diff --git a/src/bin/server.ts b/src/bin/server.ts index 133aa8e9..dfbcd9ae 100644 --- a/src/bin/server.ts +++ b/src/bin/server.ts @@ -55,7 +55,7 @@ async function main(_argv = process.argv): Promise { privKeyFromPemFile: './tests/fixtures/certs/okp1.key', certChainFromPemFile: './tests/fixtures/certs/okp1.crt', }, - } + }, }); await server.start({ diff --git a/src/config.ts b/src/config.ts index 8ca8b9cd..347939c3 100644 --- a/src/config.ts +++ b/src/config.ts @@ -134,13 +134,19 @@ const textEncoder = new TextEncoder(); function buildQuicheConfig(config: QUICConfig): QuicheConfig { if (config.key != null && config.cert == null) { - throw new errors.ErrorQUICConfig('The cert option must be set when key is set'); + throw new errors.ErrorQUICConfig( + 'The cert option must be set when key is set', + ); } else if (config.key == null && config.cert != null) { - throw new errors.ErrorQUICConfig('The key option must be set when cert is set'); + throw new errors.ErrorQUICConfig( + 'The key option must be set when cert is set', + ); } else if (config.key != null && config.cert != null) { if (Array.isArray(config.key) && Array.isArray(config.cert)) { if (config.key.length !== config.cert.length) { - throw new errors.ErrorQUICConfig('The number of keys must match the number of certs'); + throw new errors.ErrorQUICConfig( + 'The number of keys must match the number of certs', + ); } } } @@ -166,7 +172,7 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig { // This is an array of private keys in PEM format let keyPEMBuffers: Array | undefined; if (config.key != null) { - let keyPEMs: Array = []; + const keyPEMs: Array = []; if (typeof config.key === 'string') { keyPEMs.push(config.key.trim() + '\n'); } else if (config.key instanceof Uint8Array) { @@ -185,7 +191,7 @@ function buildQuicheConfig(config: QUICConfig): QuicheConfig { // This is an array of certificate chains in PEM format let certChainPEMBuffers: Array | undefined; if (config.cert != null) { - let certChainPEMs: Array = []; + const certChainPEMs: Array = []; if (typeof config.cert === 'string') { certChainPEMs.push(config.cert.trim() + '\n'); } else if (config.cert instanceof Uint8Array) { diff --git a/tests/QUICServer.test.ts b/tests/QUICServer.test.ts index c1361745..b7c91197 100644 --- a/tests/QUICServer.test.ts +++ b/tests/QUICServer.test.ts @@ -100,7 +100,7 @@ describe(QUICServer.name, () => { tlsConfig: { privKeyPem: keyPairRSAPEM.privateKey, certChainPem: certRSAPEM, - } + }, }, logger: logger.getChild('QUICServer'), }); @@ -117,7 +117,7 @@ describe(QUICServer.name, () => { tlsConfig: { privKeyPem: keyPairECDSAPEM.privateKey, certChainPem: certECDSAPEM, - } + }, }, logger: logger.getChild('QUICServer'), }); @@ -134,7 +134,7 @@ describe(QUICServer.name, () => { tlsConfig: { privKeyPem: keyPairEd25519PEM.privateKey, certChainPem: certEd25519PEM, - } + }, }, logger: logger.getChild('QUICServer'), }); @@ -152,14 +152,12 @@ describe(QUICServer.name, () => { tlsConfig: { privKeyPem: keyPairEd25519PEM.privateKey, certChainPem: certEd25519PEM, - } + }, }, logger: logger.getChild('QUICServer'), }); await quicServer.start(); - - const scidBuffer = new ArrayBuffer(quiche.MAX_CONN_ID_LEN); await crypto.ops.randomBytes(scidBuffer); const scid = new QUICConnectionId(scidBuffer); @@ -167,11 +165,11 @@ describe(QUICServer.name, () => { const socket = new QUICSocket({ crypto, resolveHostname: utils.resolveHostname, - logger: logger.getChild(QUICSocket.name) + logger: logger.getChild(QUICSocket.name), }); await socket.start(); - // const config = buildQuicheConfig({ + // Const config = buildQuicheConfig({ // ...clientDefault // }); // Here we want to VERIFY the peer @@ -180,10 +178,9 @@ describe(QUICServer.name, () => { const quicConfig: QUICConfig = { ...clientDefault, - verifyPeer: true + verifyPeer: true, }; - const connection = await QUICConnection.connectQUICConnection({ scid, socket, @@ -194,19 +191,14 @@ describe(QUICServer.name, () => { }, config: quicConfig, - }); - await socket.stop(); await quicServer.stop(); // We can run with several rsa keypairs and certificates - }); describe('updating configuration', () => { - // We want to test changing the configuration over time - }); }); diff --git a/tests/utils.ts b/tests/utils.ts index 6f7204bd..6cfd5a78 100644 --- a/tests/utils.ts +++ b/tests/utils.ts @@ -41,23 +41,14 @@ async function generateKeyPairRSA(): Promise<{ name: 'RSASSA-PKCS1-v1_5', modulusLength: 2048, publicExponent: new Uint8Array([0x01, 0x00, 0x01]), - hash: 'SHA-256' + hash: 'SHA-256', }, true, - [ - 'sign', - 'verify', - ] + ['sign', 'verify'], ); return { - publicKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.publicKey - ), - privateKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.privateKey - ) + publicKey: await webcrypto.subtle.exportKey('jwk', keyPair.publicKey), + privateKey: await webcrypto.subtle.exportKey('jwk', keyPair.privateKey), }; } @@ -71,23 +62,14 @@ async function generateKeyPairECDSA(): Promise<{ const keyPair = await webcrypto.subtle.generateKey( { name: 'ECDSA', - namedCurve: 'P-256' + namedCurve: 'P-256', }, true, - [ - 'sign', - 'verify' - ] + ['sign', 'verify'], ); return { - publicKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.publicKey - ), - privateKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.privateKey - ) + publicKey: await webcrypto.subtle.exportKey('jwk', keyPair.publicKey), + privateKey: await webcrypto.subtle.exportKey('jwk', keyPair.privateKey), }; } @@ -99,26 +81,17 @@ async function generateKeyPairEd25519(): Promise<{ publicKey: JsonWebKey; privateKey: JsonWebKey; }> { - const keyPair = await webcrypto.subtle.generateKey( + const keyPair = (await webcrypto.subtle.generateKey( { name: 'EdDSA', - namedCurve: 'Ed25519' + namedCurve: 'Ed25519', }, true, - [ - 'sign', - 'verify' - ] - ) as CryptoKeyPair; + ['sign', 'verify'], + )) as CryptoKeyPair; return { - publicKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.publicKey - ), - privateKey: await webcrypto.subtle.exportKey( - 'jwk', - keyPair.privateKey - ) + publicKey: await webcrypto.subtle.exportKey('jwk', keyPair.publicKey), + privateKey: await webcrypto.subtle.exportKey('jwk', keyPair.privateKey), }; } @@ -130,23 +103,23 @@ async function importPublicKey(publicKey: JsonWebKey): Promise { let algorithm; switch (publicKey.kty) { case 'RSA': - switch(publicKey.alg) { + switch (publicKey.alg) { case 'RS256': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-256' + hash: 'SHA-256', }; break; case 'RS384': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-384' + hash: 'SHA-384', }; break; case 'RS512': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-512' + hash: 'SHA-512', }; break; default: @@ -154,7 +127,7 @@ async function importPublicKey(publicKey: JsonWebKey): Promise { } break; case 'EC': - switch(publicKey.crv) { + switch (publicKey.crv) { case 'P-256': algorithm = { name: 'ECDSA', @@ -186,13 +159,9 @@ async function importPublicKey(publicKey: JsonWebKey): Promise { default: throw new Error(`Unsupported key type ${publicKey.kty}`); } - return await webcrypto.subtle.importKey( - 'jwk', - publicKey, - algorithm, - true, - ['verify'] - ); + return await webcrypto.subtle.importKey('jwk', publicKey, algorithm, true, [ + 'verify', + ]); } /** @@ -203,23 +172,23 @@ async function importPrivateKey(privateKey: JsonWebKey): Promise { let algorithm; switch (privateKey.kty) { case 'RSA': - switch(privateKey.alg) { + switch (privateKey.alg) { case 'RS256': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-256' + hash: 'SHA-256', }; break; case 'RS384': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-384' + hash: 'SHA-384', }; break; case 'RS512': algorithm = { name: 'RSASSA-PKCS1-v1_5', - hash: 'SHA-512' + hash: 'SHA-512', }; break; default: @@ -227,7 +196,7 @@ async function importPrivateKey(privateKey: JsonWebKey): Promise { } break; case 'EC': - switch(privateKey.crv) { + switch (privateKey.crv) { case 'P-256': algorithm = { name: 'ECDSA', @@ -259,30 +228,21 @@ async function importPrivateKey(privateKey: JsonWebKey): Promise { default: throw new Error(`Unsupported key type ${privateKey.kty}`); } - return await webcrypto.subtle.importKey( - 'jwk', - privateKey, - algorithm, - true, - ['sign'] - ); + return await webcrypto.subtle.importKey('jwk', privateKey, algorithm, true, [ + 'sign', + ]); } -async function keyPairRSAtoPEM( - keyPair: { - publicKey: JsonWebKey; - privateKey: JsonWebKey; - } -): Promise<{ +async function keyPairRSAtoPEM(keyPair: { + publicKey: JsonWebKey; + privateKey: JsonWebKey; +}): Promise<{ publicKey: string; privateKey: string; }> { const publicKey = await importPublicKey(keyPair.publicKey); const privatekey = await importPrivateKey(keyPair.privateKey); - const publicKeySPKI = await webcrypto.subtle.exportKey( - 'spki', - publicKey - ); + const publicKeySPKI = await webcrypto.subtle.exportKey('spki', publicKey); const publicKeySPKIBuffer = Buffer.from(publicKeySPKI); const publicKeyPEMBody = publicKeySPKIBuffer @@ -290,10 +250,7 @@ async function keyPairRSAtoPEM( .replace(/(.{64})/g, '$1\n') .trimEnd() + '\n'; const publicKeyPEM = `-----BEGIN PUBLIC KEY-----\n${publicKeyPEMBody}\n-----END PUBLIC KEY-----\n`; - const privateKeyPKCS8 = await webcrypto.subtle.exportKey( - 'pkcs8', - privatekey - ); + const privateKeyPKCS8 = await webcrypto.subtle.exportKey('pkcs8', privatekey); const privateKeyPKCS8Buffer = Buffer.from(privateKeyPKCS8); const privateKeyPEMBody = privateKeyPKCS8Buffer @@ -307,21 +264,16 @@ async function keyPairRSAtoPEM( }; } -async function keyPairECDSAtoPEM( - keyPair: { - publicKey: JsonWebKey; - privateKey: JsonWebKey; - } -): Promise<{ +async function keyPairECDSAtoPEM(keyPair: { + publicKey: JsonWebKey; + privateKey: JsonWebKey; +}): Promise<{ publicKey: string; privateKey: string; }> { const publicKey = await importPublicKey(keyPair.publicKey); const privatekey = await importPrivateKey(keyPair.privateKey); - const publicKeySPKI = await webcrypto.subtle.exportKey( - 'spki', - publicKey - ); + const publicKeySPKI = await webcrypto.subtle.exportKey('spki', publicKey); const publicKeySPKIBuffer = Buffer.from(publicKeySPKI); const publicKeyPEMBody = publicKeySPKIBuffer @@ -329,10 +281,7 @@ async function keyPairECDSAtoPEM( .replace(/(.{64})/g, '$1\n') .trimEnd() + '\n'; const publicKeyPEM = `-----BEGIN PUBLIC KEY-----\n${publicKeyPEMBody}\n-----END PUBLIC KEY-----\n`; - const privateKeyPKCS8 = await webcrypto.subtle.exportKey( - 'pkcs8', - privatekey - ); + const privateKeyPKCS8 = await webcrypto.subtle.exportKey('pkcs8', privatekey); const privateKeyPKCS8Buffer = Buffer.from(privateKeyPKCS8); const privateKeyPEMBody = privateKeyPKCS8Buffer @@ -346,21 +295,16 @@ async function keyPairECDSAtoPEM( }; } -async function keyPairEd25519ToPEM( - keyPair: { - publicKey: JsonWebKey; - privateKey: JsonWebKey; - } -): Promise<{ +async function keyPairEd25519ToPEM(keyPair: { + publicKey: JsonWebKey; + privateKey: JsonWebKey; +}): Promise<{ publicKey: string; privateKey: string; }> { const publicKey = await importPublicKey(keyPair.publicKey); const privatekey = await importPrivateKey(keyPair.privateKey); - const publicKeySPKI = await webcrypto.subtle.exportKey( - 'spki', - publicKey - ); + const publicKeySPKI = await webcrypto.subtle.exportKey('spki', publicKey); const publicKeySPKIBuffer = Buffer.from(publicKeySPKI); const publicKeyPEMBody = publicKeySPKIBuffer @@ -368,10 +312,7 @@ async function keyPairEd25519ToPEM( .replace(/(.{64})/g, '$1\n') .trimEnd() + '\n'; const publicKeyPEM = `-----BEGIN PUBLIC KEY-----\n${publicKeyPEMBody}\n-----END PUBLIC KEY-----\n`; - const privateKeyPKCS8 = await webcrypto.subtle.exportKey( - 'pkcs8', - privatekey - ); + const privateKeyPKCS8 = await webcrypto.subtle.exportKey('pkcs8', privatekey); const privateKeyPKCS8Buffer = Buffer.from(privateKeyPKCS8); const privateKeyPEMBody = privateKeyPKCS8Buffer @@ -476,7 +417,7 @@ async function generateCertificate({ const signingAlgorithm: any = issuerPrivateCryptoKey.algorithm; if (signingAlgorithm.name === 'ECDSA') { // In ECDSA, the signature should match the curve strength - switch(signingAlgorithm.namedCurve) { + switch (signingAlgorithm.namedCurve) { case 'P-256': signingAlgorithm.hash = 'SHA-256'; break; @@ -488,7 +429,7 @@ async function generateCertificate({ break; default: throw new TypeError( - `Issuer private key has an unsupported curve: ${signingAlgorithm.namedCurve}` + `Issuer private key has an unsupported curve: ${signingAlgorithm.namedCurve}`, ); } } @@ -577,7 +518,11 @@ async function signHMAC(key: ArrayBuffer, data: ArrayBuffer) { * But to be fully generic, we use the `ArrayBuffer` type. * In production, prefer to use libsodium as it would be faster. */ -async function verifyHMAC(key: ArrayBuffer, data: ArrayBuffer, sig: ArrayBuffer) { +async function verifyHMAC( + key: ArrayBuffer, + data: ArrayBuffer, + sig: ArrayBuffer, +) { const cryptoKey = await webcrypto.subtle.importKey( 'raw', key, @@ -655,7 +600,6 @@ const handleStreamProm = async (stream: QUICStream, streamData: StreamData) => { } }; - // First thing is that we need to create a private key // To do this... we need to seed the webcrypto // But also this doesn't quite work