CRYPTO Middleware Upgrade

In Progress do not run

Author: tomekmarchi

cryptoMiddleware/cipherSuite/index.js

@@ -0,0 +1,65 @@
+import {
+	compactMapArray,
+	hasValue,
+	isArray,
+	isNumber
+} from '@universalweb/acid';
+import { currentCertificateVersion, currentVersion } from '../../defaults.js';
+import { encryptionKeypairAlgorithm } from '../index';
+import { kyber768_xChaCha } from '../cipherSuite/Kyber768_xChaCha.js';
+import { setOptions } from '../utils.js';
+import { viatCipherSuite } from './viat.js';
+import { x25519_kyber768Half_xchacha20 } from '../cipherSuite/x25519_Kyber768Half_xChaCha.js';
+import { x25519_kyber768_xchacha20 } from './x25519_Kyber768_xChaCha.js';
+import { x25519_xChaCha } from '../cipherSuite/x25519_xChaCha.js';
+const cipherList = [
+	x25519_xChaCha,
+	x25519_kyber768Half_xchacha20,
+	kyber768_xChaCha,
+	x25519_kyber768_xchacha20,
+	viatCipherSuite
+];
+export const cipherSuites = new Map();
+const cipherSuitesVersion1 = new Map();
+cipherSuites.set(currentVersion, cipherSuitesVersion1);
+cipherSuitesVersion1.set('all', cipherList);
+setOptions(cipherSuitesVersion1, cipherList);
+export function getEncryptionKeypairAlgorithm(algo = 0, version = currentCertificateVersion) {
+	if (!hasValue(algo)) {
+		return false;
+	}
+	const versionMap = encryptionKeypairAlgorithm.get(version);
+	if (versionMap) {
+		return versionMap.get(algo);
+	}
+}
+export const cipherSuitesCertificates = new Map();
+const cipherSuitesCertificatesVersion1 = new Map();
+cipherSuitesCertificates.set(currentVersion, cipherSuitesCertificatesVersion1);
+cipherSuitesCertificatesVersion1.set('all', cipherList);
+setOptions(cipherSuitesCertificatesVersion1, cipherList);
+export function getCipherSuite(cipherSuiteName = 0, version = currentVersion) {
+	if (!hasValue(cipherSuiteName)) {
+		return false;
+	}
+	const versionMap = cipherSuites.get(version);
+	if (versionMap) {
+		return versionMap.get(cipherSuiteName);
+	}
+}
+export function getCipherSuites(indexes, version = currentVersion) {
+	if (indexes) {
+		if (isNumber(indexes)) {
+			return getCipherSuite(indexes, version);
+		} else if (isArray(indexes)) {
+			const cipherSuitesArray = compactMapArray(indexes, (value) => {
+				const cipherSuite = getCipherSuite(value, version);
+				if (cipherSuite) {
+					return cipherSuite;
+				}
+			});
+			return cipherSuitesArray;
+		}
+	}
+	return getCipherSuite('all', version);
+}

cryptoMiddleware/cipherSuite/viat.js

@@ -8,7 +8,7 @@ export const viatCipherSuite = {
 	name: 'viatCipherSuite',
 	alias: 'x25519_kyber768_xchacha20_dilithium65_sphincs+',
 	description: 'Crystals-Kyber768 with XChaCha20 and SHAKE256.',
-	id: 2,
+	id: 4,
 	preferred: true,
 	speed: 0,
 	security: 1,

cryptoMiddleware/encryption/index.js

@@ -0,0 +1,18 @@
+import { currentVersion } from '../../defaults.js';
+import { hasValue } from '@universalweb/acid';
+import { setOptions } from '../utils.js';
+import { xChaCha } from './xChaCha.js';
+const cipherList = [xChaCha];
+export const encryptionAlgorithms = new Map();
+const encryptionAlgorithmsVersion1 = new Map();
+encryptionAlgorithms.set(1, encryptionAlgorithmsVersion1);
+setOptions(encryptionAlgorithmsVersion1, cipherList);
+export function getEncryptionAlgorithm(encryptionAlgorithmName = 0, version = currentVersion) {
+	if (!hasValue(encryptionAlgorithmName)) {
+		return false;
+	}
+	const algoVersion = encryptionAlgorithms.get(version);
+	if (algoVersion) {
+		return algoVersion.get(encryptionAlgorithmName);
+	}
+}

cryptoMiddleware/hash/index.js

@@ -0,0 +1,18 @@
+import { blake3 } from './blake3.js';
+import { currentVersion } from '../../defaults.js';
+import { hasValue } from '@universalweb/acid';
+import { setOptions } from '../utils.js';
+const cipherList = [blake3];
+export const hashAlgorithms = new Map();
+const hashAlgorithmsVersion1 = new Map();
+hashAlgorithms.set(1, hashAlgorithmsVersion1);
+setOptions(hashAlgorithmsVersion1, cipherList);
+export function getHashAlgorithm(hashAlgorithmName = 0, version = currentVersion) {
+	if (!hasValue(hashAlgorithmName)) {
+		return false;
+	}
+	const algoVersion = hashAlgorithms.get(version);
+	if (algoVersion) {
+		return algoVersion.get(hashAlgorithmName);
+	}
+}

cryptoMiddleware/index.js

@@ -1,169 +1,5 @@
-import * as defaultCrypto from '#crypto';
-import {
-	assign,
-	clearBuffer,
-	compactMapArray,
-	eachArray,
-	hasValue,
-	isArray,
-	isNumber,
-	isUndefined
-} from '@universalweb/acid';
-import { currentCertificateVersion, currentVersion } from '../defaults.js';
-import { blake3 } from './hash/blake3.js';
-import { dilithium44 } from './signature/dilithium44.js';
-import { dilithium44_ed25519 } from './signature/dilithium44_ed25519.js';
-import { dilithium65 } from './signature/dilithium65.js';
-import { dilithium87 } from './signature/dilithium87.js';
-import { ed25519 } from './signature/ed25519.js';
-import { kyber768 } from './keyExchange/kyber768.js';
-import { kyber768Half_x25519 } from './keyExchange/kyber768Half_x25519.js';
-import { kyber768_x25519 } from './keyExchange/kyber768_x25519.js';
-import { kyber768_xChaCha } from './cipherSuite/Kyber768_xChaCha.js';
-import { x25519 } from './keyExchange/x25519_blake3.js';
-import { x25519_kyber768Half_xchacha20 } from './cipherSuite/x25519_Kyber768Half_xChaCha.js';
-import { x25519_xChaCha } from './cipherSuite/x25519_xChaCha.js';
-function setOption(source, option) {
-	const {
-		id, name: cipherName, alias
-	} = option;
-	if (hasValue(cipherName)) {
-		source.set(cipherName, option);
-	}
-	if (hasValue(id)) {
-		source.set(id, option);
-	}
-	if (hasValue(alias)) {
-		source.set(alias, option);
-	}
-}
-export const cipherSuites = new Map();
-const cipherSuitesVersion1 = new Map();
-cipherSuites.set(currentVersion, cipherSuitesVersion1);
-cipherSuitesVersion1.set('all', [
-	x25519_xChaCha,
-	x25519_kyber768Half_xchacha20,
-	kyber768_xChaCha
-]);
-setOption(cipherSuitesVersion1, x25519_xChaCha);
-setOption(cipherSuitesVersion1, x25519_kyber768Half_xchacha20);
-setOption(cipherSuitesVersion1, kyber768_xChaCha);
-export const encryptionKeypairAlgorithm = new Map();
-const encryptionKeypairAlgorithmVersion1 = new Map();
-encryptionKeypairAlgorithm.set(currentVersion, encryptionKeypairAlgorithmVersion1);
-encryptionKeypairAlgorithm.set('all', [
-	kyber768Half_x25519,
-	kyber768_x25519,
-	kyber768,
-	x25519,
-]);
-setOption(encryptionKeypairAlgorithmVersion1, kyber768);
-setOption(encryptionKeypairAlgorithmVersion1, x25519);
-setOption(encryptionKeypairAlgorithmVersion1, kyber768Half_x25519);
-setOption(encryptionKeypairAlgorithmVersion1, kyber768_x25519);
-export function getEncryptionKeypairAlgorithm(algo = 0, version = currentCertificateVersion) {
-	if (!hasValue(algo)) {
-		return false;
-	}
-	const versionMap = encryptionKeypairAlgorithm.get(version);
-	if (versionMap) {
-		return versionMap.get(algo);
-	}
-}
-export const cipherSuitesCertificates = new Map();
-const cipherSuitesCertificatesVersion1 = new Map();
-cipherSuitesCertificates.set(currentVersion, cipherSuitesCertificatesVersion1);
-cipherSuitesCertificatesVersion1.set('all', [
-	x25519_xChaCha,
-	x25519_kyber768Half_xchacha20,
-	kyber768_xChaCha
-]);
-setOption(cipherSuitesCertificatesVersion1, x25519_xChaCha);
-setOption(cipherSuitesCertificatesVersion1, x25519_kyber768Half_xchacha20);
-setOption(cipherSuitesCertificatesVersion1, kyber768_xChaCha);
-export function getCipherSuite(cipherSuiteName = 0, version = currentVersion) {
-	if (!hasValue(cipherSuiteName)) {
-		return false;
-	}
-	const versionMap = cipherSuites.get(version);
-	if (versionMap) {
-		return versionMap.get(cipherSuiteName);
-	}
-}
-export function getCipherSuites(indexes, version = currentVersion) {
-	if (indexes) {
-		if (isNumber(indexes)) {
-			return getCipherSuite(indexes, version);
-		} else if (isArray(indexes)) {
-			const cipherSuitesArray = compactMapArray(indexes, (value) => {
-				const cipherSuite = getCipherSuite(value, version);
-				if (cipherSuite) {
-					return cipherSuite;
-				}
-			});
-			return cipherSuitesArray;
-		}
-	}
-	return getCipherSuite('all', version);
-}
-export const publicKeyAlgorithms = new Map();
-const publicKeyAlgorithmVersion1 = new Map();
-publicKeyAlgorithms.set(1, publicKeyAlgorithmVersion1);
-publicKeyAlgorithmVersion1.set('all', [
-	ed25519,
-	dilithium44_ed25519,
-	dilithium44,
-	dilithium65,
-	dilithium87
-]);
-setOption(publicKeyAlgorithmVersion1, ed25519);
-setOption(publicKeyAlgorithmVersion1, dilithium44_ed25519);
-setOption(publicKeyAlgorithmVersion1, dilithium44);
-setOption(publicKeyAlgorithmVersion1, dilithium65);
-setOption(publicKeyAlgorithmVersion1, dilithium87);
-export function getSignatureAlgorithm(publicKeyAlgorithmName = 0, version = currentVersion) {
-	if (!hasValue(publicKeyAlgorithmName)) {
-		return false;
-	}
-	const versionMap = publicKeyAlgorithms.get(version);
-	if (versionMap) {
-		return versionMap.get(publicKeyAlgorithmName);
-	}
-}
-export const publicKeyCertificateAlgorithms = new Map();
-const publicKeyCertificateAlgorithmsVersion1 = new Map();
-publicKeyCertificateAlgorithms.set(currentVersion, publicKeyCertificateAlgorithmsVersion1);
-publicKeyCertificateAlgorithmsVersion1.set('all', [
-	ed25519,
-	dilithium44_ed25519,
-	dilithium44,
-	dilithium65,
-	dilithium87
-]);
-setOption(publicKeyCertificateAlgorithmsVersion1, ed25519);
-setOption(publicKeyCertificateAlgorithmsVersion1, dilithium44_ed25519);
-setOption(publicKeyCertificateAlgorithmsVersion1, dilithium44);
-setOption(publicKeyCertificateAlgorithmsVersion1, dilithium65);
-setOption(publicKeyCertificateAlgorithmsVersion1, dilithium87);
-export function getSignatureAlgorithmByCertificate(publicKeyAlgorithmName = 0, version = currentCertificateVersion) {
-	if (!hasValue(publicKeyAlgorithmName)) {
-		return false;
-	}
-	const algoVersion = publicKeyCertificateAlgorithms.get(version);
-	if (algoVersion) {
-		return algoVersion.get(publicKeyAlgorithmName);
-	}
-}
-export const hashAlgorithms = new Map();
-const hashAlgorithmsVersion1 = new Map();
-hashAlgorithms.set(1, hashAlgorithmsVersion1);
-setOption(hashAlgorithmsVersion1, blake3);
-export function getHashAlgorithm(hashAlgorithmName = 0, version = currentVersion) {
-	if (!hasValue(hashAlgorithmName)) {
-		return false;
-	}
-	const algoVersion = hashAlgorithms.get(version);
-	if (algoVersion) {
-		return algoVersion.get(hashAlgorithmName);
-	}
-}
+export * from './signature/index.js';
+export * from './hash/index.js';
+export * from './keyExchange/index.js';
+export * from './encryption/index.js';
+export * from './cipherSuite/index.js';

cryptoMiddleware/keyExchange/index.js

@@ -0,0 +1,29 @@
+import { currentCertificateVersion, currentVersion } from '../../defaults.js';
+import { hasValue } from '@universalweb/acid';
+import { kyber768 } from './kyber768.js';
+import { kyber768Half_x25519 } from './kyber768Half_x25519.js';
+import { kyber768_x25519 } from './kyber768_x25519.js';
+import { setOptions } from '../utils.js';
+import { x25519 } from './x25519.js';
+import { x25519_blake3 } from './x25519_blake3.js';
+const cipherList = [
+	kyber768Half_x25519,
+	kyber768_x25519,
+	kyber768,
+	x25519,
+	x25519_blake3
+];
+export const encryptionKeypairAlgorithm = new Map();
+const encryptionKeypairAlgorithmVersion1 = new Map();
+encryptionKeypairAlgorithm.set(currentVersion, encryptionKeypairAlgorithmVersion1);
+encryptionKeypairAlgorithmVersion1.set('all', cipherList);
+setOptions(encryptionKeypairAlgorithmVersion1, cipherList);
+export function getEncryptionKeypairAlgorithm(algo = 0, version = currentCertificateVersion) {
+	if (!hasValue(algo)) {
+		return false;
+	}
+	const versionMap = encryptionKeypairAlgorithm.get(version);
+	if (versionMap) {
+		return versionMap.get(algo);
+	}
+}

cryptoMiddleware/signature/ed25519_deprecated.js renamed to cryptoMiddleware/signature/ed25519_sodium.js

@@ -89,10 +89,10 @@ export function getPublicKeyFromPrivateKey(privateKey) {
 	crypto_sign_ed25519_sk_to_pk(publicKey, privateKey);
 	return publicKey;
 }
-export const ed25519 = {
-	name: 'ed25519',
-	alias: 'default',
-	id: 0,
+export const ed25519_sodium = {
+	name: 'ed25519_sodium',
+	alias: 'ed25519_sodium',
+	id: 6,
 	publicKeySize,
 	privateKeySize,
 	signatureSize,

cryptoMiddleware/signature/index.js

@@ -0,0 +1,47 @@
+import { currentCertificateVersion, currentVersion } from '../../defaults.js';
+import { dilithium44 } from './dilithium44.js';
+import { dilithium44_ed25519 } from './dilithium44_ed25519.js';
+import { dilithium65 } from './dilithium65.js';
+import { dilithium87 } from './dilithium87.js';
+import { ed25519 } from './ed25519.js';
+import { ed25519_sodium } from './ed25519_sodium.js';
+import { hasValue } from '@universalweb/acid';
+import { setOptions } from '../utils.js';
+import { sphincs192 } from './sphincs192.js';
+const cipherList = [
+	ed25519,
+	dilithium44_ed25519,
+	dilithium44,
+	dilithium65,
+	dilithium87,
+	sphincs192,
+	ed25519_sodium
+];
+export const publicKeyAlgorithms = new Map();
+const publicKeyAlgorithmVersion1 = new Map();
+publicKeyAlgorithms.set(1, publicKeyAlgorithmVersion1);
+publicKeyAlgorithmVersion1.set('all', cipherList);
+setOptions(publicKeyAlgorithmVersion1, cipherList);
+export function getSignatureAlgorithm(publicKeyAlgorithmName = 0, version = currentVersion) {
+	if (!hasValue(publicKeyAlgorithmName)) {
+		return false;
+	}
+	const versionMap = publicKeyAlgorithms.get(version);
+	if (versionMap) {
+		return versionMap.get(publicKeyAlgorithmName);
+	}
+}
+export const publicKeyCertificateAlgorithms = new Map();
+const publicKeyCertificateAlgorithmsVersion1 = new Map();
+publicKeyCertificateAlgorithms.set(currentVersion, publicKeyCertificateAlgorithmsVersion1);
+publicKeyCertificateAlgorithmsVersion1.set('all', cipherList);
+setOptions(publicKeyCertificateAlgorithmsVersion1, cipherList);
+export function getSignatureAlgorithmByCertificate(publicKeyAlgorithmName = 0, version = currentCertificateVersion) {
+	if (!hasValue(publicKeyAlgorithmName)) {
+		return false;
+	}
+	const algoVersion = publicKeyCertificateAlgorithms.get(version);
+	if (algoVersion) {
+		return algoVersion.get(publicKeyAlgorithmName);
+	}
+}