()
})
it('should convert base64url encoded string to Buffer with padding', () => {
const buf = util.base64urlToBuffer('AP8', 2)
expect(Buffer.from([0, 255])).to.eql(buf)
})
})

21
test/util/index.js Normal file
View File

@ -0,0 +1,21 @@
/* eslint-disable valid-jsdoc */
'use strict'
const chai = require('chai')
const expect = chai.expect
// @ts-check
/**
* @type {function(any, string): Promise<void>}
*/
const expectErrCode = async (p, code) => {
try {
await p
} catch (err) {
expect(err).to.have.property('code', code)
return
}
expect.fail(`Expected error with code ${code} but no error thrown`)
}
module.exports = { expectErrCode }

30
tsconfig.json Normal file
View File

@ -0,0 +1,30 @@
{
"compilerOptions": {
"module": "commonjs",
"lib": [
"es6"
],
"target": "ES5",
"noImplicitAny": false,
"noImplicitThis": true,
"strictFunctionTypes": true,
"strictNullChecks": true,
"esModuleInterop": true,
"resolveJsonModule": true,
"allowJs": true,
"checkJs": true,
"baseUrl": ".",
"paths": {
"libp2p-crypto": [
"./src",
"../../src",
"../src"
]
},
"types": ["node", "mocha", "chai"],
"noEmit": true,
"forceConsistentCasingInFileNames": true
},
"files": ["./src/index.d.ts",],
"include": ["./test/**/*.spec.js"]
}