feat: upgrade crypto from bcrypto to noble

bench/crypto/index.bench.js

@@ -0,0 +1,84 @@
+import { itBench } from "@dapplion/benchmark";
+import { expect } from "chai";
+import { randomBytes } from "crypto";
+import {
+  decryptMessage,
+  encryptMessage,
+  createKeypair,
+  KeypairType,
+  idSign,
+  idVerify,
+  v4,
+  Secp256k1Keypair,
+  deriveKey,
+  generateIdSignatureInput,
+} from "../../lib/index.js";
+import { hash } from "../../lib/enr/v4.js";
+
+itBench("benchmark aes cipher encryption/decryptions", () => {
+  const key = Buffer.from(randomBytes(16));
+  const nonce = Buffer.from(randomBytes(12));
+  const msg = Buffer.from(randomBytes(16));
+  const ad = Buffer.from(randomBytes(16));
+
+  const cipher = encryptMessage(key, nonce, msg, ad);
+  const decrypted = decryptMessage(key, nonce, cipher, ad);
+  expect(decrypted).to.deep.equal(msg);
+});
+
+itBench("benchmark sign/verify", () => {
+  const expected = Buffer.from(
+    "94852a1e2318c4e5e9d422c98eaf19d1d90d876b29cd06ca7cb7546d0fff7b484fe86c09a064fe72bdbef73ba8e9c34df0cd2b53e9d65528c2c7f336d5dfc6e6",
+    "hex"
+  );
+
+  const localSK = Buffer.from("fb757dc581730490a1d7a00deea65e9b1936924caaea8f44d476014856b68736", "hex");
+  const challengeData = Buffer.from(
+    "000000000000000000000000000000006469736376350001010102030405060708090a0b0c00180102030405060708090a0b0c0d0e0f100000000000000000",
+    "hex"
+  );
+  const ephemPK = Buffer.from("039961e4c2356d61bedb83052c115d311acb3a96f5777296dcf297351130266231", "hex");
+  const nodeIdB = "bbbb9d047f0488c0b5a93c1c3f2d8bafc7c8ff337024a55434a0d0555de64db9";
+  const keypair = createKeypair(KeypairType.Secp256k1, localSK);
+  const actual = idSign(keypair, challengeData, ephemPK, nodeIdB);
+  expect(actual).to.deep.equal(expected);
+  expect(
+    idVerify(
+      createKeypair(KeypairType.Secp256k1, undefined, v4.publicKey(localSK)),
+      challengeData,
+      ephemPK,
+      nodeIdB,
+      actual
+    )
+  ).to.be.true;
+});
+
+itBench("benchmark key derivation", () => {
+  const secret = Buffer.from("022c82f214eb37159111712add00040fcdf73fd4d7d0b7c0f980da4d099aa59ba4");
+  const firstNodeId = "aaaa8419e9f49d0083561b48287df592939a8d19947d8c0ef88f2a4856a69fbb";
+  const secondNodeId = "bbbb9d047f0488c0b5a93c1c3f2d8bafc7c8ff337024a55434a0d0555de64db9";
+  const challengeData = Buffer.from(
+    "000000000000000000000000000000006469736376350001010102030405060708090a0b0c00180102030405060708090a0b0c0d0e0f100000000000000000",
+    "hex"
+  );
+
+  deriveKey(Buffer.from(secret), firstNodeId, secondNodeId, challengeData);
+});
+
+itBench("benchmark secp256k1.generatePrivateKey", () => {
+  Secp256k1Keypair.generate();
+});
+
+itBench("benchmark keccak hash", () => {
+  hash(Buffer.from("secret message"));
+});
+
+itBench("benchmark sha256 hash", () => {
+  const challengeData = Buffer.from(
+    "000000000000000000000000000000006469736376350001010102030405060708090a0b0c00180102030405060708090a0b0c0d0e0f100000000000000000",
+    "hex"
+  );
+  const ephemPK = Buffer.from("039961e4c2356d61bedb83052c115d311acb3a96f5777296dcf297351130266231", "hex");
+  const nodeId = "bbbb9d047f0488c0b5a93c1c3f2d8bafc7c8ff337024a55434a0d0555de64db9";
+  generateIdSignatureInput(challengeData, ephemPK, nodeId);
+})

package.json

@@ -41,6 +41,7 @@
     "build": "tsc -p tsconfig.build.json",
     "prepublishOnly": "yarn build",
     "lint": "eslint --color --ext .ts src/ test/",
+    "lint:fix": "eslint --color --fix --ext .ts src/ test/",
     "test": "yarn test:unit && yarn test:e2e",
     "test:unit": "mocha 'test/unit/**/*.test.ts'",
     "test:e2e": "mocha 'test/e2e/**/*.test.ts'"
@@ -99,11 +100,11 @@
     "@libp2p/interfaces": "^3.0.2",
     "@libp2p/peer-id": "^1.1.13",
     "@multiformats/multiaddr": "^10.2.0",
+    "@noble/hashes": "^1.1.2",
+    "@noble/secp256k1": "^1.6.0",
     "base64url": "^3.0.1",
-    "bcrypto": "^5.4.0",
     "bigint-buffer": "^1.1.5",
     "debug": "^4.3.1",
-    "dgram": "^1.0.1",
     "err-code": "^3.0.1",
     "ip6addr": "^0.2.3",
     "is-ip": "^3.1.0",

src/enr/enr.ts

@@ -350,6 +350,6 @@ export class ENR extends Map<ENRKey, ENRValue> {
     return encoded;
   }
   encodeTxt(privateKey?: Buffer): string {
-    return "enr:" + base64url.encode(Buffer.from(this.encode(privateKey)));
+    return "enr:" + base64url.encode(this.encode(privateKey));
   }
 }

src/enr/v4.ts

@@ -1,31 +1,32 @@
-import keccak from "bcrypto/lib/keccak.js";
-import secp256k1 from "bcrypto/lib/secp256k1.js";
+import { keccak_256 as keccak } from "@noble/hashes/sha3";
+import { secp256k1 } from "../util/crypto.js";
 
 import { NodeId } from "./types.js";
 import { createNodeId } from "./create.js";
+import { secp256k1PublicKeyToRaw } from "../keypair/secp256k1.js";
 
 export function hash(input: Buffer): Buffer {
-  return keccak.digest(input);
+  return Buffer.from(keccak(input).buffer);
 }
 
 export function createPrivateKey(): Buffer {
-  return secp256k1.privateKeyGenerate();
+  return Buffer.from(secp256k1.utils.randomPrivateKey().buffer);
 }
 
 export function publicKey(privKey: Buffer): Buffer {
-  return secp256k1.publicKeyCreate(privKey);
+  return Buffer.from(secp256k1.getPublicKey(privKey, true).buffer);
 }
 
 export function sign(privKey: Buffer, msg: Buffer): Buffer {
-  return secp256k1.sign(hash(msg), privKey);
+  return Buffer.from(secp256k1.signSync(hash(msg), privKey, { der: false }).buffer);
 }
 
 export function verify(pubKey: Buffer, msg: Buffer, sig: Buffer): boolean {
-  return secp256k1.verify(hash(msg), sig, pubKey);
+  return secp256k1.verify(sig, hash(msg), pubKey);
 }
 
 export function nodeId(pubKey: Buffer): NodeId {
-  return createNodeId(hash(secp256k1.publicKeyConvert(pubKey, false).slice(1)));
+  return createNodeId(hash(secp256k1PublicKeyToRaw(pubKey)));
 }
 
 export class ENRKeyPair {
@@ -35,7 +36,7 @@ export class ENRKeyPair {
 
   public constructor(privateKey?: Buffer) {
     if (privateKey) {
-      if (!secp256k1.privateKeyVerify(privateKey)) {
+      if (!secp256k1.utils.isValidPrivateKey(privateKey)) {
         throw new Error("Invalid private key");
       }
     }
@@ -44,8 +45,8 @@ export class ENRKeyPair {
     this.nodeId = nodeId(this.publicKey);
   }
 
-  public sign(msg: Buffer): Buffer {
-    return sign(this.privateKey, msg);
+  public async sign(msg: Buffer): Promise<Buffer> {
+    return await sign(this.privateKey, msg);
   }
 
   public verify(msg: Buffer, sig: Buffer): boolean {

src/keypair/secp256k1.ts

@@ -1,23 +1,23 @@
-import secp256k1 from "bcrypto/lib/secp256k1.js";
 import { AbstractKeypair, IKeypair, IKeypairClass, KeypairType } from "./types.js";
 import { ERR_INVALID_KEYPAIR_TYPE } from "./constants.js";
+import { secp256k1 } from "../util/crypto.js";
 
 export function secp256k1PublicKeyToCompressed(publicKey: Buffer): Buffer {
   if (publicKey.length === 64) {
     publicKey = Buffer.concat([Buffer.from([4]), publicKey]);
   }
-  return secp256k1.publicKeyConvert(publicKey, true);
+  return Buffer.from(secp256k1.Point.fromHex(publicKey).toRawBytes(true));
 }
 
 export function secp256k1PublicKeyToFull(publicKey: Buffer): Buffer {
   if (publicKey.length === 64) {
     return Buffer.concat([Buffer.from([4]), publicKey]);
   }
-  return secp256k1.publicKeyConvert(publicKey, false);
+  return Buffer.from(secp256k1.Point.fromHex(publicKey).toRawBytes(false).buffer);
 }
 
 export function secp256k1PublicKeyToRaw(publicKey: Buffer): Buffer {
-  return secp256k1.publicKeyConvert(publicKey, false).slice(1);
+  return Buffer.from(secp256k1.Point.fromHex(publicKey).toRawBytes(false).buffer).slice(1);
 }
 
 export const Secp256k1Keypair: IKeypairClass = class Secp256k1Keypair extends AbstractKeypair implements IKeypair {
@@ -33,33 +33,37 @@ export const Secp256k1Keypair: IKeypairClass = class Secp256k1Keypair extends Ab
   }
 
   static generate(): Secp256k1Keypair {
-    const privateKey = secp256k1.privateKeyGenerate();
-    const publicKey = secp256k1.publicKeyCreate(privateKey);
-    return new Secp256k1Keypair(privateKey, publicKey);
+    const privateKey = secp256k1.utils.randomPrivateKey();
+    const publicKey = secp256k1.getPublicKey(privateKey);
+    return new Secp256k1Keypair(Buffer.from(privateKey.buffer), Buffer.from(publicKey.buffer));
   }
 
   privateKeyVerify(key = this._privateKey): boolean {
     if (key) {
-      return secp256k1.privateKeyVerify(key);
+      return secp256k1.utils.isValidPrivateKey(key);
     }
     return true;
   }
-  publicKeyVerify(key = this._publicKey): boolean {
-    if (key) {
-      return secp256k1.publicKeyVerify(key);
+
+  publicKeyVerify(): boolean {
+    try {
+      secp256k1.Point.fromHex(this.publicKey).assertValidity();
+      return true;
+    } catch {
+      return false;
     }
-    return true;
   }
   sign(msg: Buffer): Buffer {
-    return secp256k1.sign(msg, this.privateKey);
+    return Buffer.from(secp256k1.signSync(msg, this.privateKey, { der: false }).buffer);
   }
   verify(msg: Buffer, sig: Buffer): boolean {
-    return secp256k1.verify(msg, sig, this.publicKey);
+    return secp256k1.verify(sig, msg, this.publicKey);
   }
   deriveSecret(keypair: IKeypair): Buffer {
     if (keypair.type !== this.type) {
       throw new Error(ERR_INVALID_KEYPAIR_TYPE);
     }
-    return secp256k1.derive(keypair.publicKey, this.privateKey);
+    const secret = Buffer.from(secp256k1.getSharedSecret(this.privateKey, keypair.publicKey, true).buffer);
+    return secret;
   }
 };

src/message/create.ts

@@ -1,4 +1,4 @@
-import { randomBytes } from "bcrypto/lib/random.js";
+import { randomBytes } from "@noble/hashes/utils";
 import { toBigIntBE } from "bigint-buffer";
 
 import {
@@ -14,7 +14,7 @@ import {
 import { SequenceNumber, ENR } from "../enr/index.js";
 
 export function createRequestId(): RequestId {
-  return toBigIntBE(randomBytes(8));
+  return toBigIntBE(Buffer.from(randomBytes(8).buffer));
 }
 
 export function createPingMessage(enrSeq: SequenceNumber): IPingMessage {

src/packet/create.ts

@@ -1,10 +1,14 @@
-import { randomBytes } from "bcrypto/lib/random.js";
+import { randomBytes } from "@noble/hashes/utils";
 import { NodeId, SequenceNumber } from "../enr/index.js";
 import { ID_NONCE_SIZE, MASKING_IV_SIZE, NONCE_SIZE } from "./constants.js";
 import { encodeMessageAuthdata, encodeWhoAreYouAuthdata } from "./encode.js";
 import { IHeader, IPacket, PacketType } from "./types.js";
 
-export function createHeader(flag: PacketType, authdata: Buffer, nonce = randomBytes(NONCE_SIZE)): IHeader {
+export function createHeader(
+  flag: PacketType,
+  authdata: Buffer,
+  nonce = Buffer.from(randomBytes(NONCE_SIZE))
+): IHeader {
   return {
     protocolId: "discv5",
     version: 1,
@@ -18,8 +22,8 @@ export function createHeader(flag: PacketType, authdata: Buffer, nonce = randomB
 export function createRandomPacket(srcId: NodeId): IPacket {
   const authdata = encodeMessageAuthdata({ srcId });
   const header = createHeader(PacketType.Message, authdata);
-  const maskingIv = randomBytes(MASKING_IV_SIZE);
-  const message = randomBytes(44);
+  const maskingIv = Buffer.from(randomBytes(MASKING_IV_SIZE).buffer);
+  const message = Buffer.from(randomBytes(44).buffer);
   return {
     maskingIv,
     header,
@@ -28,10 +32,10 @@ export function createRandomPacket(srcId: NodeId): IPacket {
 }
 
 export function createWhoAreYouPacket(nonce: Buffer, enrSeq: SequenceNumber): IPacket {
-  const idNonce = randomBytes(ID_NONCE_SIZE);
+  const idNonce = Buffer.from(randomBytes(ID_NONCE_SIZE).buffer);
   const authdata = encodeWhoAreYouAuthdata({ idNonce, enrSeq });
   const header = createHeader(PacketType.WhoAreYou, authdata, nonce);
-  const maskingIv = randomBytes(MASKING_IV_SIZE);
+  const maskingIv = Buffer.from(randomBytes(MASKING_IV_SIZE).buffer);
   const message = Buffer.alloc(0);
   return {
     maskingIv,

src/packet/encode.ts

@@ -1,4 +1,4 @@
-import cipher from "bcrypto/lib/cipher.js";
+import Crypto from "crypto";
 import { toBigIntBE, toBufferBE } from "bigint-buffer";
 import errcode from "err-code";
 
@@ -34,8 +34,7 @@ export function encodePacket(destId: string, packet: IPacket): Buffer {
 }
 
 export function encodeHeader(destId: string, maskingIv: Buffer, header: IHeader): Buffer {
-  const ctx = new cipher.Cipher("AES-128-CTR");
-  ctx.init(fromHex(destId).slice(0, MASKING_KEY_SIZE), maskingIv);
+  const ctx = Crypto.createCipheriv("aes-128-ctr", fromHex(destId).slice(0, MASKING_KEY_SIZE), maskingIv);
   return ctx.update(
     Buffer.concat([
       // static header
@@ -74,8 +73,8 @@ export function decodePacket(srcId: string, data: Buffer): IPacket {
  * Return the decoded header and the header as a buffer
  */
 export function decodeHeader(srcId: string, maskingIv: Buffer, data: Buffer): [IHeader, Buffer] {
-  const ctx = new cipher.Decipher("AES-128-CTR");
-  ctx.init(fromHex(srcId).slice(0, MASKING_KEY_SIZE), maskingIv);
+  const ctx = Crypto.createDecipheriv("aes-128-ctr", fromHex(srcId).slice(0, MASKING_KEY_SIZE), maskingIv);
+
   // unmask the static header
   const staticHeaderBuf = ctx.update(data.slice(0, STATIC_HEADER_SIZE));
 

src/session/crypto.ts

@@ -1,7 +1,6 @@
-import hkdf from "bcrypto/lib/hkdf.js";
-import sha256 from "bcrypto/lib/sha256.js";
-import cipher from "bcrypto/lib/cipher.js";
-
+import * as hkdf from "@noble/hashes/hkdf";
+import { sha256 } from "@noble/hashes/sha256";
+import Crypto from "crypto";
 import { NodeId } from "../enr/index.js";
 import { generateKeypair, IKeypair, createKeypair } from "../keypair/index.js";
 import { fromHex } from "../util/index.js";
@@ -46,7 +45,9 @@ export function generateSessionKeys(
 
 export function deriveKey(secret: Buffer, firstId: NodeId, secondId: NodeId, challengeData: Buffer): [Buffer, Buffer] {
   const info = Buffer.concat([Buffer.from(KEY_AGREEMENT_STRING), fromHex(firstId), fromHex(secondId)]);
-  const output = hkdf.expand(sha256, hkdf.extract(sha256, secret, challengeData), info, 2 * KEY_LENGTH);
+  const output = Buffer.from(
+    hkdf.expand(sha256, hkdf.extract(sha256, secret, challengeData), info, 2 * KEY_LENGTH).buffer
+  );
   return [output.slice(0, KEY_LENGTH), output.slice(KEY_LENGTH, 2 * KEY_LENGTH)];
 }
 
@@ -80,15 +81,16 @@ export function idVerify(
 }
 
 export function generateIdSignatureInput(challengeData: Buffer, ephemPK: Buffer, nodeId: NodeId): Buffer {
-  return sha256.digest(Buffer.concat([Buffer.from(ID_SIGNATURE_TEXT), challengeData, ephemPK, fromHex(nodeId)]));
+  const hash = sha256(Buffer.concat([Buffer.from(ID_SIGNATURE_TEXT), challengeData, ephemPK, fromHex(nodeId)]));
+  return Buffer.from(hash.buffer);
 }
 
 export function decryptMessage(key: Buffer, nonce: Buffer, data: Buffer, aad: Buffer): Buffer {
   if (data.length < MAC_LENGTH) {
     throw new Error("message data not long enough");
   }
-  const ctx = new cipher.Decipher("AES-128-GCM");
-  ctx.init(key, nonce);
+
+  const ctx = Crypto.createDecipheriv("aes-128-gcm", key, nonce);
   ctx.setAAD(aad);
   ctx.setAuthTag(data.slice(data.length - MAC_LENGTH));
   return Buffer.concat([
@@ -98,8 +100,7 @@ export function decryptMessage(key: Buffer, nonce: Buffer, data: Buffer, aad: Bu
 }
 
 export function encryptMessage(key: Buffer, nonce: Buffer, data: Buffer, aad: Buffer): Buffer {
-  const ctx = new cipher.Cipher("AES-128-GCM");
-  ctx.init(key, nonce);
+  const ctx = Crypto.createCipheriv("aes-128-gcm", key, nonce);
   ctx.setAAD(aad);
   return Buffer.concat([
     ctx.update(data),

src/session/service.ts

@@ -784,6 +784,7 @@ export class SessionService extends (EventEmitter as { new (): StrictEventEmitte
       const entry = this.pendingRequests.get(nodeAddrStr);
       if (entry) {
         // if it exists, there must be a request here
+        //eslint-disable-next-line @typescript-eslint/no-non-null-assertion
         const request = entry.shift()!;
         if (!entry.length) {
           this.pendingRequests.delete(nodeAddrStr);