cojson 0.8.41 → 0.8.45

package/src/tests/crypto.test.ts

@@ -3,178 +3,187 @@ import { x25519 } from "@noble/curves/ed25519";
 import { blake3 } from "@noble/hashes/blake3";
 import { base58, base64url } from "@scure/base";
 import { expect, test } from "vitest";
+import { PureJSCrypto } from "../crypto/PureJSCrypto.js";
 import { WasmCrypto } from "../crypto/WasmCrypto.js";
 import { SessionID } from "../ids.js";
 import { stableStringify } from "../jsonStringify.js";
 
-const Crypto = await WasmCrypto.create();
-
-test("Signatures round-trip and use stable stringify", () => {
-  const data = { b: "world", a: "hello" };
-  const signer = Crypto.newRandomSigner();
-  const signature = Crypto.sign(signer, data);
-
-  expect(signature).toMatch(/^signature_z/);
-  expect(
-    Crypto.verify(
-      signature,
-      { a: "hello", b: "world" },
-      Crypto.getSignerID(signer),
-    ),
-  ).toBe(true);
-});
-
-test("Invalid signatures don't verify", () => {
-  const data = { b: "world", a: "hello" };
-  const signer = Crypto.newRandomSigner();
-  const signer2 = Crypto.newRandomSigner();
-  const wrongSignature = Crypto.sign(signer2, data);
+const wasmCrypto = await WasmCrypto.create();
+const pureJSCrypto = await PureJSCrypto.create();
+
+[wasmCrypto, pureJSCrypto].forEach((crypto) => {
+  const name = crypto.constructor.name;
+
+  test(`Signatures round-trip and use stable stringify [${name}]`, () => {
+    const data = { b: "world", a: "hello" };
+    const signer = crypto.newRandomSigner();
+    const signature = crypto.sign(signer, data);
+
+    expect(signature).toMatch(/^signature_z/);
+    expect(
+      crypto.verify(
+        signature,
+        { a: "hello", b: "world" },
+        crypto.getSignerID(signer),
+      ),
+    ).toBe(true);
+  });
 
-  expect(Crypto.verify(wrongSignature, data, Crypto.getSignerID(signer))).toBe(
-    false,
-  );
-});
+  test(`Invalid signatures don't verify [${name}]`, () => {
+    const data = { b: "world", a: "hello" };
+    const signer = crypto.newRandomSigner();
+    const signer2 = crypto.newRandomSigner();
+    const wrongSignature = crypto.sign(signer2, data);
 
-test("encrypting round-trips, but invalid receiver can't unseal", () => {
-  const data = { b: "world", a: "hello" };
-  const sender = Crypto.newRandomSealer();
-  const sealer = Crypto.newRandomSealer();
-  const wrongSealer = Crypto.newRandomSealer();
-
-  const nOnceMaterial = {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-  } as const;
-
-  const sealed = Crypto.seal({
-    message: data,
-    from: sender,
-    to: Crypto.getSealerID(sealer),
-    nOnceMaterial,
+    expect(
+      crypto.verify(wrongSignature, data, crypto.getSignerID(signer)),
+    ).toBe(false);
   });
 
-  expect(
-    Crypto.unseal(sealed, sealer, Crypto.getSealerID(sender), nOnceMaterial),
-  ).toEqual(data);
-  expect(() =>
-    Crypto.unseal(
-      sealed,
-      wrongSealer,
-      Crypto.getSealerID(sender),
+  test(`encrypting round-trips, but invalid receiver can't unseal [${name}]`, () => {
+    const data = { b: "world", a: "hello" };
+    const sender = crypto.newRandomSealer();
+    const sealer = crypto.newRandomSealer();
+    const wrongSealer = crypto.newRandomSealer();
+
+    const nOnceMaterial = {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+    } as const;
+
+    const sealed = crypto.seal({
+      message: data,
+      from: sender,
+      to: crypto.getSealerID(sealer),
       nOnceMaterial,
-    ),
-  ).toThrow(/Wrong tag/);
-
-  // trying with wrong sealer secret, by hand
-  const nOnce = blake3(
-    new TextEncoder().encode(stableStringify(nOnceMaterial)),
-  ).slice(0, 24);
-  const sealer3priv = base58.decode(
-    wrongSealer.substring("sealerSecret_z".length),
-  );
-  const senderPub = base58.decode(
-    Crypto.getSealerID(sender).substring("sealer_z".length),
-  );
-  const sealedBytes = base64url.decode(sealed.substring("sealed_U".length));
-  const sharedSecret = x25519.getSharedSecret(sealer3priv, senderPub);
-
-  expect(() => {
-    const _ = xsalsa20_poly1305(sharedSecret, nOnce).decrypt(sealedBytes);
-  }).toThrow("Wrong tag");
-});
+    });
+
+    expect(
+      crypto.unseal(sealed, sealer, crypto.getSealerID(sender), nOnceMaterial),
+    ).toEqual(data);
+    expect(() =>
+      crypto.unseal(
+        sealed,
+        wrongSealer,
+        crypto.getSealerID(sender),
+        nOnceMaterial,
+      ),
+    ).toThrow(/Wrong tag/);
+
+    // trying with wrong sealer secret, by hand
+    const nOnce = blake3(
+      new TextEncoder().encode(stableStringify(nOnceMaterial)),
+    ).slice(0, 24);
+    const sealer3priv = base58.decode(
+      wrongSealer.substring("sealerSecret_z".length),
+    );
+    const senderPub = base58.decode(
+      crypto.getSealerID(sender).substring("sealer_z".length),
+    );
+    const sealedBytes = base64url.decode(sealed.substring("sealed_U".length));
+    const sharedSecret = x25519.getSharedSecret(sealer3priv, senderPub);
+
+    expect(() => {
+      const _ = xsalsa20_poly1305(sharedSecret, nOnce).decrypt(sealedBytes);
+    }).toThrow("Wrong tag");
+  });
 
-test("Hashing is deterministic", () => {
-  expect(Crypto.secureHash({ b: "world", a: "hello" })).toEqual(
-    Crypto.secureHash({ a: "hello", b: "world" }),
-  );
+  test(`Hashing is deterministic [${name}]`, () => {
+    expect(crypto.secureHash({ b: "world", a: "hello" })).toEqual(
+      crypto.secureHash({ a: "hello", b: "world" }),
+    );
 
-  expect(Crypto.shortHash({ b: "world", a: "hello" })).toEqual(
-    Crypto.shortHash({ a: "hello", b: "world" }),
-  );
-});
+    expect(crypto.shortHash({ b: "world", a: "hello" })).toEqual(
+      crypto.shortHash({ a: "hello", b: "world" }),
+    );
+  });
 
-test("Encryption for transactions round-trips", () => {
-  const { secret } = Crypto.newRandomKeySecret();
+  test(`Encryption for transactions round-trips [${name}]`, () => {
+    const { secret } = crypto.newRandomKeySecret();
 
-  const encrypted1 = Crypto.encryptForTransaction({ a: "hello" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-  });
+    const encrypted1 = crypto.encryptForTransaction({ a: "hello" }, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+    });
 
-  const encrypted2 = Crypto.encryptForTransaction({ b: "world" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
-  });
+    const encrypted2 = crypto.encryptForTransaction({ b: "world" }, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    });
 
-  const decrypted1 = Crypto.decryptForTransaction(encrypted1, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-  });
+    const decrypted1 = crypto.decryptForTransaction(encrypted1, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+    });
 
-  const decrypted2 = Crypto.decryptForTransaction(encrypted2, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    const decrypted2 = crypto.decryptForTransaction(encrypted2, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    });
+
+    expect([decrypted1, decrypted2]).toEqual([{ a: "hello" }, { b: "world" }]);
   });
 
-  expect([decrypted1, decrypted2]).toEqual([{ a: "hello" }, { b: "world" }]);
-});
+  test(`Encryption for transactions doesn't decrypt with a wrong key [${name}]`, () => {
+    const { secret } = crypto.newRandomKeySecret();
+    const { secret: secret2 } = crypto.newRandomKeySecret();
 
-test("Encryption for transactions doesn't decrypt with a wrong key", () => {
-  const { secret } = Crypto.newRandomKeySecret();
-  const { secret: secret2 } = Crypto.newRandomKeySecret();
+    const encrypted1 = crypto.encryptForTransaction({ a: "hello" }, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+    });
 
-  const encrypted1 = Crypto.encryptForTransaction({ a: "hello" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-  });
+    const encrypted2 = crypto.encryptForTransaction({ b: "world" }, secret, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    });
 
-  const encrypted2 = Crypto.encryptForTransaction({ b: "world" }, secret, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
-  });
+    const decrypted1 = crypto.decryptForTransaction(encrypted1, secret2, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
+    });
 
-  const decrypted1 = Crypto.decryptForTransaction(encrypted1, secret2, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 0 },
-  });
+    const decrypted2 = crypto.decryptForTransaction(encrypted2, secret2, {
+      in: "co_zTEST",
+      tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    });
 
-  const decrypted2 = Crypto.decryptForTransaction(encrypted2, secret2, {
-    in: "co_zTEST",
-    tx: { sessionID: "co_zTEST_session_zTEST" as SessionID, txIndex: 1 },
+    expect([decrypted1, decrypted2]).toEqual([undefined, undefined]);
   });
 
-  expect([decrypted1, decrypted2]).toEqual([undefined, undefined]);
-});
-
-test("Encryption of keySecrets round-trips", () => {
-  const toEncrypt = Crypto.newRandomKeySecret();
-  const encrypting = Crypto.newRandomKeySecret();
+  test(`Encryption of keySecrets round-trips [${name}]`, () => {
+    const toEncrypt = crypto.newRandomKeySecret();
+    const encrypting = crypto.newRandomKeySecret();
 
-  const keys = {
-    toEncrypt,
-    encrypting,
-  };
+    const keys = {
+      toEncrypt,
+      encrypting,
+    };
 
-  const encrypted = Crypto.encryptKeySecret(keys);
+    const encrypted = crypto.encryptKeySecret(keys);
 
-  const decrypted = Crypto.decryptKeySecret(encrypted, encrypting.secret);
+    const decrypted = crypto.decryptKeySecret(encrypted, encrypting.secret);
 
-  expect(decrypted).toEqual(toEncrypt.secret);
-});
+    expect(decrypted).toEqual(toEncrypt.secret);
+  });
 
-test("Encryption of keySecrets doesn't decrypt with a wrong key", () => {
-  const toEncrypt = Crypto.newRandomKeySecret();
-  const encrypting = Crypto.newRandomKeySecret();
-  const encryptingWrong = Crypto.newRandomKeySecret();
+  test(`Encryption of keySecrets doesn't decrypt with a wrong key [${name}]`, () => {
+    const toEncrypt = crypto.newRandomKeySecret();
+    const encrypting = crypto.newRandomKeySecret();
+    const encryptingWrong = crypto.newRandomKeySecret();
 
-  const keys = {
-    toEncrypt,
-    encrypting,
-  };
+    const keys = {
+      toEncrypt,
+      encrypting,
+    };
 
-  const encrypted = Crypto.encryptKeySecret(keys);
+    const encrypted = crypto.encryptKeySecret(keys);
 
-  const decrypted = Crypto.decryptKeySecret(encrypted, encryptingWrong.secret);
+    const decrypted = crypto.decryptKeySecret(
+      encrypted,
+      encryptingWrong.secret,
+    );
 
-  expect(decrypted).toBeUndefined();
+    expect(decrypted).toBeUndefined();
+  });
 });

package/src/tests/group.test.ts

@@ -1,4 +1,5 @@
 import { describe, expect, test } from "vitest";
+import { CoValueState } from "../coValueState.js";
 import { RawCoList } from "../coValues/coList.js";
 import { RawCoMap } from "../coValues/coMap.js";
 import { RawCoStream } from "../coValues/coStream.js";
@@ -492,4 +493,39 @@ describe("writeOnly", () => {
     // The writer role should be able to see the edits from the admin
     expect(mapOnNode2.get("test")).toEqual("Written from the admin");
   });
+
+  test("upgrade to writer roles should work correctly", async () => {
+    const { node1, node2 } = await createTwoConnectedNodes("server", "server");
+
+    const group = node1.node.createGroup();
+    group.addMember(
+      await loadCoValueOrFail(node1.node, node2.accountID),
+      "writeOnly",
+    );
+
+    await group.core.waitForSync();
+
+    const groupOnNode2 = await loadCoValueOrFail(node2.node, group.id);
+    const map = groupOnNode2.createMap();
+    map.set("test", "Written from the writeOnly member");
+
+    await map.core.waitForSync();
+
+    group.addMember(
+      await loadCoValueOrFail(node1.node, node2.accountID),
+      "writer",
+    );
+
+    group.core.waitForSync();
+
+    node2.node.coValuesStore.coValues.delete(map.id);
+    expect(node2.node.coValuesStore.get(map.id)).toEqual(
+      CoValueState.Unknown(map.id),
+    );
+
+    const mapOnNode2 = await loadCoValueOrFail(node2.node, map.id);
+
+    // The writer role should be able to see the edits from the admin
+    expect(mapOnNode2.get("test")).toEqual("Written from the writeOnly member");
+  });
 });