From d33b70b06940315510ee2c97ced62a8c377fad07 Mon Sep 17 00:00:00 2001 From: Iván Ávalos Date: Mon, 7 Aug 2023 11:14:00 +0200 Subject: wallet-core-embedded: added Anastasis policy discovery --- packages/taler-wallet-embedded/src/wallet-qjs.ts | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) (limited to 'packages/taler-wallet-embedded/src') diff --git a/packages/taler-wallet-embedded/src/wallet-qjs.ts b/packages/taler-wallet-embedded/src/wallet-qjs.ts index 04efb458a..278a90c83 100644 --- a/packages/taler-wallet-embedded/src/wallet-qjs.ts +++ b/packages/taler-wallet-embedded/src/wallet-qjs.ts @@ -45,6 +45,8 @@ import { reduceAction, getBackupStartState, getRecoveryStartState, + discoverPolicies, + mergeDiscoveryAggregate, ReducerState, } from "@gnu-taler/anastasis-core"; import { @@ -195,18 +197,33 @@ async function handleAnastasisRequest( }; }; + let req = args ?? {}; + switch (operation) { case "anastasisReduce": // TODO: do some input validation here - let req = args ?? {}; - let res = await reduceAction(req.state, req.action, req.args ?? {}); + let reduceRes = await reduceAction(req.state, req.action, req.args ?? {}); // For now, this will return "success" even if the wrapped Anastasis // response is a ReducerStateError. - return wrapSuccessResponse(res); + return wrapSuccessResponse(reduceRes); case "anastasisStartBackup": return wrapSuccessResponse(await getBackupStartState()); case "anastasisStartRecovery": return wrapSuccessResponse(await getRecoveryStartState()); + case "anastasisDiscoverPolicies": + let discoverRes = await discoverPolicies(req.state, req.cursor); + let aggregatedPolicies = mergeDiscoveryAggregate( + discoverRes.policies ?? [], + req.state.discoveryState?.aggregatedPolicies ?? [], + ); + return wrapSuccessResponse({ + ...req.state, + discoveryState: { + state: "finished", + aggregatedPolicies, + cursor: discoverRes.cursor, + }, + }); } } -- cgit v1.2.3 From e6c0689806e8dd7b5f7885be92ddf00f6e09c41e Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Wed, 9 Aug 2023 19:43:11 +0200 Subject: embedded: expose anastasis reducer for testing --- packages/taler-wallet-embedded/src/wallet-qjs.ts | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'packages/taler-wallet-embedded/src') diff --git a/packages/taler-wallet-embedded/src/wallet-qjs.ts b/packages/taler-wallet-embedded/src/wallet-qjs.ts index 278a90c83..7958fe90d 100644 --- a/packages/taler-wallet-embedded/src/wallet-qjs.ts +++ b/packages/taler-wallet-embedded/src/wallet-qjs.ts @@ -49,9 +49,7 @@ import { mergeDiscoveryAggregate, ReducerState, } from "@gnu-taler/anastasis-core"; -import { - userIdentifierDerive, -} from "@gnu-taler/anastasis-core/lib/crypto.js"; +import { userIdentifierDerive } from "@gnu-taler/anastasis-core/lib/crypto.js"; setGlobalLogLevelFromString("trace"); @@ -335,13 +333,15 @@ export async function testArgon2id() { }, input_server_salt: "FZ48EFS7WS3R2ZR4V53A3GFFY4", output_id: - "YS45R6CGJV84K1NN7T14ZBCPVTZ6H15XJSM1FV0R748MHPV82SM0126EBZKBAAGCR34Q9AFKPEW1HRT2Q9GQ5JRA3642AB571DKZS18", + "YS45R6CGJV84K1NN7T14ZBCPVTZ6H15XJSM1FV0R748MHPV82SM0126EBZKBAAGCR34Q9AFKPEW1HRT2Q9GQ5JRA3642AB571DKZS18", }; - if (await userIdentifierDerive( - userIdVector.input_id_data, - userIdVector.input_server_salt, - ) != userIdVector.output_id) { + if ( + (await userIdentifierDerive( + userIdVector.input_id_data, + userIdVector.input_server_salt, + )) != userIdVector.output_id + ) { throw Error("argon2id is not working!"); } @@ -354,4 +354,5 @@ globalThis.testWithGv = testWithGv; globalThis.testWithLocal = testWithLocal; // @ts-ignore globalThis.testArgon2id = testArgon2id; - +// @ts-ignore +globalThis.testReduceAction = reduceAction; -- cgit v1.2.3 From d59a23885eb001ac5b8fa813d2ec37972fc7b28f Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Thu, 10 Aug 2023 15:24:43 +0200 Subject: anastasis: policy discovery CLI --- packages/anastasis-cli/src/index.ts | 101 ++++++++++++++--------- packages/anastasis-core/src/crypto.ts | 4 + packages/taler-wallet-embedded/src/wallet-qjs.ts | 2 + 3 files changed, 68 insertions(+), 39 deletions(-) (limited to 'packages/taler-wallet-embedded/src') diff --git a/packages/anastasis-cli/src/index.ts b/packages/anastasis-cli/src/index.ts index 560574276..7c011569f 100644 --- a/packages/anastasis-cli/src/index.ts +++ b/packages/anastasis-cli/src/index.ts @@ -1,20 +1,78 @@ import { clk } from "@gnu-taler/taler-util/clk"; import { + discoverPolicies, getBackupStartState, getRecoveryStartState, reduceAction, } from "@gnu-taler/anastasis-core"; import fs from "fs"; +import { j2s } from "@gnu-taler/taler-util"; -export const reducerCli = clk - .program("reducer", { - help: "Command line interface for Anastasis.", +export const reducerCli = clk.program("anastasis-cli", { + help: "Command line interface for Anastasis.", +}); + +reducerCli + .subcommand("reducer", "reduce", { + help: "Run the anastasis reducer", }) .flag("initBackup", ["-b", "--backup"]) .flag("initRecovery", ["-r", "--restore"]) .maybeOption("argumentsJson", ["-a", "--arguments"], clk.STRING) .maybeArgument("action", clk.STRING) - .maybeArgument("stateFile", clk.STRING); + .maybeArgument("stateFile", clk.STRING) + .action(async (x) => { + if (x.reducer.initBackup) { + console.log(JSON.stringify(await getBackupStartState())); + return; + } else if (x.reducer.initRecovery) { + console.log(JSON.stringify(await getRecoveryStartState())); + return; + } + + const action = x.reducer.action; + if (!action) { + console.log("action required"); + return; + } + + let lastState: any; + if (x.reducer.stateFile) { + const s = fs.readFileSync(x.reducer.stateFile, { encoding: "utf-8" }); + lastState = JSON.parse(s); + } else { + const s = await read(process.stdin); + lastState = JSON.parse(s); + } + + let args: any; + if (x.reducer.argumentsJson) { + args = JSON.parse(x.reducer.argumentsJson); + } else { + args = {}; + } + + const nextState = await reduceAction(lastState, action, args); + console.log(JSON.stringify(nextState)); + }); + +reducerCli + .subcommand("discover", "discover", { + help: "Run the anastasis reducer", + }) + .maybeArgument("stateFile", clk.STRING) + .action(async (args) => { + let lastState: any; + if (args.discover.stateFile) { + const s = fs.readFileSync(args.discover.stateFile, { encoding: "utf-8" }); + lastState = JSON.parse(s); + } else { + const s = await read(process.stdin); + lastState = JSON.parse(s); + } + const res = await discoverPolicies(lastState); + console.log(j2s(res)); + }); async function read(stream: NodeJS.ReadStream): Promise { const chunks = []; @@ -24,41 +82,6 @@ async function read(stream: NodeJS.ReadStream): Promise { return Buffer.concat(chunks).toString("utf8"); } -reducerCli.action(async (x) => { - if (x.reducer.initBackup) { - console.log(JSON.stringify(await getBackupStartState())); - return; - } else if (x.reducer.initRecovery) { - console.log(JSON.stringify(await getRecoveryStartState())); - return; - } - - const action = x.reducer.action; - if (!action) { - console.log("action required"); - return; - } - - let lastState: any; - if (x.reducer.stateFile) { - const s = fs.readFileSync(x.reducer.stateFile, { encoding: "utf-8" }); - lastState = JSON.parse(s); - } else { - const s = await read(process.stdin); - lastState = JSON.parse(s); - } - - let args: any; - if (x.reducer.argumentsJson) { - args = JSON.parse(x.reducer.argumentsJson); - } else { - args = {}; - } - - const nextState = await reduceAction(lastState, action, args); - console.log(JSON.stringify(nextState)); -}); - export function reducerCliMain() { reducerCli.run(); } diff --git a/packages/anastasis-core/src/crypto.ts b/packages/anastasis-core/src/crypto.ts index 3a9483aa1..8bc004e95 100644 --- a/packages/anastasis-core/src/crypto.ts +++ b/packages/anastasis-core/src/crypto.ts @@ -151,7 +151,11 @@ export async function decryptPolicyMetadata( userId: UserIdentifier, metadataEnc: OpaqueData, ): Promise { + // @ts-ignore + console.log("metadataEnc", metadataEnc); const plain = await anastasisDecrypt(asOpaque(userId), metadataEnc, "rmd"); + // @ts-ignore + console.log("plain:", plain); const metadataBytes = decodeCrock(plain); const policyHash = encodeCrock(metadataBytes.slice(0, 64)); const secretName = bytesToString(metadataBytes.slice(64)); diff --git a/packages/taler-wallet-embedded/src/wallet-qjs.ts b/packages/taler-wallet-embedded/src/wallet-qjs.ts index 7958fe90d..e475f9542 100644 --- a/packages/taler-wallet-embedded/src/wallet-qjs.ts +++ b/packages/taler-wallet-embedded/src/wallet-qjs.ts @@ -356,3 +356,5 @@ globalThis.testWithLocal = testWithLocal; globalThis.testArgon2id = testArgon2id; // @ts-ignore globalThis.testReduceAction = reduceAction; +// @ts-ignore +globalThis.testDiscoverPolicies = discoverPolicies; \ No newline at end of file -- cgit v1.2.3