@peerbit/crypto 1.0.9 → 2.0.0

package/src/encryption.ts

@@ -1,19 +1,222 @@
 export * from "./errors.js";
+
 import {
 	AbstractType,
 	deserialize,
 	field,
 	serialize,
 	variant,
-	vec
+	vec,
+	fixedArray
 } from "@dao-xyz/borsh";
 import { equals } from "@peerbit/uint8arrays";
 import { AccessError } from "./errors.js";
 import sodium from "libsodium-wrappers";
 import { X25519Keypair, X25519PublicKey, X25519SecretKey } from "./x25519.js";
-import { Ed25519Keypair, Ed25519PublicKey } from "./ed25519.js";
+import { Ed25519PublicKey } from "./ed25519.js";
 import { randomBytes } from "./random.js";
-import { Keychain } from "./keychain.js";
+import { sha256 } from "./hash.js";
+export type MaybePromise<T> = Promise<T> | T;
+
+export type PublicKeyEncryptionParameters = {
+	type?: "publicKey";
+	receiverPublicKeys: (X25519PublicKey | Ed25519PublicKey)[];
+};
+
+export type SymmetricKeyEncryptionParameters = {
+	type?: "hash";
+};
+/* 
+export type NoExchange = {
+	type: 'none'
+};
+ */
+
+export type KeyExchangeOptions =
+	| PublicKeyEncryptionParameters
+	| SymmetricKeyEncryptionParameters;
+
+type EncryptReturnValue<
+	T,
+	Parameters extends KeyExchangeOptions
+> = EncryptedThing<T, EnvelopeFromParameter<Parameters>>;
+
+type CipherWithEnvelope<E = PublicKeyEnvelope | HashedKeyEnvelope> = {
+	cipher: Uint8Array;
+	nonce: Uint8Array;
+	envelope: E;
+};
+
+type SymmetricKeys = Uint8Array;
+type PublicKeyEncryptionKeys = X25519Keypair;
+
+function isAsymmetriEncryptionParameters(
+	parameters: KeyExchangeOptions
+): parameters is PublicKeyEncryptionParameters {
+	return (
+		(parameters as PublicKeyEncryptionParameters).receiverPublicKeys != null
+	);
+}
+function isAsymmetricEncryptionKeys(
+	parameters: PublicKeyEncryptionKeys | SymmetricKeys
+): parameters is PublicKeyEncryptionKeys {
+	return (parameters as PublicKeyEncryptionKeys) instanceof X25519Keypair;
+}
+
+type EnvelopeFromParameter<Parameters extends KeyExchangeOptions> =
+	Parameters extends PublicKeyEncryptionParameters
+		? PublicKeyEnvelope
+		: HashedKeyEnvelope;
+
+type EncryptProvide<Parameters extends KeyExchangeOptions> = (
+	bytes: Uint8Array,
+	parameters: Parameters
+) => Promise<CipherWithEnvelope<EnvelopeFromParameter<Parameters>>>;
+
+interface KeyProvider {
+	exportByKey(publicKey: X25519PublicKey): Promise<X25519Keypair | undefined>;
+}
+
+export const createLocalEncryptProvider = <
+	K extends PublicKeyEncryptionKeys | SymmetricKeys,
+	Parameters extends KeyExchangeOptions = K extends PublicKeyEncryptionKeys
+		? PublicKeyEncryptionParameters
+		: SymmetricKeyEncryptionParameters
+>(
+	keys: K
+) => {
+	return async (
+		bytes: Uint8Array,
+		parameters: Parameters
+	): Promise<CipherWithEnvelope<EnvelopeFromParameter<Parameters>>> => {
+		const nonce = randomBytes(NONCE_LENGTH); // crypto random is faster than sodim random
+		if (
+			isAsymmetriEncryptionParameters(parameters) &&
+			isAsymmetricEncryptionKeys(keys)
+		) {
+			const epheremalKey = sodium.crypto_secretbox_keygen();
+			const cipher = sodium.crypto_secretbox_easy(bytes, nonce, epheremalKey);
+			const { receiverPublicKeys } = parameters;
+			const receiverX25519PublicKeys = await Promise.all(
+				receiverPublicKeys.map((key) => {
+					if (key instanceof Ed25519PublicKey) {
+						return X25519PublicKey.from(key);
+					}
+					return key;
+				})
+			);
+
+			const ks = receiverX25519PublicKeys.map((receiverPublicKey) => {
+				const kNonce = randomBytes(NONCE_LENGTH); // crypto random is faster than sodium random
+				return new K({
+					encryptedKey: new CipherWithNonce({
+						cipher: sodium.crypto_box_easy(
+							epheremalKey,
+							kNonce,
+							receiverPublicKey.publicKey,
+							keys.secretKey.secretKey
+						),
+						nonce: kNonce
+					}),
+					receiverPublicKey
+				});
+			});
+
+			return {
+				cipher: new Uint8Array(cipher), // TODO do we need this clone?
+				nonce,
+				envelope: new PublicKeyEnvelope({
+					senderPublicKey: keys.publicKey,
+					ks
+				}) as EnvelopeFromParameter<Parameters>
+			};
+		} else if (
+			!isAsymmetriEncryptionParameters(parameters) &&
+			!isAsymmetricEncryptionKeys(keys)
+		) {
+			const cipher = sodium.crypto_secretbox_easy(bytes, nonce, keys);
+			return {
+				cipher: new Uint8Array(cipher), // TODO do we need this clone?
+				nonce,
+				envelope: new HashedKeyEnvelope({
+					hash: await sha256(keys)
+				}) as EnvelopeFromParameter<Parameters>
+			};
+		}
+
+		throw new Error("Unexpected encryption parameters");
+	};
+};
+
+export type DecryptProvider = (
+	encrypted: Uint8Array,
+	nonce: Uint8Array,
+	exchange: Envelope
+) => Promise<Uint8Array>;
+
+type KeyResolver = <T extends X25519PublicKey | Uint8Array>(
+	key: T
+) => Promise<
+	(T extends X25519PublicKey ? X25519Keypair : Uint8Array) | undefined
+>;
+
+export const createDecrypterFromKeyResolver = (
+	keyResolver: KeyResolver
+): DecryptProvider => {
+	return async (
+		encrypted: Uint8Array,
+		nonce: Uint8Array,
+		exchange: Envelope
+	): Promise<Uint8Array> => {
+		// We only need to open with one of the keys
+
+		let epheremalKey: Uint8Array | undefined;
+
+		if (exchange instanceof PublicKeyEnvelope) {
+			let key: { index: number; keypair: X25519Keypair } | undefined;
+			for (const [i, k] of exchange._ks.entries()) {
+				const exported = await keyResolver(k._receiverPublicKey);
+				if (exported) {
+					key = {
+						index: i,
+						keypair: exported
+					};
+					break;
+				}
+			}
+
+			if (key) {
+				const k = exchange._ks[key.index];
+				let secretKey: X25519SecretKey = undefined as any;
+				if (key.keypair instanceof X25519Keypair) {
+					secretKey = key.keypair.secretKey;
+				} else {
+					secretKey = await X25519SecretKey.from(key.keypair);
+				}
+				try {
+					epheremalKey = sodium.crypto_box_open_easy(
+						k._encryptedKey.cipher,
+						k._encryptedKey.nonce,
+						exchange._senderPublicKey.publicKey,
+						secretKey.secretKey
+					);
+				} catch (error) {
+					throw new AccessError("Failed to decrypt");
+				}
+			} else {
+				throw new AccessError("Failed to resolve decryption key");
+			}
+		} else if (exchange instanceof HashedKeyEnvelope) {
+			epheremalKey = await keyResolver(exchange.hash);
+		}
+
+		if (!epheremalKey) {
+			throw new Error("Failed to resolve ephemeral key");
+		}
+
+		return sodium.crypto_secretbox_open_easy(encrypted, nonce, epheremalKey);
+	};
+};
 
 const NONCE_LENGTH = 24;
 
@@ -27,8 +230,13 @@ export abstract class MaybeEncrypted<T> {
 	}
 
 	decrypt(
-		keyOrKeychain?: Keychain | X25519Keypair
-	): Promise<DecryptedThing<T>> | DecryptedThing<T> {
+		keyResolver?: X25519Keypair | KeyProvider
+	): MaybePromise<DecryptedThing<T>>;
+	decrypt(provider?: DecryptProvider): MaybePromise<DecryptedThing<T>>;
+
+	decrypt(
+		provider?: X25519Keypair | DecryptProvider | KeyProvider
+	): MaybePromise<DecryptedThing<T>> | DecryptedThing<T> {
 		throw new Error("Not implemented");
 	}
 	equals(other: MaybeEncrypted<T>): boolean {
@@ -69,47 +277,42 @@ export class DecryptedThing<T> extends MaybeEncrypted<T> {
 		return deserialize(this._data, clazz);
 	}
 
+	async encrypt<Parameters extends KeyExchangeOptions>(
+		provider: EncryptProvide<Parameters>,
+		parameters: Parameters
+	): Promise<EncryptReturnValue<T, Parameters>>;
+
 	async encrypt(
 		x25519Keypair: X25519Keypair,
-		...receiverPublicKeys: (X25519PublicKey | Ed25519PublicKey)[]
-	): Promise<EncryptedThing<T>> {
-		const bytes = serialize(this);
-		const epheremalKey = sodium.crypto_secretbox_keygen();
-		const nonce = randomBytes(NONCE_LENGTH); // crypto random is faster than sodim random
-		const cipher = sodium.crypto_secretbox_easy(bytes, nonce, epheremalKey);
-
-		const receiverX25519PublicKeys = await Promise.all(
-			receiverPublicKeys.map((key) => {
-				if (key instanceof Ed25519PublicKey) {
-					return X25519PublicKey.from(key);
-				}
-				return key;
-			})
-		);
+		receiverPublicKeys: (X25519PublicKey | Ed25519PublicKey)[]
+	): Promise<EncryptReturnValue<T, PublicKeyEncryptionParameters>>;
 
-		const ks = receiverX25519PublicKeys.map((receiverPublicKey) => {
-			const kNonce = randomBytes(NONCE_LENGTH); // crypto random is faster than sodium random
-			return new K({
-				encryptedKey: new CipherWithNonce({
-					cipher: sodium.crypto_box_easy(
-						epheremalKey,
-						kNonce,
-						receiverPublicKey.publicKey,
-						x25519Keypair.secretKey.secretKey
-					),
-					nonce: kNonce
-				}),
-				receiverPublicKey
-			});
-		});
+	async encrypt(
+		keypair: EncryptProvide<any> | X25519Keypair,
+		parameters: KeyExchangeOptions | (X25519PublicKey | Ed25519PublicKey)[]
+	): Promise<EncryptReturnValue<T, any>> {
+		let provider: EncryptProvide<any>;
+		let options: KeyExchangeOptions;
+		if (keypair instanceof X25519Keypair) {
+			provider = createLocalEncryptProvider(keypair);
+			options = {
+				receiverPublicKeys: parameters as (
+					| X25519PublicKey
+					| Ed25519PublicKey
+				)[],
+				type: "publicKey"
+			};
+		} else {
+			provider = keypair;
+			options = parameters as KeyExchangeOptions;
+		}
 
-		const enc = new EncryptedThing<T>({
-			encrypted: new Uint8Array(cipher),
-			nonce,
-			envelope: new Envelope({
-				senderPublicKey: x25519Keypair.publicKey,
-				ks
-			})
+		const bytes = serialize(this);
+		const { cipher, envelope, nonce } = await provider(bytes, options);
+		const enc = new EncryptedThing<T, EnvelopeFromParameter<any>>({
+			encrypted: cipher,
+			envelope,
+			nonce
 		});
 		enc._decrypted = this;
 		return enc;
@@ -196,8 +399,12 @@ export class K {
 	}
 }
 
+abstract class Envelope {
+	abstract equals(other: Envelope): boolean;
+}
+
 @variant(0)
-export class Envelope {
+class PublicKeyEnvelope extends Envelope {
 	@field({ type: X25519PublicKey })
 	_senderPublicKey: X25519PublicKey;
 
@@ -205,14 +412,16 @@ export class Envelope {
 	_ks: K[];
 
 	constructor(props?: { senderPublicKey: X25519PublicKey; ks: K[] }) {
+		super();
 		if (props) {
 			this._senderPublicKey = props.senderPublicKey;
 			this._ks = props.ks;
 		}
 	}
 
-	equals(other: Envelope): boolean {
-		if (other instanceof Envelope) {
+	// TODO: should this be comparable to AbstractEnvelope?
+	equals(other: PublicKeyEnvelope): boolean {
+		if (other instanceof PublicKeyEnvelope) {
 			if (!this._senderPublicKey.equals(other._senderPublicKey)) {
 				return false;
 			}
@@ -233,7 +442,35 @@ export class Envelope {
 }
 
 @variant(1)
-export class EncryptedThing<T> extends MaybeEncrypted<T> {
+class HashedKeyEnvelope extends Envelope {
+	@field({ type: fixedArray("u8", 32) })
+	hash: Uint8Array;
+	// TODO: Do we need a salt here?
+	constructor(props?: { hash: Uint8Array }) {
+		super();
+		if (props) {
+			this.hash = props.hash;
+		}
+	}
+
+	// TODO: should this be comparable to AbstractEnvelope?
+	equals(other: HashedKeyEnvelope): boolean {
+		if (other instanceof HashedKeyEnvelope) {
+			if (!equals(this.hash, other.hash)) {
+				return false;
+			}
+			return true;
+		} else {
+			return false;
+		}
+	}
+}
+
+@variant(1)
+export class EncryptedThing<
+	T,
+	E extends Envelope = PublicKeyEnvelope | HashedKeyEnvelope
+> extends MaybeEncrypted<T> {
 	@field({ type: Uint8Array })
 	_encrypted: Uint8Array;
 
@@ -241,18 +478,18 @@ export class EncryptedThing<T> extends MaybeEncrypted<T> {
 	_nonce: Uint8Array;
 
 	@field({ type: Envelope })
-	_envelope: Envelope;
+	_keyexchange: E;
 
 	constructor(props?: {
 		encrypted: Uint8Array;
 		nonce: Uint8Array;
-		envelope: Envelope;
+		envelope: E;
 	}) {
 		super();
 		if (props) {
 			this._encrypted = props.encrypted;
 			this._nonce = props.nonce;
-			this._envelope = props.envelope;
+			this._keyexchange = props.envelope;
 		}
 	}
 
@@ -267,85 +504,56 @@ export class EncryptedThing<T> extends MaybeEncrypted<T> {
 	}
 
 	async decrypt(
-		keyResolver?: Keychain | X25519Keypair
+		keyResolver?: X25519Keypair | KeyProvider
+	): Promise<DecryptedThing<T>>;
+	async decrypt(provider?: DecryptProvider): Promise<DecryptedThing<T>>;
+
+	async decrypt(
+		providerOrResolver?: X25519Keypair | DecryptProvider | KeyProvider
 	): Promise<DecryptedThing<T>> {
-		if (this._decrypted) {
-			return this._decrypted;
+		let provider: DecryptProvider | undefined;
+		if (typeof providerOrResolver === "function") {
+			provider = providerOrResolver;
+		} else if (providerOrResolver instanceof X25519Keypair) {
+			const resolver: KeyResolver = (key): any => {
+				if (key instanceof X25519PublicKey) {
+					if (key.equals(providerOrResolver.publicKey)) {
+						return providerOrResolver;
+					}
+				}
+				throw new Error("Missing keypair");
+			};
+			provider = createDecrypterFromKeyResolver(resolver);
+		} else if (providerOrResolver) {
+			provider = createDecrypterFromKeyResolver(async (key) => {
+				if (key instanceof X25519PublicKey) {
+					const keypair = await providerOrResolver.exportByKey(key);
+					return keypair as any;
+				}
+			});
 		}
 
-		if (!keyResolver) {
-			throw new AccessError("Expecting key resolver");
+		if (this._decrypted) {
+			return this._decrypted;
 		}
 
-		// We only need to open with one of the keys
-		let key: { index: number; keypair: X25519Keypair } | undefined;
-		if (keyResolver instanceof X25519Keypair) {
-			for (const [i, k] of this._envelope._ks.entries()) {
-				if (k._receiverPublicKey.equals(keyResolver.publicKey)) {
-					key = {
-						index: i,
-						keypair: keyResolver
-					};
-				}
-			}
-		} else {
-			for (const [i, k] of this._envelope._ks.entries()) {
-				const exported = await keyResolver.exportByKey(k._receiverPublicKey);
-				if (exported) {
-					key = {
-						index: i,
-						keypair: exported
-					};
-					break;
-				}
-			}
+		if (!provider) {
+			throw new AccessError("Expecting decryption provider");
 		}
 
-		if (key) {
-			const k = this._envelope._ks[key.index];
-			let secretKey: X25519SecretKey = undefined as any;
-			if (key.keypair instanceof X25519Keypair) {
-				secretKey = key.keypair.secretKey;
-			} else {
-				secretKey = await X25519SecretKey.from(key.keypair);
-			}
-			let epheremalKey: Uint8Array;
-			try {
-				epheremalKey = sodium.crypto_box_open_easy(
-					k._encryptedKey.cipher,
-					k._encryptedKey.nonce,
-					this._envelope._senderPublicKey.publicKey,
-					secretKey.secretKey
-				);
-			} catch (error) {
-				throw new AccessError("Failed to decrypt");
-			}
+		const decrypted = await provider(
+			this._encrypted,
+			this._nonce,
+			this._keyexchange
+		);
+		if (decrypted) {
+			const der = deserialize(decrypted, DecryptedThing);
 
-			// TODO: is nested decryption necessary?
-			/*  let der: any = this;
-			 let counter = 0;
-			 while (der instanceof EncryptedThing) {
-				 const decrypted = await sodium.crypto_secretbox_open_easy(this._encrypted, this._nonce, epheremalKey);
-				 der = deserialize(decrypted, DecryptedThing)
-				 counter += 1;
-				 if (counter >= 10) {
-					 throw new Error("Unexpected decryption behaviour, data seems to always be in encrypted state")
-				 }
-			 } */
-
-			const der = deserialize(
-				sodium.crypto_secretbox_open_easy(
-					this._encrypted,
-					this._nonce,
-					epheremalKey
-				),
-				DecryptedThing
-			);
 			this._decrypted = der as DecryptedThing<T>;
-		} else {
-			throw new AccessError("Failed to resolve decryption key");
+			return this._decrypted;
 		}
-		return this._decrypted;
+
+		throw new AccessError("Failed to resolve decryption key");
 	}
 
 	equals(other: MaybeEncrypted<T>): boolean {
@@ -357,7 +565,7 @@ export class EncryptedThing<T> extends MaybeEncrypted<T> {
 				return false;
 			}
 
-			if (!this._envelope.equals(other._envelope)) {
+			if (!this._keyexchange.equals(other._keyexchange)) {
 				return false;
 			}
 			return true;

package/src/index.ts

@@ -1,7 +1,6 @@
 export * from "./key.js";
 export * from "./ed25519.js";
 export * from "./signature.js";
-export * from "./key.js";
 export * from "./sepc256k1.js";
 export * from "./x25519.js";
 export * from "./encryption.js";
@@ -11,7 +10,6 @@ export * from "./hash.js";
 export * from "./random.js";
 export * from "./prehash.js";
 export * from "./signer.js";
-export * from "./keychain.js";
 import libsodium from "libsodium-wrappers";
-const ready = libsodium.ready; // TODO  can we export ready directly ?
+const ready = libsodium.ready;
 export { ready };

package/src/key.ts

@@ -1,6 +1,8 @@
-import { serialize } from "@dao-xyz/borsh";
+import { field, serialize } from "@dao-xyz/borsh";
 import { sha256Base64Sync } from "./hash.js";
 import { PeerId } from "@libp2p/interface/peer-id";
+import { compare } from "@peerbit/uint8arrays";
+import { toHexString } from "./utils.js";
 
 interface Key {
 	equals(other: Key): boolean;
@@ -20,6 +22,8 @@ export abstract class Keypair {
 	toPeerId(): Promise<PeerId> {
 		throw new Error("Not implemented");
 	}
+
+	// TODO: Should we add not implemented errors for .create and and .from as well?
 }
 
 // ---- SIGNATURE KEYS -----
@@ -78,3 +82,22 @@ export abstract class PlainKey implements Key {
 		return this._hashcode || (this._hashcode = sha256Base64Sync(this.bytes));
 	}
 }
+
+export class ByteKey extends PlainKey {
+	@field({ type: Uint8Array })
+	key: Uint8Array;
+
+	constructor(properties: { key: Uint8Array }) {
+		super();
+		this.key = properties.key;
+	}
+
+	equals(other: ByteKey) {
+		return compare(this.key, other.key) === 0;
+	}
+
+	// TODO: What should be preprended to this string here?
+	toString(): string {
+		return "bytekey/" + toHexString(this.key);
+	}
+}

package/src/sepc256k1.ts

@@ -1,5 +1,6 @@
 import { field, fixedArray, variant, vec } from "@dao-xyz/borsh";
 import { Keypair, PrivateSignKey, PublicSignKey } from "./key.js";
+
 import { Wallet } from "@ethersproject/wallet";
 import { arrayify } from "@ethersproject/bytes";
 import { joinSignature } from "@ethersproject/bytes";
@@ -11,7 +12,7 @@ let _curve: EC;
 import { equals } from "@peerbit/uint8arrays";
 import { toHexString } from "./utils.js";
 import { PeerId } from "@libp2p/interface/peer-id";
-import { Identity, Signer } from "./signer.js";
+import { Identity } from "./signer.js";
 import { coerce } from "./bytes.js";
 import { generateKeyPair, supportedKeys } from "@libp2p/crypto/keys";
 import utf8 from "@protobufjs/utf8";
@@ -32,7 +33,9 @@ export class Secp256k1PublicKey extends PublicSignKey {
 		this.publicKey = properties.publicKey;
 	}
 
-	static async recover(wallet: Wallet) {
+	static async recover(wallet: {
+		signMessage(message: string | Uint8Array): Promise<string> | string;
+	}) {
 		// Signa message
 		const toSign = new Uint8Array([0]);
 		const signature = await wallet.signMessage(toSign);

package/lib/esm/keychain.d.ts

@@ -1,30 +0,0 @@
-import { KeyChain as InternalKeychain } from "@libp2p/interface/keychain";
-import { Cache } from "@peerbit/cache";
-import { Ed25519Keypair, Ed25519PublicKey } from "./ed25519.js";
-import { X25519Keypair, X25519PublicKey } from "./x25519.js";
-export type KeypairFromPublicKey<T> = T extends X25519PublicKey ? X25519PublicKey extends T ? X25519Keypair : Ed25519Keypair : Ed25519Keypair;
-export interface Keychain {
-    import(keypair: Ed25519Keypair, id: Uint8Array): Promise<void>;
-    exportByKey<T extends Ed25519PublicKey | X25519PublicKey, Q = KeypairFromPublicKey<T>>(publicKey: T): Promise<Q | undefined>;
-    exportById<T = "ed25519" | "x25519", Q = T extends "ed25519" ? Ed25519Keypair : X25519Keypair>(id: Uint8Array, type: T): Promise<Q | undefined>;
-}
-export declare class Libp2pKeychain implements Keychain {
-    readonly keychain: InternalKeychain;
-    readonly options?: {
-        cache?: Cache<Ed25519Keypair | X25519Keypair | null> | undefined;
-    } | undefined;
-    constructor(keychain: InternalKeychain, options?: {
-        cache?: Cache<Ed25519Keypair | X25519Keypair | null> | undefined;
-    } | undefined);
-    keychainKeyIdFromPublicKey(publicKey: X25519PublicKey): string;
-    private cacheKey;
-    private getCachedById;
-    private getCachedByKey;
-    exportByKey: <T extends Ed25519PublicKey | X25519PublicKey, Q = KeypairFromPublicKey<T>>(publicKey: T) => Promise<Q | undefined>;
-    exportById<T = "ed25519" | "x25519", Q = T extends "ed25519" ? Ed25519Keypair : X25519Keypair>(id: Uint8Array, type: T): Promise<Q | undefined>;
-    import: (keypair: Ed25519Keypair, id: Uint8Array) => Promise<void>;
-    getAnyKeypair: (publicKeys: any) => Promise<{
-        index: number;
-        keypair: X25519Keypair;
-    }>;
-}