diff options
author | Florian Dold <florian@dold.me> | 2022-03-23 21:24:23 +0100 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2022-03-23 21:24:36 +0100 |
commit | d881f4fd258a27cc765a25c24e5fef9f86b6226f (patch) | |
tree | 3254444f93ef552f4ac65f14e581ed761b9df79e /packages/taler-wallet-core/src/operations | |
parent | e21c1b31928cd6bfe90150ea2de19799b6359c40 (diff) | |
download | wallet-core-d881f4fd258a27cc765a25c24e5fef9f86b6226f.tar.xz |
wallet: simplify crypto workers
Diffstat (limited to 'packages/taler-wallet-core/src/operations')
10 files changed, 93 insertions, 80 deletions
diff --git a/packages/taler-wallet-core/src/operations/backup/index.ts b/packages/taler-wallet-core/src/operations/backup/index.ts index 8ddc0c064..5013b9032 100644 --- a/packages/taler-wallet-core/src/operations/backup/index.ts +++ b/packages/taler-wallet-core/src/operations/backup/index.ts @@ -69,7 +69,7 @@ import { rsaBlind, stringToBytes, } from "@gnu-taler/taler-util"; -import { CryptoApi } from "../../crypto/workers/cryptoApi.js"; +import { CryptoDispatcher } from "../../crypto/workers/cryptoDispatcher.js"; import { BackupProviderRecord, BackupProviderState, @@ -99,6 +99,7 @@ import { exportBackup } from "./export.js"; import { BackupCryptoPrecomputedData, importBackup } from "./import.js"; import { getWalletBackupState, provideBackupState } from "./state.js"; import { guardOperationException } from "../common.js"; +import { TalerCryptoInterface } from "../../crypto/cryptoImplementation.js"; const logger = new Logger("operations/backup.ts"); @@ -154,7 +155,7 @@ export async function encryptBackup( * FIXME: Move computations into crypto worker. */ async function computeBackupCryptoData( - cryptoApi: CryptoApi, + cryptoApi: TalerCryptoInterface, backupContent: WalletBackupContentV1, ): Promise<BackupCryptoPrecomputedData> { const cryptoData: BackupCryptoPrecomputedData = { @@ -193,18 +194,18 @@ async function computeBackupCryptoData( } } for (const prop of backupContent.proposals) { - const contractTermsHash = await cryptoApi.hashString( - canonicalJson(prop.contract_terms_raw), - ); + const { h: contractTermsHash } = await cryptoApi.hashString({ + str: canonicalJson(prop.contract_terms_raw), + }); const noncePub = encodeCrock(eddsaGetPublic(decodeCrock(prop.nonce_priv))); cryptoData.proposalNoncePrivToPub[prop.nonce_priv] = noncePub; cryptoData.proposalIdToContractTermsHash[prop.proposal_id] = contractTermsHash; } for (const purch of backupContent.purchases) { - const contractTermsHash = await cryptoApi.hashString( - canonicalJson(purch.contract_terms_raw), - ); + const { h: contractTermsHash } = await cryptoApi.hashString({ + str: canonicalJson(purch.contract_terms_raw), + }); const noncePub = encodeCrock(eddsaGetPublic(decodeCrock(purch.nonce_priv))); cryptoData.proposalNoncePrivToPub[purch.nonce_priv] = noncePub; cryptoData.proposalIdToContractTermsHash[purch.proposal_id] = @@ -286,13 +287,13 @@ async function runBackupCycleForProvider( logger.trace(`trying to upload backup to ${provider.baseUrl}`); logger.trace(`old hash ${oldHash}, new hash ${newHash}`); - const syncSig = await ws.cryptoApi.makeSyncSignature({ + const syncSigResp = await ws.cryptoApi.makeSyncSignature({ newHash: encodeCrock(currentBackupHash), oldHash: provider.lastBackupHash, accountPriv: encodeCrock(accountKeyPair.eddsaPriv), }); - logger.trace(`sync signature is ${syncSig}`); + logger.trace(`sync signature is ${syncSigResp}`); const accountBackupUrl = new URL( `/backups/${encodeCrock(accountKeyPair.eddsaPub)}`, @@ -304,7 +305,7 @@ async function runBackupCycleForProvider( body: encBackup, headers: { "content-type": "application/octet-stream", - "sync-signature": syncSig, + "sync-signature": syncSigResp.sig, "if-none-match": newHash, ...(provider.lastBackupHash ? { diff --git a/packages/taler-wallet-core/src/operations/backup/state.ts b/packages/taler-wallet-core/src/operations/backup/state.ts index f25cc170a..293f56137 100644 --- a/packages/taler-wallet-core/src/operations/backup/state.ts +++ b/packages/taler-wallet-core/src/operations/backup/state.ts @@ -41,7 +41,7 @@ export async function provideBackupState( } // We need to generate the key outside of the transaction // due to how IndexedDB works. - const k = await ws.cryptoApi.createEddsaKeypair(); + const k = await ws.cryptoApi.createEddsaKeypair({}); const d = getRandomBytes(5); // FIXME: device ID should be configured when wallet is initialized // and be based on hostname diff --git a/packages/taler-wallet-core/src/operations/common.ts b/packages/taler-wallet-core/src/operations/common.ts index 5525b4deb..5261b114d 100644 --- a/packages/taler-wallet-core/src/operations/common.ts +++ b/packages/taler-wallet-core/src/operations/common.ts @@ -15,7 +15,7 @@ */ import { TalerErrorDetail, TalerErrorCode } from "@gnu-taler/taler-util"; -import { CryptoApiStoppedError } from "../crypto/workers/cryptoApi.js"; +import { CryptoApiStoppedError } from "../crypto/workers/cryptoDispatcher.js"; import { TalerError, getErrorDetailFromException } from "../errors.js"; /** diff --git a/packages/taler-wallet-core/src/operations/deposits.ts b/packages/taler-wallet-core/src/operations/deposits.ts index ad3f614f3..2e14afdf1 100644 --- a/packages/taler-wallet-core/src/operations/deposits.ts +++ b/packages/taler-wallet-core/src/operations/deposits.ts @@ -254,14 +254,14 @@ export async function trackDepositGroup( `deposits/${wireHash}/${depositGroup.merchantPub}/${depositGroup.contractTermsHash}/${dp.coin_pub}`, dp.exchange_url, ); - const sig = await ws.cryptoApi.signTrackTransaction({ + const sigResp = await ws.cryptoApi.signTrackTransaction({ coinPub: dp.coin_pub, contractTermsHash: depositGroup.contractTermsHash, merchantPriv: depositGroup.merchantPriv, merchantPub: depositGroup.merchantPub, wireHash, }); - url.searchParams.set("merchant_sig", sig); + url.searchParams.set("merchant_sig", sigResp.sig); const httpResp = await ws.http.get(url.href); const body = await httpResp.json(); responses.push({ @@ -391,8 +391,8 @@ export async function createDepositGroup( const now = AbsoluteTime.now(); const nowRounded = AbsoluteTime.toTimestamp(now); - const noncePair = await ws.cryptoApi.createEddsaKeypair(); - const merchantPair = await ws.cryptoApi.createEddsaKeypair(); + const noncePair = await ws.cryptoApi.createEddsaKeypair({}); + const merchantPair = await ws.cryptoApi.createEddsaKeypair({}); const wireSalt = encodeCrock(getRandomBytes(16)); const wireHash = hashWire(req.depositPaytoUri, wireSalt); const contractTerms: ContractTerms = { @@ -421,9 +421,9 @@ export async function createDepositGroup( refund_deadline: TalerProtocolTimestamp.zero(), }; - const contractTermsHash = await ws.cryptoApi.hashString( - canonicalJson(contractTerms), - ); + const { h: contractTermsHash } = await ws.cryptoApi.hashString({ + str: canonicalJson(contractTerms), + }); const contractData = extractContractData( contractTerms, diff --git a/packages/taler-wallet-core/src/operations/exchanges.ts b/packages/taler-wallet-core/src/operations/exchanges.ts index 94159369b..51b5c7806 100644 --- a/packages/taler-wallet-core/src/operations/exchanges.ts +++ b/packages/taler-wallet-core/src/operations/exchanges.ts @@ -46,7 +46,7 @@ import { TalerProtocolDuration, } from "@gnu-taler/taler-util"; import { decodeCrock, encodeCrock, hash } from "@gnu-taler/taler-util"; -import { CryptoApi } from "../crypto/workers/cryptoApi.js"; +import { CryptoDispatcher } from "../crypto/workers/cryptoDispatcher.js"; import { DenominationRecord, DenominationVerificationStatus, @@ -243,12 +243,13 @@ async function validateWireInfo( if (ws.insecureTrustExchange) { isValid = true; } else { - isValid = await ws.cryptoApi.isValidWireAccount( + const { valid: v } = await ws.cryptoApi.isValidWireAccount({ + masterPub: masterPublicKey, + paytoUri: a.payto_uri, + sig: a.master_sig, versionCurrent, - a.payto_uri, - a.master_sig, - masterPublicKey, - ); + }); + isValid = v; } if (!isValid) { throw Error("exchange acct signature invalid"); @@ -272,11 +273,12 @@ async function validateWireInfo( if (ws.insecureTrustExchange) { isValid = true; } else { - isValid = await ws.cryptoApi.isValidWireFee( - wireMethod, - fee, - masterPublicKey, - ); + const { valid: v } = await ws.cryptoApi.isValidWireFee({ + masterPub: masterPublicKey, + type: wireMethod, + wf: fee, + }); + isValid = v; } if (!isValid) { throw Error("exchange wire fee signature invalid"); diff --git a/packages/taler-wallet-core/src/operations/pay.ts b/packages/taler-wallet-core/src/operations/pay.ts index 1c1a0f506..97f38bae6 100644 --- a/packages/taler-wallet-core/src/operations/pay.ts +++ b/packages/taler-wallet-core/src/operations/pay.ts @@ -55,7 +55,10 @@ import { TransactionType, URL, } from "@gnu-taler/taler-util"; -import { EXCHANGE_COINS_LOCK, InternalWalletState } from "../internal-wallet-state.js"; +import { + EXCHANGE_COINS_LOCK, + InternalWalletState, +} from "../internal-wallet-state.js"; import { AbortStatus, AllowedAuditorInfo, @@ -100,6 +103,7 @@ import { import { getExchangeDetails } from "./exchanges.js"; import { createRefreshGroup, getTotalRefreshCost } from "./refresh.js"; import { guardOperationException } from "./common.js"; +import { EddsaKeypair } from "../crypto/cryptoImplementation.js"; /** * Logger. @@ -795,11 +799,11 @@ async function processDownloadProposalImpl( ); } - const sigValid = await ws.cryptoApi.isValidContractTermsSignature( + const sigValid = await ws.cryptoApi.isValidContractTermsSignature({ contractTermsHash, - proposalResp.sig, - parsedContractTerms.merchant_pub, - ); + merchantPub: parsedContractTerms.merchant_pub, + sig: proposalResp.sig, + }); if (!sigValid) { const err = makeErrorDetail( @@ -921,9 +925,14 @@ async function startDownloadProposal( return oldProposal.proposalId; } - const { priv, pub } = await (noncePriv - ? ws.cryptoApi.eddsaGetPublic(noncePriv) - : ws.cryptoApi.createEddsaKeypair()); + let noncePair: EddsaKeypair; + if (noncePriv) { + noncePair = await ws.cryptoApi.eddsaGetPublic({ priv: noncePriv }); + } else { + noncePair = await ws.cryptoApi.createEddsaKeypair({}); + } + + const { priv, pub } = noncePair; const proposalId = encodeCrock(getRandomBytes(32)); const proposalRecord: ProposalRecord = { @@ -1673,11 +1682,11 @@ async function processPurchasePayImpl( logger.trace("got success from pay URL", merchantResp); const merchantPub = purchase.download.contractData.merchantPub; - const valid: boolean = await ws.cryptoApi.isValidPaymentSignature( - merchantResp.sig, - purchase.download.contractData.contractTermsHash, + const { valid } = await ws.cryptoApi.isValidPaymentSignature({ + contractHash: purchase.download.contractData.contractTermsHash, merchantPub, - ); + sig: merchantResp.sig, + }); if (!valid) { logger.error("merchant payment signature invalid"); diff --git a/packages/taler-wallet-core/src/operations/refresh.ts b/packages/taler-wallet-core/src/operations/refresh.ts index c422674a9..a77738262 100644 --- a/packages/taler-wallet-core/src/operations/refresh.ts +++ b/packages/taler-wallet-core/src/operations/refresh.ts @@ -76,9 +76,9 @@ import { RefreshNewDenomInfo, } from "../crypto/cryptoTypes.js"; import { GetReadWriteAccess } from "../util/query.js"; -import { CryptoApi } from "../index.browser.js"; import { guardOperationException } from "./common.js"; -import { CryptoApiStoppedError } from "../crypto/workers/cryptoApi.js"; +import { CryptoApiStoppedError } from "../crypto/workers/cryptoDispatcher.js"; +import { TalerCryptoInterface } from "../crypto/cryptoImplementation.js"; const logger = new Logger("refresh.ts"); @@ -461,7 +461,7 @@ async function refreshMelt( } export async function assembleRefreshRevealRequest(args: { - cryptoApi: CryptoApi; + cryptoApi: TalerCryptoInterface; derived: DerivedRefreshSession; norevealIndex: number; oldCoinPub: CoinPublicKeyString; @@ -494,14 +494,14 @@ export async function assembleRefreshRevealRequest(args: { const dsel = newDenoms[i]; for (let j = 0; j < dsel.count; j++) { const newCoinIndex = linkSigs.length; - const linkSig = await cryptoApi.signCoinLink( - oldCoinPriv, - dsel.denomPubHash, - oldCoinPub, - derived.transferPubs[norevealIndex], - planchets[newCoinIndex].coinEv, - ); - linkSigs.push(linkSig); + const linkSig = await cryptoApi.signCoinLink({ + coinEv: planchets[newCoinIndex].coinEv, + newDenomHash: dsel.denomPubHash, + oldCoinPriv: oldCoinPriv, + oldCoinPub: oldCoinPub, + transferPub: derived.transferPubs[norevealIndex], + }); + linkSigs.push(linkSig.sig); newDenomsFlat.push(dsel.denomPubHash); } } diff --git a/packages/taler-wallet-core/src/operations/reserves.ts b/packages/taler-wallet-core/src/operations/reserves.ts index dd0fa5423..9cbd63c45 100644 --- a/packages/taler-wallet-core/src/operations/reserves.ts +++ b/packages/taler-wallet-core/src/operations/reserves.ts @@ -170,7 +170,7 @@ export async function createReserve( ws: InternalWalletState, req: CreateReserveRequest, ): Promise<CreateReserveResponse> { - const keypair = await ws.cryptoApi.createEddsaKeypair(); + const keypair = await ws.cryptoApi.createEddsaKeypair({}); const now = AbsoluteTime.toTimestamp(AbsoluteTime.now()); const canonExchange = canonicalizeBaseUrl(req.exchange); diff --git a/packages/taler-wallet-core/src/operations/tip.ts b/packages/taler-wallet-core/src/operations/tip.ts index 7bd81b825..cd29f8a86 100644 --- a/packages/taler-wallet-core/src/operations/tip.ts +++ b/packages/taler-wallet-core/src/operations/tip.ts @@ -336,17 +336,17 @@ async function processTipImpl( throw Error("unsupported cipher"); } - const denomSigRsa = await ws.cryptoApi.rsaUnblind( - blindedSig.blinded_rsa_signature, - planchet.blindingKey, - denom.denomPub.rsa_public_key, - ); + const denomSigRsa = await ws.cryptoApi.rsaUnblind({ + bk: planchet.blindingKey, + blindedSig: blindedSig.blinded_rsa_signature, + pk: denom.denomPub.rsa_public_key, + }); - const isValid = await ws.cryptoApi.rsaVerify( - planchet.coinPub, - denomSigRsa, - denom.denomPub.rsa_public_key, - ); + const isValid = await ws.cryptoApi.rsaVerify({ + hm: planchet.coinPub, + pk: denom.denomPub.rsa_public_key, + sig: denomSigRsa.sig, + }); if (!isValid) { await ws.db @@ -377,7 +377,7 @@ async function processTipImpl( }, currentAmount: denom.value, denomPubHash: denom.denomPubHash, - denomSig: { cipher: DenomKeyType.Rsa, rsa_signature: denomSigRsa }, + denomSig: { cipher: DenomKeyType.Rsa, rsa_signature: denomSigRsa.sig }, exchangeBaseUrl: tipRecord.exchangeBaseUrl, status: CoinStatus.Fresh, suspended: false, diff --git a/packages/taler-wallet-core/src/operations/withdraw.ts b/packages/taler-wallet-core/src/operations/withdraw.ts index b7feae06a..7685ede73 100644 --- a/packages/taler-wallet-core/src/operations/withdraw.ts +++ b/packages/taler-wallet-core/src/operations/withdraw.ts @@ -603,17 +603,17 @@ async function processPlanchetVerifyAndStoreCoin( throw Error("unsupported cipher"); } - const denomSigRsa = await ws.cryptoApi.rsaUnblind( - evSig.blinded_rsa_signature, - planchet.blindingKey, - planchetDenomPub.rsa_public_key, - ); + const denomSigRsa = await ws.cryptoApi.rsaUnblind({ + bk: planchet.blindingKey, + blindedSig: evSig.blinded_rsa_signature, + pk: planchetDenomPub.rsa_public_key, + }); - const isValid = await ws.cryptoApi.rsaVerify( - planchet.coinPub, - denomSigRsa, - planchetDenomPub.rsa_public_key, - ); + const isValid = await ws.cryptoApi.rsaVerify({ + hm: planchet.coinPub, + pk: planchetDenomPub.rsa_public_key, + sig: denomSigRsa.sig, + }); if (!isValid) { await ws.db @@ -640,7 +640,7 @@ async function processPlanchetVerifyAndStoreCoin( if (planchetDenomPub.cipher === DenomKeyType.Rsa) { denomSig = { cipher: planchetDenomPub.cipher, - rsa_signature: denomSigRsa, + rsa_signature: denomSigRsa.sig, }; } else { throw Error("unsupported cipher"); @@ -759,10 +759,11 @@ export async function updateWithdrawalDenoms( if (ws.insecureTrustExchange) { valid = true; } else { - valid = await ws.cryptoApi.isValidDenom( + const res = await ws.cryptoApi.isValidDenom({ denom, - exchangeDetails.masterPublicKey, - ); + masterPub: exchangeDetails.masterPublicKey, + }); + valid = res.valid; } logger.trace(`Done validating ${denom.denomPubHash}`); if (!valid) { |