wallet-core/lib/wallet/cryptoLib.ts

347 lines
12 KiB
TypeScript
Raw Normal View History

2016-02-19 00:49:22 +01:00
/*
This file is part of TALER
(C) 2016 GNUnet e.V.
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
2016-07-07 17:59:29 +02:00
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
2016-02-19 00:49:22 +01:00
*/
/**
* Web worker for crypto operations.
* @author Florian Dold
*/
"use strict";
import * as native from "./emscriptif";
2016-10-13 02:23:24 +02:00
import {
PreCoin, PayCoinInfo, AmountJson,
RefreshSession, RefreshPreCoin, ReserveRecord
} from "./types";
2016-02-19 00:49:22 +01:00
import create = chrome.alarms.create;
2016-02-22 21:52:53 +01:00
import {Offer} from "./wallet";
import {CoinWithDenom} from "./wallet";
import {CoinPaySig} from "./types";
2016-10-14 02:13:06 +02:00
import {Denomination, Amounts} from "./types";
2016-09-12 20:25:56 +02:00
import {Amount} from "./emscriptif";
2016-10-13 02:23:24 +02:00
import {Coin} from "../../background/lib/wallet/types";
import {HashContext} from "./emscriptif";
import {RefreshMeltCoinAffirmationPS} from "./emscriptif";
import {EddsaPublicKey} from "./emscriptif";
import {HashCode} from "./emscriptif";
2016-02-19 00:49:22 +01:00
export function main(worker: Worker) {
worker.onmessage = (msg: MessageEvent) => {
if (!Array.isArray(msg.data.args)) {
console.error("args must be array");
return;
}
if (typeof msg.data.id != "number") {
console.error("RPC id must be number");
}
if (typeof msg.data.operation != "string") {
console.error("RPC operation must be string");
}
2016-09-12 20:25:56 +02:00
let f = (RpcFunctions as any)[msg.data.operation];
2016-02-19 00:49:22 +01:00
if (!f) {
console.error(`unknown operation: '${msg.data.operation}'`);
return;
}
let res = f(...msg.data.args);
worker.postMessage({result: res, id: msg.data.id});
}
}
namespace RpcFunctions {
/**
* Create a pre-coin of the given denomination to be withdrawn from then given
* reserve.
*/
2016-02-22 21:52:53 +01:00
export function createPreCoin(denom: Denomination,
2016-10-13 02:23:24 +02:00
reserve: ReserveRecord): PreCoin {
2016-02-19 00:49:22 +01:00
let reservePriv = new native.EddsaPrivateKey();
reservePriv.loadCrock(reserve.reserve_priv);
let reservePub = new native.EddsaPublicKey();
reservePub.loadCrock(reserve.reserve_pub);
let denomPub = native.RsaPublicKey.fromCrock(denom.denom_pub);
let coinPriv = native.EddsaPrivateKey.create();
let coinPub = coinPriv.getPublicKey();
2016-05-25 21:24:21 +02:00
let blindingFactor = native.RsaBlindingKeySecret.create();
2016-02-19 00:49:22 +01:00
let pubHash: native.HashCode = coinPub.hash();
2016-10-13 20:02:42 +02:00
let ev = native.rsaBlind(pubHash,
blindingFactor,
denomPub);
if (!ev) {
throw Error("couldn't blind (malicious exchange key?)");
}
2016-02-19 00:49:22 +01:00
if (!denom.fee_withdraw) {
throw Error("Field fee_withdraw missing");
}
let amountWithFee = new native.Amount(denom.value);
amountWithFee.add(new native.Amount(denom.fee_withdraw));
let withdrawFee = new native.Amount(denom.fee_withdraw);
// Signature
let withdrawRequest = new native.WithdrawRequestPS({
reserve_pub: reservePub,
amount_with_fee: amountWithFee.toNbo(),
withdraw_fee: withdrawFee.toNbo(),
h_denomination_pub: denomPub.encode().hash(),
h_coin_envelope: ev.hash()
});
var sig = native.eddsaSign(withdrawRequest.toPurpose(), reservePriv);
let preCoin: PreCoin = {
reservePub: reservePub.toCrock(),
blindingKey: blindingFactor.toCrock(),
coinPub: coinPub.toCrock(),
coinPriv: coinPriv.toCrock(),
denomPub: denomPub.encode().toCrock(),
2016-03-01 19:39:17 +01:00
exchangeBaseUrl: reserve.exchange_base_url,
2016-02-19 00:49:22 +01:00
withdrawSig: sig.toCrock(),
coinEv: ev.toCrock(),
coinValue: denom.value
};
return preCoin;
}
export function isValidDenom(denom: Denomination,
2016-02-22 21:52:53 +01:00
masterPub: string): boolean {
2016-02-19 00:49:22 +01:00
let p = new native.DenominationKeyValidityPS({
master: native.EddsaPublicKey.fromCrock(masterPub),
denom_hash: native.RsaPublicKey.fromCrock(denom.denom_pub)
.encode()
.hash(),
expire_legal: native.AbsoluteTimeNbo.fromTalerString(denom.stamp_expire_legal),
expire_spend: native.AbsoluteTimeNbo.fromTalerString(denom.stamp_expire_deposit),
expire_withdraw: native.AbsoluteTimeNbo.fromTalerString(denom.stamp_expire_withdraw),
start: native.AbsoluteTimeNbo.fromTalerString(denom.stamp_start),
value: (new native.Amount(denom.value)).toNbo(),
fee_deposit: (new native.Amount(denom.fee_deposit)).toNbo(),
fee_refresh: (new native.Amount(denom.fee_refresh)).toNbo(),
fee_withdraw: (new native.Amount(denom.fee_withdraw)).toNbo(),
fee_refund: (new native.Amount(denom.fee_refund)).toNbo(),
2016-02-19 00:49:22 +01:00
});
let nativeSig = new native.EddsaSignature();
nativeSig.loadCrock(denom.master_sig);
let nativePub = native.EddsaPublicKey.fromCrock(masterPub);
return native.eddsaVerify(native.SignaturePurpose.MASTER_DENOMINATION_KEY_VALIDITY,
p.toPurpose(),
nativeSig,
nativePub);
}
2016-02-22 21:52:53 +01:00
export function hashRsaPub(rsaPub: string): string {
return native.RsaPublicKey.fromCrock(rsaPub)
.encode()
.hash()
.toCrock();
}
export function createEddsaKeypair(): {priv: string, pub: string} {
const priv = native.EddsaPrivateKey.create();
const pub = priv.getPublicKey();
return {priv: priv.toCrock(), pub: pub.toCrock()};
}
2016-09-12 20:25:56 +02:00
export function rsaUnblind(sig: string, bk: string, pk: string): string {
2016-02-22 21:52:53 +01:00
let denomSig = native.rsaUnblind(native.RsaSignature.fromCrock(sig),
2016-05-25 21:24:21 +02:00
native.RsaBlindingKeySecret.fromCrock(bk),
2016-02-22 21:52:53 +01:00
native.RsaPublicKey.fromCrock(pk));
return denomSig.encode().toCrock()
}
/**
* Generate updated coins (to store in the database)
* and deposit permissions for each given coin.
*/
export function signDeposit(offer: Offer,
cds: CoinWithDenom[]): PayCoinInfo {
2016-09-12 20:25:56 +02:00
let ret: PayCoinInfo = [];
2016-02-22 21:52:53 +01:00
let amountSpent = native.Amount.getZero(cds[0].coin.currentAmount.currency);
let amountRemaining = new native.Amount(offer.contract.amount);
for (let cd of cds) {
2016-09-12 20:25:56 +02:00
let coinSpend: Amount;
2016-02-22 21:52:53 +01:00
if (amountRemaining.value == 0 && amountRemaining.fraction == 0) {
break;
}
if (amountRemaining.cmp(new native.Amount(cd.coin.currentAmount)) < 0) {
coinSpend = new native.Amount(amountRemaining.toJson());
} else {
coinSpend = new native.Amount(cd.coin.currentAmount);
}
amountSpent.add(coinSpend);
amountRemaining.sub(coinSpend);
let newAmount = new native.Amount(cd.coin.currentAmount);
newAmount.sub(coinSpend);
cd.coin.currentAmount = newAmount.toJson();
2016-10-17 15:58:36 +02:00
cd.coin.dirty = true;
cd.coin.transactionPending = true;
2016-02-22 21:52:53 +01:00
let d = new native.DepositRequestPS({
h_contract: native.HashCode.fromCrock(offer.H_contract),
h_wire: native.HashCode.fromCrock(offer.contract.H_wire),
amount_with_fee: coinSpend.toNbo(),
coin_pub: native.EddsaPublicKey.fromCrock(cd.coin.coinPub),
deposit_fee: new native.Amount(cd.denom.fee_deposit).toNbo(),
merchant: native.EddsaPublicKey.fromCrock(offer.contract.merchant_pub),
refund_deadline: native.AbsoluteTimeNbo.fromTalerString(offer.contract.refund_deadline),
timestamp: native.AbsoluteTimeNbo.fromTalerString(offer.contract.timestamp),
transaction_id: native.UInt64.fromNumber(offer.contract.transaction_id),
});
let coinSig = native.eddsaSign(d.toPurpose(),
native.EddsaPrivateKey.fromCrock(cd.coin.coinPriv))
.toCrock();
let s: CoinPaySig = {
coin_sig: coinSig,
coin_pub: cd.coin.coinPub,
ub_sig: cd.coin.denomSig,
denom_pub: cd.coin.denomPub,
f: coinSpend.toJson(),
};
ret.push({sig: s, updatedCoin: cd.coin});
}
return ret;
}
2016-10-13 02:23:24 +02:00
2016-10-14 02:13:06 +02:00
export function createRefreshSession(exchangeBaseUrl: string,
kappa: number,
meltCoin: Coin,
newCoinDenoms: Denomination[],
meltFee: AmountJson): RefreshSession {
let valueWithFee = Amounts.getZero(newCoinDenoms[0].value.currency);
for (let ncd of newCoinDenoms) {
valueWithFee = Amounts.add(valueWithFee,
ncd.value,
ncd.fee_withdraw).amount;
}
// melt fee
valueWithFee = Amounts.add(valueWithFee, meltFee).amount;
2016-10-13 02:23:24 +02:00
let sessionHc = new HashContext();
let transferPubs: string[] = [];
2016-10-14 02:13:06 +02:00
let transferPrivs: string[] = [];
2016-10-13 02:23:24 +02:00
let preCoinsForGammas: RefreshPreCoin[][] = [];
2016-10-14 02:13:06 +02:00
for (let i = 0; i < kappa; i++) {
let t = native.EcdhePrivateKey.create();
let pub = t.getPublicKey();
sessionHc.read(pub);
transferPrivs.push(t.toCrock());
transferPubs.push(pub.toCrock());
2016-10-13 02:23:24 +02:00
}
for (let i = 0; i < newCoinDenoms.length; i++) {
let r = native.RsaPublicKey.fromCrock(newCoinDenoms[i].denom_pub);
sessionHc.read(r.encode());
}
2016-10-14 02:13:06 +02:00
sessionHc.read(native.EddsaPublicKey.fromCrock(meltCoin.coinPub));
sessionHc.read((new native.Amount(valueWithFee)).toNbo());
2016-10-13 02:23:24 +02:00
2016-10-14 02:13:06 +02:00
for (let i = 0; i < kappa; i++) {
2016-10-13 02:23:24 +02:00
let preCoins: RefreshPreCoin[] = [];
2016-10-14 02:13:06 +02:00
for (let j = 0; j < newCoinDenoms.length; j++) {
let transferPriv = native.EcdhePrivateKey.fromCrock(transferPrivs[i]);
let oldCoinPub = native.EddsaPublicKey.fromCrock(meltCoin.coinPub);
let transferSecret = native.ecdhEddsa(transferPriv, oldCoinPub);
2016-10-13 02:23:24 +02:00
2016-10-14 02:13:06 +02:00
let fresh = native.setupFreshCoin(transferSecret, j);
let coinPriv = fresh.priv;
2016-10-13 02:23:24 +02:00
let coinPub = coinPriv.getPublicKey();
2016-10-14 02:13:06 +02:00
let blindingFactor = fresh.blindingKey;
2016-10-13 02:23:24 +02:00
let pubHash: native.HashCode = coinPub.hash();
2016-10-14 02:13:06 +02:00
let denomPub = native.RsaPublicKey.fromCrock(newCoinDenoms[j].denom_pub);
2016-10-13 20:02:42 +02:00
let ev = native.rsaBlind(pubHash,
blindingFactor,
denomPub);
if (!ev) {
throw Error("couldn't blind (malicious exchange key?)");
}
2016-10-13 02:23:24 +02:00
let preCoin: RefreshPreCoin = {
blindingKey: blindingFactor.toCrock(),
coinEv: ev.toCrock(),
publicKey: coinPub.toCrock(),
privateKey: coinPriv.toCrock(),
};
preCoins.push(preCoin);
sessionHc.read(ev);
}
preCoinsForGammas.push(preCoins);
}
let sessionHash = new HashCode();
sessionHash.alloc();
sessionHc.finish(sessionHash);
let confirmData = new RefreshMeltCoinAffirmationPS({
coin_pub: EddsaPublicKey.fromCrock(meltCoin.coinPub),
2016-10-14 02:13:06 +02:00
amount_with_fee: (new Amount(valueWithFee)).toNbo(),
2016-10-13 02:23:24 +02:00
session_hash: sessionHash,
melt_fee: (new Amount(meltFee)).toNbo()
});
2016-10-14 02:13:06 +02:00
2016-10-13 02:23:24 +02:00
let confirmSig: string = native.eddsaSign(confirmData.toPurpose(),
native.EddsaPrivateKey.fromCrock(
meltCoin.coinPriv)).toCrock();
let refreshSession: RefreshSession = {
meltCoinPub: meltCoin.coinPub,
newDenoms: newCoinDenoms.map((d) => d.denom_pub),
confirmSig,
2016-10-14 02:13:06 +02:00
valueWithFee,
2016-10-13 02:23:24 +02:00
transferPubs,
preCoinsForGammas,
2016-10-14 02:13:06 +02:00
hash: sessionHash.toCrock(),
norevealIndex: undefined,
exchangeBaseUrl,
transferPrivs,
2016-10-13 02:23:24 +02:00
};
return refreshSession;
}
2016-10-17 15:58:36 +02:00
export function hashString(str: string): string {
const b = native.ByteArray.fromStringWithNull(str);
return b.hash().toCrock();
}
2016-10-13 02:23:24 +02:00
}