implement DD18 (forgettable fields in contract terms)

packages/taler-util/src/helpers.ts

@@ -56,11 +56,23 @@ export function canonicalizeBaseUrl(url: string): string {
 /**
  * Convert object to JSON with canonical ordering of keys
  * and whitespace omitted.
+ *
+ * See RFC 4885 (https://tools.ietf.org/html/rfc8785).
  */
 export function canonicalJson(obj: any): string {
   // Check for cycles, etc.
   obj = JSON.parse(JSON.stringify(obj));
-  if (typeof obj === "string" || typeof obj === "number" || obj === null) {
+  if (typeof obj === "string") {
+    const s = JSON.stringify(obj);
+    return s.replace(/[\u007F-\uFFFF]/g, function (chr) {
+      return "\\u" + ("0000" + chr.charCodeAt(0).toString(16)).substr(-4);
+    });
+  }
+  if (
+    typeof obj === "number" ||
+    typeof obj === "boolean" ||
+    obj === null
+  ) {
     return JSON.stringify(obj);
   }
   if (Array.isArray(obj)) {

packages/taler-wallet-core/src/util/contractTerms.test.ts

@@ -0,0 +1,89 @@
+/*
+ This file is part of GNU Taler
+ (C) 2021 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+/**
+ * Imports.
+ */
+import test from "ava";
+import { ContractTermsUtil } from "./contractTerms.js";
+
+test("contract terms canon hashing", (t) => {
+  const cReq = {
+    foo: 42,
+    bar: "hello",
+    $forgettable: {
+      foo: true,
+    },
+  };
+
+  const c1 = ContractTermsUtil.saltForgettable(cReq);
+  const c2 = ContractTermsUtil.saltForgettable(cReq);
+  t.assert(typeof cReq.$forgettable.foo === "boolean");
+  t.assert(typeof c1.$forgettable.foo === "string");
+  t.assert(c1.$forgettable.foo !== c2.$forgettable.foo);
+
+  const h1 = ContractTermsUtil.hashContractTerms(c1);
+
+  const c3 = ContractTermsUtil.scrub(JSON.parse(JSON.stringify(c1)));
+
+  t.assert(c3.foo === undefined);
+  t.assert(c3.bar === cReq.bar);
+
+  const h2 = ContractTermsUtil.hashContractTerms(c3);
+
+  t.deepEqual(h1, h2);
+});
+
+test("contract terms canon hashing (nested)", (t) => {
+  const cReq = {
+    foo: 42,
+    bar: {
+      prop1: "hello, world",
+      $forgettable: {
+        prop1: true,
+      },
+    },
+    $forgettable: {
+      bar: true,
+    },
+  };
+
+  const c1 = ContractTermsUtil.saltForgettable(cReq);
+
+  t.is(typeof c1.$forgettable.bar, "string");
+  t.is(typeof c1.bar.$forgettable.prop1, "string");
+
+  const forgetPath = (x: any, s: string) =>
+    ContractTermsUtil.forgetAll(x, (p) => p.join(".") === s);
+
+  // Forget bar first
+  const c2 = forgetPath(c1, "bar");
+
+  // Forget bar.prop1 first
+  const c3 = forgetPath(forgetPath(c1, "bar.prop1"), "bar");
+
+  // Forget everything
+  const c4 = ContractTermsUtil.scrub(c1);
+
+  const h1 = ContractTermsUtil.hashContractTerms(c1);
+  const h2 = ContractTermsUtil.hashContractTerms(c2);
+  const h3 = ContractTermsUtil.hashContractTerms(c3);
+  const h4 = ContractTermsUtil.hashContractTerms(c4);
+
+  t.is(h1, h2);
+  t.is(h1, h3);
+  t.is(h1, h4);
+});

packages/taler-wallet-core/src/util/contractTerms.ts

@@ -0,0 +1,123 @@
+/*
+ This file is part of GNU Taler
+ (C) 2021 Taler Systems S.A.
+
+ GNU Taler is free software; you can redistribute it and/or modify it under the
+ terms of the GNU General Public License as published by the Free Software
+ Foundation; either version 3, or (at your option) any later version.
+
+ GNU Taler is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along with
+ GNU Taler; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
+ */
+
+import { canonicalJson } from "@gnu-taler/taler-util";
+import { kdf } from "../crypto/primitives/kdf.js";
+import {
+  bytesToString,
+  decodeCrock,
+  encodeCrock,
+  getRandomBytes,
+  hash,
+  stringToBytes,
+} from "../crypto/talerCrypto.js";
+
+export namespace ContractTermsUtil {
+  export type PathPredicate = (path: string[]) => boolean;
+
+  /**
+   * Scrub all forgettable members from an object.
+   */
+  export function scrub(anyJson: any): any {
+    return forgetAllImpl(anyJson, [], () => true);
+  }
+
+  /**
+   * Recursively forget all forgettable members of an object,
+   * where the path matches a predicate.
+   */
+  export function forgetAll(anyJson: any, pred: PathPredicate): any {
+    return forgetAllImpl(anyJson, [], pred);
+  }
+
+  function forgetAllImpl(
+    anyJson: any,
+    path: string[],
+    pred: PathPredicate,
+  ): any {
+    const dup = JSON.parse(JSON.stringify(anyJson));
+    if (Array.isArray(dup)) {
+      for (let i = 0; i < dup.length; i++) {
+        dup[i] = forgetAllImpl(dup[i], [...path, `${i}`], pred);
+      }
+    } else if (typeof dup === "object") {
+      const fge = dup.$forgettable;
+      const fgo = dup.$forgettable;
+      if (typeof fge === "object") {
+        for (const x of Object.keys(fge)) {
+          if (!pred([...path, x])) {
+            continue;
+          }
+          delete dup[x];
+          if (!fgo[x]) {
+            const membValCanon = stringToBytes(
+              canonicalJson(scrub(dup[x])) + "\0",
+            );
+            const membSalt = decodeCrock(fge[x]);
+            const h = kdf(64, membValCanon, membSalt, new Uint8Array([]));
+            fgo[x] = encodeCrock(h);
+          }
+        }
+      }
+      for (const x of Object.keys(dup)) {
+        if (x.startsWith("$")) {
+          continue;
+        }
+        dup[x] = forgetAllImpl(dup[x], [...path, x], pred);
+      }
+    }
+    return dup;
+  }
+
+  /**
+   * Generate a salt for all members marked as forgettable,
+   * but which don't have an actual salt yet.
+   */
+  export function saltForgettable(anyJson: any): any {
+    const dup = JSON.parse(JSON.stringify(anyJson));
+    if (Array.isArray(dup)) {
+      for (let i = 0; i < dup.length; i++) {
+        dup[i] = saltForgettable(dup[i]);
+      }
+    } else if (typeof dup === "object") {
+      if (typeof dup.$forgettable === "object") {
+        for (const k of Object.keys(dup.$forgettable)) {
+          if (dup.$forgettable[k] === true) {
+            dup.$forgettable[k] = encodeCrock(getRandomBytes(32));
+          }
+        }
+      }
+      for (const x of Object.keys(dup)) {
+        if (x.startsWith("$")) {
+          continue;
+        }
+        dup[x] = saltForgettable(dup[x]);
+      }
+    }
+    return dup;
+  }
+
+  /**
+   * Hash a contract terms object.  Forgettable fields
+   * are scrubbed and JSON canonicalization is applied
+   * before hashing.
+   */
+  export function hashContractTerms(contractTerms: unknown): string {
+    const cleaned = scrub(contractTerms);
+    const canon = canonicalJson(cleaned) + "\0";
+    return encodeCrock(hash(stringToBytes(canon)));
+  }
+}