feat: use webcrypto in favor of node-forge

BREAKING CHANGE: generateKeyPair is now async

Author: dignifiedquire

.aegir.js

@@ -8,6 +8,9 @@ module.exports = {
       alias: {
         'node-forge': path.resolve(__dirname, 'vendor/forge.bundle.js')
       }
+    },
+    externals: {
+      ursa: '{}'
     }
   }
 }

README.md

@@ -21,7 +21,7 @@ needed for libp2p. This is based on this [go implementation](https://github.com/
 - [Usage](#usage)
   - [Example](#example)
 - [API](#api)
-  - [`generateKeyPair(type, bits)`](#generatekeypairtype-bits)
+  - [`generateKeyPair(type, bits, cb)`](#generatekeypairtype-bits-cb)
   - [`generateEphemeralKeyPair(curve)`](#generateephemeralkeypaircurve)
   - [`keyStretcher(cipherType, hashType, secret)`](#keystretcherciphertype-hashtype-secret)
   - [`marshalPublicKey(key[, type])`](#marshalpublickeykey-type)
@@ -44,15 +44,17 @@ npm install --save libp2p-crypto
 ```js
 const crypto = require('libp2p-crypto')
 
-var keyPair = crypto.generateKeyPair('RSA', 2048)
+crypto.generateKeyPair('RSA', 2048, (err, key) => {
+})
 ```
 
 ## API
 
-### `generateKeyPair(type, bits)`
+### `generateKeyPair(type, bits, cb)`
 
 - `type: String`, only `'RSA'` is currently supported
 - `bits: Number`
+- `cb: Function`
 
 Generates a keypair of the given type and bitsize.
 

benchmarks/ephemeral-keys.js

@@ -0,0 +1,33 @@
+'use strict'
+
+const Benchmark = require('benchmark')
+const crypto = require('../src')
+
+const suite = new Benchmark.Suite('ephemeral-keys')
+
+const secrets = []
+const curves = ['P-256', 'P-384', 'P-521']
+
+curves.forEach((curve) => {
+  suite.add(`ephemeral key with secrect ${curve}`, (d) => {
+    crypto.generateEphemeralKeyPair('P-256', (err, res) => {
+      if (err) throw err
+      res.genSharedKey(res.key, (err, secret) => {
+        if (err) throw err
+        secrets.push(secret)
+
+        d.resolve()
+      })
+    })
+  }, {
+    defer: true
+  })
+})
+
+suite
+.on('cycle', (event) => {
+  console.log(String(event.target))
+})
+.run({
+  'async': true
+})

benchmarks/key-stretcher.js

@@ -0,0 +1,43 @@
+'use strict'
+
+const Benchmark = require('benchmark')
+const crypto = require('../src')
+
+const suite = new Benchmark.Suite('key-stretcher')
+
+const keys = []
+
+const ciphers = ['AES-128', 'AES-256', 'Blowfish']
+const hashes = ['SHA1', 'SHA256', 'SHA512']
+
+crypto.generateEphemeralKeyPair('P-256', (err, res) => {
+  if (err) throw err
+
+  res.genSharedKey(res.key, (err, secret) => {
+    if (err) throw err
+    ciphers.forEach((cipher) => {
+      hashes.forEach((hash) => {
+        suite.add(`keyStretcher ${cipher} ${hash}`, (d) => {
+          crypto.keyStretcher(cipher, hash, secret, (err, k) => {
+            if (err) {
+              throw err
+            }
+
+            keys.push(k)
+            d.resolve()
+          })
+        }, {
+          defer: true
+        })
+      })
+    })
+
+    suite
+      .on('cycle', (event) => {
+        console.log(String(event.target))
+      })
+      .run({
+        'async': true
+      })
+  })
+})

benchmarks/rsa.js

@@ -0,0 +1,47 @@
+'use strict'
+
+const Benchmark = require('benchmark')
+const crypto = require('../src')
+
+const suite = new Benchmark.Suite('rsa')
+
+const keys = []
+
+const bits = [1024, 2048, 4096]
+
+bits.forEach((bit) => {
+  suite.add(`generateKeyPair ${bit}bits`, (d) => {
+    crypto.generateKeyPair('RSA', bit, (err, key) => {
+      if (err) throw err
+      keys.push(key)
+      d.resolve()
+    })
+  }, {
+    defer: true
+  })
+})
+
+suite.add('sign and verify', (d) => {
+  const key = keys[0]
+  const text = key.genSecret()
+
+  key.sign(text, (err, sig) => {
+    if (err) throw err
+
+    key.public.verify(text, sig, (err, res) => {
+      if (err) throw err
+      if (res !== true) throw new Error('failed to verify')
+      d.resolve()
+    })
+  })
+}, {
+  defer: true
+})
+
+suite
+.on('cycle', (event) => {
+  console.log(String(event.target))
+})
+.run({
+  'async': true
+})

package.json

@@ -2,17 +2,26 @@
   "name": "libp2p-crypto",
   "version": "0.6.1",
   "description": "Crypto primitives for libp2p",
-  "main": "lib/index.js",
+  "main": "src/index.js",
   "jsnext:main": "src/index.js",
+  "browser": {
+    "node-webcrypto-ossl": false,
+    "./src/crypto/webcrypto.js": "./src/crypto/webcrypto-browser.js",
+    "./lib/crypto/webcrypto.js": "./lib/crypto/webcrypto-browser.js",
+    "./src/crypto/hmac.js": "./src/crypto/hmac-browser.js",
+    "./lib/crypto/hmac.js": "./lib/crypto/hmac-browser.js",
+    "./src/crypto/aes.js": "./src/crypto/aes-browser.js",
+    "./lib/crypto/aes.js": "./lib/crypto/aes-browser.js"
+  },
   "scripts": {
     "lint": "aegir-lint",
     "build": "aegir-build",
-    "test": "aegir-test",
+    "test": "PHANTOM=off aegir-test",
     "test:node": "aegir-test --env node",
-    "test:browser": "aegir-test --env browser",
-    "release": "aegir-release",
-    "release-minor": "aegir-release --type minor",
-    "release-major": "aegir-release --type major",
+    "test:browser": "PHANTOM=off aegir-test --env browser",
+    "release": "PHANTOM=off aegir-release",
+    "release-minor": "PHANTOM=off aegir-release --type minor",
+    "release-major": "PHANTOM=off aegir-release --type major",
     "coverage": "aegir-coverage",
     "coverage-publish": "aegir-coverage publish"
   },
@@ -25,13 +34,18 @@
   "author": "Friedel Ziegelmayer <[email protected]>",
   "license": "MIT",
   "dependencies": {
-    "elliptic": "^6.3.2",
+    "asn1.js": "^4.8.1",
+    "async": "^2.0.1",
+    "bn.js": "^4.11.6",
     "multihashing": "^0.2.1",
-    "node-forge": "^0.6.39",
-    "protocol-buffers": "^3.1.6"
+    "node-webcrypto-ossl": "^1.0.7",
+    "nodeify": "^1.0.0",
+    "protocol-buffers": "^3.1.6",
+    "webcrypto-shim": "^0.1.1"
   },
   "devDependencies": {
     "aegir": "^8.0.0",
+    "benchmark": "^2.1.1",
     "chai": "^3.5.0",
     "pre-commit": "^1.1.3"
   },
@@ -56,4 +70,4 @@
     "Richard Littauer <[email protected]>",
     "greenkeeperio-bot <[email protected]>"
   ]
-}
+}

src/crypto.js

@@ -0,0 +1,7 @@
+'use strict'
+
+exports.webcrypto = require('./crypto/webcrypto')()
+exports.hmac = require('./crypto/hmac')
+exports.ecdh = require('./crypto/ecdh')
+exports.aes = require('./crypto/aes')
+exports.rsa = require('./crypto/rsa')

src/crypto.proto

@@ -0,0 +1,17 @@
+'use strict'
+
+module.exports = new Buffer(`
+enum KeyType {
+  RSA = 0;
+}
+
+message PublicKey {
+  required KeyType Type = 1;
+  required bytes Data = 2;
+}
+
+message PrivateKey {
+  required KeyType Type = 1;
+  required bytes Data = 2;
+}
+`)

src/crypto.proto.js

@@ -0,0 +1,52 @@
+'use strict'
+
+const nodeify = require('nodeify')
+
+const crypto = require('./webcrypto')()
+
+exports.create = function (key, iv, callback) {
+  nodeify(crypto.subtle.importKey(
+    'raw',
+    key,
+    {
+      name: 'AES-CTR'
+    },
+    false,
+    ['encrypt', 'decrypt']
+  ).then((key) => {
+    const counter = copy(iv)
+
+    return {
+      encrypt (data, cb) {
+        nodeify(crypto.subtle.encrypt(
+          {
+            name: 'AES-CTR',
+            counter: counter,
+            length: 128
+          },
+          key,
+          data
+        ).then((raw) => Buffer.from(raw)), cb)
+      },
+
+      decrypt (data, cb) {
+        nodeify(crypto.subtle.decrypt(
+          {
+            name: 'AES-CTR',
+            counter: counter,
+            length: 128
+          },
+          key,
+          data
+        ).then((raw) => Buffer.from(raw)), cb)
+      }
+    }
+  }), callback)
+}
+
+function copy (buf) {
+  const fresh = new Buffer(buf.length)
+  buf.copy(fresh)
+
+  return fresh
+}

src/crypto/aes-browser.js

@@ -0,0 +1,30 @@
+'use strict'
+
+const crypto = require('crypto')
+
+const ciphers = {
+  16: 'aes-128-ctr',
+  32: 'aes-256-ctr'
+}
+
+exports.create = function (key, iv, callback) {
+  const name = ciphers[key.length]
+  if (!name) {
+    return callback(new Error('Invalid key length'))
+  }
+
+  const cipher = crypto.createCipheriv(name, key, iv)
+  const decipher = crypto.createDecipheriv(name, key, iv)
+
+  const res = {
+    encrypt (data, cb) {
+      cb(null, cipher.update(data))
+    },
+
+    decrypt (data, cb) {
+      cb(null, decipher.update(data))
+    }
+  }
+
+  callback(null, res)
+}