Fallback to old crypto

Author: jin

meetup/meetup.ts

@@ -79,6 +79,29 @@ namespace $ {
 
 		}
 
+		@ $mol_mem_key
+		peer_secret_old( peer: $mol_int62_string ) {
+			
+			const priv = $piterjs_domain.secure_private()
+			const land = this.joined_node()?.land
+			if( !land ) return null
+
+			if( priv ) {
+
+				const auth = this.land.peer()
+				const pub = peer === auth.id ? auth.key_public_serial : land.unit( peer, peer )?.data as string | undefined
+				return pub ? $mol_wire_sync( $piterjs_secret ).derive( priv, pub ) : null
+
+			} else {
+
+				const priv = land.peer().key_private_serial
+				const pub = $piterjs_domain.secure_public()
+				return $mol_wire_sync( $mol_crypto_secret ).derive( priv, pub )
+
+			}
+
+		}
+
 		@ $mol_mem
 		joined_node() {
 			return this.yoke( 'joined', $hyoo_crowd_dict, [ '' ], [], [ '0_0' ] )
@@ -107,8 +130,13 @@ namespace $ {
 			try {
 				return $mol_charset_decode( secret.decrypt( closed as Uint8Array, salt ) )
 			} catch( error ) {
-				$mol_fail_log( error )
-				return ''
+				try {
+					const secret = $mol_wire_sync( this.peer_secret_old( id )! )
+					return $mol_charset_decode( secret.decrypt( closed as Uint8Array, $mol_charset_encode( this.id() ) ) )
+				} catch( error ) {
+					$mol_fail_log( error )
+					return ''
+				}
 			}
 
 		}

secret/secret.ts

@@ -0,0 +1,129 @@
+namespace $ {
+	
+	const algorithm = {
+		name: 'AES-GCM',
+		length: 128,
+		tagLength: 32,
+	}
+	
+	/** Symmetric cipher with shortest payload */
+	export class $piterjs_secret extends Object {
+		
+		/** Key size in bytes. */
+		static size = 16
+		
+		constructor(
+			readonly native: CryptoKey & { type: 'secret' }
+		) {
+			super()
+		}
+		
+		static async generate() {
+			return new this(
+				await $mol_crypto_native.subtle.generateKey(
+					algorithm,
+					true,
+					[ 'encrypt', 'decrypt' ]
+				) as CryptoKey & { type: 'secret' }
+			)
+		}
+		
+		static async from( serial: BufferSource | string ) {
+			
+			if( typeof serial === 'string' ) {
+				serial = $mol_charset_encode( serial )
+				serial = await $mol_crypto_native.subtle.digest( 'SHA-256', serial )
+			}
+			
+			return new this(
+				await $mol_crypto_native.subtle.importKey(
+					'raw',
+					serial,
+					algorithm,
+					true,
+					[ 'encrypt', 'decrypt' ],
+				) as CryptoKey & { type: 'secret' }
+			)
+			
+		}
+		
+		static async derive( private_serial: string, public_serial: string ) {
+			
+			const ecdh = { name: "ECDH", namedCurve: "P-256" }
+			const jwk = { crv: 'P-256', ext: true, kty: 'EC' }
+			
+			const private_key = await $mol_crypto_native.subtle.importKey(
+				'jwk',
+				{
+					... jwk,
+					key_ops: [ 'deriveKey' ],
+					x: private_serial.slice( 0, 43 ),
+					y: private_serial.slice( 43, 86 ),
+					d: private_serial.slice( 86, 129 ),
+				},
+				ecdh,
+				true,
+				[ 'deriveKey' ],
+			)
+		
+			const public_key = await $mol_crypto_native.subtle.importKey(
+				'jwk',
+				{
+					... jwk,
+					key_ops: [],
+					x: public_serial.slice( 0, 43 ),
+					y: public_serial.slice( 43, 86 ),
+				},
+				ecdh,
+				true,
+				[],
+			)
+			
+			const secret = await $mol_crypto_native.subtle.deriveKey(
+				{
+				  name: "ECDH",
+				  public: public_key,
+				},
+				private_key,
+				algorithm,
+				true,
+				[ "encrypt", "decrypt" ],
+			)
+		
+			return new this( secret as CryptoKey & { type: 'secret' } )
+		}
+		
+		/** 16 bytes */
+		async serial() {
+			return await $mol_crypto_native.subtle.exportKey(
+				'raw',
+				this.native,
+			)
+		}
+
+		/** 16n bytes */
+		async encrypt( open: BufferSource, salt: BufferSource ): Promise< ArrayBuffer > {
+			return await $mol_crypto_native.subtle.encrypt(
+				{
+					... algorithm,
+					iv: salt,
+				},
+				this.native,
+				open
+			)
+		}
+		
+		async decrypt( closed: BufferSource, salt : BufferSource ): Promise< ArrayBuffer > {
+			return await $mol_crypto_native.subtle.decrypt(
+				{
+					... algorithm,
+					iv: salt,
+				},
+				this.native,
+				closed
+			)
+		}
+		
+	}
+
+}