Initial open source release

Author: Ernie Turner

.gitignore

@@ -0,0 +1,11 @@
+**/node_modules
+**/.DS_Store
+.vscode
+.babelrc
+npm-debug.log
+yarn-error.log
+native/target
+native/artifacts.json
+native/index.node
+Cargo.lock
+dist/*

.travis.yml

@@ -0,0 +1,23 @@
+sudo: false
+language: rust
+rust:
+    - 1.29.0
+branches:
+    only:
+        - master
+notifications:
+    email:
+        on_success: change
+        on_failure: always
+cache:
+    yarn: true
+    cargo: true
+    directories:
+        - node_modules
+before_script:
+    - rustup component add rustfmt-preview
+script:
+    - pushd native/ && cargo fmt -- --check && popd
+    - yarn
+    - yarn run compile
+    - yarn test

LICENSE

@@ -0,0 +1,111 @@
+# Recrypt Node Binding
+
+[![Build Status](https://travis-ci.com/IronCoreLabs/recrypt-node-binding.svg?branch=master)](https://travis-ci.com/IronCoreLabs/recrypt-node-binding)
+
+Bindings to be able to use [Recrypt Rust](https://github.com/IronCoreLabs/recrypt-rs) from NodeJS code. Improves the performance of Recrypt operations by using native code.
+
+## NodeJS Support
+
+| Node 8 | Node 10 |
+| ------ | ------- |
+|    ✓   |    ✓    |
+
+## Details
+
+This library uses the [Neon Bindings](https://www.neon-bindings.com) toolchain to compile the [Recrypt Rust](https://github.com/IronCoreLabs/recrypt-rs) library into a binary NodeJS file that can be used from Node applications. The Neon Bindings provide a way to write a shim which converts data in/out of the [Recrypt Rust](https://github.com/IronCoreLabs/recrypt-rs) code. The resulting binary Node file can then be imported into a NodeJS module just like any other dependency.
+
+## Getting Started
+
+In order to build the binary Node file for Recrypt, you'll need the dependencies specified on the [Neon Bindings site](https://guides.neon-bindings.com/getting-started/). Follow their getting started directions and install Rust and the Node Build Tools. The Neon CLI is already installed as a dependecy of this project so you don't have to install that as a global dependency.
+
+Once all of those dependencies are installed, the following can be run.
+
+```
+npm run compile
+```
+or
+```
+yarn run compile
+```
+
+This will produce an `index.node` file within the `native` directory. This file can then be included within a NodeJS file by simply requiring the file, e.g.
+
+```
+const recrypt = require('index.node');
+```
+
+## Types
+
+This library contains [TypeScript definitions](index.d.ts) file which shows the available classes and methods.
+
+## Benchmarks
+
++ From this repos root, run `npm i` or `yarn`.
++ Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
++ Run `npm/yarn run benchmark`.
+
+## Unit Tests
+
++ From this repos root, run `npm i` or `yarn`.
++ Run `npm/yarn run compile` to compile the Rust source into a `native/index.node` module.
++ Run `npm/yarn run test`.
+
+## Examples
+
+The following examples show how to use this library from a NodeJS application
+
+#### Basic Encrypt/Decrypt Example
+```js
+const assert = require("assert");
+const Recrypt = require("index.node");
+
+//Create a new Recrypt API instance
+const Api256 = new Recrypt.Api256();
+
+//Generate both a user key pair and a signing key pair
+const keys = Api256.generateKeyPair();
+const signingKeys = Api256.generateEd25519KeyPair();
+
+//Generate a plaintext to encrypt
+const plaintext = Api256.generatePlaintext();
+
+//Encrypt the data to the public key and then attempt to decrypt with the private key
+const encryptedValue = Api256.encrypt(plaintext, keys.publicKey, signingKeys.publicKey, signingKeys.privateKey);
+const decryptedValue = Api256.decrypt(encryptedValue, keys.privateKey);
+
+assert.equal(decryptedValue, plaintext);
+```
+
+#### Single-hop Transform Encryption Example
+```js
+const assert = require("assert");
+const Recrypt = require("index.node");
+
+//Create a new Recrypt API instance
+const Api256 = new Recrypt.Api256();
+
+//Generate both a user key pair and a signing key pair
+const userKeys = Api256.generateKeyPair();
+const signingKeys = Api256.generateEd25519KeyPair();
+
+//Generate a plaintext to encrypt
+const plaintext = Api256.generatePlaintext();
+
+//Encrypt the data to the user public key
+const encryptedValue = Api256.encrypt(plaintext, userKeys.publicKey, signingKeys.publicKey, signingKeys.privateKey);
+
+//Generate a second public/private key pair as the target of the transform. This will allow the encrypted data to be
+//transformed to this second key pair and allow it to be decrypted.
+const deviceKeys = Api256.generateKeyPair();
+
+//Generate a transform key from the user private key to the device public key
+const userToDeviceTransformKey = Api256.generateTransformKey(userKeys.privateKey, deviceKeys.publicKey, signingKeys.publicKey, signingKeys.privateKey);
+
+//Transform the encrypted data (without decrypting it!) so that it can be decrypted with the second key pair
+const transformedEncryptedValue = Api256.transform(encryptedValue, userToDeviceTransformKey, signingKeys.publicKey, signingKeys.privateKey);
+
+//Decrypt the data using the second private key
+const decryptedValue = Api256.decrypt(transformedEncryptedValue, deviceKeys.privateKey);
+
+assert.equal(decryptedValue, plaintext);
+```

README.md

@@ -0,0 +1,64 @@
+export type PrivateKey = Buffer;
+export type PublicSigningKey = Buffer;
+export type PrivateSigningKey = Buffer;
+export interface PublicKey {
+    x: Buffer;
+    y: Buffer;
+}
+export interface KeyPair {
+    publicKey: PublicKey;
+    privateKey: PrivateKey;
+}
+export interface SigningKeyPair {
+    publicKey: PublicSigningKey;
+    privateKey: PrivateSigningKey;
+}
+export type Plaintext = Buffer;
+export interface TransformBlock {
+    publicKey: PublicKey;
+    encryptedTempKey: Buffer;
+    randomTransformPublicKey: PublicKey;
+    randomTransformEncryptedTempKey: Buffer;
+}
+export interface EncryptedValue {
+    ephemeralPublicKey: PublicKey;
+    encryptedMessage: Buffer;
+    authHash: Buffer;
+    transformBlocks: TransformBlock[];
+    publicSigningKey: PublicSigningKey;
+    signature: Buffer;
+}
+
+export interface TransformKey {
+    ephemeralPublicKey: PublicKey;
+    toPublicKey: PublicKey;
+    encryptedTempKey: Buffer;
+    hashedTempKey: Buffer;
+    publicSigningKey: PublicSigningKey;
+    signature: Buffer;
+}
+
+export function augmentPublicKey256(publicKey: PublicKey, otherPublicKey: PublicKey): PublicKey;
+export function augmentTransformKey(transformKey: TransformKey, privateKey: PrivateKey): TransformKey;
+export class Api256 {
+    constructor();
+    generateKeyPair(): KeyPair;
+    generateEd25519KeyPair(): SigningKeyPair;
+    generatePlaintext(): Plaintext;
+    generateTransformKey(
+        fromPrivateKey: PrivateKey,
+        toPublicKey: PublicKey,
+        publicSigningKey: PublicSigningKey,
+        privateSigningKey: PrivateSigningKey
+    ): TransformKey;
+    computePublicKey(privateKey: PrivateKey): PublicKey;
+    deriveSymmetricKey(plaintext: Plaintext): Buffer;
+    encrypt(plaintext: Plaintext, toPublicKey: PublicKey, publicSigningKey: PublicSigningKey, privateSigningKey: PrivateSigningKey): EncryptedValue;
+    transform(
+        encryptedValue: EncryptedValue,
+        transformKey: TransformKey,
+        publicSigningKey: PublicSigningKey,
+        privateSigningKey: PrivateSigningKey
+    ): EncryptedValue;
+    decrypt(encryptedValue: EncryptedValue, privateKey: PrivateKey): Plaintext;
+}

index.d.ts

@@ -0,0 +1,23 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+let keypair;
+
+function onCycle() {
+    keypair = api.generateKeyPair();
+}
+onCycle();
+module.exports = new Benchmark("computePublicKey", {
+    fn: () => {
+        api.computePublicKey(keypair.privateKey);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/computePublicKey.js

@@ -0,0 +1,35 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+//Randomly generated legit ED25519 keypair
+//prettier-ignore
+const publicSigningKey = Buffer.from([138, 136, 227, 221, 116, 9, 241, 149, 253, 82, 219, 45, 60, 186, 93, 114, 202, 103, 9, 191, 29, 148, 18, 27, 243, 116, 136, 1, 180, 15, 111, 92]);
+//prettier-ignore
+const privateSigningKey = Buffer.from([88, 232, 110, 251, 117, 250, 78, 44, 65, 15, 70, 225, 109, 233, 246, 172, 174, 26, 23, 3, 82, 134, 81, 182, 155, 193, 118, 192, 136, 190, 243, 110, 177, 122, 42, 44, 243, 212, 164, 26, 142, 78, 24, 204, 69, 200, 101, 109, 85, 142, 206, 221, 176, 173, 180, 107, 250, 8, 138, 95, 83, 190, 210, 82]);
+
+const api = new recrypt.Api256();
+
+let devicePrivateKey, lvl1EncryptedValue;
+
+function onCycle() {
+    const plaintext = api.generatePlaintext();
+    const userKeys = api.generateKeyPair();
+    const deviceKeys = api.generateKeyPair();
+    devicePrivateKey = deviceKeys.privateKey;
+    const transformKey = api.generateTransformKey(userKeys.privateKey, deviceKeys.publicKey, publicSigningKey, privateSigningKey);
+
+    const lvl0EncryptedValue = api.encrypt(plaintext, userKeys.publicKey, publicSigningKey, privateSigningKey);
+    lvl1EncryptedValue = api.transform(lvl0EncryptedValue, transformKey, publicSigningKey, privateSigningKey);
+}
+onCycle();
+module.exports = new Benchmark("decryptLevel1", {
+    fn: () => {
+        api.decrypt(lvl1EncryptedValue, devicePrivateKey);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/decryptLevelOne.js

@@ -0,0 +1,39 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+//Randomly generated legit ED25519 keypair
+//prettier-ignore
+const publicSigningKey = Buffer.from([138, 136, 227, 221, 116, 9, 241, 149, 253, 82, 219, 45, 60, 186, 93, 114, 202, 103, 9, 191, 29, 148, 18, 27, 243, 116, 136, 1, 180, 15, 111, 92]);
+//prettier-ignore
+const privateSigningKey = Buffer.from([88, 232, 110, 251, 117, 250, 78, 44, 65, 15, 70, 225, 109, 233, 246, 172, 174, 26, 23, 3, 82, 134, 81, 182, 155, 193, 118, 192, 136, 190, 243, 110, 177, 122, 42, 44, 243, 212, 164, 26, 142, 78, 24, 204, 69, 200, 101, 109, 85, 142, 206, 221, 176, 173, 180, 107, 250, 8, 138, 95, 83, 190, 210, 82]);
+
+const api = new recrypt.Api256();
+
+let devicePrivateKey, lvl2EncryptedValue;
+
+function onCycle() {
+    const plaintext = api.generatePlaintext();
+    const groupKeys = api.generateKeyPair();
+    const userKeys = api.generateKeyPair();
+    const deviceKeys = api.generateKeyPair();
+    devicePrivateKey = deviceKeys.privateKey;
+
+    const groupToUserTransform = api.generateTransformKey(groupKeys.privateKey, userKeys.publicKey, publicSigningKey, privateSigningKey);
+    const userToDeviceTransform = api.generateTransformKey(userKeys.privateKey, deviceKeys.publicKey, publicSigningKey, privateSigningKey);
+
+    const lvl0EncryptedValue = api.encrypt(plaintext, groupKeys.publicKey, publicSigningKey, privateSigningKey);
+    const lvl1EncryptedValue = api.transform(lvl0EncryptedValue, groupToUserTransform, publicSigningKey, privateSigningKey);
+    lvl2EncryptedValue = api.transform(lvl1EncryptedValue, userToDeviceTransform, publicSigningKey, privateSigningKey);
+}
+onCycle();
+module.exports = new Benchmark("decryptLevel2", {
+    fn: () => {
+        api.decrypt(lvl2EncryptedValue, devicePrivateKey);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/decryptLevelTwo.js

@@ -0,0 +1,31 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+//Randomly generated legit ED25519 keypair
+//prettier-ignore
+const publicSigningKey = Buffer.from([138, 136, 227, 221, 116, 9, 241, 149, 253, 82, 219, 45, 60, 186, 93, 114, 202, 103, 9, 191, 29, 148, 18, 27, 243, 116, 136, 1, 180, 15, 111, 92]);
+//prettier-ignore
+const privateSigningKey = Buffer.from([88, 232, 110, 251, 117, 250, 78, 44, 65, 15, 70, 225, 109, 233, 246, 172, 174, 26, 23, 3, 82, 134, 81, 182, 155, 193, 118, 192, 136, 190, 243, 110, 177, 122, 42, 44, 243, 212, 164, 26, 142, 78, 24, 204, 69, 200, 101, 109, 85, 142, 206, 221, 176, 173, 180, 107, 250, 8, 138, 95, 83, 190, 210, 82]);
+
+const api = new recrypt.Api256();
+
+let privateKey, lvl0EncryptedValue;
+
+function onCycle() {
+    const plaintext = api.generatePlaintext();
+    const keys = api.generateKeyPair();
+    privateKey = keys.privateKey;
+    lvl0EncryptedValue = api.encrypt(plaintext, keys.publicKey, publicSigningKey, privateSigningKey);
+}
+onCycle();
+module.exports = new Benchmark("decryptLevel0", {
+    fn: () => {
+        api.decrypt(lvl0EncryptedValue, privateKey);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/decryptLevelZero.js

@@ -0,0 +1,23 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+let plaintext;
+
+function onCycle() {
+    plaintext = api.generatePlaintext();
+}
+onCycle();
+module.exports = new Benchmark("deriveSymmetricKey", {
+    fn: () => {
+        api.deriveSymmetricKey(plaintext);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/deriveSymmetricKey.js

@@ -0,0 +1,25 @@
+const crypto = require("crypto");
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+let plaintext, toPublicKey;
+
+function onCycle() {
+    plaintext = api.generatePlaintext();
+    toPublicKey = api.generateKeyPair().publicKey;
+}
+onCycle();
+module.exports = new Benchmark("encrypt", {
+    fn: () => {
+        api.encrypt(plaintext, toPublicKey, crypto.randomBytes(32), crypto.randomBytes(64));
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/encrypt.js

@@ -0,0 +1,16 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+module.exports = new Benchmark("generateEd25519KeyPair", {
+    fn: () => {
+        api.generateEd25519KeyPair();
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/generateEd25519KeyPair.js

@@ -0,0 +1,16 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+module.exports = new Benchmark("generateKeyPair", {
+    fn: () => {
+        api.generateKeyPair();
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/generateKeyPair.js

@@ -0,0 +1,16 @@
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+module.exports = new Benchmark("generatePlaintext", {
+    fn: () => {
+        api.generatePlaintext();
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/generatePlaintext.js

@@ -0,0 +1,23 @@
+const crypto = require("crypto");
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+
+const api = new recrypt.Api256();
+
+let fromPrivateKey = api.generateKeyPair().privateKey;
+let toPublicKey = api.generateKeyPair().publicKey;
+module.exports = new Benchmark("generateTransformKey", {
+    fn: () => {
+        api.generateTransformKey(fromPrivateKey, toPublicKey, crypto.randomBytes(32), crypto.randomBytes(64));
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle: () => {
+        fromPrivateKey = api.generateKeyPair().privateKey;
+        toPublicKey = api.generateKeyPair().publicKey;
+    },
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/generateTransformKey.js

@@ -0,0 +1,58 @@
+const generateKeyPair = require("./generateKeyPair");
+const generateEd25519KeyPair = require("./generateEd25519KeyPair");
+const generatePlaintext = require("./generatePlaintext");
+const generateTransformKey = require("./generateTransformKey");
+const computePublicKey = require("./computePublicKey");
+const deriveSymmetricKey = require("./deriveSymmetricKey");
+const encrypt = require("./encrypt");
+const transformLevelOne = require("./transformLevelOne");
+const transformLevelTwo = require("./transformLevelTwo");
+const decryptLevelZero = require("./decryptLevelZero");
+const decryptLevelOne = require("./decryptLevelOne");
+const decryptLevelTwo = require("./decryptLevelTwo");
+
+generateKeyPair.on("complete", () => {
+    generateEd25519KeyPair.run({async: true});
+});
+
+generateEd25519KeyPair.on("complete", () => {
+    generatePlaintext.run({async: true});
+});
+
+generatePlaintext.on("complete", () => {
+    generateTransformKey.run({async: true});
+});
+
+generateTransformKey.on("complete", () => {
+    computePublicKey.run({async: true});
+});
+
+computePublicKey.on("complete", () => {
+    deriveSymmetricKey.run({async: true});
+});
+
+deriveSymmetricKey.on("complete", () => {
+    encrypt.run({async: true});
+});
+
+encrypt.on("complete", () => {
+    transformLevelOne.run({async: true});
+});
+
+transformLevelOne.on("complete", () => {
+    transformLevelTwo.run({async: true});
+});
+
+transformLevelTwo.on("complete", () => {
+    decryptLevelZero.run({async: true});
+});
+
+decryptLevelZero.on("complete", () => {
+    decryptLevelOne.run({async: true});
+});
+
+decryptLevelOne.on("complete", () => {
+    decryptLevelTwo.run({async: true});
+});
+
+generateKeyPair.run({async: true});

lib/benchmark/index.js

@@ -0,0 +1,32 @@
+const crypto = require("crypto");
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+//Randomly generated legit ED25519 keypair
+//prettier-ignore
+const publicSigningKey = Buffer.from([138, 136, 227, 221, 116, 9, 241, 149, 253, 82, 219, 45, 60, 186, 93, 114, 202, 103, 9, 191, 29, 148, 18, 27, 243, 116, 136, 1, 180, 15, 111, 92]);
+//prettier-ignore
+const privateSigningKey = Buffer.from([88, 232, 110, 251, 117, 250, 78, 44, 65, 15, 70, 225, 109, 233, 246, 172, 174, 26, 23, 3, 82, 134, 81, 182, 155, 193, 118, 192, 136, 190, 243, 110, 177, 122, 42, 44, 243, 212, 164, 26, 142, 78, 24, 204, 69, 200, 101, 109, 85, 142, 206, 221, 176, 173, 180, 107, 250, 8, 138, 95, 83, 190, 210, 82]);
+
+const api = new recrypt.Api256();
+
+let lvl0EncryptedValue, userToDeviceTransform;
+
+function onCycle() {
+    const userKeys = api.generateKeyPair();
+    const deviceKeys = api.generateKeyPair();
+    lvl0EncryptedValue = api.encrypt(api.generatePlaintext(), userKeys.publicKey, publicSigningKey, privateSigningKey);
+    userToDeviceTransform = api.generateTransformKey(userKeys.privateKey, deviceKeys.publicKey, publicSigningKey, privateSigningKey);
+}
+onCycle();
+module.exports = new Benchmark("transformLevelOne", {
+    fn: () => {
+        api.transform(lvl0EncryptedValue, userToDeviceTransform, Buffer.alloc(32), Buffer.alloc(64));
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/transformLevelOne.js

@@ -0,0 +1,35 @@
+const crypto = require("crypto");
+const Benchmark = require("benchmark");
+const recrypt = require("../../native/index.node");
+//Randomly generated legit ED25519 keypair
+//prettier-ignore
+const publicSigningKey = Buffer.from([138, 136, 227, 221, 116, 9, 241, 149, 253, 82, 219, 45, 60, 186, 93, 114, 202, 103, 9, 191, 29, 148, 18, 27, 243, 116, 136, 1, 180, 15, 111, 92]);
+//prettier-ignore
+const privateSigningKey = Buffer.from([88, 232, 110, 251, 117, 250, 78, 44, 65, 15, 70, 225, 109, 233, 246, 172, 174, 26, 23, 3, 82, 134, 81, 182, 155, 193, 118, 192, 136, 190, 243, 110, 177, 122, 42, 44, 243, 212, 164, 26, 142, 78, 24, 204, 69, 200, 101, 109, 85, 142, 206, 221, 176, 173, 180, 107, 250, 8, 138, 95, 83, 190, 210, 82]);
+
+const api = new recrypt.Api256();
+
+let groupToUserTransform, userToDeviceTransform, lvl0EncryptedValue;
+
+function onCycle() {
+    const groupKeys = api.generateKeyPair();
+    const userKeys = api.generateKeyPair();
+    const deviceKeys = api.generateKeyPair();
+    lvl0EncryptedValue = api.encrypt(api.generatePlaintext(), userKeys.publicKey, publicSigningKey, privateSigningKey);
+    groupToUserTransform = api.generateTransformKey(groupKeys.privateKey, userKeys.publicKey, publicSigningKey, privateSigningKey);
+    userToDeviceTransform = api.generateTransformKey(userKeys.privateKey, deviceKeys.publicKey, publicSigningKey, privateSigningKey);
+}
+onCycle();
+module.exports = new Benchmark("transformLevelTwo", {
+    fn: () => {
+        const lvl1EncryptedValue = api.transform(lvl0EncryptedValue, groupToUserTransform, publicSigningKey, privateSigningKey);
+        api.transform(lvl1EncryptedValue, userToDeviceTransform, publicSigningKey, privateSigningKey);
+    },
+    onError: (err) => {
+        console.log(err);
+    },
+    onCycle,
+    onComplete: (result) => {
+        console.log(result.currentTarget.toString());
+    },
+});

lib/benchmark/transformLevelTwo.js

@@ -0,0 +1,16 @@
+[package]
+name = "recrypt-node-binding"
+version = "0.1.0"
+authors = ["IronCore Labs <code@ironcorelabs.com>"]
+
+[lib]
+name = "recrypt_node"
+crate-type = ["dylib"]
+
+[dependencies]
+rand = "0.5.5"
+recrypt = "0.1.0"
+neon = "0.2.0"
+
+[build-dependencies]
+neon-build = "0.2.0"

lib/test/recrypt-node.test.js

@@ -0,0 +1,217 @@
+use neon::prelude::*;
+use neon::types::JsBuffer;
+use rand;
+use recrypt::api::{
+    Api, CryptoOps, Ed25519, Ed25519Ops, KeyGenOps, PrivateSigningKey, PublicSigningKey,
+    RandomBytes, Sha256,
+};
+use util;
+
+pub struct RecryptApi256 {
+    api: Api<Sha256, Ed25519, RandomBytes<rand::ThreadRng>>,
+}
+
+declare_types! {
+    pub class Api256 for RecryptApi256 {
+        init(_cx) {
+            Ok(RecryptApi256 {api: Api::new()})
+        }
+
+        method generateKeyPair(mut cx) {
+            let (priv_key, pub_key) = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.generate_key_pair().unwrap()
+            };
+
+            let key_pair: Handle<JsObject> = cx.empty_object();
+
+            let priv_key_buffer = util::bytes_to_buffer(&mut cx, priv_key.bytes())?;
+            let public_key_obj = util::public_key_to_js_object(&mut cx, &pub_key)?;
+
+            key_pair.set(&mut cx, "privateKey", priv_key_buffer)?;
+            key_pair.set(&mut cx, "publicKey", public_key_obj)?;
+
+            Ok(key_pair.upcast())
+        }
+
+        method generateEd25519KeyPair(mut cx) {
+            let (priv_key, pub_key) = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.generate_ed25519_key_pair()
+            };
+
+            let signing_key_pair: Handle<JsObject> = cx.empty_object();
+            let priv_key_buffer = util::bytes_to_buffer(&mut cx, priv_key.bytes())?;
+            let pub_key_buffer = util::bytes_to_buffer(&mut cx, pub_key.bytes())?;
+
+            signing_key_pair.set(&mut cx, "privateKey", priv_key_buffer)?;
+            signing_key_pair.set(&mut cx, "publicKey", pub_key_buffer)?;
+
+            Ok(signing_key_pair.upcast())
+        }
+
+        method generatePlaintext(mut cx) {
+            let plaintext = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.gen_plaintext()
+            };
+
+            let plaintext_buffer = util::bytes_to_buffer(&mut cx, plaintext.bytes())?;
+            Ok(plaintext_buffer.upcast())
+        }
+
+        method generateTransformKey(mut cx) {
+            let from_private_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
+            let to_public_key_obj: Handle<JsObject> = cx.argument::<JsObject>(1)?;
+            let public_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(2)?;
+            let private_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(3)?;
+
+            let to_public_key = util::js_object_to_public_key(&mut cx, to_public_key_obj);
+            let public_signing_key = PublicSigningKey::new(util::buffer_to_fixed_32_bytes(&mut cx, public_signing_key_buffer, "publicSigningKey"));
+            let private_signing_key = PrivateSigningKey::new(util::buffer_to_fixed_64_bytes(&mut cx, private_signing_key_buffer, "privateSigningKey"));
+
+            let transform_key = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.generate_transform_key(
+                    util::buffer_to_private_key(&cx, from_private_key_buffer),
+                    to_public_key,
+                    public_signing_key,
+                    private_signing_key
+                ).unwrap()
+            };
+
+            Ok(util::transform_key_to_js_object(&mut cx, transform_key)?.upcast())
+        }
+
+        method computePublicKey(mut cx){
+            let private_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
+            let derived_public_key = {
+                let this = cx.this();
+                let guard = cx.lock();
+                let recrypt_api_256 = &this.borrow(&guard).api;
+                recrypt_api_256.compute_public_key(&util::buffer_to_private_key(&cx, private_key_buffer)).unwrap()
+            };
+
+            Ok(util::public_key_to_js_object(&mut cx, &derived_public_key)?.upcast())
+        }
+
+        method deriveSymmetricKey(mut cx){
+            let plaintext_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
+
+            let decrypted_symmetric_key = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.derive_symmetric_key(&util::buffer_to_plaintext(&cx, plaintext_buffer))
+            };
+
+            Ok(util::bytes_to_buffer(&mut cx, decrypted_symmetric_key.bytes())?.upcast())
+        }
+
+        method encrypt(mut cx) {
+            let plaintext_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(0)?;
+            let to_public_key_obj: Handle<JsObject> = cx.argument::<JsObject>(1)?;
+            let public_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(2)?;
+            let private_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(3)?;
+
+            let public_key = util::js_object_to_public_key(&mut cx, to_public_key_obj);
+            let public_signing_key = PublicSigningKey::new(util::buffer_to_fixed_32_bytes(&mut cx, public_signing_key_buffer, "publicSigningKey"));
+            let private_signing_key = PrivateSigningKey::new(util::buffer_to_fixed_64_bytes(&mut cx, private_signing_key_buffer, "privateSigningKey"));
+
+            let encrypted_value = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.encrypt(
+                    util::buffer_to_plaintext(&cx, plaintext_buffer),
+                    public_key,
+                    public_signing_key,
+                    private_signing_key
+                ).unwrap()
+            };
+
+            Ok(util::encrypted_value_to_js_object(&mut cx, encrypted_value)?.upcast())
+        }
+
+        method transform(mut cx) {
+            let encrypted_value_obj: Handle<JsObject> = cx.argument::<JsObject>(0)?;
+            let transform_key_obj: Handle<JsObject> = cx.argument::<JsObject>(1)?;
+            let public_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(2)?;
+            let private_signing_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(3)?;
+
+            let encrypted_value = util::js_object_to_encrypted_value(&mut cx, encrypted_value_obj);
+            let transform_key = util::js_object_to_transform_key(&mut cx, transform_key_obj);
+            let public_signing_key = PublicSigningKey::new(util::buffer_to_fixed_32_bytes(&mut cx, public_signing_key_buffer, "publicSigningKey"));
+            let private_signing_key = PrivateSigningKey::new(util::buffer_to_fixed_64_bytes(&mut cx, private_signing_key_buffer, "privateSigningKey"));
+
+            let transformed_encrypted_value = {
+                let mut this = cx.this();
+                let guard = cx.lock();
+                let mut recrypt_api_256 = this.borrow_mut(&guard);
+                recrypt_api_256.api.transform(encrypted_value, transform_key, public_signing_key, private_signing_key).unwrap()
+            };
+
+            Ok(util::encrypted_value_to_js_object(&mut cx, transformed_encrypted_value)?.upcast())
+        }
+
+        method decrypt(mut cx) {
+            let encrypted_value_obj: Handle<JsObject> = cx.argument::<JsObject>(0)?;
+            let private_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(1)?;
+
+            let encrypted_value = util::js_object_to_encrypted_value(&mut cx, encrypted_value_obj);
+
+            let decrypted_value = {
+                let this = cx.this();
+                let guard = cx.lock();
+                let recrypt_api_256 = &this.borrow(&guard).api;
+                recrypt_api_256.decrypt(
+                    encrypted_value,
+                    util::buffer_to_private_key(&cx, private_key_buffer)
+                ).unwrap()
+            };
+
+            Ok(util::bytes_to_buffer(&mut cx, decrypted_value.bytes())?.upcast())
+        }
+    }
+}
+
+///
+/// Augment the provided transform key with the provided private key. Returns an augmented TransformKey object.
+///
+pub fn augment_transform_key_256(mut cx: FunctionContext) -> JsResult<JsObject> {
+    let transform_key_obj: Handle<JsObject> = cx.argument::<JsObject>(0)?;
+    let private_key_buffer: Handle<JsBuffer> = cx.argument::<JsBuffer>(1)?;
+    let transform_key = util::js_object_to_transform_key(&mut cx, transform_key_obj);
+
+    let augmented_transform_key = transform_key
+        .augment(&util::buffer_to_private_key(&cx, private_key_buffer))
+        .unwrap();
+
+    Ok(util::transform_key_to_js_object(&mut cx, augmented_transform_key)?.upcast())
+}
+
+///
+/// Augment the provided public key with the other provided public key. Returns a new augmented PublicKey object.
+///
+pub fn augment_public_key_256(mut cx: FunctionContext) -> JsResult<JsObject> {
+    let current_public_key_obj: Handle<JsObject> = cx.argument::<JsObject>(0)?;
+    let other_public_key_obj: Handle<JsObject> = cx.argument::<JsObject>(1)?;
+
+    let current_public_key = util::js_object_to_public_key(&mut cx, current_public_key_obj);
+
+    let augmented_public_key = current_public_key
+        .augment(&util::js_object_to_public_key(
+            &mut cx,
+            other_public_key_obj,
+        )).unwrap();
+
+    Ok(util::public_key_to_js_object(&mut cx, &augmented_public_key)?.upcast())
+}

native/Cargo.toml

@@ -0,0 +1,13 @@
+#[macro_use]
+extern crate neon;
+extern crate rand;
+extern crate recrypt;
+
+mod api256;
+mod util;
+
+register_module!(mut cx, {
+    cx.export_function("augmentTransformKey256", api256::augment_transform_key_256)?;
+    cx.export_function("augmentPublicKey256", api256::augment_public_key_256)?;
+    cx.export_class::<api256::Api256>("Api256")
+});

native/src/api256.rs

@@ -0,0 +1,37 @@
+{
+    "name": "@ironcorelabs/recrypt-node-binding",
+    "version": "0.1.0",
+    "description": "Bindings to allow the recrypt-rust library to work via NodeJS.",
+    "repository": "https://github.com/IronCoreLabs/recrypt-node-bindings",
+    "homepage": "https://ironcorelabs.com",
+    "author": "IronCore Labs",
+    "license": "AGPL-3.0-only",
+    "main": "index.node",
+    "types": "index.d.ts",
+    "scripts": {
+        "compile": "neon build -r",
+        "clean": "neon clean",
+        "benchmark": "node lib/benchmark/index.js",
+        "test": "jest"
+    },
+    "devDependencies": {
+        "@types/node": "^10.11.0",
+        "benchmark": "^2.1.4",
+        "jest": "^23.6.0",
+        "jest-extended": "^0.10.0",
+        "neon-cli": "^0.2.0",
+        "shelljs": "^0.8.2"
+    },
+    "prettier": {
+        "printWidth": 160,
+        "tabWidth": 4,
+        "trailingComma": "es5",
+        "bracketSpacing": false,
+        "jsxBracketSameLine": true,
+        "arrowParens": "always"
+    },
+    "jest": {
+        "testEnvironment": "node",
+        "setupTestFrameworkScriptFile": "jest-extended"
+    }
+}

native/src/lib.rs

@@ -0,0 +1,48 @@
+#!/usr/bin/env node
+
+/**
+ * recrypt-node-binding NPM publish script
+ * ==================================
+ *
+ * This script is responsible for compiling and building the NPM release bundle for this repo. The following steps are taken:
+ *
+ * + Clean up any existing Rust builds by running `cargo clean`.
+ * + Run `cargo update` to make sure all dependencies are available.
+ * + Compile rust code into index.node file.
+ * + Run unit tests to ensure the library is in good shape for publishing.
+ * + Move all expected content into a `dist` directory.
+ * + Do a dry run of npm publishing via irish-pub or perform an actual publish step if `--publish` option is provided.
+ */
+
+const fs = require("fs");
+const path = require("path");
+const shell = require("shelljs");
+
+//Fail this script if any of these commands fail
+shell.set("-e");
+
+//Ensure that our directory is set to the root of the repo
+const rootDirectory = path.dirname(process.argv[1]);
+const shouldPublish = process.argv.slice(2).indexOf("--publish") !== -1;
+
+//Cleanup the previous build, if it exists
+shell.rm("-rf", "./dist");
+
+//Cleanup any previous Rust builds, update deps, and compile
+shell.exec("yarn");
+shell.exec("yarn run clean");
+shell.pushd("./native");
+shell.exec("cargo update");
+shell.popd();
+shell.exec("yarn run compile");
+
+shell.exec("yarn test");
+shell.mkdir("./dist");
+
+shell.cp(["README.md", "package.json", "index.d.ts", "./native/index.node", "LICENSE"], "./dist");
+
+shell.pushd("./dist");
+
+shell.exec(shouldPublish ? "npm publish --access private" : "irish-pub");
+
+shell.popd();