216 build keychainprogram #217
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,219 @@ | ||
| import { AbstractType, field, option, variant, vec } from "@dao-xyz/borsh"; | ||
| import { Program } from "./program"; | ||
| import { | ||
| And, | ||
| BoolQuery, | ||
| ByteMatchQuery, | ||
| Documents, | ||
| MissingField, | ||
| Or, | ||
| PutOperation, | ||
| Query, | ||
| SearchRequest, | ||
| Sort, | ||
| SortDirection, | ||
| StateFieldQuery, | ||
| StringMatch | ||
| } from "../../data/document/src"; | ||
| import { | ||
| EncryptedThing, | ||
| EncryptedSecp256k1Keypair, | ||
| EncryptedX25519Keypair, | ||
| EncryptedEd25519Keypair, | ||
| EncryptedKeypair, | ||
| DecryptedThing, | ||
| createLocalEncryptProvider, | ||
| X25519Keypair, | ||
| X25519PublicKey, | ||
| createDecrypterFromKeyResolver, | ||
| KeyResolverReturnType, | ||
| Ed25519PublicKey, | ||
| Secp256k1PublicKey, | ||
| Identity, | ||
| EncryptProvide, | ||
| KeyExchangeOptions, | ||
| DecryptProvider | ||
| } from "@peerbit/crypto"; | ||
| import { compare } from "@peerbit/uint8arrays"; | ||
|
|
||
| @variant(0) | ||
| class EncryptedExtendedKey { | ||
| // TODO: The owner of the key determined by wallet address or public sign key? | ||
| @field({ type: vec("u8") }) | ||
| owner: Uint8Array; | ||
| // Is this key revoked? HAS TO BE TRUE if recipient is set. | ||
| @field({ type: "bool" }) | ||
| revoked: boolean; | ||
| // Provide a single-use key for someone else | ||
| @field({ type: option(vec("u8")) }) | ||
| recipient?: Uint8Array; | ||
| // TODO: add the actual key here | ||
| @field({ type: EncryptedKeypair }) | ||
| keypair: | ||
| | EncryptedX25519Keypair | ||
| | EncryptedEd25519Keypair | ||
| | EncryptedSecp256k1Keypair; | ||
|
|
||
| constructor(parameters: { | ||
| owner: Uint8Array; | ||
| keypair: | ||
| | EncryptedX25519Keypair | ||
| | EncryptedEd25519Keypair | ||
| | EncryptedSecp256k1Keypair; | ||
| revoked?: boolean; | ||
| }) { | ||
| this.keypair = parameters.keypair; | ||
| this.owner = parameters.owner; | ||
| this.revoked = parameters.revoked ?? false; | ||
| } | ||
| } | ||
|
|
||
| export class KeychainProgram extends Program { | ||
| @field({ type: Documents<EncryptedExtendedKey> }) | ||
| keys: Documents<EncryptedExtendedKey>; | ||
|
There was a problem hiding this comment. When PR #215 is merged it should in practice just be possible to just do @field({ type: Documents<Ed25519Keypair> })
keys: Documents<Ed25519Keypair>; // or something else secretand later just do sharedKeychain.keys.put(keypair, { encryption : { hash: ` the hash of the secret key you want to use` } })There was a problem hiding this comment. or, well it depends if you want to have a a public and private part of the document of course. Then you need the There was a problem hiding this comment. Hmmm, but isn't the problem that the There was a problem hiding this comment. ___ I edited this message by mistake ___ // marcus There was a problem hiding this comment. And I have also been thinking - sometimes, a user I want to encrypt something for has not generated a keypair yet. So at that time of speaking, I want to generate a keypair for him that is only single use. And that might have to be marked as such? There was a problem hiding this comment.
Ah yee for this to work the decryption has to be performed by keys that exist in a lower level keychain. When you use the put method there PublicKeyEnvelope (in the crypto lib) will leak the publickeys of the parties that can decrypt the message, which allows you to figure out if you can decrypt a message. I think it might be easier to reason about stuff if you would separate "encryption" utilties from this shared-keychain. So this keychain stores keys that are encrypted, but the keys for providing the encryption for storing these keys for this keychain perhaps needs to originate from a lower level keychain. It could in practice also be possible that keys in this keychain are allso encrypted by keys that also exist in this keychain, but then you need to make sure you are loading the database in the right order kind of (which is possible in practice there is a oplog behind the scenes that allows you to link commits) There was a problem hiding this comment. If you want to revoke keys I think you need a revoked flag on the keypair object, or something like that. Else you could in theory also just use the delete function of the document store and assumes keys are only valid if they exist in the keychain |
||
|
|
||
| @field({ type: Identity }) | ||
| identity: Identity; | ||
|
|
||
| @field({ type: EncryptProvide }) | ||
| encryptProvider: EncryptProvide<KeyExchangeOptions>; | ||
|
|
||
| @field({ type: DecryptProvider }) | ||
| decryptProvider: DecryptProvider; | ||
|
|
||
| // TODO: Offer rotate keys functionality. revokes all unrevoked keys and adds a new key which it returns | ||
| // TODO: Write Key updater that either adds a given key or generates a new one. | ||
| // TODO: the key updater should always set the revoked flag for keys with a recipient | ||
|
|
||
| // TODO: Write a key getter that get's my latest key. If no valid key is found, run rotate and return newly created | ||
| // TODO: Write a key getter that get's the latest key's of recipients. If no valid key is found for a recipient, add a new, temporary key for the recipient. | ||
| // TODO: Write a key getter that get's a specified key, no matter the revoked status | ||
| async getKey( | ||
| parameters: | ||
| | { owner?: Uint8Array; publicKey?: never } | ||
| | { | ||
| owner?: never; | ||
| publicKey?: X25519PublicKey | Ed25519PublicKey | Secp256k1PublicKey; | ||
| } = {} | ||
| ) { | ||
| const { owner = this.identity.publicKey.bytes, publicKey } = parameters; | ||
| // Create Filter options | ||
| const queries = | ||
| // Looking for specific public keys. We don't care about revocation status. | ||
| publicKey != undefined | ||
| ? [ | ||
| new ByteMatchQuery({ | ||
| key: ["keypair", "publicKey", "publicKey"], | ||
| value: publicKey.publicKey | ||
| }) | ||
| ] | ||
| : // Looking for latest key from a specific owner. | ||
| [ | ||
| new And([ | ||
| // Only non-revoked | ||
| new BoolQuery({ key: "revoked", value: false }), | ||
| // Recipient has to be undefined | ||
| // TODO: Is this correct? | ||
| new MissingField({ key: "recipient" }), | ||
| // And from the specified owner | ||
| new ByteMatchQuery({ | ||
| key: "owner", | ||
| value: owner | ||
| }) | ||
| ]) | ||
| ]; | ||
| // TODO: How can we limit this to only fetch the last entry - so a single one? | ||
| const keys = await this.keys.index.search( | ||
| new SearchRequest({ | ||
| query: queries, | ||
| sort: new Sort({ | ||
| key: "timestamp", | ||
| direction: SortDirection.DESC | ||
| }) | ||
| }) | ||
| ); | ||
| // Create a new key in case we can't find a match | ||
| // If owner is not me, create a new, temporary key with me as owner and recipient as the requested owner | ||
| // If owner is me, create a new permanent key with | ||
| if (keys.length === 0) { | ||
| //return compare(this.identity.publicKey.bytes, owner) ? | ||
| } | ||
| return keys[0].keypair.decrypt(this.decryptProvider); | ||
| } | ||
|
|
||
| // TODO: Unsure about encryptProvider here honestly - should this be layer 1 keychain? | ||
| async open(parameters: { | ||
| identity: Identity; | ||
|
There was a problem hiding this comment. identity already exist if you do
|
||
| encryptProvider: EncryptProvide<KeyExchangeOptions>; | ||
| decryptProvider: DecryptProvider; | ||
| }) { | ||
| this.identity = parameters.identity; | ||
| this.encryptProvider = parameters.encryptProvider; | ||
| this.decryptProvider = parameters.decryptProvider; | ||
| // TODO: This should be opened with the layer 1 encryption provider | ||
| await this.keys.open({ | ||
| type: EncryptedExtendedKey, | ||
| canPerform: async (operation, { entry }) => { | ||
| // Sender can put, identified by masterkey | ||
| const owner = ( | ||
| operation instanceof PutOperation | ||
| ? operation.value | ||
| : await this.keys.index.get(operation.key) | ||
| )?.owner; | ||
| for (const signer of entry.signatures) { | ||
| if (signer.publicKey.equals(owner)) return true; | ||
| } | ||
| return false; | ||
| }, | ||
| index: { | ||
| // TODO: not sure about this | ||
| key: ["keyPair", "publicKey"], | ||
| // -> I want to be able to search .pub and .owner properties | ||
| fields: async (doc, context) => { | ||
| { | ||
| return { | ||
| ...doc, | ||
| timestamp: context.created | ||
| }; | ||
| } | ||
| }, | ||
| canRead: () => true, | ||
| canSearch: () => true | ||
| }, | ||
| // TODO: Potentially unsafe, as untrusted nodes might hide entries | ||
| canReplicate: () => true | ||
| }); | ||
| } | ||
|
|
||
| async encrypt<T>(plainText: T, recipients: Uint8Array[]) { | ||
| if (recipients.length === 0) throw new Error("No recipients specified"); | ||
| // TODO: Get and Feed my own key into this. | ||
| const myEncryptionKeypair = await X25519Keypair.create(); | ||
| const encryptionProvider = createLocalEncryptProvider(myEncryptionKeypair); | ||
| // TODO: Get and Feed recipient keys into .encrypt | ||
| const recipientPublicKeys = await Promise.all([ | ||
| X25519PublicKey.create(), | ||
| X25519PublicKey.create() | ||
| ]); | ||
| return new DecryptedThing({ value: plainText }).encrypt( | ||
| encryptionProvider, | ||
| { type: "publicKey", receiverPublicKeys: recipientPublicKeys } | ||
| ); | ||
| } | ||
|
|
||
| async decrypt<T>(encryptedThing: EncryptedThing<T>, clazz: AbstractType<T>) { | ||
| const keyResolver = async <PublicKey extends X25519PublicKey | Uint8Array>( | ||
| key: X25519PublicKey | Uint8Array | ||
| ) => { | ||
| // TODO: fetch keys here based on key parameter and return them | ||
| if (key instanceof X25519PublicKey) | ||
| return X25519Keypair.create() as Promise< | ||
| KeyResolverReturnType<PublicKey> | ||
| >; | ||
| return undefined; | ||
| }; | ||
| const decryptionProvider = createDecrypterFromKeyResolver(keyResolver); | ||
| const decryptedThing = await encryptedThing.decrypt(decryptionProvider); | ||
| return decryptedThing.getValue(clazz); | ||
| } | ||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
implements Keychainmaybe? from '@peerbit/keychain'