UNPKG

hypercore-xsalsa20-onwrite-hook

Version:

A write hook to decrypt data using a XSalsa20 cipher into a hypercore storage when replicating from peers

github.com/jwerle/hypercore-xsalsa20-onwrite-hook

jwerle/hypercore-xsalsa20-onwrite-hook

60 lines (50 loc) 1.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
const xsalsa20 = require('xsalsa20-encoding') const varint = require('varint') const crypto = require('hypercore-crypto') const assert = require('assert') /** * The size in bytes of the nonce attached to an * enciphered buffer returned from the xsalsa20 * encoding. * @public * @const */ const NONCE_BYTES = 24 /** * Creates a `onwrite()` hook for a Hypercore feed that uses the * xsalsa20 cipher to encipher or decipher blocks in a Hypercore feed. * Nonces are computed from the Hypercore feed's public key and block index. * @param {String|Buffer} key * @return {Function} */ function createHook(key, opts) { // istanbul ignore next if ('string' === typeof key) { key = Buffer.from(key, 'hex') } assert(Buffer.isBuffer(key), '`key` is not a buffer.') return onwrite function onwrite(index, data, peer, done) { const block = Buffer.from(varint.encode(index)) const nonce = Buffer.allocUnsafe(24) // nonce = hash(key || block) crypto.data(Buffer.concat([this.key, block])).copy(nonce) // if not replicating from a peer, encipher plaintext, // otherwise decipher ciphertext with computed nonce if (!peer) { xsalsa20(key, { nonce: () => nonce }) .encode(data) .slice(NONCE_BYTES) .copy(data) } else { xsalsa20(key) .decode(Buffer.concat([nonce, data])) .copy(data) } done(null) } } /** * Module exports. */ module.exports = createHook