cojson 0.17.8 → 0.17.10

package/src/crypto/PureJSCrypto.ts

@@ -3,23 +3,32 @@ import { ed25519, x25519 } from "@noble/curves/ed25519";
 import { blake3 } from "@noble/hashes/blake3";
 import { base58 } from "@scure/base";
 import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import { RawCoID, TransactionID } from "../ids.js";
+import {
+  PrivateTransaction,
+  Transaction,
+  TrustingTransaction,
+} from "../coValueCore/verifiedState.js";
+import { RawCoID, SessionID, TransactionID } from "../ids.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
 import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
 import {
   CryptoProvider,
   Encrypted,
+  KeyID,
   KeySecret,
   Sealed,
   SealerID,
   SealerSecret,
+  SessionLogImpl,
   Signature,
   SignerID,
   SignerSecret,
+  StreamingHash,
   textDecoder,
   textEncoder,
 } from "./crypto.js";
+import { ControlledAccountOrAgent } from "../coValues/account.js";
 
 type Blake3State = ReturnType<typeof blake3.create>;
 
@@ -67,7 +76,7 @@ export class PureJSCrypto extends CryptoProvider<Blake3State> {
     return this.blake3HashOnce(input).slice(0, 24);
   }
 
-  protected generateJsonNonce(material: JsonValue): Uint8Array {
+  generateJsonNonce(material: JsonValue): Uint8Array {
     return this.generateNonce(textEncoder.encode(stableStringify(material)));
   }
 
@@ -199,4 +208,195 @@ export class PureJSCrypto extends CryptoProvider<Blake3State> {
       return undefined;
     }
   }
+
+  createSessionLog(
+    coID: RawCoID,
+    sessionID: SessionID,
+    signerID: SignerID,
+  ): SessionLogImpl {
+    return new PureJSSessionLog(coID, sessionID, signerID, this);
+  }
+}
+
+export class PureJSSessionLog implements SessionLogImpl {
+  transactions: string[] = [];
+  lastSignature: Signature | undefined;
+  streamingHash: Blake3State;
+
+  constructor(
+    private readonly coID: RawCoID,
+    private readonly sessionID: SessionID,
+    private readonly signerID: SignerID,
+    private readonly crypto: PureJSCrypto,
+  ) {
+    this.streamingHash = this.crypto.emptyBlake3State();
+  }
+
+  clone(): SessionLogImpl {
+    const newLog = new PureJSSessionLog(
+      this.coID,
+      this.sessionID,
+      this.signerID,
+      this.crypto,
+    );
+    newLog.transactions = this.transactions.slice();
+    newLog.lastSignature = this.lastSignature;
+    newLog.streamingHash = this.crypto.cloneBlake3State(this.streamingHash);
+    return newLog;
+  }
+
+  tryAdd(
+    transactions: Transaction[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ): void {
+    this.internalTryAdd(
+      transactions.map((tx) => stableStringify(tx)),
+      newSignature,
+      skipVerify,
+    );
+  }
+
+  internalTryAdd(
+    transactions: string[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ) {
+    if (!skipVerify) {
+      const checkHasher = this.crypto.cloneBlake3State(this.streamingHash);
+
+      for (const tx of transactions) {
+        checkHasher.update(textEncoder.encode(tx));
+      }
+      const newHash = checkHasher.digest();
+      const newHashEncoded = `hash_z${base58.encode(newHash)}`;
+
+      if (!this.crypto.verify(newSignature, newHashEncoded, this.signerID)) {
+        throw new Error("Signature verification failed");
+      }
+    }
+
+    for (const tx of transactions) {
+      this.crypto.blake3IncrementalUpdate(
+        this.streamingHash,
+        textEncoder.encode(tx),
+      );
+      this.transactions.push(tx);
+    }
+
+    this.lastSignature = newSignature;
+
+    return newSignature;
+  }
+
+  expectedHashAfter(transactionsJson: string[]): string {
+    const hasher = this.crypto.cloneBlake3State(this.streamingHash);
+    for (const tx of transactionsJson) {
+      hasher.update(textEncoder.encode(tx));
+    }
+    const newHash = hasher.digest();
+    return `hash_z${base58.encode(newHash)}`;
+  }
+
+  internalAddNewTransaction(
+    transaction: string,
+    signerAgent: ControlledAccountOrAgent,
+  ) {
+    this.crypto.blake3IncrementalUpdate(
+      this.streamingHash,
+      textEncoder.encode(transaction),
+    );
+    const newHash = this.crypto.blake3DigestForState(this.streamingHash);
+    const newHashEncoded = `hash_z${base58.encode(newHash)}`;
+    const signature = this.crypto.sign(
+      signerAgent.currentSignerSecret(),
+      newHashEncoded,
+    );
+    this.transactions.push(transaction);
+    this.lastSignature = signature;
+
+    return signature;
+  }
+
+  addNewPrivateTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    keyID: KeyID,
+    keySecret: KeySecret,
+    madeAt: number,
+  ): { signature: Signature; transaction: PrivateTransaction } {
+    const encryptedChanges = this.crypto.encrypt(changes, keySecret, {
+      in: this.coID,
+      tx: { sessionID: this.sessionID, txIndex: this.transactions.length },
+    });
+    const tx = {
+      encryptedChanges: encryptedChanges,
+      madeAt: madeAt,
+      privacy: "private",
+      keyUsed: keyID,
+    } satisfies Transaction;
+    const signature = this.internalAddNewTransaction(
+      stableStringify(tx),
+      signerAgent,
+    );
+    return {
+      signature: signature as Signature,
+      transaction: tx,
+    };
+  }
+
+  addNewTrustingTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    madeAt: number,
+  ): { signature: Signature; transaction: TrustingTransaction } {
+    const tx = {
+      changes: stableStringify(changes),
+      madeAt: madeAt,
+      privacy: "trusting",
+    } satisfies Transaction;
+    const signature = this.internalAddNewTransaction(
+      stableStringify(tx),
+      signerAgent,
+    );
+    return {
+      signature: signature as Signature,
+      transaction: tx,
+    };
+  }
+
+  decryptNextTransactionChangesJson(
+    txIndex: number,
+    keySecret: KeySecret,
+  ): string {
+    const txJson = this.transactions[txIndex];
+    if (!txJson) {
+      throw new Error("Transaction not found");
+    }
+    const tx = JSON.parse(txJson) as Transaction;
+    if (tx.privacy === "private") {
+      const nOnceMaterial = {
+        in: this.coID,
+        tx: { sessionID: this.sessionID, txIndex: txIndex },
+      };
+
+      const nOnce = this.crypto.generateJsonNonce(nOnceMaterial);
+
+      const ciphertext = base64URLtoBytes(
+        tx.encryptedChanges.substring("encrypted_U".length),
+      );
+      const keySecretBytes = base58.decode(
+        keySecret.substring("keySecret_z".length),
+      );
+      const plaintext = xsalsa20(keySecretBytes, nOnce, ciphertext);
+
+      return textDecoder.decode(plaintext);
+    } else {
+      return tx.changes;
+    }
+  }
+
+  free(): void {
+    // no-op
+  }
 }

package/src/crypto/WasmCrypto.ts

@@ -1,4 +1,6 @@
 import {
+  SessionLog,
+  initialize,
   Blake3Hasher,
   blake3_empty_state,
   blake3_hash_once,
@@ -7,16 +9,15 @@ import {
   encrypt,
   get_sealer_id,
   get_signer_id,
-  initialize,
   new_ed25519_signing_key,
   new_x25519_private_key,
   seal,
   sign,
   unseal,
   verify,
-} from "jazz-crypto-rs";
+} from "cojson-core-wasm";
 import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import { RawCoID, TransactionID } from "../ids.js";
+import { RawCoID, SessionID, TransactionID } from "../ids.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
 import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
@@ -24,6 +25,8 @@ import { PureJSCrypto } from "./PureJSCrypto.js";
 import {
   CryptoProvider,
   Encrypted,
+  Hash,
+  KeyID,
   KeySecret,
   Sealed,
   SealerID,
@@ -34,11 +37,17 @@ import {
   textDecoder,
   textEncoder,
 } from "./crypto.js";
+import { ControlledAccountOrAgent } from "../coValues/account.js";
+import {
+  PrivateTransaction,
+  Transaction,
+  TrustingTransaction,
+} from "../coValueCore/verifiedState.js";
 
 type Blake3State = Blake3Hasher;
 
 /**
- * WebAssembly implementation of the CryptoProvider interface using jazz-crypto-rs.
+ * WebAssembly implementation of the CryptoProvider interface using cojson-core-wasm.
  * This provides the primary implementation using WebAssembly for optimal performance, offering:
  * - Signing/verifying (Ed25519)
  * - Encryption/decryption (XSalsa20)
@@ -195,4 +204,86 @@ export class WasmCrypto extends CryptoProvider<Blake3State> {
       return undefined;
     }
   }
+
+  createSessionLog(coID: RawCoID, sessionID: SessionID, signerID: SignerID) {
+    return new SessionLogAdapter(new SessionLog(coID, sessionID, signerID));
+  }
+}
+
+class SessionLogAdapter {
+  constructor(private readonly sessionLog: SessionLog) {}
+
+  tryAdd(
+    transactions: Transaction[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ): void {
+    this.sessionLog.tryAdd(
+      transactions.map((tx) => stableStringify(tx)),
+      newSignature,
+      skipVerify,
+    );
+  }
+
+  addNewPrivateTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    keyID: KeyID,
+    keySecret: KeySecret,
+    madeAt: number,
+  ): { signature: Signature; transaction: PrivateTransaction } {
+    const output = this.sessionLog.addNewPrivateTransaction(
+      stableStringify(changes),
+      signerAgent.currentSignerSecret(),
+      keySecret,
+      keyID,
+      madeAt,
+    );
+    const parsedOutput = JSON.parse(output);
+    const transaction: PrivateTransaction = {
+      privacy: "private",
+      madeAt,
+      encryptedChanges: parsedOutput.encrypted_changes,
+      keyUsed: keyID,
+    };
+    return { signature: parsedOutput.signature, transaction };
+  }
+
+  addNewTrustingTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    madeAt: number,
+  ): { signature: Signature; transaction: TrustingTransaction } {
+    const stringifiedChanges = stableStringify(changes);
+    const output = this.sessionLog.addNewTrustingTransaction(
+      stringifiedChanges,
+      signerAgent.currentSignerSecret(),
+      madeAt,
+    );
+    const transaction: TrustingTransaction = {
+      privacy: "trusting",
+      madeAt,
+      changes: stringifiedChanges,
+    };
+    return { signature: output as Signature, transaction };
+  }
+
+  decryptNextTransactionChangesJson(
+    txIndex: number,
+    keySecret: KeySecret,
+  ): string {
+    const output = this.sessionLog.decryptNextTransactionChangesJson(
+      txIndex,
+      keySecret,
+    );
+    return output;
+  }
+
+  free() {
+    this.sessionLog.free();
+  }
+
+  clone(): SessionLogAdapter {
+    return new SessionLogAdapter(this.sessionLog.clone());
+  }
 }

package/src/crypto/crypto.ts

@@ -1,10 +1,15 @@
 import { base58 } from "@scure/base";
-import { RawAccountID } from "../coValues/account.js";
+import { ControlledAccountOrAgent, RawAccountID } from "../coValues/account.js";
 import { AgentID, RawCoID, TransactionID } from "../ids.js";
 import { SessionID } from "../ids.js";
 import { Stringified, parseJSON, stableStringify } from "../jsonStringify.js";
 import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
+import {
+  PrivateTransaction,
+  Transaction,
+  TrustingTransaction,
+} from "../coValueCore/verifiedState.js";
 
 function randomBytes(bytesLength = 32): Uint8Array {
   return crypto.getRandomValues(new Uint8Array(bytesLength));
@@ -297,6 +302,12 @@ export abstract class CryptoProvider<Blake3State = any> {
   newRandomSessionID(accountID: RawAccountID | AgentID): SessionID {
     return `${accountID}_session_z${base58.encode(this.randomBytes(8))}`;
   }
+
+  abstract createSessionLog(
+    coID: RawCoID,
+    sessionID: SessionID,
+    signerID: SignerID,
+  ): SessionLogImpl;
 }
 
 export type Hash = `hash_z${string}`;
@@ -341,3 +352,29 @@ export type KeySecret = `keySecret_z${string}`;
 export type KeyID = `key_z${string}`;
 
 export const secretSeedLength = 32;
+
+export interface SessionLogImpl {
+  clone(): SessionLogImpl;
+  tryAdd(
+    transactions: Transaction[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ): void;
+  addNewPrivateTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    keyID: KeyID,
+    keySecret: KeySecret,
+    madeAt: number,
+  ): { signature: Signature; transaction: PrivateTransaction };
+  addNewTrustingTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    madeAt: number,
+  ): { signature: Signature; transaction: TrustingTransaction };
+  decryptNextTransactionChangesJson(
+    tx_index: number,
+    key_secret: KeySecret,
+  ): string;
+  free(): void;
+}

package/src/localNode.ts

@@ -132,17 +132,25 @@ export class LocalNode {
     return accountOrAgentIDfromSessionID(this.currentSessionID);
   }
 
+  _cachedCurrentAgent: ControlledAccountOrAgent | undefined;
   getCurrentAgent(): ControlledAccountOrAgent {
-    const accountOrAgent = this.getCurrentAccountOrAgentID();
-    if (isAgentID(accountOrAgent)) {
-      return new ControlledAgent(this.agentSecret, this.crypto);
+    if (!this._cachedCurrentAgent) {
+      const accountOrAgent = this.getCurrentAccountOrAgentID();
+      if (isAgentID(accountOrAgent)) {
+        this._cachedCurrentAgent = new ControlledAgent(
+          this.agentSecret,
+          this.crypto,
+        );
+      } else {
+        this._cachedCurrentAgent = new ControlledAccount(
+          expectAccount(
+            this.expectCoValueLoaded(accountOrAgent).getCurrentContent(),
+          ),
+          this.agentSecret,
+        );
+      }
     }
-    return new ControlledAccount(
-      expectAccount(
-        this.expectCoValueLoaded(accountOrAgent).getCurrentContent(),
-      ),
-      this.agentSecret,
-    );
+    return this._cachedCurrentAgent;
   }
 
   expectCurrentAccountID(reason: string): RawAccountID {
@@ -360,7 +368,7 @@ export class LocalNode {
 
     const coValue = this.putCoValue(
       id,
-      new VerifiedState(id, this.crypto, header, new Map()),
+      new VerifiedState(id, this.crypto, header),
     );
 
     this.garbageCollector?.trackCoValueAccess(coValue);

package/src/sync.ts

@@ -132,6 +132,11 @@ export class SyncManager {
   peers: { [key: PeerID]: PeerState } = {};
   local: LocalNode;
 
+  // When true, transactions will not be verified.
+  // This is useful when syncing only for storage purposes, with the expectation that
+  // the transactions have already been verified by the [trusted] peer that sent them.
+  private skipVerify: boolean = false;
+
   peersCounter = metrics.getMeter("cojson").createUpDownCounter("jazz.peers", {
     description: "Amount of connected peers",
     valueType: ValueType.INT,
@@ -154,6 +159,10 @@ export class SyncManager {
 
   syncState: SyncStateManager;
 
+  disableTransactionVerification() {
+    this.skipVerify = true;
+  }
+
   peersInPriorityOrder(): PeerState[] {
     return Object.values(this.peers).sort((a, b) => {
       const aPriority = a.priority || 0;
@@ -637,6 +646,7 @@ export class SyncManager {
         undefined,
         newContentForSession.lastSignature,
         "immediate",
+        this.skipVerify,
       );
 
       if (result.isErr()) {

package/src/tests/PureJSCrypto.test.ts

@@ -0,0 +1,130 @@
+import { assert, beforeEach, describe, expect, it } from "vitest";
+import {
+  loadCoValueOrFail,
+  setCurrentTestCryptoProvider,
+  setupTestNode,
+  setupTestAccount,
+} from "./testUtils";
+import { PureJSCrypto } from "../crypto/PureJSCrypto";
+import { stableStringify } from "../jsonStringify";
+
+const jsCrypto = await PureJSCrypto.create();
+setCurrentTestCryptoProvider(jsCrypto);
+
+let syncServer: ReturnType<typeof setupTestNode>;
+
+beforeEach(() => {
+  syncServer = setupTestNode({ isSyncServer: true });
+});
+
+// A suite of tests focused on high-level tests that verify:
+// - Keys creation and unsealing
+// - Signature creation and verification
+// - Encryption and decryption of values
+describe("PureJSCrypto", () => {
+  it("successfully creates a private CoValue and reads it in another session", async () => {
+    const client = setupTestNode({
+      connected: true,
+    });
+
+    const group = client.node.createGroup();
+    const map = group.createMap();
+    map.set("count", 0, "private");
+    map.set("count", 1, "private");
+    map.set("count", 2, "private");
+
+    const client2 = client.spawnNewSession();
+
+    const mapInTheOtherSession = await loadCoValueOrFail(client2.node, map.id);
+
+    expect(mapInTheOtherSession.get("count")).toEqual(2);
+  });
+
+  it("successfully updates a private CoValue and reads it in another session", async () => {
+    const client = setupTestNode({
+      connected: true,
+    });
+
+    const group = client.node.createGroup();
+    const map = group.createMap();
+    map.set("count", 0, "private");
+    map.set("count", 1, "private");
+    map.set("count", 2, "private");
+
+    const client2 = client.spawnNewSession();
+
+    const mapInTheOtherSession = await loadCoValueOrFail(client2.node, map.id);
+    mapInTheOtherSession.set("count", 3, "private");
+
+    await mapInTheOtherSession.core.waitForSync();
+
+    expect(mapInTheOtherSession.get("count")).toEqual(3);
+  });
+
+  it("can invite another account to a group and share a private CoValue", async () => {
+    const client = setupTestNode({
+      connected: true,
+    });
+    const account = await setupTestAccount({
+      connected: true,
+    });
+
+    const group = client.node.createGroup();
+    const invite = group.createInvite("admin");
+
+    await account.node.acceptInvite(group.id, invite);
+
+    const map = group.createMap();
+    map.set("secret", "private-data", "private");
+
+    // The other account should be able to read the private value
+    const mapInOtherSession = await loadCoValueOrFail(account.node, map.id);
+    expect(mapInOtherSession.get("secret")).toEqual("private-data");
+
+    mapInOtherSession.set("secret", "modified", "private");
+
+    await mapInOtherSession.core.waitForSync();
+
+    expect(map.get("secret")).toEqual("modified");
+  });
+
+  it("rejects sessions with invalid signatures", async () => {
+    const client = setupTestNode({
+      connected: true,
+    });
+
+    const group = client.node.createGroup();
+    const map = group.createMap();
+    map.set("count", 0, "trusting");
+
+    // Create a new session with the same agent
+    const client2 = client.spawnNewSession();
+
+    // This should work normally
+    const mapInOtherSession = await loadCoValueOrFail(client2.node, map.id);
+    expect(mapInOtherSession.get("count")).toEqual(0);
+
+    mapInOtherSession.core.tryAddTransactions(
+      client2.node.currentSessionID,
+      [
+        {
+          privacy: "trusting",
+          changes: stableStringify([{ op: "set", key: "count", value: 1 }]),
+          madeAt: Date.now(),
+        },
+      ],
+      "hash_z12345678",
+      "signature_z12345678",
+      "immediate",
+      true,
+    );
+
+    const content =
+      mapInOtherSession.core.verified.newContentSince(undefined)?.[0];
+    assert(content);
+
+    client.node.syncManager.handleNewContent(content, "storage");
+
+    expect(map.get("count")).toEqual(0);
+  });
+});