Merge pull request #56 from NodeFactoryIo/revert-51-remove-bcrypto-dependency

Revert "Replace bcrypto with standalone libraries"

.gitignore

@@ -1,3 +1,4 @@
+bundle
 node_modules/
 .idea
 .env

CHANGELOG.md

@@ -19,6 +19,9 @@ Stable version, interobable with go-libp2p-noise!
 - fix types to be compatible with rest of libp2p typescript projects
 - update it-pb-rpc to 0.1.8 (contains proper typescript types)
 
+### Bugfixes
+- changed bcrypto imports to use pure js versions (web bundle size reduction)
+
 ## [1.0.0-rc.9] - 2019-03-11
 
 ### Bugfixes

package.json

@@ -1,6 +1,6 @@
 {
   "name": "libp2p-noise",
-  "version": "1.1.0-rc1",
+  "version": "1.1.0-rc2",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "lib/index.js",
@@ -25,7 +25,7 @@
     "build:web": "babel --no-babelrc --config-file ./babel.web.config.json src --copy-files -x .ts -d lib --source-maps",
     "build:types": "tsc --declaration --outDir dist --emitDeclarationOnly",
     "proto:gen": "pbjs -t static-module -o ./src/proto/payload.js ./src/proto/payload.proto && pbts -o ./src/proto/payload.d.ts ./src/proto/payload.js && yarn run lint --fix",
-    "check-types": "tsc --incremental --noEmit",
+    "check-types": "tsc --noEmit",
     "lint": "eslint --ext .ts src/",
     "pretest": "yarn check-types",
     "test": "yarn run test:node && yarn run test:web",
@@ -67,11 +67,9 @@
     "webpack-cli": "^3.3.11"
   },
   "dependencies": {
-    "aead-js": "^0.1.0",
+    "bcrypto": "5.1.0",
     "buffer": "^5.4.3",
     "debug": "^4.1.1",
-    "futoin-hkdf": "^1.3.2",
-    "hash.js": "^1.1.7",
     "it-buffer": "^0.1.1",
     "it-length-prefixed": "^3.0.0",
     "it-pair": "^1.0.0",
@@ -79,8 +77,7 @@
     "it-pipe": "^1.1.0",
     "libp2p-crypto": "^0.17.6",
     "peer-id": "^0.13.5",
-    "protobufjs": "6.8.8",
-    "tweetnacl": "^1.0.1"
+    "protobufjs": "6.8.8"
   },
   "resolutions": {
     "bn.js": "4.4.0"

src/handshakes/abstract-handshake.ts

@@ -1,7 +1,7 @@
 import {Buffer} from "buffer";
-import hash from 'hash.js';
-import {box} from 'tweetnacl';
-import {AEAD} from 'aead-js';
+import AEAD from 'bcrypto/lib/js/aead';
+import x25519 from 'bcrypto/lib/js/x25519';
+import SHA256 from 'bcrypto/lib/js/sha256';
 
 import {bytes, bytes32, uint32} from "../@types/basic";
 import {CipherState, MessageBuffer, SymmetricState} from "../@types/handshake";
@@ -106,8 +106,10 @@ export abstract class AbstractHandshake {
 
   protected dh(privateKey: bytes32, publicKey: bytes32): bytes32 {
     try {
-      const sharedKey = box.before(publicKey, privateKey)
-      return Buffer.from(sharedKey.buffer, sharedKey.byteOffset, sharedKey.length);
+      const derived = x25519.derive(publicKey, privateKey);
+      const result = Buffer.alloc(32);
+      derived.copy(result);
+      return result;
     } catch (e) {
       logger(e.message);
       return Buffer.alloc(32);
@@ -119,8 +121,7 @@ export abstract class AbstractHandshake {
   }
 
   protected getHash(a: bytes, b: bytes): bytes32 {
-    const hashValue = hash.sha256().update(Buffer.from([...a, ...b])).digest();
-    return Buffer.from(hashValue);
+    return SHA256.digest(Buffer.from([...a, ...b]));
   }
 
   protected mixKey(ss: SymmetricState, ikm: bytes32): void {

src/logger.ts

@@ -10,7 +10,7 @@ if(DUMP_SESSION_KEYS){
   keyLogger = logger
 }
 else {
-  keyLogger = () => {}
+  keyLogger = () => { /* do nothing */ }
 }
 
 export function logLocalStaticKeys(s: KeyPair): void {
@@ -29,11 +29,11 @@ export function logLocalEphemeralKeys(e: KeyPair|undefined): void {
 }
 
 export function logRemoteStaticKey(rs: Buffer): void {
-  keyLogger(`REMOTE_STATIC_PUBLIC_KEY ${rs.toString('hex')}`) 
+  keyLogger(`REMOTE_STATIC_PUBLIC_KEY ${rs.toString('hex')}`)
 }
 
 export function logRemoteEphemeralKey(re: Buffer): void {
-  keyLogger(`REMOTE_EPHEMERAL_PUBLIC_KEY ${re.toString('hex')}`) 
+  keyLogger(`REMOTE_EPHEMERAL_PUBLIC_KEY ${re.toString('hex')}`)
 }
 
 export function logCipherState(session: NoiseSession): void {

src/noise.ts

@@ -1,4 +1,4 @@
-import {box} from 'tweetnacl';
+import x25519 from 'bcrypto/lib/js/x25519';
 import {Buffer} from "buffer";
 import Wrap from 'it-pb-rpc';
 import DuplexPair from 'it-pair/duplex';
@@ -49,7 +49,7 @@ export class Noise implements INoiseConnection {
     this.useNoisePipes = false;
 
     if (staticNoiseKey) {
-      const publicKey = Buffer.from(box.keyPair.fromSecretKey(staticNoiseKey).publicKey);
+      const publicKey = x25519.publicKeyCreate(staticNoiseKey);
       this.staticKeys = {
         privateKey: staticNoiseKey,
         publicKey,

src/utils.ts

@@ -1,5 +1,6 @@
-import hkdf from 'futoin-hkdf';
-import {box} from 'tweetnacl';
+import HKDF from 'bcrypto/lib/hkdf';
+import x25519 from 'bcrypto/lib/js/x25519';
+import SHA256 from 'bcrypto/lib/js/sha256';
 import {Buffer} from "buffer";
 import PeerId from "peer-id";
 import {keys} from 'libp2p-crypto';
@@ -11,9 +12,8 @@ import {pb} from "./proto/payload";
 const NoiseHandshakePayloadProto = pb.NoiseHandshakePayload;
 
 export function generateKeypair(): KeyPair {
-  const keyPair = box.keyPair();
-  const publicKey = Buffer.from(keyPair.publicKey);
-  const privateKey = Buffer.from(keyPair.secretKey);
+  const privateKey = x25519.privateKeyGenerate();
+  const publicKey = x25519.publicKeyCreate(privateKey);
 
   return {
     publicKey,
@@ -94,14 +94,16 @@ export async function verifySignedPayload(
   const generatedPayload = getHandshakePayload(noiseStaticKey);
   // Unmarshaling from PublicKey protobuf
   const publicKey = keys.unmarshalPublicKey(identityKey);
-  if (!publicKey.verify(generatedPayload, payload.identitySig as Buffer)) {
+  if (!payload.identitySig || !publicKey.verify(generatedPayload, Buffer.from(payload.identitySig))) {
     throw new Error("Static key doesn't match to peer that signed payload!");
   }
   return remotePeer;
 }
 
 export function getHkdf(ck: bytes32, ikm: bytes): Hkdf {
-  const okm = hkdf(ikm, 96, {salt: ck, hash: 'SHA-256'});
+  const info = Buffer.alloc(0);
+  const prk = HKDF.extract(SHA256, ikm, ck);
+  const okm = HKDF.expand(SHA256, prk, info, 96);
 
   const k1 = okm.slice(0, 32);
   const k2 = okm.slice(32, 64);
@@ -111,9 +113,5 @@ export function getHkdf(ck: bytes32, ikm: bytes): Hkdf {
 }
 
 export function isValidPublicKey(pk: bytes): boolean {
-  if(pk.length !== 32 || pk.equals(Buffer.alloc(32))){
-    return false;
-  }
-
-  return true;
+  return x25519.publicKeyVerify(pk.slice(0, 32));
 }

test/noise.test.ts

@@ -1,19 +1,20 @@
 import {assert, expect} from "chai";
 import DuplexPair from 'it-pair/duplex';
-import {Noise} from "../src";
 import {createPeerIdsFromFixtures} from "./fixtures/peer";
 import Wrap from "it-pb-rpc";
 import sinon from "sinon";
+import BufferList from "bl";
 import {randomBytes} from 'libp2p-crypto';
+import {Buffer} from "buffer";
+
+import {Noise} from "../src";
 import {XXHandshake} from "../src/handshake-xx";
 import {createHandshakePayload, generateKeypair, getHandshakePayload, getPayload, signPayload} from "../src/utils";
 import {decode0, decode2, encode1, uint16BEDecode, uint16BEEncode} from "../src/encoder";
 import {XX} from "../src/handshakes/xx";
-import {Buffer} from "buffer";
 import {getKeyPairFromPeerId} from "./utils";
 import {KeyCache} from "../src/keycache";
 import {NOISE_MSG_MAX_LENGTH_BYTES} from "../src/constants";
-import BufferList from "bl";
 
 describe("Noise", () => {
   let remotePeer, localPeer;

test/utils.ts

@@ -1,5 +1,6 @@
 import {keys} from 'libp2p-crypto';
-import {KeyPair, PeerId} from "../src/@types/libp2p";
+import {KeyPair} from "../src/@types/libp2p";
+import PeerId from "peer-id";
 
 export async function generateEd25519Keys() {
   return await keys.generateKeyPair('ed25519');