UNPKG

@synet/core

Version:

Core cryptographic and identity primitives for Synet agents.

synthetism.ai/synet

synthetism/synet

165 lines (164 loc) 5.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
"use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; var desc = Object.getOwnPropertyDescriptor(m, k); if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { desc = { enumerable: true, get: function() { return m[k]; } }; } Object.defineProperty(o, k2, desc); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || (function () { var ownKeys = function(o) { ownKeys = Object.getOwnPropertyNames || function (o) { var ar = []; for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k; return ar; }; return ownKeys(o); }; return function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]); __setModuleDefault(result, mod); return result; }; })(); var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.getKeyProvider = getKeyProvider; exports.generateKeyPair = generateKeyPair; exports.derivePublicKey = derivePublicKey; exports.getShortId = getShortId; exports.getFingerprint = getFingerprint; exports.generateWireGuardKeyPair = generateWireGuardKeyPair; const crypto = __importStar(require("node:crypto")); const tweetnacl_1 = __importDefault(require("tweetnacl")); const tweetnacl_util_1 = require("tweetnacl-util"); class RsaKeyProvider { generateKeyPair() { const { publicKey, privateKey } = crypto.generateKeyPairSync("rsa", { modulusLength: 2048, publicKeyEncoding: { type: "spki", format: "pem" }, privateKeyEncoding: { type: "pkcs8", format: "pem" }, }); return { publicKey, privateKey, type: "rsa" }; } } class Ed25519KeyProvider { generateKeyPair() { const { publicKey, privateKey } = crypto.generateKeyPairSync("ed25519", { publicKeyEncoding: { type: "spki", format: "pem" }, privateKeyEncoding: { type: "pkcs8", format: "pem" }, }); return { publicKey, privateKey, type: "ed25519" }; } } class WireguardKeyProvider { generateKeyPair() { const keyPair = tweetnacl_1.default.box.keyPair(); return { privateKey: (0, tweetnacl_util_1.encodeBase64)(keyPair.secretKey), publicKey: (0, tweetnacl_util_1.encodeBase64)(keyPair.publicKey), type: "wireguard", }; } } // Factory function getKeyProvider(type) { switch (type) { case "rsa": return new RsaKeyProvider(); case "ed25519": return new Ed25519KeyProvider(); case "wireguard": return new WireguardKeyProvider(); default: throw new Error(`Unsupported key type: ${type}`); } } /** * * @param type The type of key to generate (e.g., ' * rsa', 'ed25519', 'wireguard') * @returns A key pair object containing the private and public keys * @throws Error if the key type is unsupported * @returns */ function generateKeyPair(type) { try { const provider = getKeyProvider(type); const { privateKey, publicKey } = provider.generateKeyPair(); return { privateKey, publicKey, type }; } catch (error) { console.error("Error generating key pair:", error); throw error; } } /** * Extract the public key from a private key * @param privateKey The private key in PEM format * @returns The corresponding public key in PEM format, or null if extraction fails */ function derivePublicKey(privateKey) { try { if (!privateKey || !privateKey.includes("-----BEGIN") || !privateKey.includes("-----END")) { return null; } // Create a KeyObject from the private key PEM const privateKeyObj = crypto.createPrivateKey({ key: privateKey, format: "pem", }); // Derive the public key from the private key const publicKey = crypto.createPublicKey(privateKeyObj).export({ type: "spki", format: "pem", }); return publicKey.toString(); } catch (error) { console.error("Failed to derive public key:", error); return null; } } /** * Compute a short identifier from a public key * @param publicKey The public key in PEM format * @returns A 16-character hexadecimal identifier */ function getShortId(publicKey) { const hash = crypto.createHash("sha256").update(publicKey).digest("hex"); return hash.substring(0, 16); } /** * Compute a fingerprint from a public key * @param publicKey The public key in PEM format * @returns A 64-character hexadecimal fingerprint */ function getFingerprint(publicKey) { return crypto.createHash("sha256").update(publicKey).digest("hex"); } /** * @deprecated Use generateKeyPair('wireguard') instead. * Generates a WireGuard-compatible key pair using TweetNaCl. * @returns A key pair object with WireGuard-compatible keys */ function generateWireGuardKeyPair() { // Generate a keypair using TweetNaCl's box (which uses Curve25519) const keyPair = tweetnacl_1.default.box.keyPair(); // Convert the Uint8Array keys to base64 strings as required by WireGuard return { privateKey: (0, tweetnacl_util_1.encodeBase64)(keyPair.secretKey), publicKey: (0, tweetnacl_util_1.encodeBase64)(keyPair.publicKey) }; }