UNPKG

@tidecloak/js

Version:

TideCloak client side JS SDK

tide.org

tide-foundation/tidecloak-js

138 lines 8.24 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
"use strict"; // // Tide Protocol - Infrastructure for a TRUE Zero-Trust paradigm // Copyright (C) 2022 Tide Foundation Ltd // // This program is free software and is subject to the terms of // the Tide Community Open Code License as published by the // Tide Foundation Limited. You may modify it and redistribute // it in accordance with and subject to the terms of that License. // This program is distributed WITHOUT WARRANTY of any kind, // including without any implied warranty of MERCHANTABILITY or // FITNESS FOR A PARTICULAR PURPOSE. // See the Tide Community Open Code License for more details. // You should have received a copy of the Tide Community Open // Code License along with this program. // If not, see https://tide.org/licenses_tcoc2-0-0-en // var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); const NodeClient_js_1 = __importDefault(require("../../Clients/NodeClient.js")); const index_js_1 = require("../../Cryptide/index.js"); const KeyAuthentication_js_1 = require("../../Math/KeyAuthentication.js"); const index_js_2 = require("../../Cryptide/index.js"); const Utils_js_1 = require("../../Tools/Utils.js"); const Math_js_1 = require("../../Cryptide/Math.js"); const Serialization_js_1 = require("../../Cryptide/Serialization.js"); const EnclaveEntry_js_1 = __importDefault(require("../../Models/EnclaveEntry.js")); const VoucherFlow_js_1 = __importDefault(require("../VoucherFlows/VoucherFlow.js")); const KeyInfo_js_1 = __importDefault(require("../../Models/Infos/KeyInfo.js")); const Ed25519_js_1 = require("../../Cryptide/Ed25519.js"); const TideKey_js_1 = __importDefault(require("../../Cryptide/TideKey.js")); class dCMKPasswordFlow { /** * @param {KeyInfo} keyInfo * @param {string} sessID * @param {boolean} cmkCommitted * @param {boolean} prismCommitted * @param {string} voucherURL * @param {string} purpose */ constructor(keyInfo, sessID, cmkCommitted, prismCommitted, voucherURL, purpose = null) { this.keyInfo = new KeyInfo_js_1.default(keyInfo.UserId, keyInfo.UserPublic, keyInfo.UserM, keyInfo.OrkInfo.slice()); this.sessID = sessID; this.keyInfo.OrkInfo = (0, Utils_js_1.sortORKs)(this.keyInfo.OrkInfo); this.cmkCommitted = cmkCommitted; this.prismCommitted = prismCommitted; this.voucherURL = voucherURL; this.purpose = purpose == null ? "auth" : purpose; this.cState = undefined; } /** * @param {TideKey} sessKey * @param {Point} gSessKeyPub * @param {Point} gPass * @param {Point} gCMK * @param {boolean} rememberMe */ async Convert(sessKey, gPass, gCMK, rememberMe) { const clients = this.keyInfo.OrkInfo.map(ork => new NodeClient_js_1.default(ork.orkURL)); // create node clients const voucherFlow = new VoucherFlow_js_1.default(this.keyInfo.OrkInfo.map(o => o.orkPaymentPublic), this.voucherURL, "signin"); const { vouchers, k } = await voucherFlow.GetVouchers(); const r1 = index_js_2.Math.RandomBigInt(); const gBlurPass = gPass.mul(r1); // Here we also find out which ORKs are up const pre_ConvertResponses = clients.map((client, i) => client.Convert(i, this.keyInfo.UserId, gBlurPass, sessKey.get_public_component(), rememberMe, vouchers.toORK(i), this.keyInfo.UserM, this.cmkCommitted, this.prismCommitted)); // To save time const prkECDHi = await index_js_1.DH.generateECDHi(this.keyInfo.OrkInfo.map(o => o.orkPublic), sessKey.get_private_component().rawBytes); const { fulfilledResponses, bitwise } = await (0, Utils_js_1.WaitForNumberofORKs)(this.keyInfo.OrkInfo, pre_ConvertResponses, "CMK", Utils_js_1.Threshold, null, prkECDHi); const ids = this.keyInfo.OrkInfo.map(c => BigInt(c.orkID)); const { prismAuthis, timestampi, selfRequesti, expired } = await (0, KeyAuthentication_js_1.PrismConvertReply)(fulfilledResponses.map(c => c.PrismConvertResponse), ids, this.keyInfo.OrkInfo.map(c => c.orkPublic), r1, prkECDHi); this.cState = { selfRequesti, expired, bitwise, prkECDHi, ...await (0, KeyAuthentication_js_1.CmkConvertReply)(fulfilledResponses.map(c => c.CMKConvertResponse), ids, prismAuthis, gCMK, timestampi, this.sessID, this.purpose, Ed25519_js_1.Point.fromBytes((0, Serialization_js_1.Hex2Bytes)(vouchers.qPub).slice(-32)), // to translate between tide component and native object (0, Serialization_js_1.BigIntFromByteArray)((0, Serialization_js_1.base64ToBytes)(vouchers.UDeObf).slice(-32)), // to translate between tide component and native object k.get_private_component().priv, sessKey.get_public_component()) }; return { VUID: this.cState.VUID }; } /** * * @param {TideKey} sessKey * @param {Point} gSessKeyPub * @param {Point} gPass */ async ConvertPassword(sessKey, gPass) { if (this.cState != undefined) throw Error("This function must be called as a standlone in this flow"); const r1 = (0, Math_js_1.RandomBigInt)(); const gBlurPass = gPass.mul(r1); const clients = this.keyInfo.OrkInfo.map(ork => new NodeClient_js_1.default(ork.orkURL)); // create node clients const voucherFlow = new VoucherFlow_js_1.default(this.keyInfo.OrkInfo.map(o => o.orkPaymentPublic), this.voucherURL, "updateaccount"); const { vouchers } = await voucherFlow.GetVouchers(); const pre_convertPassResponses = clients.map((client, i) => client.ConvertPass(i, this.keyInfo.UserId, gBlurPass, sessKey.get_public_component(), vouchers.toORK(i), this.keyInfo.UserM)); // To save time const prkECDHi = await index_js_1.DH.generateECDHi(this.keyInfo.OrkInfo.map(o => o.orkPublic), sessKey.get_private_component().rawBytes); const { fulfilledResponses, bitwise } = await (0, Utils_js_1.WaitForNumberofORKs)(this.keyInfo.OrkInfo, pre_convertPassResponses, "CMK", Utils_js_1.Threshold, null, prkECDHi); const { prismAuthis, timestampi, selfRequesti, expired } = await (0, KeyAuthentication_js_1.PrismConvertReply)(fulfilledResponses, this.keyInfo.OrkInfo.map(c => BigInt(c.orkID)), this.keyInfo.OrkInfo.map(c => c.orkPublic), r1, prkECDHi); return { bitwise: bitwise, expired, selfRequesti }; } /** * @param {Point} gVRK If a null value is provided, no encryption is applied. * @param {Uint8Array} sessKey * @param {string} consentToSign */ async Authenticate(gVRK, sessKey = null, consentToSign = null) { if (this.cState == undefined) throw Error("Convert State is undefined"); const cmkClients = this.keyInfo.OrkInfo.map(ork => new NodeClient_js_1.default(ork.orkURL)); const pre_encSig = cmkClients.map((client, i) => client.Authenticate(this.keyInfo.UserId, this.cState.selfRequesti[i], this.cState.blurHCMKMul, (0, Serialization_js_1.serializeBitArray)(this.cState.bitwise), this.cmkCommitted, this.prismCommitted)); const encSig = await Promise.all(pre_encSig); let vendorEncryptedData; if (consentToSign == null) { vendorEncryptedData = await (0, KeyAuthentication_js_1.AuthenticateBasicReply)(this.cState.VUID, this.cState.prkECDHi, encSig, this.cState.gCMKAuth, this.cState.authToken, this.cState.r4, this.cState.gRMul, gVRK); } else { vendorEncryptedData = await (0, KeyAuthentication_js_1.AuthenticateConsentReply)(this.cState.VUID, this.cState.prkECDHi, encSig, this.cState.gCMKAuth, this.cState.authToken, this.cState.r4, this.cState.gRMul, gVRK, (0, Serialization_js_1.BigIntFromByteArray)(sessKey), consentToSign); } return { bitwise: this.cState.bitwise, expired: this.cState.expired, selfRequesti: this.cState.selfRequesti, vendorEncryptedData: vendorEncryptedData }; } } exports.default = dCMKPasswordFlow; //# sourceMappingURL=dCMKPasswordFlow.js.map