fix: use getRandomValues from WebCrypto

packages/crypto/benchmark/ed25519/compat.cjs

@@ -21,7 +21,6 @@ const { fromString } = require('uint8arrays/from-string')
 
 const native = require('ed25519')
 const noble = require('@noble/ed25519')
-const { randomBytes } = noble.utils
 const { subtle } = require('crypto').webcrypto
 require('node-forge/lib/ed25519')
 const stable = require('@stablelib/ed25519')
@@ -61,7 +60,7 @@ const implementations = [{
   name: 'node-forge/ed25519',
   before: () => {},
   generateKeyPair: async () => {
-    const seed = randomBytes(32)
+    const seed = crypto.getRandomValues(new Uint8Array(32))
     const key = await forge.pki.ed25519.generateKeyPair({ seed })
 
     return {
@@ -100,7 +99,7 @@ const implementations = [{
 }, {
   name: 'native Ed25519',
   generateKeyPair: async () => {
-    const seed = randomBytes(32)
+    const seed = crypto.getRandomValues(new Uint8Array(32))
     const key = native.MakeKeypair(seed)
 
     return {

packages/crypto/benchmark/ed25519/index.js

@@ -10,8 +10,6 @@ import supercopWasm from 'supercop.wasm'
 import ed25519WasmPro from 'ed25519-wasm-pro'
 import * as libp2pCrypto from '../../dist/src/index.js'
 
-const { randomBytes } = noble.utils
-
 const suite = new Benchmark.Suite('ed25519 implementations')
 
 suite.add('@libp2p/crypto', async (d) => {
@@ -58,7 +56,7 @@ suite.add('@stablelib/ed25519', async (d) => {
 
 suite.add('node-forge/ed25519', async (d) => {
   const message = Buffer.from('hello world ' + Math.random())
-  const seed = randomBytes(32)
+  const seed = crypto.getRandomValues(new Uint8Array(32))
   const key = await forge.pki.ed25519.generateKeyPair({ seed })
   const signature = await forge.pki.ed25519.sign({ message, privateKey: key.privateKey })
   const res = await forge.pki.ed25519.verify({ signature, message, publicKey: key.publicKey })
@@ -100,7 +98,7 @@ suite.add('ed25519-wasm-pro', async (d) => {
 
 suite.add('ed25519 (native module)', async (d) => {
   const message = Buffer.from('hello world ' + Math.random())
-  const seed = randomBytes(32)
+  const seed = crypto.getRandomValues(new Uint8Array(32))
   const key = native.MakeKeypair(seed)
   const signature = native.Sign(message, key)
   const res = native.Verify(message, signature, key.publicKey)

packages/crypto/src/random-bytes.ts

@@ -1,12 +1,13 @@
 import { InvalidParametersError } from '@libp2p/interface'
-import { randomBytes as randB } from '@noble/hashes/utils.js'
 
 /**
  * Generates a Uint8Array with length `number` populated by random bytes
+ *
+ * @deprecated use `crypto.getRandomValues()` instead
  */
 export default function randomBytes (length: number): Uint8Array {
   if (isNaN(length) || length <= 0) {
     throw new InvalidParametersError('random bytes length must be a Number bigger than 0')
   }
-  return randB(length)
+  return crypto.getRandomValues(new Uint8Array(length))
 }

packages/crypto/test/crypto.spec.ts

@@ -5,7 +5,6 @@ import { base58btc } from 'multiformats/bases/base58'
 import { equals as uint8ArrayEquals } from 'uint8arrays/equals'
 import { generateKeyPair, generateKeyPairFromSeed, privateKeyFromProtobuf, privateKeyToProtobuf, publicKeyFromProtobuf, publicKeyToProtobuf } from '../src/keys/index.ts'
 import pbkdf2 from '../src/pbkdf2.ts'
-import randomBytes from '../src/random-bytes.ts'
 import fixtures from './fixtures/go-key-rsa.ts'
 import type { RSAPrivateKey } from '@libp2p/interface'
 
@@ -39,7 +38,7 @@ describe('libp2p-crypto', function () {
   })
 
   it('generateKeyPairFromSeed', () => {
-    const seed = randomBytes(32)
+    const seed = crypto.getRandomValues(new Uint8Array(32))
 
     // @ts-expect-error key type is invalid
     return expect(generateKeyPairFromSeed('invalid-key-type', seed, 512)).to.eventually.be.rejected
@@ -131,14 +130,14 @@ describe('libp2p-crypto', function () {
   describe('randomBytes', () => {
     it('throws with invalid number passed', () => {
       expect(() => {
-        randomBytes(-1)
+        crypto.getRandomValues(new Uint8Array(-1))
       }).to.throw()
     })
 
     it('generates different random things', () => {
-      const buf1 = randomBytes(10)
+      const buf1 = crypto.getRandomValues(new Uint8Array(10))
       expect(buf1.length).to.equal(10)
-      const buf2 = randomBytes(10)
+      const buf2 = crypto.getRandomValues(new Uint8Array(10))
       expect(buf1).to.not.eql(buf2)
     })
   })

packages/crypto/test/keys/ecdsa.spec.ts

@@ -4,7 +4,6 @@ import { expect } from 'aegir/chai'
 import { Uint8ArrayList } from 'uint8arraylist'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
-import { randomBytes } from '../../src/index.ts'
 import { unmarshalECDSAPrivateKey, unmarshalECDSAPublicKey } from '../../src/keys/ecdsa/utils.ts'
 import { privateKeyToCryptoKeyPair, generateKeyPair, privateKeyFromProtobuf, privateKeyFromRaw, publicKeyFromProtobuf, publicKeyFromRaw, privateKeyFromCryptoKeyPair } from '../../src/keys/index.ts'
 import { PrivateKey, PublicKey } from '../../src/keys/keys.ts'
@@ -33,7 +32,7 @@ describe('ECDSA', function () {
   })
 
   it('signs', async () => {
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
     const res = await key.publicKey.verify(text, sig)
     expect(res).to.be.be.true()
@@ -42,7 +41,7 @@ describe('ECDSA', function () {
   it('should abort signing', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     await expect((async () => {
       return key.sign(text, {
         signal: controller.signal
@@ -54,7 +53,7 @@ describe('ECDSA', function () {
   it('should abort verifying', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
 
     await expect((async () => {
@@ -67,8 +66,8 @@ describe('ECDSA', function () {
 
   it('signs a list', async () => {
     const text = new Uint8ArrayList(
-      randomBytes(512),
-      randomBytes(512)
+      crypto.getRandomValues(new Uint8Array(512)),
+      crypto.getRandomValues(new Uint8Array(512))
     )
     const sig = await key.sign(text)
     const sig2 = await key.sign(text.subarray())

packages/crypto/test/keys/ed25519.spec.ts

@@ -3,7 +3,6 @@ import { isPrivateKey, isPublicKey } from '@libp2p/interface'
 import { expect } from 'aegir/chai'
 import { Uint8ArrayList } from 'uint8arraylist'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
-import { randomBytes } from '../../src/index.ts'
 import { hashAndSignNoble, hashAndVerifyNoble } from '../../src/keys/ed25519/index.browser.ts'
 import { unmarshalEd25519PrivateKey, unmarshalEd25519PublicKey } from '../../src/keys/ed25519/utils.ts'
 import { generateKeyPair, generateKeyPairFromSeed, privateKeyFromProtobuf, privateKeyFromRaw, publicKeyFromProtobuf, publicKeyFromRaw, privateKeyToCryptoKeyPair } from '../../src/keys/index.ts'
@@ -31,55 +30,55 @@ describe('ed25519', function () {
   })
 
   it('generates a valid key from seed', async () => {
-    const seed = randomBytes(32)
+    const seed = crypto.getRandomValues(new Uint8Array(32))
     const seededKey = await generateKeyPairFromSeed('Ed25519', seed)
     expect(seededKey).to.have.property('type', 'Ed25519')
     expect(key.raw).to.have.length(64)
     expect(key.publicKey.raw).to.have.length(32)
   })
 
   it('generates the same key from the same seed', async () => {
-    const seed = randomBytes(32)
+    const seed = crypto.getRandomValues(new Uint8Array(32))
     const seededKey1 = await generateKeyPairFromSeed('Ed25519', seed)
     const seededKey2 = await generateKeyPairFromSeed('Ed25519', seed)
     expect(seededKey1.equals(seededKey2)).to.be.true()
     expect(seededKey1.publicKey.equals(seededKey2.publicKey)).to.be.true()
   })
 
   it('generates different keys for different seeds', async () => {
-    const seed1 = randomBytes(32)
+    const seed1 = crypto.getRandomValues(new Uint8Array(32))
     const seededKey1 = await generateKeyPairFromSeed('Ed25519', seed1)
-    const seed2 = randomBytes(32)
+    const seed2 = crypto.getRandomValues(new Uint8Array(32))
     const seededKey2 = await generateKeyPairFromSeed('Ed25519', seed2)
     expect(seededKey1.equals(seededKey2)).to.be.false()
     expect(seededKey1.publicKey.equals(seededKey2.publicKey)).to.be.false()
   })
 
   it('signs', async () => {
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
     const res = await key.publicKey.verify(text, sig)
     expect(res).to.be.be.true()
   })
 
   it('signs using noble', async () => {
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
     const res = hashAndVerifyNoble(key.publicKey.raw, sig, text)
     expect(res).to.be.be.true()
   })
 
   it('verifies using noble', async () => {
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = hashAndSignNoble(key.raw, text)
     const res = await key.publicKey.verify(text, sig)
     expect(res).to.be.be.true()
   })
 
   it('signs a list', async () => {
     const text = new Uint8ArrayList(
-      randomBytes(512),
-      randomBytes(512)
+      crypto.getRandomValues(new Uint8Array(512)),
+      crypto.getRandomValues(new Uint8Array(512))
     )
     const sig = await key.sign(text)
 
@@ -95,7 +94,7 @@ describe('ed25519', function () {
   it('should abort signing', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     await expect((async () => {
       return key.sign(text, {
         signal: controller.signal
@@ -107,7 +106,7 @@ describe('ed25519', function () {
   it('should abort verifying', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
 
     await expect((async () => {

packages/crypto/test/keys/rsa.spec.ts

@@ -7,7 +7,6 @@ import * as asn1js from 'asn1js'
 import { create } from 'multiformats/hashes/digest'
 import { Uint8ArrayList } from 'uint8arraylist'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
-import { randomBytes } from '../../src/index.ts'
 import { privateKeyFromCryptoKeyPair, generateKeyPair, privateKeyFromProtobuf, privateKeyFromRaw, privateKeyToProtobuf, publicKeyFromProtobuf, publicKeyFromRaw, publicKeyToProtobuf, privateKeyToCryptoKeyPair } from '../../src/keys/index.ts'
 import * as pb from '../../src/keys/keys.ts'
 import { RSAPrivateKey as RSAPrivateKeyClass, RSAPublicKey as RSAPublicKeyClass } from '../../src/keys/rsa/rsa.ts'
@@ -67,8 +66,8 @@ describe('RSA', function () {
 
   it('signs a list', async () => {
     const text = new Uint8ArrayList(
-      randomBytes(512),
-      randomBytes(512)
+      crypto.getRandomValues(new Uint8Array(512)),
+      crypto.getRandomValues(new Uint8Array(512))
     )
     const sig = await key.sign(text)
 
@@ -90,7 +89,7 @@ describe('RSA', function () {
   it('should abort signing', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     await expect((async () => {
       return key.sign(text, {
         signal: controller.signal
@@ -102,7 +101,7 @@ describe('RSA', function () {
   it('should abort verifying', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
 
     await expect((async () => {

packages/crypto/test/keys/secp256k1.spec.ts

@@ -4,7 +4,6 @@ import { isPrivateKey, isPublicKey } from '@libp2p/interface'
 import { expect } from 'aegir/chai'
 import { Uint8ArrayList } from 'uint8arraylist'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
-import { randomBytes } from '../../src/index.ts'
 import { generateKeyPair, privateKeyFromRaw, privateKeyToProtobuf, publicKeyFromRaw, publicKeyToProtobuf, privateKeyToCryptoKeyPair } from '../../src/keys/index.ts'
 import { KeyType, PrivateKey, PublicKey } from '../../src/keys/keys.ts'
 import { hashAndSign, hashAndVerify } from '../../src/keys/secp256k1/index.ts'
@@ -26,16 +25,16 @@ describe('secp256k1 keys', () => {
   })
 
   it('signs', async () => {
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
     const res = await key.publicKey.verify(text, sig)
     expect(res).to.equal(true)
   })
 
   it('signs a list', async () => {
     const text = new Uint8ArrayList(
-      randomBytes(512),
-      randomBytes(512)
+      crypto.getRandomValues(new Uint8Array(512)),
+      crypto.getRandomValues(new Uint8Array(512))
     )
     const sig = await key.sign(text)
 
@@ -51,7 +50,7 @@ describe('secp256k1 keys', () => {
   it('should abort signing', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     await expect((async () => {
       return key.sign(text, {
         signal: controller.signal
@@ -63,7 +62,7 @@ describe('secp256k1 keys', () => {
   it('should abort verifying', async () => {
     const controller = new AbortController()
     controller.abort()
-    const text = randomBytes(512)
+    const text = crypto.getRandomValues(new Uint8Array(512))
     const sig = await key.sign(text)
 
     await expect((async () => {

packages/floodsub/src/utils.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from '@libp2p/crypto'
 import { publicKeyFromProtobuf, publicKeyToProtobuf } from '@libp2p/crypto/keys'
 import { InvalidMessageError } from '@libp2p/interface'
 import { peerIdFromMultihash, peerIdFromPublicKey } from '@libp2p/peer-id'
@@ -14,7 +13,7 @@ import type { PublicKey } from '@libp2p/interface'
  * Generate a random sequence number
  */
 export function randomSeqno (): bigint {
-  return BigInt(`0x${uint8ArrayToString(randomBytes(8), 'base16')}`)
+  return BigInt(`0x${uint8ArrayToString(crypto.getRandomValues(new Uint8Array(8)), 'base16')}`)
 }
 
 /**

packages/gossipsub/test/message-cache.spec.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from '@libp2p/crypto'
 import { expect } from 'aegir/chai'
 import { fromString as uint8ArrayFromString } from 'uint8arrays/from-string'
 import { toString as uint8ArrayToString } from 'uint8arrays/to-string'
@@ -9,7 +8,7 @@ import type { RPC } from '../src/message/rpc.ts'
 import type { MessageId } from '../src/types.ts'
 
 function randomSeqno (): bigint {
-  return BigInt(`0x${uint8ArrayToString(randomBytes(8), 'base16')}`)
+  return BigInt(`0x${uint8ArrayToString(crypto.getRandomValues(new Uint8Array(8)), 'base16')}`)
 }
 
 const toMessageId = (msgId: Uint8Array): MessageId => {

packages/integration-tests/test/mdns.node.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from '@libp2p/crypto'
 import { start, stop } from '@libp2p/interface'
 import { mdns } from '@libp2p/mdns'
 import { tcp } from '@libp2p/tcp'
@@ -29,7 +28,7 @@ describe('mdns', () => {
     const deferred = defer()
 
     // use a random tag to prevent CI collision
-    const serviceTag = `libp2p-test-${uint8ArrayToString(randomBytes(4), 'base16')}.local`
+    const serviceTag = `libp2p-test-${uint8ArrayToString(crypto.getRandomValues(new Uint8Array(4)), 'base16')}.local`
 
     const getConfig = (): Libp2pOptions => ({
       start: false,

packages/interface-compliance-tests/src/transport/index.ts

@@ -1,4 +1,3 @@
-import { randomBytes } from '@libp2p/crypto'
 import { stop, TimeoutError } from '@libp2p/interface'
 import { prefixLogger } from '@libp2p/logger'
 import { expect } from 'aegir/chai'
@@ -335,7 +334,7 @@ export default (common: TestSetup<TransportTestFixtures>): void => {
 
       const connection = await dialer.dial(dialAddrs[0])
 
-      const input = randomBytes(1024)
+      const input = crypto.getRandomValues(new Uint8Array(1024))
       const output = await dialer.services.echo.echo(connection.remotePeer, input, {
         signal: AbortSignal.timeout(timeout)
       })
@@ -351,7 +350,7 @@ export default (common: TestSetup<TransportTestFixtures>): void => {
 
       const connection = await dialer.dial(dialAddrs[0])
 
-      const input = uint8ArrayConcat(new Array(160).fill(0).map(() => randomBytes(65536)))
+      const input = uint8ArrayConcat(new Array(160).fill(0).map(() => crypto.getRandomValues(new Uint8Array(65536))))
       const output = await dialer.services.echo.echo(connection.remotePeer, input, {
         signal: AbortSignal.timeout(timeout)
       })
@@ -369,7 +368,7 @@ export default (common: TestSetup<TransportTestFixtures>): void => {
       const echoProtocol = dialer.services.echo.protocol
 
       for (let i = 0; i < 2_000; i++) {
-        const input = randomBytes(1024)
+        const input = crypto.getRandomValues(new Uint8Array(1024))
         const output = await dialer.services.echo.echo(connection.remotePeer, input, {
           signal: AbortSignal.timeout(timeout)
         })