@libp2p/crypto 3.0.4 → 4.0.0

package/src/keys/rsa-utils.ts

@@ -1,74 +1,408 @@
-import 'node-forge/lib/asn1.js'
-import 'node-forge/lib/rsa.js'
 import { CodeError } from '@libp2p/interface'
-// @ts-expect-error types are missing
-import forge from 'node-forge/lib/forge.js'
+import { pbkdf2Async } from '@noble/hashes/pbkdf2'
+import { sha512 } from '@noble/hashes/sha512'
+import * as asn1js from 'asn1js'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
-import { bigIntegerToUintBase64url, base64urlToBigInteger } from './../util.js'
+import randomBytes from '../random-bytes.js'
+import webcrypto from '../webcrypto.js'
+import { type RsaPrivateKey, unmarshalRsaPrivateKey } from './rsa-class.js'
 
-// Convert a PKCS#1 in ASN1 DER format to a JWK key
+/**
+ * Convert a PKCS#1 in ASN1 DER format to a JWK key
+ */
 export function pkcs1ToJwk (bytes: Uint8Array): JsonWebKey {
-  const asn1 = forge.asn1.fromDer(uint8ArrayToString(bytes, 'ascii'))
-  const privateKey = forge.pki.privateKeyFromAsn1(asn1)
+  const { result } = asn1js.fromBER(bytes)
 
-  // https://tools.ietf.org/html/rfc7518#section-6.3.1
-  return {
+  // @ts-expect-error this looks fragile but DER is a canonical format so we are
+  // safe to have deeply property chains like this
+  const values: asn1js.Integer[] = result.valueBlock.value
+
+  const key = {
+    n: uint8ArrayToString(bnToBuf(values[1].toBigInt()), 'base64url'),
+    e: uint8ArrayToString(bnToBuf(values[2].toBigInt()), 'base64url'),
+    d: uint8ArrayToString(bnToBuf(values[3].toBigInt()), 'base64url'),
+    p: uint8ArrayToString(bnToBuf(values[4].toBigInt()), 'base64url'),
+    q: uint8ArrayToString(bnToBuf(values[5].toBigInt()), 'base64url'),
+    dp: uint8ArrayToString(bnToBuf(values[6].toBigInt()), 'base64url'),
+    dq: uint8ArrayToString(bnToBuf(values[7].toBigInt()), 'base64url'),
+    qi: uint8ArrayToString(bnToBuf(values[8].toBigInt()), 'base64url'),
     kty: 'RSA',
-    n: bigIntegerToUintBase64url(privateKey.n),
-    e: bigIntegerToUintBase64url(privateKey.e),
-    d: bigIntegerToUintBase64url(privateKey.d),
-    p: bigIntegerToUintBase64url(privateKey.p),
-    q: bigIntegerToUintBase64url(privateKey.q),
-    dp: bigIntegerToUintBase64url(privateKey.dP),
-    dq: bigIntegerToUintBase64url(privateKey.dQ),
-    qi: bigIntegerToUintBase64url(privateKey.qInv),
     alg: 'RS256'
   }
+
+  return key
 }
 
-// Convert a JWK key into PKCS#1 in ASN1 DER format
+/**
+ * Convert a JWK key into PKCS#1 in ASN1 DER format
+ */
 export function jwkToPkcs1 (jwk: JsonWebKey): Uint8Array {
   if (jwk.n == null || jwk.e == null || jwk.d == null || jwk.p == null || jwk.q == null || jwk.dp == null || jwk.dq == null || jwk.qi == null) {
     throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS')
   }
 
-  const asn1 = forge.pki.privateKeyToAsn1({
-    n: base64urlToBigInteger(jwk.n),
-    e: base64urlToBigInteger(jwk.e),
-    d: base64urlToBigInteger(jwk.d),
-    p: base64urlToBigInteger(jwk.p),
-    q: base64urlToBigInteger(jwk.q),
-    dP: base64urlToBigInteger(jwk.dp),
-    dQ: base64urlToBigInteger(jwk.dq),
-    qInv: base64urlToBigInteger(jwk.qi)
+  const root = new asn1js.Sequence({
+    value: [
+      new asn1js.Integer({ value: 0 }),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.d, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.p, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.q, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dp, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dq, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.qi, 'base64url')))
+    ]
   })
 
-  return uint8ArrayFromString(forge.asn1.toDer(asn1).getBytes(), 'ascii')
+  const der = root.toBER()
+
+  return new Uint8Array(der, 0, der.byteLength)
 }
 
-// Convert a PKCIX in ASN1 DER format to a JWK key
+/**
+ * Convert a PKCIX in ASN1 DER format to a JWK key
+ */
 export function pkixToJwk (bytes: Uint8Array): JsonWebKey {
-  const asn1 = forge.asn1.fromDer(uint8ArrayToString(bytes, 'ascii'))
-  const publicKey = forge.pki.publicKeyFromAsn1(asn1)
+  const { result } = asn1js.fromBER(bytes)
+
+  // @ts-expect-error this looks fragile but DER is a canonical format so we are
+  // safe to have deeply property chains like this
+  const values: asn1js.Integer[] = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value
 
   return {
     kty: 'RSA',
-    n: bigIntegerToUintBase64url(publicKey.n),
-    e: bigIntegerToUintBase64url(publicKey.e)
+    n: uint8ArrayToString(bnToBuf(values[0].toBigInt()), 'base64url'),
+    e: uint8ArrayToString(bnToBuf(values[1].toBigInt()), 'base64url')
   }
 }
 
-// Convert a JWK key to PKCIX in ASN1 DER format
+/**
+ * Convert a JWK key to PKCIX in ASN1 DER format
+ */
 export function jwkToPkix (jwk: JsonWebKey): Uint8Array {
   if (jwk.n == null || jwk.e == null) {
     throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS')
   }
 
-  const asn1 = forge.pki.publicKeyToAsn1({
-    n: base64urlToBigInteger(jwk.n),
-    e: base64urlToBigInteger(jwk.e)
+  const root = new asn1js.Sequence({
+    value: [
+      new asn1js.Sequence({
+        value: [
+          // rsaEncryption
+          new asn1js.ObjectIdentifier({
+            value: '1.2.840.113549.1.1.1'
+          }),
+          new asn1js.Null()
+        ]
+      }),
+      // this appears to be a bug in asn1js.js - this should really be a Sequence
+      // and not a BitString but it generates the same bytes as node-forge so 🤷‍♂️
+      new asn1js.BitString({
+        valueHex: new asn1js.Sequence({
+          value: [
+            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
+            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url')))
+          ]
+        }).toBER()
+      })
+    ]
+  })
+
+  const der = root.toBER()
+
+  return new Uint8Array(der, 0, der.byteLength)
+}
+
+function bnToBuf (bn: bigint): Uint8Array {
+  let hex = bn.toString(16)
+
+  if (hex.length % 2 > 0) {
+    hex = `0${hex}`
+  }
+
+  const len = hex.length / 2
+  const u8 = new Uint8Array(len)
+
+  let i = 0
+  let j = 0
+
+  while (i < len) {
+    u8[i] = parseInt(hex.slice(j, j + 2), 16)
+    i += 1
+    j += 2
+  }
+
+  return u8
+}
+
+function bufToBn (u8: Uint8Array): bigint {
+  const hex: string[] = []
+
+  u8.forEach(function (i) {
+    let h = i.toString(16)
+
+    if (h.length % 2 > 0) {
+      h = `0${h}`
+    }
+
+    hex.push(h)
+  })
+
+  return BigInt('0x' + hex.join(''))
+}
+
+const SALT_LENGTH = 16
+const KEY_SIZE = 32
+const ITERATIONS = 10000
+
+export async function exportToPem (privateKey: RsaPrivateKey, password: string): Promise<string> {
+  const crypto = webcrypto.get()
+
+  // PrivateKeyInfo
+  const keyWrapper = new asn1js.Sequence({
+    value: [
+      // version (0)
+      new asn1js.Integer({ value: 0 }),
+
+      // privateKeyAlgorithm
+      new asn1js.Sequence({
+        value: [
+        // rsaEncryption OID
+          new asn1js.ObjectIdentifier({
+            value: '1.2.840.113549.1.1.1'
+          }),
+          new asn1js.Null()
+        ]
+      }),
+
+      // PrivateKey
+      new asn1js.OctetString({
+        valueHex: privateKey.marshal()
+      })
+    ]
   })
 
-  return uint8ArrayFromString(forge.asn1.toDer(asn1).getBytes(), 'ascii')
+  const keyBuf = keyWrapper.toBER()
+  const keyArr = new Uint8Array(keyBuf, 0, keyBuf.byteLength)
+  const salt = randomBytes(SALT_LENGTH)
+
+  const encryptionKey = await pbkdf2Async(
+    sha512,
+    password,
+    salt, {
+      c: ITERATIONS,
+      dkLen: KEY_SIZE
+    }
+  )
+
+  const iv = randomBytes(16)
+  const cryptoKey = await crypto.subtle.importKey('raw', encryptionKey, 'AES-CBC', false, ['encrypt'])
+  const encrypted = await crypto.subtle.encrypt({
+    name: 'AES-CBC',
+    iv
+  }, cryptoKey, keyArr)
+
+  const pbkdf2Params = new asn1js.Sequence({
+    value: [
+      // salt
+      new asn1js.OctetString({ valueHex: salt }),
+
+      // iteration count
+      new asn1js.Integer({ value: ITERATIONS }),
+
+      // key length
+      new asn1js.Integer({ value: KEY_SIZE }),
+
+      // AlgorithmIdentifier
+      new asn1js.Sequence({
+        value: [
+          // hmacWithSHA512
+          new asn1js.ObjectIdentifier({ value: '1.2.840.113549.2.11' }),
+          new asn1js.Null()
+        ]
+      })
+    ]
+  })
+
+  const encryptionAlgorithm = new asn1js.Sequence({
+    value: [
+      // pkcs5PBES2
+      new asn1js.ObjectIdentifier({
+        value: '1.2.840.113549.1.5.13'
+      }),
+      new asn1js.Sequence({
+        value: [
+          // keyDerivationFunc
+          new asn1js.Sequence({
+            value: [
+              // pkcs5PBKDF2
+              new asn1js.ObjectIdentifier({
+                value: '1.2.840.113549.1.5.12'
+              }),
+              // PBKDF2-params
+              pbkdf2Params
+            ]
+          }),
+
+          // encryptionScheme
+          new asn1js.Sequence({
+            value: [
+              // aes256-CBC
+              new asn1js.ObjectIdentifier({
+                value: '2.16.840.1.101.3.4.1.42'
+              }),
+              // iv
+              new asn1js.OctetString({
+                valueHex: iv
+              })
+            ]
+          })
+        ]
+      })
+    ]
+  })
+
+  const finalWrapper = new asn1js.Sequence({
+    value: [
+      encryptionAlgorithm,
+      new asn1js.OctetString({ valueHex: encrypted })
+    ]
+  })
+
+  const finalWrapperBuf = finalWrapper.toBER()
+  const finalWrapperArr = new Uint8Array(finalWrapperBuf, 0, finalWrapperBuf.byteLength)
+
+  return [
+    '-----BEGIN ENCRYPTED PRIVATE KEY-----',
+    ...uint8ArrayToString(finalWrapperArr, 'base64pad').split(/(.{64})/).filter(Boolean),
+    '-----END ENCRYPTED PRIVATE KEY-----'
+  ].join('\n')
+}
+
+export async function importFromPem (pem: string, password: string): Promise<RsaPrivateKey> {
+  const crypto = webcrypto.get()
+  let plaintext: Uint8Array
+
+  if (pem.includes('-----BEGIN ENCRYPTED PRIVATE KEY-----')) {
+    const key = uint8ArrayFromString(
+      pem
+        .replace('-----BEGIN ENCRYPTED PRIVATE KEY-----', '')
+        .replace('-----END ENCRYPTED PRIVATE KEY-----', '')
+        .replace(/\n/g, '')
+        .trim(),
+      'base64pad'
+    )
+
+    const { result } = asn1js.fromBER(key)
+
+    const {
+      iv,
+      salt,
+      iterations,
+      keySize,
+      cipherText
+    } = findEncryptedPEMData(result)
+
+    const encryptionKey = await pbkdf2Async(
+      sha512,
+      password,
+      salt, {
+        c: iterations,
+        dkLen: keySize
+      }
+    )
+
+    const cryptoKey = await crypto.subtle.importKey('raw', encryptionKey, 'AES-CBC', false, ['decrypt'])
+    const decrypted = toUint8Array(await crypto.subtle.decrypt({
+      name: 'AES-CBC',
+      iv
+    }, cryptoKey, cipherText))
+
+    const { result: decryptedResult } = asn1js.fromBER(decrypted)
+    plaintext = findPEMData(decryptedResult)
+  } else if (pem.includes('-----BEGIN PRIVATE KEY-----')) {
+    const key = uint8ArrayFromString(
+      pem
+        .replace('-----BEGIN PRIVATE KEY-----', '')
+        .replace('-----END PRIVATE KEY-----', '')
+        .replace(/\n/g, '')
+        .trim(),
+      'base64pad'
+    )
+
+    const { result } = asn1js.fromBER(key)
+
+    plaintext = findPEMData(result)
+  } else {
+    throw new CodeError('Could not parse private key from PEM data', 'ERR_INVALID_PARAMETERS')
+  }
+
+  return unmarshalRsaPrivateKey(plaintext)
+}
+
+function findEncryptedPEMData (root: any): { cipherText: Uint8Array, iv: Uint8Array, salt: Uint8Array, iterations: number, keySize: number } {
+  const encryptionAlgorithm = root.valueBlock.value[0]
+  const scheme = encryptionAlgorithm.valueBlock.value[0].toString()
+
+  if (scheme !== 'OBJECT IDENTIFIER : 1.2.840.113549.1.5.13') {
+    throw new CodeError('Only pkcs5PBES2 encrypted private keys are supported', 'ERR_INVALID_PARAMS')
+  }
+
+  const keyDerivationFunc = encryptionAlgorithm.valueBlock.value[1].valueBlock.value[0]
+  const keyDerivationFuncName = keyDerivationFunc.valueBlock.value[0].toString()
+
+  if (keyDerivationFuncName !== 'OBJECT IDENTIFIER : 1.2.840.113549.1.5.12') {
+    throw new CodeError('Only pkcs5PBKDF2 key derivation functions are supported', 'ERR_INVALID_PARAMS')
+  }
+
+  const pbkdf2Params = keyDerivationFunc.valueBlock.value[1]
+
+  const salt = toUint8Array(pbkdf2Params.valueBlock.value[0].getValue())
+
+  let iterations = ITERATIONS
+  let keySize = KEY_SIZE
+
+  if (pbkdf2Params.valueBlock.value.length === 3) {
+    iterations = Number((pbkdf2Params.valueBlock.value[1] as asn1js.Integer).toBigInt())
+    keySize = Number((pbkdf2Params.valueBlock.value[2]).toBigInt())
+  } else if (pbkdf2Params.valueBlock.value.length === 2) {
+    throw new CodeError('Could not derive key size and iterations from PEM file - please use @libp2p/rsa to re-import your key', 'ERR_INVALID_PARAMS')
+  }
+
+  const encryptionScheme = encryptionAlgorithm.valueBlock.value[1].valueBlock.value[1]
+  const encryptionSchemeName = encryptionScheme.valueBlock.value[0].toString()
+
+  if (encryptionSchemeName === 'OBJECT IDENTIFIER : 1.2.840.113549.3.7') {
+    // des-EDE3-CBC
+  } else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 1.3.14.3.2.7') {
+    // des-CBC
+  } else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.2') {
+    // aes128-CBC
+  } else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.22') {
+    // aes192-CBC
+  } else if (encryptionSchemeName === 'OBJECT IDENTIFIER : 2.16.840.1.101.3.4.1.42') {
+    // aes256-CBC
+  } else {
+    throw new CodeError('Only AES-CBC encryption schemes are supported', 'ERR_INVALID_PARAMS')
+  }
+
+  const iv = toUint8Array(encryptionScheme.valueBlock.value[1].getValue())
+
+  return {
+    cipherText: toUint8Array(root.valueBlock.value[1].getValue()),
+    salt,
+    iterations,
+    keySize,
+    iv
+  }
+}
+
+function findPEMData (seq: any): Uint8Array {
+  return toUint8Array(seq.valueBlock.value[2].getValue())
+}
+
+function toUint8Array (buf: ArrayBuffer): Uint8Array {
+  return new Uint8Array(buf, 0, buf.byteLength)
 }

package/src/keys/rsa.ts

@@ -1,6 +1,7 @@
 import crypto from 'crypto'
 import { promisify } from 'util'
 import { CodeError } from '@libp2p/interface'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import randomBytes from '../random-bytes.js'
 import * as utils from './rsa-utils.js'
 import type { JWKKeyPair } from './interface.js'
@@ -73,34 +74,12 @@ export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint
   return hash.verify({ format: 'jwk', key }, sig)
 }
 
-const padding = crypto.constants.RSA_PKCS1_PADDING
-
-export function encrypt (key: JsonWebKey, bytes: Uint8Array | Uint8ArrayList): Uint8Array {
-  if (bytes instanceof Uint8Array) {
-    // @ts-expect-error node types are missing jwk as a format
-    return crypto.publicEncrypt({ format: 'jwk', key, padding }, bytes)
-  } else {
-    // @ts-expect-error node types are missing jwk as a format
-    return crypto.publicEncrypt({ format: 'jwk', key, padding }, bytes.subarray())
-  }
-}
-
-export function decrypt (key: JsonWebKey, bytes: Uint8Array | Uint8ArrayList): Uint8Array {
-  if (bytes instanceof Uint8Array) {
-    // @ts-expect-error node types are missing jwk as a format
-    return crypto.privateDecrypt({ format: 'jwk', key, padding }, bytes)
-  } else {
-    // @ts-expect-error node types are missing jwk as a format
-    return crypto.privateDecrypt({ format: 'jwk', key, padding }, bytes.subarray())
-  }
-}
-
 export function keySize (jwk: JsonWebKey): number {
   if (jwk.kty !== 'RSA') {
     throw new CodeError('invalid key type', 'ERR_INVALID_KEY_TYPE')
   } else if (jwk.n == null) {
     throw new CodeError('invalid key modulus', 'ERR_INVALID_KEY_MODULUS')
   }
-  const modulus = Buffer.from(jwk.n, 'base64')
+  const modulus = uint8ArrayFromString(jwk.n, 'base64url')
   return modulus.length * 8
 }

package/src/pbkdf2.ts

@@ -1,39 +1,41 @@
 import { CodeError } from '@libp2p/interface'
-// @ts-expect-error types are missing
-import forgePbkdf2 from 'node-forge/lib/pbkdf2.js'
-// @ts-expect-error types are missing
-import forgeUtil from 'node-forge/lib/util.js'
+import { pbkdf2 as pbkdf2Sync } from '@noble/hashes/pbkdf2'
+import { sha1 } from '@noble/hashes/sha1'
+import { sha256 } from '@noble/hashes/sha256'
+import { sha512 } from '@noble/hashes/sha512'
+import { base64 } from 'multiformats/bases/base64'
 
 /**
- * Maps an IPFS hash name to its node-forge equivalent.
+ * Maps an IPFS hash name to its @noble/hashes equivalent.
  *
  * See https://github.com/multiformats/multihash/blob/master/hashtable.csv
  *
  * @private
  */
 const hashName = {
-  sha1: 'sha1',
-  'sha2-256': 'sha256',
-  'sha2-512': 'sha512'
+  sha1,
+  'sha2-256': sha256,
+  'sha2-512': sha512
 }
 
 /**
  * Computes the Password-Based Key Derivation Function 2.
  */
-export default function pbkdf2 (password: string, salt: string, iterations: number, keySize: number, hash: string): string {
+export default function pbkdf2 (password: string, salt: string | Uint8Array, iterations: number, keySize: number, hash: string): string {
   if (hash !== 'sha1' && hash !== 'sha2-256' && hash !== 'sha2-512') {
     const types = Object.keys(hashName).join(' / ')
     throw new CodeError(`Hash '${hash}' is unknown or not supported. Must be ${types}`, 'ERR_UNSUPPORTED_HASH_TYPE')
   }
 
   const hasher = hashName[hash]
-  const dek = forgePbkdf2(
+  const dek = pbkdf2Sync(
+    hasher,
     password,
-    salt,
-    iterations,
-    keySize,
-    hasher
+    salt, {
+      c: iterations,
+      dkLen: keySize
+    }
   )
 
-  return forgeUtil.encode64(dek, null)
+  return base64.encode(dek).substring(1)
 }

package/src/util.ts

@@ -1,34 +1,5 @@
-import 'node-forge/lib/util.js'
-import 'node-forge/lib/jsbn.js'
-// @ts-expect-error types are missing
-import forge from 'node-forge/lib/forge.js'
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
-import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
-
-export function bigIntegerToUintBase64url (num: { abs(): any }, len?: number): string {
-  // Call `.abs()` to convert to unsigned
-  let buf = Uint8Array.from(num.abs().toByteArray()) // toByteArray converts to big endian
-
-  // toByteArray() gives us back a signed array, which will include a leading 0
-  // byte if the most significant bit of the number is 1:
-  // https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-integer
-  // Our number will always be positive so we should remove the leading padding.
-  buf = buf[0] === 0 ? buf.subarray(1) : buf
-
-  if (len != null) {
-    if (buf.length > len) throw new Error('byte array longer than desired length')
-    buf = uint8ArrayConcat([new Uint8Array(len - buf.length), buf])
-  }
-
-  return uint8ArrayToString(buf, 'base64url')
-}
-
-// Convert a base64url encoded string to a BigInteger
-export function base64urlToBigInteger (str: string): typeof forge.jsbn.BigInteger {
-  const buf = base64urlToBuffer(str)
-  return new forge.jsbn.BigInteger(uint8ArrayToString(buf, 'base16'), 16)
-}
 
 export function base64urlToBuffer (str: string, len?: number): Uint8Array {
   let buf = uint8ArrayFromString(str, 'base64urlpad')

package/src/webcrypto-browser.ts

@@ -0,0 +1,24 @@
+/* eslint-env browser */
+
+// Check native crypto exists and is enabled (In insecure context `self.crypto`
+// exists but `self.crypto.subtle` does not).
+export default {
+  get (win = globalThis) {
+    const nativeCrypto = win.crypto
+
+    if (nativeCrypto == null || nativeCrypto.subtle == null) {
+      throw Object.assign(
+        new Error(
+          'Missing Web Crypto API. ' +
+          'The most likely cause of this error is that this page is being accessed ' +
+          'from an insecure context (i.e. not HTTPS). For more information and ' +
+          'possible resolutions see ' +
+          'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api'
+        ),
+        { code: 'ERR_MISSING_WEB_CRYPTO' }
+      )
+    }
+
+    return nativeCrypto
+  }
+}

package/src/webcrypto.ts

@@ -1,24 +1,11 @@
 /* eslint-env browser */
 
-// Check native crypto exists and is enabled (In insecure context `self.crypto`
-// exists but `self.crypto.subtle` does not).
+import { webcrypto } from 'crypto'
+
+// globalThis `SubtleCrypto` shipped in node.js 19.x, Electron currently uses
+// v18.x so this override file is necessary until Electron updates
 export default {
   get (win = globalThis) {
-    const nativeCrypto = win.crypto
-
-    if (nativeCrypto == null || nativeCrypto.subtle == null) {
-      throw Object.assign(
-        new Error(
-          'Missing Web Crypto API. ' +
-          'The most likely cause of this error is that this page is being accessed ' +
-          'from an insecure context (i.e. not HTTPS). For more information and ' +
-          'possible resolutions see ' +
-          'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api'
-        ),
-        { code: 'ERR_MISSING_WEB_CRYPTO' }
-      )
-    }
-
-    return nativeCrypto
+    return webcrypto
   }
 }

package/dist/src/aes/cipher-mode.d.ts

@@ -1,2 +0,0 @@
-export declare function cipherMode(key: Uint8Array): string;
-//# sourceMappingURL=cipher-mode.d.ts.map

package/dist/src/aes/cipher-mode.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"cipher-mode.d.ts","sourceRoot":"","sources":["../../../src/aes/cipher-mode.ts"],"names":[],"mappings":"AAOA,wBAAgB,UAAU,CAAE,GAAG,EAAE,UAAU,GAAG,MAAM,CAOnD"}

package/dist/src/aes/cipher-mode.js

@@ -1,13 +0,0 @@
-import { CodeError } from '@libp2p/interface';
-const CIPHER_MODES = {
-    16: 'aes-128-ctr',
-    32: 'aes-256-ctr'
-};
-export function cipherMode(key) {
-    if (key.length === 16 || key.length === 32) {
-        return CIPHER_MODES[key.length];
-    }
-    const modes = Object.entries(CIPHER_MODES).map(([k, v]) => `${k} (${v})`).join(' / ');
-    throw new CodeError(`Invalid key length ${key.length} bytes. Must be ${modes}`, 'ERR_INVALID_KEY_LENGTH');
-}
-//# sourceMappingURL=cipher-mode.js.map

package/dist/src/aes/cipher-mode.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"cipher-mode.js","sourceRoot":"","sources":["../../../src/aes/cipher-mode.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAE7C,MAAM,YAAY,GAAG;IACnB,EAAE,EAAE,aAAa;IACjB,EAAE,EAAE,aAAa;CAClB,CAAA;AAED,MAAM,UAAU,UAAU,CAAE,GAAe;IACzC,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,IAAI,GAAG,CAAC,MAAM,KAAK,EAAE,EAAE,CAAC;QAC3C,OAAO,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IACjC,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACrF,MAAM,IAAI,SAAS,CAAC,sBAAsB,GAAG,CAAC,MAAM,mBAAmB,KAAK,EAAE,EAAE,wBAAwB,CAAC,CAAA;AAC3G,CAAC"}

package/dist/src/aes/ciphers-browser.d.ts

@@ -1,7 +0,0 @@
-import 'node-forge/lib/aes.js';
-export interface Cipher {
-    update(data: Uint8Array): Uint8Array;
-}
-export declare function createCipheriv(mode: any, key: Uint8Array, iv: Uint8Array): Cipher;
-export declare function createDecipheriv(mode: any, key: Uint8Array, iv: Uint8Array): Cipher;
-//# sourceMappingURL=ciphers-browser.d.ts.map

package/dist/src/aes/ciphers-browser.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"ciphers-browser.d.ts","sourceRoot":"","sources":["../../../src/aes/ciphers-browser.ts"],"names":[],"mappings":"AAAA,OAAO,uBAAuB,CAAA;AAM9B,MAAM,WAAW,MAAM;IACrB,MAAM,CAAC,IAAI,EAAE,UAAU,GAAG,UAAU,CAAA;CACrC;AAED,wBAAgB,cAAc,CAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,MAAM,CASlF;AAED,wBAAgB,gBAAgB,CAAE,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,GAAG,MAAM,CASpF"}