@libp2p/crypto 2.0.8 → 3.0.0

package/src/keys/rsa-class.ts

@@ -1,14 +1,16 @@
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 import { sha256 } from 'multiformats/hashes/sha2'
 // @ts-expect-error types are missing
 import forge from 'node-forge/lib/forge.js'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import 'node-forge/lib/sha512.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { isPromise } from '../util.js'
 import { exporter } from './exporter.js'
 import * as pbm from './keys.js'
 import * as crypto from './rsa.js'
 import type { Multibase } from 'multiformats'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 export const MAX_KEY_SIZE = 8192
 
@@ -19,7 +21,7 @@ export class RsaPublicKey {
     this._key = key
   }
 
-  async verify (data: Uint8Array, sig: Uint8Array): Promise<boolean> {
+  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean | Promise<boolean> {
     return crypto.hashAndVerify(this._key, sig, data)
   }
 
@@ -34,18 +36,22 @@ export class RsaPublicKey {
     }).subarray()
   }
 
-  encrypt (bytes: Uint8Array): Uint8Array {
+  encrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
     return crypto.encrypt(this._key, bytes)
   }
 
-  equals (key: any): boolean {
+  equals (key: any): boolean | boolean {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
 
-  async hash (): Promise<Uint8Array> {
-    const { bytes } = await sha256.digest(this.bytes)
+  hash (): Uint8Array | Promise<Uint8Array> {
+    const p = sha256.digest(this.bytes)
+
+    if (isPromise(p)) {
+      return p.then(({ bytes }) => bytes)
+    }
 
-    return bytes
+    return p.bytes
   }
 }
 
@@ -62,7 +68,7 @@ export class RsaPrivateKey {
     return crypto.getRandomValues(16)
   }
 
-  async sign (message: Uint8Array): Promise<Uint8Array> {
+  sign (message: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
     return crypto.hashAndSign(this._key, message)
   }
 
@@ -74,7 +80,7 @@ export class RsaPrivateKey {
     return new RsaPublicKey(this._publicKey)
   }
 
-  decrypt (bytes: Uint8Array): Uint8Array {
+  decrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
     return crypto.decrypt(this._key, bytes)
   }
 
@@ -93,10 +99,14 @@ export class RsaPrivateKey {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
 
-  async hash (): Promise<Uint8Array> {
-    const { bytes } = await sha256.digest(this.bytes)
+  hash (): Uint8Array | Promise<Uint8Array> {
+    const p = sha256.digest(this.bytes)
+
+    if (isPromise(p)) {
+      return p.then(({ bytes }) => bytes)
+    }
 
-    return bytes
+    return p.bytes
   }
 
   /**

package/src/keys/rsa-utils.ts

@@ -1,6 +1,6 @@
 import 'node-forge/lib/asn1.js'
 import 'node-forge/lib/rsa.js'
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 // @ts-expect-error types are missing
 import forge from 'node-forge/lib/forge.js'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'

package/src/keys/rsa.ts

@@ -1,9 +1,10 @@
 import crypto from 'crypto'
 import { promisify } from 'util'
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 import randomBytes from '../random-bytes.js'
 import * as utils from './rsa-utils.js'
 import type { JWKKeyPair } from './interface.js'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 const keypair = promisify(crypto.generateKeyPair)
 
@@ -42,30 +43,56 @@ export async function unmarshalPrivateKey (key: JsonWebKey): Promise<JWKKeyPair>
 
 export { randomBytes as getRandomValues }
 
-export async function hashAndSign (key: JsonWebKey, msg: Uint8Array): Promise<Uint8Array> {
-  return crypto.createSign('RSA-SHA256')
-    .update(msg)
-    // @ts-expect-error node types are missing jwk as a format
-    .sign({ format: 'jwk', key })
+export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+  const hash = crypto.createSign('RSA-SHA256')
+
+  if (msg instanceof Uint8Array) {
+    hash.update(msg)
+  } else {
+    for (const buf of msg) {
+      hash.update(buf)
+    }
+  }
+
+  // @ts-expect-error node types are missing jwk as a format
+  return hash.sign({ format: 'jwk', key })
 }
 
-export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
-  return crypto.createVerify('RSA-SHA256')
-    .update(msg)
-    // @ts-expect-error node types are missing jwk as a format
-    .verify({ format: 'jwk', key }, sig)
+export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+  const hash = crypto.createVerify('RSA-SHA256')
+
+  if (msg instanceof Uint8Array) {
+    hash.update(msg)
+  } else {
+    for (const buf of msg) {
+      hash.update(buf)
+    }
+  }
+
+  // @ts-expect-error node types are missing jwk as a format
+  return hash.verify({ format: 'jwk', key }, sig)
 }
 
 const padding = crypto.constants.RSA_PKCS1_PADDING
 
-export function encrypt (key: JsonWebKey, bytes: Uint8Array): Uint8Array {
-  // @ts-expect-error node types are missing jwk as a format
-  return crypto.publicEncrypt({ format: 'jwk', key, padding }, bytes)
+export function encrypt (key: JsonWebKey, bytes: Uint8Array | Uint8ArrayList): Uint8Array {
+  if (bytes instanceof Uint8Array) {
+    // @ts-expect-error node types are missing jwk as a format
+    return crypto.publicEncrypt({ format: 'jwk', key, padding }, bytes)
+  } else {
+    // @ts-expect-error node types are missing jwk as a format
+    return crypto.publicEncrypt({ format: 'jwk', key, padding }, bytes.subarray())
+  }
 }
 
-export function decrypt (key: JsonWebKey, bytes: Uint8Array): Uint8Array {
-  // @ts-expect-error node types are missing jwk as a format
-  return crypto.privateDecrypt({ format: 'jwk', key, padding }, bytes)
+export function decrypt (key: JsonWebKey, bytes: Uint8Array | Uint8ArrayList): Uint8Array {
+  if (bytes instanceof Uint8Array) {
+    // @ts-expect-error node types are missing jwk as a format
+    return crypto.privateDecrypt({ format: 'jwk', key, padding }, bytes)
+  } else {
+    // @ts-expect-error node types are missing jwk as a format
+    return crypto.privateDecrypt({ format: 'jwk', key, padding }, bytes.subarray())
+  }
 }
 
 export function keySize (jwk: JsonWebKey): number {

package/src/keys/secp256k1-browser.ts

@@ -0,0 +1,87 @@
+import { CodeError } from '@libp2p/interface'
+import { secp256k1 as secp } from '@noble/curves/secp256k1'
+import { sha256 } from 'multiformats/hashes/sha2'
+import { isPromise } from '../util.js'
+import type { Uint8ArrayList } from 'uint8arraylist'
+
+const PRIVATE_KEY_BYTE_LENGTH = 32
+
+export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
+
+export function generateKey (): Uint8Array {
+  return secp.utils.randomPrivateKey()
+}
+
+/**
+ * Hash and sign message with private key
+ */
+export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
+  const p = sha256.digest(msg instanceof Uint8Array ? msg : msg.subarray())
+
+  if (isPromise(p)) {
+    return p.then(({ digest }) => secp.sign(digest, key).toDERRawBytes())
+      .catch(err => {
+        throw new CodeError(String(err), 'ERR_INVALID_INPUT')
+      })
+  }
+
+  try {
+    return secp.sign(p.digest, key).toDERRawBytes()
+  } catch (err) {
+    throw new CodeError(String(err), 'ERR_INVALID_INPUT')
+  }
+}
+
+/**
+ * Hash message and verify signature with public key
+ */
+export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): boolean | Promise<boolean> {
+  const p = sha256.digest(msg instanceof Uint8Array ? msg : msg.subarray())
+
+  if (isPromise(p)) {
+    return p.then(({ digest }) => secp.verify(sig, digest, key))
+      .catch(err => {
+        throw new CodeError(String(err), 'ERR_INVALID_INPUT')
+      })
+  }
+
+  try {
+    return secp.verify(sig, p.digest, key)
+  } catch (err) {
+    throw new CodeError(String(err), 'ERR_INVALID_INPUT')
+  }
+}
+
+export function compressPublicKey (key: Uint8Array): Uint8Array {
+  const point = secp.ProjectivePoint.fromHex(key).toRawBytes(true)
+  return point
+}
+
+export function decompressPublicKey (key: Uint8Array): Uint8Array {
+  const point = secp.ProjectivePoint.fromHex(key).toRawBytes(false)
+  return point
+}
+
+export function validatePrivateKey (key: Uint8Array): void {
+  try {
+    secp.getPublicKey(key, true)
+  } catch (err) {
+    throw new CodeError(String(err), 'ERR_INVALID_PRIVATE_KEY')
+  }
+}
+
+export function validatePublicKey (key: Uint8Array): void {
+  try {
+    secp.ProjectivePoint.fromHex(key)
+  } catch (err) {
+    throw new CodeError(String(err), 'ERR_INVALID_PUBLIC_KEY')
+  }
+}
+
+export function computePublicKey (privateKey: Uint8Array): Uint8Array {
+  try {
+    return secp.getPublicKey(privateKey, true)
+  } catch (err) {
+    throw new CodeError(String(err), 'ERR_INVALID_PRIVATE_KEY')
+  }
+}

package/src/keys/secp256k1-class.ts

@@ -1,11 +1,13 @@
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 import { sha256 } from 'multiformats/hashes/sha2'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { isPromise } from '../util.js'
 import { exporter } from './exporter.js'
 import * as keysProtobuf from './keys.js'
 import * as crypto from './secp256k1.js'
 import type { Multibase } from 'multiformats'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class Secp256k1PublicKey {
   private readonly _key: Uint8Array
@@ -15,7 +17,7 @@ export class Secp256k1PublicKey {
     this._key = key
   }
 
-  async verify (data: Uint8Array, sig: Uint8Array): Promise<boolean> {
+  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean {
     return crypto.hashAndVerify(this._key, sig, data)
   }
 
@@ -35,7 +37,14 @@ export class Secp256k1PublicKey {
   }
 
   async hash (): Promise<Uint8Array> {
-    const { bytes } = await sha256.digest(this.bytes)
+    const p = sha256.digest(this.bytes)
+    let bytes: Uint8Array
+
+    if (isPromise(p)) {
+      ({ bytes } = await p)
+    } else {
+      bytes = p.bytes
+    }
 
     return bytes
   }
@@ -52,7 +61,7 @@ export class Secp256k1PrivateKey {
     crypto.validatePublicKey(this._publicKey)
   }
 
-  async sign (message: Uint8Array): Promise<Uint8Array> {
+  sign (message: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
     return crypto.hashAndSign(this._key, message)
   }
 
@@ -75,10 +84,14 @@ export class Secp256k1PrivateKey {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
 
-  async hash (): Promise<Uint8Array> {
-    const { bytes } = await sha256.digest(this.bytes)
+  hash (): Uint8Array | Promise<Uint8Array> {
+    const p = sha256.digest(this.bytes)
 
-    return bytes
+    if (isPromise(p)) {
+      return p.then(({ bytes }) => bytes)
+    }
+
+    return p.bytes
   }
 
   /**

package/src/keys/secp256k1.ts

@@ -1,6 +1,7 @@
-import { CodeError } from '@libp2p/interface/errors'
+import crypto from 'node:crypto'
+import { CodeError } from '@libp2p/interface'
 import { secp256k1 as secp } from '@noble/curves/secp256k1'
-import { sha256 } from 'multiformats/hashes/sha2'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PRIVATE_KEY_BYTE_LENGTH = 32
 
@@ -13,8 +14,19 @@ export function generateKey (): Uint8Array {
 /**
  * Hash and sign message with private key
  */
-export async function hashAndSign (key: Uint8Array, msg: Uint8Array): Promise<Uint8Array> {
-  const { digest } = await sha256.digest(msg)
+export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Uint8Array {
+  const hash = crypto.createHash('sha256')
+
+  if (msg instanceof Uint8Array) {
+    hash.update(msg)
+  } else {
+    for (const buf of msg) {
+      hash.update(buf)
+    }
+  }
+
+  const digest = hash.digest()
+
   try {
     const signature = secp.sign(digest, key)
     return signature.toDERRawBytes()
@@ -26,9 +38,20 @@ export async function hashAndSign (key: Uint8Array, msg: Uint8Array): Promise<Ui
 /**
  * Hash message and verify signature with public key
  */
-export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
+export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): boolean {
+  const hash = crypto.createHash('sha256')
+
+  if (msg instanceof Uint8Array) {
+    hash.update(msg)
+  } else {
+    for (const buf of msg) {
+      hash.update(buf)
+    }
+  }
+
+  const digest = hash.digest()
+
   try {
-    const { digest } = await sha256.digest(msg)
     return secp.verify(sig, digest, key)
   } catch (err) {
     throw new CodeError(String(err), 'ERR_INVALID_INPUT')

package/src/pbkdf2.ts

@@ -1,4 +1,4 @@
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 // @ts-expect-error types are missing
 import forgePbkdf2 from 'node-forge/lib/pbkdf2.js'
 // @ts-expect-error types are missing

package/src/random-bytes.ts

@@ -1,4 +1,4 @@
-import { CodeError } from '@libp2p/interface/errors'
+import { CodeError } from '@libp2p/interface'
 import { randomBytes as randB } from '@noble/hashes/utils'
 
 /**

package/src/util.ts

@@ -40,3 +40,13 @@ export function base64urlToBuffer (str: string, len?: number): Uint8Array {
 
   return buf
 }
+
+export function isPromise <T = unknown> (thing: any): thing is Promise<T> {
+  if (thing == null) {
+    return false
+  }
+
+  return typeof thing.then === 'function' &&
+    typeof thing.catch === 'function' &&
+    typeof thing.finally === 'function'
+}

package/src/webcrypto.ts

@@ -13,7 +13,7 @@ export default {
           'The most likely cause of this error is that this page is being accessed ' +
           'from an insecure context (i.e. not HTTPS). For more information and ' +
           'possible resolutions see ' +
-          'https://github.com/libp2p/js-libp2p-crypto/blob/master/README.md#web-crypto-api'
+          'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api'
         ),
         { code: 'ERR_MISSING_WEB_CRYPTO' }
       )