npm - corestore - Versions diffs - 6.0.1-alpha.14 → 6.0.1-alpha.15 - Mend

corestore 6.0.1-alpha.14 → 6.0.1-alpha.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/index.js CHANGED Viewed

@@ -5,31 +5,36 @@ const sodium = require('sodium-universal')
 const Hypercore = require('hypercore')
 const b4a = require('b4a')
-const KeyManager = require('./lib/keys')
+const [NS] = crypto.namespace('corestore', 1)
+const DEFAULT_NAMESPACE = b4a.alloc(32) // This is meant to be 32 0-bytes
 const CORES_DIR = 'cores'
-const PROFILES_DIR = 'profiles'
-const USERDATA_NAME_KEY = '@corestore/name'
-const USERDATA_NAMESPACE_KEY = '@corestore/namespace'
-const DEFAULT_NAMESPACE = generateNamespace('@corestore/default')
+const PRIMARY_KEY_FILE_NAME = 'primary-key'
+const USERDATA_NAME_KEY = 'corestore/name'
+const USERDATA_NAMESPACE_KEY = 'corestore/namespace'
 module.exports = class Corestore extends EventEmitter {
   constructor (storage, opts = {}) {
     super()
-    this.storage = Hypercore.defaultStorage(storage, { lock: PROFILES_DIR + '/default' })
+    this.storage = Hypercore.defaultStorage(storage, { lock: PRIMARY_KEY_FILE_NAME })
     this.cores = opts._cores || new Map()
-    this.keys = opts.keys
+    this.primaryKey = null
-    this._namespace = opts._namespace || DEFAULT_NAMESPACE
+    this._keyStorage = null
+    this._primaryKey = opts.primaryKey
+    this._namespace = opts.namespace || DEFAULT_NAMESPACE
     this._replicationStreams = opts._streams || []
+    this._overwrite = opts.overwrite === true
     this._streamSessions = opts._streamSessions || new Map()
     this._sessions = new Set() // sessions for THIS namespace
     this._findingPeersCount = 0
     this._findingPeers = []
+    if (this._namespace.byteLength !== 32) throw new Error('Namespace must be a 32-byte Buffer or Uint8Array')
     this._opening = opts._opening ? opts._opening.then(() => this._open()) : this._open()
     this._opening.catch(safetyCatch)
     this.ready = () => this._opening
@@ -63,11 +68,28 @@ module.exports = class Corestore extends EventEmitter {
   }
   async _open () {
-    if (this.keys) {
-      this.keys = await this.keys // opts.keys can be a Promise that resolves to a KeyManager
-    } else {
-      this.keys = await KeyManager.fromStorage(p => this.storage(PROFILES_DIR + '/' + p))
+    if (this._primaryKey) {
+      this.primaryKey = await this._primaryKey
+      return this.primaryKey
     }
+    this._keyStorage = this.storage(PRIMARY_KEY_FILE_NAME)
+    this.primaryKey = await new Promise((resolve, reject) => {
+      this._keyStorage.stat((err, st) => {
+        if (err && err.code !== 'ENOENT') return reject(err)
+        if (err || st.size < 32 || this._overwrite) {
+          const key = crypto.randomBytes(32)
+          return this._keyStorage.write(0, key, err => {
+            if (err) return reject(err)
+            return resolve(key)
+          })
+        }
+        this._keyStorage.read(0, 32, (err, key) => {
+          if (err) return reject(err)
+          return resolve(key)
+        })
+      })
+    })
+    return this.primaryKey
   }
   async _generateKeys (opts) {
@@ -89,7 +111,7 @@ module.exports = class Corestore extends EventEmitter {
         discoveryKey: crypto.discoveryKey(opts.publicKey)
       }
     }
-    const { publicKey, auth } = await this.keys.createHypercoreKeyPair(opts.name, this._namespace)
+    const { publicKey, auth } = await this.createKeyPair(opts.name)
     return {
       keyPair: {
         publicKey,
@@ -101,6 +123,7 @@ module.exports = class Corestore extends EventEmitter {
   }
   _getPrereadyUserData (core, key) {
+    // Need to manually read the header values before the Hypercore is ready, hence the ugliness.
     for (const { key: savedKey, value } of core.core.header.userData) {
       if (key === savedKey) return value
     }
@@ -112,7 +135,7 @@ module.exports = class Corestore extends EventEmitter {
     if (!name) return
     const namespace = this._getPrereadyUserData(core, USERDATA_NAMESPACE_KEY)
-    const { publicKey, auth } = await this.keys.createHypercoreKeyPair(b4a.toString(name), namespace)
+    const { publicKey, auth } = await this.createKeyPair(b4a.toString(name), namespace)
     if (!b4a.equals(publicKey, core.key)) throw new Error('Stored core key does not match the provided name')
     // TODO: Should Hypercore expose a helper for this, or should preready return keypair/auth?
@@ -179,6 +202,26 @@ module.exports = class Corestore extends EventEmitter {
     return { from: core, keyPair, auth }
   }
+  async createKeyPair (name) {
+    if (!this.primaryKey) await this._opening
+    const keyPair = {
+      publicKey: b4a.allocUnsafe(sodium.crypto_sign_PUBLICKEYBYTES),
+      secretKey: b4a.alloc(sodium.crypto_sign_SECRETKEYBYTES),
+      auth: {
+        sign: (msg) => sign(keyPair, msg),
+        verify: (signable, signature) => {
+          return sodium.crypto_sign_detached(signature, signable, keyPair.publicKey)
+        }
+      }
+    }
+    const seed = deriveSeed(this.primaryKey, this._namespace, name)
+    sodium.crypto_sign_seed_keypair(keyPair.publicKey, keyPair.secretKey, seed)
+    return keyPair
+  }
   get (opts = {}) {
     opts = validateGetOptions(opts)
     const core = new Hypercore(null, {
@@ -233,20 +276,23 @@ module.exports = class Corestore extends EventEmitter {
   }
   namespace (name) {
-    if (!b4a.isBuffer(name)) name = b4a.from(name)
     return new Corestore(this.storage, {
-      _namespace: generateNamespace(this._namespace, name),
+      primaryKey: this._opening.then(() => this.primaryKey),
+      namespace: generateNamespace(this._namespace, name),
       _opening: this._opening,
       _cores: this.cores,
       _streams: this._replicationStreams,
-      _streamSessions: this._streamSessions,
-      keys: this._opening.then(() => this.keys)
+      _streamSessions: this._streamSessions
     })
   }
   async _close () {
     await this._opening
-    if (!b4a.equals(this._namespace, DEFAULT_NAMESPACE)) return // namespaces should not release resources on close
+    if (!b4a.equals(this._namespace, DEFAULT_NAMESPACE)) {
+      // namespaces should not release resources on close
+      // TODO: Refactor the namespace close logic to actually close sessions with ref counting
+      return
+    }
     const closePromises = []
     for (const core of this.cores.values()) {
       closePromises.push(core.close())
@@ -256,7 +302,13 @@ module.exports = class Corestore extends EventEmitter {
       // Only close streams that were created by the Corestore
       if (!isExternal) stream.destroy()
     }
-    await this.keys.close()
+    if (!this._keyStorage) return
+    await new Promise((resolve, reject) => {
+      this._keyStorage.close(err => {
+        if (err) return reject(err)
+        return resolve(null)
+      })
+    })
   }
   close () {
@@ -265,10 +317,13 @@ module.exports = class Corestore extends EventEmitter {
     this._closing.catch(safetyCatch)
     return this._closing
   }
+}
-  static createToken () {
-    return KeyManager.createToken()
-  }
+function sign (keyPair, message) {
+  if (!keyPair.secretKey) throw new Error('Invalid key pair')
+  const signature = b4a.allocUnsafe(sodium.crypto_sign_BYTES)
+  sodium.crypto_sign_detached(signature, message, keyPair.secretKey)
+  return signature
 }
 function validateGetOptions (opts) {
@@ -288,11 +343,17 @@ function validateGetOptions (opts) {
   return opts
 }
-function generateNamespace (first, second) {
-  if (!b4a.isBuffer(first)) first = b4a.from(first)
-  if (second && !b4a.isBuffer(second)) second = b4a.from(second)
+function generateNamespace (namespace, name) {
+  if (!b4a.isBuffer(name)) name = b4a.from(name)
   const out = b4a.allocUnsafe(32)
-  sodium.crypto_generichash(out, second ? b4a.concat([first, second]) : first)
+  sodium.crypto_generichash_batch(out, [namespace, name])
+  return out
+}
+function deriveSeed (primaryKey, namespace, name) {
+  if (!b4a.isBuffer(name)) name = b4a.from(name)
+  const out = b4a.alloc(32)
+  sodium.crypto_generichash_batch(out, [NS, namespace, name], primaryKey)
   return out
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "corestore",
-  "version": "6.0.1-alpha.14",
+  "version": "6.0.1-alpha.15",
   "description": "A Hypercore factory that simplifies managing collections of cores.",
   "main": "index.js",
   "scripts": {
@@ -20,15 +20,13 @@
   },
   "homepage": "https://github.com/hypercore-protocol/corestore#readme",
   "devDependencies": {
-    "brittle": "^1.6.0",
+    "brittle": "^2.2.10",
     "random-access-file": "^2.2.0",
     "random-access-memory": "^4.0.0",
     "standardx": "^7.0.0"
   },
   "dependencies": {
     "b4a": "^1.3.1",
-    "blake2b-universal": "^1.0.1",
-    "derive-key": "^1.0.1",
     "hypercore": "next",
     "hypercore-crypto": "^3.2.1",
     "safety-catch": "^1.0.1",

package/test/all.js CHANGED Viewed

@@ -3,6 +3,8 @@ const crypto = require('hypercore-crypto')
 const ram = require('random-access-memory')
 const os = require('os')
 const path = require('path')
+const b4a = require('b4a')
+const sodium = require('sodium-universal')
 const Corestore = require('..')
@@ -247,6 +249,26 @@ test('findingPeers', async function (t) {
   t.is(cUpdated, true)
 })
+test('different primary keys yield different keypairs', async function (t) {
+  const pk1 = randomBytes(32)
+  const pk2 = randomBytes(32)
+  t.unlike(pk1, pk2)
+  const store1 = new Corestore(ram, { primaryKey: pk1 })
+  const store2 = new Corestore(ram, { primaryKey: pk2 })
+  const kp1 = await store1.createKeyPair('hello')
+  const kp2 = await store2.createKeyPair('hello')
+  t.unlike(kp1.publicKey, kp2.publicKey)
+})
 function tmpdir () {
   return path.join(os.tmpdir(), 'corestore-' + Math.random().toString(16).slice(2))
 }
+function randomBytes (n) {
+  const buf = b4a.allocUnsafe(n)
+  sodium.randombytes_buf(buf)
+  return buf
+}

package/lib/keys.js DELETED Viewed

@@ -1,110 +0,0 @@
-// TODO: Extract this into a standalone module
-const sodium = require('sodium-universal')
-const blake2b = require('blake2b-universal')
-const b4a = require('b4a')
-const DEFAULT_TOKEN = b4a.alloc(0)
-const NAMESPACE = b4a.from('@hyperspace/key-manager')
-module.exports = class KeyManager {
-  constructor (storage, profile, opts = {}) {
-    this.storage = storage
-    this.profile = profile
-  }
-  _sign (keyPair, message) {
-    if (!keyPair._secretKey) throw new Error('Invalid key pair')
-    const signature = b4a.allocUnsafe(sodium.crypto_sign_BYTES)
-    sodium.crypto_sign_detached(signature, message, keyPair._secretKey)
-    return signature
-  }
-  createSecret (name, token) {
-    return deriveSeed(this.profile, token, name)
-  }
-  createHypercoreKeyPair (name, token) {
-    const keyPair = {
-      publicKey: b4a.allocUnsafe(sodium.crypto_sign_PUBLICKEYBYTES),
-      _secretKey: b4a.alloc(sodium.crypto_sign_SECRETKEYBYTES),
-      auth: {
-        sign: (msg) => this._sign(keyPair, msg),
-        verify: (signable, signature) => {
-          return sodium.crypto_sign_detached(signature, signable, keyPair.publicKey)
-        }
-      }
-    }
-    sodium.crypto_sign_seed_keypair(keyPair.publicKey, keyPair._secretKey, this.createSecret(name, token))
-    return keyPair
-  }
-  createNetworkIdentity (name, token) {
-    const keyPair = {
-      publicKey: b4a.alloc(32),
-      secretKey: b4a.alloc(64)
-    }
-    sodium.crypto_sign_seed_keypair(keyPair.publicKey, keyPair.secretKey, this.createSecret(name, token))
-    return keyPair
-  }
-  close () {
-    return new Promise((resolve, reject) => {
-      this.storage.close(err => {
-        if (err) return reject(err)
-        return resolve()
-      })
-    })
-  }
-  static createToken () {
-    return randomBytes(32)
-  }
-  static async fromStorage (storage, opts = {}) {
-    const profileStorage = storage(opts.name || 'default')
-    const profile = await new Promise((resolve, reject) => {
-      profileStorage.stat((err, st) => {
-        if (err && err.code !== 'ENOENT') return reject(err)
-        if (err || st.size < 32 || opts.overwrite) {
-          const key = randomBytes(32)
-          return profileStorage.write(0, key, err => {
-            if (err) return reject(err)
-            return resolve(key)
-          })
-        }
-        profileStorage.read(0, 32, (err, key) => {
-          if (err) return reject(err)
-          return resolve(key)
-        })
-      })
-    })
-    return new this(profileStorage, profile, opts)
-  }
-}
-function deriveSeed (profile, token, name, output) {
-  if (token && token.length < 32) throw new Error('Token must be a Buffer with length >= 32')
-  if (!name || typeof name !== 'string') throw new Error('name must be a String')
-  if (!output) output = b4a.alloc(32)
-  blake2b.batch(output, [
-    NAMESPACE,
-    token || DEFAULT_TOKEN,
-    b4a.from(b4a.byteLength(name, 'ascii') + '\n' + name, 'ascii')
-  ], profile)
-  return output
-}
-function randomBytes (n) {
-  const buf = b4a.allocUnsafe(n)
-  sodium.randombytes_buf(buf)
-  return buf
-}

package/test/keys.js DELETED Viewed

@@ -1,68 +0,0 @@
-const p = require('path')
-const fs = require('fs')
-const test = require('brittle')
-const ram = require('random-access-memory')
-const raf = require('random-access-file')
-const KeyManager = require('../lib/keys')
-test('can create hypercore keypairs', async t => {
-  const keys = await KeyManager.fromStorage(ram)
-  const kp1 = await keys.createHypercoreKeyPair('core1')
-  const kp2 = await keys.createHypercoreKeyPair('core2')
-  t.is(kp1.publicKey.length, 32)
-  t.is(kp2.publicKey.length, 32)
-  t.unlike(kp1.publicKey, kp2.publicKey)
-})
-test('distinct tokens create distinct hypercore keypairs', async t => {
-  const keys = await KeyManager.fromStorage(ram)
-  const token1 = KeyManager.createToken()
-  const token2 = KeyManager.createToken()
-  const kp1 = await keys.createHypercoreKeyPair('core1', token1)
-  const kp2 = await keys.createHypercoreKeyPair('core1', token2)
-  t.unlike(kp1.publicKey, kp2.publicKey)
-})
-test('short user-provided token will throw', async t => {
-  const keys = await KeyManager.fromStorage(ram)
-  try {
-    await keys.createHypercoreKeyPair('core1', Buffer.from('hello'))
-    t.fail('did not throw')
-  } catch {
-    t.pass('threw correctly')
-  }
-})
-test('persistent storage regenerates keys correctly', async t => {
-  const testPath = p.join(__dirname, 'test-data')
-  const keys1 = await KeyManager.fromStorage((name) => raf(testPath, { directory: testPath }))
-  const kp1 = await keys1.createHypercoreKeyPair('core1')
-  const keys2 = await KeyManager.fromStorage((name) => raf(testPath, { directory: testPath }))
-  const kp2 = await keys2.createHypercoreKeyPair('core1')
-  t.alike(kp1.publicKey, kp2.publicKey)
-  await keys1.close()
-  await keys2.close()
-  await fs.promises.rm(testPath, { recursive: true })
-})
-test('different master keys -> different keys', async t => {
-  const keys1 = await KeyManager.fromStorage(ram)
-  const keys2 = await KeyManager.fromStorage(ram)
-  const kp1 = await keys1.createHypercoreKeyPair('core1')
-  const kp2 = await keys2.createHypercoreKeyPair('core1')
-  t.unlike(kp1.publicKey, kp2.publicKey)
-})