deps(dev): upgrade aegir to 38.1.2 (#302)

Co-authored-by: Alex Potsides <alex@achingbrain.net>

package.json

@@ -165,7 +165,7 @@
   "scripts": {
     "clean": "aegir clean",
     "lint": "aegir lint",
-    "dep-check": "aegir dep-check",
+    "dep-check": "aegir dep-check -i protons",
     "build": "aegir build",
     "test": "aegir test",
     "test:chrome": "aegir test -t browser",
@@ -186,16 +186,14 @@
     "multiformats": "^11.0.0",
     "node-forge": "^1.1.0",
     "protons-runtime": "^4.0.1",
+    "uint8arraylist": "^2.4.3",
     "uint8arrays": "^4.0.2"
   },
   "devDependencies": {
     "@types/mocha": "^10.0.0",
-    "aegir": "^37.0.12",
+    "aegir": "^38.1.2",
     "benchmark": "^2.1.4",
-    "protons": "^6.0.0",
-    "sinon": "^15.0.0",
-    "util": "^0.12.3",
-    "wherearewe": "^2.0.1"
+    "util": "^0.12.5"
   },
   "browser": {
     "./dist/src/aes/ciphers.js": "./dist/src/aes/ciphers-browser.js",

src/aes/cipher-mode.ts

@@ -5,7 +5,7 @@ const CIPHER_MODES = {
   32: 'aes-256-ctr'
 }
 
-export function cipherMode (key: Uint8Array) {
+export function cipherMode (key: Uint8Array): string {
   if (key.length === 16 || key.length === 32) {
     return CIPHER_MODES[key.length]
   }

src/aes/ciphers-browser.ts

@@ -5,7 +5,11 @@ import forge from 'node-forge/lib/forge.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 
-export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export interface Cipher {
+  update: (data: Uint8Array) => Uint8Array
+}
+
+export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
   const cipher2 = forge.cipher.createCipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
   cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
   return {
@@ -16,7 +20,7 @@ export function createCipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
   }
 }
 
-export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array) {
+export function createDecipheriv (mode: any, key: Uint8Array, iv: Uint8Array): Cipher {
   const cipher2 = forge.cipher.createDecipher('AES-CTR', uint8ArrayToString(key, 'ascii'))
   cipher2.start({ iv: uint8ArrayToString(iv, 'ascii') })
   return {

src/aes/index.ts

@@ -6,7 +6,7 @@ export interface AESCipher {
   decrypt: (data: Uint8Array) => Promise<Uint8Array>
 }
 
-export async function create (key: Uint8Array, iv: Uint8Array) { // eslint-disable-line require-await
+export async function create (key: Uint8Array, iv: Uint8Array): Promise<AESCipher> { // eslint-disable-line require-await
   const mode = cipherMode(key)
   const cipher = ciphers.createCipheriv(mode, key, iv)
   const decipher = ciphers.createDecipheriv(mode, key, iv)

src/ciphers/aes-gcm.browser.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
   const algorithm = opts?.algorithm ?? 'AES-GCM'
   let keyLength = opts?.keyLength ?? 16
   const nonceLength = opts?.nonceLength ?? 12
@@ -20,7 +20,7 @@ export function create (opts?: CreateOptions) {
    * Uses the provided password to derive a pbkdf2 key. The key
    * will then be used to encrypt the data.
    */
-  async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     const salt = crypto.getRandomValues(new Uint8Array(saltLength))
     const nonce = crypto.getRandomValues(new Uint8Array(nonceLength))
     const aesGcm = { name: algorithm, iv: nonce }
@@ -45,7 +45,7 @@ export function create (opts?: CreateOptions) {
    * this decryption cipher must be the same as those used to create
    * the encryption cipher.
    */
-  async function decrypt (data: Uint8Array, password: string | Uint8Array) {
+  async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> {
     const salt = data.subarray(0, saltLength)
     const nonce = data.subarray(saltLength, saltLength + nonceLength)
     const ciphertext = data.subarray(saltLength + nonceLength)

src/ciphers/aes-gcm.ts

@@ -5,7 +5,7 @@ import type { CreateOptions, AESCipher } from './interface.js'
 
 // Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
 
-export function create (opts?: CreateOptions) {
+export function create (opts?: CreateOptions): AESCipher {
   const algorithm = opts?.algorithm ?? 'aes-128-gcm'
   const keyLength = opts?.keyLength ?? 16
   const nonceLength = opts?.nonceLength ?? 12
@@ -14,7 +14,7 @@ export function create (opts?: CreateOptions) {
   const iterations = opts?.iterations ?? 32767
   const algorithmTagLength = opts?.algorithmTagLength ?? 16
 
-  async function encryptWithKey (data: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+  async function encryptWithKey (data: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     const nonce = crypto.randomBytes(nonceLength)
 
     // Create the cipher instance.
@@ -31,7 +31,7 @@ export function create (opts?: CreateOptions) {
    * Uses the provided password to derive a pbkdf2 key. The key
    * will then be used to encrypt the data.
    */
-  async function encrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function encrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Generate a 128-bit salt using a CSPRNG.
     const salt = crypto.randomBytes(saltLength)
 
@@ -53,7 +53,7 @@ export function create (opts?: CreateOptions) {
    * this decryption cipher must be the same as those used to create
    * the encryption cipher.
    */
-  async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array) { // eslint-disable-line require-await
+  async function decryptWithKey (ciphertextAndNonce: Uint8Array, key: Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Create Uint8Arrays of nonce, ciphertext and tag.
     const nonce = ciphertextAndNonce.subarray(0, nonceLength)
     const ciphertext = ciphertextAndNonce.subarray(nonceLength, ciphertextAndNonce.length - algorithmTagLength)
@@ -77,7 +77,7 @@ export function create (opts?: CreateOptions) {
    * @param {Uint8Array} data - The data to decrypt
    * @param {string|Uint8Array} password - A plain password
    */
-  async function decrypt (data: Uint8Array, password: string | Uint8Array) { // eslint-disable-line require-await
+  async function decrypt (data: Uint8Array, password: string | Uint8Array): Promise<Uint8Array> { // eslint-disable-line require-await
     // Create Uint8Arrays of salt and ciphertextAndNonce.
     const salt = data.subarray(0, saltLength)
     const ciphertextAndNonce = data.subarray(saltLength)

src/hmac/index-browser.ts

@@ -7,12 +7,12 @@ const hashTypes = {
   SHA512: 'SHA-512'
 }
 
-const sign = async (key: CryptoKey, data: Uint8Array) => {
+const sign = async (key: CryptoKey, data: Uint8Array): Promise<Uint8Array> => {
   const buf = await webcrypto.get().subtle.sign({ name: 'HMAC' }, key, data)
   return new Uint8Array(buf, 0, buf.byteLength)
 }
 
-export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) {
+export async function create (hashType: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<{ digest: (data: Uint8Array) => Promise<Uint8Array>, length: number }> {
   const hash = hashTypes[hashType]
 
   const key = await webcrypto.get().subtle.importKey(

src/hmac/index.ts

@@ -1,7 +1,12 @@
 import crypto from 'crypto'
 import lengths from './lengths.js'
 
-export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array) { // eslint-disable-line require-await
+export interface HMAC {
+  digest: (data: Uint8Array) => Promise<Uint8Array>
+  length: number
+}
+
+export async function create (hash: 'SHA1' | 'SHA256' | 'SHA512', secret: Uint8Array): Promise<HMAC> {
   const res = {
     async digest (data: Uint8Array) { // eslint-disable-line require-await
       const hmac = crypto.createHmac(hash.toLowerCase(), secret)

src/keys/ecdh-browser.ts

@@ -4,7 +4,7 @@ import { base64urlToBuffer } from '../util.js'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
 import { concat as uint8ArrayConcat } from 'uint8arrays/concat'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
-import type { ECDHKey, ECDHKeyPair } from './interface.js'
+import type { ECDHKey, ECDHKeyPair, JWKEncodedPrivateKey, JWKEncodedPublicKey } from './interface.js'
 
 const bits = {
   'P-256': 256,
@@ -15,7 +15,7 @@ const bits = {
 const curveTypes = Object.keys(bits)
 const names = curveTypes.join(' / ')
 
-export async function generateEphmeralKeyPair (curve: string) {
+export async function generateEphmeralKeyPair (curve: string): Promise<ECDHKey> {
   if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
     throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
@@ -30,7 +30,7 @@ export async function generateEphmeralKeyPair (curve: string) {
   )
 
   // forcePrivate is used for testing only
-  const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair) => {
+  const genSharedKey = async (theirPub: Uint8Array, forcePrivate?: ECDHKeyPair): Promise<Uint8Array> => {
     let privateKey
 
     if (forcePrivate != null) {
@@ -92,7 +92,7 @@ const curveLengths = {
 // Marshal converts a jwk encoded ECDH public key into the
 // form specified in section 4.3.6 of ANSI X9.62. (This is the format
 // go-ipfs uses)
-function marshalPublicKey (jwk: JsonWebKey) {
+function marshalPublicKey (jwk: JsonWebKey): Uint8Array {
   if (jwk.crv == null || jwk.x == null || jwk.y == null) {
     throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS')
   }
@@ -111,7 +111,7 @@ function marshalPublicKey (jwk: JsonWebKey) {
 }
 
 // Unmarshal converts a point, serialized by Marshal, into an jwk encoded key
-function unmarshalPublicKey (curve: string, key: Uint8Array) {
+function unmarshalPublicKey (curve: string, key: Uint8Array): JWKEncodedPublicKey {
   if (curve !== 'P-256' && curve !== 'P-384' && curve !== 'P-521') {
     throw new CodeError(`Unknown curve: ${curve}. Must be ${names}`, 'ERR_INVALID_CURVE')
   }
@@ -131,7 +131,7 @@ function unmarshalPublicKey (curve: string, key: Uint8Array) {
   }
 }
 
-const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair) => ({
+const unmarshalPrivateKey = (curve: string, key: ECDHKeyPair): JWKEncodedPrivateKey => ({
   ...unmarshalPublicKey(curve, key.public),
   d: uint8ArrayToString(key.private, 'base64url')
 })

src/keys/ed25519-browser.ts

@@ -1,4 +1,5 @@
 import * as ed from '@noble/ed25519'
+import type { Uint8ArrayKeyPair } from './interface'
 
 const PUBLIC_KEY_BYTE_LENGTH = 32
 const PRIVATE_KEY_BYTE_LENGTH = 64 // private key is actually 32 bytes but for historical reasons we concat private and public keys
@@ -7,7 +8,7 @@ const KEYS_BYTE_LENGTH = 32
 export { PUBLIC_KEY_BYTE_LENGTH as publicKeyLength }
 export { PRIVATE_KEY_BYTE_LENGTH as privateKeyLength }
 
-export async function generateKey () {
+export async function generateKey (): Promise<Uint8ArrayKeyPair> {
   // the actual private key (32 bytes)
   const privateKeyRaw = ed.utils.randomPrivateKey()
   const publicKey = await ed.getPublicKey(privateKeyRaw)
@@ -24,7 +25,7 @@ export async function generateKey () {
 /**
  * Generate keypair from a 32 byte uint8array
  */
-export async function generateKeyFromSeed (seed: Uint8Array) {
+export async function generateKeyFromSeed (seed: Uint8Array): Promise<Uint8ArrayKeyPair> {
   if (seed.length !== KEYS_BYTE_LENGTH) {
     throw new TypeError('"seed" must be 32 bytes in length.')
   } else if (!(seed instanceof Uint8Array)) {
@@ -43,17 +44,17 @@ export async function generateKeyFromSeed (seed: Uint8Array) {
   }
 }
 
-export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array) {
+export async function hashAndSign (privateKey: Uint8Array, msg: Uint8Array): Promise<Uint8Array> {
   const privateKeyRaw = privateKey.subarray(0, KEYS_BYTE_LENGTH)
 
   return await ed.sign(msg, privateKeyRaw)
 }
 
-export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array) {
+export async function hashAndVerify (publicKey: Uint8Array, sig: Uint8Array, msg: Uint8Array): Promise<boolean> {
   return await ed.verify(sig, msg, publicKey)
 }
 
-function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array) {
+function concatKeys (privateKeyRaw: Uint8Array, publicKey: Uint8Array): Uint8Array {
   const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH)
   for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
     privateKey[i] = privateKeyRaw[i]