hypercore 10.0.0-alpha.6 → 10.0.0-alpha.7

package/README.md

@@ -63,7 +63,8 @@ Note that `tree`, `data`, and `bitfield` are normally heavily sparse files.
   createIfMissing: true, // create a new Hypercore key pair if none was present in storage
   overwrite: false, // overwrite any old Hypercore that might already exist
   valueEncoding: 'json' | 'utf-8' | 'binary', // defaults to binary
-  keyPair: kp // optionally pass the public key and secret key as a key pair
+  keyPair: kp, // optionally pass the public key and secret key as a key pair
+  encryptionKey: k // optionally pass an encryption key to enable block encryption
 }
 ```
 
@@ -202,6 +203,10 @@ In contrast to `core.key` this key does not allow you to verify the data but can
 
 Populated after `ready` has been emitted. Will be `null` before the event.
 
+#### `core.encryptionKey`
+
+Buffer containing the optional block encryption key of this core. Will be `null` unless block encryption is enabled.
+
 #### `core.length`
 
 How many blocks of data are available on this core?
@@ -220,6 +225,10 @@ What is the current fork id of this core?
 
 Populated after `ready` has been emitted. Will be `0` before the event.
 
+#### `core.padding`
+
+How much padding is applied to each block of this core? Will be `0` unless block encryption is enabled.
+
 #### `const stream = core.replicate(isInitiatorOrReplicationStream)`
 
 Create a replication stream. You should pipe this to another Hypercore instance.

package/index.js

@@ -12,6 +12,7 @@ const fsctl = requireMaybe('fsctl') || { lock: noop, sparse: noop }
 const Replicator = require('./lib/replicator')
 const Extensions = require('./lib/extensions')
 const Core = require('./lib/core')
+const BlockEncryption = require('./lib/block-encryption')
 
 const promises = Symbol.for('hypercore.promises')
 const inspect = Symbol.for('nodejs.util.inspect.custom')
@@ -49,6 +50,7 @@ module.exports = class Hypercore extends EventEmitter {
     this.replicator = null
     this.extensions = opts.extensions || new Extensions()
     this.cache = opts.cache === true ? new Xache({ maxSize: 65536, maxAge: 0 }) : (opts.cache || null)
+    this.encryption = opts.encryption || null
 
     this.valueEncoding = null
     this.key = key || null
@@ -64,6 +66,8 @@ module.exports = class Hypercore extends EventEmitter {
     this.closing = null
     this.opening = opts._opening || this._open(key, storage, opts)
     this.opening.catch(noop)
+
+    this._preappend = this.encryption && preappend.bind(this)
   }
 
   [inspect] (depth, opts) {
@@ -119,6 +123,7 @@ module.exports = class Hypercore extends EventEmitter {
       ...opts,
       sign: opts.sign || (keyPair && keyPair.secretKey && Core.createSigner(this.crypto, keyPair)) || this.sign,
       valueEncoding: this.valueEncoding,
+      encryption: this.encryption,
       extensions: this.extensions,
       _opening: this.opening,
       _sessions: this.sessions
@@ -207,7 +212,7 @@ module.exports = class Hypercore extends EventEmitter {
   }
 
   get byteLength () {
-    return this.core === null ? 0 : this.core.tree.byteLength
+    return this.core === null ? 0 : this.core.tree.byteLength - (this.core.tree.length * this.padding)
   }
 
   get fork () {
@@ -218,6 +223,14 @@ module.exports = class Hypercore extends EventEmitter {
     return this.replicator === null ? [] : this.replicator.peers
   }
 
+  get encryptionKey () {
+    return this.encryption && this.encryption.key
+  }
+
+  get padding () {
+    return this.encryption === null ? 0 : this.encryption.padding
+  }
+
   ready () {
     return this.opening
   }
@@ -271,6 +284,11 @@ module.exports = class Hypercore extends EventEmitter {
     this.key = this.core.header.signer.publicKey
     this.writable = !!this.sign
 
+    if (!this.encryption && opts.encryptionKey) {
+      this.encryption = new BlockEncryption(opts.encryptionKey, this.key)
+      this._preappend = preappend.bind(this)
+    }
+
     this.extensions.attach(this.replicator)
     this.opened = true
 
@@ -305,6 +323,12 @@ module.exports = class Hypercore extends EventEmitter {
     }
 
     if (value) {
+      if (this.encryption) {
+        this.encryption.decrypt(bitfield.start, value)
+      }
+
+      value = value.subarray(this.padding)
+
       for (let i = 0; i < this.sessions.length; i++) {
         this.sessions[i].emit('download', bitfield.start, value, from)
       }
@@ -343,7 +367,7 @@ module.exports = class Hypercore extends EventEmitter {
   async seek (bytes) {
     if (this.opened === false) await this.opening
 
-    const s = this.core.tree.seek(bytes)
+    const s = this.core.tree.seek(bytes, this.padding)
 
     return (await s.update()) || this.replicator.requestSeek(s)
   }
@@ -367,10 +391,17 @@ module.exports = class Hypercore extends EventEmitter {
   async _get (index, opts) {
     const encoding = (opts && opts.valueEncoding && c.from(codecs(opts.valueEncoding))) || this.valueEncoding
 
-    if (this.core.bitfield.get(index)) return decode(encoding, await this.core.blocks.get(index))
-    if (opts && opts.onwait) opts.onwait(index)
+    let block
+
+    if (this.core.bitfield.get(index)) {
+      block = await this.core.blocks.get(index)
+    } else {
+      if (opts && opts.onwait) opts.onwait(index)
+      block = await this.replicator.requestBlock(index)
+    }
 
-    return decode(encoding, await this.replicator.requestBlock(index))
+    if (this.encryption) this.encryption.decrypt(index, block)
+    return this._decode(encoding, block)
   }
 
   download (range) {
@@ -427,22 +458,17 @@ module.exports = class Hypercore extends EventEmitter {
     if (this.opened === false) await this.opening
     if (this.writable === false) throw new Error('Core is not writable')
 
-    const blks = Array.isArray(blocks) ? blocks : [blocks]
-    const buffers = new Array(blks.length)
-
-    for (let i = 0; i < blks.length; i++) {
-      const blk = blks[i]
+    blocks = Array.isArray(blocks) ? blocks : [blocks]
 
-      const buf = Buffer.isBuffer(blk)
-        ? blk
-        : this.valueEncoding
-          ? c.encode(this.valueEncoding, blk)
-          : Buffer.from(blk)
+    const buffers = new Array(blocks.length)
 
-      buffers[i] = buf
+    for (let i = 0; i < blocks.length; i++) {
+      buffers[i] = this._encode(this.valueEncoding, blocks[i])
     }
 
-    return await this.core.append(buffers, this.sign)
+    return await this.core.append(buffers, this.sign, {
+      preappend: this._preappend
+    })
   }
 
   registerExtension (name, handlers) {
@@ -453,14 +479,38 @@ module.exports = class Hypercore extends EventEmitter {
   onextensionupdate () {
     if (this.replicator !== null) this.replicator.broadcastOptions()
   }
-}
 
-function noop () {}
+  _encode (enc, val) {
+    const state = { start: this.padding, end: this.padding, buffer: null }
+
+    if (Buffer.isBuffer(val)) {
+      if (state.start === 0) return val
+      state.end += val.byteLength
+    } else if (enc) {
+      enc.preencode(state, val)
+    } else {
+      val = Buffer.from(val)
+      if (state.start === 0) return val
+      state.end += val.byteLength
+    }
+
+    state.buffer = Buffer.allocUnsafe(state.end)
+
+    if (enc) enc.encode(state, val)
+    else state.buffer.set(val, state.start)
+
+    return state.buffer
+  }
 
-function decode (enc, buf) {
-  return enc ? c.decode(enc, buf) : buf
+  _decode (enc, block) {
+    block = block.subarray(this.padding)
+    if (enc) return c.decode(enc, block)
+    return block
+  }
 }
 
+function noop () {}
+
 function isStream (s) {
   return typeof s === 'object' && s && typeof s.pipe === 'function'
 }
@@ -489,3 +539,12 @@ function min (arr) {
 function max (arr) {
   return reduce(arr, (a, b) => Math.max(a, b), -Infinity)
 }
+
+function preappend (blocks) {
+  const offset = this.core.tree.length
+  const fork = this.core.tree.fork
+
+  for (let i = 0; i < blocks.length; i++) {
+    this.encryption.encrypt(offset + i, blocks[i], fork)
+  }
+}

package/lib/block-encryption.js

@@ -0,0 +1,67 @@
+const sodium = require('sodium-universal')
+const c = require('compact-encoding')
+
+const nonce = Buffer.alloc(sodium.crypto_stream_NONCEBYTES)
+
+module.exports = class BlockEncryption {
+  constructor (encryptionKey, hypercoreKey) {
+    const subKeys = Buffer.alloc(2 * sodium.crypto_stream_KEYBYTES)
+
+    this.key = encryptionKey
+    this.blockKey = subKeys.subarray(0, sodium.crypto_stream_KEYBYTES)
+    this.blindingKey = subKeys.subarray(sodium.crypto_stream_KEYBYTES)
+    this.padding = 8
+
+    sodium.crypto_generichash(this.blockKey, encryptionKey, hypercoreKey)
+    sodium.crypto_generichash(this.blindingKey, this.blockKey)
+  }
+
+  encrypt (index, block, fork) {
+    const padding = block.subarray(0, this.padding)
+    block = block.subarray(this.padding)
+
+    c.uint64.encode({ start: 0, end: 8, buffer: padding }, fork)
+    c.uint64.encode({ start: 0, end: 8, buffer: nonce }, index)
+
+    // Zero out any previous padding.
+    nonce.fill(0, 8, 8 + padding.byteLength)
+
+    // Blind the fork ID, possibly risking reusing the nonce on a reorg of the
+    // Hypercore. This is fine as the blinding is best-effort and the latest
+    // fork ID shared on replication anyway.
+    sodium.crypto_stream_xor(
+      padding,
+      padding,
+      nonce,
+      this.blindingKey
+    )
+
+    nonce.set(padding, 8)
+
+    // The combination of a (blinded) fork ID and a block index is unique for a
+    // given Hypercore and is therefore a valid nonce for encrypting the block.
+    sodium.crypto_stream_xor(
+      block,
+      block,
+      nonce,
+      this.blockKey
+    )
+  }
+
+  decrypt (index, block) {
+    const padding = block.subarray(0, this.padding)
+    block = block.subarray(this.padding)
+
+    c.uint64.encode({ start: 0, end: 8, buffer: nonce }, index)
+
+    nonce.set(padding, 8)
+
+    // Decrypt the block using the blinded fork ID.
+    sodium.crypto_stream_xor(
+      block,
+      block,
+      nonce,
+      this.blockKey
+    )
+  }
+}

package/lib/core.js

@@ -214,10 +214,12 @@ module.exports = class Core {
     }
   }
 
-  async append (values, sign = this.defaultSign) {
+  async append (values, sign = this.defaultSign, hooks = {}) {
     await this._mutex.lock()
 
     try {
+      if (hooks.preappend) await hooks.preappend(values)
+
       if (!values.length) return this.tree.length
 
       const batch = this.tree.batch()

package/lib/merkle-tree.js

@@ -272,11 +272,15 @@ class ReorgBatch extends MerkleTreeBatch {
 }
 
 class ByteSeeker {
-  constructor (tree, bytes) {
+  constructor (tree, bytes, padding = 0) {
     this.tree = tree
     this.bytes = bytes
-    this.start = bytes >= tree.byteLength ? tree.length : 0
-    this.end = bytes < tree.byteLength ? tree.length : 0
+    this.padding = padding
+
+    const size = tree.byteLength - (tree.length * padding)
+
+    this.start = bytes >= size ? tree.length : 0
+    this.end = bytes < size ? tree.length : 0
   }
 
   nodes () {
@@ -287,12 +291,12 @@ class ByteSeeker {
     if (!bytes) return [0, 0]
 
     for (const node of this.tree.roots) { // all async ticks happen once we find the root so safe
-      if (bytes === node.size) {
-        return [flat.rightSpan(node.index) + 2, 0]
-      }
+      let size = node.size
+      if (this.padding > 0) size -= this.padding * flat.countLeaves(node.index)
 
-      if (bytes > node.size) {
-        bytes -= node.size
+      if (bytes === size) return [flat.rightSpan(node.index) + 2, 0]
+      if (bytes > size) {
+        bytes -= size
         continue
       }
 
@@ -301,9 +305,12 @@ class ByteSeeker {
       while ((ite.index & 1) !== 0) {
         const l = await this.tree.get(ite.leftChild(), false)
         if (l) {
-          if (l.size === bytes) return [ite.rightSpan() + 2, 0]
-          if (l.size > bytes) continue
-          bytes -= l.size
+          let size = l.size
+          if (this.padding > 0) size -= this.padding * ite.countLeaves()
+
+          if (size === bytes) return [ite.rightSpan() + 2, 0]
+          if (size > bytes) continue
+          bytes -= size
           ite.sibling()
         } else {
           ite.parent()
@@ -355,8 +362,8 @@ module.exports = class MerkleTree {
     return new MerkleTreeBatch(this)
   }
 
-  seek (bytes) {
-    return new ByteSeeker(this, bytes)
+  seek (bytes, padding) {
+    return new ByteSeeker(this, bytes, padding)
   }
 
   hash () {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hypercore",
-  "version": "10.0.0-alpha.6",
+  "version": "10.0.0-alpha.7",
   "description": "Hypercore 10",
   "main": "index.js",
   "scripts": {
@@ -31,14 +31,15 @@
     "@hyperswarm/secret-stream": "^5.0.0",
     "big-sparse-array": "^1.0.2",
     "codecs": "^2.2.0",
-    "compact-encoding": "^2.0.0",
+    "compact-encoding": "^2.5.0",
     "crc32-universal": "^1.0.1",
-    "flat-tree": "^1.7.0",
+    "flat-tree": "^1.9.0",
     "hypercore-crypto": "^2.1.1",
     "is-options": "^1.0.1",
     "random-access-file": "^2.1.4",
     "random-array-iterator": "^1.0.0",
     "safety-catch": "^1.0.1",
+    "sodium-universal": "^3.0.4",
     "uint64le": "^1.0.0",
     "xache": "^1.0.0"
   },

package/test/encryption.js

@@ -0,0 +1,85 @@
+const test = require('brittle')
+const { create, replicate } = require('./helpers')
+
+const encryptionKey = Buffer.alloc(32, 'hello world')
+
+test('encrypted append and get', async function (t) {
+  const a = await create({ encryptionKey })
+
+  t.alike(a.encryptionKey, encryptionKey)
+
+  await a.append(['hello'])
+
+  t.is(a.byteLength, 5)
+  t.is(a.core.tree.byteLength, 5 + a.padding)
+
+  const unencrypted = await a.get(0)
+  const encrypted = await a.core.blocks.get(0)
+
+  t.alike(unencrypted, Buffer.from('hello'))
+  t.unlike(unencrypted, encrypted)
+})
+
+test('encrypted seek', async function (t) {
+  const a = await create({ encryptionKey })
+
+  await a.append(['hello', 'world', '!'])
+
+  t.alike(await a.seek(0), [0, 0])
+  t.alike(await a.seek(4), [0, 4])
+  t.alike(await a.seek(5), [1, 0])
+  t.alike(await a.seek(6), [1, 1])
+  t.alike(await a.seek(6), [1, 1])
+  t.alike(await a.seek(9), [1, 4])
+  t.alike(await a.seek(10), [2, 0])
+  t.alike(await a.seek(11), [3, 0])
+})
+
+test('encrypted replication', async function (t) {
+  const a = await create({ encryptionKey })
+
+  await a.append(['a', 'b', 'c', 'd', 'e'])
+
+  t.test('with encryption key', async function (t) {
+    t.plan(10)
+
+    const b = await create(a.key, { encryptionKey })
+
+    b.on('download', (i, block) => {
+      t.alike(block, Buffer.from([i + /* a */ 0x61]))
+    })
+
+    replicate(a, b, t)
+
+    const r = b.download({ start: 0, end: a.length })
+    await r.downloaded()
+
+    for (let i = 0; i < 5; i++) {
+      t.alike(await b.get(i), await a.get(i))
+    }
+  })
+
+  t.test('without encryption key', async function (t) {
+    const b = await create(a.key)
+
+    replicate(a, b, t)
+
+    const r = b.download({ start: 0, end: a.length })
+    await r.downloaded()
+
+    for (let i = 0; i < 5; i++) {
+      t.unlike(await b.get(i), await a.get(i))
+      t.alike(await b.get(i), await a.core.blocks.get(i))
+    }
+  })
+})
+
+test('encrypted sessions', async function (t) {
+  const a = await create({ encryptionKey })
+
+  await a.append(['hello'])
+
+  const session = a.session()
+
+  t.alike(await session.get(0), Buffer.from('hello'))
+})