diff options
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/browserWorkerEntry.ts | 52 | ||||
| -rw-r--r-- | src/crypto/cryptoApi-test.ts | 117 | ||||
| -rw-r--r-- | src/crypto/cryptoImplementation.ts | 718 | ||||
| -rw-r--r-- | src/crypto/emscInterface-test.ts | 176 | ||||
| -rw-r--r-- | src/crypto/emscInterface.ts | 1657 | ||||
| -rw-r--r-- | src/crypto/nodeEmscriptenLoader.ts | 101 | ||||
| -rw-r--r-- | src/crypto/nodeProcessWorker.ts | 2 | ||||
| -rw-r--r-- | src/crypto/nodeWorkerEntry.ts | 17 | ||||
| -rw-r--r-- | src/crypto/primitives/kdf.ts (renamed from src/crypto/kdf.ts) | 0 | ||||
| -rw-r--r-- | src/crypto/primitives/nacl-fast.ts (renamed from src/crypto/nacl-fast.ts) | 80 | ||||
| -rw-r--r-- | src/crypto/primitives/sha256.ts (renamed from src/crypto/sha256.ts) | 0 | ||||
| -rw-r--r-- | src/crypto/synchronousWorker.ts | 9 | ||||
| -rw-r--r-- | src/crypto/talerCrypto-test.ts | 44 | ||||
| -rw-r--r-- | src/crypto/talerCrypto.ts | 144 |
14 files changed, 523 insertions, 2594 deletions
diff --git a/src/crypto/browserWorkerEntry.ts b/src/crypto/browserWorkerEntry.ts index d133e93cc..5ac762c13 100644 --- a/src/crypto/browserWorkerEntry.ts +++ b/src/crypto/browserWorkerEntry.ts @@ -23,61 +23,11 @@ */ import { CryptoImplementation } from "./cryptoImplementation"; -import { EmscEnvironment } from "./emscInterface"; const worker: Worker = (self as any) as Worker; -class BrowserEmscriptenLoader { - private cachedEmscEnvironment: EmscEnvironment | undefined = undefined; - private cachedEmscEnvironmentPromise: - | Promise<EmscEnvironment> - | undefined = undefined; - - async getEmscriptenEnvironment(): Promise<EmscEnvironment> { - - if (this.cachedEmscEnvironment) { - return this.cachedEmscEnvironment; - } - - if (this.cachedEmscEnvironmentPromise) { - return this.cachedEmscEnvironmentPromise; - } - - console.log("loading emscripten lib with 'importScripts'"); - // @ts-ignore - self.TalerEmscriptenLib = {}; - // @ts-ignore - importScripts('/emscripten/taler-emscripten-lib.js') - // @ts-ignore - if (!self.TalerEmscriptenLib) { - throw Error("can't import taler emscripten lib"); - } - const locateFile = (path: string, scriptDir: string) => { - console.log("locating file", "path", path, "scriptDir", scriptDir); - // This is quite hacky and assumes that our scriptDir is dist/ - return scriptDir + "../emscripten/" + path; - }; - console.log("instantiating TalerEmscriptenLib"); - // @ts-ignore - const lib = self.TalerEmscriptenLib({ locateFile }); - return new Promise((resolve, reject) => { - lib.then((mod: any) => { - this.cachedEmscEnvironmentPromise = undefined; - const emsc = new EmscEnvironment(mod); - this.cachedEmscEnvironment = new EmscEnvironment(mod); - console.log("emscripten module fully loaded"); - resolve(emsc); - }); - }); - } -} - -let loader = new BrowserEmscriptenLoader(); - async function handleRequest(operation: string, id: number, args: string[]) { - let emsc = await loader.getEmscriptenEnvironment(); - - const impl = new CryptoImplementation(emsc); + const impl = new CryptoImplementation(); if (!(operation in impl)) { console.error(`crypto operation '${operation}' not found`); diff --git a/src/crypto/cryptoApi-test.ts b/src/crypto/cryptoApi-test.ts deleted file mode 100644 index d9d42081c..000000000 --- a/src/crypto/cryptoApi-test.ts +++ /dev/null @@ -1,117 +0,0 @@ -/* - This file is part of TALER - (C) 2017 Inria and GNUnet e.V. - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> - */ - -// tslint:disable:max-line-length - -import test from "ava"; - -import { - DenominationRecord, - DenominationStatus, - ReserveRecord, - ReserveRecordStatus, -} from "../dbTypes"; - -import { CryptoApi } from "./cryptoApi"; -import { NodeCryptoWorkerFactory } from "./nodeProcessWorker"; - -const masterPub1: string = - "CQQZ9DY3MZ1ARMN5K1VKDETS04Y2QCKMMCFHZSWJWWVN82BTTH00"; - -const denomValid1: DenominationRecord = { - denomPub: - "51R7ARKCD5HJTTV5F4G0M818E9SP280A40G2GVH04CR30GHS84R3JHHP6GSM2D9Q6514CGT568R32C9J6CWM4DSH64TM4DSM851K0CA48CVKAC1P6H144C2160T46DHK8CVM4HJ274S38C1M6S338D9N6GWM8DT684T3JCT36S13EC9G88R3EGHQ8S0KJGSQ60SKGD216N33AGJ2651K2E9S60TMCD1N75244HHQ6X33EDJ570R3GGJ2651MACA38D130DA560VK4HHJ68WK2CA26GW3ECSH6D13EC9S88VK2GT66WVK8D9G750K0D9R8RRK4DHQ71332GHK8D23GE26710M2H9K6WVK8HJ38MVKEGA66N23AC9H88VKACT58MV3CCSJ6H1K4DT38GRK0C9M8N33CE1R60V4AHA38H1KECSH6S33JH9N8GRKGH1K68S36GH354520818CMG26C1H60R30C935452081918G2J2G0", - denomPubHash: "dummy", - exchangeBaseUrl: "https://exchange.example.com/", - feeDeposit: { - currency: "PUDOS", - fraction: 10000, - value: 0, - }, - feeRefresh: { - currency: "PUDOS", - fraction: 10000, - value: 0, - }, - feeRefund: { - currency: "PUDOS", - fraction: 10000, - value: 0, - }, - feeWithdraw: { - currency: "PUDOS", - fraction: 10000, - value: 0, - }, - isOffered: true, - masterSig: - "CJFJCQ48Q45PSGJ5KY94N6M2TPARESM2E15BSPBD95YVVPEARAEQ6V6G4Z2XBMS0QM0F3Y9EYVP276FCS90EQ1578ZC8JHFBZ3NGP3G", - stampExpireDeposit: "/Date(1851580381)/", - stampExpireLegal: "/Date(1567756381)/", - stampExpireWithdraw: "/Date(2482300381)/", - stampStart: "/Date(1473148381)/", - status: DenominationStatus.Unverified, - value: { - currency: "PUDOS", - fraction: 100000, - value: 0, - }, -}; - -const denomInvalid1 = JSON.parse(JSON.stringify(denomValid1)); -denomInvalid1.value.value += 1; - -test("string hashing", async t => { - const crypto = new CryptoApi(new NodeCryptoWorkerFactory()); - const s = await crypto.hashString("hello taler"); - const sh = - "8RDMADB3YNF3QZBS3V467YZVJAMC2QAQX0TZGVZ6Q5PFRRAJFT70HHN0QF661QR9QWKYMMC7YEMPD679D2RADXCYK8Y669A2A5MKQFR"; - t.true(s === sh); - t.pass(); -}); - -test("precoin creation", async t => { - const crypto = new CryptoApi(new NodeCryptoWorkerFactory()); - const { priv, pub } = await crypto.createEddsaKeypair(); - const r: ReserveRecord = { - created: { t_ms: 0 }, - currentAmount: null, - exchangeBaseUrl: "https://example.com/exchange", - hasPayback: false, - precoinAmount: { currency: "PUDOS", value: 0, fraction: 0 }, - requestedAmount: { currency: "PUDOS", value: 0, fraction: 0 }, - reservePriv: priv, - reservePub: pub, - timestampConfirmed: undefined, - timestampReserveInfoPosted: undefined, - exchangeWire: "payto://foo", - reserveStatus: ReserveRecordStatus.UNCONFIRMED, - }; - - const precoin = await crypto.createPreCoin(denomValid1, r); - t.truthy(precoin); - t.pass(); -}); - -test("denom validation", async t => { - const crypto = new CryptoApi(new NodeCryptoWorkerFactory()); - let v: boolean; - v = await crypto.isValidDenom(denomValid1, masterPub1); - t.true(v); - v = await crypto.isValidDenom(denomInvalid1, masterPub1); - t.true(!v); - t.pass(); -}); diff --git a/src/crypto/cryptoImplementation.ts b/src/crypto/cryptoImplementation.ts index 38c63ceee..9ffdec701 100644 --- a/src/crypto/cryptoImplementation.ts +++ b/src/crypto/cryptoImplementation.ts @@ -14,10 +14,9 @@ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> */ - /** * Synchronous implementation of crypto-related functions for the wallet. - * + * * The functionality is parameterized over an Emscripten environment. */ @@ -38,19 +37,118 @@ import { } from "../dbTypes"; import { CoinPaySig, ContractTerms, PaybackRequest } from "../talerTypes"; -import { BenchmarkResult, CoinWithDenom, PayCoinInfo } from "../walletTypes"; -import { canonicalJson } from "../helpers"; -import { EmscEnvironment } from "./emscInterface"; -import * as native from "./emscInterface"; +import { + BenchmarkResult, + CoinWithDenom, + PayCoinInfo, + Timestamp, +} from "../walletTypes"; +import { canonicalJson, getTalerStampSec } from "../helpers"; import { AmountJson } from "../amounts"; import * as Amounts from "../amounts"; import * as timer from "../timer"; -import { getRandomBytes, encodeCrock } from "./talerCrypto"; +import { + getRandomBytes, + encodeCrock, + decodeCrock, + createEddsaKeyPair, + createBlindingKeySecret, + hash, + rsaBlind, + eddsaVerify, + eddsaSign, + rsaUnblind, + stringToBytes, + createHashContext, + createEcdheKeyPair, + keyExchangeEcdheEddsa, + setupRefreshPlanchet, +} from "./talerCrypto"; +import { randomBytes } from "./primitives/nacl-fast"; + +enum SignaturePurpose { + RESERVE_WITHDRAW = 1200, + WALLET_COIN_DEPOSIT = 1201, + MASTER_DENOMINATION_KEY_VALIDITY = 1025, + WALLET_COIN_MELT = 1202, + TEST = 4242, + MERCHANT_PAYMENT_OK = 1104, + MASTER_WIRE_FEES = 1028, + WALLET_COIN_PAYBACK = 1203, + WALLET_COIN_LINK = 1204, +} + +function amountToBuffer(amount: AmountJson): Uint8Array { + const buffer = new ArrayBuffer(8 + 4 + 12); + const dvbuf = new DataView(buffer); + const u8buf = new Uint8Array(buffer); + const te = new TextEncoder(); + const curr = te.encode(amount.currency); + dvbuf.setBigUint64(0, BigInt(amount.value)); + dvbuf.setUint32(8, amount.fraction); + u8buf.set(curr, 8 + 4); + + return u8buf; +} + +function timestampToBuffer(ts: Timestamp): Uint8Array { + const b = new ArrayBuffer(8); + const v = new DataView(b); + const s = BigInt(ts.t_ms) * BigInt(1000); + v.setBigUint64(0, s); + return new Uint8Array(b); +} + +function talerTimestampStringToBuffer(ts: string): Uint8Array { + const t_sec = getTalerStampSec(ts); + if (t_sec === null || t_sec === undefined) { + // Should have been validated before! + throw Error("invalid timestamp"); + } + const buffer = new ArrayBuffer(8); + const dvbuf = new DataView(buffer); + const s = BigInt(t_sec) * BigInt(1000 * 1000); + dvbuf.setBigUint64(0, s); + return new Uint8Array(buffer); +} + +class SignaturePurposeBuilder { + private chunks: Uint8Array[] = []; + + constructor(private purposeNum: number) {} + + put(bytes: Uint8Array): SignaturePurposeBuilder { + this.chunks.push(Uint8Array.from(bytes)); + return this; + } + + build(): Uint8Array { + let payloadLen = 0; + for (let c of this.chunks) { + payloadLen += c.byteLength; + } + const buf = new ArrayBuffer(4 + 4 + payloadLen); + const u8buf = new Uint8Array(buf); + let p = 8; + for (let c of this.chunks) { + u8buf.set(c, p); + p += c.byteLength; + } + const dvbuf = new DataView(buf); + dvbuf.setUint32(0, payloadLen + 4 + 4); + dvbuf.setUint32(4, this.purposeNum); + return u8buf; + } +} + +function buildSigPS(purposeNum: number): SignaturePurposeBuilder { + return new SignaturePurposeBuilder(purposeNum); +} export class CryptoImplementation { static enableTracing: boolean = false; - constructor(private emsc: EmscEnvironment) {} + constructor() {} /** * Create a pre-coin of the given denomination to be withdrawn from then given @@ -60,54 +158,39 @@ export class CryptoImplementation { denom: DenominationRecord, reserve: ReserveRecord, ): PreCoinRecord { - const reservePriv = new native.EddsaPrivateKey(this.emsc); - reservePriv.loadCrock(reserve.reservePriv); - const reservePub = new native.EddsaPublicKey(this.emsc); - reservePub.loadCrock(reserve.reservePub); - const denomPub = native.RsaPublicKey.fromCrock(this.emsc, denom.denomPub); - const coinPriv = native.EddsaPrivateKey.create(this.emsc); - const coinPub = coinPriv.getPublicKey(); - const blindingFactor = native.RsaBlindingKeySecret.create(this.emsc); - const pubHash: native.HashCode = coinPub.hash(); - const ev = native.rsaBlind(pubHash, blindingFactor, denomPub); - - if (!ev) { - throw Error("couldn't blind (malicious exchange key?)"); - } - - if (!denom.feeWithdraw) { - throw Error("Field fee_withdraw missing"); - } - - const amountWithFee = new native.Amount(this.emsc, denom.value); - amountWithFee.add(new native.Amount(this.emsc, denom.feeWithdraw)); - const withdrawFee = new native.Amount(this.emsc, denom.feeWithdraw); - - const denomPubHash = denomPub.encode().hash(); - - // Signature - const withdrawRequest = new native.WithdrawRequestPS(this.emsc, { - amount_with_fee: amountWithFee.toNbo(), - h_coin_envelope: ev.hash(), - h_denomination_pub: denomPubHash, - reserve_pub: reservePub, - withdraw_fee: withdrawFee.toNbo(), - }); - - const sig = native.eddsaSign(withdrawRequest.toPurpose(), reservePriv); + const reservePub = decodeCrock(reserve.reservePub); + const reservePriv = decodeCrock(reserve.reservePriv); + const denomPub = decodeCrock(denom.denomPub); + const coinKeyPair = createEddsaKeyPair(); + const blindingFactor = createBlindingKeySecret(); + const coinPubHash = hash(coinKeyPair.eddsaPub); + const ev = rsaBlind(coinPubHash, blindingFactor, denomPub); + const amountWithFee = Amounts.add(denom.value, denom.feeWithdraw).amount; + const denomPubHash = hash(denomPub); + const evHash = hash(ev); + + const withdrawRequest = buildSigPS(SignaturePurpose.RESERVE_WITHDRAW) + .put(reservePub) + .put(amountToBuffer(amountWithFee)) + .put(amountToBuffer(denom.feeWithdraw)) + .put(denomPubHash) + .put(evHash) + .build(); + + const sig = eddsaSign(withdrawRequest, reservePriv); const preCoin: PreCoinRecord = { - blindingKey: blindingFactor.toCrock(), - coinEv: ev.toCrock(), - coinPriv: coinPriv.toCrock(), - coinPub: coinPub.toCrock(), + blindingKey: encodeCrock(blindingFactor), + coinEv: encodeCrock(ev), + coinPriv: encodeCrock(coinKeyPair.eddsaPriv), + coinPub: encodeCrock(coinKeyPair.eddsaPub), coinValue: denom.value, - denomPub: denomPub.toCrock(), - denomPubHash: denomPubHash.toCrock(), + denomPub: encodeCrock(denomPub), + denomPubHash: encodeCrock(denomPubHash), exchangeBaseUrl: reserve.exchangeBaseUrl, isFromTip: false, - reservePub: reservePub.toCrock(), - withdrawSig: sig.toCrock(), + reservePub: encodeCrock(reservePub), + withdrawSig: encodeCrock(sig), }; return preCoin; } @@ -116,32 +199,20 @@ export class CryptoImplementation { * Create a planchet used for tipping, including the private keys. */ createTipPlanchet(denom: DenominationRecord): TipPlanchet { - const denomPub = native.RsaPublicKey.fromCrock(this.emsc, denom.denomPub); - const coinPriv = native.EddsaPrivateKey.create(this.emsc); - const coinPub = coinPriv.getPublicKey(); - const blindingFactor = native.RsaBlindingKeySecret.create(this.emsc); - const pubHash: native.HashCode = coinPub.hash(); - const ev = native.rsaBlind(pubHash, blindingFactor, denomPub); - - if (!ev) { - throw Error("couldn't blind (malicious exchange key?)"); - } - - if (!denom.feeWithdraw) { - throw Error("Field fee_withdraw missing"); - } + const denomPub = decodeCrock(denom.denomPub); + const coinKeyPair = createEddsaKeyPair(); + const blindingFactor = createBlindingKeySecret(); + const coinPubHash = hash(coinKeyPair.eddsaPub); + const ev = rsaBlind(coinPubHash, blindingFactor, denomPub); const tipPlanchet: TipPlanchet = { - blindingKey: blindingFactor.toCrock(), - coinEv: ev.toCrock(), - coinPriv: coinPriv.toCrock(), - coinPub: coinPub.toCrock(), + blindingKey: encodeCrock(blindingFactor), + coinEv: encodeCrock(ev), + coinPriv: encodeCrock(coinKeyPair.eddsaPriv), + coinPub: encodeCrock(coinKeyPair.eddsaPub), coinValue: denom.value, - denomPub: denomPub.encode().toCrock(), - denomPubHash: denomPub - .encode() - .hash() - .toCrock(), + denomPub: encodeCrock(denomPub), + denomPubHash: encodeCrock(hash(denomPub)), }; return tipPlanchet; } @@ -150,22 +221,18 @@ export class CryptoImplementation { * Create and sign a message to request payback for a coin. */ createPaybackRequest(coin: CoinRecord): PaybackRequest { - const p = new native.PaybackRequestPS(this.emsc, { - coin_blind: native.RsaBlindingKeySecret.fromCrock( - this.emsc, - coin.blindingKey, - ), - coin_pub: native.EddsaPublicKey.fromCrock(this.emsc, coin.coinPub), - h_denom_pub: native.RsaPublicKey.fromCrock(this.emsc, coin.denomPub) - .encode() - .hash(), - }); - const coinPriv = native.EddsaPrivateKey.fromCrock(this.emsc, coin.coinPriv); - const coinSig = native.eddsaSign(p.toPurpose(), coinPriv); + const p = buildSigPS(SignaturePurpose.WALLET_COIN_PAYBACK) + .put(decodeCrock(coin.coinPub)) + .put(decodeCrock(coin.denomPubHash)) + .put(decodeCrock(coin.blindingKey)) + .build(); + + const coinPriv = decodeCrock(coin.coinPriv); + const coinSig = eddsaSign(p, coinPriv); const paybackRequest: PaybackRequest = { coin_blind_key_secret: coin.blindingKey, coin_pub: coin.coinPub, - coin_sig: coinSig.toCrock(), + coin_sig: encodeCrock(coinSig), denom_pub: coin.denomPub, denom_sig: coin.denomSig, }; @@ -180,114 +247,72 @@ export class CryptoImplementation { contractHash: string, merchantPub: string, ): boolean { - const p = new native.PaymentSignaturePS(this.emsc, { - contract_hash: native.HashCode.fromCrock(this.emsc, contractHash), - }); - const nativeSig = new native.EddsaSignature(this.emsc); - nativeSig.loadCrock(sig); - const nativePub = native.EddsaPublicKey.fromCrock(this.emsc, merchantPub); - return native.eddsaVerify( - native.SignaturePurpose.MERCHANT_PAYMENT_OK, - p.toPurpose(), - nativeSig, - nativePub, - ); + const p = buildSigPS(SignaturePurpose.MERCHANT_PAYMENT_OK) + .put(decodeCrock(contractHash)) + .build(); + const sigBytes = decodeCrock(sig); + const pubBytes = decodeCrock(merchantPub); + return eddsaVerify(p, sigBytes, pubBytes); } /** * Check if a wire fee is correctly signed. */ isValidWireFee(type: string, wf: WireFee, masterPub: string): boolean { - const p = new native.MasterWireFeePS(this.emsc, { - closing_fee: new native.Amount(this.emsc, wf.closingFee).toNbo(), - end_date: native.AbsoluteTimeNbo.fromStampSeconds(this.emsc, (wf.endStamp.t_ms / 1000)), - h_wire_method: native.ByteArray.fromStringWithNull( - this.emsc, - type, - ).hash(), - start_date: native.AbsoluteTimeNbo.fromStampSeconds( - this.emsc, - Math.floor(wf.startStamp.t_ms / 1000), - ), - wire_fee: new native.Amount(this.emsc, wf.wireFee).toNbo(), - }); - - const nativeSig = new native.EddsaSignature(this.emsc); - nativeSig.loadCrock(wf.sig); - const nativePub = native.EddsaPublicKey.fromCrock(this.emsc, masterPub); - - return native.eddsaVerify( - native.SignaturePurpose.MASTER_WIRE_FEES, - p.toPurpose(), - nativeSig, - nativePub, - ); + const p = buildSigPS(SignaturePurpose.MASTER_WIRE_FEES) + .put(hash(stringToBytes(type + "\0"))) + .put(timestampToBuffer(wf.startStamp)) + .put(timestampToBuffer(wf.endStamp)) + .put(amountToBuffer(wf.wireFee)) + .build(); + const sig = decodeCrock(wf.sig); + const pub = decodeCrock(masterPub); + return eddsaVerify(p, sig, pub); } /** * Check if the signature of a denomination is valid. */ isValidDenom(denom: DenominationRecord, masterPub: string): boolean { - const p = new native.DenominationKeyValidityPS(this.emsc, { - denom_hash: native.RsaPublicKey.fromCrock(this.emsc, denom.denomPub) - .encode() - .hash(), - expire_legal: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - denom.stampExpireLegal, - ), - expire_spend: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - denom.stampExpireDeposit, - ), - expire_withdraw: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - denom.stampExpireWithdraw, - ), - fee_deposit: new native.Amount(this.emsc, denom.feeDeposit).toNbo(), - fee_refresh: new native.Amount(this.emsc, denom.feeRefresh).toNbo(), - fee_refund: new native.Amount(this.emsc, denom.feeRefund).toNbo(), - fee_withdraw: new native.Amount(this.emsc, denom.feeWithdraw).toNbo(), - master: native.EddsaPublicKey.fromCrock(this.emsc, masterPub), - start: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - denom.stampStart, - ), - value: new native.Amount(this.emsc, denom.value).toNbo(), - }); - - const nativeSig = new native.EddsaSignature(this.emsc); - nativeSig.loadCrock(denom.masterSig); - - const nativePub = native.EddsaPublicKey.fromCrock(this.emsc, masterPub); - - return native.eddsaVerify( - native.SignaturePurpose.MASTER_DENOMINATION_KEY_VALIDITY, - p.toPurpose(), - nativeSig, - nativePub, - ); + const p = buildSigPS(SignaturePurpose.MASTER_DENOMINATION_KEY_VALIDITY) + .put(decodeCrock(masterPub)) + .put(timestampToBuffer(denom.stampStart)) + .put(timestampToBuffer(denom.stampExpireWithdraw)) + .put(timestampToBuffer(denom.stampExpireDeposit)) + .put(timestampToBuffer(denom.stampExpireLegal)) + .put(amountToBuffer(denom.value)) + .put(amountToBuffer(denom.feeWithdraw)) + .put(amountToBuffer(denom.feeDeposit)) + .put(amountToBuffer(denom.feeRefresh)) + .put(amountToBuffer(denom.feeRefund)) + .put(decodeCrock(denom.denomPubHash)) + .build(); + const sig = decodeCrock(denom.masterSig); + const pub = decodeCrock(masterPub); + return eddsaVerify(p, sig, pub); } /** * Create a new EdDSA key pair. */ createEddsaKeypair(): { priv: string; pub: string } { - const priv = native.EddsaPrivateKey.create(this.emsc); - const pub = priv.getPublicKey(); - return { priv: priv.toCrock(), pub: pub.toCrock() }; + const pair = createEddsaKeyPair(); + return { + priv: encodeCrock(pair.eddsaPriv), + pub: encodeCrock(pair.eddsaPub), + }; } /** * Unblind a blindly signed value. */ rsaUnblind(sig: string, bk: string, pk: string): string { - const denomSig = native.rsaUnblind( - native.RsaSignature.fromCrock(this.emsc, sig), - native.RsaBlindingKeySecret.fromCrock(this.emsc, bk), - native.RsaPublicKey.fromCrock(this.emsc, pk), + const denomSig = rsaUnblind( + decodeCrock(sig), + decodeCrock(pk), + decodeCrock(bk), ); - return denomSig.encode().toCrock(); + return encodeCrock(denomSig); } /** @@ -315,79 +340,54 @@ export class CryptoImplementation { .amount; const total = Amounts.add(fees, totalAmount).amount; - const amountSpent = native.Amount.getZero( - this.emsc, - cds[0].coin.currentAmount.currency, - ); - const amountRemaining = new native.Amount(this.emsc, total); + let amountSpent = Amounts.getZero(cds[0].coin.currentAmount.currency); + let amountRemaining = total; + for (const cd of cds) { - let coinSpend: native.Amount; const originalCoin = { ...cd.coin }; if (amountRemaining.value === 0 && amountRemaining.fraction === 0) { break; } - if ( - amountRemaining.cmp( - new native.Amount(this.emsc, cd.coin.currentAmount), - ) < 0 - ) { - coinSpend = new native.Amount(this.emsc, amountRemaining.toJson()); + let coinSpend: AmountJson; + if (Amounts.cmp(amountRemaining, cd.coin.currentAmount) < 0) { + coinSpend = amountRemaining; } else { - coinSpend = new native.Amount(this.emsc, cd.coin.currentAmount); + coinSpend = cd.coin.currentAmount; } - amountSpent.add(coinSpend); - amountRemaining.sub(coinSpend); + amountSpent = Amounts.add(amountSpent, coinSpend).amount; - const feeDeposit: native.Amount = new native.Amount( - this.emsc, - cd.denom.feeDeposit, - ); + const feeDeposit = cd.denom.feeDeposit; // Give the merchant at least the deposit fee, otherwise it'll reject // the coin. - if (coinSpend.cmp(feeDeposit) < 0) { + + if (Amounts.cmp(coinSpend, feeDeposit) < 0) { coinSpend = feeDeposit; } - const newAmount = new native.Amount(this.emsc, cd.coin.currentAmount); - newAmount.sub(coinSpend); - cd.coin.currentAmount = newAmount.toJson(); + const newAmount = Amounts.sub(cd.coin.currentAmount, coinSpend).amount; + cd.coin.currentAmount = newAmount; cd.coin.status = CoinStatus.Dirty; - const d = new native.DepositRequestPS(this.emsc, { - amount_with_fee: coinSpend.toNbo(), - coin_pub: native.EddsaPublicKey.fromCrock(this.emsc, cd.coin.coinPub), - deposit_fee: new native.Amount(this.emsc, cd.denom.feeDeposit).toNbo(), - h_contract: native.HashCode.fromCrock(this.emsc, contractTermsHash), - h_wire: native.HashCode.fromCrock(this.emsc, contractTerms.H_wire), - merchant: native.EddsaPublicKey.fromCrock( - this.emsc, - contractTerms.merchant_pub, - ), - refund_deadline: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - contractTerms.refund_deadline, - ), - timestamp: native.AbsoluteTimeNbo.fromTalerString( - this.emsc, - contractTerms.timestamp, - ), - }); - - const coinSig = native - .eddsaSign( - d.toPurpose(), - native.EddsaPrivateKey.fromCrock(this.emsc, cd.coin.coinPriv), - ) - .toCrock(); + const d = buildSigPS(SignaturePurpose.WALLET_COIN_DEPOSIT) + .put(decodeCrock(contractTermsHash)) + .put(decodeCrock(contractTerms.H_wire)) + .put(talerTimestampStringToBuffer(contractTerms.timestamp)) + .put(talerTimestampStringToBuffer(contractTerms.refund_deadline)) + .put(amountToBuffer(coinSpend)) + .put(amountToBuffer(cd.denom.feeDeposit)) + .put(decodeCrock(contractTerms.merchant_pub)) + .put(decodeCrock(cd.coin.coinPub)) + .build(); + const coinSig = eddsaSign(d, decodeCrock(cd.coin.coinPriv)); const s: CoinPaySig = { coin_pub: cd.coin.coinPub, - coin_sig: coinSig, - contribution: Amounts.toString(coinSpend.toJson()), + coin_sig: encodeCrock(coinSig), + contribution: Amounts.toString(coinSpend), denom_pub: cd.coin.denomPub, exchange_url: cd.denom.exchangeBaseUrl, ub_sig: cd.coin.denomSig, @@ -419,7 +419,7 @@ export class CryptoImplementation { // melt fee valueWithFee = Amounts.add(valueWithFee, meltFee).amount; - const sessionHc = new native.HashContext(this.emsc); + const sessionHc = createHashContext(); const transferPubs: string[] = []; const transferPrivs: string[] = []; @@ -427,79 +427,57 @@ export class CryptoImplementation { const preCoinsForGammas: RefreshPreCoinRecord[][] = []; for (let i = 0; i < kappa; i++) { - const t = native.EcdhePrivateKey.create(this.emsc); - const pub = t.getPublicKey(); - sessionHc.read(pub); - transferPrivs.push(t.toCrock()); - transferPubs.push(pub.toCrock()); + const transferKeyPair = createEcdheKeyPair(); + sessionHc.update(transferKeyPair.ecdhePub); + transferPrivs.push(encodeCrock(transferKeyPair.ecdhePriv)); + transferPubs.push(encodeCrock(transferKeyPair.ecdhePub)); } for (const denom of newCoinDenoms) { - const r = native.RsaPublicKey.fromCrock(this.emsc, denom.denomPub); - sessionHc.read(r.encode()); + const r = decodeCrock(denom.denomPub); + sessionHc.update(r); } - sessionHc.read( - native.EddsaPublicKey.fromCrock(this.emsc, meltCoin.coinPub), - ); - sessionHc.read(new native.Amount(this.emsc, valueWithFee).toNbo()); + sessionHc.update(decodeCrock(meltCoin.coinPub)); + sessionHc.update(amountToBuffer(valueWithFee)); for (let i = 0; i < kappa; i++) { const preCoins: RefreshPreCoinRecord[] = []; for (let j = 0; j < newCoinDenoms.length; j++) { - const transferPriv = native.EcdhePrivateKey.fromCrock( - this.emsc, - transferPrivs[i], - ); - const oldCoinPub = native.EddsaPublicKey.fromCrock( - this.emsc, - meltCoin.coinPub, - ); - const transferSecret = native.ecdhEddsa(transferPriv, oldCoinPub); - - const fresh = native.setupFreshCoin(transferSecret, j); - - const coinPriv = fresh.priv; - const coinPub = coinPriv.getPublicKey(); - const blindingFactor = fresh.blindingKey; - const pubHash: native.HashCode = coinPub.hash(); - const denomPub = native.RsaPublicKey.fromCrock( - this.emsc, - newCoinDenoms[j].denomPub, - ); - const ev = native.rsaBlind(pubHash, blindingFactor, denomPub); - if (!ev) { - throw Error("couldn't blind (malicious exchange key?)"); - } + const transferPriv = decodeCrock(transferPrivs[i]); + const oldCoinPub = decodeCrock(meltCoin.coinPub); + const transferSecret = keyExchangeEcdheEddsa(transferPriv, oldCoinPub); + + const fresh = setupRefreshPlanchet(transferSecret, j); + + const coinPriv = fresh.coinPriv; + const coinPub = fresh.coinPub; + const blindingFactor = fresh.bks; + const pubHash = hash(coinPub); + const denomPub = decodeCrock(newCoinDenoms[j].denomPub); + const ev = rsaBlind(pubHash, blindingFactor, denomPub); const preCoin: RefreshPreCoinRecord = { - blindingKey: blindingFactor.toCrock(), - coinEv: ev.toCrock(), - privateKey: coinPriv.toCrock(), - publicKey: coinPub.toCrock(), + blindingKey: encodeCrock(blindingFactor), + coinEv: encodeCrock(ev), + privateKey: encodeCrock(coinPriv), + publicKey: encodeCrock(coinPub), }; preCoins.push(preCoin); - sessionHc.read(ev); + sessionHc.update(ev); } preCoinsForGammas.push(preCoins); } - const sessionHash = new native.HashCode(this.emsc); - sessionHash.alloc(); - sessionHc.finish(sessionHash); + const sessionHash = sessionHc.finish(); - const confirmData = new native.RefreshMeltCoinAffirmationPS(this.emsc, { - amount_with_fee: new native.Amount(this.emsc, valueWithFee).toNbo(), - coin_pub: native.EddsaPublicKey.fromCrock(this.emsc, meltCoin.coinPub), - melt_fee: new native.Amount(this.emsc, meltFee).toNbo(), - session_hash: sessionHash, - }); + const confirmData = buildSigPS(SignaturePurpose.WALLET_COIN_MELT) + .put(sessionHash) + .put(amountToBuffer(valueWithFee)) + .put(amountToBuffer(meltFee)) + .put(decodeCrock(meltCoin.coinPub)) + .build(); - const confirmSig: string = native - .eddsaSign( - confirmData.toPurpose(), - native.EddsaPrivateKey.fromCrock(this.emsc, meltCoin.coinPriv), - ) - .toCrock(); + const confirmSig = eddsaSign(confirmData, decodeCrock(meltCoin.coinPriv)); let valueOutput = Amounts.getZero(newCoinDenoms[0].value.currency); for (const denom of newCoinDenoms) { @@ -510,10 +488,10 @@ export class CryptoImplementation { const refreshSession: RefreshSessionRecord = { refreshSessionId, - confirmSig, + confirmSig: encodeCrock(confirmSig), exchangeBaseUrl, finished: false, - hash: sessionHash.toCrock(), + hash: encodeCrock(sessionHash), meltCoinPub: meltCoin.coinPub, newDenomHashes: newCoinDenoms.map(d => d.denomPubHash), newDenoms: newCoinDenoms.map(d => d.denomPub), @@ -532,18 +510,16 @@ export class CryptoImplementation { * Hash a string including the zero terminator. */ hashString(str: string): string { - const b = native.ByteArray.fromStringWithNull(this.emsc, str); - return b.hash().toCrock(); + const ts = new TextEncoder(); + const b = ts.encode(str + "\0"); + return encodeCrock(hash(b)); } /** * Hash a denomination public key. */ hashDenomPub(denomPub: string): string { - return native.RsaPublicKey.fromCrock(this.emsc, denomPub) - .encode() - .hash() - .toCrock(); + return encodeCrock(hash(decodeCrock(denomPub))); } signCoinLink( @@ -553,20 +529,16 @@ export class CryptoImplementation { transferPub: string, coinEv: string, ): string { - const coinEvHash = native.ByteArray.fromCrock(this.emsc, coinEv).hash(); - - const coinLink = new native.CoinLinkSignaturePS(this.emsc, { - coin_envelope_hash: coinEvHash, - h_denom_pub: native.HashCode.fromCrock(this.emsc, newDenomHash), - old_coin_pub: native.EddsaPublicKey.fromCrock(this.emsc, oldCoinPub), - transfer_pub: native.EcdhePublicKey.fromCrock(this.emsc, transferPub), - }); - - const coinPriv = native.EddsaPrivateKey.fromCrock(this.emsc, oldCoinPriv); - - const sig = native.eddsaSign(coinLink.toPurpose(), coinPriv); - - return sig.toCrock(); + const coinEvHash = hash(decodeCrock(coinEv)); + const coinLink = buildSigPS(SignaturePurpose.WALLET_COIN_LINK) + .put(decodeCrock(newDenomHash)) + .put(decodeCrock(oldCoinPub)) + .put(decodeCrock(transferPub)) + .put(coinEvHash) + .build(); + const coinPriv = decodeCrock(oldCoinPriv); + const sig = eddsaSign(coinLink, coinPriv); + return encodeCrock(sig); } benchmark(repetitions: number): BenchmarkResult { @@ -578,165 +550,40 @@ export class CryptoImplementation { } let time_hash_big = 0; - const ba = new native.ByteArray(this.emsc, 4096); for (let i = 0; i < repetitions; i++) { - ba.randomize(native.RandomQuality.WEAK); + const ba = randomBytes(4096); const start = timer.performanceNow(); - ba.hash(); + hash(ba); time_hash_big += timer.performanceNow() - start; } let time_eddsa_create = 0; for (let i = 0; i < repetitions; i++) { const start = timer.performanceNow(); - const priv: native.EddsaPrivateKey = native.EddsaPrivateKey.create( - this.emsc, - ); + const pair = createEddsaKeyPair(); time_eddsa_create += timer.performanceNow() - start; - priv.destroy(); } let time_eddsa_sign = 0; - const eddsaPriv: native.EddsaPrivateKey = native.EddsaPrivateKey.create( - this.emsc, - ); - const eddsaPub: native.EddsaPublicKey = eddsaPriv.getPublicKey(); - const h: native.HashCode = new native.HashCode(this.emsc); - h.alloc(); - h.random(native.RandomQuality.WEAK); + const p = randomBytes(4096); - const ps = new native.PaymentSignaturePS(this.emsc, { - contract_hash: h, - }); - - const p = ps.toPurpose(); + const pair = createEddsaKeyPair(); for (let i = 0; i < repetitions; i++) { const start = timer.performanceNow(); - native.eddsaSign(p, eddsaPriv); + eddsaSign(p, pair.eddsaPriv); time_eddsa_sign += timer.performanceNow() - start; } - const eddsaSig = native.eddsaSign(p, eddsaPriv); - - let time_ecdsa_create = 0; - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - const priv: native.EcdsaPrivateKey = native.EcdsaPrivateKey.create( - this.emsc, - ); - time_ecdsa_create += timer.performanceNow() - start; - priv.destroy(); - } + const sig = eddsaSign(p, pair.eddsaPriv); let time_eddsa_verify = 0; for (let i = 0; i < repetitions; i++) { const start = timer.performanceNow(); - native.eddsaVerify( - native.SignaturePurpose.MERCHANT_PAYMENT_OK, - p, - eddsaSig, - eddsaPub, - ); + eddsaVerify(p, sig, pair.eddsaPub); time_eddsa_verify += timer.performanceNow() - start; } - /* rsa 2048 */ - - let time_rsa_2048_blind = 0; - const rsaPriv2048: native.RsaPrivateKey = native.RsaPrivateKey.create( - this.emsc, - 2048, - ); - const rsaPub2048 = rsaPriv2048.getPublicKey(); - const blindingSecret2048 = native.RsaBlindingKeySecret.create(this.emsc); - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaBlind(h, blindingSecret2048, rsaPub2048); - time_rsa_2048_blind += timer.performanceNow() - start; - } - - const blindedMessage2048 = native.rsaBlind( - h, - blindingSecret2048, - rsaPub2048, - ); - if (!blindedMessage2048) { - throw Error("should not happen"); - } - const rsaBlindSig2048 = native.rsaSignBlinded( - rsaPriv2048, - blindedMessage2048, - ); - - let time_rsa_2048_unblind = 0; - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaUnblind(rsaBlindSig2048, blindingSecret2048, rsaPub2048); - time_rsa_2048_unblind += timer.performanceNow() - start; - } - - const unblindedSig2048 = native.rsaUnblind( - rsaBlindSig2048, - blindingSecret2048, - rsaPub2048, - ); - - let time_rsa_2048_verify = 0; - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaVerify(h, unblindedSig2048, rsaPub2048); - time_rsa_2048_verify += timer.performanceNow() - start; - } - - /* rsa 4096 */ - - let time_rsa_4096_blind = 0; - const rsaPriv4096: native.RsaPrivateKey = native.RsaPrivateKey.create( - this.emsc, - 4096, - ); - const rsaPub4096 = rsaPriv4096.getPublicKey(); - const blindingSecret4096 = native.RsaBlindingKeySecret.create(this.emsc); - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaBlind(h, blindingSecret4096, rsaPub4096); - time_rsa_4096_blind += timer.performanceNow() - start; - } - - const blindedMessage4096 = native.rsaBlind( - h, - blindingSecret4096, - rsaPub4096, - ); - if (!blindedMessage4096) { - throw Error("should not happen"); - } - const rsaBlindSig4096 = native.rsaSignBlinded( - rsaPriv4096, - blindedMessage4096, - ); - - let time_rsa_4096_unblind = 0; - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaUnblind(rsaBlindSig4096, blindingSecret4096, rsaPub4096); - time_rsa_4096_unblind += timer.performanceNow() - start; - } - - const unblindedSig4096 = native.rsaUnblind( - rsaBlindSig4096, - blindingSecret4096, - rsaPub4096, - ); - - let time_rsa_4096_verify = 0; - for (let i = 0; i < repetitions; i++) { - const start = timer.performanceNow(); - native.rsaVerify(h, unblindedSig4096, rsaPub4096); - time_rsa_4096_verify += timer.performanceNow() - start; - } - return { repetitions, time: { @@ -745,13 +592,6 @@ export class CryptoImplementation { eddsa_create: time_eddsa_create, eddsa_sign: time_eddsa_sign, eddsa_verify: time_eddsa_verify, - ecdsa_create: time_ecdsa_create, - rsa_2048_blind: time_rsa_2048_blind, - rsa_2048_unblind: time_rsa_2048_unblind, - rsa_2048_verify: time_rsa_2048_verify, - rsa_4096_blind: time_rsa_4096_blind, - rsa_4096_unblind: time_rsa_4096_unblind, - rsa_4096_verify: time_rsa_4096_verify, }, }; } diff --git a/src/crypto/emscInterface-test.ts b/src/crypto/emscInterface-test.ts deleted file mode 100644 index 30b9c2b51..000000000 --- a/src/crypto/emscInterface-test.ts +++ /dev/null @@ -1,176 +0,0 @@ -/* - This file is part of TALER - (C) 2017 Inria and GNUnet e.V. - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> - */ - -// tslint:disable:max-line-length - -import test from "ava"; -import { NodeEmscriptenLoader } from "./nodeEmscriptenLoader"; -import * as native from "./emscInterface"; - -import { encodeCrock, decodeCrock } from "./talerCrypto"; -import { timestampCheck } from "../helpers"; - - -test("string hashing", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const x = native.ByteArray.fromStringWithNull(emsc, "hello taler"); - const h = "8RDMADB3YNF3QZBS3V467YZVJAMC2QAQX0TZGVZ6Q5PFRRAJFT70HHN0QF661QR9QWKYMMC7YEMPD679D2RADXCYK8Y669A2A5MKQFR"; - const hc = x.hash().toCrock(); - console.log(`# hc ${hc}`); - t.true(h === hc, "must equal"); - - const te = new TextEncoder(); - - const x2 = te.encode("hello taler\0"); - - t.pass(); -}); - - -test("signing", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const x = native.ByteArray.fromStringWithNull(emsc, "hello taler"); - const priv = native.EddsaPrivateKey.create(emsc); - const pub = priv.getPublicKey(); - const purpose = new native.EccSignaturePurpose(emsc, native.SignaturePurpose.TEST, x); - - const purposeDataCrock = purpose.toCrock(); - const privCrock = priv.toCrock(); - const pubCrock = pub.toCrock(); - const sig = native.eddsaSign(purpose, priv); - console.time("a"); - for (let i = 0; i < 5000; i++) { - const sig = native.eddsaSign(purpose, priv); - } - console.timeEnd("a"); - t.true(native.eddsaVerify(native.SignaturePurpose.TEST, purpose, sig, pub)); - - const d2 = new Uint8Array(decodeCrock(purposeDataCrock)); - console.log("sig1:", sig.toCrock()); - - t.pass(); -}); - - -test("signing-fixed-data", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const x = native.ByteArray.fromStringWithNull(emsc, "hello taler"); - const purpose = new native.EccSignaturePurpose(emsc, native.SignaturePurpose.TEST, x); - const privStr = "G9R8KRRCAFKPD0KW7PW48CC2T03VQ8K2AN9J6J6K2YW27J5MHN90"; - const pubStr = "YHCZB442FQFJ0ET20MWA8YJ53M61EZGJ6QKV1KTJZMRNXDY45WT0"; - const sigStr = "7V6XY4QGC1406GPMT305MZQ1HDCR7R0S5BP02GTGDQFPSXB6YD2YDN5ZS7NJQCNP61Y39MRHXNXQ1Z15JY4CJY4CPDA6CKQ3313WG38"; - const priv = native.EddsaPrivateKey.fromCrock(emsc, privStr); - t.true(privStr === priv.toCrock()); - const pub = priv.getPublicKey(); - t.true(pubStr === pub.toCrock()); - const sig = native.EddsaSignature.fromCrock(emsc, sigStr); - t.true(sigStr === sig.toCrock()); - const sig2 = native.eddsaSign(purpose, priv); - t.true(sig.toCrock() === sig2.toCrock()); - t.true(native.eddsaVerify(native.SignaturePurpose.TEST, purpose, sig, pub)); - t.pass(); -}); - - -const denomPubStr1 = "51R7ARKCD5HJTTV5F4G0M818E9SP280A40G2GVH04CR30G9R64VK6HHS6MW42DSN8MVKJGHK6WR3CGT18MWMCDSM75138E1K8S0MADSQ68W34DHH6MW4CHA270W4CG9J6GW48DHG8MVK4E9S7523GEA56H0K4E1Q891KCCSG752KGC1M88VMCDSQ6D23CHHG8H33AGHG6MSK8GT26CRKAC1M64V3JCJ56CVKCC228MWMCHA26MS30H1J8MVKEDHJ70TMADHK892KJC1H60TKJDHM710KGGT584T38H9K851KCDHG60W30HJ28CT4CC1G8CR3JGJ28H236DJ28H330H9S890M2D9S8S14AGA369344GA36S248CHS70RKEDSS6MWKGDJ26D136GT465348CSS8S232CHM6GS34C9N8CS3GD9H60W36H1R8MSK2GSQ8MSM6C9R70SKCHHN6MW3ACJ28N0K2CA58RS3GCA26MV42G9P891KAG9Q8N0KGD9M850KEHJ16S130CA27124AE1G852KJCHR6S1KGDSJ8RTKED1S8RR3CCHP68W4CH9Q6GT34GT18GS36EA46N24AGSP6933GCHM60VMAE1S8GV3EHHN74W3GC1J651KEH9N8MSK0CSG6S2KEEA460R32C1M8D144GSR6RWKEC218S0KEGJ4611KEEA36CSKJC2564TM4CSJ6H230E1N74TM8C1P61342CSG60WKCGHH64VK2G9S8CRKAHHK88W30HJ388R3CH1Q6X2K2DHK8GSM4D1Q74WM4HA461146H9S6D33JDJ26D234C9Q6923ECSS60RM6CT46CSKCH1M6S13EH9J8S33GCSN4CMGM81051JJ08SG64R30C1H4CMGM81054520A8A00"; - - -test("rsa-encode", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const pubHashStr = "JM63YM5X7X547164QJ3MGJZ4WDD47GEQR5DW5SH35G4JFZXEJBHE5JBNZM5K8XN5C4BRW25BE6GSVAYBF790G2BZZ13VW91D41S4DS0"; - const denomPub = native.RsaPublicKey.fromCrock(emsc, denomPubStr1); - const pubHash = denomPub.encode().hash(); - t.true(pubHashStr === pubHash.toCrock()); - t.pass(); -}); - - -test("withdraw-request", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const reservePrivStr = "G9R8KRRCAFKPD0KW7PW48CC2T03VQ8K2AN9J6J6K2YW27J5MHN90"; - const reservePriv = native.EddsaPrivateKey.fromCrock(emsc, reservePrivStr); - const reservePub = reservePriv.getPublicKey(); - const amountWithFee = new native.Amount(emsc, {currency: "KUDOS", value: 1, fraction: 10000}); - amountWithFee.add(new native.Amount(emsc, {currency: "KUDOS", value: 0, fraction: 20000})); - const withdrawFee = new native.Amount(emsc, {currency: "KUDOS", value: 0, fraction: 20000}); - const denomPub = native.RsaPublicKey.fromCrock(emsc, denomPubStr1); - const ev = native.ByteArray.fromStringWithNull(emsc, "hello, world"); - - // Signature - const withdrawRequest = new native.WithdrawRequestPS(emsc, { - amount_with_fee: amountWithFee.toNbo(), - h_coin_envelope: ev.hash(), - h_denomination_pub: denomPub.encode().hash(), - reserve_pub: reservePub, - withdraw_fee: withdrawFee.toNbo(), - }); - - const sigStr = "AD3T8W44NV193J19RAN3NAJHPP6RVB0R3NWV7ZK5G8Q946YDK0B6F8YJBNRRBXSPVTKY31S7BVZPJFFTJJRMY61DH51X4JSXK677428"; - - const sig = native.eddsaSign(withdrawRequest.toPurpose(), reservePriv); - t.true(native.eddsaVerify(native.SignaturePurpose.RESERVE_WITHDRAW, withdrawRequest.toPurpose(), sig, reservePub)); - t.true(sig.toCrock() === sigStr); - t.pass(); -}); - - -test("currency-conversion", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const a1 = new native.Amount(emsc, {currency: "KUDOS", value: 1, fraction: 50000000}); - const a2 = new native.Amount(emsc, {currency: "KUDOS", value: 1, fraction: 50000000}); - a1.add(a2); - const x = a1.toJson(); - t.true(x.currency === "KUDOS"); - t.true(x.fraction === 0); - t.true(x.value === 3); - t.pass(); -}); - - -test("ecdsa", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const priv = native.EcdsaPrivateKey.create(emsc); - const pub1 = priv.getPublicKey(); - t.truthy(priv); - t.truthy(pub1); - t.pass(); -}); - - -test("ecdhe", async (t) => { - const loader = new NodeEmscriptenLoader(); - const emsc = await loader.getEmscriptenEnvironment(); - - const priv = native.EcdhePrivateKey.create(emsc); - const pub = priv.getPublicKey(); - t.truthy(priv); - t.truthy(pub); - t.pass(); -}); diff --git a/src/crypto/emscInterface.ts b/src/crypto/emscInterface.ts deleted file mode 100644 index da5442a61..000000000 --- a/src/crypto/emscInterface.ts +++ /dev/null @@ -1,1657 +0,0 @@ -/* - This file is part of TALER - (C) 2015 GNUnet e.V. - - TALER is free software; you can redistribute it and/or modify it under the - terms of the GNU General Public License as published by the Free Software - Foundation; either version 3, or (at your option) any later version. - - TALER is distributed in the hope that it will be useful, but WITHOUT ANY - WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR - A PARTICULAR PURPOSE. See the GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along with - TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> - */ - - -/** - * Medium-level interface to emscripten-compiled modules used - * by the wallet. Handles memory management by allocating by allocating - * objects in arenas that then can be disposed of all at once. - * - * The high-level interface (using WebWorkers) is exposed in src/cryptoApi.ts. - */ - -/** - * Imports. - */ -import { AmountJson } from "../amounts"; - -/** - * Size of a native pointer. Must match the size - * use when compiling via emscripten. - */ -const PTR_SIZE = 4; - -const GNUNET_OK = 1; - - -/** - * Signature of the function that retrieves emscripten - * function implementations. - */ -export interface EmscFunGen { - (name: string, - ret: string, - args: string[]): ((...x: Array<number|string>) => any); - (name: string, - ret: "number", - args: string[]): ((...x: Array<number|string>) => number); - (name: string, - ret: "void", - args: string[]): ((...x: Array<number|string>) => void); - (name: string, - ret: "string", - args: string[]): ((...x: Array<number|string>) => string); -} - - -interface EmscLib { - cwrap: EmscFunGen; - - ccall(name: string, ret: "number"|"string", argTypes: any[], args: any[]): any; - - stringToUTF8(s: string, addr: number, maxLength: number): void; - - onRuntimeInitialized(f: () => void): void; - - readBinary?: (filename: string) => Promise<ArrayBuffer>; - - calledRun?: boolean; - - _free(ptr: number): void; - - _malloc(n: number): number; - - UTF8ToString(p: number, len?: number): string; - - getValue(ptr: number, type: string, noSafe?: boolean): number; - - setValue(ptr: number, value: number, type: string, noSafe?: boolean): void; - - writeStringToMemory(s: string, buffer: number, dontAddNull?: boolean): void; -} - -interface EmscFunctions { - amount_add(a1: number, a2: number, a3: number): number; - amount_cmp(a1: number, a2: number): number; - amount_get_zero(a1: string, a2: number): number; - amount_hton(a1: number, a2: number): void; - amount_normalize(a1: number): void; - amount_ntoh(a1: number, a2: number): void; - amount_subtract(a1: number, a2: number, a3: number): number; - ecdh_eddsa(a1: number, a2: number, a3: number): number; - eddsa_sign(a1: number, a2: number, a3: number): number; - eddsa_verify(a1: number, a2: number, a3: number, a4: number): number; - free(ptr: number): void; - get_currency(a: number): string; - get_fraction(a: number): number; - get_value(a: number): number; - hash(a1: number, a2: number, a3: number): void; - hash_context_abort(ctx: number): void; - hash_context_finish(a1: number, a2: number): void; - hash_context_read(a1: number, a2: number, a3: number): void; - hash_create_random(a1: number, a2: number): void; - memmove(a1: number, a2: number, a3: number): number; - random_block(a1: number, a2: number, a3: number): void; - rsa_blinding_key_free(a1: number): void; - rsa_public_key_free(a1: number): void; - rsa_private_key_free(a1: number): void; - rsa_signature_free(a1: number): void; - rsa_verify(msgHash: number, sig: number, pubKey: number): number; - setup_fresh_coin(a1: number, a2: number, a3: number): void; - string_to_data(a1: number, a2: number, a3: number, a4: number): number; -} - -interface EmscAllocFunctions { - data_to_string_alloc(a1: number, a2: number): number; - ecdhe_key_create(): number; - ecdhe_public_key_from_private(a1: number): number; - ecdsa_key_create(): number; - ecdsa_public_key_from_private(a1: number): number; - eddsa_key_create(): number; - eddsa_public_key_from_private(a1: number): number; - /** - * Note that value_1 and value_2 are the first 64-bit parameter, - * and not two separate parameters (by the emscripten calling convention). - */ - get_amount(value_1: number, value_2: number, fraction: number, currency: string): number; - hash_context_start(): number; - malloc(size: number): number; - purpose_create(a1: number, a2: number, a3: number): number; - rsa_blind(a1: number, a2: number, a3: number, a4: number, a5: number): number; - rsa_blinding_key_create(a1: number): number; - rsa_blinding_key_decode(a1: number, a2: number): number; - rsa_blinding_key_encode(a1: number, a2: number): number; - rsa_private_key_create(len: number): number; - rsa_private_key_decode(a1: number, a2: number): number; - rsa_private_key_encode(a1: number, a2: number): number; - rsa_private_key_get_public(privKeyPtr: number): number; - rsa_public_key_decode(a1: number, a2: number): number; - rsa_public_key_encode(a1: number, a2: number): number; - rsa_signature_decode(a1: number, a2: number): number; - rsa_signature_encode(a1: number, a2: number): number; - rsa_sign_blinded(keyPtr: number, msgPtr: number, msgLen: number): number; - rsa_unblind(a1: number, a2: number, a3: number): number; -} - -export class EmscEnvironment { - - /** - * Emscripten functions that don't do any memory allocations. - */ - public funcs: EmscFunctions; - - /** - * Emscripten functions that allocate memory. - */ - public allocFuncs: EmscAllocFunctions; - - public lib: EmscLib; - - constructor(lib: EmscLib) { - const getEmsc: EmscFunGen = (name: string, ret: any, argTypes: any[]) => { - return (...args: any[]) => { - return lib.ccall(name, ret, argTypes, args); - }; - }; - this.lib = lib; - this.allocFuncs = { - data_to_string_alloc: getEmsc("GNUNET_STRINGS_data_to_string_alloc", "number", ["number", "number"]), - ecdhe_key_create: getEmsc("GNUNET_CRYPTO_ecdhe_key_create", "number", []), - ecdhe_public_key_from_private: getEmsc( "TALER_WRALL_ecdhe_public_key_from_private", "number", ["number"]), - ecdsa_key_create: getEmsc("GNUNET_CRYPTO_ecdsa_key_create", "number", []), - ecdsa_public_key_from_private: getEmsc( "TALER_WRALL_ecdsa_public_key_from_private", "number", ["number"]), - eddsa_key_create: getEmsc("GNUNET_CRYPTO_eddsa_key_create", "number", []), - eddsa_public_key_from_private: getEmsc( "TALER_WRALL_eddsa_public_key_from_private", "number", ["number"]), - get_amount: getEmsc("TALER_WRALL_get_amount", "number", ["number", "number", "number", "string"]), - hash_context_start: getEmsc("GNUNET_CRYPTO_hash_context_start", "number", []), - malloc: (size: number) => lib._malloc(size), - purpose_create: getEmsc("TALER_WRALL_purpose_create", "number", ["number", "number", "number"]), - rsa_blind: getEmsc("GNUNET_CRYPTO_rsa_blind", "number", ["number", "number", "number", "number", "number"]), - rsa_blinding_key_create: getEmsc("GNUNET_CRYPTO_rsa_blinding_key_create", "number", ["number"]), - rsa_blinding_key_decode: getEmsc("GNUNET_CRYPTO_rsa_blinding_key_decode", "number", ["number", "number"]), - rsa_blinding_key_encode: getEmsc("GNUNET_CRYPTO_rsa_blinding_key_encode", "number", ["number", "number"]), - rsa_private_key_create: getEmsc("GNUNET_CRYPTO_rsa_private_key_create", "number", ["number"]), - rsa_private_key_decode: getEmsc("GNUNET_CRYPTO_rsa_private_key_decode", "number", ["number", "number"]), - rsa_private_key_encode: getEmsc("GNUNET_CRYPTO_rsa_private_key_encode", "number", ["number", "number"]), - rsa_private_key_get_public: getEmsc("GNUNET_CRYPTO_rsa_private_key_get_public", "number", ["number"]), - rsa_public_key_decode: getEmsc("GNUNET_CRYPTO_rsa_public_key_decode", "number", ["number", "number"]), - rsa_public_key_encode: getEmsc("GNUNET_CRYPTO_rsa_public_key_encode", "number", ["number", "number"]), - rsa_signature_decode: getEmsc("GNUNET_CRYPTO_rsa_signature_decode", "number", ["number", "number"]), - rsa_signature_encode: getEmsc("GNUNET_CRYPTO_rsa_signature_encode", "number", ["number", "number"]), - rsa_sign_blinded: getEmsc("GNUNET_CRYPTO_rsa_sign_blinded", "number", ["number", "number", "number"]), - rsa_unblind: getEmsc("GNUNET_CRYPTO_rsa_unblind", "number", ["number", "number", "number"]), - }; - this.funcs = { - amount_add: getEmsc("TALER_amount_add", "number", ["number", "number", "number"]), - amount_cmp: getEmsc("TALER_amount_cmp", "number", ["number", "number"]), - amount_get_zero: getEmsc("TALER_amount_get_zero", "number", ["string", "number"]), - amount_hton: getEmsc("TALER_amount_hton", "void", ["number", "number"]), - amount_normalize: getEmsc("TALER_amount_normalize", "void", ["number"]), - amount_ntoh: getEmsc("TALER_amount_ntoh", "void", ["number", "number"]), - amount_subtract: getEmsc("TALER_amount_subtract", "number", ["number", "number", "number"]), - ecdh_eddsa: getEmsc("GNUNET_CRYPTO_ecdh_eddsa", "number", ["number", "number", "number"]), - eddsa_sign: getEmsc("GNUNET_CRYPTO_eddsa_sign", "number", ["number", "number", "number"]), - eddsa_verify: getEmsc("GNUNET_CRYPTO_eddsa_verify", "number", ["number", "number", "number", "number"]), - free: (ptr: number) => lib._free(ptr), - get_currency: getEmsc("TALER_WR_get_currency", "string", ["number"]), - get_fraction: getEmsc("TALER_WR_get_fraction", "number", ["number"]), - get_value: getEmsc("TALER_WR_get_value", "number", ["number"]), - hash: getEmsc("GNUNET_CRYPTO_hash", "void", ["number", "number", "number"]), - hash_context_abort: getEmsc("GNUNET_CRYPTO_hash_context_abort", "void", ["number"]), - hash_context_finish: getEmsc("GNUNET_CRYPTO_hash_context_finish", "void", ["number", "number"]), - hash_context_read: getEmsc("GNUNET_CRYPTO_hash_context_read", "void", ["number", "number", "number"]), - hash_create_random: getEmsc("GNUNET_CRYPTO_hash_create_random", "void", ["number", "number"]), - memmove: getEmsc("memmove", "number", ["number", "number", "number"]), - random_block: getEmsc("GNUNET_CRYPTO_random_block", "void", ["number", "number", "number"]), - rsa_blinding_key_free: getEmsc("GNUNET_CRYPTO_rsa_blinding_key_free", "void", ["number"]), - rsa_public_key_free: getEmsc("GNUNET_CRYPTO_rsa_public_key_free", "void", ["number"]), - rsa_private_key_free: getEmsc("GNUNET_CRYPTO_rsa_private_key_free", "void", ["number"]), - rsa_signature_free: getEmsc("GNUNET_CRYPTO_rsa_signature_free", "void", ["number"]), - rsa_verify: getEmsc("GNUNET_CRYPTO_rsa_verify", "number", ["number", "number", "number"]), - setup_fresh_coin: getEmsc("TALER_setup_fresh_coin", "void", ["number", "number", "number"]), - string_to_data: getEmsc("GNUNET_STRINGS_string_to_data", "number", ["number", "number", "number", "number"]), - }; - } -} - - -/** - * Constants for signatures purposes, define what the signatures vouches for. - */ -export enum SignaturePurpose { - RESERVE_WITHDRAW = 1200, - WALLET_COIN_DEPOSIT = 1201, - MASTER_DENOMINATION_KEY_VALIDITY = 1025, - WALLET_COIN_MELT = 1202, - TEST = 4242, - MERCHANT_PAYMENT_OK = 1104, - MASTER_WIRE_FEES = 1028, - WALLET_COIN_PAYBACK = 1203, - WALLET_COIN_LINK = 1204, -} - - -/** - * Desired quality levels for random numbers. - */ -export enum RandomQuality { - WEAK = 0, - STRONG = 1, - NONCE = 2, -} - - -/** - * Object that is allocated in some arena. - */ -interface ArenaObject { - destroy(): void; -} - - -/** - * Context for cummulative hashing. - */ -export class HashContext implements ArenaObject { - private hashContextPtr: number | undefined; - - constructor(private emsc: EmscEnvironment) { - this.hashContextPtr = emsc.allocFuncs.hash_context_start(); - } - - /** - * Add data to be hashed. - */ - read(obj: PackedArenaObject): void { - if (!this.hashContextPtr) { - throw Error("assertion failed"); - } - this.emsc.funcs.hash_context_read(this.hashContextPtr, obj.nativePtr, obj.size()); - } - - /** - * Finish the hash computation. - */ - finish(h: HashCode) { - if (!this.hashContextPtr) { - throw Error("assertion failed"); - } - h.alloc(); - this.emsc.funcs.hash_context_finish(this.hashContextPtr, h.nativePtr); - } - - /** - * Abort hashing without computing the result. - */ - destroy(): void { - if (this.hashContextPtr) { - this.emsc.funcs.hash_context_abort(this.hashContextPtr); - } - this.hashContextPtr = undefined; - } -} - - -/** - * Arena object that points to an allocated block of memory. - */ -abstract class MallocArenaObject implements ArenaObject { - protected _nativePtr: number | undefined = undefined; - - /** - * Is this a weak reference to the underlying memory? - */ - isWeak = false; - - destroy(): void { - if (this._nativePtr && !this.isWeak) { - this.emsc.funcs.free(this.nativePtr); - this._nativePtr = undefined; - } - } - - constructor(public emsc: EmscEnvironment, arena?: Arena) { - if (!arena) { - if (arenaStack.length === 0) { - throw Error("No arena available"); - } - arena = arenaStack[arenaStack.length - 1]; - } - arena.put(this); - } - - alloc(size: number) { - if (this._nativePtr !== undefined) { - throw Error("Double allocation"); - } - this.nativePtr = this.emsc.allocFuncs.malloc(size); - } - - set nativePtr(v: number) { - if (v === undefined) { - throw Error("Native pointer must be a number or null"); - } - this._nativePtr = v; - } - - get nativePtr() { - // We want to allow latent allocation - // of native wrappers, but we never want to - // pass 'undefined' to emscripten. - if (this._nativePtr === undefined) { - throw Error("Native pointer not initialized"); - } - return this._nativePtr; - } -} - - -/** - * An arena stores objects that will be deallocated - * at the same time. - */ -interface Arena { - put(obj: ArenaObject): void; - destroy(): void; -} - - -/** - * Arena that must be manually destroyed. - */ -class SimpleArena implements Arena { - protected heap: ArenaObject[]; - - constructor() { - this.heap = []; - } - - put(obj: ArenaObject) { - this.heap.push(obj); - } - - destroy() { - for (const obj of this.heap) { - obj.destroy(); - } - this.heap = []; - } -} - - -/** - * Arena that destroys all its objects once control has returned to the message - * loop. - */ -class SyncArena extends SimpleArena { - private isScheduled: boolean; - - constructor() { - super(); - } - - pub(obj: MallocArenaObject) { - super.put(obj); - if (!this.isScheduled) { - this.schedule(); - } - this.heap.push(obj); - } - - private schedule() { - this.isScheduled = true; - Promise.resolve().then(() => { - this.isScheduled = false; - this.destroy(); - }); - } -} - -export const arenaStack: Arena[] = []; -arenaStack.push(new SyncArena()); - - -/** - * Representation of monetary value in a given currency. - */ -export class Amount extends MallocArenaObject { - constructor(emsc: EmscEnvironment, args?: AmountJson, arena?: Arena) { - super(emsc, arena); - if (args) { - this.nativePtr = emsc.allocFuncs.get_amount(args.value, - 0, - args.fraction, - args.currency); - } else { - this.nativePtr = emsc.allocFuncs.get_amount(0, 0, 0, ""); - } - } - - static getZero(emsc: EmscEnvironment, currency: string, a?: Arena): Amount { - const am = new Amount(emsc, undefined, a); - const r = emsc.funcs.amount_get_zero(currency, am.nativePtr); - if (r !== GNUNET_OK) { - throw Error("invalid currency"); - } - return am; - } - - - toNbo(a?: Arena): AmountNbo { - const x = new AmountNbo(this.emsc, a); - x.alloc(); - this.emsc.funcs.amount_hton(x.nativePtr, this.nativePtr); - return x; - } - - fromNbo(nbo: AmountNbo): void { - this.emsc.funcs.amount_ntoh(this.nativePtr, nbo.nativePtr); - } - - get value() { - return this.emsc.funcs.get_value(this.nativePtr); - } - - get fraction() { - return this.emsc.funcs.get_fraction(this.nativePtr); - } - - get currency(): string { - return this.emsc.funcs.get_currency(this.nativePtr); - } - - toJson(): AmountJson { - return { - currency: this.emsc.funcs.get_currency(this.nativePtr), - fraction: this.emsc.funcs.get_fraction(this.nativePtr), - value: this.emsc.funcs.get_value(this.nativePtr), - }; - } - - /** - * Add an amount to this amount. - */ - add(a: Amount) { - const res = this.emsc.funcs.amount_add(this.nativePtr, a.nativePtr, this.nativePtr); - if (res < 1) { - // Overflow - return false; - } - return true; - } - - /** - * Perform saturating subtraction on amounts. - */ - sub(a: Amount) { - // this = this - a - const res = this.emsc.funcs.amount_subtract(this.nativePtr, this.nativePtr, a.nativePtr); - if (res === 0) { - // Underflow - return false; - } - if (res > 0) { - return true; - } - throw Error("Incompatible currencies"); - } - - cmp(a: Amount) { - // If we don't check this, the c code aborts. - if (this.currency !== a.currency) { - throw Error(`incomparable currencies (${this.currency} and ${a.currency})`); - } - return this.emsc.funcs.amount_cmp(this.nativePtr, a.nativePtr); - } - - normalize() { - this.emsc.funcs.amount_normalize(this.nativePtr); - } -} - - -/** - * Count the UTF-8 characters in a JavaScript string. - */ -function countUtf8Bytes(str: string): number { - let s = str.length; - // JavaScript strings are UTF-16 arrays - for (let i = str.length - 1; i >= 0; i--) { - const code = str.charCodeAt(i); - if (code > 0x7f && code <= 0x7ff) { - // We need an extra byte in utf-8 here - s++; - } else if (code > 0x7ff && code <= 0xffff) { - // We need two extra bytes in utf-8 here - s += 2; - } - // Skip over the other surrogate - if (code >= 0xDC00 && code <= 0xDFFF) { - i--; - } - } - return s; -} - - -/** - * Managed reference to a contiguous block of memory in the Emscripten heap. - * Can be converted from / to a serialized representation. - * Should contain only data, not pointers. - */ -abstract class PackedArenaObject extends MallocArenaObject { - abstract size(): number; - - constructor(emsc: EmscEnvironment, a?: Arena) { - super(emsc, a); - } - - randomize(qual: RandomQuality = RandomQuality.STRONG): void { - this.emsc.funcs.random_block(qual, this.nativePtr, this.size()); - } - - toCrock(): string { - const d = this.emsc.allocFuncs.data_to_string_alloc(this.nativePtr, this.size()); - const s = this.emsc.lib.UTF8ToString(d); - this.emsc.funcs.free(d); - return s; - } - - toJson(): any { - // Per default, the json encoding of - // packed arena objects is just the crockford encoding. - // Subclasses typically want to override this. - return this.toCrock(); - } - - loadCrock(s: string) { - this.alloc(); - // We need to get the javascript string - // to the emscripten heap first. - const buf = ByteArray.fromStringWithNull(this.emsc, s); - const res = this.emsc.funcs.string_to_data(buf.nativePtr, - s.length, - this.nativePtr, - this.size()); - buf.destroy(); - if (res < 1) { - throw {error: "wrong encoding"}; - } - } - - alloc() { - // FIXME: should the client be allowed to call alloc multiple times? - if (!this._nativePtr) { - this.nativePtr = this.emsc.allocFuncs.malloc(this.size()); - } - } - - hash(): HashCode { - const x = new HashCode(this.emsc); - x.alloc(); - this.emsc.funcs.hash(this.nativePtr, this.size(), x.nativePtr); - return x; - } - - hexdump() { - const bytes: string[] = []; - for (let i = 0; i < this.size(); i++) { - let b = this.emsc.lib.getValue(this.nativePtr + i, "i8"); - b = (b + 256) % 256; - bytes.push("0".concat(b.toString(16)).slice(-2)); - } - const lines: string[] = []; - for (let i = 0; i < bytes.length; i += 8) { - lines.push(bytes.slice(i, i + 8).join(",")); - } - return lines.join("\n"); - } -} - - -/** - * Amount, encoded for network transmission. - */ -export class AmountNbo extends PackedArenaObject { - size() { - return 24; - } - - toJson(): any { - const a = new SimpleArena(); - const am = new Amount(this.emsc, undefined, a); - am.fromNbo(this); - const json = am.toJson(); - a.destroy(); - return json; - } -} - - -/** - * Create a packed arena object from the base32 crockford encoding. - */ -function fromCrock<T extends PackedArenaObject>(emsc: EmscEnvironment, s: string, ctor: Ctor<T>): T { - const x: T = new ctor(emsc); - x.alloc(); - x.loadCrock(s); - return x; -} - - -/** - * Create a packed arena object from the base32 crockford encoding for objects - * that have a special decoding function. - */ -function fromCrockDecoded<T extends MallocArenaObject>(emsc: EmscEnvironment, s: string, - ctor: Ctor<T>, - decodeFn: (p: number, s: number) => number): T { - const obj = new ctor(emsc); - const buf = ByteArray.fromCrock(emsc, s); - obj.nativePtr = decodeFn(buf.nativePtr, buf.size()); - buf.destroy(); - return obj; -} - - -/** - * Encode an object using a special encoding function. - */ -function encode<T extends MallocArenaObject>(obj: T, encodeFn: any, arena?: Arena): ByteArray { - const ptr = obj.emsc.allocFuncs.malloc(PTR_SIZE); - const len = encodeFn(obj.nativePtr, ptr); - const res = new ByteArray(obj.emsc, len, undefined, arena); - res.nativePtr = obj.emsc.lib.getValue(ptr, "*"); - obj.emsc.funcs.free(ptr); - return res; -} - - -/** - * Private EdDSA key. - */ -export class EddsaPrivateKey extends PackedArenaObject { - static create(emsc: EmscEnvironment, a?: Arena): EddsaPrivateKey { - const obj = new EddsaPrivateKey(emsc, a); - obj.nativePtr = emsc.allocFuncs.eddsa_key_create(); - return obj; - } - - size() { - return 32; - } - - getPublicKey(a?: Arena): EddsaPublicKey { - const obj = new EddsaPublicKey(this.emsc, a); - obj.nativePtr = this.emsc.allocFuncs.eddsa_public_key_from_private(this.nativePtr); - return obj; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EddsaPrivateKey { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to an EdDSA private key. - */ -export class EcdsaPrivateKey extends PackedArenaObject { - static create(emsc: EmscEnvironment, a?: Arena): EcdsaPrivateKey { - const obj = new EcdsaPrivateKey(emsc, a); - obj.nativePtr = emsc.allocFuncs.ecdsa_key_create(); - return obj; - } - - size() { - return 32; - } - - getPublicKey(a?: Arena): EcdsaPublicKey { - const obj = new EcdsaPublicKey(this.emsc, a); - obj.nativePtr = this.emsc.allocFuncs.ecdsa_public_key_from_private(this.nativePtr); - return obj; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EcdsaPrivateKey { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to an ECDHE private key. - */ -export class EcdhePrivateKey extends PackedArenaObject { - static create(emsc: EmscEnvironment, a?: Arena): EcdhePrivateKey { - const obj = new EcdhePrivateKey(emsc, a); - obj.nativePtr = emsc.allocFuncs.ecdhe_key_create(); - return obj; - } - - size() { - return 32; - } - - getPublicKey(a?: Arena): EcdhePublicKey { - const obj = new EcdhePublicKey(this.emsc, a); - obj.nativePtr = this.emsc.allocFuncs.ecdhe_public_key_from_private(this.nativePtr); - return obj; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EcdhePrivateKey { - return fromCrock(emsc, s, this); - } -} - - -/** - * Constructor for a given type. - */ -interface Ctor<T> { - new(emsc: EmscEnvironment): T; -} - - -/** - * Low-level handle to an EdDSA public key. - */ -export class EddsaPublicKey extends PackedArenaObject { - size() { - return 32; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EddsaPublicKey { - return fromCrock(emsc, s, this); - } -} - -/** - * Low-level handle to an ECDSA public key. - */ -export class EcdsaPublicKey extends PackedArenaObject { - size() { - return 32; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EcdsaPublicKey { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to an ECDHE public key. - */ -export class EcdhePublicKey extends PackedArenaObject { - size() { - return 32; - } - - static fromCrock(emsc: EmscEnvironment, s: string): EcdhePublicKey { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to a blinding key secret. - */ -export class RsaBlindingKeySecret extends PackedArenaObject { - size() { - return 32; - } - - /** - * Create a random blinding key secret. - */ - static create(emsc: EmscEnvironment, a?: Arena): RsaBlindingKeySecret { - const o = new RsaBlindingKeySecret(emsc, a); - o.alloc(); - o.randomize(); - return o; - } - - static fromCrock(emsc: EmscEnvironment, s: string): RsaBlindingKeySecret { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to a hash code. - */ -export class HashCode extends PackedArenaObject { - size() { - return 64; - } - - static fromCrock(emsc: EmscEnvironment, s: string): HashCode { - return fromCrock(emsc, s, this); - } - - random(qual: RandomQuality = RandomQuality.STRONG) { - this.alloc(); - this.emsc.funcs.hash_create_random(qual, this.nativePtr); - } -} - - -/** - * Low-level handle to a byte array. - */ -export class ByteArray extends PackedArenaObject { - private allocatedSize: number; - - size() { - return this.allocatedSize; - } - - constructor(public emsc: EmscEnvironment, desiredSize: number, init?: number, a?: Arena) { - super(emsc, a); - if (init === undefined) { - this.nativePtr = this.emsc.allocFuncs.malloc(desiredSize); - } else { - this.nativePtr = init; - } - this.allocatedSize = desiredSize; - } - - static fromStringWithoutNull(emsc: EmscEnvironment, s: string, a?: Arena): ByteArray { - // UTF-8 bytes, including 0-terminator - const terminatedByteLength = countUtf8Bytes(s) + 1; - const hstr = emsc.allocFuncs.malloc(terminatedByteLength); - emsc.lib.stringToUTF8(s, hstr, terminatedByteLength); - return new ByteArray(emsc, terminatedByteLength - 1, hstr, a); - } - - static fromStringWithNull(emsc: EmscEnvironment, s: string, a?: Arena): ByteArray { - // UTF-8 bytes, including 0-terminator - const terminatedByteLength = countUtf8Bytes(s) + 1; - const hstr = emsc.allocFuncs.malloc(terminatedByteLength); - emsc.lib.stringToUTF8(s, hstr, terminatedByteLength); - return new ByteArray(emsc, terminatedByteLength, hstr, a); - } - - static fromCrock(emsc: EmscEnvironment, s: string, a?: Arena): ByteArray { - // this one is a bit more complicated than the other fromCrock functions, - // since we don't have a fixed size - const byteLength = countUtf8Bytes(s); - const hstr = emsc.allocFuncs.malloc(byteLength + 1); - emsc.lib.stringToUTF8(s, hstr, byteLength + 1); - const decodedLen = Math.floor((byteLength * 5) / 8); - const ba = new ByteArray(emsc, decodedLen, undefined, a); - const res = emsc.funcs.string_to_data(hstr, byteLength, ba.nativePtr, decodedLen); - emsc.funcs.free(hstr); - if (res !== GNUNET_OK) { - throw Error("decoding failed"); - } - return ba; - } -} - - -/** - * Data to sign, together with a header that includes a purpose id - * and size. - */ -export class EccSignaturePurpose extends PackedArenaObject { - size() { - return this.payloadSize + 8; - } - - private payloadSize: number; - - constructor(emsc: EmscEnvironment, - purpose: SignaturePurpose, - payload: PackedArenaObject, - a?: Arena) { - super(emsc, a); - this.nativePtr = emsc.allocFuncs.purpose_create(purpose, - payload.nativePtr, - payload.size()); - this.payloadSize = payload.size(); - } -} - - -abstract class SignatureStruct { - abstract fieldTypes(): any[]; - - abstract purpose(): SignaturePurpose; - - private members: any = {}; - - constructor(public emsc: EmscEnvironment, x: { [name: string]: any }) { - for (const k in x) { - this.set(k, x[k]); - } - } - - toPurpose(a?: Arena): EccSignaturePurpose { - let totalSize = 0; - for (const f of this.fieldTypes()) { - const name = f[0]; - const member = this.members[name]; - if (!member) { - throw Error(`Member ${name} not set`); - } - totalSize += member.size(); - } - - const buf = this.emsc.allocFuncs.malloc(totalSize); - let ptr = buf; - for (const f of this.fieldTypes()) { - const name = f[0]; - const member = this.members[name]; - const size = member.size(); - this.emsc.funcs.memmove(ptr, member.nativePtr, size); - ptr += size; - } - const ba = new ByteArray(this.emsc, totalSize, buf, a); - return new EccSignaturePurpose(this.emsc, this.purpose(), ba); - } - - - toJson() { - const res: any = {}; - for (const f of this.fieldTypes()) { - const name = f[0]; - const member = this.members[name]; - if (!member) { - throw Error(`Member ${name} not set`); - } - res[name] = member.toJson(); - } - res.purpose = this.purpose(); - return res; - } - - protected set(name: string, value: PackedArenaObject) { - const typemap: any = {}; - for (const f of this.fieldTypes()) { - typemap[f[0]] = f[1]; - } - if (!(name in typemap)) { - throw Error(`Key ${name} not found`); - } - if (!(value instanceof typemap[name])) { - throw Error(`Wrong type for ${name}`); - } - this.members[name] = value; - } -} - - -/** - * Arguments to constructor of [[WithdrawRequestPS]]. - */ -export interface WithdrawRequestPS_Args { - /** - * Reserve public key. - */ - reserve_pub: EddsaPublicKey; - /** - * Amount with fee. - */ - amount_with_fee: AmountNbo; - /** - * Withdraw fee. - */ - withdraw_fee: AmountNbo; - /** - * Hash of denomination public key. - */ - h_denomination_pub: HashCode; - /** - * Hash of coin envelope. - */ - h_coin_envelope: HashCode; -} - - -/** - * Low-level handle to a WithdrawRequest signature structure. - */ -export class WithdrawRequestPS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: WithdrawRequestPS_Args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.RESERVE_WITHDRAW; - } - - fieldTypes() { - return [ - ["reserve_pub", EddsaPublicKey], - ["amount_with_fee", AmountNbo], - ["withdraw_fee", AmountNbo], - ["h_denomination_pub", HashCode], - ["h_coin_envelope", HashCode], - ]; - } -} - - -/** - * Arguments for constructor or [[PaybackRequestPS]]. - */ -export interface PaybackRequestPS_args { - coin_pub: EddsaPublicKey; - h_denom_pub: HashCode; - coin_blind: RsaBlindingKeySecret; -} - - -/** - * Low-level handle to a PaybackRequest signature structure. - */ -export class PaybackRequestPS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: PaybackRequestPS_args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.WALLET_COIN_PAYBACK; - } - - fieldTypes() { - return [ - ["coin_pub", EddsaPublicKey], - ["h_denom_pub", HashCode], - ["coin_blind", RsaBlindingKeySecret], - ]; - } -} - - -/** - * Arguments for constructor of [[RefreshMeltCoinAffirmationPS]]. - */ -interface RefreshMeltCoinAffirmationPS_Args { - session_hash: HashCode; - amount_with_fee: AmountNbo; - melt_fee: AmountNbo; - coin_pub: EddsaPublicKey; -} - -/** - * Low-level handle to a RefreshMeltCoinAffirmationPS signature structure. - */ -export class RefreshMeltCoinAffirmationPS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: RefreshMeltCoinAffirmationPS_Args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.WALLET_COIN_MELT; - } - - fieldTypes() { - return [ - ["session_hash", HashCode], - ["amount_with_fee", AmountNbo], - ["melt_fee", AmountNbo], - ["coin_pub", EddsaPublicKey], - ]; - } -} - - -/** - * Arguments for constructor of [[MasterWireFeePS]]. - */ -interface MasterWireFeePS_Args { - /** - * Hash of wire method. - */ - h_wire_method: HashCode; - /** - * Start date. - */ - start_date: AbsoluteTimeNbo; - /** - * End date. - */ - end_date: AbsoluteTimeNbo; - /** - * Wire fee. - */ - wire_fee: AmountNbo; - /** - * Closing fee. - */ - closing_fee: AmountNbo; -} - - -/** - * Low-level handle to a structure being signed over. - */ -export class MasterWireFeePS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: MasterWireFeePS_Args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.MASTER_WIRE_FEES; - } - - fieldTypes() { - return [ - ["h_wire_method", HashCode], - ["start_date", AbsoluteTimeNbo], - ["end_date", AbsoluteTimeNbo], - ["wire_fee", AmountNbo], - ["closing_fee", AmountNbo], - ]; - } -} - - -/** - * Low-level handle to an absolute time in network byte order (NBO). - */ -export class AbsoluteTimeNbo extends PackedArenaObject { - static fromTalerString(emsc: EmscEnvironment, s: string): AbsoluteTimeNbo { - const x = new AbsoluteTimeNbo(emsc); - x.alloc(); - const r = /Date\(([0-9]+)\)/; - const m = r.exec(s); - if (!m || m.length !== 2) { - throw Error(); - } - const n = parseInt(m[1], 10) * 1000000; - // XXX: This only works up to 54 bit numbers. - set64(emsc, x.nativePtr, n); - return x; - } - - static fromStampSeconds(emsc: EmscEnvironment, stamp: number): AbsoluteTimeNbo { - const x = new AbsoluteTimeNbo(emsc); - x.alloc(); - // XXX: This only works up to 54 bit numbers. - set64(emsc, x.nativePtr, stamp * 1000000); - return x; - } - - - size() { - return 8; - } -} - - -// XXX: This only works up to 54 bit numbers. -function set64(emsc: EmscEnvironment, p: number, n: number) { - for (let i = 0; i < 8; ++i) { - emsc.lib.setValue(p + (7 - i), n & 0xFF, "i8"); - n = Math.floor(n / 256); - } -} - -// XXX: This only works up to 54 bit numbers. -function set32(emsc: EmscEnvironment, p: number, n: number) { - for (let i = 0; i < 4; ++i) { - emsc.lib.setValue(p + (3 - i), n & 0xFF, "i8"); - n = Math.floor(n / 256); - } -} - - -/** - * Low-level handle to an unsigned 64-bit value. - */ -export class UInt64 extends PackedArenaObject { - static fromNumber(emsc: EmscEnvironment, n: number): UInt64 { - const x = new UInt64(emsc); - x.alloc(); - set64(emsc, x.nativePtr, n); - return x; - } - - size() { - return 8; - } -} - - -/** - * Low-level handle to an unsigned 32-bit value. - */ -export class UInt32 extends PackedArenaObject { - static fromNumber(emsc: EmscEnvironment, n: number): UInt32 { - const x = new UInt32(emsc); - x.alloc(); - set32(emsc, x.nativePtr, n); - return x; - } - - size() { - return 4; - } -} - - -/** - * Argument to the constructor of [[DepositRequestPS]]. - */ -export interface DepositRequestPS_Args { - /** - * Contract hash. - */ - h_contract: HashCode; - /** - * Wire info hash. - */ - h_wire: HashCode; - /** - * Timestamp. - */ - timestamp: AbsoluteTimeNbo; - /** - * Refund deadline. - */ - refund_deadline: AbsoluteTimeNbo; - /** - * Amount with fee. - */ - amount_with_fee: AmountNbo; - /** - * Deposit fee. - */ - deposit_fee: AmountNbo; - /** - * Merchant public key. - */ - merchant: EddsaPublicKey; - /** - * Public key of the coin being deposited. - */ - coin_pub: EddsaPublicKey; -} - - -/** - * Low-level handle to a struct being signed over. - */ -export class DepositRequestPS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: DepositRequestPS_Args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.WALLET_COIN_DEPOSIT; - } - - fieldTypes() { - return [ - ["h_contract", HashCode], - ["h_wire", HashCode], - ["timestamp", AbsoluteTimeNbo], - ["refund_deadline", AbsoluteTimeNbo], - ["amount_with_fee", AmountNbo], - ["deposit_fee", AmountNbo], - ["merchant", EddsaPublicKey], - ["coin_pub", EddsaPublicKey], - ]; - } -} - - -interface CoinLinkSignaturePS_args { - h_denom_pub: HashCode; - old_coin_pub: EddsaPublicKey; - transfer_pub: EcdhePublicKey; - coin_envelope_hash: HashCode; -} - - -export class CoinLinkSignaturePS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: CoinLinkSignaturePS_args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.WALLET_COIN_LINK; - } - - fieldTypes() { - return [ - ["h_denom_pub", HashCode], - ["old_coin_pub", EddsaPublicKey], - ["transfer_pub", EcdhePublicKey], - ["coin_envelope_hash", HashCode], - ]; - } -} - - -/** - * Arguments for constuctor of [[DenominationKeyValidityPS]]. - */ -export interface DenominationKeyValidityPS_args { - master: EddsaPublicKey; - start: AbsoluteTimeNbo; - expire_withdraw: AbsoluteTimeNbo; - expire_spend: AbsoluteTimeNbo; - expire_legal: AbsoluteTimeNbo; - value: AmountNbo; - fee_withdraw: AmountNbo; - fee_deposit: AmountNbo; - fee_refresh: AmountNbo; - fee_refund: AmountNbo; - denom_hash: HashCode; -} - - -/** - * Low-level handle to a structure being signed over. - */ -export class DenominationKeyValidityPS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: DenominationKeyValidityPS_args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.MASTER_DENOMINATION_KEY_VALIDITY; - } - - fieldTypes() { - return [ - ["master", EddsaPublicKey], - ["start", AbsoluteTimeNbo], - ["expire_withdraw", AbsoluteTimeNbo], - ["expire_spend", AbsoluteTimeNbo], - ["expire_legal", AbsoluteTimeNbo], - ["value", AmountNbo], - ["fee_withdraw", AmountNbo], - ["fee_deposit", AmountNbo], - ["fee_refresh", AmountNbo], - ["fee_refund", AmountNbo], - ["denom_hash", HashCode], - ]; - } -} - -/** - * Arguments to constructor of [[PaymentSignaturePS]]. - */ -export interface PaymentSignaturePS_args { - /** - * Contract hash. - */ - contract_hash: HashCode; -} - - -/** - * Low-level handle to a structure being signed over. - */ -export class PaymentSignaturePS extends SignatureStruct { - constructor(emsc: EmscEnvironment, w: PaymentSignaturePS_args) { - super(emsc, w); - } - - purpose() { - return SignaturePurpose.MERCHANT_PAYMENT_OK; - } - - fieldTypes() { - return [ - ["contract_hash", HashCode], - ]; - } -} - - -/** - * Low-level handle to an RsaPrivateKey. - */ -export class RsaPrivateKey extends MallocArenaObject { - static fromCrock(emsc: EmscEnvironment, s: string): RsaPrivateKey { - return fromCrockDecoded(emsc, s, this, emsc.allocFuncs.rsa_private_key_decode); - } - - static create(emsc: EmscEnvironment, bitLen: number, a?: Arena): RsaPrivateKey { - const obj = new RsaPrivateKey(emsc, a); - obj.nativePtr = emsc.allocFuncs.rsa_private_key_create(bitLen); - return obj; - } - - toCrock() { - return this.encode().toCrock(); - } - - - getPublicKey(a?: Arena): RsaPublicKey { - const obj = new RsaPublicKey(this.emsc, a); - obj.nativePtr = this.emsc.allocFuncs.rsa_private_key_get_public(this.nativePtr); - return obj; - } - - destroy() { - this.emsc.funcs.rsa_public_key_free(this.nativePtr); - this.nativePtr = 0; - } - - encode(arena?: Arena): ByteArray { - return encode(this, this.emsc.allocFuncs.rsa_private_key_encode); - } -} - - -/** - * Low-level handle to an RsaPublicKey. - */ -export class RsaPublicKey extends MallocArenaObject { - static fromCrock(emsc: EmscEnvironment, s: string): RsaPublicKey { - return fromCrockDecoded(emsc, s, this, emsc.allocFuncs.rsa_public_key_decode); - } - - toCrock() { - return this.encode().toCrock(); - } - - destroy() { - this.emsc.funcs.rsa_public_key_free(this.nativePtr); - this.nativePtr = 0; - } - - encode(arena?: Arena): ByteArray { - return encode(this, this.emsc.allocFuncs.rsa_public_key_encode); - } -} - - -/** - * Low-level handle to an EddsaSignature. - */ -export class EddsaSignature extends PackedArenaObject { - size() { - return 64; - } - static fromCrock(emsc: EmscEnvironment, s: string): EddsaSignature { - return fromCrock(emsc, s, this); - } -} - - -/** - * Low-level handle to an RsaSignature. - */ -export class RsaSignature extends MallocArenaObject { - static fromCrock(emsc: EmscEnvironment, s: string, a?: Arena) { - return fromCrockDecoded(emsc, s, this, emsc.allocFuncs.rsa_signature_decode); - } - - encode(arena?: Arena): ByteArray { - return encode(this, this.emsc.allocFuncs.rsa_signature_encode); - } - - destroy() { - this.emsc.funcs.rsa_signature_free(this.nativePtr); - this.nativePtr = 0; - } -} - - -/** - * Blind a value so it can be blindly signed. - */ -export function rsaBlind(hashCode: HashCode, - blindingKey: RsaBlindingKeySecret, - pkey: RsaPublicKey, - arena?: Arena): ByteArray|null { - const emsc: EmscEnvironment = hashCode.emsc; - const buf_ptr_out = emsc.allocFuncs.malloc(PTR_SIZE); - const buf_size_out = emsc.allocFuncs.malloc(PTR_SIZE); - const res = emsc.allocFuncs.rsa_blind(hashCode.nativePtr, - blindingKey.nativePtr, - pkey.nativePtr, - buf_ptr_out, - buf_size_out); - const buf_ptr = emsc.lib.getValue(buf_ptr_out, "*"); - const buf_size = emsc.lib.getValue(buf_size_out, "*"); - emsc.funcs.free(buf_ptr_out); - emsc.funcs.free(buf_size_out); - if (res !== GNUNET_OK) { - // malicious key - return null; - } - return new ByteArray(emsc, buf_size, buf_ptr, arena); -} - - -/** - * Sign data using EdDSA. - */ -export function eddsaSign(purpose: EccSignaturePurpose, - priv: EddsaPrivateKey, - a?: Arena): EddsaSignature { - const sig = new EddsaSignature(purpose.emsc, a); - sig.alloc(); - const res = purpose.emsc.funcs.eddsa_sign(priv.nativePtr, purpose.nativePtr, sig.nativePtr); - if (res < 1) { - throw Error("EdDSA signing failed"); - } - return sig; -} - - -/** - * Verify EdDSA-signed data. - */ -export function eddsaVerify(purposeNum: number, - verify: EccSignaturePurpose, - sig: EddsaSignature, - pub: EddsaPublicKey, - a?: Arena): boolean { - const r = verify.emsc.funcs.eddsa_verify(purposeNum, - verify.nativePtr, - sig.nativePtr, - pub.nativePtr); - return r === GNUNET_OK; -} - - -export function rsaVerify(h: HashCode, - sig: RsaSignature, - pub: RsaPublicKey) { - const r = h.emsc.funcs.rsa_verify(h.nativePtr, - sig.nativePtr, - pub.nativePtr); - return r === GNUNET_OK; -} - - -/** - * Unblind a blindly signed value. - */ -export function rsaUnblind(sig: RsaSignature, - bk: RsaBlindingKeySecret, - pk: RsaPublicKey, - a?: Arena): RsaSignature { - const x = new RsaSignature(sig.emsc, a); - x.nativePtr = sig.emsc.allocFuncs.rsa_unblind(sig.nativePtr, - bk.nativePtr, - pk.nativePtr); - return x; -} - - -type TransferSecretP = HashCode; - -/** - * A fresh coin generated from a sed. - */ -export interface FreshCoin { - /** - * The coin's private key. - */ - priv: EddsaPrivateKey; - /** - * The blinding key to use for withdrawal. - */ - blindingKey: RsaBlindingKeySecret; -} - -/** - * Diffie-Hellman operation between an ECDHE private key - * and an EdDSA public key. - */ -export function ecdhEddsa(priv: EcdhePrivateKey, - pub: EddsaPublicKey): HashCode { - const h = new HashCode(priv.emsc); - h.alloc(); - const res = priv.emsc.funcs.ecdh_eddsa(priv.nativePtr, pub.nativePtr, h.nativePtr); - if (res !== GNUNET_OK) { - throw Error("ecdh_eddsa failed"); - } - return h; -} - -export function rsaSignBlinded(priv: RsaPrivateKey, - msg: ByteArray): RsaSignature { - const sig = new RsaSignature(priv.emsc); - sig.nativePtr = priv.emsc.allocFuncs.rsa_sign_blinded (priv.nativePtr, - msg.nativePtr, - msg.size()); - return sig; -} - - - -/** - * Derive a fresh coin from the given seed. Used during refreshing. - */ -export function setupFreshCoin(secretSeed: TransferSecretP, - coinIndex: number): FreshCoin { - const emsc: EmscEnvironment = secretSeed.emsc; - const priv = new EddsaPrivateKey(emsc); - priv.isWeak = true; - const blindingKey = new RsaBlindingKeySecret(emsc); - blindingKey.isWeak = true; - const buf = new ByteArray(emsc, priv.size() + blindingKey.size()); - - emsc.funcs.setup_fresh_coin(secretSeed.nativePtr, coinIndex, buf.nativePtr); - - priv.nativePtr = buf.nativePtr; - blindingKey.nativePtr = buf.nativePtr + priv.size(); - - return { priv, blindingKey }; -} diff --git a/src/crypto/nodeEmscriptenLoader.ts b/src/crypto/nodeEmscriptenLoader.ts deleted file mode 100644 index 65d54a702..000000000 --- a/src/crypto/nodeEmscriptenLoader.ts +++ /dev/null @@ -1,101 +0,0 @@ - -import { EmscEnvironment } from "./emscInterface"; -import { CryptoImplementation } from "./cryptoImplementation"; - -import fs = require("fs"); - -export class NodeEmscriptenLoader { - private cachedEmscEnvironment: EmscEnvironment | undefined = undefined; - private cachedEmscEnvironmentPromise: - | Promise<EmscEnvironment> - | undefined = undefined; - - private async getWasmBinary(): Promise<Uint8Array> { - // @ts-ignore - const akonoGetData = global.__akono_getData; - if (akonoGetData) { - // We're running embedded node on Android - console.log("reading wasm binary from akono"); - const data = akonoGetData("taler-emscripten-lib.wasm"); - // The data we get is base64-encoded binary data - let buf = new Buffer(data, 'base64'); - return new Uint8Array(buf); - - } else { - // We're in a normal node environment - const binaryPath = __dirname + "/../../../emscripten/taler-emscripten-lib.wasm"; - const wasmBinary = new Uint8Array(fs.readFileSync(binaryPath)); - return wasmBinary; - } - } - - async getEmscriptenEnvironment(): Promise<EmscEnvironment> { - if (this.cachedEmscEnvironment) { - return this.cachedEmscEnvironment; - } - - if (this.cachedEmscEnvironmentPromise) { - return this.cachedEmscEnvironmentPromise; - } - - let lib: any; - - const wasmBinary = await this.getWasmBinary(); - - return new Promise((resolve, reject) => { - // Arguments passed to the emscripten prelude - const libArgs = { - wasmBinary, - onRuntimeInitialized: () => { - if (!lib) { - console.error("fatal emscripten initialization error"); - return; - } - this.cachedEmscEnvironmentPromise = undefined; - this.cachedEmscEnvironment = new EmscEnvironment(lib); - resolve(this.cachedEmscEnvironment); - }, - }; - - // Make sure that TypeScript doesn't try - // to check the taler-emscripten-lib. - const indirectRequire = require; - - const g = global; - - // unavoidable hack, so that emscripten detects - // the environment as node even though importScripts - // is present. - - // @ts-ignore - const savedImportScripts = g.importScripts; - // @ts-ignore - delete g.importScripts; - // @ts-ignore - const savedCrypto = g.crypto; - // @ts-ignore - delete g.crypto; - - // Assume that the code is run from the dist/ directory. - const libFn = indirectRequire( - "../../../emscripten/taler-emscripten-lib.js", - ); - lib = libFn(libArgs); - - // @ts-ignore - g.importScripts = savedImportScripts; - // @ts-ignore - g.crypto = savedCrypto; - - if (!lib) { - throw Error("could not load taler-emscripten-lib.js"); - } - - if (!lib.ccall) { - throw Error( - "sanity check failed: taler-emscripten lib does not have 'ccall'", - ); - } - }); - } -} diff --git a/src/crypto/nodeProcessWorker.ts b/src/crypto/nodeProcessWorker.ts index c5d0f2e71..8ff149788 100644 --- a/src/crypto/nodeProcessWorker.ts +++ b/src/crypto/nodeProcessWorker.ts @@ -84,7 +84,6 @@ export class Worker { }); this.child.on("message", (msg: any) => { - console.log("nodeProcessWorker got child message", msg); this.dispatchMessage(msg); }); } @@ -114,7 +113,6 @@ export class Worker { * Forcibly terminate the worker thread. */ terminate () { - console.log("terminating node.js worker"); this.child.kill("SIGINT"); } } diff --git a/src/crypto/nodeWorkerEntry.ts b/src/crypto/nodeWorkerEntry.ts index 1ed16f870..1e088d987 100644 --- a/src/crypto/nodeWorkerEntry.ts +++ b/src/crypto/nodeWorkerEntry.ts @@ -14,20 +14,13 @@ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> */ - // tslint:disable:no-var-requires -import fs = require("fs"); -import vm = require("vm"); -import { NodeEmscriptenLoader } from "./nodeEmscriptenLoader"; import { CryptoImplementation } from "./cryptoImplementation"; -const loader = new NodeEmscriptenLoader(); - async function handleRequest(operation: string, id: number, args: string[]) { - let emsc = await loader.getEmscriptenEnvironment(); - const impl = new CryptoImplementation(emsc); + const impl = new CryptoImplementation(); if (!(operation in impl)) { console.error(`crypto operation '${operation}' not found`); @@ -42,16 +35,12 @@ async function handleRequest(operation: string, id: number, args: string[]) { console.error("process.send not available"); } } catch (e) { - console.log("error during operation", e); + console.error("error during operation", e); return; } } process.on("message", (msgStr: any) => { - console.log("got message in node worker entry", msgStr); - - console.log("typeof msg", typeof msgStr); - const msg = JSON.parse(msgStr); const args = msg.data.args; @@ -76,5 +65,5 @@ process.on("message", (msgStr: any) => { }); process.on("uncaughtException", (err: any) => { - console.log("uncaught exception in node worker entry", err); + console.error("uncaught exception in node worker entry", err); }); diff --git a/src/crypto/kdf.ts b/src/crypto/primitives/kdf.ts index 082963074..082963074 100644 --- a/src/crypto/kdf.ts +++ b/src/crypto/primitives/kdf.ts diff --git a/src/crypto/nacl-fast.ts b/src/crypto/primitives/nacl-fast.ts index 418662e8d..66ab78162 100644 --- a/src/crypto/nacl-fast.ts +++ b/src/crypto/primitives/nacl-fast.ts @@ -2342,7 +2342,6 @@ function crypto_hash(out: Uint8Array, m: Uint8Array, n: number) { const hh = new Int32Array(8); const hl = new Int32Array(8); const x = new Uint8Array(256); - let i; let b = n; hh[0] = 0x6a09e667; @@ -2366,7 +2365,7 @@ function crypto_hash(out: Uint8Array, m: Uint8Array, n: number) { crypto_hashblocks_hl(hh, hl, m, n); n %= 128; - for (i = 0; i < n; i++) x[i] = m[b - n + i]; + for (let i = 0; i < n; i++) x[i] = m[b - n + i]; x[n] = 128; n = 256 - 128 * (n < 112 ? 1 : 0); @@ -2374,11 +2373,86 @@ function crypto_hash(out: Uint8Array, m: Uint8Array, n: number) { ts64(x, n - 8, (b / 0x20000000) | 0, b << 3); crypto_hashblocks_hl(hh, hl, x, n); - for (i = 0; i < 8; i++) ts64(out, 8 * i, hh[i], hl[i]); + for (let i = 0; i < 8; i++) + ts64(out, 8 * i, hh[i], hl[i]); return 0; } + +/** + * Incremental version of crypto_hash. + */ +export class HashState { + private hh = new Int32Array(8); + private hl = new Int32Array(8); + + private next = new Uint8Array(128); + private p = 0; + private total = 0; + + constructor() { + this.hh[0] = 0x6a09e667; + this.hh[1] = 0xbb67ae85; + this.hh[2] = 0x3c6ef372; + this.hh[3] = 0xa54ff53a; + this.hh[4] = 0x510e527f; + this.hh[5] = 0x9b05688c; + this.hh[6] = 0x1f83d9ab; + this.hh[7] = 0x5be0cd19; + + this.hl[0] = 0xf3bcc908; + this.hl[1] = 0x84caa73b; + this.hl[2] = 0xfe94f82b; + this.hl[3] = 0x5f1d36f1; + this.hl[4] = 0xade682d1; + this.hl[5] = 0x2b3e6c1f; + this.hl[6] = 0xfb41bd6b; + this.hl[7] = 0x137e2179; + } + + update(data: Uint8Array): HashState { + this.total += data.length; + let i = 0; + while (i < data.length) { + const r = 128 - this.p; + if (r > (data.length - i)) { + for (let j = 0; i + j < data.length; j++) { + this.next[this.p + j] = data[i + j]; + } + this.p += data.length - i; + break; + } else { + for (let j = 0; this.p + j < 128; j++) { + this.next[this.p + j] = data[i + j]; + } + crypto_hashblocks_hl(this.hh, this.hl, this.next, 128); + i += 128 - this.p; + this.p = 0; + } + } + return this; + } + + finish(): Uint8Array { + const out = new Uint8Array(64); + let n = this.p; + const x = new Uint8Array(256); + let b = this.total; + for (let i = 0; i < n; i++) x[i] = this.next[i]; + x[n] = 128; + + n = 256 - 128 * (n < 112 ? 1 : 0); + x[n - 9] = 0; + ts64(x, n - 8, (b / 0x20000000) | 0, b << 3); + crypto_hashblocks_hl(this.hh, this.hl, x, n); + + for (let i = 0; i < 8; i++) + ts64(out, 8 * i, this.hh[i], this.hl[i]); + return out; + } +} + function add(p: Float64Array[], q: Float64Array[]) { var a = gf(), b = gf(), diff --git a/src/crypto/sha256.ts b/src/crypto/primitives/sha256.ts index f4f6690c7..f4f6690c7 100644 --- a/src/crypto/sha256.ts +++ b/src/crypto/primitives/sha256.ts diff --git a/src/crypto/synchronousWorker.ts b/src/crypto/synchronousWorker.ts index 41ebee4f3..12eecde9a 100644 --- a/src/crypto/synchronousWorker.ts +++ b/src/crypto/synchronousWorker.ts @@ -16,9 +16,6 @@ import { CryptoImplementation } from "./cryptoImplementation"; -import { NodeEmscriptenLoader } from "./nodeEmscriptenLoader"; - -import fs = require("fs"); import { CryptoWorkerFactory } from "./cryptoApi"; import { CryptoWorker } from "./cryptoWorker"; @@ -56,8 +53,6 @@ export class SynchronousCryptoWorker { */ onerror: undefined | ((m: any) => void); - private emscriptenLoader = new NodeEmscriptenLoader(); - constructor() { this.onerror = undefined; this.onmessage = undefined; @@ -84,9 +79,7 @@ export class SynchronousCryptoWorker { } private async handleRequest(operation: string, id: number, args: string[]) { - let emsc = await this.emscriptenLoader.getEmscriptenEnvironment(); - - const impl = new CryptoImplementation(emsc); + const impl = new CryptoImplementation(); if (!(operation in impl)) { console.error(`crypto operation '${operation}' not found`); diff --git a/src/crypto/talerCrypto-test.ts b/src/crypto/talerCrypto-test.ts index 3f9d6f398..59949dbd3 100644 --- a/src/crypto/talerCrypto-test.ts +++ b/src/crypto/talerCrypto-test.ts @@ -29,8 +29,8 @@ import { rsaUnblind, rsaVerify, } from "./talerCrypto"; -import { hmacSha512, sha512, kdf } from "./kdf"; -import nacl = require("./nacl-fast"); +import { sha512, kdf } from "./primitives/kdf"; +import nacl = require("./primitives/nacl-fast"); function hexToBytes(hex: string) { for (var bytes = [], c = 0; c < hex.length; c += 2) @@ -159,3 +159,43 @@ test("taler-exchange-tvg blind signing", t => { const v = rsaVerify(decodeCrock(messageHash), decodeCrock(sig), decodeCrock(rsaPublicKey)); t.true(v); }); + + +test("incremental hashing #1", (t) => { + const n = 1024; + const d = nacl.randomBytes(n); + + const h1 = nacl.hash(d); + const h2 = new nacl.HashState().update(d).finish(); + + const s = new nacl.HashState(); + for (let i = 0; i < n; i++) { + const b = new Uint8Array(1); + b[0] = d[i]; + s.update(b); + } + + const h3 = s.finish(); + + t.deepEqual(encodeCrock(h1), encodeCrock(h2)); + t.deepEqual(encodeCrock(h1), encodeCrock(h3)); +}); + +test("incremental hashing #2", (t) => { + const n = 10; + const d = nacl.randomBytes(n); + + const h1 = nacl.hash(d); + const h2 = new nacl.HashState().update(d).finish(); + const s = new nacl.HashState(); + for (let i = 0; i < n; i++) { + const b = new Uint8Array(1); + b[0] = d[i]; + s.update(b); + } + + const h3 = s.finish(); + + t.deepEqual(encodeCrock(h1), encodeCrock(h3)); + t.deepEqual(encodeCrock(h1), encodeCrock(h2)); +});
\ No newline at end of file diff --git a/src/crypto/talerCrypto.ts b/src/crypto/talerCrypto.ts index 0a36f0fe4..b754b0c57 100644 --- a/src/crypto/talerCrypto.ts +++ b/src/crypto/talerCrypto.ts @@ -18,9 +18,9 @@ * Native implementation of GNU Taler crypto. */ -import nacl = require("./nacl-fast"); +import nacl = require("./primitives/nacl-fast"); import bigint from "big-integer"; -import { kdf } from "./kdf"; +import { kdf } from "./primitives/kdf"; export function getRandomBytes(n: number): Uint8Array { return nacl.randomBytes(n); @@ -123,7 +123,7 @@ export function decodeCrock(encoded: string): Uint8Array { } export function eddsaGetPublic(eddsaPriv: Uint8Array): Uint8Array { - const pair = nacl.sign_keyPair_fromSeed(eddsaPriv); + const pair = nacl.sign_keyPair_fromSeed(eddsaPriv); return pair.publicKey; } @@ -131,7 +131,10 @@ export function ecdheGetPublic(ecdhePriv: Uint8Array): Uint8Array { return nacl.scalarMult_base(ecdhePriv); } -export function keyExchangeEddsaEcdhe(eddsaPriv: Uint8Array, ecdhePub: Uint8Array): Uint8Array { +export function keyExchangeEddsaEcdhe( + eddsaPriv: Uint8Array, + ecdhePub: Uint8Array, +): Uint8Array { const ph = nacl.hash(eddsaPriv); const a = new Uint8Array(32); for (let i = 0; i < 32; i++) { @@ -141,7 +144,10 @@ export function keyExchangeEddsaEcdhe(eddsaPriv: Uint8Array, ecdhePub: Uint8Arra return nacl.hash(x); } -export function keyExchangeEcdheEddsa(ecdhePriv: Uint8Array, eddsaPub: Uint8Array): Uint8Array { +export function keyExchangeEcdheEddsa( + ecdhePriv: Uint8Array, + eddsaPub: Uint8Array, +): Uint8Array { const curve25519Pub = nacl.sign_ed25519_pk_to_curve25519(eddsaPub); const x = nacl.scalarMult(ecdhePriv, curve25519Pub); return nacl.hash(x); @@ -172,8 +178,8 @@ function kdfMod( while (true) { const ctx = new Uint8Array(info.byteLength + 2); ctx.set(info, 0); - ctx[ctx.length - 2] = (counter >>> 8) & 0xFF; - ctx[ctx.length - 1] = counter & 0xFF; + ctx[ctx.length - 2] = (counter >>> 8) & 0xff; + ctx[ctx.length - 1] = counter & 0xff; const buf = kdf(buflen, ikm, salt, ctx); const arr = Array.from(buf); arr[0] = arr[0] & mask; @@ -185,7 +191,7 @@ function kdfMod( } } -function stringToBuf(s: string) { +export function stringToBytes(s: string) { const te = new TextEncoder(); return te.encode(s); } @@ -194,9 +200,12 @@ function loadBigInt(arr: Uint8Array) { return bigint.fromArray(Array.from(arr), 256, false); } -function rsaBlindingKeyDerive(rsaPub: RsaPub, bks: Uint8Array): bigint.BigInteger { - const salt = stringToBuf("Blinding KDF extrator HMAC key"); - const info = stringToBuf("Blinding KDF"); +function rsaBlindingKeyDerive( + rsaPub: RsaPub, + bks: Uint8Array, +): bigint.BigInteger { + const salt = stringToBytes("Blinding KDF extrator HMAC key"); + const info = stringToBytes("Blinding KDF"); return kdfMod(rsaPub.N, bks, salt, info); } @@ -206,7 +215,7 @@ function rsaBlindingKeyDerive(rsaPub: RsaPub, bks: Uint8Array): bigint.BigIntege * Assuming n is an RSA modulous and r is generated using a call to * GNUNET_CRYPTO_kdf_mod_mpi, if gcd(r,n) != 1 then n must be a * malicious RSA key designed to deanomize the user. - * + * * @param r KDF result * @param n RSA modulus of the public key */ @@ -218,7 +227,7 @@ function rsaGcdValidate(r: bigint.BigInteger, n: bigint.BigInteger) { } function rsaFullDomainHash(hm: Uint8Array, rsaPub: RsaPub): bigint.BigInteger { - const info = stringToBuf("RSA-FDA FTpsW!"); + const info = stringToBytes("RSA-FDA FTpsW!"); const salt = rsaPubEncode(rsaPub); const r = kdfMod(rsaPub.N, hm, salt, info); rsaGcdValidate(r, rsaPub.N); @@ -228,12 +237,15 @@ function rsaFullDomainHash(hm: Uint8Array, rsaPub: RsaPub): bigint.BigInteger { function rsaPubDecode(rsaPub: Uint8Array): RsaPub { const modulusLength = (rsaPub[0] << 8) | rsaPub[1]; const exponentLength = (rsaPub[2] << 8) | rsaPub[3]; - const modulus = rsaPub.slice(4, 4 + modulusLength) - const exponent = rsaPub.slice(4 + modulusLength, 4 + modulusLength + exponentLength); + const modulus = rsaPub.slice(4, 4 + modulusLength); + const exponent = rsaPub.slice( + 4 + modulusLength, + 4 + modulusLength + exponentLength, + ); const res = { N: loadBigInt(modulus), e: loadBigInt(exponent), - } + }; return res; } @@ -241,16 +253,20 @@ function rsaPubEncode(rsaPub: RsaPub): Uint8Array { const mb = rsaPub.N.toArray(256).value; const eb = rsaPub.e.toArray(256).value; const out = new Uint8Array(4 + mb.length + eb.length); - out[0] = (mb.length >>> 8) & 0xFF; - out[1] = mb.length & 0xFF; - out[2] = (eb.length >>> 8) & 0xFF; - out[3] = eb.length & 0xFF; + out[0] = (mb.length >>> 8) & 0xff; + out[1] = mb.length & 0xff; + out[2] = (eb.length >>> 8) & 0xff; + out[3] = eb.length & 0xff; out.set(mb, 4); out.set(eb, 4 + mb.length); return out; } -export function rsaBlind(hm: Uint8Array, bks: Uint8Array, rsaPubEnc: Uint8Array): Uint8Array { +export function rsaBlind( + hm: Uint8Array, + bks: Uint8Array, + rsaPubEnc: Uint8Array, +): Uint8Array { const rsaPub = rsaPubDecode(rsaPubEnc); const data = rsaFullDomainHash(hm, rsaPub); const r = rsaBlindingKeyDerive(rsaPub, bks); @@ -259,7 +275,11 @@ export function rsaBlind(hm: Uint8Array, bks: Uint8Array, rsaPubEnc: Uint8Array) return new Uint8Array(bm.toArray(256).value); } -export function rsaUnblind(sig: Uint8Array, rsaPubEnc: Uint8Array, bks: Uint8Array): Uint8Array { +export function rsaUnblind( + sig: Uint8Array, + rsaPubEnc: Uint8Array, + bks: Uint8Array, +): Uint8Array { const rsaPub = rsaPubDecode(rsaPubEnc); const blinded_s = loadBigInt(sig); const r = rsaBlindingKeyDerive(rsaPub, bks); @@ -268,10 +288,86 @@ export function rsaUnblind(sig: Uint8Array, rsaPubEnc: Uint8Array, bks: Uint8Arr return new Uint8Array(s.toArray(256).value); } -export function rsaVerify(hm: Uint8Array, rsaSig: Uint8Array, rsaPubEnc: Uint8Array): boolean { +export function rsaVerify( + hm: Uint8Array, + rsaSig: Uint8Array, + rsaPubEnc: Uint8Array, +): boolean { const rsaPub = rsaPubDecode(rsaPubEnc); const d = rsaFullDomainHash(hm, rsaPub); const sig = loadBigInt(rsaSig); const sig_e = sig.modPow(rsaPub.e, rsaPub.N); return sig_e.equals(d); -}
\ No newline at end of file +} + +export interface EddsaKeyPair { + eddsaPub: Uint8Array; + eddsaPriv: Uint8Array; +} + +export interface EcdheKeyPair { + ecdhePub: Uint8Array; + ecdhePriv: Uint8Array; +} + +export function createEddsaKeyPair(): EddsaKeyPair { + const eddsaPriv = nacl.randomBytes(32); + const eddsaPub = eddsaGetPublic(eddsaPriv); + return { eddsaPriv, eddsaPub }; +} + +export function createEcdheKeyPair(): EcdheKeyPair { + const ecdhePriv = nacl.randomBytes(32); + const ecdhePub = ecdheGetPublic(ecdhePriv); + return { ecdhePriv, ecdhePub }; +} + +export function createBlindingKeySecret(): Uint8Array { + return nacl.randomBytes(32); +} + +export function hash(d: Uint8Array): Uint8Array { + return nacl.hash(d); +} + +export function eddsaSign(msg: Uint8Array, eddsaPriv: Uint8Array): Uint8Array { + const pair = nacl.sign_keyPair_fromSeed(eddsaPriv); + return nacl.sign_detached(msg, pair.secretKey); +} + +export function eddsaVerify( + msg: Uint8Array, + sig: Uint8Array, + eddsaPub: Uint8Array, +): boolean { + return nacl.sign_detached_verify(msg, sig, eddsaPub); +} + +export function createHashContext(): nacl.HashState { + return new nacl.HashState(); +} + +export interface FreshCoin { + coinPub: Uint8Array; + coinPriv: Uint8Array; + bks: Uint8Array; +} + +export function setupRefreshPlanchet( + secretSeed: Uint8Array, + coinNumber: number, +): FreshCoin { + const info = stringToBytes("taler-coin-derivation"); + const saltArrBuf = new ArrayBuffer(4); + const salt = new Uint8Array(saltArrBuf); + const saltDataView = new DataView(saltArrBuf); + saltDataView.setUint32(0, coinNumber); + const out = kdf(64, secretSeed, salt, info); + const coinPriv = out.slice(0, 32); + const bks = out.slice(32, 64); + return { + bks, + coinPriv, + coinPub: eddsaGetPublic(coinPriv), + }; +} |