fix: add DER decoder and allow passing protobuf digest (#3013)

Adds enough of a DER decoder/encoder to parse/store public keys from PKIX bytes and private keys in PKCS#1 bytes.

Also allows passing the digest of a public key in to `publicKeyFromProtobuf` so we can avoid having to recalculate it.

This becomes a big bottleneck when loading a routing table's worth of peers from the peer store where many of them are RSA peers.

Author: achingbrain

packages/crypto/benchmark/der/decode-pkcs1-to-jwk.js

@@ -0,0 +1,66 @@
+/* eslint-disable no-console */
+import * as asn1js from 'asn1js'
+import Benchmark from 'benchmark'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { decodeDer } from '../../dist/src/keys/rsa/der.js'
+
+// results
+// % node ./benchmark/der/decode-pkcs1-to-jwk.js
+// asn1js x 74,179 ops/sec ±0.57% (94 runs sampled)
+// decodeDer x 272,341 ops/sec ±0.67% (96 runs sampled)
+
+const suite = new Benchmark.Suite('decode PKCS#1 to JWK public key')
+
+const encoded = 'MIIBOgIBAAJBAL2ujQhqyQTxxktr+/9R4gs0SeXc3jldrKYBIUfEjo6L+q5isoFkzUV5Tc8eV19wHSN8shr8QJ67MMzMG6lYIYUCAwEAAQJAWlDTfE+EOaN5XI4lJfPyIo2aJiXddgkhXMWq+AYiLsKqquDCMPExj4S+k6tjdwzFVvEKoaSXTgTAqgPyyd1aAQIhAPeUGH5izGi3BDyXao+fONvHCQHtyxtUKllFoT8bJVsFAiEAxCJLFLFy1v5rodCKIvlBSQ8FbJqz7mk04Tf2eT3bdIECIFxDNWmMGg7//TUzXEPPm1nT75hnbKRvliSUnUWuMRqdAiBP5MhAvafR/AFMAO7EIFR/tia3fq0cyK5Jr8ouyQvEAQIhAJyqAHjILO1S+hqtsZidzIxi9qlIc2cEqOlzLH9RlPxy'
+const der = uint8ArrayFromString(encoded, 'base64')
+
+suite.add('asn1js', async () => {
+  const { result } = asn1js.fromBER(der)
+  const values = result.valueBlock.value
+
+  return {
+    n: asn1jsIntegerToBase64(values[1]),
+    e: asn1jsIntegerToBase64(values[2]),
+    d: asn1jsIntegerToBase64(values[3]),
+    p: asn1jsIntegerToBase64(values[4]),
+    q: asn1jsIntegerToBase64(values[5]),
+    dp: asn1jsIntegerToBase64(values[6]),
+    dq: asn1jsIntegerToBase64(values[7]),
+    qi: asn1jsIntegerToBase64(values[8]),
+    kty: 'RSA',
+    alg: 'RS256'
+  }
+})
+
+suite.add('decodeDer', async () => {
+  const values = decodeDer(der)
+
+  return {
+    n: uint8ArrayToString(values[1], 'base64url'),
+    e: uint8ArrayToString(values[2], 'base64url'),
+    d: uint8ArrayToString(values[3], 'base64url'),
+    p: uint8ArrayToString(values[4], 'base64url'),
+    q: uint8ArrayToString(values[5], 'base64url'),
+    dp: uint8ArrayToString(values[6], 'base64url'),
+    dq: uint8ArrayToString(values[7], 'base64url'),
+    qi: uint8ArrayToString(values[8], 'base64url'),
+    kty: 'RSA',
+    alg: 'RS256'
+  }
+})
+
+suite
+  .on('cycle', (event) => console.log(String(event.target)))
+  .run({ async: true })
+
+function asn1jsIntegerToBase64 (int) {
+  let buf = int.valueBlock.valueHexView
+
+  // chrome rejects values with leading 0s
+  while (buf[0] === 0) {
+    buf = buf.subarray(1)
+  }
+
+  return uint8ArrayToString(buf, 'base64url')
+}

packages/crypto/benchmark/der/decode-pkix-to-jwk.js

@@ -0,0 +1,63 @@
+/* eslint-disable no-console */
+import * as asn1js from 'asn1js'
+import Benchmark from 'benchmark'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
+import { decodeDer } from '../../dist/src/keys/rsa/der.js'
+
+// results
+// % % node ./benchmark/der/decode-pkix-to-jwk.js
+// asn1js x 99,871 ops/sec ±0.47% (95 runs sampled)
+// decodeDer x 1,052,352 ops/sec ±0.33% (98 runs sampled)
+
+const suite = new Benchmark.Suite('decode PKIX to JWK public key')
+
+const encoded = 'MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAM8jzWa2jaL3NENRi8tI2P5jjbF1biAz4004xVLD9pG/G+HERbN9v7fvXwsB0kCu8VSfAD2JVS62C5oQ1mDQFEMCAwEAAQ'
+const der = uint8ArrayFromString(encoded, 'base64')
+
+suite.add('asn1js', async () => {
+  const { result } = asn1js.fromBER(der)
+
+  // @ts-expect-error this looks fragile but DER is a canonical format so we are
+  // safe to have deeply property chains like this
+  const values = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value
+
+  return {
+    kty: 'RSA',
+    n: asn1jsIntegerToBase64(values[0]),
+    e: asn1jsIntegerToBase64(values[1])
+  }
+})
+
+suite.add('decodeDer', async () => {
+  const decoded = decodeDer(der, {
+    offset: 0
+  })
+
+  return {
+    kty: 'RSA',
+    n: uint8ArrayToString(
+      decoded[1][0],
+      'base64url'
+    ),
+    e: uint8ArrayToString(
+      decoded[1][1],
+      'base64url'
+    )
+  }
+})
+
+suite
+  .on('cycle', (event) => console.log(String(event.target)))
+  .run({ async: true })
+
+function asn1jsIntegerToBase64 (int) {
+  let buf = int.valueBlock.valueHexView
+
+  // chrome rejects values with leading 0s
+  while (buf[0] === 0) {
+    buf = buf.subarray(1)
+  }
+
+  return uint8ArrayToString(buf, 'base64url')
+}

packages/crypto/benchmark/der/encode-jwk-to-pkcs1.js

@@ -0,0 +1,69 @@
+/* eslint-disable no-console */
+import * as asn1js from 'asn1js'
+import Benchmark from 'benchmark'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { encodeSequence, encodeInteger } from '../../dist/src/keys/rsa/der.js'
+import { RSA_KEY_512_BITS } from '../../dist/test/fixtures/rsa.js'
+
+// results
+// % node ./benchmark/der/encode-jwk-to-pkcs1.js
+// asn1js x 21,453 ops/sec ±0.54% (92 runs sampled)
+// encodeSequence x 65,991 ops/sec ±0.36% (98 runs sampled)
+
+const jwk = RSA_KEY_512_BITS.privateKey
+
+const suite = new Benchmark.Suite('encode JWK private key to PKCS#1')
+
+suite.add('asn1js', async () => {
+  const root = new asn1js.Sequence({
+    value: [
+      new asn1js.Integer({ value: 0 }),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.d, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.p, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.q, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dp, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.dq, 'base64url'))),
+      asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.qi, 'base64url')))
+    ]
+  })
+
+  const der = root.toBER()
+
+  return new Uint8Array(der, 0, der.byteLength)
+})
+
+suite.add('encodeSequence', async () => {
+  return encodeSequence([
+    encodeInteger(Uint8Array.from([0])),
+    encodeInteger(uint8ArrayFromString(jwk.n, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.e, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.d, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.p, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.q, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.dp, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.dq, 'base64url')),
+    encodeInteger(uint8ArrayFromString(jwk.qi, 'base64url'))
+  ]).subarray()
+})
+
+suite
+  .on('cycle', (event) => console.log(String(event.target)))
+  .run({ async: true })
+
+function bufToBn (u8) {
+  const hex = []
+
+  u8.forEach(function (i) {
+    let h = i.toString(16)
+
+    if (h.length % 2 > 0) {
+      h = `0${h}`
+    }
+
+    hex.push(h)
+  })
+
+  return BigInt('0x' + hex.join(''))
+}

packages/crypto/benchmark/der/encode-jwk-to-pkix.js

@@ -0,0 +1,77 @@
+/* eslint-disable no-console */
+import * as asn1js from 'asn1js'
+import Benchmark from 'benchmark'
+import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
+import { encodeBitString, encodeSequence, encodeInteger } from '../../dist/src/keys/rsa/der.js'
+import { RSA_KEY_512_BITS } from '../../dist/test/fixtures/rsa.js'
+
+// results
+// % node ./benchmark/der/encode-jwk-to-pkix.js
+// asn1js x 41,774 ops/sec ±0.67% (91 runs sampled)
+// encodeDer x 244,387 ops/sec ±0.36% (95 runs sampled)
+
+const jwk = RSA_KEY_512_BITS.publicKey
+
+const suite = new Benchmark.Suite('encode JWK public key to PKIX')
+
+const algorithmIdentifierSequence = Uint8Array.from([
+  0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00
+])
+
+suite.add('asn1js', async () => {
+  const root = new asn1js.Sequence({
+    value: [
+      new asn1js.Sequence({
+        value: [
+          // rsaEncryption
+          new asn1js.ObjectIdentifier({
+            value: '1.2.840.113549.1.1.1'
+          }),
+          new asn1js.Null()
+        ]
+      }),
+      new asn1js.BitString({
+        valueHex: new asn1js.Sequence({
+          value: [
+            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.n, 'base64url'))),
+            asn1js.Integer.fromBigInt(bufToBn(uint8ArrayFromString(jwk.e, 'base64url')))
+          ]
+        }).toBER()
+      })
+    ]
+  })
+
+  return root.toBER()
+})
+
+suite.add('encodeDer', async () => {
+  return encodeSequence([
+    algorithmIdentifierSequence,
+    encodeBitString(
+      encodeSequence([
+        encodeInteger(uint8ArrayFromString(jwk.n, 'base64url')),
+        encodeInteger(uint8ArrayFromString(jwk.e, 'base64url'))
+      ])
+    )
+  ]).subarray()
+})
+
+suite
+  .on('cycle', (event) => console.log(String(event.target)))
+  .run({ async: true })
+
+function bufToBn (u8) {
+  const hex = []
+
+  u8.forEach(function (i) {
+    let h = i.toString(16)
+
+    if (h.length % 2 > 0) {
+      h = `0${h}`
+    }
+
+    hex.push(h)
+  })
+
+  return BigInt('0x' + hex.join(''))
+}

packages/crypto/package.json

@@ -95,7 +95,6 @@
     "@libp2p/interface": "^2.6.1",
     "@noble/curves": "^1.7.0",
     "@noble/hashes": "^1.6.1",
-    "asn1js": "^3.0.5",
     "multiformats": "^13.3.1",
     "protons-runtime": "^5.5.0",
     "uint8arraylist": "^2.4.8",
@@ -104,6 +103,7 @@
   "devDependencies": {
     "@types/mocha": "^10.0.10",
     "aegir": "^45.1.1",
+    "asn1js": "^3.0.5",
     "benchmark": "^2.1.4",
     "protons": "^7.6.0"
   },

packages/crypto/src/keys/index.ts

@@ -15,6 +15,7 @@ import { pkcs1ToRSAPrivateKey, pkixToRSAPublicKey, generateRSAKeyPair } from './
 import { generateSecp256k1KeyPair, unmarshalSecp256k1PrivateKey, unmarshalSecp256k1PublicKey } from './secp256k1/utils.js'
 import type { PrivateKey, PublicKey, KeyType, RSAPrivateKey, Secp256k1PrivateKey, Ed25519PrivateKey, Secp256k1PublicKey, Ed25519PublicKey } from '@libp2p/interface'
 import type { MultihashDigest } from 'multiformats'
+import type { Digest } from 'multiformats/hashes/digest'
 
 export { generateEphemeralKeyPair } from './ecdh/index.js'
 export type { Curve } from './ecdh/index.js'
@@ -61,15 +62,21 @@ export async function generateKeyPairFromSeed (type: string, seed: Uint8Array):
 }
 
 /**
- * Converts a protobuf serialized public key into its representative object
+ * Converts a protobuf serialized public key into its representative object.
+ *
+ * For RSA public keys optionally pass the multihash digest of the public key if
+ * it is known. If the digest is omitted it will be calculated which can be
+ * expensive.
+ *
+ * For other key types the digest option is ignored.
  */
-export function publicKeyFromProtobuf (buf: Uint8Array): PublicKey {
+export function publicKeyFromProtobuf (buf: Uint8Array, digest?: Digest<18, number>): PublicKey {
   const { Type, Data } = pb.PublicKey.decode(buf)
   const data = Data ?? new Uint8Array()
 
   switch (Type) {
     case pb.KeyType.RSA:
-      return pkixToRSAPublicKey(data)
+      return pkixToRSAPublicKey(data, digest)
     case pb.KeyType.Ed25519:
       return unmarshalEd25519PublicKey(data)
     case pb.KeyType.secp256k1: