add validation for forgettable JSON

This commit is contained in:
Florian Dold 2021-04-13 17:17:43 +02:00
parent e719f7981e
commit 94f251fc39
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
2 changed files with 124 additions and 11 deletions

View File

@ -86,4 +86,12 @@ test("contract terms canon hashing (nested)", (t) => {
t.is(h1, h2); t.is(h1, h2);
t.is(h1, h3); t.is(h1, h3);
t.is(h1, h4); t.is(h1, h4);
// Doesn't contain salt
t.false(ContractTermsUtil.validateForgettable(cReq));
t.true(ContractTermsUtil.validateForgettable(c1));
t.true(ContractTermsUtil.validateForgettable(c2));
t.true(ContractTermsUtil.validateForgettable(c3));
t.true(ContractTermsUtil.validateForgettable(c4));
}); });

View File

@ -17,7 +17,6 @@
import { canonicalJson } from "@gnu-taler/taler-util"; import { canonicalJson } from "@gnu-taler/taler-util";
import { kdf } from "../crypto/primitives/kdf.js"; import { kdf } from "../crypto/primitives/kdf.js";
import { import {
bytesToString,
decodeCrock, decodeCrock,
encodeCrock, encodeCrock,
getRandomBytes, getRandomBytes,
@ -53,23 +52,28 @@ export namespace ContractTermsUtil {
for (let i = 0; i < dup.length; i++) { for (let i = 0; i < dup.length; i++) {
dup[i] = forgetAllImpl(dup[i], [...path, `${i}`], pred); dup[i] = forgetAllImpl(dup[i], [...path, `${i}`], pred);
} }
} else if (typeof dup === "object") { } else if (typeof dup === "object" && dup != null) {
const fge = dup.$forgettable; if (typeof dup.$forgettable === "object") {
const fgo = dup.$forgettable; for (const x of Object.keys(dup.$forgettable)) {
if (typeof fge === "object") {
for (const x of Object.keys(fge)) {
if (!pred([...path, x])) { if (!pred([...path, x])) {
continue; continue;
} }
delete dup[x]; if (!dup.$forgotten) {
if (!fgo[x]) { dup.$forgotten = {};
}
if (!dup.$forgotten[x]) {
const membValCanon = stringToBytes( const membValCanon = stringToBytes(
canonicalJson(scrub(dup[x])) + "\0", canonicalJson(scrub(dup[x])) + "\0",
); );
const membSalt = decodeCrock(fge[x]); const membSalt = decodeCrock(dup.$forgettable[x]);
const h = kdf(64, membValCanon, membSalt, new Uint8Array([])); const h = kdf(64, membValCanon, membSalt, new Uint8Array([]));
fgo[x] = encodeCrock(h); dup.$forgotten[x] = encodeCrock(h);
} }
delete dup[x];
delete dup.$forgettable[x];
}
if (Object.keys(dup.$forgettable).length === 0) {
delete dup.$forgettable;
} }
} }
for (const x of Object.keys(dup)) { for (const x of Object.keys(dup)) {
@ -92,7 +96,7 @@ export namespace ContractTermsUtil {
for (let i = 0; i < dup.length; i++) { for (let i = 0; i < dup.length; i++) {
dup[i] = saltForgettable(dup[i]); dup[i] = saltForgettable(dup[i]);
} }
} else if (typeof dup === "object") { } else if (typeof dup === "object" && dup !== null) {
if (typeof dup.$forgettable === "object") { if (typeof dup.$forgettable === "object") {
for (const k of Object.keys(dup.$forgettable)) { for (const k of Object.keys(dup.$forgettable)) {
if (dup.$forgettable[k] === true) { if (dup.$forgettable[k] === true) {
@ -110,6 +114,107 @@ export namespace ContractTermsUtil {
return dup; return dup;
} }
const nameRegex = /^[0-9A-Za-z_]+$/;
/**
* Check that the given JSON object is well-formed with regards
* to forgettable fields and other restrictions for forgettable JSON.
*/
export function validateForgettable(anyJson: any): boolean {
console.warn("calling validateForgettable", anyJson);
if (typeof anyJson === "string") {
return true;
}
if (typeof anyJson === "number") {
return (
Number.isInteger(anyJson) &&
anyJson >= Number.MIN_SAFE_INTEGER &&
anyJson <= Number.MAX_SAFE_INTEGER
);
}
if (typeof anyJson === "boolean") {
return true;
}
if (anyJson === null) {
return true;
}
if (Array.isArray(anyJson)) {
return anyJson.every((x) => validateForgettable(x));
}
if (typeof anyJson === "object") {
for (const k of Object.keys(anyJson)) {
if (k.match(nameRegex)) {
if (validateForgettable(anyJson[k])) {
continue;
} else {
return false;
}
}
if (k === "$forgettable") {
const fga = anyJson.$forgettable;
if (!fga || typeof fga !== "object") {
return false;
}
for (const fk of Object.keys(fga)) {
if (!fk.match(nameRegex)) {
return false;
}
if (!(fk in anyJson)) {
return false;
}
const fv = anyJson.$forgettable[fk];
if (typeof fv !== "string") {
return false;
}
try {
const decFv = decodeCrock(fv);
if (decFv.length != 32) {
return false;
}
} catch (e) {
return false;
}
}
} else if (k === "$forgotten") {
const fgo = anyJson.$forgotten;
if (!fgo || typeof fgo !== "object") {
return false;
}
for (const fk of Object.keys(fgo)) {
if (!fk.match(nameRegex)) {
return false;
}
// Check that the value has actually been forgotten.
if (fk in anyJson) {
return false;
}
const fv = anyJson.$forgotten[fk];
if (typeof fv !== "string") {
return false;
}
try {
const decFv = decodeCrock(fv);
if (decFv.length != 64) {
return false;
}
} catch (e) {
return false;
}
// Check that salt has been deleted after forgetting.
if (anyJson.$forgettable?.[k] !== undefined) {
return false;
}
}
} else {
console.warn("invalid type");
return false;
}
}
return true;
}
return false;
}
/** /**
* Hash a contract terms object. Forgettable fields * Hash a contract terms object. Forgettable fields
* are scrubbed and JSON canonicalization is applied * are scrubbed and JSON canonicalization is applied