secure-config documentation

Author: sevenbitbyte

examples/i2p-host.js

@@ -1,5 +1,5 @@
 const Path = require('path')
-const debug = require('debug')('test.server-db')
+const debug = require('debug')('example.i2p')
 const Dataparty = require('../src')
 const dataparty_crypto = require('@dataparty/crypto')
 
@@ -55,7 +55,6 @@ async function main(){
 
   const runner = new Dataparty.ServiceRunnerNode({
     party,
-    //prefix: 'foo',
     service: live,
     sendFullErrors: false,
     useNative: false
@@ -71,7 +70,9 @@ async function main(){
     runner: runnerRouter,
     trust_proxy: true,
     wsEnabled: true,
-    i2pEnabled: true
+    i2pEnabled: true,
+    i2pSamHost: 'localhost',
+    i2pSamPort: 7656
   })
 
   debug(runner.party.identity)

examples/secure-config.js

@@ -16,7 +16,7 @@ async function main(){
 
     secureConfig = new Dataparty.Config.SecureConfig({
         config: jsonConfig,
-        //timeoutMs: 15*1000
+        timeoutMs: 15*1000
     })
 
 
@@ -122,10 +122,9 @@ async function main(){
 
     let timer = setTimeout(async ()=>{
 
-
         console.log('timer config', await secureConfig.readAll())
 
-    }, 1000*60*6)
+    }, 1000*30)
 
 }
 

src/config/json-file.js

@@ -68,6 +68,7 @@ class JsonFileConfig extends IConfig {
 
   async write(key, value){
 
+    logger('writing path:', key)
     deepSet(this.content, key, value)
     await this.save()
   }

src/config/secure-config.js

@@ -1,8 +1,8 @@
 const dataparty_crypto = require('@dataparty/crypto')
 
 const debug = require('debug')('dataparty.config.secure-config')
-
 const deepSet = require('lodash').set
+
 const reach = require('../utils/reach')
 
 const IConfig = require('./iconfig')
@@ -11,6 +11,16 @@ const PASSWORD_HASHING_ROUNDS = 1000000
 const DEFAULT_TIMEOUT_MS = 5*60*1000 //! 5min
 
 class SecureConfig extends IConfig {
+
+    /**
+     * @class   module:Config.SecureConfig
+     * @implements  {module:Config.SecureConfig}
+     * @link module.Config
+     * @param {string}      id              The id of this secure config. Multiple secure configs can be stored within a single `IConfig`
+     * @param {IConfig}     config          The underlying IConfig to use for storage
+     * @param {number}      timeoutMs       Timeout since last unlock, after which the config will be locked. Defaults to 5 minutes.
+     * @param {boolean}     includeActivity When set to `true` the timeout is reset after any read/write activity. Defaults to `true`
+     */
     constructor({
         id = 'secure-config',
         config, timeoutMs=DEFAULT_TIMEOUT_MS, includeActivity=true
@@ -24,78 +34,175 @@ class SecureConfig extends IConfig {
         this.timer = null
         this.lastActivity = null
         this.timeoutMs = timeoutMs || DEFAULT_TIMEOUT_MS
-        this.includeActivity = includeActivity || true
+        this.includeActivity = (typeof includeActivity === 'boolean') ? includeActivity : true
 
         this.blocked = false
     }
 
+    /**
+     * Start the secure storage
+     * @fires module:Config.SecureConfig#setup-required
+     * @fires module:Config.SecureConfig#ready
+     */
     async start(){
         await this.config.start()
 
         const isReady = await this.isInitialized()
         if(!isReady){
+            /**
+             * Setup required event. The secure config has not yet has a password
+             * or key configured. 
+             * @event module:Config.SecureConfig#setup-required
+             */
             this.emit('setup-required')
         } else {
+            /**
+             * Ready event. The secure config is ready to be unlocked and have
+             * configuration values read or written.
+             * @event module:Config.SecureConfig#ready
+             */
             this.emit('ready')
         }
     }
 
+    /**
+     * Checks if the secure config has initialized with a password or key
+     * @returns {boolean}
+     */
     async isInitialized(){
-        let salt = await this.config.read('salt')
-        let rounds = await this.config.read('rounds')
 
+        let keyType = await this.config.read(this.id+'.settings.type')
+
+        if(keyType == 'pbkdf2'){
 
-        return (salt != undefined && salt.length > 16 && rounds > 100000)
+            let salt = await this.config.read(this.id+'.settings.salt')
+            let rounds = await this.config.read(this.id+'.settings.rounds')
+
+            return (salt != undefined && salt.length > 16 && rounds > 100000)
+
+        } else if(keyType == 'key'){
+            return true
+        } else if(!keyType) {
+            return false
+        } else {
+            debug('type', keyType)
+            throw new Error('unexpected key type')
+        }
     }
 
+    /**
+     * Checks if the secure config is locked. If not locked the secure config
+     * can be used without blocking waiting for user to unlock.
+     * @returns {boolean}
+     */
     isLocked(){
         return this.content == null || this.identity == null
     }
 
-    async setPassword(password, defaults={}){
+    /**
+     * Initialize the secure config with a password
+     * @fires module:Config.SecureConfig#intialized
+     * @fires module:Config.SecureConfig#ready
+     * @param {string} password 
+     * @param {object} defaults 
+     * @param {('pbkdf2')} type
+     * @async
+     */
+    async setPassword(password, defaults={}, type='pbkdf2'){
         debug('setPassword')
         if(await this.isInitialized()){ throw new Error('already initialized') }
 
-        const salt = await dataparty_crypto.Routines.generateSalt()
-        const rounds = PASSWORD_HASHING_ROUNDS
+        let key = null
+        let settings = null
 
+        if(type == 'pbkdf2'){
+            const salt = await dataparty_crypto.Routines.generateSalt()
+            const rounds = PASSWORD_HASHING_ROUNDS
 
-        await this.config.write('salt', salt.toString('hex'))
-        await this.config.write('rounds', rounds)
+            settings = {
+                type: type,
+                salt: salt.toString('hex'),
+                rounds
+            }
+    
+            key = await dataparty_crypto.Routines.createKeyFromPassword(password, salt, rounds)
 
-        let key = await dataparty_crypto.Routines.createKeyFromPassword(password, salt, rounds)
+        } else {
+            throw new Error('unsupported KDF['+type+']')
+        }
 
-        await this.setIdentity(key)
+        await this.initialize(key, defaults, settings)
     }
 
-    async setIdentity(key){
+    /**
+     * Initialize the secure config with a key
+     * @fires module:Config.SecureConfig#intialized
+     * @fires module:Config.SecureConfig#ready
+     * @param {dataparty_crypto/IKey} key
+     * @param {object}  defaults 
+     * @async
+     */
+    async setIdentity(key, defaults){
         debug('setIdentity')
         if(await this.isInitialized()){ throw new Error('already initialized') }
 
+        const settings = {
+            key_type: 'key'
+        }
+
+        await this.initialize(key, defaults, settings)
+    }
+
+
+    async initialize(key, defaults, settings){
+        debug('initialize - type:', settings.key_type)
+        if(await this.isInitialized()){ throw new Error('already initialized') }
+
         const pwIdentity = new dataparty_crypto.Identity({
             key,
             id: this.id,
         })
 
-        const initialContent = new dataparty_crypto.Message({ msg: defaults })
+        const insecureContent = {
+            ...settings
+        }
+
+        const secureContent = {
+            created: Date.now(),
+            ...defaults
+        }
+
+        const initialContent = new dataparty_crypto.Message({ msg: secureContent })
 
         await initialContent.encrypt(pwIdentity, pwIdentity.toMini())
 
-        await this.config.write('content', initialContent.toJSON())
+        await this.config.write(this.id+'.settings', insecureContent)
+        await this.config.write(this.id+'.content', initialContent.toJSON())
 
         debug('\t', 'identity', pwIdentity)
 
-        debug('\t', 'content', initialContent.toJSON())
+        debug('\t', 'insecure content', insecureContent)
+
+        debug('\t', 'secure content', secureContent)
+
+        debug('\t', 'encrypted content', initialContent.toJSON())
 
         await this.config.save()
 
 
         const contentMsg = new dataparty_crypto.Message( initialContent )
         //! Verify message
         await contentMsg.decrypt(pwIdentity)
+        /**
+         * The secure config has been successfully initialized with a passowrd
+         * or key.
+         * @event module:Config.SecureConfig#intialized
+         */
+        this.emit('initialized')
         this.emit('ready')
     }
 
+
     async waitForUnlocked(reason){
 
         if(!this.isLocked()){
@@ -105,6 +212,12 @@ class SecureConfig extends IConfig {
         debug('waitForUnlocked', reason)
 
         if(!this.blocked){
+            /**
+             * An read/write operation has been blocked due to the secure config
+             * being locked. 
+             * @event module:Config.SecureConfig#blocked
+             * @type
+             */
             this.emit('blocked', reason)
         }
 
@@ -124,15 +237,21 @@ class SecureConfig extends IConfig {
         await waiting
     }
 
+    /**
+     * Unlocks the secure config
+     * @fires module:Config.SecureConfig#unlocked
+     * @param {string} password
+     * @returns {Promise}
+     */
     async unlock(password){
 
         if(this.timer != null){
             clearTimeout(this.timer)
             this.timer = null
         }
 
-        let salt = Buffer.from(await this.config.read('salt'),'hex')
-        let rounds = await this.config.read('rounds')
+        let salt = Buffer.from(await this.config.read(this.id+'.settings.salt'),'hex')
+        let rounds = await this.config.read(this.id+'.settings.rounds')
 
         let key = await dataparty_crypto.Routines.createKeyFromPassword(password, salt, rounds)
 
@@ -142,7 +261,7 @@ class SecureConfig extends IConfig {
         })
 
 
-        this.content = await this.config.read('content')
+        this.content = await this.config.read(this.id+'.content')
 
         const contentMsg = new dataparty_crypto.Message( this.content )
 
@@ -155,9 +274,18 @@ class SecureConfig extends IConfig {
             this.timer = setTimeout(this.onTimeout.bind(this), this.timeoutMs)
         }
 
+        /**
+         * The secure config has been unlocked
+         * @event module:Config.SecureConfig#unlocked
+         */
         this.emit('unlocked')
     }
 
+    /**
+     * Locks the secure config
+     * @fires module:Config.SecureConfig#locked
+     * @param {string} password 
+     */
     lock(){
         if(this.timer != null){
             clearTimeout(this.timer)
@@ -170,6 +298,10 @@ class SecureConfig extends IConfig {
         this.content = null
         this.identity = null
 
+        /**
+         * The secure config has been locked
+         * @event module:Config.SecureConfig#locked
+         */
         this.emit('locked')
     }
 
@@ -269,7 +401,7 @@ class SecureConfig extends IConfig {
 
         this.updateTimeout()
 
-        await this.config.write('content',{
+        await this.config.write(this.id+'.content',{
             enc: this.content.enc,
             sig: this.content.sig
         })