Browse Source

Merge branch 'derived-keys' of CoBox/cobox-crypto into master

kyphae 2 years ago
parent
commit
9e45331fac
2 changed files with 18 additions and 10 deletions
  1. 13
    6
      index.js
  2. 5
    4
      test/index.test.js

+ 13
- 6
index.js View File

@@ -1,20 +1,27 @@
1 1
 const sodium = require('sodium-native')
2 2
 const crypto = require('hypercore-crypto')
3 3
 const assert = require('assert')
4
-
5
-// TODO: discussion around whether to use sodium.sodium_malloc() or bufferAlloc()
6
-// Research needs to be done about secure buffers
7 4
 const bufferAlloc = require('buffer-alloc-unsafe')
8 5
 
9 6
 module.exports = () => new Crypto()
10 7
 
11 8
 class Crypto {
12
-  keyPair (seed) {
9
+  masterKey () {
10
+    const key = sodium.sodium_malloc(sodium.crypto_kdf_KEYBYTES)
11
+    sodium.crypto_kdf_keygen(key)
12
+    return key
13
+  }
14
+
15
+  keyPair (masterKey, id, ctxt = 'cobox') {
16
+    const context = bufferAlloc(sodium.crypto_hash_sha256_BYTES)
17
+    sodium.crypto_hash_sha256(context, Buffer.from(ctxt))
18
+    const seed = bufferAlloc(sodium.crypto_kdf_KEYBYTES)
19
+    sodium.crypto_kdf_derive_from_key(seed, id, context, masterKey)
13 20
     return crypto.keyPair(seed)
14 21
   }
15 22
 
16 23
   keySet () {
17
-    var publicKey = this.keyPair().publicKey
24
+    var publicKey = this.randomBytes(sodium.crypto_secretbox_KEYBYTES)
18 25
     var symmetricKey = this.symmetricKey()
19 26
     var accessKey = this.pack(publicKey, symmetricKey)
20 27
     const encryptionKey = bufferAlloc(sodium.crypto_secretbox_KEYBYTES)
@@ -33,7 +40,7 @@ class Crypto {
33 40
   }
34 41
 
35 42
   accessKey () {
36
-    return this.pack(this.keyPair().publicKey, this.symmetricKey())
43
+    return this.pack(this.randomBytes(sodium.crypto_secretbox_KEYBYTES), this.symmetricKey())
37 44
   }
38 45
 
39 46
   pack (pubKey, symKey) {

+ 5
- 4
test/index.test.js View File

@@ -10,7 +10,8 @@ const { cleanup, tmp } = require('./util')
10 10
 
11 11
 describe('key generation', (context) => {
12 12
   context('generate an asymmetric keypair', (assert, next) => {
13
-    const keypair = crypto.keyPair()
13
+    const masterKey = crypto.masterKey()
14
+    const keypair = crypto.keyPair(masterKey, 0)
14 15
     assert.ok(keypair, 'Keys successfully generated')
15 16
     assert.ok(keypair.publicKey instanceof Buffer, 'Public Key is a buffer')
16 17
     assert.ok(keypair.secretKey instanceof Buffer, 'Secret Key s a buffer')
@@ -33,7 +34,7 @@ describe('key generation', (context) => {
33 34
   })
34 35
 
35 36
   context('pack an access key', (assert, next) => {
36
-    const pubKey = crypto.keyPair().publicKey
37
+    const pubKey = crypto.randomBytes(32)
37 38
     const secretKey = crypto.symmetricKey()
38 39
 
39 40
     const accessKey = crypto.pack(pubKey, secretKey)
@@ -46,7 +47,7 @@ describe('key generation', (context) => {
46 47
   })
47 48
 
48 49
   context('pack an access key given as strings', (assert, next) => {
49
-    const pubKey = crypto.keyPair().publicKey
50
+    const pubKey = crypto.randomBytes(32)
50 51
     const secretKey = crypto.symmetricKey()
51 52
 
52 53
     const accessKey = crypto.pack(pubKey.toString('hex'), secretKey.toString('hex'))
@@ -74,7 +75,7 @@ describe('key generation', (context) => {
74 75
     const accessKey = crypto.accessKey()
75 76
     assert.ok(crypto.isKey(accessKey), '64 byte buffer is a valid read/write key')
76 77
     assert.ok(crypto.isKey(accessKey.toString('hex')), '64 byte string is a valid read/write key')
77
-    const blindKey = crypto.keyPair().publicKey
78
+    const blindKey = crypto.randomBytes(32)
78 79
     assert.ok(crypto.isKey(blindKey), '32 byte public key is a valid blind replication key')
79 80
     assert.ok(crypto.isKey(blindKey.toString('hex')), '32 byte string is a valid blind replication key')
80 81
     next()