@libp2p/crypto 3.0.4-ee7ffe9b9 → 4.0.0

package/dist/src/webcrypto.d.ts

@@ -1,5 +1,7 @@
+/// <reference types="node" />
+import { webcrypto } from 'crypto';
 declare const _default: {
-    get(win?: typeof globalThis): Crypto;
+    get(win?: typeof globalThis): webcrypto.Crypto;
 };
 export default _default;
 //# sourceMappingURL=webcrypto.d.ts.map

package/dist/src/webcrypto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"webcrypto.d.ts","sourceRoot":"","sources":["../../src/webcrypto.ts"],"names":[],"mappings":";;;AAIA,wBAmBC"}
+{"version":3,"file":"webcrypto.d.ts","sourceRoot":"","sources":["../../src/webcrypto.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;;;;AAIlC,wBAIC"}

package/dist/src/webcrypto.js

@@ -1,17 +1,10 @@
 /* eslint-env browser */
-// Check native crypto exists and is enabled (In insecure context `self.crypto`
-// exists but `self.crypto.subtle` does not).
+import { webcrypto } from 'crypto';
+// globalThis `SubtleCrypto` shipped in node.js 19.x, Electron currently uses
+// v18.x so this override file is necessary until Electron updates
 export default {
     get(win = globalThis) {
-        const nativeCrypto = win.crypto;
-        if (nativeCrypto == null || nativeCrypto.subtle == null) {
-            throw Object.assign(new Error('Missing Web Crypto API. ' +
-                'The most likely cause of this error is that this page is being accessed ' +
-                'from an insecure context (i.e. not HTTPS). For more information and ' +
-                'possible resolutions see ' +
-                'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api'), { code: 'ERR_MISSING_WEB_CRYPTO' });
-        }
-        return nativeCrypto;
+        return webcrypto;
     }
 };
 //# sourceMappingURL=webcrypto.js.map

package/dist/src/webcrypto.js.map

@@ -1 +1 @@
-{"version":3,"file":"webcrypto.js","sourceRoot":"","sources":["../../src/webcrypto.ts"],"names":[],"mappings":"AAAA,wBAAwB;AAExB,+EAA+E;AAC/E,6CAA6C;AAC7C,eAAe;IACb,GAAG,CAAE,GAAG,GAAG,UAAU;QACnB,MAAM,YAAY,GAAG,GAAG,CAAC,MAAM,CAAA;QAE/B,IAAI,YAAY,IAAI,IAAI,IAAI,YAAY,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC;YACxD,MAAM,MAAM,CAAC,MAAM,CACjB,IAAI,KAAK,CACP,0BAA0B;gBAC1B,0EAA0E;gBAC1E,sEAAsE;gBACtE,2BAA2B;gBAC3B,wFAAwF,CACzF,EACD,EAAE,IAAI,EAAE,wBAAwB,EAAE,CACnC,CAAA;QACH,CAAC;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;CACF,CAAA"}
+{"version":3,"file":"webcrypto.js","sourceRoot":"","sources":["../../src/webcrypto.ts"],"names":[],"mappings":"AAAA,wBAAwB;AAExB,OAAO,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AAElC,6EAA6E;AAC7E,kEAAkE;AAClE,eAAe;IACb,GAAG,CAAE,GAAG,GAAG,UAAU;QACnB,OAAO,SAAS,CAAA;IAClB,CAAC;CACF,CAAA"}

package/dist/typedoc-urls.json

@@ -0,0 +1,42 @@
+{
+  "HMAC": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.hmac.HMAC.html",
+  "./hmac:HMAC": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.hmac.HMAC.html",
+  "create": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.hmac.create.html",
+  "./hmac:create": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.hmac.create.html",
+  "pbkdf2": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.index.pbkdf2.html",
+  "randomBytes": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.index.randomBytes.html",
+  "codec": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keysPBM.KeyType.codec.html",
+  "decode": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keysPBM.PrivateKey.decode.html",
+  "encode": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keysPBM.PrivateKey.encode.html",
+  "KeyType": "https://libp2p.github.io/js-libp2p/enums/_libp2p_crypto.keys.keysPBM.KeyType-1.html",
+  "PrivateKey": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.keysPBM.PrivateKey-1.html",
+  "PublicKey": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.keysPBM.PublicKey-1.html",
+  "Ed25519PrivateKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.Ed25519PrivateKey.html",
+  "Ed25519PublicKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.Ed25519PublicKey.html",
+  "RsaPrivateKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.RsaPrivateKey.html",
+  "RsaPublicKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.RsaPublicKey.html",
+  "Secp256k1PrivateKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.Secp256k1PrivateKey.html",
+  "Secp256k1PublicKey": "https://libp2p.github.io/js-libp2p/classes/_libp2p_crypto.keys.Secp256k1PublicKey.html",
+  "JWKKeyPair": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.JWKKeyPair.html",
+  "KeyTypes": "https://libp2p.github.io/js-libp2p/types/_libp2p_crypto.keys.KeyTypes.html",
+  "./keys:KeyTypes": "https://libp2p.github.io/js-libp2p/types/_libp2p_crypto.keys.KeyTypes.html",
+  "MAX_RSA_KEY_SIZE": "https://libp2p.github.io/js-libp2p/variables/_libp2p_crypto.keys.MAX_RSA_KEY_SIZE.html",
+  "supportedKeys": "https://libp2p.github.io/js-libp2p/variables/_libp2p_crypto.keys.supportedKeys.html",
+  "./keys:supportedKeys": "https://libp2p.github.io/js-libp2p/variables/_libp2p_crypto.keys.supportedKeys.html",
+  "generateEphemeralKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateEphemeralKeyPair.html",
+  "generateKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPair.html",
+  "./keys:generateKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPair.html",
+  "generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
+  "./keys:generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
+  "importKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.importKey.html",
+  "./keys:importKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.importKey.html",
+  "keyStretcher": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keyStretcher.html",
+  "marshalPrivateKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.marshalPrivateKey.html",
+  "./keys:marshalPrivateKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.marshalPrivateKey.html",
+  "marshalPublicKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.marshalPublicKey.html",
+  "./keys:marshalPublicKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.marshalPublicKey.html",
+  "unmarshalPrivateKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.unmarshalPrivateKey.html",
+  "./keys:unmarshalPrivateKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.unmarshalPrivateKey.html",
+  "unmarshalPublicKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.unmarshalPublicKey.html",
+  "./keys:unmarshalPublicKey": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.unmarshalPublicKey.html"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/crypto",
-  "version": "3.0.4-ee7ffe9b9",
+  "version": "4.0.0",
   "description": "Crypto primitives for libp2p",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/crypto#readme",
@@ -51,10 +51,6 @@
       "types": "./src/index.d.ts",
       "import": "./dist/src/index.js"
     },
-    "./aes": {
-      "types": "./dist/src/aes/index.d.ts",
-      "import": "./dist/src/aes/index.js"
-    },
     "./hmac": {
       "types": "./dist/src/hmac/index.d.ts",
       "import": "./dist/src/hmac/index.js"
@@ -69,10 +65,7 @@
     "parserOptions": {
       "project": true,
       "sourceType": "module"
-    },
-    "ignorePatterns": [
-      "src/*.d.ts"
-    ]
+    }
   },
   "scripts": {
     "clean": "aegir clean",
@@ -90,13 +83,13 @@
     "generate": "protons ./src/keys/keys.proto"
   },
   "dependencies": {
-    "@libp2p/interface": "1.1.1-ee7ffe9b9",
+    "@libp2p/interface": "^1.1.1",
     "@noble/curves": "^1.1.0",
-    "@noble/hashes": "^1.3.1",
+    "@noble/hashes": "^1.3.3",
+    "asn1js": "^3.0.5",
     "multiformats": "^13.0.0",
-    "node-forge": "^1.1.0",
     "protons-runtime": "^5.0.0",
-    "uint8arraylist": "^2.4.3",
+    "uint8arraylist": "^2.4.7",
     "uint8arrays": "^5.0.0"
   },
   "devDependencies": {
@@ -106,12 +99,12 @@
     "protons": "^7.3.0"
   },
   "browser": {
-    "./dist/src/aes/ciphers.js": "./dist/src/aes/ciphers-browser.js",
     "./dist/src/ciphers/aes-gcm.js": "./dist/src/ciphers/aes-gcm.browser.js",
     "./dist/src/hmac/index.js": "./dist/src/hmac/index-browser.js",
     "./dist/src/keys/ecdh.js": "./dist/src/keys/ecdh-browser.js",
     "./dist/src/keys/ed25519.js": "./dist/src/keys/ed25519-browser.js",
     "./dist/src/keys/rsa.js": "./dist/src/keys/rsa-browser.js",
-    "./dist/src/keys/secp256k1.js": "./dist/src/keys/secp256k1-browser.js"
+    "./dist/src/keys/secp256k1.js": "./dist/src/keys/secp256k1-browser.js",
+    "./dist/src/webcrypto.js": "./dist/src/webcrypto-browser.js"
   }
 }

package/src/index.ts

@@ -8,13 +8,11 @@
  * To enable the Web Crypto API and allow `@libp2p/crypto` to work fully, please serve your page over HTTPS.
  */
 
-import * as aes from './aes/index.js'
 import * as hmac from './hmac/index.js'
 import * as keys from './keys/index.js'
 import pbkdf2 from './pbkdf2.js'
 import randomBytes from './random-bytes.js'
 
-export { aes }
 export { hmac }
 export { keys }
 export { randomBytes }

package/src/keys/ed25519-browser.ts

@@ -1,5 +1,5 @@
 import { ed25519 as ed } from '@noble/curves/ed25519'
-import type { Uint8ArrayKeyPair } from './interface'
+import type { Uint8ArrayKeyPair } from './interface.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PUBLIC_KEY_BYTE_LENGTH = 32

package/src/keys/index.ts

@@ -10,18 +10,14 @@
  * For encryption / decryption support, RSA keys should be used.
  */
 
-import 'node-forge/lib/asn1.js'
-import 'node-forge/lib/pbe.js'
 import { CodeError } from '@libp2p/interface'
-// @ts-expect-error types are missing
-import forge from 'node-forge/lib/forge.js'
-import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import * as Ed25519 from './ed25519-class.js'
 import generateEphemeralKeyPair from './ephemeral-keys.js'
 import { importer } from './importer.js'
 import { keyStretcher } from './key-stretcher.js'
 import * as keysPBM from './keys.js'
 import * as RSA from './rsa-class.js'
+import { importFromPem } from './rsa-utils.js'
 import * as Secp256k1 from './secp256k1-class.js'
 import type { PrivateKey, PublicKey } from '@libp2p/interface'
 
@@ -31,6 +27,11 @@ export { keysPBM }
 
 export type KeyTypes = 'RSA' | 'Ed25519' | 'secp256k1'
 
+export { RsaPrivateKey, RsaPublicKey, MAX_RSA_KEY_SIZE } from './rsa-class.js'
+export { Ed25519PrivateKey, Ed25519PublicKey } from './ed25519-class.js'
+export { Secp256k1PrivateKey, Secp256k1PublicKey } from './secp256k1-class.js'
+export type { JWKKeyPair } from './interface.js'
+
 export const supportedKeys = {
   rsa: RSA,
   ed25519: Ed25519,
@@ -144,12 +145,9 @@ export async function importKey (encryptedKey: string, password: string): Promis
     // Ignore and try the old pem decrypt
   }
 
-  // Only rsa supports pem right now
-  const key = forge.pki.decryptRsaPrivateKey(encryptedKey, password)
-  if (key === null) {
-    throw new CodeError('Cannot read the key, most likely the password is wrong or not a RSA key', 'ERR_CANNOT_DECRYPT_PEM')
+  if (!encryptedKey.includes('BEGIN')) {
+    throw new CodeError('Encrypted key was not a libp2p-key or a PEM file', 'ERR_INVALID_IMPORT_FORMAT')
   }
-  let der = forge.asn1.toDer(forge.pki.privateKeyToAsn1(key))
-  der = uint8ArrayFromString(der.getBytes(), 'ascii')
-  return supportedKeys.rsa.unmarshalRsaPrivateKey(der)
+
+  return importFromPem(encryptedKey, password)
 }

package/src/keys/rsa-browser.ts

@@ -1,9 +1,7 @@
 import { CodeError } from '@libp2p/interface'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
-import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import randomBytes from '../random-bytes.js'
 import webcrypto from '../webcrypto.js'
-import { jwk2pub, jwk2priv } from './jwk2pem.js'
 import * as utils from './rsa-utils.js'
 import type { JWKKeyPair } from './interface.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
@@ -130,33 +128,6 @@ async function derivePublicFromPrivate (jwKey: JsonWebKey): Promise<CryptoKey> {
   )
 }
 
-/*
-
-RSA encryption/decryption for the browser with webcrypto workaround
-"bloody dark magic. webcrypto's why."
-
-Explanation:
-  - Convert JWK to nodeForge
-  - Convert msg Uint8Array to nodeForge buffer: ByteBuffer is a "binary-string backed buffer", so let's make our Uint8Array a binary string
-  - Convert resulting nodeForge buffer to Uint8Array: it returns a binary string, turn that into a Uint8Array
-
-*/
-
-function convertKey (key: JsonWebKey, pub: boolean, msg: Uint8Array | Uint8ArrayList, handle: (msg: string, key: { encrypt(msg: string): string, decrypt(msg: string): string }) => string): Uint8Array {
-  const fkey = pub ? jwk2pub(key) : jwk2priv(key)
-  const fmsg = uint8ArrayToString(msg instanceof Uint8Array ? msg : msg.subarray(), 'ascii')
-  const fomsg = handle(fmsg, fkey)
-  return uint8ArrayFromString(fomsg, 'ascii')
-}
-
-export function encrypt (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Uint8Array {
-  return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))
-}
-
-export function decrypt (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Uint8Array {
-  return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))
-}
-
 export function keySize (jwk: JsonWebKey): number {
   if (jwk.kty !== 'RSA') {
     throw new CodeError('invalid key type', 'ERR_INVALID_KEY_TYPE')

package/src/keys/rsa-class.ts

@@ -1,9 +1,6 @@
 import { CodeError } from '@libp2p/interface'
 import { sha256 } from 'multiformats/hashes/sha2'
-// @ts-expect-error types are missing
-import forge from 'node-forge/lib/forge.js'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
-import 'node-forge/lib/sha512.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { isPromise } from '../util.js'
 import { exporter } from './exporter.js'
@@ -12,7 +9,7 @@ import * as crypto from './rsa.js'
 import type { Multibase } from 'multiformats'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
-export const MAX_KEY_SIZE = 8192
+export const MAX_RSA_KEY_SIZE = 8192
 
 export class RsaPublicKey {
   private readonly _key: JsonWebKey
@@ -36,10 +33,6 @@ export class RsaPublicKey {
     }).subarray()
   }
 
-  encrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
-    return crypto.encrypt(this._key, bytes)
-  }
-
   equals (key: any): boolean | boolean {
     return uint8ArrayEquals(this.bytes, key.bytes)
   }
@@ -80,10 +73,6 @@ export class RsaPrivateKey {
     return new RsaPublicKey(this._publicKey)
   }
 
-  decrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
-    return crypto.decrypt(this._key, bytes)
-  }
-
   marshal (): Uint8Array {
     return crypto.utils.jwkToPkcs1(this._key)
   }
@@ -122,21 +111,15 @@ export class RsaPrivateKey {
   }
 
   /**
-   * Exports the key into a password protected PEM format
+   * Exports the key as libp2p-key - a aes-gcm encrypted value with the key
+   * derived from the password.
+   *
+   * To export it as a password protected PEM file, please use the `exportPEM`
+   * function from `@libp2p/rsa`.
    */
   async export (password: string, format = 'pkcs-8'): Promise<Multibase<'m'>> {
     if (format === 'pkcs-8') {
-      const buffer = new forge.util.ByteBuffer(this.marshal())
-      const asn1 = forge.asn1.fromDer(buffer)
-      const privateKey = forge.pki.privateKeyFromAsn1(asn1)
-
-      const options = {
-        algorithm: 'aes256',
-        count: 10000,
-        saltSize: 128 / 8,
-        prfAlgorithm: 'sha512'
-      }
-      return forge.pki.encryptRsaPrivateKey(privateKey, password, options)
+      return crypto.utils.exportToPem(this, password)
     } else if (format === 'libp2p-key') {
       return exporter(this.bytes, password)
     } else {
@@ -148,7 +131,7 @@ export class RsaPrivateKey {
 export async function unmarshalRsaPrivateKey (bytes: Uint8Array): Promise<RsaPrivateKey> {
   const jwk = crypto.utils.pkcs1ToJwk(bytes)
 
-  if (crypto.keySize(jwk) > MAX_KEY_SIZE) {
+  if (crypto.keySize(jwk) > MAX_RSA_KEY_SIZE) {
     throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE')
   }
 
@@ -160,7 +143,7 @@ export async function unmarshalRsaPrivateKey (bytes: Uint8Array): Promise<RsaPri
 export function unmarshalRsaPublicKey (bytes: Uint8Array): RsaPublicKey {
   const jwk = crypto.utils.pkixToJwk(bytes)
 
-  if (crypto.keySize(jwk) > MAX_KEY_SIZE) {
+  if (crypto.keySize(jwk) > MAX_RSA_KEY_SIZE) {
     throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE')
   }
 
@@ -168,7 +151,7 @@ export function unmarshalRsaPublicKey (bytes: Uint8Array): RsaPublicKey {
 }
 
 export async function fromJwk (jwk: JsonWebKey): Promise<RsaPrivateKey> {
-  if (crypto.keySize(jwk) > MAX_KEY_SIZE) {
+  if (crypto.keySize(jwk) > MAX_RSA_KEY_SIZE) {
     throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE')
   }
 
@@ -178,7 +161,7 @@ export async function fromJwk (jwk: JsonWebKey): Promise<RsaPrivateKey> {
 }
 
 export async function generateKeyPair (bits: number): Promise<RsaPrivateKey> {
-  if (bits > MAX_KEY_SIZE) {
+  if (bits > MAX_RSA_KEY_SIZE) {
     throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE')
   }