UNPKG

@tidecloak/js

Version:

TideCloak client side JS SDK

tide-foundation/tidecloak-js

222 lines • 13.3 kB

JavaScript

"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.NewCMK_NewPRISM = NewCMK_NewPRISM; exports.ExistingCMK_NewPRISM = ExistingCMK_NewPRISM; exports.NewVVK = NewVVK; exports.HealPrism = HealPrism; const index_js_1 = require("../index.js"); const Math_js_1 = require("../Cryptide/Math.js"); const Serialization_js_1 = require("../Cryptide/Serialization.js"); const dKeyGenerationFlow_js_1 = __importDefault(require("../Flow/dKeyGenerationFlow.js")); const OrkInfo_js_1 = __importDefault(require("../Models/Infos/OrkInfo.js")); const H2P_js_1 = __importDefault(require("../Cryptide/Hashing/H2P.js")); const Hash_js_1 = require("../Cryptide/Hashing/Hash.js"); const dCMKPasswordFlow_js_1 = __importDefault(require("../Flow/AuthenticationFlows/dCMKPasswordFlow.js")); const EnclaveEntry_js_1 = __importDefault(require("../Models/EnclaveEntry.js")); const KeyInfo_js_1 = __importDefault(require("../Models/Infos/KeyInfo.js")); const NetworkClient_js_1 = __importDefault(require("../Clients/NetworkClient.js")); const AuthRequest_js_1 = __importDefault(require("../Models/AuthRequest.js")); const Utils_js_1 = require("../Tools/Utils.js"); const index_js_2 = require("../Cryptide/index.js"); const dTestVVkSigningFlow_js_1 = __importDefault(require("../Flow/SigningFlows/dTestVVkSigningFlow.js")); const BaseTideRequest_js_1 = __importDefault(require("../Models/BaseTideRequest.js")); const dVVKSigningFlow_js_1 = __importDefault(require("../Flow/SigningFlows/dVVKSigningFlow.js")); const Ed25519Components_js_1 = require("../Cryptide/Components/Schemes/Ed25519/Ed25519Components.js"); const TideMemoryObjects_js_1 = require("../Cryptide/TideMemoryObjects.js"); async function NewCMK_NewPRISM() { var orks; let i = 0; while (i < 1) { const user = Date.now().toString(); const password = "pass"; const emails = ["testEmail1@doge.com"]; const uid = await (0, Serialization_js_1.GetUID)(user); const sessKey = (0, Math_js_1.GenSessKey)(); const gSessKey = (0, Math_js_1.GetPublic)(sessKey); const purpose = "NEW"; const VRK = BigInt(123456789); const gVRK = (0, Math_js_1.GetPublic)(VRK); const { reservationConfirmation, activeOrks } = (await dKeyGenerationFlow_js_1.default.ReserveUID(uid, "http://localhost:3000/voucher/new", gSessKey)); orks = activeOrks.slice(0, Utils_js_1.Max); const genFlow = new dKeyGenerationFlow_js_1.default(uid, gVRK.toBase64(), orks, sessKey, gSessKey, purpose, "http://localhost:3000/voucher/new", emails); await genFlow.GenShard(2, [null], reservationConfirmation); // auths can be null if purpose is "new", for now... await genFlow.SetShard(gSessKey.toBase64(), "CMK"); // we aren't testing the auth point, can be anything here await genFlow.Commit(); console.log("NewCMK_NewPRISM TEST SUCCESSFUL: " + i); i++; } // note: i'm not putting everything in a try catch as i want to see which line at which file fails } async function ExistingCMK_NewPRISM() { // basically the change pass flow var orks; let i = 0; while (i < 1) { const user = Date.now().toString(); const emails = ["testEmail1@doge.com"]; const password = "pass"; const gPass = await (0, H2P_js_1.default)(password); const uid = await (0, Serialization_js_1.GetUID)(user); const sessKey = (0, Math_js_1.GenSessKey)(); const gSessKey = (0, Math_js_1.GetPublic)(sessKey); const VRK = BigInt(123456789); const gVRK = (0, Math_js_1.GetPublic)(VRK); let GK; const create = async () => { // create account first const purpose = "NEW"; const { reservationConfirmation, activeOrks } = (await dKeyGenerationFlow_js_1.default.ReserveUID(uid, "http://localhost:3000/voucher/new", gSessKey)); orks = activeOrks.slice(0, Utils_js_1.Max); const genFlow = new dKeyGenerationFlow_js_1.default(uid, gVRK.toBase64(), orks, sessKey, gSessKey, purpose, "http://localhost:3000/voucher/new", emails); const { gMultiplied, gK } = await genFlow.GenShard(2, [null, gPass], reservationConfirmation); // auths can be null if purpose is "new", for now... GK = gK; const gPrismAuth = await (0, Math_js_1.CreateGPrismAuth)(gMultiplied[1]); await genFlow.SetShard(gPrismAuth.toBase64(), "CMK"); await genFlow.Commit(); }; const getAuth = async () => { const keyInfo = await new NetworkClient_js_1.default("http://localhost:1001").GetKeyInfo(uid); const keyAuthFlow = new dCMKPasswordFlow_js_1.default(keyInfo, "", true, true, "http://localhost:3000/voucher/new"); // needs these orks const { bitwise, expired, selfRequesti } = await keyAuthFlow.ConvertPassword(sessKey, gSessKey, gPass); return { bitwise, expired, selfRequesti }; }; const newPrism = async (bitwise, expired, selfRequesti) => { const purpose = "RESET"; const newPassword = "pass1"; const newgPass = await (0, H2P_js_1.default)(newPassword); const genFlow = new dKeyGenerationFlow_js_1.default(uid, gVRK.toBase64(), orks, sessKey, gSessKey, purpose, "http://localhost:3000/voucher/new", null, bitwise, selfRequesti, GK, expired); // this flow await genFlow.GenShard(1, [newgPass]); await genFlow.SetShard(gSessKey.toBase64(), "Prism"); // we aren't testing the auth point, can be anything here await genFlow.Commit(); }; await create(); const { bitwise, expired, selfRequesti } = await getAuth(); await newPrism(bitwise, expired, selfRequesti); console.log("ExistingCMK_NewPRISM TEST SUCCESSFUL: " + i); i++; } } // Assuming orks are not checking that each gVRK has funds attached to it async function NewVVK() { const simClient = new NetworkClient_js_1.default(); const availableOrks = (await simClient.FindReservers("blah")); const orks = (await index_js_1.SimulatorFlow.FilterInactiveOrks(availableOrks)).slice(0, Utils_js_1.Max); let i = 0; while (i < 1) { const sessKey = (0, Math_js_1.GenSessKey)(); const gSessKey = (0, Math_js_1.GetPublic)(sessKey); const VRK = BigInt(123456789); const gVRK = (0, Math_js_1.GetPublic)(VRK); const VVKid = "VendorID12345"; window.vvkId = VVKid; const auth = new AuthRequest_js_1.default(VVKid, "NEW", gSessKey.toBase64(), BigInt((0, Utils_js_1.CurrentTime)() + 30)); const authSig = await index_js_2.EdDSA.sign(auth.toString(), VRK); // Midgard can replace this line const vrkPackage = (0, TideMemoryObjects_js_1.CreateVRKPackage)(new Ed25519Components_js_1.Ed25519PublicComponent(gVRK), index_js_1.Utils.CurrentTime() + 1000000); const authorizerPackage = (0, TideMemoryObjects_js_1.CreateAuthorizerPackage)("VRK:1", ["UserContext:1", "AccessToken:1", "RotateVRK:1"], vrkPackage); // NEVER allow UserContext to be approved by main vrk console.log("AUTHORIZER: " + (0, Serialization_js_1.Bytes2Hex)(authorizerPackage)); const genFlow = new dKeyGenerationFlow_js_1.default(VVKid, gVRK.toBase64(), orks, sessKey, gSessKey, "NEW", "http://localhost:3000/voucher/new"); const { gK } = await genFlow.GenVVKShard(auth, authSig); window.gK = gK; const signAuth = await genFlow.SetShard((0, Serialization_js_1.Bytes2Hex)(authorizerPackage), "VVK"); await genFlow.Commit(); console.log("vrk raw: " + new Ed25519Components_js_1.Ed25519PrivateComponent(VRK).Serialize().ToString()); console.log("authorizer cert: " + (0, Serialization_js_1.bytesToBase64)(signAuth.VRK_SIGNATURE_TO_STORE)); window.VRK_SIGNATURE_TO_STORE = signAuth.VRK_SIGNATURE_TO_STORE; window.AUTHORIZER = (0, Serialization_js_1.Bytes2Hex)(authorizerPackage); window.ORKS = orks; window.VRK = VRK; const vals = { id: VVKid, pub: gK.toBase64(), vrk: VRK.toString(), vrk_sig: (0, Serialization_js_1.bytesToBase64)(signAuth.VRK_SIGNATURE_TO_STORE), authorizer: (0, Serialization_js_1.Bytes2Hex)(authorizerPackage) }; window.localStorage.setItem("t", JSON.stringify(vals)); console.log("NewVVK TEST SUCCESSFUL: " + i); i++; } } async function HealPrism() { // basically the change pass flow var orks; let i = 0; while (i < 1) { const user = Date.now().toString(); const emails = ["testEmail1@doge.com"]; const password = "pass"; const gPass = await (0, H2P_js_1.default)(password); const uid = await (0, Serialization_js_1.GetUID)(user); const sessKey = (0, Math_js_1.GenSessKey)(); const gSessKey = (0, Math_js_1.GetPublic)(sessKey); const VRK = BigInt(123456789); const gVRK = (0, Math_js_1.GetPublic)(VRK); let GK; const create = async () => { // create account first const purpose = "NEW"; const { reservationConfirmation, activeOrks } = (await dKeyGenerationFlow_js_1.default.ReserveUID(uid, "http://localhost:3000/voucher/new", gSessKey)); orks = activeOrks.slice(0, Utils_js_1.Max); const genFlow = new dKeyGenerationFlow_js_1.default(uid, gVRK.toBase64(), orks, sessKey, gSessKey, purpose, "http://localhost:3000/voucher/new", emails); const { gMultiplied, gK } = await genFlow.GenShard(2, [null, gPass], reservationConfirmation); // auths can be null if purpose is "new", for now... GK = gK; const gPrismAuth = await (0, Math_js_1.CreateGPrismAuth)(gMultiplied[1]); await genFlow.SetShard(gPrismAuth.toBase64(), "CMK"); await genFlow.Commit(); }; const getAuth = async () => { const keyInfo = await new NetworkClient_js_1.default("http://localhost:1001").GetKeyInfo(uid); const keyAuthFlow = new dCMKPasswordFlow_js_1.default(keyInfo, "", true, true, "http://localhost:3000/voucher/new"); // needs these orks const { bitwise, expired, selfRequesti } = await keyAuthFlow.ConvertPassword(sessKey, gSessKey, gPass); return { bitwise, expired, selfRequesti }; }; const newPrism = async (bitwise, expired, selfRequesti) => { const purpose = "RESET"; const newPassword = "pass1"; const newgPass = await (0, H2P_js_1.default)(newPassword); const genFlow = new dKeyGenerationFlow_js_1.default(uid, gVRK.toBase64(), orks, sessKey, gSessKey, purpose, "http://localhost:3000/voucher/new", null, bitwise, selfRequesti, GK, expired); // this flow const { gMultiplied, gK } = await genFlow.GenShard(1, [newgPass]); const gPrismAuth = await (0, Math_js_1.CreateGPrismAuth)(gMultiplied[0]); await genFlow.SetShard(gPrismAuth.toBase64(), "Prism"); await genFlow.Commit(); return newgPass; }; const authTest = async (newgPass) => { const sessKey = (0, Math_js_1.GenSessKey)(); const gSessKey = (0, Math_js_1.GetPublic)(sessKey); const keyInfo = await new NetworkClient_js_1.default("http://localhost:1001").GetKeyInfo(uid); const dAuthFlow = new dCMKPasswordFlow_js_1.default(keyInfo, "123ID", true, true, "http://localhost:3000/voucher/new"); await dAuthFlow.Convert(sessKey, gSessKey, newgPass, GK, true); const { bitwise, expired, selfRequesti } = await dAuthFlow.Authenticate(gSessKey); // gVRK can be anything for testing return selfRequesti; }; await create(); await authTest(gPass); // first auth test to get key healing to start window.alert("Shut 2 orks down now."); const { bitwise, expired, selfRequesti } = await getAuth(); console.log("auth test 1 worked"); const newgPass = await newPrism(bitwise, expired, selfRequesti); await authTest(newgPass); // first auth test to get key healing to start console.log("auth test 2 worked"); window.alert("Turn on 1 ork now."); await authTest(newgPass); // hopefully heal is done by now console.log("auth test 3 worked"); const delay = () => new Promise(res => setTimeout(res, 2000)); // wait 2s await delay(); window.alert("Turn on the other ork now."); await authTest(newgPass); // hopefully heal is done by now console.log("auth test 4 worked"); await delay(); const selfRs = await authTest(newgPass); // hopefully heal is done by now console.log("auth test 5 worked"); const worked = selfRs.length == Utils_js_1.Max; console.log("Test successful: " + worked + ". Best to set Threshold:Max to 3:5 for most accurate results. Check ork logs to see if key heal was successful."); console.log("HealPrism TEST SUCCESSFUL: " + i); i++; } } //# sourceMappingURL=KeyGeneration.js.map