feat: replace bcrypto (#302)

Co-authored-by: Cayman <[email protected]>

Author: acolytec3

package.json

@@ -42,4 +42,4 @@
     "typescript": "^4.7.3"
   },
   "packageManager": "[email protected]+sha256.c17d3797fb9a9115bf375e31bfd30058cac6bc9c3b8807a3d8cb2094794b51ca"
-}
+}

packages/discv5/README.md

@@ -36,16 +36,6 @@ const libp2p = createLibp2p({
 });
 ```
 
-## Additional features
-
-By default, importing this library will, as a side-effect, change the enr crypto implementation to use `bcrypto`.
-If you'd like to remain using `@chainsafe/enr`'s default crypto you can add this after importing `@chainsafe/discv5`:
-```ts
-import {setV4Crypto, defaultCrypto} from "@chainsafe/enr";
-
-setV4Crypto(defaultCrypto)
-```
-
 ## License
 
 Apache-2.0

packages/discv5/package.json

@@ -70,7 +70,8 @@
     "@libp2p/crypto": "^5.0.1",
     "@libp2p/interface": "^2.0.1",
     "@multiformats/multiaddr": "^12.1.10",
-    "bcrypto": "^5.4.0",
+    "@noble/hashes": "^1.7.0",
+    "@noble/secp256k1": "^2.2.2",
     "bigint-buffer": "^1.1.5",
     "debug": "^4.3.1",
     "lru-cache": "^10.1.0",

packages/discv5/src/enr/bcryptoV4Crypto.ts

@@ -5,6 +5,3 @@ export * from "./service/index.js";
 export * from "./session/index.js";
 export * from "./transport/index.js";
 export * from "./util/index.js";
-
-// side effect: set the enr crypto implementation
-import "./enr/setV4Crypto.js";

packages/discv5/src/enr/setV4Crypto.ts

@@ -1,31 +1,25 @@
-import secp256k1 from "bcrypto/lib/secp256k1.js";
 import { KeyType } from "@libp2p/interface";
 import { AbstractKeypair, IKeypair, IKeypairClass } from "./types.js";
 import { ERR_INVALID_KEYPAIR_TYPE } from "./constants.js";
+import { getDiscv5Crypto } from "../util/crypto.js";
+import { toBuffer } from "../util/index.js";
 
 export function secp256k1PublicKeyToCompressed(publicKey: Buffer): Buffer {
   if (publicKey.length === 64) {
     publicKey = Buffer.concat([Buffer.from([4]), publicKey]);
   }
-  return secp256k1.publicKeyConvert(publicKey, true);
-}
-
-export function secp256k1PublicKeyToFull(publicKey: Buffer): Buffer {
-  if (publicKey.length === 64) {
-    return Buffer.concat([Buffer.from([4]), publicKey]);
-  }
-  return secp256k1.publicKeyConvert(publicKey, false);
+  return toBuffer(getDiscv5Crypto().secp256k1.publicKeyConvert(publicKey, true));
 }
 
 export function secp256k1PublicKeyToRaw(publicKey: Buffer): Buffer {
-  return secp256k1.publicKeyConvert(publicKey, false).slice(1);
+  return toBuffer(getDiscv5Crypto().secp256k1.publicKeyConvert(publicKey, false));
 }
 
 export const Secp256k1Keypair: IKeypairClass = class Secp256k1Keypair extends AbstractKeypair implements IKeypair {
   readonly type: KeyType;
 
   constructor(privateKey?: Buffer, publicKey?: Buffer) {
-    let pub = publicKey ?? secp256k1.publicKeyCreate(privateKey!);
+    let pub = publicKey ?? toBuffer(getDiscv5Crypto().secp256k1.publicKeyCreate(privateKey!));
     if (pub) {
       pub = secp256k1PublicKeyToCompressed(pub);
     }
@@ -34,33 +28,33 @@ export const Secp256k1Keypair: IKeypairClass = class Secp256k1Keypair extends Ab
   }
 
   static generate(): Secp256k1Keypair {
-    const privateKey = secp256k1.privateKeyGenerate();
-    const publicKey = secp256k1.publicKeyCreate(privateKey);
+    const privateKey = toBuffer(getDiscv5Crypto().secp256k1.generatePrivateKey());
+    const publicKey = toBuffer(getDiscv5Crypto().secp256k1.publicKeyCreate(privateKey));
     return new Secp256k1Keypair(privateKey, publicKey);
   }
 
   privateKeyVerify(key = this._privateKey): boolean {
     if (key) {
-      return secp256k1.privateKeyVerify(key);
+      return getDiscv5Crypto().secp256k1.privateKeyVerify(key);
     }
     return true;
   }
   publicKeyVerify(key = this._publicKey): boolean {
     if (key) {
-      return secp256k1.publicKeyVerify(key);
+      return getDiscv5Crypto().secp256k1.publicKeyVerify(key);
     }
     return true;
   }
   sign(msg: Buffer): Buffer {
-    return secp256k1.sign(msg, this.privateKey);
+    return toBuffer(getDiscv5Crypto().secp256k1.sign(msg, this.privateKey));
   }
   verify(msg: Buffer, sig: Buffer): boolean {
-    return secp256k1.verify(msg, sig, this.publicKey);
+    return getDiscv5Crypto().secp256k1.verify(this.publicKey, msg, sig);
   }
   deriveSecret(keypair: IKeypair): Buffer {
     if (keypair.type !== this.type) {
       throw new Error(ERR_INVALID_KEYPAIR_TYPE);
     }
-    return secp256k1.derive(keypair.publicKey, this.privateKey);
+    return toBuffer(getDiscv5Crypto().secp256k1.deriveSecret(this.privateKey, keypair.publicKey));
   }
 };

packages/discv5/src/index.ts

@@ -1,4 +1,4 @@
-import { randomBytes } from "bcrypto/lib/random.js";
+import { randomBytes } from "@noble/hashes/utils";
 import { toBigIntBE } from "bigint-buffer";
 import { SequenceNumber, ENR } from "@chainsafe/enr";
 
@@ -11,9 +11,10 @@ import {
   ITalkReqMessage,
   ITalkRespMessage,
 } from "./types.js";
+import { toBuffer } from "../index.js";
 
 export function createRequestId(): RequestId {
-  return toBigIntBE(randomBytes(8));
+  return toBigIntBE(toBuffer(randomBytes(8)));
 }
 
 export function createPingMessage(enrSeq: SequenceNumber): IPingMessage {
@@ -53,6 +54,6 @@ export function createTalkResponseMessage(requestId: RequestId, payload: Uint8Ar
   return {
     type: MessageType.TALKRESP,
     id: requestId,
-    response: Buffer.from(payload),
+    response: toBuffer(payload),
   };
 }

packages/discv5/src/keypair/secp256k1.ts

@@ -1,15 +1,16 @@
-import { randomBytes } from "bcrypto/lib/random.js";
+import { randomBytes } from "@noble/hashes/utils";
 import { NodeId, SequenceNumber } from "@chainsafe/enr";
 import { ID_NONCE_SIZE, MASKING_IV_SIZE, NONCE_SIZE } from "./constants.js";
 import { encodeMessageAuthdata, encodeWhoAreYouAuthdata } from "./encode.js";
 import { IHeader, IPacket, PacketType } from "./types.js";
+import { toBuffer } from "../index.js";
 
 export function createHeader(flag: PacketType, authdata: Buffer, nonce = randomBytes(NONCE_SIZE)): IHeader {
   return {
     protocolId: "discv5",
     version: 1,
     flag,
-    nonce,
+    nonce: toBuffer(nonce),
     authdataSize: authdata.length,
     authdata,
   };
@@ -18,8 +19,8 @@ export function createHeader(flag: PacketType, authdata: Buffer, nonce = randomB
 export function createRandomPacket(srcId: NodeId): IPacket {
   const authdata = encodeMessageAuthdata({ srcId });
   const header = createHeader(PacketType.Message, authdata);
-  const maskingIv = randomBytes(MASKING_IV_SIZE);
-  const message = randomBytes(44);
+  const maskingIv = toBuffer(randomBytes(MASKING_IV_SIZE));
+  const message = toBuffer(randomBytes(44));
   return {
     maskingIv,
     header,
@@ -28,10 +29,10 @@ export function createRandomPacket(srcId: NodeId): IPacket {
 }
 
 export function createWhoAreYouPacket(nonce: Buffer, enrSeq: SequenceNumber): IPacket {
-  const idNonce = randomBytes(ID_NONCE_SIZE);
+  const idNonce = toBuffer(randomBytes(ID_NONCE_SIZE));
   const authdata = encodeWhoAreYouAuthdata({ idNonce, enrSeq });
   const header = createHeader(PacketType.WhoAreYou, authdata, nonce);
-  const maskingIv = randomBytes(MASKING_IV_SIZE);
+  const maskingIv = toBuffer(randomBytes(MASKING_IV_SIZE));
   const message = Buffer.alloc(0);
   return {
     maskingIv,

packages/discv5/src/message/create.ts

@@ -1,4 +1,4 @@
-import cipher from "bcrypto/lib/cipher.js";
+import Crypto from "node:crypto";
 import { toBigIntBE, toBufferBE } from "bigint-buffer";
 
 import { bufferToNumber, CodeError, fromHex, numberToBuffer, toHex } from "../util/index.js";
@@ -33,8 +33,7 @@ export function encodePacket(destId: string, packet: IPacket): Buffer {
 }
 
 export function encodeHeader(destId: string, maskingIv: Buffer, header: IHeader): Buffer {
-  const ctx = new cipher.Cipher("AES-128-CTR");
-  ctx.init(fromHex(destId).slice(0, MASKING_KEY_SIZE), maskingIv);
+  const ctx = Crypto.createCipheriv("aes-128-ctr", fromHex(destId).slice(0, MASKING_KEY_SIZE), maskingIv);
   return ctx.update(
     Buffer.concat([
       // static header
@@ -73,8 +72,7 @@ export function decodePacket(srcId: string, data: Buffer): IPacket {
  * Return the decoded header and the header as a buffer
  */
 export function decodeHeader(srcId: string, maskingIv: Buffer, data: Buffer): [IHeader, Buffer] {
-  const ctx = new cipher.Decipher("AES-128-CTR");
-  ctx.init(fromHex(srcId).slice(0, MASKING_KEY_SIZE), maskingIv);
+  const ctx = Crypto.createDecipheriv("aes-128-ctr", fromHex(srcId).slice(0, MASKING_KEY_SIZE), maskingIv);
   // unmask the static header
   const staticHeaderBuf = ctx.update(data.slice(0, STATIC_HEADER_SIZE));