2023-05-26 14:25:03 +02:00
|
|
|
import {
|
2023-07-20 22:01:35 +02:00
|
|
|
PaytoUri,
|
|
|
|
|
TalerSignaturePurpose,
|
|
|
|
|
bufferForUint32,
|
|
|
|
|
buildSigPS,
|
2023-05-26 14:25:03 +02:00
|
|
|
createEddsaKeyPair,
|
|
|
|
|
decodeCrock,
|
2023-05-26 15:54:42 +02:00
|
|
|
decryptWithDerivedKey,
|
|
|
|
|
eddsaGetPublic,
|
2023-07-20 22:01:35 +02:00
|
|
|
eddsaSign,
|
2023-05-26 14:25:03 +02:00
|
|
|
encodeCrock,
|
|
|
|
|
encryptWithDerivedKey,
|
|
|
|
|
getRandomBytesF,
|
|
|
|
|
stringToBytes,
|
2023-07-20 22:01:35 +02:00
|
|
|
stringifyPaytoUri,
|
2023-05-26 14:25:03 +02:00
|
|
|
} from "@gnu-taler/taler-util";
|
2023-07-20 22:01:35 +02:00
|
|
|
import { AmlExchangeBackend } from "./types.js";
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-25 23:08:20 +02:00
|
|
|
export interface Account {
|
2023-05-26 15:54:42 +02:00
|
|
|
accountId: AccountId;
|
|
|
|
|
signingKey: SigningKey;
|
2023-05-25 23:08:20 +02:00
|
|
|
}
|
|
|
|
|
|
2023-05-19 18:26:47 +02:00
|
|
|
/**
|
2023-05-26 21:52:30 +02:00
|
|
|
* Restore previous session and unlock account with password
|
2023-05-19 18:26:47 +02:00
|
|
|
*
|
2023-05-25 23:08:20 +02:00
|
|
|
* @param salt string from which crypto params will be derived
|
|
|
|
|
* @param key secured private key
|
2023-05-19 18:26:47 +02:00
|
|
|
* @param password password for the private key
|
|
|
|
|
* @returns
|
|
|
|
|
*/
|
|
|
|
|
export async function unlockAccount(
|
2023-05-26 15:54:42 +02:00
|
|
|
account: LockedAccount,
|
2023-05-19 18:26:47 +02:00
|
|
|
password: string,
|
2023-05-25 23:08:20 +02:00
|
|
|
): Promise<Account> {
|
2023-05-26 15:54:42 +02:00
|
|
|
const rawKey = decodeCrock(account);
|
|
|
|
|
const rawPassword = stringToBytes(password);
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 15:54:42 +02:00
|
|
|
const signingKey = (await decryptWithDerivedKey(
|
|
|
|
|
rawKey,
|
|
|
|
|
rawPassword,
|
|
|
|
|
password,
|
|
|
|
|
).catch((e: Error) => {
|
|
|
|
|
throw new UnwrapKeyError(e.message);
|
|
|
|
|
})) as SigningKey;
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 15:54:42 +02:00
|
|
|
const publicKey = eddsaGetPublic(signingKey);
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 15:54:42 +02:00
|
|
|
const accountId = encodeCrock(publicKey) as AccountId;
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 15:54:42 +02:00
|
|
|
return { accountId, signingKey };
|
2023-05-19 18:26:47 +02:00
|
|
|
}
|
|
|
|
|
|
2023-07-20 22:01:35 +02:00
|
|
|
export function buildQuerySignature(key: SigningKey): string {
|
|
|
|
|
const sigBlob = buildSigPS(
|
|
|
|
|
TalerSignaturePurpose.TALER_SIGNATURE_AML_QUERY,
|
|
|
|
|
).build();
|
|
|
|
|
|
|
|
|
|
return encodeCrock(eddsaSign(sigBlob, key));
|
|
|
|
|
}
|
|
|
|
|
export function buildDecisionSignature(
|
|
|
|
|
key: SigningKey,
|
|
|
|
|
payto: PaytoUri,
|
|
|
|
|
state: AmlExchangeBackend.AmlState,
|
|
|
|
|
): string {
|
|
|
|
|
const sigBlob = buildSigPS(TalerSignaturePurpose.TALER_SIGNATURE_AML_DECISION)
|
|
|
|
|
.put(decodeCrock(stringifyPaytoUri(payto)))
|
|
|
|
|
.put(bufferForUint32(state))
|
|
|
|
|
.build();
|
|
|
|
|
|
|
|
|
|
return encodeCrock(eddsaSign(sigBlob, key));
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-26 15:54:42 +02:00
|
|
|
declare const opaque_Account: unique symbol;
|
|
|
|
|
export type LockedAccount = string & { [opaque_Account]: true };
|
|
|
|
|
|
|
|
|
|
declare const opaque_AccountId: unique symbol;
|
|
|
|
|
export type AccountId = string & { [opaque_AccountId]: true };
|
|
|
|
|
|
|
|
|
|
declare const opaque_SigningKey: unique symbol;
|
|
|
|
|
export type SigningKey = Uint8Array & { [opaque_SigningKey]: true };
|
|
|
|
|
|
2023-05-19 18:26:47 +02:00
|
|
|
/**
|
2023-05-26 21:52:30 +02:00
|
|
|
* Create new account (secured private key)
|
2023-05-19 18:26:47 +02:00
|
|
|
* secured with the given password
|
|
|
|
|
*
|
|
|
|
|
* @param sessionId
|
|
|
|
|
* @param password
|
|
|
|
|
* @returns
|
|
|
|
|
*/
|
2023-05-26 15:54:42 +02:00
|
|
|
export async function createNewAccount(
|
|
|
|
|
password: string,
|
2023-05-26 21:52:30 +02:00
|
|
|
): Promise<Account & { safe: LockedAccount }> {
|
|
|
|
|
const { eddsaPriv, eddsaPub } = createEddsaKeyPair();
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 14:25:03 +02:00
|
|
|
const key = stringToBytes(password);
|
|
|
|
|
|
|
|
|
|
const protectedPrivKey = await encryptWithDerivedKey(
|
|
|
|
|
getRandomBytesF(24),
|
|
|
|
|
key,
|
|
|
|
|
eddsaPriv,
|
2023-05-26 15:54:42 +02:00
|
|
|
password,
|
2023-05-19 18:26:47 +02:00
|
|
|
);
|
|
|
|
|
|
2023-05-26 21:52:30 +02:00
|
|
|
const signingKey = eddsaPriv as SigningKey;
|
|
|
|
|
const accountId = encodeCrock(eddsaPub) as AccountId;
|
|
|
|
|
const safe = encodeCrock(protectedPrivKey) as LockedAccount;
|
2023-05-19 18:26:47 +02:00
|
|
|
|
2023-05-26 21:52:30 +02:00
|
|
|
return { accountId, signingKey, safe };
|
2023-05-19 18:26:47 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
export class UnwrapKeyError extends Error {
|
|
|
|
|
public cause: string;
|
2023-05-26 15:54:42 +02:00
|
|
|
constructor(cause: string) {
|
|
|
|
|
super(`Recovering private key failed on: ${cause}`);
|
2023-05-19 18:26:47 +02:00
|
|
|
this.cause = cause;
|
|
|
|
|
}
|
|
|
|
|
}
|
