Merge branch 'development'

README.md

@@ -64,3 +64,23 @@ feed.ready(() => {
   })
 })
 ```
+
+```js
+const { publicKey, secretKey } = boxKeypair(seed)
+```
+
+```js
+const boxed = box(publicKey, message, [contextMessage])
+```
+Encrypts a message to a given public key and returns it as a buffer
+- `publicKey` buffer or hex encoded string
+- `message` buffer or hex encoded string of any length
+- `contextMessage`, if passed, will be hashed in to the shared secret. Should be a buffer or hex encoded string.
+
+```js
+const unboxed = unbox(cipherText, keypair, [contextMessage])
+```
+Decrypts a message using the given keypair.
+- `cipherText` the encrypted message given as a buffer.
+- `keypair` an object of the form `{ publicKey, secretKey }` both of which should be buffers or hex encoded strings.
+- `contextMessage`, if given, will be hashed into the shared secret. Should be a buffer or hex encoded string.

index.js

@@ -2,8 +2,13 @@ const sodium = require('sodium-native')
 const crypto = require('hypercore-crypto')
 const assert = require('assert')
 const bip39 = require('bip39')
+const zero = sodium.sodium_memzero
 
 class Crypto {
+  constructor () {
+    this.PACKEDLENGTH = sodium.crypto_sign_PUBLICKEYBYTES + sodium.crypto_secretbox_KEYBYTES
+  }
+
   randomBytes (length) {
     return crypto.randomBytes(length)
   }
@@ -21,16 +26,17 @@ class Crypto {
   encryptionKey (encryptionKey) {
     var key = sodium.sodium_malloc(sodium.crypto_secretbox_KEYBYTES)
     if (encryptionKey && Buffer.isBuffer(encryptionKey)) key.copy(encryptionKey)
-    else if (encryptionKey && typeof encryptionKey === 'string') key.write(encryptionKey)
+    else if (encryptionKey && typeof encryptionKey === 'string') key.write(encryptionKey, 'hex')
     else sodium.randombytes_buf(key)
     return key
   }
 
-  keyPair (masterKey, id, ctxt = 'cobox') {
+  keyPair (masterKey, id, ctxt = 'coboxcobox') {
     const context = sodium.sodium_malloc(sodium.crypto_hash_sha256_BYTES)
     sodium.crypto_hash_sha256(context, Buffer.from(ctxt))
     const seed = sodium.sodium_malloc(sodium.crypto_kdf_KEYBYTES)
     sodium.crypto_kdf_derive_from_key(seed, id, context, masterKey)
+    zero(context)
     return crypto.keyPair(seed)
   }
 
@@ -48,14 +54,14 @@ class Crypto {
   pack (address, encryptionKey) {
     address = this.toBuffer(address, sodium.crypto_sign_PUBLICKEYBYTES)
     encryptionKey = this.toBuffer(encryptionKey, sodium.crypto_secretbox_KEYBYTES)
-    const accessKey = sodium.sodium_malloc(sodium.crypto_sign_PUBLICKEYBYTES + sodium.crypto_secretbox_KEYBYTES)
+    const accessKey = sodium.sodium_malloc(this.PACKEDLENGTH)
     address.copy(accessKey)
     encryptionKey.copy(accessKey, sodium.crypto_secretbox_KEYBYTES)
     return accessKey
   }
 
   unpack (key) {
-    key = this.toBuffer(key, [sodium.crypto_sign_PUBLICKEYBYTES, sodium.crypto_sign_PUBLICKEYBYTES + sodium.crypto_secretbox_KEYBYTES])
+    key = this.toBuffer(key, [sodium.crypto_sign_PUBLICKEYBYTES, this.PACKEDLENGTH])
 
     if (key.length === sodium.crypto_sign_PUBLICKEYBYTES) return { address: key }
 
@@ -112,6 +118,7 @@ class Crypto {
         var nonce = Buffer.alloc(sodium.crypto_secretbox_NONCEBYTES)
         sodium.randombytes_buf(nonce)
         sodium.crypto_secretbox_easy(ciphertext, message, nonce, encryptionKey)
+        zero(message)
         return Buffer.concat([nonce, ciphertext])
       },
 
@@ -133,6 +140,74 @@ class Crypto {
     }
   }
 
+  boxKeypair (seed) {
+    const publicKey = sodium.sodium_malloc(sodium.crypto_box_PUBLICKEYBYTES)
+    const secretKey = sodium.sodium_malloc(sodium.crypto_box_SECRETKEYBYTES)
+    if (seed) {
+      seed = this.toBuffer(seed, sodium.crypto_box_SEEDBYTES)
+      sodium.crypto_box_seed_keypair(publicKey, secretKey, seed)
+      zero(seed)
+    } else {
+      sodium.crypto_box_keypair(publicKey, secretKey)
+    }
+    return { publicKey, secretKey }
+  }
+
+  box (pubKey, messageBuffer, contextMessage = Buffer.from('cobox')) {
+    pubKey = this.toBuffer(pubKey, sodium.crypto_box_PUBLICKEYBYTES)
+    if (typeof messageBuffer === 'string') messageBuffer = Buffer.from(messageBuffer)
+    if (typeof contextMessage === 'string') contextMessage = Buffer.from(contextMessage)
+    var boxed = Buffer.alloc(messageBuffer.length + sodium.crypto_secretbox_MACBYTES)
+    const ephKeypair = this.boxKeypair()
+    const nonce = this.randomBytes(sodium.crypto_secretbox_NONCEBYTES)
+    var sharedSecret = this.genericHash(
+      Buffer.concat([ephKeypair.publicKey, pubKey, contextMessage]),
+      this.genericHash(this.scalarMult(ephKeypair.secretKey, pubKey)))
+
+    sodium.crypto_secretbox_easy(boxed, messageBuffer, nonce, sharedSecret)
+
+    zero(sharedSecret)
+    zero(ephKeypair.secretKey)
+    return Buffer.concat([nonce, ephKeypair.publicKey, boxed])
+  }
+
+  unbox (cipherText, keypair, contextMessage = Buffer.from('cobox')) {
+    keypair.publicKey = this.toBuffer(keypair.publicKey, sodium.crypto_box_PUBLICKEYBYTES)
+    keypair.secretKey = this.toBuffer(keypair.secretKey, sodium.crypto_box_SECRETKEYBYTES)
+    if (typeof contextMessage === 'string') contextMessage = Buffer.from(contextMessage)
+    const NONCEBYTES = sodium.crypto_secretbox_NONCEBYTES
+    const KEYBYTES = sodium.crypto_secretbox_KEYBYTES
+    try {
+      var nonce = cipherText.slice(0, NONCEBYTES)
+      var pubKey = cipherText.slice(NONCEBYTES, NONCEBYTES + KEYBYTES)
+      var box = cipherText.slice(NONCEBYTES + KEYBYTES, cipherText.length)
+      var unboxed = Buffer.alloc(box.length - sodium.crypto_secretbox_MACBYTES)
+    } catch (err) {
+      return false
+    }
+    const sharedSecret = this.genericHash(
+      Buffer.concat([pubKey, keypair.publicKey, contextMessage]),
+      this.genericHash(this.scalarMult(keypair.secretKey, pubKey)))
+
+    const success = sodium.crypto_secretbox_open_easy(unboxed, box, nonce, sharedSecret)
+    zero(sharedSecret)
+    zero(keypair.secretKey)
+    zero(keypair.publicKey)
+    return success ? unboxed : false
+  }
+
+  genericHash (msg, key) {
+    var hash = sodium.sodium_malloc(sodium.crypto_generichash_BYTES_MAX)
+    sodium.crypto_generichash(hash, msg, key)
+    return hash
+  }
+
+  scalarMult (sk, pk) {
+    var result = sodium.sodium_malloc(sodium.crypto_scalarmult_BYTES)
+    sodium.crypto_scalarmult(result, sk, pk)
+    return result
+  }
+
   _resolveStringEncoder (encoder) {
     if (encoder === 'json') return {
       encode: (msg) => Buffer.from(JSON.stringify(msg)),
@@ -148,4 +223,3 @@ class Crypto {
 }
 
 module.exports = new Crypto()
-

test/index.test.js

@@ -2,6 +2,7 @@ const { describe } = require('tape-plus')
 const hypercore = require('hypercore')
 const path = require('path')
 const fs = require('fs')
+const sodium = require('sodium-native')
 
 const crypto = require('../')
 
@@ -31,16 +32,20 @@ describe('key generation', (context) => {
   })
 
   context('encryptionKey(string)', (assert, next) => {
-    const key = crypto.encryptionKey(crypto.randomBytes(32).toString('hex'))
+    const bytes = crypto.randomBytes(32).toString('hex')
+    const key = crypto.encryptionKey(bytes)
     assert.ok(key, 'Key successfully generated')
     assert.ok(key instanceof Buffer, 'key is a secure buffer')
+    assert.same(bytes, key.toString('hex'), 'keys match')
     next()
   })
 
   context('encryptionKey(buffer)', (assert, next) => {
-    const key = crypto.encryptionKey(crypto.randomBytes(32))
+    const bytes = crypto.randomBytes(32)
+    const key = crypto.encryptionKey(bytes)
     assert.ok(key, 'Key successfully generated')
     assert.ok(key instanceof Buffer, 'key is a secure buffer')
+    assert.same(bytes.toString('hex'), key.toString('hex'), 'keys match')
     next()
   })
 
@@ -189,3 +194,29 @@ describe('hypercore', (context) => {
     })
   })
 })
+
+describe('box and unbox', (context) => {
+  context.beforeEach((c) => {
+  })
+
+  context('boxkeypair', (assert, next) => {
+    const { publicKey, secretKey } = crypto.boxKeypair()
+    assert.ok(Buffer.isBuffer(publicKey), 'public key generated')
+    assert.ok(Buffer.isBuffer(secretKey), 'secret key generated')
+    const seed = crypto.randomBytes(sodium.crypto_box_SEEDBYTES)
+    const seedKeypair = crypto.boxKeypair(seed)
+    assert.ok(Buffer.isBuffer(seedKeypair.publicKey), 'public key generated from seed')
+    assert.ok(Buffer.isBuffer(seedKeypair.secretKey), 'secret key generated from seed')
+    next()
+  })
+
+  context('box and unbox', (assert, next) => {
+    const { publicKey, secretKey } = crypto.boxKeypair()
+    const msg = 'beep boop'
+    const boxedMsg = crypto.box(publicKey, Buffer.from(msg))
+    assert.true(boxedMsg.toString('hex') !== msg.toString('hex'), 'boxed message !== message')
+    const unboxedMsg = crypto.unbox(boxedMsg, { publicKey, secretKey })
+    assert.same(unboxedMsg.toString(), msg, 'message decrypted successfully')
+    next()
+  })
+})