deps(dev): upgrade aegir to 38.1.2

package.json

@@ -165,7 +165,7 @@
  "scripts": {
  "clean": "aegir clean",
  "lint": "aegir lint",
- "dep-check": "aegir dep-check",
+ "dep-check": "aegir dep-check -i protons",
  "build": "aegir build",
  "test": "aegir test",
  "test:chrome": "aegir test -t browser",
@@ -186,16 +186,14 @@
  "multiformats": "^11.0.0",
  "node-forge": "^1.1.0",
  "protons-runtime": "^4.0.1",
+ "uint8arraylist": "^2.4.3",
  "uint8arrays": "^4.0.2"
  },
  "devDependencies": {
  "@types/mocha": "^10.0.0",
- "aegir": "^37.0.12",
+ "aegir": "^38.1.2",
  "benchmark": "^2.1.4",
- "protons": "^6.0.0",
- "sinon": "^15.0.0",
- "util": "^0.12.3",
- "wherearewe": "^2.0.1"
+ "util": "^0.12.5"
  },
  "browser": {
  "./dist/src/aes/ciphers.js": "./dist/src/aes/ciphers-browser.js",

src/aes/cipher-mode.ts

@@ -5,7 +5,7 @@ const CIPHER_MODES = {
  32: 'aes-256-ctr'
 }
 
-export function cipherMode (key: Uint8Array) {
+export function cipherMode (key: Uint8Array): string {
  if (key.length === 16 || key.length === 32) {
  return CIPHER_MODES[key.length]
  }

src/aes/ciphers-browser.ts

@@ -5,7 +5,11 @@ import forge from 'node-forge/lib/forge.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 
-export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export interface Cipher {
+ update: (data: Uint8Array) => Uint8Array
+}
+
+export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
  const cipher2 = forge.cipher.createCipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
  cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
  return {
@@ -16,7 +20,7 @@ export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
  }
 }
 
-export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
  const cipher2 = forge.cipher.createDecipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
  cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
  return {

src/aes/index.ts

@@ -6,7 +6,7 @@ export interface AESCipher {
  decrypt: (data: Uint8Array) => Promise<Uint8Array>
 }
 
-export async function create (key: Uint8Array, iv: Uint8Array) { // eslint-disable-line require-await
+export async function create (key: Uint8Array, iv: Uint8Array): Promise<AESCipher> { // eslint-disable-line require-await
  const mode = cipherMode(key)
  const cipher = ciphers.createCipheriv(mode, key, iv)
  const decipher = ciphers.createDecipheriv(mode, key, iv)

src/ciphers/aes-gcm.browser.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
  const algorithm = opts?.algorithm ?? 'AES-GCM'
  let keyLength = opts?.keyLength ?? 16
  const nonceLength = opts?.nonceLength ?? 12
@@ -20,7 +20,7 @@ export function create (opts?: CreateOptions) {
  * Uses the provided password to derive a pbkdf2 key. The key
  * will then be used to encrypt the data.
  */
- async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+ async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
  const salt = crypto.getRandomValues(new Uint8Array(saltLength))
  const nonce = crypto.getRandomValues(new Uint8Array(nonceLength))
  const aesGcm = { name: algorithm, iv: nonce }
@@ -45,7 +45,7 @@ export function create (opts?: CreateOptions) {
  * this decryption cipher must be the same as those used to create
  * the encryption cipher.
  */
- async function decrypt (data: Uint8Array, password: string | Uint8Array) {
+ async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> {
  const salt = data.subarray(0, saltLength)
  const nonce = data.subarray(saltLength, saltLength + nonceLength)
  const ciphertext = data.subarray(saltLength + nonceLength)

src/ciphers/aes-gcm.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
  const algorithm = opts?.algorithm ?? 'aes-128-gcm'
  const keyLength = opts?.keyLength ?? 16
  const nonceLength = opts?.nonceLength ?? 12
@@ -14,7 +14,7 @@ export function create (opts?: CreateOptions) {
  const iterations = opts?.iterations ?? 32767
  const algorithmTagLength = opts?.algorithmTagLength ?? 16
 
- async function encryptWithKey (data: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+ async function encryptWithKey (data: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
  const nonce = crypto.randomBytes(nonceLength)
 
  // Create the cipher instance.
@@ -31,7 +31,7 @@ export function create (opts?: CreateOptions) {
  * Uses the provided password to derive a pbkdf2 key. The key
  * will then be used to encrypt the data.
  */
- async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+ async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
  // Generate a 128-bit salt using a CSPRNG.
  const salt = crypto.randomBytes(saltLength)
 
@@ -53,7 +53,7 @@ export function create (opts?: CreateOptions) {
  * this decryption cipher must be the same as those used to create
  * the encryption cipher.
  */
- async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+ async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
  // Create Uint8Arrays of nonce, ciphertext and tag.
  const nonce = ciphertextAndNonce.subarray(0, nonceLength)
  const ciphertext = ciphertextAndNonce.subarray(nonceLength, ciphertextAndNonce.length - algorithmTagLength)
@@ -77,7 +77,7 @@ export function create (opts?: CreateOptions) {
  * @param {Uint8Array} data - The data to decrypt
  * @param {string|Uint8Array} password - A plain password
  */
- async function decrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+ async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
  // Create Uint8Arrays of salt and ciphertextAndNonce.
  const salt = data.subarray(0, saltLength)
  const ciphertextAndNonce = data.subarray(saltLength)

src/hmac/index-browser.ts

@@ -7,12 +7,12 @@ const hashTypes = {
  SHA512: 'SHA-512'
 }
 
-const sign = async (key: CryptoKey, data: Uint8Array) => {
+const sign = async (key: CryptoKey, data: Uint8Array): Promise<Uint8Array> => {
  const buf = await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data)
  return new Uint8Array(buf, 0, buf.byteLength)
 }
 
-export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) {
+export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<{ digest: (data: Uint8Array) => Promise<Uint8Array>, length: number }> {
  const hash = hashTypes[hashType]
 
  const key = await webcrypto.get().subtle.importKey(

src/hmac/index.ts

@@ -1,7 +1,12 @@
 import crypto from 'crypto'
 import lengths from './lengths.js'
 
-export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) { // eslint-disable-line require-await
+export interface HMAC {
+ digest: (data: Uint8Array) => Promise<Uint8Array>
+ length: number
+}
+
+export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<HMAC> {
  const res = {
  async digest (data: Uint8Array) { // eslint-disable-line require-await
  const hmac = crypto.createHmac(hash.toLowerCase(), secret)

src/keys/ecdh-browser.ts

@@ -4,7 +4,7 @@ import { base64urlToBuffer } from '../util.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
-import type { ECDHKey, ECDHKeyPair } from './interface.js'
+import type { ECDHKey, ECDHKeyPair, JWKEncodedPrivateKey, JWKEncodedPublicKey } from './interface.js'
 
 const bits = {
  'P-256': 256,
@@ -15,7 +15,7 @@ const bits = {
 const curveTypes = Object.keys(bits)
 const names = curveTypes.join(' / ')
 
-export async function generateEphmeralKeyPair (curve: string) {
+export async function generateEphmeralKeyPair (curve: string): Promise<ECDHKey> {
  if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
  throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
  }
@@ -30,7 +30,7 @@ export async function generateEphmeralKeyPair (curve: string) {
  )
 
  // forcePrivate is used for testing only
- const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair) => {
+ const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair): Promise<Uint8Array> => {
  let privateKey
 
  if (forcePrivate != null) {
@@ -92,7 +92,7 @@ const curveLengths = {
 // Marshal converts a jwk encoded ECDH public key into the
 // form specified in section 4.3.6 of ANSI X9.62. (This is the format
 // go-ipfs uses)
-function marshalPublicKey (jwk: JsonWebKey) {
+function marshalPublicKey (jwk: JsonWebKey): Uint8Array {
  if (jwk.crv == null || jwk.x == null || jwk.y == null) {
  throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS')
  }
@@ -111,7 +111,7 @@ function marshalPublicKey (jwk: JsonWebKey) {
 }
 
 // Unmarshal converts a point, serialized by Marshal, into an jwk encoded key
-function unmarshalPublicKey (curve: string, key: Uint8Array) {
+function unmarshalPublicKey (curve: string, key: Uint8Array): JWKEncodedPublicKey {
  if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
  throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
  }
@@ -131,7 +131,7 @@ function unmarshalPublicKey (curve: string, key: Uint8Array) {
  }
 }
 
-const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair) => ({
+const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair): JWKEncodedPrivateKey => ({
  ...unmarshalPublicKey(curve, key.public),
  d: uint8ArrayToString(key.private, 'base64url')
 })

src/keys/ed25519-browser.ts

@@ -1,4 +1,5 @@
 import * as ed from '@noble/ed25519'
+import type { Uint8ArrayKeyPair } from './interface'
 
 const PUBLIC_KEY_BYTE_LENGTH = 32
 const PRIVATE_KEY_BYTE_LENGTH = 64 // private key is actually 32 bytes but for historical reasons we concat private and public keys
@@ -7,7 +8,7 @@ const KEYS_BYTE_LENGTH = 32
 export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
 export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 
-export async function generateKey () {
+export async function generateKey (): Promise<Uint8ArrayKeyPair> {
  // the actual private key (32 bytes)
  const privateKeyRaw = ed.utils.randomPrivateKey()
  const publicKey = await ed.getPublicKey(privateKeyRaw)
@@ -24,7 +25,7 @@ export async function generateKey () {
 /**
  * Generate keypair from a 32 byte uint8array
  */
-export async function generateKeyFromSeed (seed: Uint8Array) {
+export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8ArrayKeyPair> {
  if (seed.length !== KEYS_BYTE_LENGTH) {
  throw new TypeError('"seed" must be 32 bytes in length.')
  } else if (!(seed instanceof Uint8Array)) {
@@ -43,17 +44,17 @@ export async function generateKeyFromSeed (seed: Uint8Array) {
  }
 }
 
-export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array) {
+export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array): Promise<Uint8Array> {
  const privateKeyRaw = privateKey.subarray(0, KEYS_BYTE_LENGTH)
 
  return await ed.sign(msg, privateKeyRaw)
 }
 
-export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array) {
+export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
  return await ed.verify(sig, msg, publicKey)
 }
 
-function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array) {
+function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {
  const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH)
  for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
  privateKey[i] = privateKeyRaw[i]