@libp2p/crypto 1.0.14 → 1.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.min.js +6 -6
- package/dist/src/ciphers/aes-gcm.browser.d.ts +8 -0
- package/dist/src/ciphers/aes-gcm.browser.d.ts.map +1 -1
- package/dist/src/ciphers/aes-gcm.browser.js +34 -8
- package/dist/src/ciphers/aes-gcm.browser.js.map +1 -1
- package/package.json +2 -1
- package/src/ciphers/aes-gcm.browser.ts +33 -7
|
@@ -1,3 +1,11 @@
|
|
|
1
1
|
import type { CreateOptions, AESCipher } from './interface.js';
|
|
2
|
+
export declare function isWebkitLinux(): boolean;
|
|
3
|
+
export declare const derivedEmptyPasswordKey: {
|
|
4
|
+
alg: string;
|
|
5
|
+
ext: boolean;
|
|
6
|
+
k: string;
|
|
7
|
+
key_ops: string[];
|
|
8
|
+
kty: string;
|
|
9
|
+
};
|
|
2
10
|
export declare function create(opts?: CreateOptions): AESCipher;
|
|
3
11
|
//# sourceMappingURL=aes-gcm.browser.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aes-gcm.browser.d.ts","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"aes-gcm.browser.d.ts","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAA;AAE9D,wBAAgB,aAAa,IAAK,OAAO,CAExC;AAYD,eAAO,MAAM,uBAAuB;;;;;;CAA0G,CAAA;AAI9I,wBAAgB,MAAM,CAAE,IAAI,CAAC,EAAE,aAAa,GAAG,SAAS,CA4EvD"}
|
|
@@ -1,6 +1,20 @@
|
|
|
1
1
|
import { concat } from 'uint8arrays/concat';
|
|
2
2
|
import { fromString } from 'uint8arrays/from-string';
|
|
3
3
|
import webcrypto from '../webcrypto.js';
|
|
4
|
+
export function isWebkitLinux() {
|
|
5
|
+
return typeof navigator !== 'undefined' && navigator.userAgent.includes('Safari') && navigator.userAgent.includes('Linux') && !navigator.userAgent.includes('Chrome');
|
|
6
|
+
}
|
|
7
|
+
// WebKit on Linux does not support deriving a key from an empty PBKDF2 key.
|
|
8
|
+
// So, as a workaround, we provide the generated key as a constant. We test that
|
|
9
|
+
// this generated key is accurate in test/workaround.spec.ts
|
|
10
|
+
// Generated via:
|
|
11
|
+
// await crypto.subtle.exportKey('jwk',
|
|
12
|
+
// await crypto.subtle.deriveKey(
|
|
13
|
+
// { name: 'PBKDF2', salt: new Uint8Array(16), iterations: 32767, hash: { name: 'SHA-256' } },
|
|
14
|
+
// await crypto.subtle.importKey('raw', new Uint8Array(0), { name: 'PBKDF2' }, false, ['deriveKey']),
|
|
15
|
+
// { name: 'AES-GCM', length: 128 }, true, ['encrypt', 'decrypt'])
|
|
16
|
+
// )
|
|
17
|
+
export const derivedEmptyPasswordKey = { alg: 'A128GCM', ext: true, k: 'scm9jmO_4BJAgdwWGVulLg', key_ops: ['encrypt', 'decrypt'], kty: 'oct' };
|
|
4
18
|
// Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
|
|
5
19
|
export function create(opts) {
|
|
6
20
|
const algorithm = opts?.algorithm ?? 'AES-GCM';
|
|
@@ -22,10 +36,16 @@ export function create(opts) {
|
|
|
22
36
|
if (typeof password === 'string') {
|
|
23
37
|
password = fromString(password);
|
|
24
38
|
}
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
39
|
+
let cryptoKey;
|
|
40
|
+
if (password.length === 0 && isWebkitLinux()) {
|
|
41
|
+
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt']);
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
// Derive a key using PBKDF2.
|
|
45
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
|
|
46
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
|
|
47
|
+
cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['encrypt']);
|
|
48
|
+
}
|
|
29
49
|
// Encrypt the string.
|
|
30
50
|
const ciphertext = await crypto.subtle.encrypt(aesGcm, cryptoKey, data);
|
|
31
51
|
return concat([salt, aesGcm.iv, new Uint8Array(ciphertext)]);
|
|
@@ -44,10 +64,16 @@ export function create(opts) {
|
|
|
44
64
|
if (typeof password === 'string') {
|
|
45
65
|
password = fromString(password);
|
|
46
66
|
}
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
67
|
+
let cryptoKey;
|
|
68
|
+
if (password.length === 0 && isWebkitLinux()) {
|
|
69
|
+
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['decrypt']);
|
|
70
|
+
}
|
|
71
|
+
else {
|
|
72
|
+
// Derive the key using PBKDF2.
|
|
73
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
|
|
74
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
|
|
75
|
+
cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['decrypt']);
|
|
76
|
+
}
|
|
51
77
|
// Decrypt the string.
|
|
52
78
|
const plaintext = await crypto.subtle.decrypt(aesGcm, cryptoKey, ciphertext);
|
|
53
79
|
return new Uint8Array(plaintext);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"aes-gcm.browser.js","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,SAAS,MAAM,iBAAiB,CAAA;AAGvC,yFAAyF;AAEzF,MAAM,UAAU,MAAM,CAAE,IAAoB;IAC1C,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,SAAS,CAAA;IAC9C,IAAI,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,EAAE,CAAA;IACrC,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,EAAE,CAAA;IAC3C,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,SAAS,CAAA;IACxC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAA;IACzC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,KAAK,CAAA;IAE5C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAA;IAC9B,SAAS,IAAI,CAAC,CAAA,CAAC,4CAA4C;IAE3D;;;OAGG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;QACjE,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;QAE7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;SAChC;QAED,6BAA6B;
|
|
1
|
+
{"version":3,"file":"aes-gcm.browser.js","sourceRoot":"","sources":["../../../src/ciphers/aes-gcm.browser.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAA;AAC3C,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAA;AACpD,OAAO,SAAS,MAAM,iBAAiB,CAAA;AAGvC,MAAM,UAAU,aAAa;IAC3B,OAAO,OAAO,SAAS,KAAK,WAAW,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AACvK,CAAC;AAED,4EAA4E;AAC5E,gFAAgF;AAChF,4DAA4D;AAC5D,iBAAiB;AACjB,uCAAuC;AACvC,mCAAmC;AACnC,kGAAkG;AAClG,yGAAyG;AACzG,sEAAsE;AACtE,IAAI;AACJ,MAAM,CAAC,MAAM,uBAAuB,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,wBAAwB,EAAE,OAAO,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;AAE9I,yFAAyF;AAEzF,MAAM,UAAU,MAAM,CAAE,IAAoB;IAC1C,MAAM,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,SAAS,CAAA;IAC9C,IAAI,SAAS,GAAG,IAAI,EAAE,SAAS,IAAI,EAAE,CAAA;IACrC,MAAM,WAAW,GAAG,IAAI,EAAE,WAAW,IAAI,EAAE,CAAA;IAC3C,MAAM,MAAM,GAAG,IAAI,EAAE,MAAM,IAAI,SAAS,CAAA;IACxC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,EAAE,CAAA;IACzC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,KAAK,CAAA;IAE5C,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,CAAA;IAC9B,SAAS,IAAI,CAAC,CAAA,CAAC,4CAA4C;IAE3D;;;OAGG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,MAAM,IAAI,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;QAC/D,MAAM,KAAK,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,WAAW,CAAC,CAAC,CAAA;QACjE,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;QAE7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;SAChC;QAED,IAAI,SAAoB,CAAA;QACxB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,EAAE,EAAE;YAC5C,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,uBAAuB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;SAClH;aAAM;YACP,6BAA6B;YAC3B,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACjF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;SAC3H;QAED,sBAAsB;QACtB,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,CAAA;QACvE,OAAO,MAAM,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,EAAE,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC9D,CAAC;IAED;;;;;OAKG;IACH,KAAK,UAAU,OAAO,CAAE,IAAgB,EAAE,QAA6B;QACrE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,CAAC,EAAE,UAAU,CAAC,CAAA;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,UAAU,GAAG,WAAW,CAAC,CAAA;QACjE,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,UAAU,GAAG,WAAW,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;QAE7C,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE;YAChC,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAA;SAChC;QAED,IAAI,SAAoB,CAAA;QACxB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,IAAI,aAAa,EAAE,EAAE;YAC5C,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,uBAAuB,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;SAClH;aAAM;YACL,+BAA+B;YAC/B,MAAM,YAAY,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAA;YACjF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,CAAC,CAAA;YACvG,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,EAAE,MAAM,EAAE,EAAE,IAAI,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,CAAC,CAAA;SAC3H;QAED,sBAAsB;QACtB,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,SAAS,EAAE,UAAU,CAAC,CAAA;QAC5E,OAAO,IAAI,UAAU,CAAC,SAAS,CAAC,CAAA;IAClC,CAAC;IAED,MAAM,MAAM,GAAc;QACxB,OAAO;QACP,OAAO;KACR,CAAA;IAED,OAAO,MAAM,CAAA;AACf,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@libp2p/crypto",
|
|
3
|
-
"version": "1.0.
|
|
3
|
+
"version": "1.0.15",
|
|
4
4
|
"description": "Crypto primitives for libp2p",
|
|
5
5
|
"license": "Apache-2.0 OR MIT",
|
|
6
6
|
"homepage": "https://github.com/libp2p/js-libp2p-crypto#readme",
|
|
@@ -172,6 +172,7 @@
|
|
|
172
172
|
"test:chrome-webworker": "aegir test -t webworker",
|
|
173
173
|
"test:firefox": "aegir test -t browser -- --browser firefox",
|
|
174
174
|
"test:firefox-webworker": "aegir test -t webworker -- --browser firefox",
|
|
175
|
+
"test:webkit": "bash -c '[ \"${CI}\" == \"true\" ] && playwright install-deps'; aegir test -t browser -- --browser webkit",
|
|
175
176
|
"test:node": "aegir test -t node --cov",
|
|
176
177
|
"test:electron-main": "aegir test -t electron-main",
|
|
177
178
|
"release": "aegir release",
|
|
@@ -3,6 +3,22 @@ import { fromString } from 'uint8arrays/from-string'
|
|
|
3
3
|
import webcrypto from '../webcrypto.js'
|
|
4
4
|
import type { CreateOptions, AESCipher } from './interface.js'
|
|
5
5
|
|
|
6
|
+
export function isWebkitLinux (): boolean {
|
|
7
|
+
return typeof navigator !== 'undefined' && navigator.userAgent.includes('Safari') && navigator.userAgent.includes('Linux') && !navigator.userAgent.includes('Chrome')
|
|
8
|
+
}
|
|
9
|
+
|
|
10
|
+
// WebKit on Linux does not support deriving a key from an empty PBKDF2 key.
|
|
11
|
+
// So, as a workaround, we provide the generated key as a constant. We test that
|
|
12
|
+
// this generated key is accurate in test/workaround.spec.ts
|
|
13
|
+
// Generated via:
|
|
14
|
+
// await crypto.subtle.exportKey('jwk',
|
|
15
|
+
// await crypto.subtle.deriveKey(
|
|
16
|
+
// { name: 'PBKDF2', salt: new Uint8Array(16), iterations: 32767, hash: { name: 'SHA-256' } },
|
|
17
|
+
// await crypto.subtle.importKey('raw', new Uint8Array(0), { name: 'PBKDF2' }, false, ['deriveKey']),
|
|
18
|
+
// { name: 'AES-GCM', length: 128 }, true, ['encrypt', 'decrypt'])
|
|
19
|
+
// )
|
|
20
|
+
export const derivedEmptyPasswordKey = { alg: 'A128GCM', ext: true, k: 'scm9jmO_4BJAgdwWGVulLg', key_ops: ['encrypt', 'decrypt'], kty: 'oct' }
|
|
21
|
+
|
|
6
22
|
// Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
|
|
7
23
|
|
|
8
24
|
export function create (opts?: CreateOptions): AESCipher {
|
|
@@ -29,10 +45,15 @@ export function create (opts?: CreateOptions): AESCipher {
|
|
|
29
45
|
password = fromString(password)
|
|
30
46
|
}
|
|
31
47
|
|
|
48
|
+
let cryptoKey: CryptoKey
|
|
49
|
+
if (password.length === 0 && isWebkitLinux()) {
|
|
50
|
+
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt'])
|
|
51
|
+
} else {
|
|
32
52
|
// Derive a key using PBKDF2.
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
53
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
|
|
54
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey'])
|
|
55
|
+
cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['encrypt'])
|
|
56
|
+
}
|
|
36
57
|
|
|
37
58
|
// Encrypt the string.
|
|
38
59
|
const ciphertext = await crypto.subtle.encrypt(aesGcm, cryptoKey, data)
|
|
@@ -55,10 +76,15 @@ export function create (opts?: CreateOptions): AESCipher {
|
|
|
55
76
|
password = fromString(password)
|
|
56
77
|
}
|
|
57
78
|
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
79
|
+
let cryptoKey: CryptoKey
|
|
80
|
+
if (password.length === 0 && isWebkitLinux()) {
|
|
81
|
+
cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['decrypt'])
|
|
82
|
+
} else {
|
|
83
|
+
// Derive the key using PBKDF2.
|
|
84
|
+
const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } }
|
|
85
|
+
const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey'])
|
|
86
|
+
cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['decrypt'])
|
|
87
|
+
}
|
|
62
88
|
|
|
63
89
|
// Decrypt the string.
|
|
64
90
|
const plaintext = await crypto.subtle.decrypt(aesGcm, cryptoKey, ciphertext)
|