chore: release version v0.16.3

* feat: add (rsa)pubKey.encrypt and (rsa)privKey.decrypt

nodeJS only for now

* feat: browser enc/dec

* fix: browser rsa enc/dec

* refactor: cleanup

* fix: lint

* fix: use direct buffers instead of converting to hex

* fix: padding error

* test: add interop test

* feat: use forge to convert jwk2forge

* fix: jwk var naming

* fix: missing cbwrap

.npmignore

@@ -1,34 +0,0 @@
-**/node_modules/
-**/*.log
-test/repo-tests*
-
-# Logs
-logs
-*.log
-
-coverage
-
-# Runtime data
-pids
-*.pid
-*.seed
-
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
-# Coverage directory used by tools like istanbul
-coverage
-
-# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# node-waf configuration
-.lock-wscript
-
-build
-
-# Dependency directory
-# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git
-node_modules
-
-test

.travis.yml

@@ -1,32 +1,44 @@
-# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
-sudo: false
 language: node_js
 
-matrix:
+cache: npm
+
+stages:
+  - check
+  - test
+  - cov
+
+node_js:
+  - '10'
+
+os:
+  - linux
+  - osx
+  - windows
+
+script: npx nyc -s npm run test:node -- --bail
+after_success: npx nyc report --reporter=text-lcov > coverage.lcov && npx codecov
+
+jobs:
   include:
-  - node_js: 6
-    env: CXX=g++-4.8
-  - node_js: 8
-    env: CXX=g++-4.8
-    #  - node_js: stable
-    #    env: CXX=g++-4.8
+    - stage: check
+      script:
+        - npx aegir commitlint --travis
+        - npx aegir dep-check
+        - npm run lint
 
-script:
-  - npm run lint
-  - npm run test
-  - npm run coverage
+    - stage: test
+      name: chrome
+      addons:
+        chrome: stable
+      script:
+        - npx aegir test -t browser
 
-before_script:
-  - export DISPLAY=:99.0
-  - sh -e /etc/init.d/xvfb start
+    - stage: test
+      name: firefox
+      addons:
+        firefox: latest
+      script:
+        - npx aegir test -t browser -- --browsers FirefoxHeadless
 
-after_success:
-  - npm run coverage-publish
-
-addons:
-  firefox: 'latest'
-  apt:
-    sources:
-      - ubuntu-toolchain-r-test
-    packages:
-      - g++-4.8
+notifications:
+  email: false

CHANGELOG.md

@@ -1,3 +1,48 @@
+<a name="0.16.3"></a>
+## [0.16.3](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.2...v0.16.3) (2019-10-25)
+
+
+### Features
+
+* backport enc/dec ([#160](https://github.com/libp2p/js-libp2p-crypto/issues/160)) ([e71fc15](https://github.com/libp2p/js-libp2p-crypto/commit/e71fc15))
+
+
+
+<a name="0.16.2"></a>
+## [0.16.2](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.1...v0.16.2) (2019-09-25)
+
+
+
+<a name="0.16.1"></a>
+## [0.16.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.16.0...v0.16.1) (2019-02-26)
+
+
+
+<a name="0.16.0"></a>
+# [0.16.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.15.0...v0.16.0) (2019-01-08)
+
+
+### Bug Fixes
+
+* clean up, bundle size reduction ([8d8294d](https://github.com/libp2p/js-libp2p-crypto/commit/8d8294d))
+
+
+### BREAKING CHANGES
+
+* getRandomValues method exported from src/keys/rsa-browser.js and src/keys/rsa.js signature has changed from accepting an array to a number for random byte length 
+
+
+
+<a name="0.15.0"></a>
+# [0.15.0](https://github.com/libp2p/js-libp2p-crypto/compare/v0.14.1...v0.15.0) (2019-01-03)
+
+
+### Features
+
+* nextTick instead of setImmediate, and fix sync in async ([#136](https://github.com/libp2p/js-libp2p-crypto/issues/136)) ([c54ea20](https://github.com/libp2p/js-libp2p-crypto/commit/c54ea20))
+
+
+
 <a name="0.14.1"></a>
 ## [0.14.1](https://github.com/libp2p/js-libp2p-crypto/compare/v0.14.0...v0.14.1) (2018-11-05)
 

README.md

@@ -1,9 +1,8 @@
 # js-libp2p-crypto
 
-[![](https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square)](http://ipn.io)
-[![](https://img.shields.io/badge/project-IPFS-blue.svg?style=flat-square)](http://ipfs.io/)
-[![](https://img.shields.io/badge/freenode-%23ipfs-blue.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23ipfs)
-[![standard-readme compliant](https://img.shields.io/badge/standard--readme-OK-green.svg?style=flat-square)](https://github.com/RichardLitt/standard-readme)
+[![](https://img.shields.io/badge/made%20by-Protocol%20Labs-blue.svg?style=flat-square)](http://protocol.ai)
+[![](https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square)](http://libp2p.io/)
+[![](https://img.shields.io/badge/freenode-%23libp2p-yellow.svg?style=flat-square)](http://webchat.freenode.net/?channels=%23libp2p)
 [![Coverage Status](https://coveralls.io/repos/github/libp2p/js-libp2p-crypto/badge.svg?branch=master)](https://coveralls.io/github/libp2p/js-libp2p-crypto?branch=master)
 [![Travis CI](https://travis-ci.org/libp2p/js-libp2p-crypto.svg?branch=master)](https://travis-ci.org/libp2p/js-libp2p-crypto)
 [![Circle CI](https://circleci.com/gh/libp2p/js-libp2p-crypto.svg?style=svg)](https://circleci.com/gh/libp2p/js-libp2p-crypto)
@@ -62,7 +61,7 @@ This uses `CTR` mode.
 
 - `key: Buffer` The key, if length `16` then `AES 128` is used. For length `32`, `AES 256` is used.
 - `iv: Buffer` Must have length `16`.
-- `callback: Function` 
+- `callback: Function`
 
 ##### `decrypt(data, callback)`
 
@@ -109,7 +108,7 @@ async function main () {
         if (!err) {
           console.log(decryptedBuffer)
           // prints: <Buffer 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
-          
+
           console.log(decryptedBuffer.toString('utf-8'))
           // prints: Hello, world!
         }

appveyor.yml

@@ -1,29 +0,0 @@
-# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
-version: "{build}"
-
-environment:
-  matrix:
-    - nodejs_version: "6"
-    - nodejs_version: "8"
-
-matrix:
-  fast_finish: true
-
-install:
-  # Install Node.js
-  - ps: Install-Product node $env:nodejs_version
-
-  # Upgrade npm
-  - npm install -g npm
-
-  # Output our current versions for debugging
-  - node --version
-  - npm --version
-
-  # Install our package dependencies
-  - npm install
-
-test_script:
-  - npm run test:node
-
-build: off

benchmarks/ephemeral-keys.js

@@ -25,4 +25,4 @@ curves.forEach((curve) => {
 
 suite
   .on('cycle', (event) => console.log(String(event.target)))
-  .run({async: true})
+  .run({ async: true })

benchmarks/key-stretcher.js

@@ -25,7 +25,7 @@ async.waterfall([
 
   suite
     .on('cycle', (event) => console.log(String(event.target)))
-    .run({async: true})
+    .run({ async: true })
 })
 
 function setup (cipher, hash, secret) {

benchmarks/rsa.js

@@ -40,4 +40,4 @@ suite.add('sign and verify', (d) => {
 
 suite
   .on('cycle', (event) => console.log(String(event.target)))
-  .run({async: true})
+  .run({ async: true })

ci/Jenkinsfile

@@ -1,2 +0,0 @@
-// Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
-javascript()

circle.yml

@@ -1,15 +0,0 @@
-# Warning: This file is automatically synced from https://github.com/ipfs/ci-sync so if you want to change it, please change it there and ask someone to sync all repositories.
-machine:
-  node:
-    version: stable
-
-dependencies:
-  pre:
-    - google-chrome --version
-    - curl -L -o google-chrome.deb https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
-    - sudo dpkg -i google-chrome.deb || true
-    - sudo apt-get update
-    - sudo apt-get install -f
-    - sudo apt-get install --only-upgrade lsb-base
-    - sudo dpkg -i google-chrome.deb
-    - google-chrome --version

package.json

@@ -1,6 +1,6 @@
 {
   "name": "libp2p-crypto",
-  "version": "0.14.1",
+  "version": "0.16.3",
   "description": "Crypto primitives for libp2p",
   "main": "src/index.js",
   "leadMaintainer": "Friedel Ziegelmayer <dignifiedquire@gmail.com>",
@@ -10,6 +10,10 @@
     "./src/aes/ciphers.js": "./src/aes/ciphers-browser.js",
     "./src/keys/rsa.js": "./src/keys/rsa-browser.js"
   },
+  "files": [
+    "src",
+    "dist"
+  ],
   "scripts": {
     "lint": "aegir lint",
     "build": "aegir build",
@@ -20,7 +24,8 @@
     "release": "aegir release",
     "release-minor": "aegir release --type minor",
     "release-major": "aegir release --type major",
-    "coverage": "aegir coverage --ignore src/keys/keys.proto.js"
+    "coverage": "aegir coverage --ignore src/keys/keys.proto.js",
+    "size": "bundlesize -f dist/index.min.js -s 139kB"
   },
   "keywords": [
     "IPFS",
@@ -30,31 +35,34 @@
   ],
   "license": "MIT",
   "dependencies": {
+    "asmcrypto.js": "^2.3.2",
     "asn1.js": "^5.0.1",
     "async": "^2.6.1",
+    "bn.js": "^4.11.8",
     "browserify-aes": "^1.2.0",
     "bs58": "^4.0.1",
+    "iso-random-stream": "^1.1.0",
     "keypair": "^1.0.1",
-    "libp2p-crypto-secp256k1": "~0.2.2",
+    "libp2p-crypto-secp256k1": "~0.3.0",
     "multihashing-async": "~0.5.1",
-    "node-forge": "~0.7.6",
-    "pem-jwk": "^1.5.1",
+    "node-forge": "~0.9.1",
+    "pem-jwk": "^2.0.0",
     "protons": "^1.0.1",
     "rsa-pem-to-jwk": "^1.1.3",
     "tweetnacl": "^1.0.0",
-    "ursa-optional": "~0.9.9",
-    "webcrypto-shim": "github:dignifiedquire/webcrypto-shim#master"
+    "ursa-optional": "~0.10.0"
   },
   "devDependencies": {
-    "aegir": "^17.0.1",
+    "aegir": "^20.0.0",
     "benchmark": "^2.1.4",
+    "bundlesize": "^0.18.0",
     "chai": "^4.2.0",
     "chai-string": "^1.5.0",
     "dirty-chai": "^2.0.1"
   },
   "engines": {
-    "node": ">=6.0.0",
-    "npm": ">=3.0.0"
+    "node": ">=10.0.0",
+    "npm": ">=6.0.0"
   },
   "repository": {
     "type": "git",
@@ -65,10 +73,12 @@
   },
   "homepage": "https://github.com/libp2p/js-libp2p-crypto",
   "contributors": [
+    "Alberto Elias <hi@albertoelias.me>",
     "David Dias <daviddias.p@gmail.com>",
     "Dmitriy Ryajov <dryajov@gmail.com>",
     "Friedel Ziegelmayer <dignifiedquire@gmail.com>",
     "Greenkeeper <support@greenkeeper.io>",
+    "Hugo Dias <hugomrdias@gmail.com>",
     "Jack Kleeman <jackkleeman@gmail.com>",
     "Jacob Heun <jacobheun@gmail.com>",
     "Joao Santos <jrmsantos15@gmail.com>",
@@ -76,8 +86,11 @@
     "Richard Littauer <richard.littauer@gmail.com>",
     "Richard Schneider <makaretu@gmail.com>",
     "Tom Swindell <t.swindell@rubyx.co.uk>",
+    "Vasco Santos <vasco.santos@ua.pt>",
     "Victor Bjelkholm <victorbjelkholm@gmail.com>",
     "Yusef Napora <yusef@napora.org>",
+    "achingbrain <alex@achingbrain.net>",
+    "dignifiedquire <dignifiedquire@users.noreply.github.com>",
     "greenkeeper[bot] <greenkeeper[bot]@users.noreply.github.com>",
     "nikuda <nikuda@gmail.com>"
   ]

src/aes/index-browser.js

@@ -1,10 +1,10 @@
 'use strict'
 
 const asm = require('asmcrypto.js')
-const setImmediate = require('async/setImmediate')
+const nextTick = require('async/nextTick')
 
 exports.create = function (key, iv, callback) {
-  const done = (err, res) => setImmediate(() => callback(err, res))
+  const done = (err, res) => nextTick(() => callback(err, res))
 
   if (key.length !== 16 && key.length !== 32) {
     return done(new Error('Invalid key length'))
@@ -21,7 +21,7 @@ exports.create = function (key, iv, callback) {
 
   const res = {
     encrypt (data, cb) {
-      const done = (err, res) => setImmediate(() => cb(err, res))
+      const done = (err, res) => nextTick(() => cb(err, res))
 
       let res
       try {
@@ -36,7 +36,7 @@ exports.create = function (key, iv, callback) {
     },
 
     decrypt (data, cb) {
-      const done = (err, res) => setImmediate(() => cb(err, res))
+      const done = (err, res) => nextTick(() => cb(err, res))
 
       let res
       try {

src/hmac/index-browser.js

@@ -2,7 +2,7 @@
 
 const nodeify = require('../nodeify')
 
-const crypto = require('../webcrypto.js')()
+const crypto = require('../webcrypto')
 const lengths = require('./lengths')
 
 const hashTypes = {
@@ -12,7 +12,7 @@ const hashTypes = {
 }
 
 const sign = (key, data, cb) => {
-  nodeify(crypto.subtle.sign({name: 'HMAC'}, key, data)
+  nodeify(crypto.subtle.sign({ name: 'HMAC' }, key, data)
     .then((raw) => Buffer.from(raw)), cb)
 }
 
@@ -24,7 +24,7 @@ exports.create = function (hashType, secret, callback) {
     secret,
     {
       name: 'HMAC',
-      hash: {name: hash}
+      hash: { name: hash }
     },
     false,
     ['sign']

src/hmac/index.js

@@ -2,6 +2,7 @@
 
 const crypto = require('crypto')
 const lengths = require('./lengths')
+const nextTick = require('async/nextTick')
 
 exports.create = function (hash, secret, callback) {
   const res = {
@@ -10,7 +11,9 @@ exports.create = function (hash, secret, callback) {
 
       hmac.update(data)
 
-      cb(null, hmac.digest())
+      nextTick(() => {
+        cb(null, hmac.digest())
+      })
     },
     length: lengths[hash]
   }

src/keys/ecdh-browser.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const webcrypto = require('../webcrypto.js')()
+const webcrypto = require('../webcrypto')
 const nodeify = require('../nodeify')
 const BN = require('asn1.js').bignum
 

src/keys/ecdh.js

@@ -1,7 +1,7 @@
 'use strict'
 
 const crypto = require('crypto')
-const setImmediate = require('async/setImmediate')
+const nextTick = require('async/nextTick')
 
 const curves = {
   'P-256': 'prime256v1',
@@ -16,7 +16,7 @@ exports.generateEphmeralKeyPair = function (curve, callback) {
   const ecdh = crypto.createECDH(curves[curve])
   ecdh.generateKeys()
 
-  setImmediate(() => callback(null, {
+  nextTick(() => callback(null, {
     key: ecdh.getPublicKey(),
     genSharedKey (theirPub, forcePrivate, cb) {
       if (typeof forcePrivate === 'function') {
@@ -35,7 +35,7 @@ exports.generateEphmeralKeyPair = function (curve, callback) {
         return cb(err)
       }
 
-      setImmediate(() => cb(null, secret))
+      nextTick(() => cb(null, secret))
     }
   }))
 }

src/keys/ed25519.js

@@ -1,13 +1,13 @@
 'use strict'
 
 const nacl = require('tweetnacl')
-const setImmediate = require('async/setImmediate')
+const nextTick = require('async/nextTick')
 
 exports.publicKeyLength = nacl.sign.publicKeyLength
 exports.privateKeyLength = nacl.sign.secretKeyLength
 
 exports.generateKey = function (callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       result = nacl.sign.keyPair()
@@ -20,7 +20,7 @@ exports.generateKey = function (callback) {
 
 // seed should be a 32 byte uint8array
 exports.generateKeyFromSeed = function (seed, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       result = nacl.sign.keyPair.fromSeed(seed)
@@ -32,13 +32,13 @@ exports.generateKeyFromSeed = function (seed, callback) {
 }
 
 exports.hashAndSign = function (key, msg, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     callback(null, Buffer.from(nacl.sign.detached(msg, key)))
   })
 }
 
 exports.hashAndVerify = function (key, sig, msg, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       result = nacl.sign.detached.verify(msg, sig, key)

src/keys/index.js

@@ -2,7 +2,10 @@
 
 const protobuf = require('protons')
 const keysPBM = protobuf(require('./keys.proto'))
-const forge = require('node-forge')
+require('node-forge/lib/asn1')
+require('node-forge/lib/rsa')
+require('node-forge/lib/pbe')
+const forge = require('node-forge/lib/forge')
 
 exports = module.exports
 
@@ -25,7 +28,7 @@ exports.generateEphemeralKeyPair = require('./ephemeral-keys')
 
 // Generates a keypair of the given type and bitsize
 exports.generateKeyPair = (type, bits, cb) => {
-  let key = supportedKeys[type.toLowerCase()]
+  const key = supportedKeys[type.toLowerCase()]
 
   if (!key) {
     return cb(new Error('invalid or unsupported key type'))
@@ -37,7 +40,7 @@ exports.generateKeyPair = (type, bits, cb) => {
 // Generates a keypair of the given type and bitsize
 // seed is a 32 byte uint8array
 exports.generateKeyPairFromSeed = (type, seed, bits, cb) => {
-  let key = supportedKeys[type.toLowerCase()]
+  const key = supportedKeys[type.toLowerCase()]
   if (!key) {
     return cb(new Error('invalid or unsupported key type'))
   }

src/keys/jwk2pem.js

@@ -0,0 +1,42 @@
+'use strict'
+
+const forge = {
+  util: require('node-forge/lib/util'),
+  pki: require('node-forge/lib/pki'),
+  jsbn: require('node-forge/lib/jsbn')
+}
+
+function base64urlToBigInteger (str) {
+  var bytes = forge.util.decode64(
+    (str + '==='.slice((str.length + 3) % 4))
+      .replace(/-/g, '+')
+      .replace(/_/g, '/'))
+  return new forge.jsbn.BigInteger(forge.util.bytesToHex(bytes), 16)
+}
+
+function convert (key, types) {
+  return types.map(t => base64urlToBigInteger(key[t]))
+}
+
+function jwk2priv (key) {
+  return forge.pki.setRsaPrivateKey(...convert(key, ['n', 'e', 'd', 'p', 'q', 'dp', 'dq', 'qi']))
+}
+
+function jwk2privPem (key) {
+  return forge.pki.privateKeyToPem(jwk2priv(key))
+}
+
+function jwk2pub (key) {
+  return forge.pki.setRsaPublicKey(...convert(key, ['n', 'e']))
+}
+
+function jwk2pubPem (key) {
+  return forge.pki.publicKeyToPem(jwk2pub(key))
+}
+
+module.exports = {
+  jwk2pub,
+  jwk2pubPem,
+  jwk2priv,
+  jwk2privPem
+}

src/keys/key-stretcher.js

@@ -47,7 +47,7 @@ module.exports = (cipherType, hash, secret, callback) => {
         return callback(err)
       }
 
-      let result = []
+      const result = []
       let j = 0
 
       whilst(

src/keys/rsa-browser.js

@@ -1,8 +1,8 @@
 'use strict'
 
 const nodeify = require('../nodeify')
-
-const webcrypto = require('../webcrypto.js')()
+const webcrypto = require('../webcrypto')
+const randomBytes = require('../random-bytes')
 
 exports.utils = require('./rsa-utils')
 
@@ -12,7 +12,7 @@ exports.generateKey = function (bits, callback) {
       name: 'RSASSA-PKCS1-v1_5',
       modulusLength: bits,
       publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
-      hash: {name: 'SHA-256'}
+      hash: { name: 'SHA-256' }
     },
     true,
     ['sign', 'verify']
@@ -31,7 +31,7 @@ exports.unmarshalPrivateKey = function (key, callback) {
     key,
     {
       name: 'RSASSA-PKCS1-v1_5',
-      hash: {name: 'SHA-256'}
+      hash: { name: 'SHA-256' }
     },
     true,
     ['sign']
@@ -49,9 +49,7 @@ exports.unmarshalPrivateKey = function (key, callback) {
   })), callback)
 }
 
-exports.getRandomValues = function (arr) {
-  return Buffer.from(webcrypto.getRandomValues(arr))
-}
+exports.getRandomValues = randomBytes
 
 exports.hashAndSign = function (key, msg, callback) {
   nodeify(webcrypto.subtle.importKey(
@@ -59,13 +57,13 @@ exports.hashAndSign = function (key, msg, callback) {
     key,
     {
       name: 'RSASSA-PKCS1-v1_5',
-      hash: {name: 'SHA-256'}
+      hash: { name: 'SHA-256' }
     },
     false,
     ['sign']
   ).then((privateKey) => {
     return webcrypto.subtle.sign(
-      {name: 'RSASSA-PKCS1-v1_5'},
+      { name: 'RSASSA-PKCS1-v1_5' },
       privateKey,
       Uint8Array.from(msg)
     )
@@ -78,13 +76,13 @@ exports.hashAndVerify = function (key, sig, msg, callback) {
     key,
     {
       name: 'RSASSA-PKCS1-v1_5',
-      hash: {name: 'SHA-256'}
+      hash: { name: 'SHA-256' }
     },
     false,
     ['verify']
   ).then((publicKey) => {
     return webcrypto.subtle.verify(
-      {name: 'RSASSA-PKCS1-v1_5'},
+      { name: 'RSASSA-PKCS1-v1_5' },
       publicKey,
       sig,
       msg
@@ -109,9 +107,38 @@ function derivePublicFromPrivate (jwKey) {
     },
     {
       name: 'RSASSA-PKCS1-v1_5',
-      hash: {name: 'SHA-256'}
+      hash: { name: 'SHA-256' }
     },
     true,
     ['verify']
   )
 }
+
+/*
+
+RSA encryption/decryption for the browser with webcrypto workarround
+"bloody dark magic. webcrypto's why."
+
+Explanation:
+  - Convert JWK to nodeForge
+  - Convert msg buffer to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our buffer a binary string
+  - Convert resulting nodeForge buffer to buffer: it returns a binary string, turn that into a uint8array(buffer)
+
+*/
+
+const { jwk2pub, jwk2priv } = require('./jwk2pem')
+
+function convertKey (key, pub, msg, handle) {
+  const fkey = pub ? jwk2pub(key) : jwk2priv(key)
+  const fmsg = Buffer.from(msg).toString('binary')
+  const fomsg = handle(fmsg, fkey)
+  return Buffer.from(fomsg, 'binary')
+}
+
+exports.encrypt = function (key, msg) {
+  return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))
+}
+
+exports.decrypt = function (key, msg) {
+  return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))
+}

src/keys/rsa-class.js

@@ -3,11 +3,13 @@
 const multihashing = require('multihashing-async')
 const protobuf = require('protons')
 const bs58 = require('bs58')
+const nextTick = require('async/nextTick')
 
 const crypto = require('./rsa')
 const pbm = protobuf(require('./keys.proto'))
-const forge = require('node-forge')
-const setImmediate = require('async/setImmediate')
+require('node-forge/lib/sha512')
+require('node-forge/lib/pbe')
+const forge = require('node-forge/lib/forge')
 
 class RsaPublicKey {
   constructor (key) {
@@ -30,8 +32,8 @@ class RsaPublicKey {
     })
   }
 
-  encrypt (bytes) {
-    return this._key.encrypt(bytes, 'RSAES-PKCS1-V1_5')
+  encrypt (bytes, cb) {
+    return cbWrap(() => crypto.encrypt(this._key, bytes), cb)
   }
 
   equals (key) {
@@ -44,6 +46,17 @@ class RsaPublicKey {
   }
 }
 
+function cbWrap (f, cb) {
+  let res
+  try {
+    res = f()
+  } catch (err) {
+    cb(err)
+  }
+
+  return cb(null, res)
+}
+
 class RsaPrivateKey {
   // key       - Object of the jwk format
   // publicKey - Buffer of the spki format
@@ -53,7 +66,7 @@ class RsaPrivateKey {
   }
 
   genSecret () {
-    return crypto.getRandomValues(new Uint8Array(16))
+    return crypto.getRandomValues(16)
   }
 
   sign (message, callback) {
@@ -69,8 +82,8 @@ class RsaPrivateKey {
     return new RsaPublicKey(this._publicKey)
   }
 
-  decrypt (msg, callback) {
-    crypto.decrypt(this._key, msg, callback)
+  decrypt (bytes, cb) {
+    cbWrap(() => crypto.decrypt(this._key, bytes), cb)
   }
 
   marshal () {
@@ -129,14 +142,13 @@ class RsaPrivateKey {
 
     ensure(callback)
 
-    setImmediate(() => {
+    nextTick(() => {
       let err = null
       let pem = null
       try {
         const buffer = new forge.util.ByteBuffer(this.marshal())
         const asn1 = forge.asn1.fromDer(buffer)
         const privateKey = forge.pki.privateKeyFromAsn1(asn1)
-
         if (format === 'pkcs-8') {
           const options = {
             algorithm: 'aes256',

src/keys/rsa.js

@@ -1,6 +1,9 @@
 'use strict'
 
 const crypto = require('crypto')
+const randomBytes = require('../random-bytes')
+const nextTick = require('async/nextTick')
+
 let keypair
 try {
   if (process.env.LP2P_FORCE_CRYPTO_LIB === 'keypair') {
@@ -8,7 +11,7 @@ try {
   }
 
   const ursa = require('ursa-optional') // throws if not compiled
-  keypair = ({bits}) => {
+  keypair = ({ bits }) => {
     const key = ursa.generatePrivateKey(bits)
     return {
       private: key.toPrivatePem(),
@@ -22,14 +25,13 @@ try {
 
   keypair = require('keypair')
 }
-const setImmediate = require('async/setImmediate')
 const pemToJwk = require('pem-jwk').pem2jwk
 const jwkToPem = require('pem-jwk').jwk2pem
 
 exports.utils = require('./rsa-utils')
 
 exports.generateKey = function (bits, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       const key = keypair({ bits: bits })
@@ -47,7 +49,7 @@ exports.generateKey = function (bits, callback) {
 
 // Takes a jwk key
 exports.unmarshalPrivateKey = function (key, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     if (!key) {
       return callback(new Error('Key is invalid'))
     }
@@ -62,12 +64,10 @@ exports.unmarshalPrivateKey = function (key, callback) {
   })
 }
 
-exports.getRandomValues = function (arr) {
-  return crypto.randomBytes(arr.length)
-}
+exports.getRandomValues = randomBytes
 
 exports.hashAndSign = function (key, msg, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       const sign = crypto.createSign('RSA-SHA256')
@@ -83,7 +83,7 @@ exports.hashAndSign = function (key, msg, callback) {
 }
 
 exports.hashAndVerify = function (key, sig, msg, callback) {
-  setImmediate(() => {
+  nextTick(() => {
     let result
     try {
       const verify = crypto.createVerify('RSA-SHA256')
@@ -97,3 +97,13 @@ exports.hashAndVerify = function (key, sig, msg, callback) {
     callback(null, result)
   })
 }
+
+const padding = crypto.constants.RSA_PKCS1_PADDING
+
+exports.encrypt = function (key, bytes) {
+  return crypto.publicEncrypt({ key: jwkToPem(key), padding }, bytes)
+}
+
+exports.decrypt = function (key, bytes) {
+  return crypto.privateDecrypt({ key: jwkToPem(key), padding }, bytes)
+}

src/pbkdf2.js

@@ -1,6 +1,7 @@
 'use strict'
 
-const forge = require('node-forge')
+const forgePbkdf2 = require('node-forge/lib/pbkdf2')
+const forgeUtil = require('node-forge/lib/util')
 
 /**
  * Maps an IPFS hash name to its node-forge equivalent.
@@ -30,13 +31,13 @@ function pbkdf2 (password, salt, iterations, keySize, hash) {
   if (!hasher) {
     throw new Error(`Hash '${hash}' is unknown or not supported`)
   }
-  const dek = forge.pkcs5.pbkdf2(
+  const dek = forgePbkdf2(
     password,
     salt,
     iterations,
     keySize,
     hasher)
-  return forge.util.encode64(dek)
+  return forgeUtil.encode64(dek)
 }
 
 module.exports = pbkdf2

src/random-bytes.js

@@ -1,13 +1,9 @@
 'use strict'
+const randomBytes = require('iso-random-stream/src/random')
 
-const rsa = require('./keys/rsa')
-
-function randomBytes (number) {
+module.exports = function (number) {
   if (!number || typeof number !== 'number') {
     throw new Error('first argument must be a Number bigger than 0')
   }
-
-  return rsa.getRandomValues(new Uint8Array(number))
+  return randomBytes(number)
 }
-
-module.exports = randomBytes

src/util.js

@@ -6,7 +6,7 @@ const BN = require('asn1.js').bignum
 // Adapted from https://tools.ietf.org/html/draft-ietf-jose-json-web-signature-41#appendix-C
 exports.toBase64 = function toBase64 (bn, len) {
   // if len is defined then the bytes are leading-0 padded to the length
-  let s = bn.toArrayLike(Buffer, 'be', len).toString('base64')
+  const s = bn.toArrayLike(Buffer, 'be', len).toString('base64')
 
   return s
     .replace(/(=*)$/, '') // Remove any trailing '='s

src/webcrypto.js

@@ -2,15 +2,4 @@
 
 'use strict'
 
-module.exports = () => {
-  // This is only a shim for interfaces, not for functionality
-  if (typeof self !== 'undefined') {
-    require('webcrypto-shim')(self)
-
-    if (self.crypto) {
-      return self.crypto
-    }
-  }
-
-  throw new Error('Please use an environment with crypto support')
-}
+module.exports = self.crypto || self.msCrypto

test/helpers/test-garbage-error-handling.js

@@ -19,7 +19,7 @@ function doTests (fncName, fnc, num, skipBuffersAndStrings) {
       // skip this garbage because it's a buffer or a string and we were told do do that
       return
     }
-    let args = []
+    const args = []
     for (let i = 0; i < num; i++) {
       args.push(garbage)
     }

test/keys/rsa.spec.js

@@ -128,6 +128,41 @@ describe('RSA', function () {
     })
   })
 
+  it('encrypt and decrypt', (done) => {
+    const data = Buffer.from('hello world')
+    key.public.encrypt(data, (err, enc) => {
+      if (err) { return done(err) }
+
+      key.decrypt(enc, (err, dec) => {
+        if (err) { return done(err) }
+        expect(dec).to.be.eql(data)
+
+        done()
+      })
+    })
+  })
+
+  it('encrypt decrypt browser/node interop', (done) => {
+    crypto.keys.unmarshalPrivateKey(Buffer.from('CAASqAkwggSkAgEAAoIBAQCk0O+6oNRxhcdZe2GxEDrFBkDV4TZFZnp2ly/dL1cGMBql/8oXPZgei6h7+P5zzfDq2YCfwbjbf0IVY1AshRl6B5VGE1WS+9p1y1OZxJf5os6V1ENnTi6FTcyuBl4BN8dmIKOif0hqgqflaT5OhfYZDXfbJyVQj4vb2+Stu2Xpph3nwqAnTw/7GC/7jrt2Cq6Tu1PoZi36wSwEPYW3eQ1HAYxZjTYYDXl2iyHygnTcbkGRwAQ7vjk+mW7u60zyoolCm9f6Y7c/orJ33DDUocbaGJLlHcfd8bioBwaZy/2m7q43X8pQs0Q1/iwUt0HHZj1YARmHKbh0zR31ciFiV37dAgMBAAECggEADtJBNKnA4QKURj47r0YT2uLwkqtBi6UnDyISalQXAdXyl4n0nPlrhBewC5H9I+HZr+zmTbeIjaiYgz7el1pSy7AB4v7bG7AtWZlyx6mvtwHGjR+8/f3AXjl8Vgv5iSeAdXUq8fJ7SyS7v3wi38HZOzCEXj9bci6ud5ODMYJgLE4gZD0+i1+/V9cpuYfGpS/gLTLEMQLiw/9o8NSZ7sAnxg0UlYhotqaQY23hvXPBOe+0oa95zl2n6XTxCafa3dQl/B6CD1tUq9dhbQew4bxqMq/mhRO9pREEqZ083Uh+u4PTc1BeHgIQaS864pHPb+AY1F7KDvPtHhdojnghp8d70QKBgQDeRYFxo6sd04ohY86Z/i9icVYIyCvfXAKnaMKeGUjK7ou6sDJwFX8W97+CzXpZ/vffsk/l5GGhC50KqrITxHAy/h5IjyDODfps7NMIp0Dm9sO4PWibbw3OOVBRc8w3b3i7I8MrUUA1nLHE1T1HA1rKOTz5jYhE0fi9XKiT1ciKOQKBgQC903w+n9y7M7eaMW7Z5/13kZ7PS3HlM681eaPrk8J4J+c6miFF40/8HOsmarS38v0fgTeKkriPz5A7aLzRHhSiOnp350JNM6c3sLwPEs2qx/CRuWWx1rMERatfDdUH6mvlK6QHu0QgSfQR27EO6a6XvVSJXbvFmimjmtIaz/IpxQKBgQDWJ9HYVAGC81abZTaiWK3/A4QJYhQjWNuVwPICsgnYvI4Uib+PDqcs0ffLZ38DRw48kek5bxpBuJbOuDhro1EXUJCNCJpq7jzixituovd9kTRyR3iKii2bDM2+LPwOTXDdnk9lZRugjCEbrPkleq33Ob7uEtfAty4aBTTHe6uEwQKBgQCB+2q8RyMSXNuADhFlzOFXGrOwJm0bEUUMTPrduRQUyt4e1qOqA3klnXe3mqGcxBpnlEe/76/JacvNom6Ikxx16a0qpYRU8OWz0KU1fR6vrrEgV98241k5t6sdL4+MGA1Bo5xyXtzLb1hdUh3vpDwVU2OrnC+To3iXus/b5EBiMQKBgEI1OaBcFiyjgLGEyFKoZbtzH1mdatTExfrAQqCjOVjQByoMpGhHTXwEaosvyYu63Pa8AJPT7juSGaiKYEJFcXO9BiNyVfmQiqSHJcYeuh+fmO9IlHRHgy5xaIIC00AHS2vC/gXwmXAdPis6BZqDJeiCuOLWJ94QXn8JBT8IgGAI', 'base64'), (err, id) => {
+      if (err) { return done(err) }
+
+      const msg = Buffer.from('hello')
+      // browser
+      id.decrypt(Buffer.from('YRFUDx8UjbWSfDS84cDA4WowaaOmd1qFNAv5QutodCKYb9uPtU/tDiAvJzOGu5DCJRo2J0l/35P2weiB4/C2Cb1aZgXKMx/QQC+2jSJiymhqcZaYerjTvkCFwkjCaqthoVo/YXxsaFZ1q7bdTZUDH1TaJR7hWfSyzyPcA8c0w43MIsw16pY8ZaPSclvnCwhoTg1JGjMk6te3we7+wR8QU7VrPhs54mZWxrpu3NQ8xZ6xQqIedsEiNhBUccrCSzYghgsP0Ae/8iKyGyl3U6IegsJNn8jcocvzOJrmU03rgIFPjvuBdaqB38xDSTjbA123KadB28jNoSZh18q/yH3ZIg==', 'base64'), (err, dec1) => {
+        if (err) { return done(err) }
+        expect(dec1).to.be.eql(msg)
+
+        // node
+        id.decrypt(Buffer.from('e6yxssqXsWc27ozDy0PGKtMkCS28KwFyES2Ijz89yiz+w6bSFkNOhHPKplpPzgQEuNoUGdbseKlJFyRYHjIT8FQFBHZM8UgSkgoimbY5on4xSxXs7E5/+twjqKdB7oNveTaTf7JCwaeUYnKSjbiYFEawtMiQE91F8sTT7TmSzOZ48tUhnddAAZ3Ac/O3Z9MSAKOCDipi+JdZtXRT8KimGt36/7hjjosYmPuHR1Xy/yMTL6SMbXtBM3yAuEgbQgP+q/7kHMHji3/JvTpYdIUU+LVtkMusXNasRA+UWG2zAht18vqjFMsm9JTiihZw9jRHD4vxAhf75M992tnC+0ZuQg==', 'base64'), (err, dec2) => {
+          if (err) { return done(err) }
+          expect(dec2).to.be.eql(msg)
+
+          done()
+        })
+      })
+    })
+  })
+
   it('fails to verify for different data', (done) => {
     const data = Buffer.from('hello world')
     key.sign(data, (err, sig) => {

test/util.spec.js

@@ -24,7 +24,7 @@ describe('Util', () => {
   })
 
   it('toBase64 zero padding', (done) => {
-    let bnpad = new BN('ff', 16)
+    const bnpad = new BN('ff', 16)
     expect(util.toBase64(bnpad, 2)).to.eql('AP8')
     done()
   })