aboutsummaryrefslogtreecommitdiff
path: root/packages
diff options
context:
space:
mode:
authorIván Ávalos <avalos@disroot.org>2023-06-30 17:52:24 -0600
committerIván Ávalos <avalos@disroot.org>2023-07-26 12:09:17 -0600
commitef51ba983f49b32a04bb8460f24f720f7952f306 (patch)
tree9a8aad3bc818066b8677c626887ce08631cb1837 /packages
parent0b606028339d8256643ce60f11e72a090a301b58 (diff)
WIP: initial work for Anastasis in qtart
Diffstat (limited to 'packages')
-rw-r--r--packages/anastasis-core/package.json1
-rw-r--r--packages/anastasis-core/src/crypto.ts34
-rw-r--r--packages/taler-util/package.json5
-rw-r--r--packages/taler-util/src/taler-crypto.ts35
-rw-r--r--packages/taler-wallet-embedded/package.json3
-rw-r--r--packages/taler-wallet-embedded/src/wallet-qjs.ts31
6 files changed, 85 insertions, 24 deletions
diff --git a/packages/anastasis-core/package.json b/packages/anastasis-core/package.json
index d45d28129..c3a7106fb 100644
--- a/packages/anastasis-core/package.json
+++ b/packages/anastasis-core/package.json
@@ -23,7 +23,6 @@
"dependencies": {
"@gnu-taler/taler-util": "workspace:*",
"fflate": "^0.7.4",
- "hash-wasm": "^4.9.0",
"tslib": "^2.5.3"
},
"ava": {
diff --git a/packages/anastasis-core/src/crypto.ts b/packages/anastasis-core/src/crypto.ts
index 5e45f995f..3a9483aa1 100644
--- a/packages/anastasis-core/src/crypto.ts
+++ b/packages/anastasis-core/src/crypto.ts
@@ -26,8 +26,8 @@ import {
secretbox_open,
hash,
bytesToString,
+ hashArgon2id,
} from "@gnu-taler/taler-util";
-import { argon2id } from "hash-wasm";
export type Flavor<T, FlavorT extends string> = T & {
_flavor?: `anastasis.${FlavorT}`;
@@ -71,15 +71,13 @@ export async function userIdentifierDerive(
): Promise<UserIdentifier> {
const canonIdData = canonicalJson(idData);
const hashInput = stringToBytes(canonIdData);
- const result = await argon2id({
- hashLength: 64,
- iterations: 3,
- memorySize: 1024 /* kibibytes */,
- parallelism: 1,
- password: hashInput,
- salt: decodeCrock(serverSalt),
- outputType: "binary",
- });
+ const result = await hashArgon2id(
+ hashInput, // password
+ decodeCrock(serverSalt), // salt
+ 3, // iterations
+ 1024, // memoryLimit (kibibytes)
+ 64, // hashLength
+ );
return encodeCrock(result);
}
@@ -343,15 +341,13 @@ export async function secureAnswerHash(
truthUuid: TruthUuid,
questionSalt: TruthSalt,
): Promise<SecureAnswerHash> {
- const powResult = await argon2id({
- hashLength: 64,
- iterations: 3,
- memorySize: 1024 /* kibibytes */,
- parallelism: 1,
- password: stringToBytes(answer),
- salt: decodeCrock(questionSalt),
- outputType: "binary",
- });
+ const powResult = await hashArgon2id(
+ stringToBytes(answer), // password
+ decodeCrock(questionSalt), // salt
+ 3, // iterations
+ 1024, // memorySize (kibibytes)
+ 64, // hashLength
+ );
const kdfResult = kdfKw({
outputLength: 64,
salt: decodeCrock(truthUuid),
diff --git a/packages/taler-util/package.json b/packages/taler-util/package.json
index 40fa94923..766163c48 100644
--- a/packages/taler-util/package.json
+++ b/packages/taler-util/package.json
@@ -69,11 +69,12 @@
"big-integer": "^1.6.51",
"fflate": "^0.7.4",
"jed": "^1.1.1",
- "tslib": "^2.5.3"
+ "tslib": "^2.5.3",
+ "hash-wasm": "^4.9.0"
},
"ava": {
"files": [
"lib/**/*test.js"
]
}
-} \ No newline at end of file
+}
diff --git a/packages/taler-util/src/taler-crypto.ts b/packages/taler-util/src/taler-crypto.ts
index e3f7d49a8..cabe2b7d0 100644
--- a/packages/taler-util/src/taler-crypto.ts
+++ b/packages/taler-util/src/taler-crypto.ts
@@ -24,6 +24,7 @@
import * as nacl from "./nacl-fast.js";
import { hmacSha256, hmacSha512 } from "./kdf.js";
import bigint from "big-integer";
+import { argon2id } from "hash-wasm";
import {
CoinEnvelope,
CoinPublicKeyString,
@@ -69,6 +70,13 @@ interface NativeTartLib {
encodeCrock(buf: Uint8Array | ArrayBuffer): string;
decodeCrock(str: string): Uint8Array;
hash(buf: Uint8Array): Uint8Array;
+ hashArgon2id(
+ password: Uint8Array,
+ salt: Uint8Array,
+ iterations: number,
+ memorySize: number,
+ hashLength: number,
+ ): Uint8Array;
eddsaGetPublic(buf: Uint8Array): Uint8Array;
ecdheGetPublic(buf: Uint8Array): Uint8Array;
eddsaSign(msg: Uint8Array, priv: Uint8Array): Uint8Array;
@@ -253,6 +261,33 @@ export function decodeCrock(encoded: string): Uint8Array {
return out;
}
+export async function hashArgon2id(
+ password: Uint8Array,
+ salt: Uint8Array,
+ iterations: number,
+ memorySize: number,
+ hashLength: number,
+): Promise<Uint8Array> {
+ if (tart) {
+ return tart.hashArgon2id(
+ password,
+ salt,
+ iterations,
+ memorySize,
+ hashLength,
+ );
+ }
+ return await argon2id({
+ password: password,
+ salt: salt,
+ iterations: iterations,
+ memorySize: memorySize,
+ hashLength: hashLength,
+ parallelism: 1,
+ outputType: "binary",
+ });
+}
+
export function eddsaGetPublic(eddsaPriv: Uint8Array): Uint8Array {
if (tart) {
return tart.eddsaGetPublic(eddsaPriv);
diff --git a/packages/taler-wallet-embedded/package.json b/packages/taler-wallet-embedded/package.json
index 74616c69b..b96edff25 100644
--- a/packages/taler-wallet-embedded/package.json
+++ b/packages/taler-wallet-embedded/package.json
@@ -36,6 +36,7 @@
"@gnu-taler/idb-bridge": "workspace:*",
"@gnu-taler/taler-util": "workspace:*",
"@gnu-taler/taler-wallet-core": "workspace:*",
+ "@gnu-taler/anastasis-core": "workspace:*",
"tslib": "^2.5.3"
}
-} \ No newline at end of file
+}
diff --git a/packages/taler-wallet-embedded/src/wallet-qjs.ts b/packages/taler-wallet-embedded/src/wallet-qjs.ts
index 2b1c8a108..db0aeacb6 100644
--- a/packages/taler-wallet-embedded/src/wallet-qjs.ts
+++ b/packages/taler-wallet-embedded/src/wallet-qjs.ts
@@ -41,6 +41,10 @@ import {
Wallet,
WalletApiOperation,
} from "@gnu-taler/taler-wallet-core";
+import {
+ reduceAction,
+ ReducerState,
+} from "@gnu-taler/anastasis-core";
setGlobalLogLevelFromString("trace");
@@ -169,6 +173,25 @@ class NativeWalletMessageHandler {
}
}
+/**
+ * Handle an Anastasis request from the native app.
+ */
+async function handleAnastasisRequest(
+ state: ReducerState,
+ action: string,
+ id: string,
+ args: any,
+): Promise<CoreApiResponse> {
+ // For now, this will return "success" even if the wrapped Anastasis
+ // response is a ReducerStateError.
+ return {
+ type: "response",
+ id,
+ operation: "anastasis",
+ result: await reduceAction(state, action, args),
+ };
+}
+
export function installNativeWalletListener(): void {
setGlobalLogLevelFromString("trace");
const handler = new NativeWalletMessageHandler();
@@ -190,7 +213,13 @@ export function installNativeWalletListener(): void {
let respMsg: CoreApiResponse;
try {
- respMsg = await handler.handleMessage(operation, id, msg.args ?? {});
+ if (msg.operation === "anastasis") {
+ // TODO: do some input validation here
+ let req = msg.args ?? {};
+ respMsg = await handleAnastasisRequest(req.state, req.action, id, req.args ?? {});
+ } else {
+ respMsg = await handler.handleMessage(operation, id, msg.args ?? {});
+ }
} catch (e) {
respMsg = {
type: "error",