@libp2p/crypto 5.0.13 → 5.0.14-2c8ecb455

package/src/keys/rsa/der.ts

@@ -0,0 +1,212 @@
+import { Uint8ArrayList } from 'uint8arraylist'
+
+interface Context {
+  offset: number
+}
+
+const TAG_MASK = parseInt('11111', 2)
+const LONG_LENGTH_MASK = parseInt('10000000', 2)
+const LONG_LENGTH_BYTES_MASK = parseInt('01111111', 2)
+
+interface Decoder {
+  (buf: Uint8Array, context: Context): any
+}
+
+const decoders: Record<number, Decoder> = {
+  0x2: readInteger,
+  0x3: readBitString,
+  0x5: readNull,
+  0x6: readObjectIdentifier,
+  0x10: readSequence,
+  0x16: readSequence,
+  0x30: readSequence
+}
+
+export function decodeDer (buf: Uint8Array, context: Context = { offset: 0 }): any {
+  const tag = buf[context.offset] & TAG_MASK
+  context.offset++
+
+  if (decoders[tag] != null) {
+    return decoders[tag](buf, context)
+  }
+
+  throw new Error('No decoder for tag ' + tag)
+}
+
+function readLength (buf: Uint8Array, context: Context): number {
+  let length = 0
+
+  if ((buf[context.offset] & LONG_LENGTH_MASK) === LONG_LENGTH_MASK) {
+    // long length
+    const count = buf[context.offset] & LONG_LENGTH_BYTES_MASK
+    let str = '0x'
+    context.offset++
+
+    for (let i = 0; i < count; i++, context.offset++) {
+      str += buf[context.offset].toString(16).padStart(2, '0')
+    }
+
+    length = parseInt(str, 16)
+  } else {
+    length = buf[context.offset]
+    context.offset++
+  }
+
+  return length
+}
+
+function readSequence (buf: Uint8Array, context: Context): any[] {
+  readLength(buf, context)
+  const entries: any[] = []
+
+  while (true) {
+    if (context.offset >= buf.byteLength) {
+      break
+    }
+
+    const result = decodeDer(buf, context)
+
+    if (result === null) {
+      break
+    }
+
+    entries.push(result)
+  }
+
+  return entries
+}
+
+function readInteger (buf: Uint8Array, context: Context): Uint8Array {
+  const length = readLength(buf, context)
+  const start = context.offset
+  const end = context.offset + length
+
+  const vals: number[] = []
+
+  for (let i = start; i < end; i++) {
+    if (i === start && buf[i] === 0) {
+      continue
+    }
+
+    vals.push(buf[i])
+  }
+
+  context.offset += length
+
+  return Uint8Array.from(vals)
+}
+
+function readObjectIdentifier (buf: Uint8Array, context: Context): string[] {
+  const count = readLength(buf, context)
+
+  // skip OID
+  context.offset += count
+
+  return ['oid-unimplemented']
+}
+
+function readNull (buf: Uint8Array, context: Context): null {
+  context.offset++
+
+  return null
+}
+
+function readBitString (buf: Uint8Array, context: Context): any {
+  const length = readLength(buf, context)
+  const unusedBits = buf[context.offset]
+  context.offset++
+  const bytes = buf.subarray(context.offset, context.offset + length)
+  context.offset += length
+
+  if (unusedBits !== 0) {
+    // need to shift all bytes along by this many bits
+    throw new Error('Unused bits in bit string is unimplemented')
+  }
+
+  return decodeDer(bytes, {
+    offset: 0
+  })
+}
+
+function encodeNumber (value: number): Uint8ArrayList {
+  let number = value.toString(16)
+
+  if (number.length % 2 === 1) {
+    number = '0' + number
+  }
+
+  const array = new Uint8ArrayList()
+
+  for (let i = 0; i < number.length; i += 2) {
+    array.append(Uint8Array.from([parseInt(`${number[i]}${number[i + 1]}`, 16)]))
+  }
+
+  return array
+}
+
+function encodeLength (bytes: { byteLength: number }): Uint8Array | Uint8ArrayList {
+  if (bytes.byteLength < 128) {
+    return Uint8Array.from([bytes.byteLength])
+  }
+
+  // long length
+  const length = encodeNumber(bytes.byteLength)
+
+  return new Uint8ArrayList(
+    Uint8Array.from([
+      length.byteLength | LONG_LENGTH_MASK
+    ]),
+    length
+  )
+}
+
+export function encodeInteger (value: Uint8Array | Uint8ArrayList): Uint8ArrayList {
+  const contents = new Uint8ArrayList()
+
+  const mask = parseInt('10000000', 2)
+  const positive = (value.subarray()[0] & mask) === mask
+
+  if (positive) {
+    contents.append(Uint8Array.from([0]))
+  }
+
+  contents.append(value)
+
+  return new Uint8ArrayList(
+    Uint8Array.from([0x02]),
+    encodeLength(contents),
+    contents
+  )
+}
+
+export function encodeBitString (value: Uint8Array | Uint8ArrayList): Uint8ArrayList {
+  // unused bits is always 0 with full-byte-only values
+  const unusedBits = Uint8Array.from([0])
+
+  const contents = new Uint8ArrayList(
+    unusedBits,
+    value
+  )
+
+  return new Uint8ArrayList(
+    Uint8Array.from([0x03]),
+    encodeLength(contents),
+    contents
+  )
+}
+
+export function encodeSequence (values: Array<Uint8Array | Uint8ArrayList>): Uint8ArrayList {
+  const output = new Uint8ArrayList()
+
+  for (const buf of values) {
+    output.append(
+      buf
+    )
+  }
+
+  return new Uint8ArrayList(
+    Uint8Array.from([0x30]),
+    encodeLength(output),
+    output
+  )
+}

package/src/keys/rsa/utils.ts

@@ -1,150 +1,106 @@
 import { InvalidParametersError, InvalidPublicKeyError } from '@libp2p/interface'
 import { sha256 } from '@noble/hashes/sha256'
-import * as asn1js from 'asn1js'
 import { create } from 'multiformats/hashes/digest'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import * as pb from '../keys.js'
+import { decodeDer, encodeBitString, encodeInteger, encodeSequence } from './der.js'
 import { RSAPrivateKey as RSAPrivateKeyClass, RSAPublicKey as RSAPublicKeyClass } from './rsa.js'
 import { generateRSAKey, rsaKeySize } from './index.js'
 import type { JWKKeyPair } from '../interface.js'
 import type { RSAPrivateKey, RSAPublicKey } from '@libp2p/interface'
+import type { Digest } from 'multiformats/hashes/digest'
 
 export const MAX_RSA_KEY_SIZE = 8192
 const SHA2_256_CODE = 0x12
+const MAX_RSA_JWK_SIZE = 1062
+
+const RSA_ALGORITHM_IDENTIFIER = Uint8Array.from([
+  0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
+])
 
 /**
- * Convert a PKCS#1 in ASN1 DER format to a JWK key
+ * Convert a PKCS#1 in ASN1 DER format to a JWK private key
  */
 export function pkcs1ToJwk (bytes: Uint8Array): JsonWebKey {
-  const { result } = asn1js.fromBER(bytes)
-
-  // @ts-expect-error this looks fragile but DER is a canonical format so we are
-  // safe to have deeply property chains like this
-  const values: asn1js.Integer[] = result.valueBlock.value
-
-  const key = {
-    n: asn1jsIntegerToBase64(values[1]),
-    e: asn1jsIntegerToBase64(values[2]),
-    d: asn1jsIntegerToBase64(values[3]),
-    p: asn1jsIntegerToBase64(values[4]),
-    q: asn1jsIntegerToBase64(values[5]),
-    dp: asn1jsIntegerToBase64(values[6]),
-    dq: asn1jsIntegerToBase64(values[7]),
-    qi: asn1jsIntegerToBase64(values[8]),
-    kty: 'RSA',
-    alg: 'RS256'
-  }
+  const values = decodeDer(bytes)
 
-  return key
+  return {
+    n: uint8ArrayToString(values[1], 'base64url'),
+    e: uint8ArrayToString(values[2], 'base64url'),
+    d: uint8ArrayToString(values[3], 'base64url'),
+    p: uint8ArrayToString(values[4], 'base64url'),
+    q: uint8ArrayToString(values[5], 'base64url'),
+    dp: uint8ArrayToString(values[6], 'base64url'),
+    dq: uint8ArrayToString(values[7], 'base64url'),
+    qi: uint8ArrayToString(values[8], 'base64url'),
+    kty: 'RSA'
+  }
 }
 
 /**
- * Convert a JWK key into PKCS#1 in ASN1 DER format
+ * Convert a JWK private key into PKCS#1 in ASN1 DER format
  */
 export function jwkToPkcs1 (jwk: JsonWebKey): Uint8Array {
   if (jwk.n == null || jwk.e == null || jwk.d == null || jwk.p == null || jwk.q == null || jwk.dp == null || jwk.dq == null || jwk.qi == null) {
     throw new InvalidParametersError('JWK was missing components')
   }
 
-  const root = new asn1js.Sequence({
-    value: [
-      new asn1js.Integer({ value: 0 }),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.d, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.p, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.q, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dp, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dq, 'base64url'))),
-      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.qi, 'base64url')))
-    ]
-  })
-
-  const der = root.toBER()
-
-  return new Uint8Array(der, 0, der.byteLength)
+  return encodeSequence([
+    encodeInteger(Uint8Array.from([0])),
+    encodeInteger(uint8ArrayFromString(jwk.n, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.e, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.d, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.p, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.q, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.dp, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.dq, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.qi, 'base64url'))
+  ]).subarray()
 }
 
 /**
- * Convert a PKIX in ASN1 DER format to a JWK key
+ * Convert a PKIX in ASN1 DER format to a JWK public key
  */
 export function pkixToJwk (bytes: Uint8Array): JsonWebKey {
-  const { result } = asn1js.fromBER(bytes)
-
-  // @ts-expect-error this looks fragile but DER is a canonical format so we are
-  // safe to have deeply property chains like this
-  const values: asn1js.Integer[] = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value
+  const decoded = decodeDer(bytes, {
+    offset: 0
+  })
 
+  // this looks fragile but DER is a canonical format so we are safe to have
+  // deeply property chains like this
   return {
     kty: 'RSA',
-    n: asn1jsIntegerToBase64(values[0]),
-    e: asn1jsIntegerToBase64(values[1])
+    n: uint8ArrayToString(
+      decoded[1][0],
+      'base64url'
+    ),
+    e: uint8ArrayToString(
+      decoded[1][1],
+      'base64url'
+    )
   }
 }
 
 /**
- * Convert a JWK key to PKIX in ASN1 DER format
+ * Convert a JWK public key to PKIX in ASN1 DER format
  */
 export function jwkToPkix (jwk: JsonWebKey): Uint8Array {
   if (jwk.n == null || jwk.e == null) {
     throw new InvalidParametersError('JWK was missing components')
   }
 
-  const root = new asn1js.Sequence({
-    value: [
-      new asn1js.Sequence({
-        value: [
-          // rsaEncryption
-          new asn1js.ObjectIdentifier({
-            value: '1.2.840.113549.1.1.1'
-          }),
-          new asn1js.Null()
-        ]
-      }),
-      // this appears to be a bug in asn1js.js - this should really be a Sequence
-      // and not a BitString but it generates the same bytes as node-forge so 🤷‍♂️
-      new asn1js.BitString({
-        valueHex: new asn1js.Sequence({
-          value: [
-            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
-            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url')))
-          ]
-        }).toBER()
-      })
-    ]
-  })
-
-  const der = root.toBER()
-
-  return new Uint8Array(der, 0, der.byteLength)
-}
-
-function asn1jsIntegerToBase64 (int: asn1js.Integer): string {
-  let buf = int.valueBlock.valueHexView
-
-  // chrome rejects values with leading 0s
-  while (buf[0] === 0) {
-    buf = buf.subarray(1)
-  }
-
-  return uint8ArrayToString(buf, 'base64url')
-}
-
-function bufToBn (u8: Uint8Array): bigint {
-  const hex: string[] = []
-
-  u8.forEach(function (i) {
-    let h = i.toString(16)
-
-    if (h.length % 2 > 0) {
-      h = `0${h}`
-    }
-
-    hex.push(h)
-  })
-
-  return BigInt('0x' + hex.join(''))
+  const subjectPublicKeyInfo = encodeSequence([
+    RSA_ALGORITHM_IDENTIFIER,
+    encodeBitString(
+      encodeSequence([
+        encodeInteger(uint8ArrayFromString(jwk.n, 'base64url')),
+        encodeInteger(uint8ArrayFromString(jwk.e, 'base64url'))
+      ])
+    )
+  ])
+
+  return subjectPublicKeyInfo.subarray()
 }
 
 /**
@@ -159,18 +115,20 @@ export function pkcs1ToRSAPrivateKey (bytes: Uint8Array): RSAPrivateKey {
 /**
  * Turn PKIX bytes to a PublicKey
  */
-export function pkixToRSAPublicKey (bytes: Uint8Array): RSAPublicKey {
-  const jwk = pkixToJwk(bytes)
-
-  if (rsaKeySize(jwk) > MAX_RSA_KEY_SIZE) {
+export function pkixToRSAPublicKey (bytes: Uint8Array, digest?: Digest<18, number>): RSAPublicKey {
+  if (bytes.byteLength >= MAX_RSA_JWK_SIZE) {
     throw new InvalidPublicKeyError('Key size is too large')
   }
 
-  const hash = sha256(pb.PublicKey.encode({
-    Type: pb.KeyType.RSA,
-    Data: bytes
-  }))
-  const digest = create(SHA2_256_CODE, hash)
+  const jwk = pkixToJwk(bytes)
+
+  if (digest == null) {
+    const hash = sha256(pb.PublicKey.encode({
+      Type: pb.KeyType.RSA,
+      Data: bytes
+    }))
+    digest = create(SHA2_256_CODE, hash)
+  }
 
   return new RSAPublicKeyClass(jwk, digest)
 }

package/dist/typedoc-urls.json

@@ -1,34 +0,0 @@
-{
-  "create": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.ciphers.AES_GCM.create.html",
-  "HMAC": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.hmac.HMAC.html",
-  "./hmac:HMAC": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.hmac.HMAC.html",
-  "./hmac:create": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.hmac.create.html",
-  "pbkdf2": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.index.pbkdf2.html",
-  "randomBytes": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.index.randomBytes.html",
-  "ECDHKey": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.ECDHKey.html",
-  "ECDHKeyPair": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.ECDHKeyPair.html",
-  "EnhancedKey": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.EnhancedKey.html",
-  "EnhancedKeyPair": "https://libp2p.github.io/js-libp2p/interfaces/_libp2p_crypto.keys.EnhancedKeyPair.html",
-  "Curve": "https://libp2p.github.io/js-libp2p/types/_libp2p_crypto.keys.Curve.html",
-  "generateEphemeralKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateEphemeralKeyPair.html",
-  "generateKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPair.html",
-  "./keys:generateKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPair.html",
-  "generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
-  "./keys:generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
-  "keyStretcher": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keyStretcher.html",
-  "privateKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromProtobuf.html",
-  "./keys:privateKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromProtobuf.html",
-  "privateKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromRaw.html",
-  "./keys:privateKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromRaw.html",
-  "privateKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToProtobuf.html",
-  "./keys:privateKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToProtobuf.html",
-  "publicKeyFromMultihash": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromMultihash.html",
-  "./keys:publicKeyFromMultihash": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromMultihash.html",
-  "publicKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromProtobuf.html",
-  "./keys:publicKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromProtobuf.html",
-  "publicKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromRaw.html",
-  "./keys:publicKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromRaw.html",
-  "publicKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyToProtobuf.html",
-  "./keys:publicKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyToProtobuf.html",
-  "default": "https://libp2p.github.io/js-libp2p/variables/_libp2p_crypto.webcrypto.default.html"
-}