cojson 0.17.9 → 0.17.11

package/src/coValueCore/verifiedState.ts

@@ -10,6 +10,7 @@ import {
   Encrypted,
   Hash,
   KeyID,
+  KeySecret,
   Signature,
   SignerID,
   StreamingHash,
@@ -21,6 +22,8 @@ import { PermissionsDef as RulesetDef } from "../permissions.js";
 import { CoValueKnownState, NewContentMessage } from "../sync.js";
 import { InvalidHashError, InvalidSignatureError } from "./coValueCore.js";
 import { TryAddTransactionsError } from "./coValueCore.js";
+import { SessionLog, SessionMap } from "./SessionMap.js";
+import { ControlledAccountOrAgent } from "../coValues/account.js";
 
 export type CoValueHeader = {
   type: AnyRawCoValue["type"];
@@ -48,20 +51,11 @@ export type TrustingTransaction = {
 
 export type Transaction = PrivateTransaction | TrustingTransaction;
 
-type SessionLog = {
-  readonly transactions: Transaction[];
-  streamingHash?: StreamingHash;
-  readonly signatureAfter: { [txIdx: number]: Signature | undefined };
-  lastSignature: Signature;
-};
-
-export type ValidatedSessions = Map<SessionID, SessionLog>;
-
 export class VerifiedState {
   readonly id: RawCoID;
   readonly crypto: CryptoProvider;
   readonly header: CoValueHeader;
-  readonly sessions: ValidatedSessions;
+  readonly sessions: SessionMap;
   private _cachedKnownState?: CoValueKnownState;
   private _cachedNewContentSinceEmpty: NewContentMessage[] | undefined;
   private streamingKnownState?: CoValueKnownState["sessions"];
@@ -71,171 +65,98 @@ export class VerifiedState {
     id: RawCoID,
     crypto: CryptoProvider,
     header: CoValueHeader,
-    sessions: ValidatedSessions,
+    sessions?: SessionMap,
     streamingKnownState?: CoValueKnownState["sessions"],
   ) {
     this.id = id;
     this.crypto = crypto;
     this.header = header;
-    this.sessions = sessions;
+    this.sessions = sessions ?? new SessionMap(id, crypto);
     this.streamingKnownState = streamingKnownState
       ? { ...streamingKnownState }
       : undefined;
   }
 
   clone(): VerifiedState {
-    // do a deep clone, including the sessions
-    const clonedSessions = new Map();
-    for (let [sessionID, sessionLog] of this.sessions) {
-      clonedSessions.set(sessionID, {
-        lastSignature: sessionLog.lastSignature,
-        streamingHash: sessionLog.streamingHash?.clone(),
-        signatureAfter: { ...sessionLog.signatureAfter },
-        transactions: sessionLog.transactions.slice(),
-      } satisfies SessionLog);
-    }
     return new VerifiedState(
       this.id,
       this.crypto,
       this.header,
-      clonedSessions,
-      this.streamingKnownState,
+      this.sessions.clone(),
+      this.streamingKnownState ? { ...this.streamingKnownState } : undefined,
     );
   }
 
   tryAddTransactions(
     sessionID: SessionID,
-    signerID: SignerID,
+    signerID: SignerID | undefined,
     newTransactions: Transaction[],
-    givenExpectedNewHash: Hash | undefined,
     newSignature: Signature,
     skipVerify: boolean = false,
-    givenNewStreamingHash?: StreamingHash,
   ): Result<true, TryAddTransactionsError> {
-    if (skipVerify === true) {
-      this.doAddTransactions(
-        sessionID,
-        newTransactions,
-        newSignature,
-        givenNewStreamingHash,
-      );
-    } else {
-      const { expectedNewHash, newStreamingHash } = this.expectedNewHashAfter(
-        sessionID,
-        newTransactions,
-      );
-
-      if (givenExpectedNewHash && givenExpectedNewHash !== expectedNewHash) {
-        return err({
-          type: "InvalidHash",
-          id: this.id,
-          expectedNewHash,
-          givenExpectedNewHash,
-        } satisfies InvalidHashError);
-      }
-
-      if (!this.crypto.verify(newSignature, expectedNewHash, signerID)) {
-        return err({
-          type: "InvalidSignature",
-          id: this.id,
-          newSignature,
-          sessionID,
-          signerID,
-        } satisfies InvalidSignatureError);
-      }
+    const result = this.sessions.addTransaction(
+      sessionID,
+      signerID,
+      newTransactions,
+      newSignature,
+      skipVerify,
+    );
 
-      this.doAddTransactions(
-        sessionID,
-        newTransactions,
-        newSignature,
-        newStreamingHash,
-      );
+    if (result.isOk()) {
+      this._cachedNewContentSinceEmpty = undefined;
+      this._cachedKnownState = undefined;
     }
 
-    return ok(true as const);
+    return result;
   }
 
-  getLastSignatureCheckpoint(sessionID: SessionID): number {
-    const sessionLog = this.sessions.get(sessionID);
+  makeNewTrustingTransaction(
+    sessionID: SessionID,
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+  ) {
+    const result = this.sessions.makeNewTrustingTransaction(
+      sessionID,
+      signerAgent,
+      changes,
+    );
 
-    if (!sessionLog?.signatureAfter) return -1;
+    this._cachedNewContentSinceEmpty = undefined;
+    this._cachedKnownState = undefined;
 
-    return Object.keys(sessionLog.signatureAfter).reduce(
-      (max, idx) => Math.max(max, parseInt(idx)),
-      -1,
-    );
+    return result;
   }
 
-  private doAddTransactions(
+  makeNewPrivateTransaction(
     sessionID: SessionID,
-    newTransactions: Transaction[],
-    newSignature: Signature,
-    newStreamingHash?: StreamingHash,
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    keyID: KeyID,
+    keySecret: KeySecret,
   ) {
-    const sessionLog = this.sessions.get(sessionID);
-    const transactions = sessionLog?.transactions ?? [];
-
-    for (const tx of newTransactions) {
-      transactions.push(tx);
-    }
-
-    const signatureAfter = sessionLog?.signatureAfter ?? {};
-    const lastInbetweenSignatureIdx =
-      this.getLastSignatureCheckpoint(sessionID);
-
-    const sizeOfTxsSinceLastInbetweenSignature = transactions
-      .slice(lastInbetweenSignatureIdx + 1)
-      .reduce((sum, tx) => sum + getTransactionSize(tx), 0);
-
-    if (exceedsRecommendedSize(sizeOfTxsSinceLastInbetweenSignature)) {
-      signatureAfter[transactions.length - 1] = newSignature;
-    }
-
-    this.sessions.set(sessionID, {
-      transactions,
-      streamingHash: newStreamingHash,
-      lastSignature: newSignature,
-      signatureAfter: signatureAfter,
-    });
+    const result = this.sessions.makeNewPrivateTransaction(
+      sessionID,
+      signerAgent,
+      changes,
+      keyID,
+      keySecret,
+    );
 
     this._cachedNewContentSinceEmpty = undefined;
     this._cachedKnownState = undefined;
+
+    return result;
   }
 
-  expectedNewHashAfter(
-    sessionID: SessionID,
-    newTransactions: Transaction[],
-  ): { expectedNewHash: Hash; newStreamingHash: StreamingHash } {
+  getLastSignatureCheckpoint(sessionID: SessionID): number {
     const sessionLog = this.sessions.get(sessionID);
 
-    if (!sessionLog?.streamingHash) {
-      const streamingHash = new StreamingHash(this.crypto);
-      const oldTransactions = sessionLog?.transactions ?? [];
-
-      for (const transaction of oldTransactions) {
-        streamingHash.update(transaction);
-      }
-
-      for (const transaction of newTransactions) {
-        streamingHash.update(transaction);
-      }
-
-      return {
-        expectedNewHash: streamingHash.digest(),
-        newStreamingHash: streamingHash,
-      };
-    }
-
-    const streamingHash = sessionLog.streamingHash.clone();
-
-    for (const transaction of newTransactions) {
-      streamingHash.update(transaction);
-    }
+    if (!sessionLog?.signatureAfter) return -1;
 
-    return {
-      expectedNewHash: streamingHash.digest(),
-      newStreamingHash: streamingHash,
-    };
+    return Object.keys(sessionLog.signatureAfter).reduce(
+      (max, idx) => Math.max(max, parseInt(idx)),
+      -1,
+    );
   }
 
   newContentSince(
@@ -424,6 +345,14 @@ export class VerifiedState {
       sessions,
     };
   }
+
+  decryptTransaction(
+    sessionID: SessionID,
+    txIndex: number,
+    keySecret: KeySecret,
+  ): JsonValue[] | undefined {
+    return this.sessions.decryptTransaction(sessionID, txIndex, keySecret);
+  }
 }
 
 function getNextKnownSignatureIdx(

package/src/coValues/account.ts

@@ -92,6 +92,10 @@ export class ControlledAccount implements ControlledAccountOrAgent {
   account: RawAccount<AccountMeta>;
   agentSecret: AgentSecret;
   _cachedCurrentAgentID: AgentID | undefined;
+  _cachedCurrentSignerID: SignerID | undefined;
+  _cachedCurrentSignerSecret: SignerSecret | undefined;
+  _cachedCurrentSealerID: SealerID | undefined;
+  _cachedCurrentSealerSecret: SealerSecret | undefined;
   crypto: CryptoProvider;
 
   constructor(account: RawAccount<AccountMeta>, agentSecret: AgentSecret) {
@@ -114,19 +118,39 @@ export class ControlledAccount implements ControlledAccountOrAgent {
   }
 
   currentSignerID() {
-    return this.crypto.getAgentSignerID(this.currentAgentID());
+    if (this._cachedCurrentSignerID) {
+      return this._cachedCurrentSignerID;
+    }
+    const signerID = this.crypto.getAgentSignerID(this.currentAgentID());
+    this._cachedCurrentSignerID = signerID;
+    return signerID;
   }
 
   currentSignerSecret(): SignerSecret {
-    return this.crypto.getAgentSignerSecret(this.agentSecret);
+    if (this._cachedCurrentSignerSecret) {
+      return this._cachedCurrentSignerSecret;
+    }
+    const signerSecret = this.crypto.getAgentSignerSecret(this.agentSecret);
+    this._cachedCurrentSignerSecret = signerSecret;
+    return signerSecret;
   }
 
   currentSealerID() {
-    return this.crypto.getAgentSealerID(this.currentAgentID());
+    if (this._cachedCurrentSealerID) {
+      return this._cachedCurrentSealerID;
+    }
+    const sealerID = this.crypto.getAgentSealerID(this.currentAgentID());
+    this._cachedCurrentSealerID = sealerID;
+    return sealerID;
   }
 
   currentSealerSecret(): SealerSecret {
-    return this.crypto.getAgentSealerSecret(this.agentSecret);
+    if (this._cachedCurrentSealerSecret) {
+      return this._cachedCurrentSealerSecret;
+    }
+    const sealerSecret = this.crypto.getAgentSealerSecret(this.agentSecret);
+    this._cachedCurrentSealerSecret = sealerSecret;
+    return sealerSecret;
   }
 }
 

package/src/coValues/group.ts

@@ -370,16 +370,24 @@ export class RawGroup<
     if (role === "writeOnly" || role === "writeOnlyInvite") {
       const previousRole = this.get(memberKey);
 
-      this.set(memberKey, role, "trusting");
+      if (
+        previousRole === "admin" &&
+        memberKey !== this.core.node.getCurrentAgent().id
+      ) {
+        throw new Error(
+          "Administrators cannot demote other administrators in a group",
+        );
+      }
 
       if (
         previousRole === "reader" ||
         previousRole === "writer" ||
         previousRole === "admin"
       ) {
-        this.rotateReadKey();
+        this.rotateReadKey(memberKey);
       }
 
+      this.set(memberKey, role, "trusting");
       this.internalCreateWriteOnlyKeyForMember(memberKey, agent);
     } else {
       const currentReadKey = this.getCurrentReadKey();

package/src/crypto/PureJSCrypto.ts

@@ -3,23 +3,32 @@ import { ed25519, x25519 } from "@noble/curves/ed25519";
 import { blake3 } from "@noble/hashes/blake3";
 import { base58 } from "@scure/base";
 import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import { RawCoID, TransactionID } from "../ids.js";
+import {
+  PrivateTransaction,
+  Transaction,
+  TrustingTransaction,
+} from "../coValueCore/verifiedState.js";
+import { RawCoID, SessionID, TransactionID } from "../ids.js";
 import { Stringified, stableStringify } from "../jsonStringify.js";
 import { JsonValue } from "../jsonValue.js";
 import { logger } from "../logger.js";
 import {
   CryptoProvider,
   Encrypted,
+  KeyID,
   KeySecret,
   Sealed,
   SealerID,
   SealerSecret,
+  SessionLogImpl,
   Signature,
   SignerID,
   SignerSecret,
+  StreamingHash,
   textDecoder,
   textEncoder,
 } from "./crypto.js";
+import { ControlledAccountOrAgent } from "../coValues/account.js";
 
 type Blake3State = ReturnType<typeof blake3.create>;
 
@@ -67,7 +76,7 @@ export class PureJSCrypto extends CryptoProvider<Blake3State> {
     return this.blake3HashOnce(input).slice(0, 24);
   }
 
-  protected generateJsonNonce(material: JsonValue): Uint8Array {
+  generateJsonNonce(material: JsonValue): Uint8Array {
     return this.generateNonce(textEncoder.encode(stableStringify(material)));
   }
 
@@ -199,4 +208,199 @@ export class PureJSCrypto extends CryptoProvider<Blake3State> {
       return undefined;
     }
   }
+
+  createSessionLog(
+    coID: RawCoID,
+    sessionID: SessionID,
+    signerID?: SignerID,
+  ): SessionLogImpl {
+    return new PureJSSessionLog(coID, sessionID, signerID, this);
+  }
+}
+
+export class PureJSSessionLog implements SessionLogImpl {
+  transactions: string[] = [];
+  lastSignature: Signature | undefined;
+  streamingHash: Blake3State;
+
+  constructor(
+    private readonly coID: RawCoID,
+    private readonly sessionID: SessionID,
+    private readonly signerID: SignerID | undefined,
+    private readonly crypto: PureJSCrypto,
+  ) {
+    this.streamingHash = this.crypto.emptyBlake3State();
+  }
+
+  clone(): SessionLogImpl {
+    const newLog = new PureJSSessionLog(
+      this.coID,
+      this.sessionID,
+      this.signerID,
+      this.crypto,
+    );
+    newLog.transactions = this.transactions.slice();
+    newLog.lastSignature = this.lastSignature;
+    newLog.streamingHash = this.crypto.cloneBlake3State(this.streamingHash);
+    return newLog;
+  }
+
+  tryAdd(
+    transactions: Transaction[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ): void {
+    this.internalTryAdd(
+      transactions.map((tx) => stableStringify(tx)),
+      newSignature,
+      skipVerify,
+    );
+  }
+
+  internalTryAdd(
+    transactions: string[],
+    newSignature: Signature,
+    skipVerify: boolean,
+  ) {
+    if (!skipVerify) {
+      if (!this.signerID) {
+        throw new Error("Tried to add transactions without signer ID");
+      }
+
+      const checkHasher = this.crypto.cloneBlake3State(this.streamingHash);
+
+      for (const tx of transactions) {
+        checkHasher.update(textEncoder.encode(tx));
+      }
+      const newHash = checkHasher.digest();
+      const newHashEncoded = `hash_z${base58.encode(newHash)}`;
+
+      if (!this.crypto.verify(newSignature, newHashEncoded, this.signerID)) {
+        throw new Error("Signature verification failed");
+      }
+    }
+
+    for (const tx of transactions) {
+      this.crypto.blake3IncrementalUpdate(
+        this.streamingHash,
+        textEncoder.encode(tx),
+      );
+      this.transactions.push(tx);
+    }
+
+    this.lastSignature = newSignature;
+
+    return newSignature;
+  }
+
+  expectedHashAfter(transactionsJson: string[]): string {
+    const hasher = this.crypto.cloneBlake3State(this.streamingHash);
+    for (const tx of transactionsJson) {
+      hasher.update(textEncoder.encode(tx));
+    }
+    const newHash = hasher.digest();
+    return `hash_z${base58.encode(newHash)}`;
+  }
+
+  internalAddNewTransaction(
+    transaction: string,
+    signerAgent: ControlledAccountOrAgent,
+  ) {
+    this.crypto.blake3IncrementalUpdate(
+      this.streamingHash,
+      textEncoder.encode(transaction),
+    );
+    const newHash = this.crypto.blake3DigestForState(this.streamingHash);
+    const newHashEncoded = `hash_z${base58.encode(newHash)}`;
+    const signature = this.crypto.sign(
+      signerAgent.currentSignerSecret(),
+      newHashEncoded,
+    );
+    this.transactions.push(transaction);
+    this.lastSignature = signature;
+
+    return signature;
+  }
+
+  addNewPrivateTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    keyID: KeyID,
+    keySecret: KeySecret,
+    madeAt: number,
+  ): { signature: Signature; transaction: PrivateTransaction } {
+    const encryptedChanges = this.crypto.encrypt(changes, keySecret, {
+      in: this.coID,
+      tx: { sessionID: this.sessionID, txIndex: this.transactions.length },
+    });
+    const tx = {
+      encryptedChanges: encryptedChanges,
+      madeAt: madeAt,
+      privacy: "private",
+      keyUsed: keyID,
+    } satisfies Transaction;
+    const signature = this.internalAddNewTransaction(
+      stableStringify(tx),
+      signerAgent,
+    );
+    return {
+      signature: signature as Signature,
+      transaction: tx,
+    };
+  }
+
+  addNewTrustingTransaction(
+    signerAgent: ControlledAccountOrAgent,
+    changes: JsonValue[],
+    madeAt: number,
+  ): { signature: Signature; transaction: TrustingTransaction } {
+    const tx = {
+      changes: stableStringify(changes),
+      madeAt: madeAt,
+      privacy: "trusting",
+    } satisfies Transaction;
+    const signature = this.internalAddNewTransaction(
+      stableStringify(tx),
+      signerAgent,
+    );
+    return {
+      signature: signature as Signature,
+      transaction: tx,
+    };
+  }
+
+  decryptNextTransactionChangesJson(
+    txIndex: number,
+    keySecret: KeySecret,
+  ): string {
+    const txJson = this.transactions[txIndex];
+    if (!txJson) {
+      throw new Error("Transaction not found");
+    }
+    const tx = JSON.parse(txJson) as Transaction;
+    if (tx.privacy === "private") {
+      const nOnceMaterial = {
+        in: this.coID,
+        tx: { sessionID: this.sessionID, txIndex: txIndex },
+      };
+
+      const nOnce = this.crypto.generateJsonNonce(nOnceMaterial);
+
+      const ciphertext = base64URLtoBytes(
+        tx.encryptedChanges.substring("encrypted_U".length),
+      );
+      const keySecretBytes = base58.decode(
+        keySecret.substring("keySecret_z".length),
+      );
+      const plaintext = xsalsa20(keySecretBytes, nOnce, ciphertext);
+
+      return textDecoder.decode(plaintext);
+    } else {
+      return tx.changes;
+    }
+  }
+
+  free(): void {
+    // no-op
+  }
 }