From 62e7e74bd278473cc4358700b7f2b5c0a78ac681 Mon Sep 17 00:00:00 2001
From: cel <cel@f/6sQ6d2CMxRUhLpspgGIulDxDCwYD7DzFzPNr7u5AU=.ed25519>
Date: Thu, 25 May 2017 16:06:28 -1000
Subject: Encrypt blobs in private messages

---
 lib/app.js | 56 +++++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 49 insertions(+), 7 deletions(-)

(limited to 'lib/app.js')

diff --git a/lib/app.js b/lib/app.js
index 4219151..3a41086 100644
--- a/lib/app.js
+++ b/lib/app.js
@@ -11,6 +11,10 @@ var Contacts = require('ssb-contact')
 var About = require('./about')
 var Serve = require('./serve')
 var Render = require('./render')
+var BoxStream = require('pull-box-stream')
+var crypto = require('crypto')
+
+var zeros = new Buffer(24); zeros.fill(0)
 
 module.exports = App
 
@@ -168,16 +172,54 @@ App.prototype.publish = function (content, cb) {
   tryPublish(2)
 }
 
-App.prototype.addBlob = function (cb) {
+App.prototype.addBlobRaw = function (cb) {
   var done = multicb({pluck: 1, spread: true})
-  var hashCb = done()
-  var addCb = done()
-  done(function (err, hash, add) {
-    cb(err, hash)
+  var sink = pull(
+    hasher(done()),
+    u.pullLength(done()),
+    this.sbot.blobs.add(done())
+  )
+  done(function (err, hash, size, _) {
+    if (err) return cb(err)
+    cb(null, {link: hash, size: size})
   })
+  return sink
+}
+
+App.prototype.addBlob = function (isPrivate, cb) {
+  if (!isPrivate) return this.addBlobRaw(cb)
+  else return this.addBlobPrivate(cb)
+}
+
+App.prototype.addBlobPrivate = function (cb) {
+  var bufs = []
+  var self = this
+  // use the hash of the cleartext as the key to encrypt the blob
+  var hash = crypto.createHash('sha256')
+  return pull.drain(function (buf) {
+    bufs.push(buf)
+    hash.update(buf)
+  }, function (err) {
+    if (err) return cb(err)
+    var secret = hash.digest()
+    pull(
+      pull.values(bufs),
+      BoxStream.createBoxStream(secret, zeros),
+      self.addBlobRaw(function (err, link) {
+        if (err) return cb(err)
+        link.key = secret.toString('base64')
+        cb(null, link)
+      })
+    )
+  })
+}
+
+App.prototype.getBlob = function (id, key) {
+  if (!key) return this.sbot.blobs.get(id)
+  if (typeof key === 'string') key = new Buffer(key, 'base64')
   return pull(
-    hasher(hashCb),
-    this.sbot.blobs.add(addCb)
+    this.sbot.blobs.get(id),
+    BoxStream.createUnboxStream(key, zeros)
   )
 }
 
-- 
cgit v1.2.3