taler/wallet-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

anastasis-core: fix recovery document generation

Browse Source
This commit is contained in:
Florian Dold 2021-10-19 23:49:11 +02:00
parent 6c5d32be74
commit c3570484a8
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
packages/anastasis-core/src/index.ts
View File

@ -417,7 +417,7 @@ async function getTruthValue(
case "email": case "email":
case "totp": case "totp":
case "iban": case "iban":
return encodeCrock(stringToBytes(authMethod.type)); return authMethod.challenge;
default: default:
throw Error("unknown auth type"); throw Error("unknown auth type");
} }
@ -429,7 +429,6 @@ async function getTruthValue(
async function compressRecoveryDoc(rd: any): Promise<Uint8Array> { async function compressRecoveryDoc(rd: any): Promise<Uint8Array> {
console.log("recovery document", rd); console.log("recovery document", rd);
const docBytes = stringToBytes(JSON.stringify(rd)); const docBytes = stringToBytes(JSON.stringify(rd));
console.log("plain doc length", docBytes.length);
const sizeHeaderBuf = new ArrayBuffer(4); const sizeHeaderBuf = new ArrayBuffer(4);
const dvbuf = new DataView(sizeHeaderBuf); const dvbuf = new DataView(sizeHeaderBuf);
dvbuf.setUint32(0, docBytes.length, false); dvbuf.setUint32(0, docBytes.length, false);
@ -461,22 +460,21 @@ async function uploadSecret(
for (let methIndex = 0; methIndex < pol.methods.length; methIndex++) { for (let methIndex = 0; methIndex < pol.methods.length; methIndex++) {
const meth = pol.methods[methIndex]; const meth = pol.methods[methIndex];
const truthReference = `${meth.authentication_method}:${meth.provider}`; const truthReference = `${meth.authentication_method}:${meth.provider}`;
if (truthMetadataMap[truthReference]) { let tm = truthMetadataMap[truthReference];
continue; if (!tm) {
tm = {
key_share: encodeCrock(getRandomBytes(32)),
nonce: encodeCrock(getRandomBytes(24)),
truth_salt: encodeCrock(getRandomBytes(16)),
truth_key: encodeCrock(getRandomBytes(64)),
uuid: encodeCrock(getRandomBytes(32)),
pol_method_index: methIndex,
policy_index: policyIndex,
};
truthMetadataMap[truthReference] = tm;
} }
const keyShare = encodeCrock(getRandomBytes(32)); keyShares.push(tm.key_share);
keyShares.push(keyShare);
const tm: TruthMetaData = {
key_share: keyShare,
nonce: encodeCrock(getRandomBytes(24)),
truth_salt: encodeCrock(getRandomBytes(16)),
truth_key: encodeCrock(getRandomBytes(64)),
uuid: encodeCrock(getRandomBytes(32)),
pol_method_index: methIndex,
policy_index: policyIndex,
};
methUuids.push(tm.uuid); methUuids.push(tm.uuid);
truthMetadataMap[truthReference] = tm;
} }
const policyKey = await policyKeyDerive(keyShares, policySalt); const policyKey = await policyKeyDerive(keyShares, policySalt);
policyUuids.push(methUuids); policyUuids.push(methUuids);
@ -563,6 +561,8 @@ async function uploadSecret(
// the state, since it's possible that we'll run into // the state, since it's possible that we'll run into
// a provider that requests a payment. // a provider that requests a payment.
console.log("policy UUIDs", policyUuids);
const rd: RecoveryDocument = { const rd: RecoveryDocument = {
secret_name: secretName, secret_name: secretName,
encrypted_core_secret: csr.encCoreSecret, encrypted_core_secret: csr.encCoreSecret,
@ -582,7 +582,6 @@ async function uploadSecret(
const uid = uidMap[prov.provider_url]; const uid = uidMap[prov.provider_url];
const acctKeypair = accountKeypairDerive(uid); const acctKeypair = accountKeypairDerive(uid);
const zippedDoc = await compressRecoveryDoc(rd); const zippedDoc = await compressRecoveryDoc(rd);
console.log("zipped doc", zippedDoc);
const encRecoveryDoc = await encryptRecoveryDocument( const encRecoveryDoc = await encryptRecoveryDocument(
uid, uid,
encodeCrock(zippedDoc), encodeCrock(zippedDoc),