fix!: remove node-forge dependency from @libp2p/crypto

TLDR: the bundle size has been reduced by ~50KB

- parsing/creating PEM/pkix/pkcs1 files is now done by asn1.js
- Streaming AES-CTR ciphers are now in @libp2p/crypto-aes-ctr
- RSA encryption/decryption and PEM import/export are now in @libp2p/crypto-rsa

WebCrypto [doesn't support streaming ciphers](w3c/webcrypto#73).

We have a node-forge-backed shim that allows using streaming AES-CTR in browsers but we don't use it anywhere, so this has been split out into it's own module as `@libp2p/aes-ctr`.

This was added to `@libp2p/crypto` to [support webrtc-stardust](libp2p/js-libp2p-crypto#125 (comment)) but that effort didn't go anywhere and we don't use these methods anywhere else in the stack.

For reasons lost to the mists of time, we chose to require a padding algorithm that WebCrypto doesn't support so node-forge (or some other userland implemenation) will always be necessary in browsers, so these ops have been pull out into @libp2p/crypto-rsa which people can use if they need it.

This is now done by manipulating the asn1 structures directly.

The previous PEM import/export is also ported to `@libp2p/crypto-rsa` because it seems to handle more weird edge cases introduced by OpenSSL.

These could be handled in `@libp2p/crypto` eventually but for now it at least supports round-tripping it's own PEM files.

BREAKING CHANGE: Legacy RSA operations are now in @libp2p/crypto-rsa, streaming AES-CTR ciphers are in @libp2p/crypto-aes-ctr

Author: achingbrain

packages/crypto-aes-ctr/LICENSE

@@ -0,0 +1,4 @@
+This project is dual licensed under MIT and Apache-2.0.
+
+MIT: https://www.opensource.org/licenses/mit
+Apache-2.0: https://www.apache.org/licenses/license-2.0

packages/crypto-aes-ctr/LICENSE-APACHE

@@ -0,0 +1,5 @@
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

packages/crypto-aes-ctr/LICENSE-MIT

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/crypto-aes-ctr/README.md

@@ -0,0 +1,77 @@
+[![libp2p.io](https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square)](http://libp2p.io/)
+[![Discuss](https://img.shields.io/discourse/https/discuss.libp2p.io/posts.svg?style=flat-square)](https://discuss.libp2p.io)
+[![codecov](https://img.shields.io/codecov/c/github/libp2p/js-libp2p.svg?style=flat-square)](https://codecov.io/gh/libp2p/js-libp2p)
+[![CI](https://img.shields.io/github/actions/workflow/status/libp2p/js-libp2p/main.yml?branch=main\&style=flat-square)](https://github.com/libp2p/js-libp2p/actions/workflows/main.yml?query=branch%3Amain)
+
+> Streaming AES-CTR for node and browsers
+
+# About
+
+WebCrypto does not support streaming encryption - <https://github.com/w3c/webcrypto/issues/73>
+
+In browsers this module uses `node-forge` to expose a streaming interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
+
+In node.js it uses the regular streaming API exported by the `crypto` module.
+
+This uses `CTR` mode.
+
+## Example
+
+```js
+import { create } from '@libp2p/crypto-aes-ctr'
+
+// Setting up Key and IV
+
+// A 16 bytes array, 128 Bits, AES-128 is chosen
+const key128 = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
+
+// A 16 bytes array, 128 Bits,
+const IV = Uint8Array.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15])
+
+const decryptedMessage = 'Hello, world!'
+
+// Encrypting
+const cipher = await crypto.aes.create(key128, IV)
+const encryptedBuffer = await encrypt(Uint8Array.from(decryptedMessage))
+console.log(encryptedBuffer)
+// prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
+
+// Decrypting
+const decipher = await crypto.aes.create(key128, IV)
+const decryptedBuffer = await decrypt(encryptedBuffer)
+
+console.log(decryptedBuffer)
+// prints: <Uint8Array 42 f1 67 d9 2e 42 d0 32 9e b1 f8 3c>
+
+console.log(decryptedBuffer.toString('utf-8'))
+// prints: Hello, world!
+```
+
+# Install
+
+```console
+$ npm i @libp2p/crypto-aes-ctr
+```
+
+## Browser `<script>` tag
+
+Loading this module through a script tag will make it's exports available as `Libp2pCryptoAesCtr` in the global namespace.
+
+```html
+<script src="https://unpkg.com/@libp2p/crypto-aes-ctr/dist/index.min.js"></script>
+```
+
+# API Docs
+
+- <https://libp2p.github.io/js-libp2p/modules/_libp2p_crypto_aes_ctr.html>
+
+# License
+
+Licensed under either of
+
+- Apache 2.0, ([LICENSE-APACHE](LICENSE-APACHE) / <http://www.apache.org/licenses/LICENSE-2.0>)
+- MIT ([LICENSE-MIT](LICENSE-MIT) / <http://opensource.org/licenses/MIT>)
+
+# Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

packages/crypto-aes-ctr/package.json

@@ -0,0 +1,75 @@
+{
+  "name": "@libp2p/crypto-aes-ctr",
+  "version": "3.0.4",
+  "description": "Streaming AES-CTR for node and browsers",
+  "license": "Apache-2.0 OR MIT",
+  "homepage": "https://github.com/libp2p/js-libp2p/tree/main/packages/crypto-aes-ctr#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/libp2p/js-libp2p.git"
+  },
+  "bugs": {
+    "url": "https://github.com/libp2p/js-libp2p/issues"
+  },
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "keywords": [
+    "IPFS",
+    "aes",
+    "aes-ctr",
+    "crypto",
+    "libp2p"
+  ],
+  "type": "module",
+  "types": "./dist/src/index.d.ts",
+  "files": [
+    "src",
+    "dist",
+    "!dist/test",
+    "!**/*.tsbuildinfo"
+  ],
+  "exports": {
+    ".": {
+      "types": "./src/index.d.ts",
+      "import": "./dist/src/index.js"
+    }
+  },
+  "eslintConfig": {
+    "extends": "ipfs",
+    "parserOptions": {
+      "project": true,
+      "sourceType": "module"
+    },
+    "ignorePatterns": [
+      "src/*.d.ts"
+    ]
+  },
+  "scripts": {
+    "clean": "aegir clean",
+    "lint": "aegir lint",
+    "dep-check": "aegir dep-check",
+    "build": "aegir build",
+    "test": "aegir test",
+    "test:chrome": "aegir test -t browser",
+    "test:chrome-webworker": "aegir test -t webworker",
+    "test:firefox": "aegir test -t browser -- --browser firefox",
+    "test:firefox-webworker": "aegir test -t webworker -- --browser firefox",
+    "test:webkit": "aegir test -t browser -- --browser webkit",
+    "test:node": "aegir test -t node --cov",
+    "test:electron-main": "aegir test -t electron-main"
+  },
+  "dependencies": {
+    "@libp2p/interface": "^1.1.1",
+    "node-forge": "^1.3.1",
+    "uint8arrays": "^5.0.0"
+  },
+  "devDependencies": {
+    "@types/mocha": "^10.0.0",
+    "aegir": "^42.0.0"
+  },
+  "browser": {
+    "./dist/src/ciphers.js": "./dist/src/ciphers-browser.js"
+  }
+}

packages/crypto/src/aes/cipher-mode.ts packages/crypto-aes-ctr/src/cipher-mode.ts

@@ -1,15 +1,18 @@
 /**
  * @packageDocumentation
  *
- * Exposes an interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
+ * WebCrypto does not support streaming encryption - https://github.com/w3c/webcrypto/issues/73
+ *
+ * In browsers this module uses `node-forge` to expose a streaming interface to AES encryption (formerly Rijndael), as defined in U.S. Federal Information Processing Standards Publication 197.
+ *
+ * In node.js it uses the regular streaming API exported by the `crypto` module.
  *
  * This uses `CTR` mode.
  *
- * /**
  * @example
  *
  * ```js
- * import { create } from '@libp2p/crypto/aes'
+ * import { create } from '@libp2p/crypto-aes-ctr'
  *
  * // Setting up Key and IV
  *

packages/crypto/src/aes/ciphers-browser.ts packages/crypto-aes-ctr/src/ciphers-browser.ts

@@ -2,10 +2,10 @@
 /* eslint-disable valid-jsdoc */
 /* eslint-env mocha */
 import { expect } from 'aegir/chai'
-import * as crypto from '../../src/index.js'
-import fixtures from './../fixtures/aes.js'
-import goFixtures from './../fixtures/go-aes.js'
-import type { AESCipher } from '../../src/aes/index.js'
+import * as aes from '../src/index.js'
+import fixtures from './fixtures/aes.js'
+import goFixtures from './fixtures/go-aes.js'
+import type { AESCipher } from '../src/index.js'
 
 const bytes = [{
   length: 16,
@@ -24,7 +24,7 @@ describe('AES-CTR', () => {
       const iv = new Uint8Array(16)
       iv.fill(1)
 
-      const cipher = crypto.aes.create(key, iv)
+      const cipher = aes.create(key, iv)
 
       await encryptAndDecrypt(cipher)
       await encryptAndDecrypt(cipher)
@@ -42,7 +42,7 @@ describe('AES-CTR', () => {
       const iv = new Uint8Array(16)
       iv.fill(1)
 
-      const cipher = crypto.aes.create(key, iv)
+      const cipher = aes.create(key, iv)
       // @ts-expect-error cannot index fixtures like this
       const fixture = fixtures[length]
 
@@ -71,7 +71,7 @@ describe('AES-CTR', () => {
       const iv = new Uint8Array(16)
       iv.fill(1)
 
-      const cipher = crypto.aes.create(key, iv)
+      const cipher = aes.create(key, iv)
       // @ts-expect-error cannot index fixtures like this
       const fixture = goFixtures[length]
 
@@ -90,7 +90,7 @@ describe('AES-CTR', () => {
   it('checks key length', () => {
     const key = new Uint8Array(5)
     const iv = new Uint8Array(16)
-    return expect(() => crypto.aes.create(key, iv)).to.throw().with.property('code', 'ERR_INVALID_KEY_LENGTH')
+    return expect(() => aes.create(key, iv)).to.throw().with.property('code', 'ERR_INVALID_KEY_LENGTH')
   })
 })
 

packages/crypto/src/aes/ciphers.ts packages/crypto-aes-ctr/src/ciphers.ts

@@ -0,0 +1,15 @@
+{
+  "extends": "aegir/src/config/tsconfig.aegir.json",
+  "compilerOptions": {
+    "outDir": "dist"
+  },
+  "include": [
+    "src",
+    "test"
+  ],
+  "references": [
+    {
+      "path": "../interface"
+    }
+  ]
+}

packages/crypto/src/aes/index.ts packages/crypto-aes-ctr/src/index.ts

@@ -0,0 +1,5 @@
+{
+  "entryPoints": [
+    "./src/index.ts"
+  ]
+}

packages/crypto/test/fixtures/aes.ts packages/crypto-aes-ctr/test/fixtures/aes.ts

@@ -0,0 +1,4 @@
+This project is dual licensed under MIT and Apache-2.0.
+
+MIT: https://www.opensource.org/licenses/mit
+Apache-2.0: https://www.apache.org/licenses/license-2.0

packages/crypto/test/fixtures/go-aes.ts packages/crypto-aes-ctr/test/fixtures/go-aes.ts

@@ -0,0 +1,5 @@
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

packages/crypto/test/aes/aes.spec.ts packages/crypto-aes-ctr/test/index.spec.ts

@@ -0,0 +1,19 @@
+The MIT License (MIT)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/crypto-aes-ctr/tsconfig.json

@@ -0,0 +1,39 @@
+[![libp2p.io](https://img.shields.io/badge/project-libp2p-yellow.svg?style=flat-square)](http://libp2p.io/)
+[![Discuss](https://img.shields.io/discourse/https/discuss.libp2p.io/posts.svg?style=flat-square)](https://discuss.libp2p.io)
+[![codecov](https://img.shields.io/codecov/c/github/libp2p/js-libp2p.svg?style=flat-square)](https://codecov.io/gh/libp2p/js-libp2p)
+[![CI](https://img.shields.io/github/actions/workflow/status/libp2p/js-libp2p/main.yml?branch=main\&style=flat-square)](https://github.com/libp2p/js-libp2p/actions/workflows/main.yml?query=branch%3Amain)
+
+> Utility functions for dealing with legacy RSA keys
+
+# About
+
+Provides utility functions for dealing with legacy RSA keys.
+
+# Install
+
+```console
+$ npm i @libp2p/crypto-rsa
+```
+
+## Browser `<script>` tag
+
+Loading this module through a script tag will make it's exports available as `Libp2pCryptoRsa` in the global namespace.
+
+```html
+<script src="https://unpkg.com/@libp2p/crypto-rsa/dist/index.min.js"></script>
+```
+
+# API Docs
+
+- <https://libp2p.github.io/js-libp2p/modules/_libp2p_crypto_rsa.html>
+
+# License
+
+Licensed under either of
+
+- Apache 2.0, ([LICENSE-APACHE](LICENSE-APACHE) / <http://www.apache.org/licenses/LICENSE-2.0>)
+- MIT ([LICENSE-MIT](LICENSE-MIT) / <http://opensource.org/licenses/MIT>)
+
+# Contribution
+
+Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.