npm - @libp2p/crypto - Versions diffs - 5.0.15 → 5.1.0 - Mend

@libp2p/crypto 5.0.15 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/index.min.js +1 -1
package/dist/src/keys/ecdsa/ecdsa.d.ts +27 -0
package/dist/src/keys/ecdsa/ecdsa.d.ts.map +1 -0
package/dist/src/keys/ecdsa/ecdsa.js +72 -0
package/dist/src/keys/ecdsa/ecdsa.js.map +1 -0
package/dist/src/keys/ecdsa/index.d.ts +10 -0
package/dist/src/keys/ecdsa/index.d.ts.map +1 -0
package/dist/src/keys/ecdsa/index.js +39 -0
package/dist/src/keys/ecdsa/index.js.map +1 -0
package/dist/src/keys/ecdsa/utils.d.ts +11 -0
package/dist/src/keys/ecdsa/utils.d.ts.map +1 -0
package/dist/src/keys/ecdsa/utils.js +165 -0
package/dist/src/keys/ecdsa/utils.js.map +1 -0
package/dist/src/keys/index.d.ts +13 -3
package/dist/src/keys/index.d.ts.map +1 -1
package/dist/src/keys/index.js +101 -11
package/dist/src/keys/index.js.map +1 -1
package/dist/src/keys/keys.d.ts +2 -1
package/dist/src/keys/keys.d.ts.map +1 -1
package/dist/src/keys/keys.js +2 -0
package/dist/src/keys/keys.js.map +1 -1
package/dist/src/keys/rsa/der.d.ts +2 -1
package/dist/src/keys/rsa/der.d.ts.map +1 -1
package/dist/src/keys/rsa/der.js +53 -10
package/dist/src/keys/rsa/der.js.map +1 -1
package/dist/src/keys/rsa/index.browser.d.ts +1 -0
package/dist/src/keys/rsa/index.browser.d.ts.map +1 -1
package/dist/src/keys/rsa/index.browser.js +1 -0
package/dist/src/keys/rsa/index.browser.js.map +1 -1
package/dist/src/keys/rsa/index.d.ts +1 -0
package/dist/src/keys/rsa/index.d.ts.map +1 -1
package/dist/src/keys/rsa/index.js +1 -0
package/dist/src/keys/rsa/index.js.map +1 -1
package/dist/src/keys/rsa/rsa.d.ts +4 -4
package/dist/src/keys/rsa/rsa.d.ts.map +1 -1
package/dist/src/keys/rsa/rsa.js +10 -10
package/dist/src/keys/rsa/rsa.js.map +1 -1
package/dist/src/keys/rsa/utils.d.ts +12 -2
package/dist/src/keys/rsa/utils.d.ts.map +1 -1
package/dist/src/keys/rsa/utils.js +41 -16
package/dist/src/keys/rsa/utils.js.map +1 -1
package/dist/src/keys/secp256k1/index.browser.d.ts +4 -0
package/dist/src/keys/secp256k1/index.browser.d.ts.map +1 -1
package/dist/src/keys/secp256k1/index.browser.js +4 -0
package/dist/src/keys/secp256k1/index.browser.js.map +1 -1
package/dist/src/keys/secp256k1/index.d.ts +4 -0
package/dist/src/keys/secp256k1/index.d.ts.map +1 -1
package/dist/src/keys/secp256k1/index.js +4 -0
package/dist/src/keys/secp256k1/index.js.map +1 -1
package/dist/typedoc-urls.json +4 -0
package/package.json +2 -2
package/src/keys/ecdsa/ecdsa.ts +91 -0
package/src/keys/ecdsa/index.ts +50 -0
package/src/keys/ecdsa/utils.ts +212 -0
package/src/keys/index.ts +132 -15
package/src/keys/keys.proto +1 -0
package/src/keys/keys.ts +4 -2
package/src/keys/rsa/der.ts +68 -11
package/src/keys/rsa/index.browser.ts +1 -0
package/src/keys/rsa/index.ts +2 -0
package/src/keys/rsa/rsa.ts +10 -10
package/src/keys/rsa/utils.ts +48 -16
package/src/keys/secp256k1/index.browser.ts +6 -0
package/src/keys/secp256k1/index.ts +6 -0

package/dist/typedoc-urls.json CHANGED Viewed

@@ -16,10 +16,14 @@
   "generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
   "./keys:generateKeyPairFromSeed": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.generateKeyPairFromSeed.html",
   "keyStretcher": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.keyStretcher.html",
+  "privateKeyFromCryptoKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromCryptoKeyPair.html",
+  "./keys:privateKeyFromCryptoKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromCryptoKeyPair.html",
   "privateKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromProtobuf.html",
   "./keys:privateKeyFromProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromProtobuf.html",
   "privateKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromRaw.html",
   "./keys:privateKeyFromRaw": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyFromRaw.html",
+  "privateKeyToCryptoKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToCryptoKeyPair.html",
+  "./keys:privateKeyToCryptoKeyPair": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToCryptoKeyPair.html",
   "privateKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToProtobuf.html",
   "./keys:privateKeyToProtobuf": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.privateKeyToProtobuf.html",
   "publicKeyFromMultihash": "https://libp2p.github.io/js-libp2p/functions/_libp2p_crypto.keys.publicKeyFromMultihash.html",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@libp2p/crypto",
-  "version": "5.0.15",
+  "version": "5.1.0",
   "description": "Crypto primitives for libp2p",
   "license": "Apache-2.0 OR MIT",
   "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/crypto#readme",
@@ -92,7 +92,7 @@
     "generate": "protons ./src/keys/keys.proto"
   },
   "dependencies": {
-    "@libp2p/interface": "^2.7.0",
+    "@libp2p/interface": "^2.8.0",
     "@noble/curves": "^1.7.0",
     "@noble/hashes": "^1.6.1",
     "multiformats": "^13.3.1",

package/src/keys/ecdsa/ecdsa.ts ADDED Viewed

@@ -0,0 +1,91 @@
+import { base58btc } from 'multiformats/bases/base58'
+import { CID } from 'multiformats/cid'
+import { identity } from 'multiformats/hashes/identity'
+import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
+import { publicKeyToProtobuf } from '../index.js'
+import { privateKeyToPKIMessage, publicKeyToPKIMessage } from './utils.js'
+import { hashAndVerify, hashAndSign } from './index.js'
+import type { ECDSAPublicKey as ECDSAPublicKeyInterface, ECDSAPrivateKey as ECDSAPrivateKeyInterface } from '@libp2p/interface'
+import type { Digest } from 'multiformats/hashes/digest'
+import type { Uint8ArrayList } from 'uint8arraylist'
+export class ECDSAPublicKey implements ECDSAPublicKeyInterface {
+  public readonly type = 'ECDSA'
+  public readonly jwk: JsonWebKey
+  private _raw?: Uint8Array
+  constructor (jwk: JsonWebKey) {
+    this.jwk = jwk
+  }
+  get raw (): Uint8Array {
+    if (this._raw == null) {
+      this._raw = publicKeyToPKIMessage(this.jwk)
+    }
+    return this._raw
+  }
+  toMultihash (): Digest<0x0, number> {
+    return identity.digest(publicKeyToProtobuf(this))
+  }
+  toCID (): CID<unknown, 114, 0x0, 1> {
+    return CID.createV1(114, this.toMultihash())
+  }
+  toString (): string {
+    return base58btc.encode(this.toMultihash().bytes).substring(1)
+  }
+  equals (key?: any): boolean {
+    if (key == null || !(key.raw instanceof Uint8Array)) {
+      return false
+    }
+    return uint8ArrayEquals(this.raw, key.raw)
+  }
+  async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): Promise<boolean> {
+    return hashAndVerify(this.jwk, sig, data)
+  }
+}
+export class ECDSAPrivateKey implements ECDSAPrivateKeyInterface {
+  public readonly type = 'ECDSA'
+  public readonly jwk: JsonWebKey
+  public readonly publicKey: ECDSAPublicKey
+  private _raw?: Uint8Array
+  constructor (jwk: JsonWebKey) {
+    this.jwk = jwk
+    this.publicKey = new ECDSAPublicKey({
+      crv: jwk.crv,
+      ext: jwk.ext,
+      key_ops: ['verify'],
+      kty: 'EC',
+      x: jwk.x,
+      y: jwk.y
+    })
+  }
+  get raw (): Uint8Array {
+    if (this._raw == null) {
+      this._raw = privateKeyToPKIMessage(this.jwk)
+    }
+    return this._raw
+  }
+  equals (key?: any): boolean {
+    if (key == null || !(key.raw instanceof Uint8Array)) {
+      return false
+    }
+    return uint8ArrayEquals(this.raw, key.raw)
+  }
+  async sign (message: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+    return hashAndSign(this.jwk, message)
+  }
+}

package/src/keys/ecdsa/index.ts ADDED Viewed

@@ -0,0 +1,50 @@
+import type { JWKKeyPair } from '../interface.js'
+import type { Uint8ArrayList } from 'uint8arraylist'
+export type Curve = 'P-256' | 'P-384' | 'P-521'
+export const ECDSA_P_256_OID = '1.2.840.10045.3.1.7'
+export const ECDSA_P_384_OID = '1.3.132.0.34'
+export const ECDSA_P_521_OID = '1.3.132.0.35'
+export async function generateECDSAKey (curve: Curve = 'P-256'): Promise<JWKKeyPair> {
+  const keyPair = await crypto.subtle.generateKey({
+    name: 'ECDSA',
+    namedCurve: curve
+  }, true, ['sign', 'verify'])
+  return {
+    publicKey: await crypto.subtle.exportKey('jwk', keyPair.publicKey),
+    privateKey: await crypto.subtle.exportKey('jwk', keyPair.privateKey)
+  }
+}
+export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+  const privateKey = await crypto.subtle.importKey('jwk', key, {
+    name: 'ECDSA',
+    namedCurve: key.crv ?? 'P-256'
+  }, false, ['sign'])
+  const signature = await crypto.subtle.sign({
+    name: 'ECDSA',
+    hash: {
+      name: 'SHA-256'
+    }
+  }, privateKey, msg.subarray())
+  return new Uint8Array(signature, 0, signature.byteLength)
+}
+export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+  const publicKey = await crypto.subtle.importKey('jwk', key, {
+    name: 'ECDSA',
+    namedCurve: key.crv ?? 'P-256'
+  }, false, ['verify'])
+  return crypto.subtle.verify({
+    name: 'ECDSA',
+    hash: {
+      name: 'SHA-256'
+    }
+  }, publicKey, sig, msg.subarray())
+}

package/src/keys/ecdsa/utils.ts ADDED Viewed

@@ -0,0 +1,212 @@
+import { InvalidParametersError } from '@libp2p/interface'
+import { Uint8ArrayList } from 'uint8arraylist'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { decodeDer, encodeBitString, encodeInteger, encodeOctetString, encodeSequence } from '../rsa/der.js'
+import { ECDSAPrivateKey as ECDSAPrivateKeyClass, ECDSAPublicKey as ECDSAPublicKeyClass } from './ecdsa.js'
+import { generateECDSAKey } from './index.js'
+import type { Curve } from '../ecdh/index.js'
+import type { ECDSAPublicKey, ECDSAPrivateKey } from '@libp2p/interface'
+// 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named elliptic curve)
+const OID_256 = Uint8Array.from([0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07])
+// 1.3.132.0.34 secp384r1 (SECG (Certicom) named elliptic curve)
+const OID_384 = Uint8Array.from([0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22])
+// 1.3.132.0.35 secp521r1 (SECG (Certicom) named elliptic curve)
+const OID_521 = Uint8Array.from([0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23])
+const P_256_KEY_JWK = {
+  ext: true,
+  kty: 'EC',
+  crv: 'P-256'
+}
+const P_384_KEY_JWK = {
+  ext: true,
+  kty: 'EC',
+  crv: 'P-384'
+}
+const P_521_KEY_JWK = {
+  ext: true,
+  kty: 'EC',
+  crv: 'P-521'
+}
+const P_256_KEY_LENGTH = 32
+const P_384_KEY_LENGTH = 48
+const P_521_KEY_LENGTH = 66
+export function unmarshalECDSAPrivateKey (bytes: Uint8Array): ECDSAPrivateKey {
+  const message = decodeDer(bytes)
+  return pkiMessageToECDSAPrivateKey(message)
+}
+export function pkiMessageToECDSAPrivateKey (message: any): ECDSAPrivateKey {
+  const privateKey = message[1]
+  const d = uint8ArrayToString(privateKey, 'base64url')
+  const coordinates: Uint8Array = message[2][1][0]
+  const offset = 1
+  let x: string
+  let y: string
+  if (privateKey.byteLength === P_256_KEY_LENGTH) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_256_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_256_KEY_LENGTH), 'base64url')
+    return new ECDSAPrivateKeyClass({
+      ...P_256_KEY_JWK,
+      key_ops: ['sign'],
+      d,
+      x,
+      y
+    })
+  }
+  if (privateKey.byteLength === P_384_KEY_LENGTH) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_384_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_384_KEY_LENGTH), 'base64url')
+    return new ECDSAPrivateKeyClass({
+      ...P_384_KEY_JWK,
+      key_ops: ['sign'],
+      d,
+      x,
+      y
+    })
+  }
+  if (privateKey.byteLength === P_521_KEY_LENGTH) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_521_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_521_KEY_LENGTH), 'base64url')
+    return new ECDSAPrivateKeyClass({
+      ...P_521_KEY_JWK,
+      key_ops: ['sign'],
+      d,
+      x,
+      y
+    })
+  }
+  throw new InvalidParametersError(`Private key length was wrong length, got ${privateKey.byteLength}, expected 32, 48 or 66`)
+}
+export function unmarshalECDSAPublicKey (bytes: Uint8Array): ECDSAPublicKey {
+  const message = decodeDer(bytes)
+  return pkiMessageToECDSAPublicKey(message)
+}
+export function pkiMessageToECDSAPublicKey (message: any): ECDSAPublicKey {
+  const coordinates = message[1][1][0]
+  const offset = 1
+  let x: string
+  let y: string
+  if (coordinates.byteLength === ((P_256_KEY_LENGTH * 2) + 1)) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_256_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_256_KEY_LENGTH), 'base64url')
+    return new ECDSAPublicKeyClass({
+      ...P_256_KEY_JWK,
+      key_ops: ['verify'],
+      x,
+      y
+    })
+  }
+  if (coordinates.byteLength === ((P_384_KEY_LENGTH * 2) + 1)) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_384_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_384_KEY_LENGTH), 'base64url')
+    return new ECDSAPublicKeyClass({
+      ...P_384_KEY_JWK,
+      key_ops: ['verify'],
+      x,
+      y
+    })
+  }
+  if (coordinates.byteLength === ((P_521_KEY_LENGTH * 2) + 1)) {
+    x = uint8ArrayToString(coordinates.subarray(offset, offset + P_521_KEY_LENGTH), 'base64url')
+    y = uint8ArrayToString(coordinates.subarray(offset + P_521_KEY_LENGTH), 'base64url')
+    return new ECDSAPublicKeyClass({
+      ...P_521_KEY_JWK,
+      key_ops: ['verify'],
+      x,
+      y
+    })
+  }
+  throw new InvalidParametersError(`coordinates were wrong length, got ${coordinates.byteLength}, expected 65, 97 or 133`)
+}
+export function privateKeyToPKIMessage (privateKey: JsonWebKey): Uint8Array {
+  return encodeSequence([
+    encodeInteger(Uint8Array.from([1])), // header
+    encodeOctetString(uint8ArrayFromString(privateKey.d ?? '', 'base64url')), // body
+    encodeSequence([ // PKIProtection
+      getOID(privateKey.crv)
+    ], 0xA0),
+    encodeSequence([ // extraCerts
+      encodeBitString(
+        new Uint8ArrayList(
+          Uint8Array.from([0x04]),
+          uint8ArrayFromString(privateKey.x ?? '', 'base64url'),
+          uint8ArrayFromString(privateKey.y ?? '', 'base64url')
+        )
+      )
+    ], 0xA1)
+  ]).subarray()
+}
+export function publicKeyToPKIMessage (publicKey: JsonWebKey): Uint8Array {
+  return encodeSequence([
+    encodeInteger(Uint8Array.from([1])), // header
+    encodeSequence([ // PKIProtection
+      getOID(publicKey.crv)
+    ], 0xA0),
+    encodeSequence([ // extraCerts
+      encodeBitString(
+        new Uint8ArrayList(
+          Uint8Array.from([0x04]),
+          uint8ArrayFromString(publicKey.x ?? '', 'base64url'),
+          uint8ArrayFromString(publicKey.y ?? '', 'base64url')
+        )
+      )
+    ], 0xA1)
+  ]).subarray()
+}
+function getOID (curve?: string): Uint8Array {
+  if (curve === 'P-256') {
+    return OID_256
+  }
+  if (curve === 'P-384') {
+    return OID_384
+  }
+  if (curve === 'P-521') {
+    return OID_521
+  }
+  throw new InvalidParametersError(`Invalid curve ${curve}`)
+}
+export async function generateECDSAKeyPair (curve: Curve = 'P-256'): Promise<ECDSAPrivateKey> {
+  const key = await generateECDSAKey(curve)
+  return new ECDSAPrivateKeyClass(key.privateKey)
+}
+export function ensureECDSAKey (key: Uint8Array, length: number): Uint8Array {
+  key = Uint8Array.from(key ?? [])
+  if (key.length !== length) {
+    throw new InvalidParametersError(`Key must be a Uint8Array of length ${length}, got ${key.length}`)
+  }
+  return key
+}

package/src/keys/index.ts CHANGED Viewed

@@ -8,12 +8,20 @@
  * For encryption / decryption support, RSA keys should be used.
  */
-import { UnsupportedKeyTypeError } from '@libp2p/interface'
+import { InvalidParametersError, UnsupportedKeyTypeError } from '@libp2p/interface'
+import { ECDSAPrivateKey as ECDSAPrivateKeyClass } from './ecdsa/ecdsa.js'
+import { ECDSA_P_256_OID, ECDSA_P_384_OID, ECDSA_P_521_OID } from './ecdsa/index.js'
+import { generateECDSAKeyPair, pkiMessageToECDSAPrivateKey, pkiMessageToECDSAPublicKey, unmarshalECDSAPrivateKey, unmarshalECDSAPublicKey } from './ecdsa/utils.js'
+import { privateKeyLength as ed25519PrivateKeyLength, publicKeyLength as ed25519PublicKeyLength } from './ed25519/index.js'
 import { generateEd25519KeyPair, generateEd25519KeyPairFromSeed, unmarshalEd25519PrivateKey, unmarshalEd25519PublicKey } from './ed25519/utils.js'
 import * as pb from './keys.js'
-import { pkcs1ToRSAPrivateKey, pkixToRSAPublicKey, generateRSAKeyPair } from './rsa/utils.js'
+import { decodeDer } from './rsa/der.js'
+import { RSAES_PKCS1_V1_5_OID } from './rsa/index.js'
+import { pkcs1ToRSAPrivateKey, pkixToRSAPublicKey, generateRSAKeyPair, pkcs1MessageToRSAPrivateKey, pkixMessageToRSAPublicKey, jwkToRSAPrivateKey } from './rsa/utils.js'
+import { privateKeyLength as secp256k1PrivateKeyLength, publicKeyLength as secp256k1PublicKeyLength } from './secp256k1/index.js'
 import { generateSecp256k1KeyPair, unmarshalSecp256k1PrivateKey, unmarshalSecp256k1PublicKey } from './secp256k1/utils.js'
-import type { PrivateKey, PublicKey, KeyType, RSAPrivateKey, Secp256k1PrivateKey, Ed25519PrivateKey, Secp256k1PublicKey, Ed25519PublicKey } from '@libp2p/interface'
+import type { Curve } from './ecdsa/index.js'
+import type { PrivateKey, PublicKey, KeyType, RSAPrivateKey, Secp256k1PrivateKey, Ed25519PrivateKey, Secp256k1PublicKey, Ed25519PublicKey, ECDSAPrivateKey, ECDSAPublicKey } from '@libp2p/interface'
 import type { MultihashDigest } from 'multiformats'
 import type { Digest } from 'multiformats/hashes/digest'
@@ -27,9 +35,10 @@ export { keyStretcher } from './key-stretcher.js'
  */
 export async function generateKeyPair (type: 'Ed25519'): Promise<Ed25519PrivateKey>
 export async function generateKeyPair (type: 'secp256k1'): Promise<Secp256k1PrivateKey>
+export async function generateKeyPair (type: 'ECDSA', curve?: Curve): Promise<ECDSAPrivateKey>
 export async function generateKeyPair (type: 'RSA', bits?: number): Promise<RSAPrivateKey>
 export async function generateKeyPair (type: KeyType, bits?: number): Promise<PrivateKey>
-export async function generateKeyPair (type: KeyType, bits?: number): Promise<unknown> {
+export async function generateKeyPair (type: KeyType, bits?: number | string): Promise<unknown> {
   if (type === 'Ed25519') {
     return generateEd25519KeyPair()
   }
@@ -39,7 +48,11 @@ export async function generateKeyPair (type: KeyType, bits?: number): Promise<un
   }
   if (type === 'RSA') {
-    return generateRSAKeyPair(bits ?? 2048)
+    return generateRSAKeyPair(toBits(bits))
+  }
+  if (type === 'ECDSA') {
+    return generateECDSAKeyPair(toCurve(bits))
   }
   throw new UnsupportedKeyTypeError()
@@ -81,6 +94,8 @@ export function publicKeyFromProtobuf (buf: Uint8Array, digest?: Digest<18, numb
       return unmarshalEd25519PublicKey(data)
     case pb.KeyType.secp256k1:
       return unmarshalSecp256k1PublicKey(data)
+    case pb.KeyType.ECDSA:
+      return unmarshalECDSAPublicKey(data)
     default:
       throw new UnsupportedKeyTypeError()
   }
@@ -90,13 +105,24 @@ export function publicKeyFromProtobuf (buf: Uint8Array, digest?: Digest<18, numb
  * Creates a public key from the raw key bytes
  */
 export function publicKeyFromRaw (buf: Uint8Array): PublicKey {
-  if (buf.byteLength === 32) {
+  if (buf.byteLength === ed25519PublicKeyLength) {
     return unmarshalEd25519PublicKey(buf)
-  } else if (buf.byteLength === 33) {
+  } else if (buf.byteLength === secp256k1PublicKeyLength) {
     return unmarshalSecp256k1PublicKey(buf)
-  } else {
-    return pkixToRSAPublicKey(buf)
   }
+  const message = decodeDer(buf)
+  const ecdsaOid = message[1]?.[0]
+  if (ecdsaOid === ECDSA_P_256_OID || ecdsaOid === ECDSA_P_384_OID || ecdsaOid === ECDSA_P_521_OID) {
+    return pkiMessageToECDSAPublicKey(message)
+  }
+  if (message[0]?.[0] === RSAES_PKCS1_V1_5_OID) {
+    return pkixMessageToRSAPublicKey(message, buf)
+  }
+  throw new InvalidParametersError('Could not extract public key from raw bytes')
 }
 /**
@@ -106,7 +132,7 @@ export function publicKeyFromRaw (buf: Uint8Array): PublicKey {
  * RSA keys are not supported as in practice we they are not stored in identity
  * multihash since the hash would be very large.
  */
-export function publicKeyFromMultihash (digest: MultihashDigest<0x0>): Ed25519PublicKey | Secp256k1PublicKey {
+export function publicKeyFromMultihash (digest: MultihashDigest<0x0>): Ed25519PublicKey | Secp256k1PublicKey | ECDSAPublicKey {
   const { Type, Data } = pb.PublicKey.decode(digest.digest)
   const data = Data ?? new Uint8Array()
@@ -115,6 +141,8 @@ export function publicKeyFromMultihash (digest: MultihashDigest<0x0>): Ed25519Pu
       return unmarshalEd25519PublicKey(data)
     case pb.KeyType.secp256k1:
       return unmarshalSecp256k1PublicKey(data)
+    case pb.KeyType.ECDSA:
+      return unmarshalECDSAPublicKey(data)
     default:
       throw new UnsupportedKeyTypeError()
   }
@@ -133,7 +161,7 @@ export function publicKeyToProtobuf (key: PublicKey): Uint8Array {
 /**
  * Converts a protobuf serialized private key into its representative object
  */
-export function privateKeyFromProtobuf (buf: Uint8Array): Ed25519PrivateKey | Secp256k1PrivateKey | RSAPrivateKey {
+export function privateKeyFromProtobuf (buf: Uint8Array): Ed25519PrivateKey | Secp256k1PrivateKey | RSAPrivateKey | ECDSAPrivateKey {
   const decoded = pb.PrivateKey.decode(buf)
   const data = decoded.Data ?? new Uint8Array()
@@ -144,6 +172,8 @@ export function privateKeyFromProtobuf (buf: Uint8Array): Ed25519PrivateKey | Se
       return unmarshalEd25519PrivateKey(data)
     case pb.KeyType.secp256k1:
       return unmarshalSecp256k1PrivateKey(data)
+    case pb.KeyType.ECDSA:
+      return unmarshalECDSAPrivateKey(data)
     default:
       throw new UnsupportedKeyTypeError()
   }
@@ -155,13 +185,24 @@ export function privateKeyFromProtobuf (buf: Uint8Array): Ed25519PrivateKey | Se
  * differentiate between Ed25519 and secp256k1 keys as they are the same length.
  */
 export function privateKeyFromRaw (buf: Uint8Array): PrivateKey {
-  if (buf.byteLength === 64) {
+  if (buf.byteLength === ed25519PrivateKeyLength) {
     return unmarshalEd25519PrivateKey(buf)
-  } else if (buf.byteLength === 32) {
+  } else if (buf.byteLength === secp256k1PrivateKeyLength) {
     return unmarshalSecp256k1PrivateKey(buf)
-  } else {
-    return pkcs1ToRSAPrivateKey(buf)
   }
+  const message = decodeDer(buf)
+  const ecdsaOid = message[2]?.[0]
+  if (ecdsaOid === ECDSA_P_256_OID || ecdsaOid === ECDSA_P_384_OID || ecdsaOid === ECDSA_P_521_OID) {
+    return pkiMessageToECDSAPrivateKey(message)
+  }
+  if (message.length > 8) {
+    return pkcs1MessageToRSAPrivateKey(message)
+  }
+  throw new InvalidParametersError('Could not extract private key from raw bytes')
 }
 /**
@@ -173,3 +214,79 @@ export function privateKeyToProtobuf (key: PrivateKey): Uint8Array {
     Data: key.raw
   })
 }
+function toBits (bits: any): number {
+  if (bits == null) {
+    return 2048
+  }
+  return parseInt(bits, 10)
+}
+function toCurve (curve: any): Curve {
+  if (curve === 'P-256' || curve == null) {
+    return 'P-256'
+  }
+  if (curve === 'P-384') {
+    return 'P-384'
+  }
+  if (curve === 'P-521') {
+    return 'P-521'
+  }
+  throw new InvalidParametersError('Unsupported curve, should be P-256, P-384 or P-521')
+}
+/**
+ * Convert a libp2p RSA or ECDSA private key to a WebCrypto CryptoKeyPair
+ */
+export async function privateKeyToCryptoKeyPair (privateKey: PrivateKey): Promise<CryptoKeyPair> {
+  if (privateKey.type === 'RSA') {
+    return {
+      privateKey: await crypto.subtle.importKey('jwk', privateKey.jwk, {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: { name: 'SHA-256' }
+      }, true, ['sign']),
+      publicKey: await crypto.subtle.importKey('jwk', privateKey.publicKey.jwk, {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: { name: 'SHA-256' }
+      }, true, ['verify'])
+    }
+  }
+  if (privateKey.type === 'ECDSA') {
+    return {
+      privateKey: await crypto.subtle.importKey('jwk', privateKey.jwk, {
+        name: 'ECDSA',
+        namedCurve: privateKey.jwk.crv ?? 'P-256'
+      }, true, ['sign']),
+      publicKey: await crypto.subtle.importKey('jwk', privateKey.publicKey.jwk, {
+        name: 'ECDSA',
+        namedCurve: privateKey.publicKey.jwk.crv ?? 'P-256'
+      }, true, ['verify'])
+    }
+  }
+  throw new InvalidParametersError('Only RSA and ECDSA keys are supported')
+}
+/**
+ * Convert a RSA or ECDSA WebCrypto CryptoKeyPair to a libp2p private key
+ */
+export async function privateKeyFromCryptoKeyPair (keyPair: CryptoKeyPair): Promise<PrivateKey> {
+  if (keyPair.privateKey.algorithm.name === 'RSASSA-PKCS1-v1_5') {
+    const jwk = await crypto.subtle.exportKey('jwk', keyPair.privateKey)
+    return jwkToRSAPrivateKey(jwk)
+  }
+  if (keyPair.privateKey.algorithm.name === 'ECDSA') {
+    const jwk = await crypto.subtle.exportKey('jwk', keyPair.privateKey)
+    return new ECDSAPrivateKeyClass(jwk)
+  }
+  throw new InvalidParametersError('Only RSA and ECDSA keys are supported')
+}

package/src/keys/keys.proto CHANGED Viewed

@@ -4,6 +4,7 @@ enum KeyType {
   RSA = 0;
   Ed25519 = 1;
   secp256k1 = 2;
+  ECDSA = 3;
 }
 message PublicKey {
   // the proto2 version of this field is "required" which means it will have

package/src/keys/keys.ts CHANGED Viewed

@@ -10,13 +10,15 @@ import type { Uint8ArrayList } from 'uint8arraylist'
 export enum KeyType {
   RSA = 'RSA',
   Ed25519 = 'Ed25519',
-  secp256k1 = 'secp256k1'
+  secp256k1 = 'secp256k1',
+  ECDSA = 'ECDSA'
 }
 enum __KeyTypeValues {
   RSA = 0,
   Ed25519 = 1,
-  secp256k1 = 2
+  secp256k1 = 2,
+  ECDSA = 3
 }
 export namespace KeyType {