Merge branch 'main' into feat/config-validation

Author: achingbrain

packages/connection-encrypter-plaintext/package.json

@@ -50,9 +50,7 @@
     "@libp2p/interface": "^0.1.2",
     "@libp2p/peer-id": "^3.0.6",
     "@multiformats/multiaddr": "^12.1.10",
-    "it-handshake": "^4.1.3",
-    "it-length-prefixed": "^9.0.3",
-    "it-map": "^3.0.4",
+    "it-protobuf-stream": "^1.1.1",
     "it-stream-types": "^2.0.1",
     "protons-runtime": "^5.0.0",
     "uint8arraylist": "^2.4.3"

packages/connection-encrypter-plaintext/src/index.ts

@@ -22,49 +22,53 @@
 
 import { UnexpectedPeerError, InvalidCryptoExchangeError } from '@libp2p/interface/errors'
 import { peerIdFromBytes, peerIdFromKeys } from '@libp2p/peer-id'
-import { handshake } from 'it-handshake'
-import * as lp from 'it-length-prefixed'
-import map from 'it-map'
+import { pbStream } from 'it-protobuf-stream'
 import { Exchange, KeyType } from './pb/proto.js'
 import type { ComponentLogger, Logger } from '@libp2p/interface'
+import type { MultiaddrConnection } from '@libp2p/interface/connection'
 import type { ConnectionEncrypter, SecuredConnection } from '@libp2p/interface/connection-encrypter'
 import type { PeerId } from '@libp2p/interface/peer-id'
-import type { Duplex, Source } from 'it-stream-types'
+import type { Duplex } from 'it-stream-types'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PROTOCOL = '/plaintext/2.0.0'
 
-function lpEncodeExchange (exchange: Exchange): Uint8ArrayList {
-  const pb = Exchange.encode(exchange)
-
-  return lp.encode.single(pb)
-}
-
 export interface PlaintextComponents {
   logger: ComponentLogger
 }
 
+export interface PlaintextInit {
+  /**
+   * The peer id exchange must complete within this many milliseconds
+   * (default: 1000)
+   */
+  timeout?: number
+}
+
 class Plaintext implements ConnectionEncrypter {
   public protocol: string = PROTOCOL
   private readonly log: Logger
+  private readonly timeout: number
 
-  constructor (components: PlaintextComponents) {
+  constructor (components: PlaintextComponents, init: PlaintextInit = {}) {
     this.log = components.logger.forComponent('libp2p:plaintext')
+    this.timeout = init.timeout ?? 1000
   }
 
-  async secureInbound (localId: PeerId, conn: Duplex<AsyncGenerator<Uint8Array>, Source<Uint8Array>, Promise<void>>, remoteId?: PeerId): Promise<SecuredConnection> {
+  async secureInbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
     return this._encrypt(localId, conn, remoteId)
   }
 
-  async secureOutbound (localId: PeerId, conn: Duplex<AsyncGenerator<Uint8Array>, Source<Uint8Array>, Promise<void>>, remoteId?: PeerId): Promise<SecuredConnection> {
+  async secureOutbound <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
     return this._encrypt(localId, conn, remoteId)
   }
 
   /**
    * Encrypt connection
    */
-  async _encrypt (localId: PeerId, conn: Duplex<AsyncGenerator<Uint8Array>, Source<Uint8Array>, Promise<void>>, remoteId?: PeerId): Promise<SecuredConnection> {
-    const shake = handshake(conn)
+  async _encrypt <Stream extends Duplex<AsyncGenerator<Uint8Array | Uint8ArrayList>> = MultiaddrConnection> (localId: PeerId, conn: Stream, remoteId?: PeerId): Promise<SecuredConnection<Stream>> {
+    const signal = AbortSignal.timeout(this.timeout)
+    const pb = pbStream(conn).pb(Exchange)
 
     let type = KeyType.RSA
 
@@ -75,45 +79,40 @@ class Plaintext implements ConnectionEncrypter {
     }
 
     // Encode the public key and write it to the remote peer
-    shake.write(
-      lpEncodeExchange({
-        id: localId.toBytes(),
-        pubkey: {
-          Type: type,
-          Data: localId.publicKey ?? new Uint8Array(0)
-        }
-      }).subarray()
-    )
+    await pb.write({
+      id: localId.toBytes(),
+      pubkey: {
+        Type: type,
+        Data: localId.publicKey ?? new Uint8Array(0)
+      }
+    }, {
+      signal
+    })
 
     this.log('write pubkey exchange to peer %p', remoteId)
 
     // Get the Exchange message
-    const response = (await lp.decode.fromReader(shake.reader).next()).value
-
-    if (response == null) {
-      throw new Error('Did not read response')
-    }
-
-    const id = Exchange.decode(response)
-    this.log('read pubkey exchange from peer %p', remoteId)
+    const response = await pb.read({
+      signal
+    })
 
     let peerId
     try {
-      if (id.pubkey == null) {
+      if (response.pubkey == null) {
         throw new Error('Public key missing')
       }
 
-      if (id.pubkey.Data.length === 0) {
+      if (response.pubkey.Data.length === 0) {
         throw new Error('Public key data too short')
       }
 
-      if (id.id == null) {
+      if (response.id == null) {
         throw new Error('Remote id missing')
       }
 
-      peerId = await peerIdFromKeys(id.pubkey.Data)
+      peerId = await peerIdFromKeys(response.pubkey.Data)
 
-      if (!peerId.equals(peerIdFromBytes(id.id))) {
+      if (!peerId.equals(peerIdFromBytes(response.id))) {
         throw new Error('Public key did not match id')
       }
     } catch (err: any) {
@@ -127,18 +126,13 @@ class Plaintext implements ConnectionEncrypter {
 
     this.log('plaintext key exchange completed successfully with peer %p', peerId)
 
-    shake.rest()
-
     return {
-      conn: {
-        sink: shake.stream.sink,
-        source: map(shake.stream.source, (buf) => buf.subarray())
-      },
+      conn: pb.unwrap().unwrap(),
       remotePeer: peerId
     }
   }
 }
 
-export function plaintext (): (components: PlaintextComponents) => ConnectionEncrypter {
-  return (components) => new Plaintext(components)
+export function plaintext (init?: PlaintextInit): (components: PlaintextComponents) => ConnectionEncrypter {
+  return (components) => new Plaintext(components, init)
 }

packages/crypto/package.json

@@ -107,6 +107,7 @@
     "./dist/src/hmac/index.js": "./dist/src/hmac/index-browser.js",
     "./dist/src/keys/ecdh.js": "./dist/src/keys/ecdh-browser.js",
     "./dist/src/keys/ed25519.js": "./dist/src/keys/ed25519-browser.js",
-    "./dist/src/keys/rsa.js": "./dist/src/keys/rsa-browser.js"
+    "./dist/src/keys/rsa.js": "./dist/src/keys/rsa-browser.js",
+    "./dist/src/keys/secp256k1.js": "./dist/src/keys/secp256k1-browser.js"
   }
 }

packages/crypto/src/keys/ed25519-browser.ts

@@ -1,5 +1,6 @@
 import { ed25519 as ed } from '@noble/curves/ed25519'
 import type { Uint8ArrayKeyPair } from './interface'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PUBLIC_KEY_BYTE_LENGTH = 32
 const PRIVATE_KEY_BYTE_LENGTH = 64 // private key is actually 32 bytes but for historical reasons we concat private and public keys
@@ -44,14 +45,14 @@ export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8Array
   }
 }
 
-export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array): Promise<Uint8Array> {
+export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
   const privateKeyRaw = privateKey.subarray(0, KEYS_BYTE_LENGTH)
 
-  return ed.sign(msg, privateKeyRaw)
+  return ed.sign(msg instanceof Uint8Array ? msg : msg.subarray(), privateKeyRaw)
 }
 
-export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
-  return ed.verify(sig, msg, publicKey)
+export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+  return ed.verify(sig, msg instanceof Uint8Array ? msg : msg.subarray(), publicKey)
 }
 
 function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {

packages/crypto/src/keys/ed25519-class.ts

@@ -7,6 +7,7 @@ import * as crypto from './ed25519.js'
 import { exporter } from './exporter.js'
 import * as pbm from './keys.js'
 import type { Multibase } from 'multiformats'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 export class Ed25519PublicKey {
   private readonly _key: Uint8Array
@@ -15,7 +16,7 @@ export class Ed25519PublicKey {
     this._key = ensureKey(key, crypto.publicKeyLength)
   }
 
-  async verify (data: Uint8Array, sig: Uint8Array): Promise<boolean> {
+  async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): Promise<boolean> {
     return crypto.hashAndVerify(this._key, sig, data)
   }
 
@@ -52,7 +53,7 @@ export class Ed25519PrivateKey {
     this._publicKey = ensureKey(publicKey, crypto.publicKeyLength)
   }
 
-  async sign (message: Uint8Array): Promise<Uint8Array> {
+  async sign (message: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
     return crypto.hashAndSign(this._key, message)
   }
 

packages/crypto/src/keys/ed25519.ts

@@ -1,8 +1,10 @@
 import crypto from 'crypto'
 import { promisify } from 'util'
+import { concat as uint8arrayConcat } from 'uint8arrays/concat'
 import { fromString as uint8arrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8arrayToString } from 'uint8arrays/to-string'
 import type { Uint8ArrayKeyPair } from './interface.js'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 const keypair = promisify(crypto.generateKeyPair)
 
@@ -47,7 +49,7 @@ export async function generateKey (): Promise<Uint8ArrayKeyPair> {
   const publicKeyRaw = uint8arrayFromString(key.privateKey.x, 'base64url')
 
   return {
-    privateKey: concatKeys(privateKeyRaw, publicKeyRaw),
+    privateKey: uint8arrayConcat([privateKeyRaw, publicKeyRaw], privateKeyRaw.byteLength + publicKeyRaw.byteLength),
     publicKey: publicKeyRaw
   }
 }
@@ -66,12 +68,12 @@ export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8Array
   const publicKeyRaw = derivePublicKey(seed)
 
   return {
-    privateKey: concatKeys(seed, publicKeyRaw),
+    privateKey: uint8arrayConcat([seed, publicKeyRaw], seed.byteLength + publicKeyRaw.byteLength),
     publicKey: publicKeyRaw
   }
 }
 
-export async function hashAndSign (key: Uint8Array, msg: Uint8Array): Promise<Buffer> {
+export async function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<Buffer> {
   if (!(key instanceof Uint8Array)) {
     throw new TypeError('"key" must be a node.js Buffer, or Uint8Array.')
   }
@@ -99,10 +101,10 @@ export async function hashAndSign (key: Uint8Array, msg: Uint8Array): Promise<Bu
     }
   })
 
-  return crypto.sign(null, msg, obj)
+  return crypto.sign(null, msg instanceof Uint8Array ? msg : msg.subarray(), obj)
 }
 
-export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
+export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
   if (key.byteLength !== PUBLIC_KEY_BYTE_LENGTH) {
     throw new TypeError('"key" must be 32 bytes in length.')
   } else if (!(key instanceof Uint8Array)) {
@@ -124,14 +126,5 @@ export async function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint
     }
   })
 
-  return crypto.verify(null, msg, obj, sig)
-}
-
-function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {
-  const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH)
-  for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
-    privateKey[i] = privateKeyRaw[i]
-    privateKey[KEYS_BYTE_LENGTH + i] = publicKey[i]
-  }
-  return privateKey
+  return crypto.verify(null, msg instanceof Uint8Array ? msg : msg.subarray(), obj, sig)
 }

packages/crypto/src/keys/rsa-browser.ts

@@ -6,6 +6,7 @@ import webcrypto from '../webcrypto.js'
 import { jwk2pub, jwk2priv } from './jwk2pem.js'
 import * as utils from './rsa-utils.js'
 import type { JWKKeyPair } from './interface.js'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 export { utils }
 
@@ -60,7 +61,7 @@ export async function unmarshalPrivateKey (key: JsonWebKey): Promise<JWKKeyPair>
 
 export { randomBytes as getRandomValues }
 
-export async function hashAndSign (key: JsonWebKey, msg: Uint8Array): Promise<Uint8Array> {
+export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
   const privateKey = await webcrypto.get().subtle.importKey(
     'jwk',
     key,
@@ -75,13 +76,13 @@ export async function hashAndSign (key: JsonWebKey, msg: Uint8Array): Promise<Ui
   const sig = await webcrypto.get().subtle.sign(
     { name: 'RSASSA-PKCS1-v1_5' },
     privateKey,
-    Uint8Array.from(msg)
+    msg instanceof Uint8Array ? msg : msg.subarray()
   )
 
   return new Uint8Array(sig, 0, sig.byteLength)
 }
 
-export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
+export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
   const publicKey = await webcrypto.get().subtle.importKey(
     'jwk',
     key,
@@ -97,7 +98,7 @@ export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint
     { name: 'RSASSA-PKCS1-v1_5' },
     publicKey,
     sig,
-    msg
+    msg instanceof Uint8Array ? msg : msg.subarray()
   )
 }
 
@@ -141,18 +142,18 @@ Explanation:
 
 */
 
-function convertKey (key: JsonWebKey, pub: boolean, msg: Uint8Array, handle: (msg: string, key: { encrypt(msg: string): string, decrypt(msg: string): string }) => string): Uint8Array {
+function convertKey (key: JsonWebKey, pub: boolean, msg: Uint8Array | Uint8ArrayList, handle: (msg: string, key: { encrypt(msg: string): string, decrypt(msg: string): string }) => string): Uint8Array {
   const fkey = pub ? jwk2pub(key) : jwk2priv(key)
-  const fmsg = uint8ArrayToString(Uint8Array.from(msg), 'ascii')
+  const fmsg = uint8ArrayToString(msg instanceof Uint8Array ? msg : msg.subarray(), 'ascii')
   const fomsg = handle(fmsg, fkey)
   return uint8ArrayFromString(fomsg, 'ascii')
 }
 
-export function encrypt (key: JsonWebKey, msg: Uint8Array): Uint8Array {
+export function encrypt (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Uint8Array {
   return convertKey(key, true, msg, (msg, key) => key.encrypt(msg))
 }
 
-export function decrypt (key: JsonWebKey, msg: Uint8Array): Uint8Array {
+export function decrypt (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Uint8Array {
   return convertKey(key, false, msg, (msg, key) => key.decrypt(msg))
 }
 

packages/crypto/src/keys/rsa-class.ts

@@ -9,6 +9,7 @@ import { exporter } from './exporter.js'
 import * as pbm from './keys.js'
 import * as crypto from './rsa.js'
 import type { Multibase } from 'multiformats'
+import type { Uint8ArrayList } from 'uint8arraylist'
 
 export const MAX_KEY_SIZE = 8192
 
@@ -19,7 +20,7 @@ export class RsaPublicKey {
     this._key = key
   }
 
-  async verify (data: Uint8Array, sig: Uint8Array): Promise<boolean> {
+  async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): Promise<boolean> {
     return crypto.hashAndVerify(this._key, sig, data)
   }
 
@@ -34,7 +35,7 @@ export class RsaPublicKey {
     }).subarray()
   }
 
-  encrypt (bytes: Uint8Array): Uint8Array {
+  encrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
     return crypto.encrypt(this._key, bytes)
   }
 
@@ -62,7 +63,7 @@ export class RsaPrivateKey {
     return crypto.getRandomValues(16)
   }
 
-  async sign (message: Uint8Array): Promise<Uint8Array> {
+  async sign (message: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
     return crypto.hashAndSign(this._key, message)
   }
 
@@ -74,7 +75,7 @@ export class RsaPrivateKey {
     return new RsaPublicKey(this._publicKey)
   }
 
-  decrypt (bytes: Uint8Array): Uint8Array {
+  decrypt (bytes: Uint8Array | Uint8ArrayList): Uint8Array {
     return crypto.decrypt(this._key, bytes)
   }