@askalf/dario 3.29.0 → 3.30.0

package/dist/sealed-pool.js

@@ -1,416 +0,0 @@
-/**
- * Sealed-sender overflow pool — RSA blind signatures for unlinkable capacity
- * sharing inside a trust group.
- *
- * The problem this solves: in a federated pool where several friends lend
- * each other account capacity, a naive design leaks who is borrowing what.
- * If member A sends "I'm borrowing from your pool" to member B's dario
- * instance, B learns exactly which of their friends is running which
- * workload — and over time B can build a pretty detailed surveillance log
- * of everyone else's agent sessions. That's the opposite of what a private
- * friend pool should provide.
- *
- * The solution is Chaum's 1983 blind signature construction. A trusted
- * admin (one member of the group, selected by social consensus) issues
- * signed borrow tokens to each member. The admin never sees the token
- * values — they sign blinded values, and the blinding is unlinkable at
- * the cryptographic level. When a member sends a token to a lender, the
- * lender can verify "this was signed by the group admin" without learning
- * WHICH member holds that token. The lender sees a valid group credential
- * and nothing more.
- *
- * From Anthropic's perspective nothing changes: the request still hits
- * their API under the lender's identity, fully attributable to a real
- * paying Max subscriber. The privacy property is entirely INSIDE the
- * trust group — no member can surveil another member's usage through
- * the pool layer.
- *
- * What this is NOT: this is not anonymity from Anthropic, not onion
- * routing, not credential laundering. It is a privacy layer on top of
- * a legitimate friends-pool arrangement. Members opt in, the admin is
- * known, membership is revocable by rotating the group key. It's the
- * same trust model as a family Netflix account, with unlinkability as
- * a feature for the pool's internal telemetry.
- *
- * Implementation notes:
- *   - RSA-2048 with FDH (full-domain hash) padding via MGF1-SHA256.
- *   - Node's crypto.publicEncrypt / privateDecrypt with RSA_NO_PADDING
- *     for raw RSA operations. All modular arithmetic happens in BigInt.
- *   - Tokens are 32 random bytes each, single-use (lender tracks SHA-256
- *     hashes of seen tokens to prevent double-spend).
- *   - Admin does not need to be online for members to use tokens. Admin
- *     only runs when issuing a new batch (typically once per day/week).
- */
-import { generateKeyPairSync, publicEncrypt, privateDecrypt, constants, createPublicKey, randomBytes, createHash, } from 'node:crypto';
-// ======================================================================
-//  BigInt / buffer helpers
-// ======================================================================
-function bigintToBytes(n, len) {
-    let hex = n.toString(16);
-    if (hex.length % 2)
-        hex = '0' + hex;
-    const buf = Buffer.from(hex, 'hex');
-    if (buf.length > len)
-        throw new Error('value too large for buffer');
-    if (buf.length === len)
-        return buf;
-    const padded = Buffer.alloc(len);
-    buf.copy(padded, len - buf.length);
-    return padded;
-}
-function bytesToBigint(buf) {
-    if (buf.length === 0)
-        return 0n;
-    return BigInt('0x' + buf.toString('hex'));
-}
-function egcd(a, b) {
-    let [oldR, r] = [a, b];
-    let [oldS, s] = [1n, 0n];
-    let [oldT, t] = [0n, 1n];
-    while (r !== 0n) {
-        const q = oldR / r;
-        [oldR, r] = [r, oldR - q * r];
-        [oldS, s] = [s, oldS - q * s];
-        [oldT, t] = [t, oldT - q * t];
-    }
-    return [oldR, oldS, oldT];
-}
-function modInverse(a, n) {
-    const norm = ((a % n) + n) % n;
-    const [g, x] = egcd(norm, n);
-    if (g !== 1n)
-        throw new Error('no modular inverse');
-    return ((x % n) + n) % n;
-}
-// ======================================================================
-//  Full-domain hash (FDH) for RSA blind signatures
-// ======================================================================
-/**
- * Map a message to a uniformly-distributed integer in [1, n). Standard
- * FDH construction via MGF1-SHA256 with a counter-based retry loop to
- * handle the edge case where the candidate is ≥ n.
- *
- * Why FDH matters: without it, RSA signatures are vulnerable to
- * multiplicative forgery attacks (signatures can be combined to forge
- * signatures on products of messages). FDH destroys the algebraic
- * structure of the message so no such combination exists.
- */
-function fdh(message, modulus, modulusBytes) {
-    for (let counter = 0; counter < 1000; counter++) {
-        const out = Buffer.alloc(modulusBytes);
-        let written = 0;
-        let i = 0;
-        while (written < modulusBytes) {
-            const hash = createHash('sha256');
-            hash.update(message);
-            const counterBuf = Buffer.alloc(4);
-            counterBuf.writeUInt32BE(counter, 0);
-            hash.update(counterBuf);
-            const iBuf = Buffer.alloc(4);
-            iBuf.writeUInt32BE(i, 0);
-            hash.update(iBuf);
-            const digest = hash.digest();
-            const take = Math.min(digest.length, modulusBytes - written);
-            digest.copy(out, written, 0, take);
-            written += take;
-            i++;
-        }
-        // Clear the top bit to reduce the chance of value ≥ n on the first try.
-        out[0] &= 0x7f;
-        const candidate = bytesToBigint(out);
-        if (candidate > 0n && candidate < modulus)
-            return candidate;
-    }
-    throw new Error('FDH: exhausted counter without finding candidate');
-}
-function rawPublicOp(key, value) {
-    const input = bigintToBytes(value, key.modulusBytes);
-    const output = publicEncrypt({ key: key.keyObj, padding: constants.RSA_NO_PADDING }, input);
-    return bytesToBigint(output);
-}
-function rawPrivateOp(key, value) {
-    const input = bigintToBytes(value, key.modulusBytes);
-    const output = privateDecrypt({ key: key.keyObjPriv, padding: constants.RSA_NO_PADDING }, input);
-    return bytesToBigint(output);
-}
-// ======================================================================
-//  Blind signature protocol
-// ======================================================================
-/**
- * Blind a token: pick r ∈ [2, n), compute blinded = FDH(token) · r^e mod n.
- * The admin sees only the blinded value (uniform over Z_n*) and learns
- * nothing about the token.
- */
-export function blindToken(tokenBytes, pubKey) {
-    const m = fdh(tokenBytes, pubKey.n, pubKey.modulusBytes);
-    let r = 0n;
-    for (let attempts = 0; attempts < 32; attempts++) {
-        const rBytes = randomBytes(pubKey.modulusBytes);
-        rBytes[0] &= 0x7f;
-        const candidate = bytesToBigint(rBytes);
-        if (candidate > 1n && candidate < pubKey.n) {
-            r = candidate;
-            break;
-        }
-    }
-    if (r === 0n)
-        throw new Error('blindToken: failed to sample r');
-    const rE = rawPublicOp(pubKey, r);
-    const blinded = (m * rE) % pubKey.n;
-    return { blinded, r };
-}
-/** Admin-side: sign a blinded value. No knowledge of the original token. */
-export function signBlinded(blinded, privKey) {
-    return rawPrivateOp(privKey, blinded);
-}
-/**
- * Member-side: given the admin's signature on the blinded value, remove
- * the blinding factor to obtain a raw RSA-FDH signature over the original
- * token that the admin never saw.
- *
- * Math: signed_blinded = (FDH(t) · r^e)^d = FDH(t)^d · r mod n.
- * Multiplying by r^(-1) mod n yields FDH(t)^d = the raw signature.
- */
-export function unblindSignature(blindedSignature, r, pubKey) {
-    const rInv = modInverse(r, pubKey.n);
-    return (blindedSignature * rInv) % pubKey.n;
-}
-/**
- * Verify a (token, signature) pair against the admin's public key.
- * True iff signature^e ≡ FDH(token) (mod n).
- */
-export function verifyTokenSignature(tokenBytes, signature, pubKey) {
-    if (signature <= 0n || signature >= pubKey.n)
-        return false;
-    const expected = fdh(tokenBytes, pubKey.n, pubKey.modulusBytes);
-    const actual = rawPublicOp(pubKey, signature);
-    return expected === actual;
-}
-// ======================================================================
-//  Key generation and export/import
-// ======================================================================
-export function generateGroupKey(bits = 2048) {
-    const { publicKey, privateKey } = generateKeyPairSync('rsa', {
-        modulusLength: bits,
-        publicExponent: 65537,
-    });
-    const jwk = publicKey.export({ format: 'jwk' });
-    const n = bytesToBigint(Buffer.from(jwk.n, 'base64url'));
-    const e = bytesToBigint(Buffer.from(jwk.e, 'base64url'));
-    const modulusBytes = Math.ceil(bits / 8);
-    return {
-        n, e, modulusBytes,
-        keyObj: publicKey,
-        keyObjPriv: privateKey,
-    };
-}
-export function exportGroupPublicKey(key) {
-    return {
-        n: key.n.toString(16),
-        e: key.e.toString(16),
-        modulusBytes: key.modulusBytes,
-    };
-}
-export function importGroupPublicKey(exported) {
-    const n = BigInt('0x' + exported.n);
-    const e = BigInt('0x' + exported.e);
-    const nBytes = bigintToBytes(n, exported.modulusBytes);
-    let eHex = e.toString(16);
-    if (eHex.length % 2)
-        eHex = '0' + eHex;
-    const eBytes = Buffer.from(eHex, 'hex');
-    const keyObj = createPublicKey({
-        key: {
-            kty: 'RSA',
-            n: nBytes.toString('base64url'),
-            e: eBytes.toString('base64url'),
-        },
-        format: 'jwk',
-    });
-    return { n, e, modulusBytes: exported.modulusBytes, keyObj };
-}
-/**
- * Admin holds the group private key and a roster of authorized members.
- * Admin does NOT hold any of the tokens, by design — blind signing means
- * the admin never sees what they signed. This is the key privacy property.
- *
- * The admin's responsibilities are purely social: decide who's in the
- * group, set per-member quotas, rotate the group key when someone leaves.
- */
-export class GroupAdmin {
-    groupId;
-    key;
-    members;
-    constructor(groupId, key, members) {
-        this.groupId = groupId;
-        this.key = key;
-        this.members = members;
-    }
-    static create(groupId, bits = 2048) {
-        return new GroupAdmin(groupId, generateGroupKey(bits), new Map());
-    }
-    addMember(pubkey, quotaPerBatch = 100, validForDays = 365) {
-        this.members.set(pubkey, {
-            pubkey,
-            expiresAt: Date.now() + validForDays * 86400_000,
-            quotaPerBatch,
-        });
-    }
-    removeMember(pubkey) {
-        return this.members.delete(pubkey);
-    }
-    /**
-     * Sign a batch of blinded tokens submitted by a member. The admin
-     * authenticates the request out-of-band (member identity auth happens
-     * at the HTTP layer via a member signing key — not modelled here).
-     *
-     * Throws on: unknown member, expired membership, batch-too-large.
-     */
-    signBatch(memberPubkey, blinded) {
-        const member = this.members.get(memberPubkey);
-        if (!member)
-            throw new Error(`unknown member: ${memberPubkey.slice(0, 16)}...`);
-        if (member.expiresAt < Date.now())
-            throw new Error('member membership expired');
-        if (blinded.length > member.quotaPerBatch) {
-            throw new Error(`batch size ${blinded.length} exceeds quota ${member.quotaPerBatch}`);
-        }
-        return blinded.map((b) => signBlinded(b, this.key));
-    }
-    publicKey() {
-        return exportGroupPublicKey(this.key);
-    }
-}
-/**
- * Member holds an identity pubkey (used by the admin for roster lookup)
- * and a local stash of unused (token, signature) pairs. Tokens are single-
- * use — consume one per borrow. Admin never saw any of these tokens.
- */
-export class GroupMember {
-    memberPubkey;
-    groupPublicKey;
-    tokens = [];
-    constructor(memberPubkey, groupPublicKey) {
-        this.memberPubkey = memberPubkey;
-        this.groupPublicKey = groupPublicKey;
-    }
-    /**
-     * Step 1 of a token batch: generate random tokens, blind each, return
-     * the blinded values (to send to admin) plus the per-token state
-     * (kept locally for unblinding after admin responds).
-     */
-    prepareBatch(count) {
-        const blinded = [];
-        const state = [];
-        for (let i = 0; i < count; i++) {
-            const token = randomBytes(32);
-            const { blinded: b, r } = blindToken(token, this.groupPublicKey);
-            blinded.push(b);
-            state.push({ token, r });
-        }
-        return { blinded, state };
-    }
-    /**
-     * Step 2 of a token batch: unblind each admin-signed value, verify the
-     * resulting raw signature, and add the (token, signature) pair to the
-     * local stash. Any verification failure throws — we never store a token
-     * whose signature doesn't check out.
-     */
-    finalizeBatch(signedBlinded, state) {
-        if (signedBlinded.length !== state.length) {
-            throw new Error('finalizeBatch: length mismatch');
-        }
-        const toStore = [];
-        for (let i = 0; i < signedBlinded.length; i++) {
-            const signature = unblindSignature(signedBlinded[i], state[i].r, this.groupPublicKey);
-            if (!verifyTokenSignature(state[i].token, signature, this.groupPublicKey)) {
-                throw new Error(`finalizeBatch: signature ${i} failed verification`);
-            }
-            toStore.push({ token: state[i].token, signature });
-        }
-        this.tokens.push(...toStore);
-    }
-    consumeToken() {
-        return this.tokens.shift() ?? null;
-    }
-    tokenCount() {
-        return this.tokens.length;
-    }
-}
-/**
- * Lender holds the group public key and a set of token hashes that have
- * already been redeemed. Memory-only in v1; a persisted set would be a
- * sqlite table keyed on token hash, or just a file of sha256 hex lines.
- *
- * The lender LEARNS NOTHING about which member borrowed. That's the
- * whole point — blind signatures decouple "who signed this request"
- * (the admin, uniformly) from "who holds the token" (one specific
- * member who is anonymous to the lender).
- */
-export class GroupLender {
-    groupId;
-    groupPublicKey;
-    seenTokens = new Set();
-    maxSeenTokens;
-    constructor(groupId, groupPublicKey, opts = {}) {
-        this.groupId = groupId;
-        this.groupPublicKey = groupPublicKey;
-        this.maxSeenTokens = opts.maxSeenTokens ?? 100_000;
-    }
-    acceptBorrow(token, signature) {
-        if (!verifyTokenSignature(token, signature, this.groupPublicKey)) {
-            return { ok: false, reason: 'invalid_signature' };
-        }
-        const hash = createHash('sha256').update(token).digest('hex');
-        if (this.seenTokens.has(hash)) {
-            return { ok: false, reason: 'double_spend' };
-        }
-        this.seenTokens.add(hash);
-        if (this.seenTokens.size > this.maxSeenTokens) {
-            const oldest = this.seenTokens.values().next().value;
-            if (oldest)
-                this.seenTokens.delete(oldest);
-        }
-        return { ok: true };
-    }
-    seenCount() {
-        return this.seenTokens.size;
-    }
-}
-export function encodeBorrowEnvelope(groupId, bt, request) {
-    const env = {
-        v: 1,
-        groupId,
-        token: bt.token.toString('base64url'),
-        sig: bt.signature.toString(16),
-        request,
-    };
-    return JSON.stringify(env);
-}
-export function decodeBorrowEnvelope(s) {
-    try {
-        const obj = JSON.parse(s);
-        if (obj?.v !== 1 ||
-            typeof obj.groupId !== 'string' ||
-            typeof obj.token !== 'string' ||
-            typeof obj.sig !== 'string' ||
-            obj.request === undefined) {
-            return null;
-        }
-        return obj;
-    }
-    catch {
-        return null;
-    }
-}
-export function parseBorrowToken(env) {
-    try {
-        return {
-            token: Buffer.from(env.token, 'base64url'),
-            signature: BigInt('0x' + env.sig),
-        };
-    }
-    catch {
-        return null;
-    }
-}