Use async hypercore-encryption module (#676)

* use async hypercore-block-encryption module

* standard fix

* update encryption module api

* instantiate legacy provider as required

* clearer naming

* massage args

* wait for encryption ready

* method to dynamically set encryption

* kill encryption key prop

* setEncryption only accepts encryption provider

* use hypercore-encryption dep

* fix typo

* use encryption module helper

Author: chm-diederichs

README.md

@@ -425,10 +425,6 @@ In contrast to `core.key` this key does not allow you to verify the data but can
 
 Populated after `ready` has been emitted. Will be `null` before the event.
 
-#### `core.encryptionKey`
-
-Buffer containing the optional block encryption key of this core. Will be `null` unless block encryption is enabled.
-
 #### `core.length`
 
 How many blocks of data are available on this core.

index.js

@@ -3,15 +3,16 @@ const isOptions = require('is-options')
 const crypto = require('hypercore-crypto')
 const CoreStorage = require('hypercore-storage')
 const c = require('compact-encoding')
+const sodium = require('sodium-universal')
 const b4a = require('b4a')
 const NoiseSecretStream = require('@hyperswarm/secret-stream')
+const HypercoreEncryption = require('hypercore-encryption')
 const Protomux = require('protomux')
 const id = require('hypercore-id-encoding')
 const safetyCatch = require('safety-catch')
 const unslab = require('unslab')
 
 const Core = require('./lib/core')
-const BlockEncryption = require('./lib/block-encryption')
 const Info = require('./lib/info')
 const Download = require('./lib/download')
 const caps = require('./lib/caps')
@@ -149,7 +150,7 @@ class Hypercore extends EventEmitter {
   }
 
   static blockEncryptionKey (key, encryptionKey) {
-    return BlockEncryption.blockEncryptionKey(key, encryptionKey)
+    return HypercoreEncryption.blockEncryptionKey(key, encryptionKey)
   }
 
   static getProtocolMuxer (stream) {
@@ -233,10 +234,25 @@ class Hypercore extends EventEmitter {
     return s
   }
 
-  async setEncryptionKey (encryptionKey, opts) {
+  setEncryptionKey (encryptionKey, opts) {
+    const encryption = this._getLegacyEncryption(encryptionKey, !!(opts && opts.block))
+    return this.setEncryption(encryption, opts)
+  }
+
+  async setEncryption (encryption, opts) {
     if (!this.opened) await this.opening
     if (this.core.unencrypted) return
-    this.encryption = encryptionKey ? new BlockEncryption(encryptionKey, this.key, { compat: this.core.compat, ...opts }) : null
+
+    if (encryption === null) {
+      this.encryption = encryption
+      return
+    }
+
+    if (!HypercoreEncryption.isHypercoreEncryption(encryption)) {
+      throw new Error('Expected hypercore encryption provider')
+    }
+
+    this.encryption = encryption
     if (!this.core.encryption) this.core.encryption = this.encryption
   }
 
@@ -315,7 +331,12 @@ class Hypercore extends EventEmitter {
 
     if (!this.core.encryption && !this.core.unencrypted) {
       const e = getEncryptionOption(opts)
-      if (e) this.core.encryption = new BlockEncryption(e.key, this.key, { compat: this.core.compat, ...e })
+
+      if (HypercoreEncryption.isHypercoreEncryption(e)) {
+        this.core.encryption = e
+      } else if (e) {
+        this.core.encryption = this._getLegacyEncryption(e.key, e.block)
+      }
     }
 
     const parent = opts.parent || null
@@ -576,10 +597,6 @@ class Hypercore extends EventEmitter {
     return this.opened === false ? [] : this.core.replicator.peers
   }
 
-  get encryptionKey () {
-    return this.encryption && this.encryption.key
-  }
-
   get padding () {
     return this.encryption === null ? 0 : this.encryption.padding
   }
@@ -758,7 +775,7 @@ class Hypercore extends EventEmitter {
 
       if (this.encryption.compat !== this.core.compat) this._updateEncryption()
       if (this.core.unencrypted) this.encryption = null
-      else this.encryption.decrypt(index, block)
+      else await this.encryption.decrypt(index, block)
     }
 
     return this._decode(encoding, block)
@@ -907,6 +924,7 @@ class Hypercore extends EventEmitter {
     blocks = Array.isArray(blocks) ? blocks : [blocks]
 
     const preappend = this.core.unencrypted ? null : (this.encryption && this._preappend)
+    if (preappend) await this.encryption.ready()
 
     const buffers = this.encodeBatch !== null ? this.encodeBatch(blocks) : new Array(blocks.length)
 
@@ -1037,9 +1055,22 @@ class Hypercore extends EventEmitter {
 
   _updateEncryption () {
     const e = this.encryption
-    this.encryption = new BlockEncryption(e.key, this.key, { compat: this.core.compat, block: b4a.equals(e.blockKey, e.key) })
+    if (HypercoreEncryption.isHypercoreEncryption(e)) return
+
+    this.encryption = this._getLegacyEncryption(e.key, e.block)
+
     if (e === this.core.encryption) this.core.encryption = this.encryption
   }
+
+  _getLegacyEncryption (encryptionKey, block) {
+    if (!encryptionKey) return null
+
+    const blockKey = block
+      ? encryptionKey
+      : getLegacyBlockKey(this.key, encryptionKey, this.core.compat)
+
+    return HypercoreEncryption.createLegacyProvider(encryptionKey, blockKey)
+  }
 }
 
 module.exports = Hypercore
@@ -1052,14 +1083,14 @@ function toHex (buf) {
   return buf && b4a.toString(buf, 'hex')
 }
 
-function preappend (blocks) {
+async function preappend (blocks) {
   const offset = this.state.length
   const fork = this.state.encryptionFork
 
   if (this.encryption.compat !== this.core.compat) this._updateEncryption()
 
   for (let i = 0; i < blocks.length; i++) {
-    this.encryption.encrypt(offset + i, blocks[i], fork)
+    await this.encryption.encrypt(offset + i, blocks[i], fork)
   }
 }
 
@@ -1126,3 +1157,12 @@ function getEncryptionOption (opts) {
   if (!opts.encryption) return null
   return b4a.isBuffer(opts.encryption) ? { key: opts.encryption } : opts.encryption
 }
+
+function getLegacyBlockKey (hypercoreKey, encryptionKey, compat) {
+  const key = b4a.alloc(HypercoreEncryption.KEYBYTES)
+
+  if (compat) sodium.crypto_generichash_batch(key, [encryptionKey], hypercoreKey)
+  else sodium.crypto_generichash_batch(key, [caps.LEGACY_BLOCK_ENCRYPTION, hypercoreKey, encryptionKey])
+
+  return key
+}

lib/block-encryption.js

@@ -12,12 +12,12 @@ const [
   REPLICATE_RESPONDER,
   MANIFEST,
   DEFAULT_NAMESPACE,
-  BLOCK_ENCRYPTION
+  LEGACY_BLOCK_ENCRYPTION
 ] = crypto.namespace('hypercore', 6)
 
 exports.MANIFEST = MANIFEST
 exports.DEFAULT_NAMESPACE = DEFAULT_NAMESPACE
-exports.BLOCK_ENCRYPTION = BLOCK_ENCRYPTION
+exports.LEGACY_BLOCK_ENCRYPTION = LEGACY_BLOCK_ENCRYPTION
 
 exports.replicate = function (isInitiator, key, handshakeHash) {
   const out = b4a.allocUnsafe(32)

lib/caps.js

@@ -49,6 +49,7 @@
     "fast-fifo": "^1.3.0",
     "flat-tree": "^1.9.0",
     "hypercore-crypto": "^3.2.1",
+    "hypercore-encryption": "^1.0.0",
     "hypercore-errors": "^1.2.0",
     "hypercore-id-encoding": "^1.2.0",
     "hypercore-storage": "^1.0.0",

package.json

@@ -1,5 +1,6 @@
 const test = require('brittle')
 const b4a = require('b4a')
+const HypercoreEncryption = require('hypercore-encryption')
 const Hypercore = require('..')
 const { create, createStorage, replicate } = require('./helpers')
 
@@ -8,7 +9,7 @@ const encryptionKey = b4a.alloc(32, 'hello world')
 test('encrypted append and get', async function (t) {
   const a = await create(t, { encryption: { key: encryptionKey } })
 
-  t.alike(a.encryptionKey, encryptionKey)
+  t.ok(a.encryption)
 
   await a.append(['hello'])
 
@@ -151,8 +152,8 @@ test('encrypted session on unencrypted core', async function (t) {
 
   const s = a.session({ encryption: { key: encryptionKey }, debug: 'debug' })
 
-  t.alike(s.encryptionKey, encryptionKey)
-  t.unlike(s.encryptionKey, a.encryptionKey)
+  t.ok(s.encryption)
+  t.absent(a.encryption)
 
   await s.append(['hello'])
 
@@ -200,7 +201,7 @@ test('encrypted core from existing unencrypted core', async function (t) {
   const b = new Hypercore({ core: a.core, encryption: { key: encryptionKey } })
 
   t.alike(b.key, a.key)
-  t.alike(b.encryptionKey, encryptionKey)
+  t.alike(b.encryption, a.core.encryption)
 
   await b.append(['hello'])
 
@@ -221,9 +222,9 @@ test('from session sessions pass encryption', async function (t) {
   await b.ready()
   await c.ready()
 
-  t.absent(a.encryptionKey)
-  t.ok(b.encryptionKey)
-  t.ok(c.encryptionKey)
+  t.absent(a.encryption)
+  t.ok(b.encryption)
+  t.ok(c.encryption)
 
   await c.close()
   await b.close()
@@ -237,12 +238,41 @@ test('session keeps encryption', async function (t) {
   const b = a.session({ encryption: { key: encryptionKey } })
   await b.ready()
 
-  t.alike(b.encryptionKey, encryptionKey)
-
   await b.close()
   await a.close()
 })
 
+test('block encryption module', async function (t) {
+  const blindingKey = b4a.alloc(32, 0)
+
+  const encryption = new HypercoreEncryption(blindingKey, getKey, { id: 1 })
+
+  await encryption.ready()
+
+  const core = await create(t, null, { encryption })
+  await core.ready()
+
+  await core.append('0')
+
+  await encryption.load(2)
+
+  await core.append('1')
+  await core.append('2')
+
+  t.alike(await core.get(0), b4a.from('0'))
+  t.alike(await core.get(1), b4a.from('1'))
+  t.alike(await core.get(2), b4a.from('2'))
+
+  async function getKey (id) {
+    await Promise.resolve()
+    return {
+      version: 1,
+      key: b4a.alloc(32, id),
+      padding: 16
+    }
+  }
+})
+
 function getBlock (core, index) {
   const batch = core.core.storage.read()
   const b = batch.getBlock(index)