fix: abort async operations (#3152)

Some async operations do not accept an abort signal. This means calling code can fail to abort a long-running operation if the abort signal fires it's "abort" event while execution is suspended.

For example in the following code the signal can fire while the directory is being created and this code would be none the wiser:

```js
import fs from 'node:fs/promises'

async function doSomthing (signal) {
  await fs.mkdir()
}
```

Instead we need to check if the signal is aborted before starting the async operation (to prevent doing needless work), and after, in case it aborted while the onward call was happening.

```js
import fs from 'node:fs/promises'

async function doSomthing (signal) {
  signal.throwIfAborted()
  await fs.mkdir()
  signal.throwIfAborted()
}
```

This still waits for the operation to complete before checking the signal to see if it has been aborted.  Instead we can use `raceSignal` to throw immediately, though the operation will continue in the background.

```js
import fs from 'node:fs/promises'
import { raceSignal } from 'race-signal'

async function doSomthing (signal) {
  signal.throwIfAborted()
  await raceSignal(fs.mkdir(), signal)
}
```

Synchronous operations have a similar problem when they are able to return optional promises, since the result may be awaited on.  In this case we still need to check if the signal was aborted, though we only need to do it once.

```ts
interface MyOp<T> {
  (signal: AbortSignal): Promise<T> | T
}

const fn: MyOp = (signal) => {
  signal.throwIfAborted()
  return 'hello'
}

// awaiting this shifts the continuation into the microtask queue
await fn(AbortSignal.timeout(1_000))

// could use optional await but `fn` cannot tell if it's being awaited on or not
// so it always has to check the signal
const p = fn(AbortSignal.timeout(1_000))

if (p.then) {
  await p
}
```

This PR applies the above patterns to `@libp2p/crypto` keys, `@libp2p/peer-store` operations and `@libp2p/kad-dht` to ensure the `.provide` and `.findProviders` operations can be successfully aborted.

Author: achingbrain

.github/dependabot.yml

@@ -1,8 +1,7 @@
 version: 2
 updates:
 - package-ecosystem: npm
-  directories:
-    - "/"
+  directory: "/"
   schedule:
     interval: daily
     time: "10:00"
@@ -11,7 +10,7 @@ updates:
     prefix: "deps"
     prefix-development: "chore"
   groups:
-    libp2p-deps: # group all deps that should be updated when Helia deps need updated
+    libp2p-deps:
       patterns:
         - "*libp2p*"
         - "*multiformats*"

packages/crypto/src/keys/ecdsa/ecdsa.ts

@@ -5,7 +5,7 @@ import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { publicKeyToProtobuf } from '../index.js'
 import { privateKeyToPKIMessage, publicKeyToPKIMessage } from './utils.js'
 import { hashAndVerify, hashAndSign } from './index.js'
-import type { ECDSAPublicKey as ECDSAPublicKeyInterface, ECDSAPrivateKey as ECDSAPrivateKeyInterface } from '@libp2p/interface'
+import type { ECDSAPublicKey as ECDSAPublicKeyInterface, ECDSAPrivateKey as ECDSAPrivateKeyInterface, AbortOptions } from '@libp2p/interface'
 import type { Digest } from 'multiformats/hashes/digest'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
@@ -46,8 +46,8 @@ export class ECDSAPublicKey implements ECDSAPublicKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): Promise<boolean> {
-    return hashAndVerify(this.jwk, sig, data)
+  async verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array, options?: AbortOptions): Promise<boolean> {
+    return hashAndVerify(this.jwk, sig, data, options)
   }
 }
 
@@ -85,7 +85,7 @@ export class ECDSAPrivateKey implements ECDSAPrivateKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  async sign (message: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
-    return hashAndSign(this.jwk, message)
+  async sign (message: Uint8Array | Uint8ArrayList, options?: AbortOptions): Promise<Uint8Array> {
+    return hashAndSign(this.jwk, message, options)
   }
 }

packages/crypto/src/keys/ecdsa/index.ts

@@ -1,4 +1,5 @@
 import type { JWKKeyPair } from '../interface.js'
+import type { AbortOptions } from '@libp2p/interface'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 export type Curve = 'P-256' | 'P-384' | 'P-521'
@@ -19,32 +20,38 @@ export async function generateECDSAKey (curve: Curve = 'P-256'): Promise<JWKKeyP
   }
 }
 
-export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Promise<Uint8Array> {
   const privateKey = await crypto.subtle.importKey('jwk', key, {
     name: 'ECDSA',
     namedCurve: key.crv ?? 'P-256'
   }, false, ['sign'])
+  options?.signal?.throwIfAborted()
 
   const signature = await crypto.subtle.sign({
     name: 'ECDSA',
     hash: {
       name: 'SHA-256'
     }
   }, privateKey, msg.subarray())
+  options?.signal?.throwIfAborted()
 
   return new Uint8Array(signature, 0, signature.byteLength)
 }
 
-export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Promise<boolean> {
   const publicKey = await crypto.subtle.importKey('jwk', key, {
     name: 'ECDSA',
     namedCurve: key.crv ?? 'P-256'
   }, false, ['verify'])
+  options?.signal?.throwIfAborted()
 
-  return crypto.subtle.verify({
+  const result = await crypto.subtle.verify({
     name: 'ECDSA',
     hash: {
       name: 'SHA-256'
     }
   }, publicKey, sig, msg.subarray())
+  options?.signal?.throwIfAborted()
+
+  return result
 }

packages/crypto/src/keys/ed25519/ed25519.ts

@@ -5,7 +5,7 @@ import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { publicKeyToProtobuf } from '../index.js'
 import { ensureEd25519Key } from './utils.js'
 import * as crypto from './index.js'
-import type { Ed25519PublicKey as Ed25519PublicKeyInterface, Ed25519PrivateKey as Ed25519PrivateKeyInterface } from '@libp2p/interface'
+import type { Ed25519PublicKey as Ed25519PublicKeyInterface, Ed25519PrivateKey as Ed25519PrivateKeyInterface, AbortOptions } from '@libp2p/interface'
 import type { Digest } from 'multiformats/hashes/digest'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
@@ -37,7 +37,8 @@ export class Ed25519PublicKey implements Ed25519PublicKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean {
+  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array, options?: AbortOptions): boolean {
+    options?.signal?.throwIfAborted()
     return crypto.hashAndVerify(this.raw, sig, data)
   }
 }
@@ -62,7 +63,8 @@ export class Ed25519PrivateKey implements Ed25519PrivateKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  sign (message: Uint8Array | Uint8ArrayList): Uint8Array {
+  sign (message: Uint8Array | Uint8ArrayList, options?: AbortOptions): Uint8Array {
+    options?.signal?.throwIfAborted()
     return crypto.hashAndSign(this.raw, message)
   }
 }

packages/crypto/src/keys/ed25519/index.ts

@@ -72,7 +72,7 @@ export function generateKeyFromSeed (seed: Uint8Array): Uint8ArrayKeyPair {
   }
 }
 
-export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Buffer {
+export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Uint8Array {
   if (!(key instanceof Uint8Array)) {
     throw new TypeError('"key" must be a node.js Buffer, or Uint8Array.')
   }

packages/crypto/src/keys/rsa/index.browser.ts

@@ -4,12 +4,13 @@ import randomBytes from '../../random-bytes.js'
 import webcrypto from '../../webcrypto/index.js'
 import * as utils from './utils.js'
 import type { JWKKeyPair } from '../interface.js'
+import type { AbortOptions } from '@libp2p/interface'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 export const RSAES_PKCS1_V1_5_OID = '1.2.840.113549.1.1.1'
 export { utils }
 
-export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {
+export async function generateRSAKey (bits: number, options?: AbortOptions): Promise<JWKKeyPair> {
   const pair = await webcrypto.get().subtle.generateKey(
     {
       name: 'RSASSA-PKCS1-v1_5',
@@ -20,8 +21,9 @@ export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {
     true,
     ['sign', 'verify']
   )
+  options?.signal?.throwIfAborted()
 
-  const keys = await exportKey(pair)
+  const keys = await exportKey(pair, options)
 
   return {
     privateKey: keys[0],
@@ -31,7 +33,7 @@ export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {
 
 export { randomBytes as getRandomValues }
 
-export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Promise<Uint8Array> {
   const privateKey = await webcrypto.get().subtle.importKey(
     'jwk',
     key,
@@ -42,17 +44,19 @@ export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8Array
     false,
     ['sign']
   )
+  options?.signal?.throwIfAborted()
 
   const sig = await webcrypto.get().subtle.sign(
     { name: 'RSASSA-PKCS1-v1_5' },
     privateKey,
     msg instanceof Uint8Array ? msg : msg.subarray()
   )
+  options?.signal?.throwIfAborted()
 
   return new Uint8Array(sig, 0, sig.byteLength)
 }
 
-export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Promise<boolean> {
   const publicKey = await webcrypto.get().subtle.importKey(
     'jwk',
     key,
@@ -63,24 +67,31 @@ export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint
     false,
     ['verify']
   )
+  options?.signal?.throwIfAborted()
 
-  return webcrypto.get().subtle.verify(
+  const result = await webcrypto.get().subtle.verify(
     { name: 'RSASSA-PKCS1-v1_5' },
     publicKey,
     sig,
     msg instanceof Uint8Array ? msg : msg.subarray()
   )
+  options?.signal?.throwIfAborted()
+
+  return result
 }
 
-async function exportKey (pair: CryptoKeyPair): Promise<[JsonWebKey, JsonWebKey]> {
+async function exportKey (pair: CryptoKeyPair, options?: AbortOptions): Promise<[JsonWebKey, JsonWebKey]> {
   if (pair.privateKey == null || pair.publicKey == null) {
     throw new InvalidParametersError('Private and public key are required')
   }
 
-  return Promise.all([
+  const result = await Promise.all([
     webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
     webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
   ])
+  options?.signal?.throwIfAborted()
+
+  return result
 }
 
 export function rsaKeySize (jwk: JsonWebKey): number {

packages/crypto/src/keys/rsa/index.ts

@@ -1,10 +1,11 @@
-import crypto from 'crypto'
-import { promisify } from 'util'
+import crypto from 'node:crypto'
+import { promisify } from 'node:util'
 import { InvalidParametersError } from '@libp2p/interface'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import randomBytes from '../../random-bytes.js'
 import * as utils from './utils.js'
 import type { JWKKeyPair } from '../interface.js'
+import type { AbortOptions } from '@libp2p/interface'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 const keypair = promisify(crypto.generateKeyPair)
@@ -13,13 +14,14 @@ export const RSAES_PKCS1_V1_5_OID = '1.2.840.113549.1.1.1'
 
 export { utils }
 
-export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {
+export async function generateRSAKey (bits: number, options?: AbortOptions): Promise<JWKKeyPair> {
   // @ts-expect-error node types are missing jwk as a format
   const key = await keypair('rsa', {
     modulusLength: bits,
     publicKeyEncoding: { type: 'pkcs1', format: 'jwk' },
     privateKeyEncoding: { type: 'pkcs1', format: 'jwk' }
   })
+  options?.signal?.throwIfAborted()
 
   return {
     // @ts-expect-error node types are missing jwk as a format
@@ -31,7 +33,9 @@ export async function generateRSAKey (bits: number): Promise<JWKKeyPair> {
 
 export { randomBytes as getRandomValues }
 
-export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList): Promise<Uint8Array> {
+export function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Uint8Array {
+  options?.signal?.throwIfAborted()
+
   const hash = crypto.createSign('RSA-SHA256')
 
   if (msg instanceof Uint8Array) {
@@ -46,7 +50,9 @@ export async function hashAndSign (key: JsonWebKey, msg: Uint8Array | Uint8Array
   return hash.sign({ format: 'jwk', key })
 }
 
-export async function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): Promise<boolean> {
+export function hashAndVerify (key: JsonWebKey, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): boolean {
+  options?.signal?.throwIfAborted()
+
   const hash = crypto.createVerify('RSA-SHA256')
 
   if (msg instanceof Uint8Array) {

packages/crypto/src/keys/rsa/rsa.ts

@@ -2,7 +2,7 @@ import { base58btc } from 'multiformats/bases/base58'
 import { CID } from 'multiformats/cid'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { hashAndSign, utils, hashAndVerify } from './index.js'
-import type { RSAPublicKey as RSAPublicKeyInterface, RSAPrivateKey as RSAPrivateKeyInterface } from '@libp2p/interface'
+import type { RSAPublicKey as RSAPublicKeyInterface, RSAPrivateKey as RSAPrivateKeyInterface, AbortOptions } from '@libp2p/interface'
 import type { Digest } from 'multiformats/hashes/digest'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
@@ -45,8 +45,8 @@ export class RSAPublicKey implements RSAPublicKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array): boolean | Promise<boolean> {
-    return hashAndVerify(this.jwk, sig, data)
+  verify (data: Uint8Array | Uint8ArrayList, sig: Uint8Array, options?: AbortOptions): boolean | Promise<boolean> {
+    return hashAndVerify(this.jwk, sig, data, options)
   }
 }
 
@@ -77,7 +77,7 @@ export class RSAPrivateKey implements RSAPrivateKeyInterface {
     return uint8ArrayEquals(this.raw, key.raw)
   }
 
-  sign (message: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
-    return hashAndSign(this.jwk, message)
+  sign (message: Uint8Array | Uint8ArrayList, options?: AbortOptions): Uint8Array | Promise<Uint8Array> {
+    return hashAndSign(this.jwk, message, options)
   }
 }

packages/crypto/src/keys/secp256k1/index.browser.ts

@@ -2,6 +2,7 @@ import { secp256k1 as secp } from '@noble/curves/secp256k1'
 import { sha256 } from 'multiformats/hashes/sha2'
 import { SigningError, VerificationError } from '../../errors.js'
 import { isPromise } from '../../util.js'
+import type { AbortOptions } from '@libp2p/interface'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PUBLIC_KEY_BYTE_LENGTH = 33
@@ -13,12 +14,20 @@ export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 /**
  * Hash and sign message with private key
  */
-export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Uint8Array | Promise<Uint8Array> {
+export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Uint8Array | Promise<Uint8Array> {
   const p = sha256.digest(msg instanceof Uint8Array ? msg : msg.subarray())
 
   if (isPromise(p)) {
-    return p.then(({ digest }) => secp.sign(digest, key).toDERRawBytes())
+    return p
+      .then(({ digest }) => {
+        options?.signal?.throwIfAborted()
+        return secp.sign(digest, key).toDERRawBytes()
+      })
       .catch(err => {
+        if (err.name === 'AbortError') {
+          throw err
+        }
+
         throw new SigningError(String(err))
       })
   }
@@ -33,17 +42,26 @@ export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList):
 /**
  * Hash message and verify signature with public key
  */
-export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): boolean | Promise<boolean> {
+export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): boolean | Promise<boolean> {
   const p = sha256.digest(msg instanceof Uint8Array ? msg : msg.subarray())
 
   if (isPromise(p)) {
-    return p.then(({ digest }) => secp.verify(sig, digest, key))
+    return p
+      .then(({ digest }) => {
+        options?.signal?.throwIfAborted()
+        return secp.verify(sig, digest, key)
+      })
       .catch(err => {
+        if (err.name === 'AbortError') {
+          throw err
+        }
+
         throw new VerificationError(String(err))
       })
   }
 
   try {
+    options?.signal?.throwIfAborted()
     return secp.verify(sig, p.digest, key)
   } catch (err) {
     throw new VerificationError(String(err))

packages/crypto/src/keys/secp256k1/index.ts

@@ -1,6 +1,7 @@
 import crypto from 'node:crypto'
 import { secp256k1 as secp } from '@noble/curves/secp256k1'
 import { SigningError, VerificationError } from '../../errors.js'
+import type { AbortOptions } from '@libp2p/interface'
 import type { Uint8ArrayList } from 'uint8arraylist'
 
 const PUBLIC_KEY_BYTE_LENGTH = 33
@@ -12,7 +13,9 @@ export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 /**
  * Hash and sign message with private key
  */
-export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList): Uint8Array {
+export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): Uint8Array {
+  options?.signal?.throwIfAborted()
+
   const hash = crypto.createHash('sha256')
 
   if (msg instanceof Uint8Array) {
@@ -36,7 +39,8 @@ export function hashAndSign (key: Uint8Array, msg: Uint8Array | Uint8ArrayList):
 /**
  * Hash message and verify signature with public key
  */
-export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList): boolean {
+export function hashAndVerify (key: Uint8Array, sig: Uint8Array, msg: Uint8Array | Uint8ArrayList, options?: AbortOptions): boolean {
+  options?.signal?.throwIfAborted()
   const hash = crypto.createHash('sha256')
 
   if (msg instanceof Uint8Array) {