cojson 0.19.21 → 0.20.0

package/src/crypto/PureJSCrypto.ts

@@ -1,429 +0,0 @@
-import { xsalsa20, xsalsa20poly1305 } from "@noble/ciphers/salsa";
-import { ed25519, x25519 } from "@noble/curves/ed25519";
-import { blake3 } from "@noble/hashes/blake3";
-import { base58 } from "@scure/base";
-import { base64URLtoBytes, bytesToBase64url } from "../base64url.js";
-import {
-  PrivateTransaction,
-  Transaction,
-  TrustingTransaction,
-} from "../coValueCore/verifiedState.js";
-import { RawCoID, SessionID, TransactionID } from "../ids.js";
-import { Stringified, stableStringify } from "../jsonStringify.js";
-import { JsonObject, JsonValue } from "../jsonValue.js";
-import { logger } from "../logger.js";
-import {
-  CryptoProvider,
-  Encrypted,
-  KeyID,
-  KeySecret,
-  Sealed,
-  SealerID,
-  SealerSecret,
-  SessionLogImpl,
-  Signature,
-  SignerID,
-  SignerSecret,
-  textDecoder,
-  textEncoder,
-} from "./crypto.js";
-import { ControlledAccountOrAgent } from "../coValues/account.js";
-
-export type Blake3State = {
-  update: (buf: Uint8Array) => Blake3State;
-  digest: () => Uint8Array;
-  clone: () => Blake3State;
-};
-
-const x25519SharedSecretCache = new Map<string, Uint8Array>();
-
-function getx25519SharedSecret(
-  privateKeyA: SealerSecret,
-  publicKeyB: SealerID,
-): Uint8Array {
-  const cacheKey = `${privateKeyA}-${publicKeyB}`;
-  let sharedSecret = x25519SharedSecretCache.get(cacheKey);
-
-  if (!sharedSecret) {
-    const privateKeyABytes = base58.decode(
-      privateKeyA.substring("sealerSecret_z".length),
-    );
-    const publicKeyBBytes = base58.decode(
-      publicKeyB.substring("sealer_z".length),
-    );
-    sharedSecret = x25519.getSharedSecret(privateKeyABytes, publicKeyBBytes);
-    x25519SharedSecretCache.set(cacheKey, sharedSecret);
-  }
-
-  return sharedSecret;
-}
-
-/**
- * Pure JavaScript implementation of the CryptoProvider interface using noble-curves and noble-ciphers libraries.
- * This provides a fallback implementation that doesn't require WebAssembly, offering:
- * - Signing/verifying (Ed25519)
- * - Encryption/decryption (XSalsa20)
- * - Sealing/unsealing (X25519 + XSalsa20-Poly1305)
- * - Hashing (BLAKE3)
- */
-export class PureJSCrypto extends CryptoProvider<Blake3State> {
-  static async create(): Promise<PureJSCrypto> {
-    return new PureJSCrypto();
-  }
-
-  createStreamingHash(): Blake3State {
-    return blake3.create({});
-  }
-
-  blake3HashOnce(data: Uint8Array) {
-    return blake3(data);
-  }
-
-  blake3HashOnceWithContext(
-    data: Uint8Array,
-    { context }: { context: Uint8Array },
-  ) {
-    return this.createStreamingHash().update(context).update(data).digest();
-  }
-
-  generateNonce(input: Uint8Array): Uint8Array {
-    return this.blake3HashOnce(input).slice(0, 24);
-  }
-
-  generateJsonNonce(material: JsonValue): Uint8Array {
-    return this.generateNonce(textEncoder.encode(stableStringify(material)));
-  }
-
-  newEd25519SigningKey(): Uint8Array {
-    return ed25519.utils.randomPrivateKey();
-  }
-
-  getSignerID(secret: SignerSecret): SignerID {
-    return `signer_z${base58.encode(
-      ed25519.getPublicKey(
-        base58.decode(secret.substring("signerSecret_z".length)),
-      ),
-    )}`;
-  }
-
-  sign(secret: SignerSecret, message: JsonValue): Signature {
-    const signature = ed25519.sign(
-      textEncoder.encode(stableStringify(message)),
-      base58.decode(secret.substring("signerSecret_z".length)),
-    );
-    return `signature_z${base58.encode(signature)}`;
-  }
-
-  verify(signature: Signature, message: JsonValue, id: SignerID): boolean {
-    return ed25519.verify(
-      base58.decode(signature.substring("signature_z".length)),
-      textEncoder.encode(stableStringify(message)),
-      base58.decode(id.substring("signer_z".length)),
-    );
-  }
-
-  newX25519StaticSecret(): Uint8Array {
-    return x25519.utils.randomPrivateKey();
-  }
-
-  getSealerID(secret: SealerSecret): SealerID {
-    return `sealer_z${base58.encode(
-      x25519.getPublicKey(
-        base58.decode(secret.substring("sealerSecret_z".length)),
-      ),
-    )}`;
-  }
-
-  encrypt<T extends JsonValue, N extends JsonValue>(
-    value: T,
-    keySecret: KeySecret,
-    nOnceMaterial: N,
-  ): Encrypted<T, N> {
-    const keySecretBytes = base58.decode(
-      keySecret.substring("keySecret_z".length),
-    );
-    const nOnce = this.generateJsonNonce(nOnceMaterial);
-
-    const plaintext = textEncoder.encode(stableStringify(value));
-    const ciphertext = xsalsa20(keySecretBytes, nOnce, plaintext);
-    return `encrypted_U${bytesToBase64url(ciphertext)}` as Encrypted<T, N>;
-  }
-
-  decryptRaw<T extends JsonValue, N extends JsonValue>(
-    encrypted: Encrypted<T, N>,
-    keySecret: KeySecret,
-    nOnceMaterial: N,
-  ): Stringified<T> {
-    const keySecretBytes = base58.decode(
-      keySecret.substring("keySecret_z".length),
-    );
-    const nOnce = this.generateJsonNonce(nOnceMaterial);
-
-    const ciphertext = base64URLtoBytes(
-      encrypted.substring("encrypted_U".length),
-    );
-    const plaintext = xsalsa20(keySecretBytes, nOnce, ciphertext);
-
-    return textDecoder.decode(plaintext) as Stringified<T>;
-  }
-
-  seal<T extends JsonValue>({
-    message,
-    from,
-    to,
-    nOnceMaterial,
-  }: {
-    message: T;
-    from: SealerSecret;
-    to: SealerID;
-    nOnceMaterial: { in: RawCoID; tx: TransactionID };
-  }): Sealed<T> {
-    const sharedSecret = getx25519SharedSecret(from, to);
-    const nOnce = this.generateJsonNonce(nOnceMaterial);
-    const plaintext = textEncoder.encode(stableStringify(message));
-
-    const sealedBytes = xsalsa20poly1305(sharedSecret, nOnce).encrypt(
-      plaintext,
-    );
-
-    return `sealed_U${bytesToBase64url(sealedBytes)}` as Sealed<T>;
-  }
-
-  unseal<T extends JsonValue>(
-    sealed: Sealed<T>,
-    sealer: SealerSecret,
-    from: SealerID,
-    nOnceMaterial: { in: RawCoID; tx: TransactionID },
-  ): T | undefined {
-    const nOnce = this.generateJsonNonce(nOnceMaterial);
-
-    const sharedSecret = getx25519SharedSecret(sealer, from);
-    const sealedBytes = base64URLtoBytes(sealed.substring("sealed_U".length));
-
-    const plaintext = xsalsa20poly1305(sharedSecret, nOnce).decrypt(
-      sealedBytes,
-    );
-
-    try {
-      return JSON.parse(textDecoder.decode(plaintext));
-    } catch (e) {
-      logger.error("Failed to decrypt/parse sealed message", { err: e });
-      return undefined;
-    }
-  }
-
-  createSessionLog(
-    coID: RawCoID,
-    sessionID: SessionID,
-    signerID?: SignerID,
-  ): SessionLogImpl {
-    return new PureJSSessionLog(coID, sessionID, signerID, this);
-  }
-}
-
-export class PureJSSessionLog implements SessionLogImpl {
-  transactions: string[] = [];
-  lastSignature: Signature | undefined;
-  streamingHash: Blake3State;
-
-  constructor(
-    private readonly coID: RawCoID,
-    private readonly sessionID: SessionID,
-    private readonly signerID: SignerID | undefined,
-    private readonly crypto: PureJSCrypto,
-  ) {
-    this.streamingHash = crypto.createStreamingHash();
-  }
-
-  clone(): SessionLogImpl {
-    const newLog = new PureJSSessionLog(
-      this.coID,
-      this.sessionID,
-      this.signerID,
-      this.crypto,
-    );
-    newLog.transactions = this.transactions.slice();
-    newLog.lastSignature = this.lastSignature;
-    newLog.streamingHash = this.streamingHash.clone();
-    return newLog;
-  }
-
-  tryAdd(
-    transactions: Transaction[],
-    newSignature: Signature,
-    skipVerify: boolean,
-  ): void {
-    this.internalTryAdd(
-      transactions.map((tx) => stableStringify(tx)),
-      newSignature,
-      skipVerify,
-    );
-  }
-
-  internalTryAdd(
-    transactions: string[],
-    newSignature: Signature,
-    skipVerify: boolean,
-  ) {
-    for (const tx of transactions) {
-      this.streamingHash.update(textEncoder.encode(tx));
-    }
-
-    if (!skipVerify) {
-      if (!this.signerID) {
-        throw new Error("Tried to add transactions without signer ID");
-      }
-
-      const newHash = this.streamingHash.clone().digest();
-      const newHashEncoded = `hash_z${base58.encode(newHash)}`;
-
-      if (!this.crypto.verify(newSignature, newHashEncoded, this.signerID)) {
-        // Rebuild the streaming hash to the original state
-        this.streamingHash = this.crypto.createStreamingHash();
-        for (const tx of this.transactions) {
-          this.streamingHash.update(textEncoder.encode(tx));
-        }
-        throw new Error("Signature verification failed");
-      }
-    }
-
-    for (const tx of transactions) {
-      this.transactions.push(tx);
-    }
-
-    this.lastSignature = newSignature;
-
-    return newSignature;
-  }
-
-  internalAddNewTransaction(
-    transaction: string,
-    signerAgent: ControlledAccountOrAgent,
-  ) {
-    this.streamingHash.update(textEncoder.encode(transaction));
-    const newHash = this.streamingHash.clone().digest();
-    const newHashEncoded = `hash_z${base58.encode(newHash)}`;
-    const signature = this.crypto.sign(
-      signerAgent.currentSignerSecret(),
-      newHashEncoded,
-    );
-    this.transactions.push(transaction);
-    this.lastSignature = signature;
-
-    return signature;
-  }
-
-  addNewPrivateTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
-    keyID: KeyID,
-    keySecret: KeySecret,
-    madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: PrivateTransaction } {
-    const encryptedChanges = this.crypto.encrypt(changes, keySecret, {
-      in: this.coID,
-      tx: { sessionID: this.sessionID, txIndex: this.transactions.length },
-    });
-
-    const encryptedMeta = meta
-      ? this.crypto.encrypt(meta, keySecret, {
-          in: this.coID,
-          tx: { sessionID: this.sessionID, txIndex: this.transactions.length },
-        })
-      : undefined;
-
-    const tx = {
-      encryptedChanges: encryptedChanges,
-      madeAt: madeAt,
-      privacy: "private",
-      keyUsed: keyID,
-      meta: encryptedMeta,
-    } satisfies Transaction;
-    const signature = this.internalAddNewTransaction(
-      stableStringify(tx),
-      signerAgent,
-    );
-    return {
-      signature: signature as Signature,
-      transaction: tx,
-    };
-  }
-
-  addNewTrustingTransaction(
-    signerAgent: ControlledAccountOrAgent,
-    changes: JsonValue[],
-    madeAt: number,
-    meta: JsonObject | undefined,
-  ): { signature: Signature; transaction: TrustingTransaction } {
-    const tx = {
-      changes: stableStringify(changes),
-      madeAt: madeAt,
-      privacy: "trusting",
-      meta: meta ? stableStringify(meta) : undefined,
-    } satisfies Transaction;
-    const signature = this.internalAddNewTransaction(
-      stableStringify(tx),
-      signerAgent,
-    );
-    return {
-      signature: signature as Signature,
-      transaction: tx,
-    };
-  }
-
-  decryptNextTransactionChangesJson(
-    txIndex: number,
-    keySecret: KeySecret,
-  ): string {
-    const txJson = this.transactions[txIndex];
-    if (!txJson) {
-      throw new Error("Transaction not found");
-    }
-    const tx = JSON.parse(txJson) as Transaction;
-    if (tx.privacy === "private") {
-      const nOnceMaterial = {
-        in: this.coID,
-        tx: { sessionID: this.sessionID, txIndex: txIndex },
-      };
-
-      return this.crypto.decryptRaw(
-        tx.encryptedChanges,
-        keySecret,
-        nOnceMaterial,
-      );
-    } else {
-      return tx.changes;
-    }
-  }
-
-  decryptNextTransactionMetaJson(
-    txIndex: number,
-    keySecret: KeySecret,
-  ): string | undefined {
-    const txJson = this.transactions[txIndex];
-    if (!txJson) {
-      throw new Error("Transaction not found");
-    }
-    const tx = JSON.parse(txJson) as Transaction;
-
-    if (!tx.meta) {
-      return undefined;
-    }
-
-    if (tx.privacy === "private") {
-      const nOnceMaterial = {
-        in: this.coID,
-        tx: { sessionID: this.sessionID, txIndex: txIndex },
-      };
-
-      return this.crypto.decryptRaw(tx.meta, keySecret, nOnceMaterial);
-    } else {
-      return tx.meta;
-    }
-  }
-
-  free(): void {
-    // no-op
-  }
-}

package/src/tests/PureJSCrypto.test.ts

@@ -1,217 +0,0 @@
-import { assert, beforeEach, describe, expect, it } from "vitest";
-import {
-  loadCoValueOrFail,
-  setCurrentTestCryptoProvider,
-  setupTestNode,
-  setupTestAccount,
-} from "./testUtils";
-import { PureJSCrypto } from "../crypto/PureJSCrypto";
-import { stableStringify } from "../jsonStringify";
-
-const jsCrypto = await PureJSCrypto.create();
-setCurrentTestCryptoProvider(jsCrypto);
-
-let syncServer: ReturnType<typeof setupTestNode>;
-
-beforeEach(() => {
-  syncServer = setupTestNode({ isSyncServer: true });
-});
-
-// A suite of tests focused on high-level tests that verify:
-// - Keys creation and unsealing
-// - Signature creation and verification
-// - Encryption and decryption of values
-describe("PureJSCrypto", () => {
-  it("successfully creates a private CoValue and reads it in another session", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const map = group.createMap();
-    map.set("count", 0, "private");
-    map.set("count", 1, "private");
-    map.set("count", 2, "private");
-
-    const client2 = client.spawnNewSession();
-
-    const mapInTheOtherSession = await loadCoValueOrFail(client2.node, map.id);
-
-    expect(mapInTheOtherSession.get("count")).toEqual(2);
-  });
-
-  it("successfully updates a private CoValue and reads it in another session", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const map = group.createMap();
-    map.set("count", 0, "private");
-    map.set("count", 1, "private");
-    map.set("count", 2, "private");
-
-    const client2 = client.spawnNewSession();
-
-    const mapInTheOtherSession = await loadCoValueOrFail(client2.node, map.id);
-    mapInTheOtherSession.set("count", 3, "private");
-
-    await mapInTheOtherSession.core.waitForSync();
-
-    expect(mapInTheOtherSession.get("count")).toEqual(3);
-  });
-
-  it("can invite another account to a group and share a private CoValue", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-    const account = await setupTestAccount({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const invite = group.createInvite("admin");
-
-    await account.node.acceptInvite(group.id, invite);
-
-    const map = group.createMap();
-    map.set("secret", "private-data", "private");
-
-    // The other account should be able to read the private value
-    const mapInOtherSession = await loadCoValueOrFail(account.node, map.id);
-    expect(mapInOtherSession.get("secret")).toEqual("private-data");
-
-    mapInOtherSession.set("secret", "modified", "private");
-
-    await mapInOtherSession.core.waitForSync();
-
-    expect(map.get("secret")).toEqual("modified");
-  });
-
-  it("rejects sessions with invalid signatures", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const map = group.createMap();
-    map.set("count", 0, "trusting");
-
-    // Create a new session with the same agent
-    const client2 = client.spawnNewSession();
-
-    // This should work normally
-    const mapInOtherSession = await loadCoValueOrFail(client2.node, map.id);
-    expect(mapInOtherSession.get("count")).toEqual(0);
-
-    mapInOtherSession.core.tryAddTransactions(
-      client2.node.currentSessionID,
-      [
-        {
-          privacy: "trusting",
-          changes: stableStringify([{ op: "set", key: "count", value: 1 }]),
-          madeAt: Date.now(),
-        },
-      ],
-      "signature_z12345678",
-      true,
-    );
-
-    const content = mapInOtherSession.core.newContentSince(undefined)?.[0];
-    assert(content);
-
-    client.node.syncManager.handleNewContent(content, "storage");
-
-    expect(map.get("count")).toEqual(0);
-  });
-
-  it("can add a meta to a private transaction", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const map = group.createMap();
-
-    map.core.makeTransaction([], "private", {
-      meta: {
-        count: 1,
-      },
-    });
-
-    await map.core.waitForSync();
-
-    const session2 = client.spawnNewSession();
-
-    const mapInOtherSession = await loadCoValueOrFail(session2.node, map.id);
-
-    const decryptedMeta =
-      mapInOtherSession.core.verified.decryptTransactionMeta(
-        client.node.currentSessionID,
-        0,
-        map.core.getCurrentReadKey().secret!,
-      );
-
-    expect(decryptedMeta).toEqual({
-      meta: {
-        count: 1,
-      },
-    });
-  });
-
-  it("can add a meta to a trusting transaction", async () => {
-    const client = setupTestNode({
-      connected: true,
-    });
-
-    const group = client.node.createGroup();
-    const map = group.createMap();
-
-    map.core.makeTransaction([], "trusting", {
-      meta: {
-        count: 1,
-      },
-    });
-
-    await map.core.waitForSync();
-
-    const session2 = client.spawnNewSession();
-
-    const mapInOtherSession = await loadCoValueOrFail(session2.node, map.id);
-
-    const transferredMeta = JSON.parse(
-      mapInOtherSession.core.verified.sessions.get(client.node.currentSessionID)
-        ?.transactions[0]?.meta!,
-    );
-
-    expect(transferredMeta).toEqual({
-      meta: {
-        count: 1,
-      },
-    });
-  });
-});
-
-describe("PureJSSessionLog", () => {
-  it("fails to verify signatures without a signer ID", async () => {
-    const agentSecret = jsCrypto.newRandomAgentSecret();
-    const sessionID = jsCrypto.newRandomSessionID(
-      jsCrypto.getAgentID(agentSecret),
-    );
-
-    const sessionLog = jsCrypto.createSessionLog("co_z12345678", sessionID);
-    expect(() =>
-      sessionLog.tryAdd(
-        [
-          {
-            privacy: "trusting",
-            changes: stableStringify([{ op: "set", key: "count", value: 1 }]),
-            madeAt: Date.now(),
-          },
-        ],
-        "signature_z12345678",
-        false,
-      ),
-    ).toThrow("Tried to add transactions without signer ID");
-  });
-});