@libp2p/crypto 5.0.15 → 5.1.0

package/src/keys/rsa/der.ts

@@ -13,8 +13,11 @@ interface Decoder {
 }
 
 const decoders: Record<number, Decoder> = {
+  0x0: readSequence,
+  0x1: readSequence,
   0x2: readInteger,
   0x3: readBitString,
+  0x4: readOctetString,
   0x5: readNull,
   0x6: readObjectIdentifier,
   0x10: readSequence,
@@ -96,13 +99,53 @@ function readInteger (buf: Uint8Array, context: Context): Uint8Array {
   return Uint8Array.from(vals)
 }
 
-function readObjectIdentifier (buf: Uint8Array, context: Context): string[] {
+function readObjectIdentifier (buf: Uint8Array, context: Context): string {
   const count = readLength(buf, context)
+  const finalOffset = context.offset + count
 
-  // skip OID
-  context.offset += count
+  const byte = buf[context.offset]
+  context.offset++
+
+  let val1 = 0
+  let val2 = 0
+
+  if (byte < 40) {
+    val1 = 0
+    val2 = byte
+  } else if (byte < 80) {
+    val1 = 1
+    val2 = byte - 40
+  } else {
+    val1 = 2
+    val2 = byte - 80
+  }
+
+  let oid = `${val1}.${val2}`
+  let num: number[] = []
+
+  while (context.offset < finalOffset) {
+    const byte = buf[context.offset]
+    context.offset++
+
+    // remove msb
+    num.push(byte & 0b01111111)
+
+    if (byte < 128) {
+      num.reverse()
+
+      // reached the end of the encoding
+      let val = 0
 
-  return ['oid-unimplemented']
+      for (let i = 0; i < num.length; i++) {
+        val += num[i] << (i * 7)
+      }
+
+      oid += `.${val}`
+      num = []
+    }
+  }
+
+  return oid
 }
 
 function readNull (buf: Uint8Array, context: Context): null {
@@ -115,7 +158,7 @@ function readBitString (buf: Uint8Array, context: Context): any {
   const length = readLength(buf, context)
   const unusedBits = buf[context.offset]
   context.offset++
-  const bytes = buf.subarray(context.offset, context.offset + length)
+  const bytes = buf.subarray(context.offset, context.offset + length - 1)
   context.offset += length
 
   if (unusedBits !== 0) {
@@ -123,9 +166,15 @@ function readBitString (buf: Uint8Array, context: Context): any {
     throw new Error('Unused bits in bit string is unimplemented')
   }
 
-  return decodeDer(bytes, {
-    offset: 0
-  })
+  return bytes
+}
+
+function readOctetString (buf: Uint8Array, context: Context): any {
+  const length = readLength(buf, context)
+  const bytes = buf.subarray(context.offset, context.offset + length)
+  context.offset += length
+
+  return bytes
 }
 
 function encodeNumber (value: number): Uint8ArrayList {
@@ -163,7 +212,7 @@ function encodeLength (bytes: { byteLength: number }): Uint8Array | Uint8ArrayLi
 export function encodeInteger (value: Uint8Array | Uint8ArrayList): Uint8ArrayList {
   const contents = new Uint8ArrayList()
 
-  const mask = parseInt('10000000', 2)
+  const mask = 0b10000000
   const positive = (value.subarray()[0] & mask) === mask
 
   if (positive) {
@@ -195,7 +244,15 @@ export function encodeBitString (value: Uint8Array | Uint8ArrayList): Uint8Array
   )
 }
 
-export function encodeSequence (values: Array<Uint8Array | Uint8ArrayList>): Uint8ArrayList {
+export function encodeOctetString (value: Uint8Array | Uint8ArrayList): Uint8ArrayList {
+  return new Uint8ArrayList(
+    Uint8Array.from([0x04]),
+    encodeLength(value),
+    value
+  )
+}
+
+export function encodeSequence (values: Array<Uint8Array | Uint8ArrayList>, tag = 0x30): Uint8ArrayList {
   const output = new Uint8ArrayList()
 
   for (const buf of values) {
@@ -205,7 +262,7 @@ export function encodeSequence (values: Array<Uint8Array | Uint8ArrayList>): Uin
   }
 
   return new Uint8ArrayList(
-    Uint8Array.from([0x30]),
+    Uint8Array.from([tag]),
     encodeLength(output),
     output
   )

package/src/keys/rsa/index.browser.ts

@@ -6,6 +6,7 @@ import * as utils from './utils.js'
 import type { JWKKeyPair } from '../interface.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
+export const RSAES_PKCS1_V1_5_OID = '1.2.840.113549.1.1.1'
 export { utils }
 
 export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {

package/src/keys/rsa/index.ts

@@ -9,6 +9,8 @@ import type { Uint8ArrayList } from 'uint8arraylist'
 
 const keypair = promisify(crypto.generateKeyPair)
 
+export const RSAES_PKCS1_V1_5_OID = '1.2.840.113549.1.1.1'
+
 export { utils }
 
 export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {

package/src/keys/rsa/rsa.ts

@@ -8,18 +8,18 @@ import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class RSAPublicKey implements RSAPublicKeyInterface {
   public readonly type = 'RSA'
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
   private _raw?: Uint8Array
   private readonly _multihash: Digest<18, number>
 
-  constructor (key: JsonWebKey, digest: Digest<18, number>) {
-    this._key = key
+  constructor (jwk: JsonWebKey, digest: Digest<18, number>) {
+    this.jwk = jwk
     this._multihash = digest
   }
 
   get raw (): Uint8Array {
     if (this._raw == null) {
-      this._raw = utils.jwkToPkix(this._key)
+      this._raw = utils.jwkToPkix(this.jwk)
     }
 
     return this._raw
@@ -46,24 +46,24 @@ export class RSAPublicKey implements RSAPublicKeyInterface {
   }
 
   verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean | Promise<boolean> {
-    return hashAndVerify(this._key, sig, data)
+    return hashAndVerify(this.jwk, sig, data)
   }
 }
 
 export class RSAPrivateKey implements RSAPrivateKeyInterface {
   public readonly type = 'RSA'
-  private readonly _key: JsonWebKey
+  public readonly jwk: JsonWebKey
   private _raw?: Uint8Array
   public readonly publicKey: RSAPublicKey
 
-  constructor (key: JsonWebKey, publicKey: RSAPublicKey) {
-    this._key = key
+  constructor (jwk: JsonWebKey, publicKey: RSAPublicKey) {
+    this.jwk = jwk
     this.publicKey = publicKey
   }
 
   get raw (): Uint8Array {
     if (this._raw == null) {
-      this._raw = utils.jwkToPkcs1(this._key)
+      this._raw = utils.jwkToPkcs1(this.jwk)
     }
 
     return this._raw
@@ -78,6 +78,6 @@ export class RSAPrivateKey implements RSAPrivateKeyInterface {
   }
 
   sign (message: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
-    return hashAndSign(this._key, message)
+    return hashAndSign(this.jwk, message)
   }
 }

package/src/keys/rsa/utils.ts

@@ -23,17 +23,24 @@ const RSA_ALGORITHM_IDENTIFIER = Uint8Array.from([
  * Convert a PKCS#1 in ASN1 DER format to a JWK private key
  */
 export function pkcs1ToJwk (bytes: Uint8Array): JsonWebKey {
-  const values = decodeDer(bytes)
+  const message = decodeDer(bytes)
 
+  return pkcs1MessageToJwk(message)
+}
+
+/**
+ * Convert a PKCS#1 in ASN1 DER format to a JWK private key
+ */
+export function pkcs1MessageToJwk (message: any): JsonWebKey {
   return {
-    n: uint8ArrayToString(values[1], 'base64url'),
-    e: uint8ArrayToString(values[2], 'base64url'),
-    d: uint8ArrayToString(values[3], 'base64url'),
-    p: uint8ArrayToString(values[4], 'base64url'),
-    q: uint8ArrayToString(values[5], 'base64url'),
-    dp: uint8ArrayToString(values[6], 'base64url'),
-    dq: uint8ArrayToString(values[7], 'base64url'),
-    qi: uint8ArrayToString(values[8], 'base64url'),
+    n: uint8ArrayToString(message[1], 'base64url'),
+    e: uint8ArrayToString(message[2], 'base64url'),
+    d: uint8ArrayToString(message[3], 'base64url'),
+    p: uint8ArrayToString(message[4], 'base64url'),
+    q: uint8ArrayToString(message[5], 'base64url'),
+    dp: uint8ArrayToString(message[6], 'base64url'),
+    dq: uint8ArrayToString(message[7], 'base64url'),
+    qi: uint8ArrayToString(message[8], 'base64url'),
     kty: 'RSA'
   }
 }
@@ -63,7 +70,15 @@ export function jwkToPkcs1 (jwk: JsonWebKey): Uint8Array {
  * Convert a PKIX in ASN1 DER format to a JWK public key
  */
 export function pkixToJwk (bytes: Uint8Array): JsonWebKey {
-  const decoded = decodeDer(bytes, {
+  const message = decodeDer(bytes, {
+    offset: 0
+  })
+
+  return pkixMessageToJwk(message)
+}
+
+export function pkixMessageToJwk (message: any): JsonWebKey {
+  const keys = decodeDer(message[1], {
     offset: 0
   })
 
@@ -72,11 +87,11 @@ export function pkixToJwk (bytes: Uint8Array): JsonWebKey {
   return {
     kty: 'RSA',
     n: uint8ArrayToString(
-      decoded[1][0],
+      keys[0],
       'base64url'
     ),
     e: uint8ArrayToString(
-      decoded[1][1],
+      keys[1],
       'base64url'
     )
   }
@@ -104,23 +119,40 @@ export function jwkToPkix (jwk: JsonWebKey): Uint8Array {
 }
 
 /**
- * Turn PKCS#1 DER bytes to a PrivateKey
+ * Turn PKCS#1 DER bytes into a PrivateKey
  */
 export function pkcs1ToRSAPrivateKey (bytes: Uint8Array): RSAPrivateKey {
-  const jwk = pkcs1ToJwk(bytes)
+  const message = decodeDer(bytes)
+
+  return pkcs1MessageToRSAPrivateKey(message)
+}
+
+/**
+ * Turn PKCS#1 DER bytes into a PrivateKey
+ */
+export function pkcs1MessageToRSAPrivateKey (message: any): RSAPrivateKey {
+  const jwk = pkcs1MessageToJwk(message)
 
   return jwkToRSAPrivateKey(jwk)
 }
 
 /**
- * Turn PKIX bytes to a PublicKey
+ * Turn a PKIX message into a PublicKey
  */
 export function pkixToRSAPublicKey (bytes: Uint8Array, digest?: Digest<18, number>): RSAPublicKey {
   if (bytes.byteLength >= MAX_RSA_JWK_SIZE) {
     throw new InvalidPublicKeyError('Key size is too large')
   }
 
-  const jwk = pkixToJwk(bytes)
+  const message = decodeDer(bytes, {
+    offset: 0
+  })
+
+  return pkixMessageToRSAPublicKey(message, bytes, digest)
+}
+
+export function pkixMessageToRSAPublicKey (message: any, bytes: Uint8Array, digest?: Digest<18, number>): RSAPublicKey {
+  const jwk = pkixMessageToJwk(message)
 
   if (digest == null) {
     const hash = sha256(pb.PublicKey.encode({

package/src/keys/secp256k1/index.browser.ts

@@ -4,6 +4,12 @@ import { SigningError, VerificationError } from '../../errors.js'
 import { isPromise } from '../../util.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
+const PUBLIC_KEY_BYTE_LENGTH = 33
+const PRIVATE_KEY_BYTE_LENGTH = 32
+
+export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
+export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
+
 /**
  * Hash and sign message with private key
  */

package/src/keys/secp256k1/index.ts

@@ -3,6 +3,12 @@ import { secp256k1 as secp } from '@noble/curves/secp256k1'
 import { SigningError, VerificationError } from '../../errors.js'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
+const PUBLIC_KEY_BYTE_LENGTH = 33
+const PRIVATE_KEY_BYTE_LENGTH = 32
+
+export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
+export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
+
 /**
  * Hash and sign message with private key
  */