Browse Source

add derived keypairs

Kieran Gibb 2 years ago
parent
commit
3822a5cb2b
No account linked to committer's email address
2 changed files with 17 additions and 7 deletions
  1. 12
    3
      index.js
  2. 5
    4
      test/index.test.js

+ 12
- 3
index.js View File

@@ -9,12 +9,21 @@ const bufferAlloc = require('buffer-alloc-unsafe')
9 9
 module.exports = () => new Crypto()
10 10
 
11 11
 class Crypto {
12
-  keyPair (seed) {
12
+  masterKey () {
13
+    const key = sodium.sodium_malloc(sodium.crypto_kdf_KEYBYTES)
14
+    sodium.crypto_kdf_keygen(key)
15
+    return key
16
+  }
17
+
18
+  keyPair (masterKey, id, context) {
19
+    if (!context) context = sodium.sodium_malloc(sodium.crypto_kdf_KEYBYTES)
20
+    const seed = sodium.sodium_malloc(sodium.crypto_kdf_KEYBYTES)
21
+    sodium.crypto_kdf_derive_from_key(seed, id, context, masterKey)
13 22
     return crypto.keyPair(seed)
14 23
   }
15 24
 
16 25
   keySet () {
17
-    var publicKey = this.keyPair().publicKey
26
+    var publicKey = this.randomBytes(sodium.crypto_secretbox_KEYBYTES)
18 27
     var symmetricKey = this.symmetricKey()
19 28
     var accessKey = this.pack(publicKey, symmetricKey)
20 29
     const encryptionKey = bufferAlloc(sodium.crypto_secretbox_KEYBYTES)
@@ -33,7 +42,7 @@ class Crypto {
33 42
   }
34 43
 
35 44
   accessKey () {
36
-    return this.pack(this.keyPair().publicKey, this.symmetricKey())
45
+    return this.pack(this.randomBytes(sodium.crypto_secretbox_KEYBYTES), this.symmetricKey())
37 46
   }
38 47
 
39 48
   pack (pubKey, symKey) {

+ 5
- 4
test/index.test.js View File

@@ -10,7 +10,8 @@ const { cleanup, tmp } = require('./util')
10 10
 
11 11
 describe('key generation', (context) => {
12 12
   context('generate an asymmetric keypair', (assert, next) => {
13
-    const keypair = crypto.keyPair()
13
+    const masterKey = crypto.masterKey()
14
+    const keypair = crypto.keyPair(masterKey, 0)
14 15
     assert.ok(keypair, 'Keys successfully generated')
15 16
     assert.ok(keypair.publicKey instanceof Buffer, 'Public Key is a buffer')
16 17
     assert.ok(keypair.secretKey instanceof Buffer, 'Secret Key s a buffer')
@@ -33,7 +34,7 @@ describe('key generation', (context) => {
33 34
   })
34 35
 
35 36
   context('pack an access key', (assert, next) => {
36
-    const pubKey = crypto.keyPair().publicKey
37
+    const pubKey = crypto.randomBytes(32)
37 38
     const secretKey = crypto.symmetricKey()
38 39
 
39 40
     const accessKey = crypto.pack(pubKey, secretKey)
@@ -46,7 +47,7 @@ describe('key generation', (context) => {
46 47
   })
47 48
 
48 49
   context('pack an access key given as strings', (assert, next) => {
49
-    const pubKey = crypto.keyPair().publicKey
50
+    const pubKey = crypto.randomBytes(32)
50 51
     const secretKey = crypto.symmetricKey()
51 52
 
52 53
     const accessKey = crypto.pack(pubKey.toString('hex'), secretKey.toString('hex'))
@@ -74,7 +75,7 @@ describe('key generation', (context) => {
74 75
     const accessKey = crypto.accessKey()
75 76
     assert.ok(crypto.isKey(accessKey), '64 byte buffer is a valid read/write key')
76 77
     assert.ok(crypto.isKey(accessKey.toString('hex')), '64 byte string is a valid read/write key')
77
-    const blindKey = crypto.keyPair().publicKey
78
+    const blindKey = crypto.randomBytes(32)
78 79
     assert.ok(crypto.isKey(blindKey), '32 byte public key is a valid blind replication key')
79 80
     assert.ok(crypto.isKey(blindKey.toString('hex')), '32 byte string is a valid blind replication key')
80 81
     next()