mirror of
https://github.com/fluencelabs/js-libp2p-crypto
synced 2025-03-28 06:31:09 +00:00
0b686d363c
* chore: add error codes * chore: create errors with new Error() * fix: better error testin * refactor: simplify random bytes error checks
121 lines
4.1 KiB
JavaScript
121 lines
4.1 KiB
JavaScript
'use strict'
|
|
|
|
const protobuf = require('protons')
|
|
const keysPBM = protobuf(require('./keys.proto'))
|
|
require('node-forge/lib/asn1')
|
|
require('node-forge/lib/rsa')
|
|
require('node-forge/lib/pbe')
|
|
const forge = require('node-forge/lib/forge')
|
|
const errcode = require('err-code')
|
|
|
|
exports = module.exports
|
|
|
|
const supportedKeys = {
|
|
rsa: require('./rsa-class'),
|
|
ed25519: require('./ed25519-class'),
|
|
secp256k1: require('libp2p-crypto-secp256k1')(keysPBM, require('../random-bytes'))
|
|
}
|
|
|
|
exports.supportedKeys = supportedKeys
|
|
exports.keysPBM = keysPBM
|
|
|
|
const ErrMissingSecp256K1 = {
|
|
message: 'secp256k1 support requires libp2p-crypto-secp256k1 package',
|
|
code: 'ERR_MISSING_PACKAGE'
|
|
}
|
|
|
|
function typeToKey (type) {
|
|
let key = supportedKeys[type.toLowerCase()]
|
|
if (!key) {
|
|
const supported = Object.keys(supportedKeys).join(' / ')
|
|
throw errcode(new Error(`invalid or unsupported key type ${type}. Must be ${supported}`), 'ERR_UNSUPPORTED_KEY_TYPE')
|
|
}
|
|
return key
|
|
}
|
|
|
|
exports.keyStretcher = require('./key-stretcher')
|
|
exports.generateEphemeralKeyPair = require('./ephemeral-keys')
|
|
|
|
// Generates a keypair of the given type and bitsize
|
|
exports.generateKeyPair = async (type, bits) => { // eslint-disable-line require-await
|
|
return typeToKey(type).generateKeyPair(bits)
|
|
}
|
|
|
|
// Generates a keypair of the given type and bitsize
|
|
// seed is a 32 byte uint8array
|
|
exports.generateKeyPairFromSeed = async (type, seed, bits) => { // eslint-disable-line require-await
|
|
const key = typeToKey(type)
|
|
if (type.toLowerCase() !== 'ed25519') {
|
|
throw errcode(new Error('Seed key derivation is unimplemented for RSA or secp256k1'), 'ERR_UNSUPPORTED_KEY_DERIVATION_TYPE')
|
|
}
|
|
return key.generateKeyPairFromSeed(seed, bits)
|
|
}
|
|
|
|
// Converts a protobuf serialized public key into its
|
|
// representative object
|
|
exports.unmarshalPublicKey = (buf) => {
|
|
const decoded = keysPBM.PublicKey.decode(buf)
|
|
const data = decoded.Data
|
|
|
|
switch (decoded.Type) {
|
|
case keysPBM.KeyType.RSA:
|
|
return supportedKeys.rsa.unmarshalRsaPublicKey(data)
|
|
case keysPBM.KeyType.Ed25519:
|
|
return supportedKeys.ed25519.unmarshalEd25519PublicKey(data)
|
|
case keysPBM.KeyType.Secp256k1:
|
|
if (supportedKeys.secp256k1) {
|
|
return supportedKeys.secp256k1.unmarshalSecp256k1PublicKey(data)
|
|
} else {
|
|
throw errcode(new Error(ErrMissingSecp256K1.message), ErrMissingSecp256K1.code)
|
|
}
|
|
default:
|
|
typeToKey(decoded.Type) // throws because type is not supported
|
|
}
|
|
}
|
|
|
|
// Converts a public key object into a protobuf serialized public key
|
|
exports.marshalPublicKey = (key, type) => {
|
|
type = (type || 'rsa').toLowerCase()
|
|
typeToKey(type) // check type
|
|
return key.bytes
|
|
}
|
|
|
|
// Converts a protobuf serialized private key into its
|
|
// representative object
|
|
exports.unmarshalPrivateKey = async (buf) => { // eslint-disable-line require-await
|
|
const decoded = keysPBM.PrivateKey.decode(buf)
|
|
const data = decoded.Data
|
|
|
|
switch (decoded.Type) {
|
|
case keysPBM.KeyType.RSA:
|
|
return supportedKeys.rsa.unmarshalRsaPrivateKey(data)
|
|
case keysPBM.KeyType.Ed25519:
|
|
return supportedKeys.ed25519.unmarshalEd25519PrivateKey(data)
|
|
case keysPBM.KeyType.Secp256k1:
|
|
if (supportedKeys.secp256k1) {
|
|
return supportedKeys.secp256k1.unmarshalSecp256k1PrivateKey(data)
|
|
} else {
|
|
throw errcode(new Error(ErrMissingSecp256K1.message), ErrMissingSecp256K1.code)
|
|
}
|
|
default:
|
|
typeToKey(decoded.Type) // throws because type is not supported
|
|
}
|
|
}
|
|
|
|
// Converts a private key object into a protobuf serialized private key
|
|
exports.marshalPrivateKey = (key, type) => {
|
|
type = (type || 'rsa').toLowerCase()
|
|
typeToKey(type) // check type
|
|
return key.bytes
|
|
}
|
|
|
|
exports.import = async (pem, password) => { // eslint-disable-line require-await
|
|
const key = forge.pki.decryptRsaPrivateKey(pem, password)
|
|
if (key === null) {
|
|
throw errcode(new Error('Cannot read the key, most likely the password is wrong or not a RSA key'), 'ERR_CANNOT_DECRYPT_PEM')
|
|
}
|
|
let der = forge.asn1.toDer(forge.pki.privateKeyToAsn1(key))
|
|
der = Buffer.from(der.getBytes(), 'binary')
|
|
return supportedKeys.rsa.unmarshalRsaPrivateKey(der)
|
|
}
|