@libp2p/crypto 0.0.0 → 0.22.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +2 -0
- package/README.md +314 -0
- package/dist/src/aes/cipher-mode.d.ts +2 -0
- package/dist/src/aes/cipher-mode.d.ts.map +1 -0
- package/dist/src/aes/cipher-mode.js +13 -0
- package/dist/src/aes/cipher-mode.js.map +1 -0
- package/dist/src/aes/ciphers-browser.d.ts +8 -0
- package/dist/src/aes/ciphers-browser.d.ts.map +1 -0
- package/dist/src/aes/ciphers-browser.js +26 -0
- package/dist/src/aes/ciphers-browser.js.map +1 -0
- package/dist/src/aes/ciphers.d.ts +5 -0
- package/dist/src/aes/ciphers.d.ts.map +1 -0
- package/dist/src/aes/ciphers.js +4 -0
- package/dist/src/aes/ciphers.js.map +1 -0
- package/dist/src/aes/index.d.ts +6 -0
- package/dist/src/aes/index.d.ts.map +1 -0
- package/dist/src/aes/index.js +17 -0
- package/dist/src/aes/index.js.map +1 -0
- package/dist/src/ciphers/aes-gcm.browser.d.ts +3 -0
- package/dist/src/ciphers/aes-gcm.browser.d.ts.map +1 -0
- package/dist/src/ciphers/aes-gcm.browser.js +61 -0
- package/dist/src/ciphers/aes-gcm.browser.js.map +1 -0
- package/dist/src/ciphers/aes-gcm.d.ts +3 -0
- package/dist/src/ciphers/aes-gcm.d.ts.map +1 -0
- package/dist/src/ciphers/aes-gcm.js +83 -0
- package/dist/src/ciphers/aes-gcm.js.map +1 -0
- package/dist/src/ciphers/interface.d.ts +14 -0
- package/dist/src/ciphers/interface.d.ts.map +1 -0
- package/dist/src/ciphers/interface.js +2 -0
- package/dist/src/ciphers/interface.js.map +1 -0
- package/dist/src/hmac/index-browser.d.ts +5 -0
- package/dist/src/hmac/index-browser.d.ts.map +1 -0
- package/dist/src/hmac/index-browser.js +25 -0
- package/dist/src/hmac/index-browser.js.map +1 -0
- package/dist/src/hmac/index.d.ts +5 -0
- package/dist/src/hmac/index.d.ts.map +1 -0
- package/dist/src/hmac/index.js +14 -0
- package/dist/src/hmac/index.js.map +1 -0
- package/dist/src/hmac/lengths.d.ts +7 -0
- package/dist/src/hmac/lengths.d.ts.map +1 -0
- package/dist/src/hmac/lengths.js +6 -0
- package/dist/src/hmac/lengths.js.map +1 -0
- package/dist/src/index.d.ts +11 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +11 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/keys/ecdh-browser.d.ts +3 -0
- package/dist/src/keys/ecdh-browser.d.ts.map +1 -0
- package/dist/src/keys/ecdh-browser.js +97 -0
- package/dist/src/keys/ecdh-browser.js.map +1 -0
- package/dist/src/keys/ecdh.d.ts +3 -0
- package/dist/src/keys/ecdh.d.ts.map +1 -0
- package/dist/src/keys/ecdh.js +26 -0
- package/dist/src/keys/ecdh.js.map +1 -0
- package/dist/src/keys/ed25519-class.d.ts +39 -0
- package/dist/src/keys/ed25519-class.d.ts.map +1 -0
- package/dist/src/keys/ed25519-class.js +119 -0
- package/dist/src/keys/ed25519-class.js.map +1 -0
- package/dist/src/keys/ed25519.d.ts +18 -0
- package/dist/src/keys/ed25519.d.ts.map +1 -0
- package/dist/src/keys/ed25519.js +52 -0
- package/dist/src/keys/ed25519.js.map +1 -0
- package/dist/src/keys/ephemeral-keys.d.ts +9 -0
- package/dist/src/keys/ephemeral-keys.d.ts.map +1 -0
- package/dist/src/keys/ephemeral-keys.js +9 -0
- package/dist/src/keys/ephemeral-keys.js.map +1 -0
- package/dist/src/keys/exporter.d.ts +7 -0
- package/dist/src/keys/exporter.d.ts.map +1 -0
- package/dist/src/keys/exporter.js +13 -0
- package/dist/src/keys/exporter.js.map +1 -0
- package/dist/src/keys/importer.d.ts +7 -0
- package/dist/src/keys/importer.d.ts.map +1 -0
- package/dist/src/keys/importer.js +13 -0
- package/dist/src/keys/importer.js.map +1 -0
- package/dist/src/keys/index.d.ts +33 -0
- package/dist/src/keys/index.d.ts.map +1 -0
- package/dist/src/keys/index.js +111 -0
- package/dist/src/keys/index.js.map +1 -0
- package/dist/src/keys/interface.d.ts +17 -0
- package/dist/src/keys/interface.d.ts.map +1 -0
- package/dist/src/keys/interface.js +2 -0
- package/dist/src/keys/interface.js.map +1 -0
- package/dist/src/keys/jwk2pem.d.ts +4 -0
- package/dist/src/keys/jwk2pem.d.ts.map +1 -0
- package/dist/src/keys/jwk2pem.js +14 -0
- package/dist/src/keys/jwk2pem.js.map +1 -0
- package/dist/src/keys/key-stretcher.d.ts +17 -0
- package/dist/src/keys/key-stretcher.d.ts.map +1 -0
- package/dist/src/keys/key-stretcher.js +65 -0
- package/dist/src/keys/key-stretcher.js.map +1 -0
- package/dist/src/keys/keys.d.ts +225 -0
- package/dist/src/keys/keys.d.ts.map +1 -0
- package/dist/src/keys/keys.js +345 -0
- package/dist/src/keys/keys.js.map +1 -0
- package/dist/src/keys/rsa-browser.d.ts +17 -0
- package/dist/src/keys/rsa-browser.d.ts.map +1 -0
- package/dist/src/keys/rsa-browser.js +99 -0
- package/dist/src/keys/rsa-browser.js.map +1 -0
- package/dist/src/keys/rsa-class.d.ts +42 -0
- package/dist/src/keys/rsa-class.d.ts.map +1 -0
- package/dist/src/keys/rsa-class.js +126 -0
- package/dist/src/keys/rsa-class.js.map +1 -0
- package/dist/src/keys/rsa-utils.d.ts +7 -0
- package/dist/src/keys/rsa-utils.d.ts.map +1 -0
- package/dist/src/keys/rsa-utils.js +65 -0
- package/dist/src/keys/rsa-utils.js.map +1 -0
- package/dist/src/keys/rsa.d.ts +13 -0
- package/dist/src/keys/rsa.d.ts.map +1 -0
- package/dist/src/keys/rsa.js +58 -0
- package/dist/src/keys/rsa.js.map +1 -0
- package/dist/src/keys/secp256k1-class.d.ts +36 -0
- package/dist/src/keys/secp256k1-class.d.ts.map +1 -0
- package/dist/src/keys/secp256k1-class.js +95 -0
- package/dist/src/keys/secp256k1-class.js.map +1 -0
- package/dist/src/keys/secp256k1.d.ts +17 -0
- package/dist/src/keys/secp256k1.d.ts.map +1 -0
- package/dist/src/keys/secp256k1.js +65 -0
- package/dist/src/keys/secp256k1.js.map +1 -0
- package/dist/src/pbkdf2.d.ts +5 -0
- package/dist/src/pbkdf2.d.ts.map +1 -0
- package/dist/src/pbkdf2.js +30 -0
- package/dist/src/pbkdf2.js.map +1 -0
- package/dist/src/random-bytes.d.ts +2 -0
- package/dist/src/random-bytes.d.ts.map +1 -0
- package/dist/src/random-bytes.js +9 -0
- package/dist/src/random-bytes.js.map +1 -0
- package/dist/src/util.d.ts +9 -0
- package/dist/src/util.d.ts.map +1 -0
- package/dist/src/util.js +37 -0
- package/dist/src/util.js.map +1 -0
- package/dist/src/webcrypto.d.ts +5 -0
- package/dist/src/webcrypto.d.ts.map +1 -0
- package/dist/src/webcrypto.js +17 -0
- package/dist/src/webcrypto.js.map +1 -0
- package/package.json +178 -4
- package/src/aes/cipher-mode.ts +15 -0
- package/src/aes/ciphers-browser.ts +28 -0
- package/src/aes/ciphers.ts +4 -0
- package/src/aes/index.ts +25 -0
- package/src/ciphers/aes-gcm.browser.ts +74 -0
- package/src/ciphers/aes-gcm.ts +102 -0
- package/src/ciphers/interface.ts +15 -0
- package/src/hmac/index-browser.ts +35 -0
- package/src/hmac/index.ts +15 -0
- package/src/hmac/lengths.ts +6 -0
- package/src/index.ts +11 -0
- package/src/keys/ecdh-browser.ts +138 -0
- package/src/keys/ecdh.ts +33 -0
- package/src/keys/ed25519-class.ts +145 -0
- package/src/keys/ed25519.ts +63 -0
- package/src/keys/ephemeral-keys.ts +9 -0
- package/src/keys/exporter.ts +13 -0
- package/src/keys/importer.ts +13 -0
- package/src/keys/index.ts +126 -0
- package/src/keys/interface.ts +20 -0
- package/src/keys/jwk2pem.ts +16 -0
- package/src/keys/key-stretcher.ts +77 -0
- package/src/keys/keys.d.ts +146 -0
- package/src/keys/keys.js +366 -0
- package/src/keys/keys.proto +15 -0
- package/src/keys/rsa-browser.ts +156 -0
- package/src/keys/rsa-class.ts +155 -0
- package/src/keys/rsa-utils.ts +74 -0
- package/src/keys/rsa.ts +69 -0
- package/src/keys/secp256k1-class.ts +118 -0
- package/src/keys/secp256k1.ts +69 -0
- package/src/pbkdf2.ts +39 -0
- package/src/random-bytes.ts +9 -0
- package/src/util.ts +42 -0
- package/src/webcrypto.ts +24 -0
package/LICENSE
ADDED
package/README.md
ADDED
|
@@ -0,0 +1,314 @@
|
|
|
1
|
+
# js-libp2p-crypto
|
|
2
|
+
|
|
3
|
+
[](http://protocol.ai)
|
|
4
|
+
[](http://libp2p.io/)
|
|
5
|
+
[](http://webchat.freenode.net/?channels=%23libp2p)
|
|
6
|
+
[](https://discuss.libp2p.io)
|
|
7
|
+
[](https://codecov.io/gh/libp2p/js-libp2p-crypto)
|
|
8
|
+
[](https://travis-ci.com/libp2p/js-libp2p-crypto)
|
|
9
|
+
[](https://david-dm.org/libp2p/js-libp2p-crypto)
|
|
10
|
+
[](https://github.com/feross/standard)
|
|
11
|
+
|
|
12
|
+
> Crypto primitives for libp2p in JavaScript
|
|
13
|
+
|
|
14
|
+
This repo contains the JavaScript implementation of the crypto primitives needed for libp2p. This is based on this [go implementation](https://github.com/libp2p/go-libp2p-crypto).
|
|
15
|
+
|
|
16
|
+
## Lead Maintainer
|
|
17
|
+
|
|
18
|
+
[Jacob Heun](https://github.com/jacobheun/)
|
|
19
|
+
|
|
20
|
+
## Table of Contents
|
|
21
|
+
|
|
22
|
+
- [js-libp2p-crypto](#js-libp2p-crypto)
|
|
23
|
+
- [Lead Maintainer](#lead-maintainer)
|
|
24
|
+
- [Table of Contents](#table-of-contents)
|
|
25
|
+
- [Install](#install)
|
|
26
|
+
- [Usage](#usage)
|
|
27
|
+
- [Web Crypto API](#web-crypto-api)
|
|
28
|
+
- [API](#api)
|
|
29
|
+
- [`crypto.aes`](#cryptoaes)
|
|
30
|
+
- [`crypto.aes.create(key, iv)`](#cryptoaescreatekey-iv)
|
|
31
|
+
- [`decrypt(data)`](#decryptdata)
|
|
32
|
+
- [`encrypt(data)`](#encryptdata)
|
|
33
|
+
- [`crypto.hmac`](#cryptohmac)
|
|
34
|
+
- [`crypto.hmac.create(hash, secret)`](#cryptohmaccreatehash-secret)
|
|
35
|
+
- [`digest(data)`](#digestdata)
|
|
36
|
+
- [`crypto.keys`](#cryptokeys)
|
|
37
|
+
- [`crypto.keys.generateKeyPair(type, bits)`](#cryptokeysgeneratekeypairtype-bits)
|
|
38
|
+
- [`crypto.keys.generateEphemeralKeyPair(curve)`](#cryptokeysgenerateephemeralkeypaircurve)
|
|
39
|
+
- [`crypto.keys.keyStretcher(cipherType, hashType, secret)`](#cryptokeyskeystretcherciphertype-hashtype-secret)
|
|
40
|
+
- [`crypto.keys.marshalPublicKey(key, [type])`](#cryptokeysmarshalpublickeykey-type)
|
|
41
|
+
- [`crypto.keys.unmarshalPublicKey(buf)`](#cryptokeysunmarshalpublickeybuf)
|
|
42
|
+
- [`crypto.keys.marshalPrivateKey(key, [type])`](#cryptokeysmarshalprivatekeykey-type)
|
|
43
|
+
- [`crypto.keys.unmarshalPrivateKey(buf)`](#cryptokeysunmarshalprivatekeybuf)
|
|
44
|
+
- [`crypto.keys.import(encryptedKey, password)`](#cryptokeysimportencryptedkey-password)
|
|
45
|
+
- [`privateKey.export(password, format)`](#privatekeyexportpassword-format)
|
|
46
|
+
- [`crypto.randomBytes(number)`](#cryptorandombytesnumber)
|
|
47
|
+
- [`crypto.pbkdf2(password, salt, iterations, keySize, hash)`](#cryptopbkdf2password-salt-iterations-keysize-hash)
|
|
48
|
+
- [Contribute](#contribute)
|
|
49
|
+
- [License](#license)
|
|
50
|
+
|
|
51
|
+
## Install
|
|
52
|
+
|
|
53
|
+
```sh
|
|
54
|
+
npm install --save libp2p-crypto
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Usage
|
|
58
|
+
|
|
59
|
+
```js
|
|
60
|
+
const crypto = require('libp2p-crypto')
|
|
61
|
+
|
|
62
|
+
// Now available to you:
|
|
63
|
+
//
|
|
64
|
+
// crypto.aes
|
|
65
|
+
// crypto.hmac
|
|
66
|
+
// crypto.keys
|
|
67
|
+
// etc.
|
|
68
|
+
//
|
|
69
|
+
// See full API details below...
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
### Web Crypto API
|
|
73
|
+
|
|
74
|
+
The `libp2p-crypto` library depends on the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) in the browser. Web Crypto is available in all modern browsers, however browsers restrict its usage to [Secure Contexts](https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts).
|
|
75
|
+
|
|
76
|
+
**This means you will not be able to use some `libp2p-crypto` functions in the browser when the page is served over HTTP.** To enable the Web Crypto API and allow `libp2p-crypto` to work fully, please serve your page over HTTPS.
|
|
77
|
+
|
|
78
|
+
## API
|
|
79
|
+
|
|
80
|
+
### `crypto.aes`
|
|
81
|
+
|
|
82
|
+
Exposes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
|
|
83
|
+
|
|
84
|
+
This uses `CTR` mode.
|
|
85
|
+
|
|
86
|
+
#### `crypto.aes.create(key, iv)`
|
|
87
|
+
|
|
88
|
+
- `key: Uint8Array` The key, if length `16` then `AES 128` is used. For length `32`, `AES 256` is used.
|
|
89
|
+
- `iv: Uint8Array` Must have length `16`.
|
|
90
|
+
|
|
91
|
+
Returns `Promise<{decrypt<Function>, encrypt<Function>}>`
|
|
92
|
+
|
|
93
|
+
##### `decrypt(data)`
|
|
94
|
+
|
|
95
|
+
- `data: Uint8Array`
|
|
96
|
+
|
|
97
|
+
Returns `Promise<Uint8Array>`
|
|
98
|
+
|
|
99
|
+
##### `encrypt(data)`
|
|
100
|
+
|
|
101
|
+
- `data: Uint8Array`
|
|
102
|
+
|
|
103
|
+
Returns `Promise<Uint8Array>`
|
|
104
|
+
|
|
105
|
+
```js
|
|
106
|
+
const crypto = require('libp2p-crypto')
|
|
107
|
+
|
|
108
|
+
// Setting up Key and IV
|
|
109
|
+
|
|
110
|
+
// A 16 bytes array, 128 Bits, AES-128 is chosen
|
|
111
|
+
const key128 = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
|
|
112
|
+
|
|
113
|
+
// A 16 bytes array, 128 Bits,
|
|
114
|
+
const IV = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
|
|
115
|
+
|
|
116
|
+
async function main () {
|
|
117
|
+
const decryptedMessage = 'Hello, world!'
|
|
118
|
+
|
|
119
|
+
// Encrypting
|
|
120
|
+
const cipher = await crypto.aes.create(key128, IV)
|
|
121
|
+
const encryptedBuffer = await cipher.encrypt(Uint8Array.from(decryptedMessage))
|
|
122
|
+
console.log(encryptedBuffer)
|
|
123
|
+
// prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
|
|
124
|
+
|
|
125
|
+
// Decrypting
|
|
126
|
+
const decipher = await crypto.aes.create(key128, IV)
|
|
127
|
+
const decryptedBuffer = await cipher.decrypt(encryptedBuffer)
|
|
128
|
+
|
|
129
|
+
console.log(decryptedBuffer)
|
|
130
|
+
// prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
|
|
131
|
+
|
|
132
|
+
console.log(decryptedBuffer.toString('utf-8'))
|
|
133
|
+
// prints: Hello, world!
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
main()
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
### `crypto.hmac`
|
|
140
|
+
|
|
141
|
+
Exposes an interface to the Keyed-Hash Message Authentication Code (HMAC) as defined in U.S. Federal Information Processing Standards Publication 198. An HMAC is a cryptographic hash that uses a key to sign a message. The receiver verifies the hash by recomputing it using the same key.
|
|
142
|
+
|
|
143
|
+
#### `crypto.hmac.create(hash, secret)`
|
|
144
|
+
|
|
145
|
+
- `hash: String`
|
|
146
|
+
- `secret: Uint8Array`
|
|
147
|
+
|
|
148
|
+
Returns `Promise<{digest<Function>}>`
|
|
149
|
+
|
|
150
|
+
##### `digest(data)`
|
|
151
|
+
|
|
152
|
+
- `data: Uint8Array`
|
|
153
|
+
|
|
154
|
+
Returns `Promise<Uint8Array>`
|
|
155
|
+
|
|
156
|
+
Example:
|
|
157
|
+
|
|
158
|
+
```js
|
|
159
|
+
const crypto = require('libp2p-crypto')
|
|
160
|
+
|
|
161
|
+
async function main () {
|
|
162
|
+
const hash = 'SHA1' // 'SHA256' || 'SHA512'
|
|
163
|
+
const hmac = await crypto.hmac.create(hash, uint8ArrayFromString('secret'))
|
|
164
|
+
const sig = await hmac.digest(uint8ArrayFromString('hello world'))
|
|
165
|
+
console.log(sig)
|
|
166
|
+
}
|
|
167
|
+
|
|
168
|
+
main()
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
### `crypto.keys`
|
|
172
|
+
|
|
173
|
+
**Supported Key Types**
|
|
174
|
+
|
|
175
|
+
The [`generateKeyPair`](#generatekeypairtype-bits), [`marshalPublicKey`](#marshalpublickeykey-type), and [`marshalPrivateKey`](#marshalprivatekeykey-type) functions accept a string `type` argument.
|
|
176
|
+
|
|
177
|
+
Currently the `'RSA'`, `'ed25519'`, and `secp256k1` types are supported, although ed25519 and secp256k1 keys support only signing and verification of messages. For encryption / decryption support, RSA keys should be used.
|
|
178
|
+
|
|
179
|
+
### `crypto.keys.generateKeyPair(type, bits)`
|
|
180
|
+
|
|
181
|
+
- `type: String`, see [Supported Key Types](#supported-key-types) above.
|
|
182
|
+
- `bits: Number` Minimum of 1024
|
|
183
|
+
|
|
184
|
+
Returns `Promise<{privateKey<Uint8Array>, publicKey<Uint8Array>}>`
|
|
185
|
+
|
|
186
|
+
Generates a keypair of the given type and bitsize.
|
|
187
|
+
|
|
188
|
+
### `crypto.keys.generateEphemeralKeyPair(curve)`
|
|
189
|
+
|
|
190
|
+
- `curve: String`, one of `'P-256'`, `'P-384'`, `'P-521'` is currently supported
|
|
191
|
+
|
|
192
|
+
Returns `Promise`
|
|
193
|
+
|
|
194
|
+
Generates an ephemeral public key and returns a function that will compute the shared secret key.
|
|
195
|
+
|
|
196
|
+
Focuses only on ECDH now, but can be made more general in the future.
|
|
197
|
+
|
|
198
|
+
Resolves to an object of the form:
|
|
199
|
+
|
|
200
|
+
```js
|
|
201
|
+
{
|
|
202
|
+
key: Uint8Array,
|
|
203
|
+
genSharedKey: Function
|
|
204
|
+
}
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
### `crypto.keys.keyStretcher(cipherType, hashType, secret)`
|
|
208
|
+
|
|
209
|
+
- `cipherType: String`, one of `'AES-128'`, `'AES-256'`, `'Blowfish'`
|
|
210
|
+
- `hashType: String`, one of `'SHA1'`, `SHA256`, `SHA512`
|
|
211
|
+
- `secret: Uint8Array`
|
|
212
|
+
|
|
213
|
+
Returns `Promise`
|
|
214
|
+
|
|
215
|
+
Generates a set of keys for each party by stretching the shared key.
|
|
216
|
+
|
|
217
|
+
Resolves to an object of the form:
|
|
218
|
+
|
|
219
|
+
```js
|
|
220
|
+
{
|
|
221
|
+
k1: {
|
|
222
|
+
iv: Uint8Array,
|
|
223
|
+
cipherKey: Uint8Array,
|
|
224
|
+
macKey: Uint8Array
|
|
225
|
+
},
|
|
226
|
+
k2: {
|
|
227
|
+
iv: Uint8Array,
|
|
228
|
+
cipherKey: Uint8Array,
|
|
229
|
+
macKey: Uint8Array
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
```
|
|
233
|
+
|
|
234
|
+
### `crypto.keys.marshalPublicKey(key, [type])`
|
|
235
|
+
|
|
236
|
+
- `key: keys.rsa.RsaPublicKey | keys.ed25519.Ed25519PublicKey | keys.secp256k1.Secp256k1PublicKey`
|
|
237
|
+
- `type: String`, see [Supported Key Types](#supported-key-types) above. Defaults to 'rsa'.
|
|
238
|
+
|
|
239
|
+
Returns `Uint8Array`
|
|
240
|
+
|
|
241
|
+
Converts a public key object into a protobuf serialized public key.
|
|
242
|
+
|
|
243
|
+
### `crypto.keys.unmarshalPublicKey(buf)`
|
|
244
|
+
|
|
245
|
+
- `buf: Uint8Array`
|
|
246
|
+
|
|
247
|
+
Returns `RsaPublicKey|Ed25519PublicKey|Secp256k1PublicKey`
|
|
248
|
+
|
|
249
|
+
Converts a protobuf serialized public key into its representative object.
|
|
250
|
+
|
|
251
|
+
### `crypto.keys.marshalPrivateKey(key, [type])`
|
|
252
|
+
|
|
253
|
+
- `key: keys.rsa.RsaPrivateKey | keys.ed25519.Ed25519PrivateKey | keys.secp256k1.Secp256k1PrivateKey`
|
|
254
|
+
- `type: String`, see [Supported Key Types](#supported-key-types) above.
|
|
255
|
+
|
|
256
|
+
Returns `Uint8Array`
|
|
257
|
+
|
|
258
|
+
Converts a private key object into a protobuf serialized private key.
|
|
259
|
+
|
|
260
|
+
### `crypto.keys.unmarshalPrivateKey(buf)`
|
|
261
|
+
|
|
262
|
+
- `buf: Uint8Array`
|
|
263
|
+
|
|
264
|
+
Returns `Promise<RsaPrivateKey|Ed25519PrivateKey|Secp256k1PrivateKey>`
|
|
265
|
+
|
|
266
|
+
Converts a protobuf serialized private key into its representative object.
|
|
267
|
+
|
|
268
|
+
### `crypto.keys.import(encryptedKey, password)`
|
|
269
|
+
|
|
270
|
+
- `encryptedKey: string`
|
|
271
|
+
- `password: string`
|
|
272
|
+
|
|
273
|
+
Returns `Promise<PrivateKey>`
|
|
274
|
+
|
|
275
|
+
Converts an exported private key into its representative object. Supported formats are 'pem' (RSA only) and 'libp2p-key'.
|
|
276
|
+
|
|
277
|
+
### `privateKey.export(password, format)`
|
|
278
|
+
|
|
279
|
+
- `password: string`
|
|
280
|
+
- `format: string` the format to export to: 'pem' (rsa only), 'libp2p-key'
|
|
281
|
+
|
|
282
|
+
Returns `string`
|
|
283
|
+
|
|
284
|
+
Exports the password protected `PrivateKey`. RSA keys will be exported as password protected PEM by default. Ed25519 and Secp256k1 keys will be exported as password protected AES-GCM base64 encoded strings ('libp2p-key' format).
|
|
285
|
+
|
|
286
|
+
### `crypto.randomBytes(number)`
|
|
287
|
+
|
|
288
|
+
- `number: Number`
|
|
289
|
+
|
|
290
|
+
Returns `Uint8Array`
|
|
291
|
+
|
|
292
|
+
Generates a Uint8Array with length `number` populated by random bytes.
|
|
293
|
+
|
|
294
|
+
### `crypto.pbkdf2(password, salt, iterations, keySize, hash)`
|
|
295
|
+
|
|
296
|
+
- `password: String`
|
|
297
|
+
- `salt: String`
|
|
298
|
+
- `iterations: Number`
|
|
299
|
+
- `keySize: Number` in bytes
|
|
300
|
+
- `hash: String` the hashing algorithm ('sha1', 'sha2-512', ...)
|
|
301
|
+
|
|
302
|
+
Computes the Password Based Key Derivation Function 2; returning a new password.
|
|
303
|
+
|
|
304
|
+
## Contribute
|
|
305
|
+
|
|
306
|
+
Feel free to join in. All welcome. Open an [issue](https://github.com/libp2p/js-libp2p-crypto/issues)!
|
|
307
|
+
|
|
308
|
+
This repository falls under the IPFS [Code of Conduct](https://github.com/ipfs/community/blob/master/code-of-conduct.md).
|
|
309
|
+
|
|
310
|
+
[](https://github.com/ipfs/community/blob/master/contributing.md)
|
|
311
|
+
|
|
312
|
+
## License
|
|
313
|
+
|
|
314
|
+
[MIT](./LICENSE)
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cipher-mode.d.ts","sourceRoot":"","sources":["../../../src/aes/cipher-mode.ts"],"names":[],"mappings":"AAOA,wBAAgB,UAAU,CAAE,GAAG,EAAE,UAAU,UAO1C"}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
import errcode from 'err-code';
|
|
2
|
+
const CIPHER_MODES = {
|
|
3
|
+
16: 'aes-128-ctr',
|
|
4
|
+
32: 'aes-256-ctr'
|
|
5
|
+
};
|
|
6
|
+
export function cipherMode(key) {
|
|
7
|
+
if (key.length === 16 || key.length === 32) {
|
|
8
|
+
return CIPHER_MODES[key.length];
|
|
9
|
+
}
|
|
10
|
+
const modes = Object.entries(CIPHER_MODES).map(([k, v]) => `${k} (${v})`).join(' / ');
|
|
11
|
+
throw errcode(new Error(`Invalid key length ${key.length} bytes. Must be ${modes}`), 'ERR_INVALID_KEY_LENGTH');
|
|
12
|
+
}
|
|
13
|
+
//# sourceMappingURL=cipher-mode.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cipher-mode.js","sourceRoot":"","sources":["../../../src/aes/cipher-mode.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,UAAU,CAAA;AAE9B,MAAM,YAAY,GAAG;IACnB,EAAE,EAAE,aAAa;IACjB,EAAE,EAAE,aAAa;CAClB,CAAA;AAED,MAAM,UAAU,UAAU,CAAE,GAAe;IACzC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE;QAC1C,OAAO,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;KAChC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACrF,MAAM,OAAO,CAAC,IAAI,KAAK,CAAC,sBAAsB,GAAG,CAAC,MAAM,mBAAmB,KAAK,EAAE,CAAC,EAAE,wBAAwB,CAAC,CAAA;AAChH,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import 'node-forge/lib/aes.js';
|
|
2
|
+
export declare function createCipheriv(mode: any, key: Uint8Array, iv: Uint8Array): {
|
|
3
|
+
update: (data: Uint8Array) => Uint8Array;
|
|
4
|
+
};
|
|
5
|
+
export declare function createDecipheriv(mode: any, key: Uint8Array, iv: Uint8Array): {
|
|
6
|
+
update: (data: Uint8Array) => Uint8Array;
|
|
7
|
+
};
|
|
8
|
+
//# sourceMappingURL=ciphers-browser.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ciphers-browser.d.ts","sourceRoot":"","sources":["../../../src/aes/ciphers-browser.ts"],"names":[],"mappings":"AACA,OAAO,uBAAuB,CAAA;AAM9B,wBAAgB,cAAc,CAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU;mBAIvD,UAAU;EAK5B;AAED,wBAAgB,gBAAgB,CAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU;mBAIzD,UAAU;EAK5B"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import 'node-forge/lib/aes.js';
|
|
2
|
+
// @ts-expect-error types are missing
|
|
3
|
+
import forge from 'node-forge/lib/forge.js';
|
|
4
|
+
import { toString as uint8ArrayToString } from 'uint8arrays/to-string';
|
|
5
|
+
import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
|
|
6
|
+
export function createCipheriv(mode, key, iv) {
|
|
7
|
+
const cipher2 = forge.cipher.createCipher('AES-CTR', uint8ArrayToString(key, 'ascii'));
|
|
8
|
+
cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') });
|
|
9
|
+
return {
|
|
10
|
+
update: (data) => {
|
|
11
|
+
cipher2.update(forge.util.createBuffer(uint8ArrayToString(data, 'ascii')));
|
|
12
|
+
return uint8ArrayFromString(cipher2.output.getBytes(), 'ascii');
|
|
13
|
+
}
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
export function createDecipheriv(mode, key, iv) {
|
|
17
|
+
const cipher2 = forge.cipher.createDecipher('AES-CTR', uint8ArrayToString(key, 'ascii'));
|
|
18
|
+
cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') });
|
|
19
|
+
return {
|
|
20
|
+
update: (data) => {
|
|
21
|
+
cipher2.update(forge.util.createBuffer(uint8ArrayToString(data, 'ascii')));
|
|
22
|
+
return uint8ArrayFromString(cipher2.output.getBytes(), 'ascii');
|
|
23
|
+
}
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=ciphers-browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ciphers-browser.js","sourceRoot":"","sources":["../../../src/aes/ciphers-browser.ts"],"names":[],"mappings":"AACA,OAAO,uBAAuB,CAAA;AAC9B,qCAAqC;AACrC,OAAO,KAAK,MAAM,yBAAyB,CAAA;AAC3C,OAAO,EAAE,QAAQ,IAAI,kBAAkB,EAAE,MAAM,uBAAuB,CAAA;AACtE,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAE5E,MAAM,UAAU,cAAc,CAAE,IAAS,EAAE,GAAe,EAAE,EAAc;IACxE,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAA;IACtF,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,kBAAkB,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;IACtD,OAAO;QACL,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAA;YAC1E,OAAO,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;QACjE,CAAC;KACF,CAAA;AACH,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAE,IAAS,EAAE,GAAe,EAAE,EAAc;IAC1E,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,kBAAkB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAA;IACxF,OAAO,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,kBAAkB,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAA;IACtD,OAAO;QACL,MAAM,EAAE,CAAC,IAAgB,EAAE,EAAE;YAC3B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,kBAAkB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAA;YAC1E,OAAO,oBAAoB,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,OAAO,CAAC,CAAA;QACjE,CAAC;KACF,CAAA;AACH,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ciphers.d.ts","sourceRoot":"","sources":["../../../src/aes/ciphers.ts"],"names":[],"mappings":";AAAA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAE3B,eAAO,MAAM,cAAc,8BAAwB,CAAA;AACnD,eAAO,MAAM,gBAAgB,gCAA0B,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"ciphers.js","sourceRoot":"","sources":["../../../src/aes/ciphers.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAE3B,MAAM,CAAC,MAAM,cAAc,GAAG,MAAM,CAAC,cAAc,CAAA;AACnD,MAAM,CAAC,MAAM,gBAAgB,GAAG,MAAM,CAAC,gBAAgB,CAAA"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/aes/index.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAA;IAClD,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAA;CACnD;AAED,wBAAsB,MAAM,CAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,sBAgB5D"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
import * as ciphers from './ciphers.js';
|
|
2
|
+
import { cipherMode } from './cipher-mode.js';
|
|
3
|
+
export async function create(key, iv) {
|
|
4
|
+
const mode = cipherMode(key);
|
|
5
|
+
const cipher = ciphers.createCipheriv(mode, key, iv);
|
|
6
|
+
const decipher = ciphers.createDecipheriv(mode, key, iv);
|
|
7
|
+
const res = {
|
|
8
|
+
async encrypt(data) {
|
|
9
|
+
return cipher.update(data);
|
|
10
|
+
},
|
|
11
|
+
async decrypt(data) {
|
|
12
|
+
return decipher.update(data);
|
|
13
|
+
}
|
|
14
|
+
};
|
|
15
|
+
return res;
|
|
16
|
+
}
|
|
17
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/aes/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AACvC,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAA;AAO7C,MAAM,CAAC,KAAK,UAAU,MAAM,CAAE,GAAe,EAAE,EAAc;IAC3D,MAAM,IAAI,GAAG,UAAU,CAAC,GAAG,CAAC,CAAA;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC,CAAA;IAExD,MAAM,GAAG,GAAc;QACrB,KAAK,CAAC,OAAO,CAAE,IAAI;YACjB,OAAO,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC5B,CAAC;QAED,KAAK,CAAC,OAAO,CAAE,IAAI;YACjB,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QAC9B,CAAC;KACF,CAAA;IAED,OAAO,GAAG,CAAA;AACZ,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aes-gcm.browser.d.ts","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAI9D,wBAAgB,MAAM,CAAE,IAAI,CAAC,EAAE,aAAa,aAkE3C"}
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
import { concat } from 'uint8arrays/concat';
|
|
2
|
+
import { fromString } from 'uint8arrays/from-string';
|
|
3
|
+
import webcrypto from '../webcrypto.js';
|
|
4
|
+
// Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
|
|
5
|
+
export function create(opts) {
|
|
6
|
+
const algorithm = opts?.algorithm ?? 'AES-GCM';
|
|
7
|
+
let keyLength = opts?.keyLength ?? 16;
|
|
8
|
+
const nonceLength = opts?.nonceLength ?? 12;
|
|
9
|
+
const digest = opts?.digest ?? 'SHA-256';
|
|
10
|
+
const saltLength = opts?.saltLength ?? 16;
|
|
11
|
+
const iterations = opts?.iterations ?? 32767;
|
|
12
|
+
const crypto = webcrypto.get();
|
|
13
|
+
keyLength *= 8; // Browser crypto uses bits instead of bytes
|
|
14
|
+
/**
|
|
15
|
+
* Uses the provided password to derive a pbkdf2 key. The key
|
|
16
|
+
* will then be used to encrypt the data.
|
|
17
|
+
*/
|
|
18
|
+
async function encrypt(data, password) {
|
|
19
|
+
const salt = crypto.getRandomValues(new Uint8Array(saltLength));
|
|
20
|
+
const nonce = crypto.getRandomValues(new Uint8Array(nonceLength));
|
|
21
|
+
const aesGcm = { name: algorithm, iv: nonce };
|
|
22
|
+
if (typeof password === 'string') {
|
|
23
|
+
password = fromString(password);
|
|
24
|
+
}
|
|
25
|
+
// Derive a key using PBKDF2.
|
|
26
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
|
|
27
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey', 'deriveBits']);
|
|
28
|
+
const cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['encrypt']);
|
|
29
|
+
// Encrypt the string.
|
|
30
|
+
const ciphertext = await crypto.subtle.encrypt(aesGcm, cryptoKey, data);
|
|
31
|
+
return concat([salt, aesGcm.iv, new Uint8Array(ciphertext)]);
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Uses the provided password to derive a pbkdf2 key. The key
|
|
35
|
+
* will then be used to decrypt the data. The options used to create
|
|
36
|
+
* this decryption cipher must be the same as those used to create
|
|
37
|
+
* the encryption cipher.
|
|
38
|
+
*/
|
|
39
|
+
async function decrypt(data, password) {
|
|
40
|
+
const salt = data.slice(0, saltLength);
|
|
41
|
+
const nonce = data.slice(saltLength, saltLength + nonceLength);
|
|
42
|
+
const ciphertext = data.slice(saltLength + nonceLength);
|
|
43
|
+
const aesGcm = { name: algorithm, iv: nonce };
|
|
44
|
+
if (typeof password === 'string') {
|
|
45
|
+
password = fromString(password);
|
|
46
|
+
}
|
|
47
|
+
// Derive the key using PBKDF2.
|
|
48
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
|
|
49
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey', 'deriveBits']);
|
|
50
|
+
const cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['decrypt']);
|
|
51
|
+
// Decrypt the string.
|
|
52
|
+
const plaintext = await crypto.subtle.decrypt(aesGcm, cryptoKey, ciphertext);
|
|
53
|
+
return new Uint8Array(plaintext);
|
|
54
|
+
}
|
|
55
|
+
const cipher = {
|
|
56
|
+
encrypt,
|
|
57
|
+
decrypt
|
|
58
|
+
};
|
|
59
|
+
return cipher;
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=aes-gcm.browser.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aes-gcm.browser.js","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,SAAS,MAAM,iBAAiB,CAAA;AAGvC,yFAAyF;AAEzF,MAAM,UAAU,MAAM,CAAE,IAAoB;IAC1C,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,SAAS,CAAA;IAC9C,IAAI,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,EAAE,CAAA;IACrC,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,EAAE,CAAA;IAC3C,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,SAAS,CAAA;IACxC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAA;IACzC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,KAAK,CAAA;IAE5C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAA;IAC9B,SAAS,IAAI,CAAC,CAAA,CAAC,4CAA4C;IAE3D;;;OAGG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;QACjE,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;QAE7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;SAChC;QAED,6BAA6B;QAC7B,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;QACjF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAA;QACrH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QAEhI,sBAAsB;QACtB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;QACvE,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QACtC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,UAAU,GAAG,WAAW,CAAC,CAAA;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,WAAW,CAAC,CAAA;QACvD,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;QAE7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;SAChC;QAED,+BAA+B;QAC/B,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;QACjF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,WAAW,EAAE,YAAY,CAAC,CAAC,CAAA;QACrH,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;QAEhI,sBAAsB;QACtB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;QAC5E,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,MAAM,GAAc;QACxB,OAAO;QACP,OAAO;KACR,CAAA;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aes-gcm.d.ts","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAI9D,wBAAgB,MAAM,CAAE,IAAI,CAAC,EAAE,aAAa,aA8F3C"}
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
import crypto from 'crypto';
|
|
2
|
+
import { concat as uint8ArrayConcat } from 'uint8arrays/concat';
|
|
3
|
+
import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string';
|
|
4
|
+
// Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
|
|
5
|
+
export function create(opts) {
|
|
6
|
+
const algorithm = opts?.algorithm ?? 'aes-128-gcm';
|
|
7
|
+
const keyLength = opts?.keyLength ?? 16;
|
|
8
|
+
const nonceLength = opts?.nonceLength ?? 12;
|
|
9
|
+
const digest = opts?.digest ?? 'sha256';
|
|
10
|
+
const saltLength = opts?.saltLength ?? 16;
|
|
11
|
+
const iterations = opts?.iterations ?? 32767;
|
|
12
|
+
const algorithmTagLength = opts?.algorithmTagLength ?? 16;
|
|
13
|
+
async function encryptWithKey(data, key) {
|
|
14
|
+
const nonce = crypto.randomBytes(nonceLength);
|
|
15
|
+
// Create the cipher instance.
|
|
16
|
+
const cipher = crypto.createCipheriv(algorithm, key, nonce);
|
|
17
|
+
// Encrypt and prepend nonce.
|
|
18
|
+
const ciphertext = uint8ArrayConcat([cipher.update(data), cipher.final()]);
|
|
19
|
+
// @ts-expect-error getAuthTag is not a function
|
|
20
|
+
return uint8ArrayConcat([nonce, ciphertext, cipher.getAuthTag()]);
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Uses the provided password to derive a pbkdf2 key. The key
|
|
24
|
+
* will then be used to encrypt the data.
|
|
25
|
+
*/
|
|
26
|
+
async function encrypt(data, password) {
|
|
27
|
+
// Generate a 128-bit salt using a CSPRNG.
|
|
28
|
+
const salt = crypto.randomBytes(saltLength);
|
|
29
|
+
if (typeof password === 'string') {
|
|
30
|
+
password = uint8ArrayFromString(password);
|
|
31
|
+
}
|
|
32
|
+
// Derive a key using PBKDF2.
|
|
33
|
+
const key = crypto.pbkdf2Sync(password, salt, iterations, keyLength, digest);
|
|
34
|
+
// Encrypt and prepend salt.
|
|
35
|
+
return uint8ArrayConcat([salt, await encryptWithKey(Uint8Array.from(data), key)]);
|
|
36
|
+
}
|
|
37
|
+
/**
|
|
38
|
+
* Decrypts the given cipher text with the provided key. The `key` should
|
|
39
|
+
* be a cryptographically safe key and not a plaintext password. To use
|
|
40
|
+
* a plaintext password, use `decrypt`. The options used to create
|
|
41
|
+
* this decryption cipher must be the same as those used to create
|
|
42
|
+
* the encryption cipher.
|
|
43
|
+
*/
|
|
44
|
+
async function decryptWithKey(ciphertextAndNonce, key) {
|
|
45
|
+
// Create Uint8Arrays of nonce, ciphertext and tag.
|
|
46
|
+
const nonce = ciphertextAndNonce.slice(0, nonceLength);
|
|
47
|
+
const ciphertext = ciphertextAndNonce.slice(nonceLength, ciphertextAndNonce.length - algorithmTagLength);
|
|
48
|
+
const tag = ciphertextAndNonce.slice(ciphertext.length + nonceLength);
|
|
49
|
+
// Create the cipher instance.
|
|
50
|
+
const cipher = crypto.createDecipheriv(algorithm, key, nonce);
|
|
51
|
+
// Decrypt and return result.
|
|
52
|
+
// @ts-expect-error getAuthTag is not a function
|
|
53
|
+
cipher.setAuthTag(tag);
|
|
54
|
+
return uint8ArrayConcat([cipher.update(ciphertext), cipher.final()]);
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* Uses the provided password to derive a pbkdf2 key. The key
|
|
58
|
+
* will then be used to decrypt the data. The options used to create
|
|
59
|
+
* this decryption cipher must be the same as those used to create
|
|
60
|
+
* the encryption cipher.
|
|
61
|
+
*
|
|
62
|
+
* @param {Uint8Array} data - The data to decrypt
|
|
63
|
+
* @param {string|Uint8Array} password - A plain password
|
|
64
|
+
*/
|
|
65
|
+
async function decrypt(data, password) {
|
|
66
|
+
// Create Uint8Arrays of salt and ciphertextAndNonce.
|
|
67
|
+
const salt = data.slice(0, saltLength);
|
|
68
|
+
const ciphertextAndNonce = data.slice(saltLength);
|
|
69
|
+
if (typeof password === 'string') {
|
|
70
|
+
password = uint8ArrayFromString(password);
|
|
71
|
+
}
|
|
72
|
+
// Derive the key using PBKDF2.
|
|
73
|
+
const key = crypto.pbkdf2Sync(password, salt, iterations, keyLength, digest);
|
|
74
|
+
// Decrypt and return result.
|
|
75
|
+
return await decryptWithKey(ciphertextAndNonce, key);
|
|
76
|
+
}
|
|
77
|
+
const cipher = {
|
|
78
|
+
encrypt,
|
|
79
|
+
decrypt
|
|
80
|
+
};
|
|
81
|
+
return cipher;
|
|
82
|
+
}
|
|
83
|
+
//# sourceMappingURL=aes-gcm.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"aes-gcm.js","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAC3B,OAAO,EAAE,MAAM,IAAI,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AAC/D,OAAO,EAAE,UAAU,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAA;AAG5E,yFAAyF;AAEzF,MAAM,UAAU,MAAM,CAAE,IAAoB;IAC1C,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,aAAa,CAAA;IAClD,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,EAAE,CAAA;IACvC,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,EAAE,CAAA;IAC3C,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,QAAQ,CAAA;IACvC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAA;IACzC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,KAAK,CAAA;IAC5C,MAAM,kBAAkB,GAAG,IAAI,EAAE,kBAAkB,IAAI,EAAE,CAAA;IAEzD,KAAK,UAAU,cAAc,CAAE,IAAgB,EAAE,GAAe;QAC9D,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,WAAW,CAAC,CAAA;QAE7C,8BAA8B;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAE3D,6BAA6B;QAC7B,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;QAE1E,gDAAgD;QAChD,OAAO,gBAAgB,CAAC,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC,CAAA;IACnE,CAAC;IAED;;;OAGG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,0CAA0C;QAC1C,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,UAAU,CAAC,CAAA;QAE3C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;SAC1C;QAED,6BAA6B;QAC7B,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;QAE5E,4BAA4B;QAC5B,OAAO,gBAAgB,CAAC,CAAC,IAAI,EAAE,MAAM,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAA;IACnF,CAAC;IAED;;;;;;OAMG;IACH,KAAK,UAAU,cAAc,CAAE,kBAA8B,EAAE,GAAe;QAC5E,mDAAmD;QACnD,MAAM,KAAK,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC,EAAE,WAAW,CAAC,CAAA;QACtD,MAAM,UAAU,GAAG,kBAAkB,CAAC,KAAK,CAAC,WAAW,EAAE,kBAAkB,CAAC,MAAM,GAAG,kBAAkB,CAAC,CAAA;QACxG,MAAM,GAAG,GAAG,kBAAkB,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,GAAG,WAAW,CAAC,CAAA;QAErE,8BAA8B;QAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,KAAK,CAAC,CAAA;QAE7D,6BAA6B;QAC7B,gDAAgD;QAChD,MAAM,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;QACtB,OAAO,gBAAgB,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAA;IACtE,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,qDAAqD;QACrD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QACtC,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QAEjD,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA;SAC1C;QAED,+BAA+B;QAC/B,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,CAAC,CAAA;QAE5E,6BAA6B;QAC7B,OAAO,MAAM,cAAc,CAAC,kBAAkB,EAAE,GAAG,CAAC,CAAA;IACtD,CAAC;IAED,MAAM,MAAM,GAAc;QACxB,OAAO;QACP,OAAO;KACR,CAAA;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
export interface CreateOptions {
|
|
2
|
+
algorithm?: string;
|
|
3
|
+
nonceLength?: number;
|
|
4
|
+
keyLength?: number;
|
|
5
|
+
digest?: string;
|
|
6
|
+
saltLength?: number;
|
|
7
|
+
iterations?: number;
|
|
8
|
+
algorithmTagLength?: number;
|
|
9
|
+
}
|
|
10
|
+
export interface AESCipher {
|
|
11
|
+
encrypt: (data: Uint8Array, password: string | Uint8Array) => Promise<Uint8Array>;
|
|
12
|
+
decrypt: (data: Uint8Array, password: string | Uint8Array) => Promise<Uint8Array>;
|
|
13
|
+
}
|
|
14
|
+
//# sourceMappingURL=interface.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"interface.d.ts","sourceRoot":"","sources":["../../../src/ciphers/interface.ts"],"names":[],"mappings":"AACA,MAAM,WAAW,aAAa;IAC5B,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,kBAAkB,CAAC,EAAE,MAAM,CAAA;CAC5B;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAA;IACjF,OAAO,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,GAAG,UAAU,KAAK,OAAO,CAAC,UAAU,CAAC,CAAA;CAClF"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"interface.js","sourceRoot":"","sources":["../../../src/ciphers/interface.ts"],"names":[],"mappings":""}
|