@lifeready/core 1.0.0 → 1.0.1

package/src/lib/cryptography/key.service.ts

@@ -0,0 +1,154 @@
+import { Inject, Injectable } from '@angular/core';
+import { Key, PassKey } from './cryptography.types';
+import { LrNotFoundException } from '../_common/exceptions';
+import { PersistService } from '../api/persist.service';
+import { KeyFactoryService as KFS } from './key-factory.service';
+import { LifeReadyConfig, LR_CONFIG } from '../life-ready.config';
+
+export class UserKeys {
+  passKey: PassKey;
+  masterKey: Key;
+  rootKey?: Key;
+  pxk?: Key;
+  sigPxk?: Key;
+}
+
+interface StoredPassKey {
+  id: string;
+  jwk: object;
+}
+
+@Injectable({
+  providedIn: 'root',
+})
+export class KeyService {
+  private readonly STORE_MASTER_KEY = 'masterKey';
+  // variables
+  private keys: UserKeys;
+  private masterKey: Key;
+
+  // AZ: This can't be change easily. It's basically a PassK or PassIdp rotation.
+  // todo: we should eventually increase this periodically to match with Moore's law.
+  // The iterations for each key are kept by the server as well but we assume the value
+  // from the server is not trustworthy, so need to have minimum thresholds here.
+  // If creating new keys, these minimum are used.
+  public readonly MIN_PASS_IDP_PBKDF_ITER = 100000;
+  public readonly MIN_PASS_KEY_PBKDF_ITER = 100000;
+  public readonly MIN_LBOP_KEY_PBKDF_ITER = 100000;
+
+  // These are used as the default values. They must be larger than the minimum values.
+  public readonly DEFAULT_PASS_IDP_PBKDF_ITER = this.MIN_PASS_IDP_PBKDF_ITER;
+  public readonly DEFAULT_PASS_KEY_PBKDF_ITER = this.MIN_PASS_KEY_PBKDF_ITER;
+  public readonly DEFAULT_LBOP_KEY_PBKDF_ITER = this.MIN_LBOP_KEY_PBKDF_ITER;
+
+  constructor(
+    @Inject(LR_CONFIG) private config: LifeReadyConfig,
+    private persistService: PersistService
+  ) {
+    this.resetKeys();
+  }
+
+  resetKeys() {
+    this.keys = null;
+    this.masterKey = null;
+  }
+
+  purgeKeys() {
+    this.resetKeys();
+    this.persistService.clear();
+  }
+
+  populateKeys(keys: UserKeys) {
+    this.keys = keys;
+  }
+
+  public getCurrentPassKey(): Key {
+    return this.keys.passKey;
+  }
+
+  public getCurrentMasterKey(): Key {
+    return this.keys.masterKey;
+  }
+
+  public getCurrentRootKey(): Key {
+    return this.keys.rootKey;
+  }
+
+  public getCurrentPxk(): Key {
+    return this.keys.pxk;
+  }
+
+  public getCurrentSigPxk(): Key {
+    return this.keys.sigPxk;
+  }
+
+  private expiresAfter(seconds: number): Date {
+    return new Date(Date.now() + 1000 * seconds);
+  }
+
+  async persistMasterKey(
+    masterKey: Key,
+    expiresAfterSeconds: number
+  ): Promise<void> {
+    const storedKey = {
+      id: masterKey.id,
+      jwk: masterKey.jwk.toJSON(true),
+    };
+
+    this.masterKey = masterKey;
+
+    // Save in an expirable cookie.
+    await this.persistService.set({
+      name: this.STORE_MASTER_KEY,
+      value: storedKey,
+      expiry: this.expiresAfter(expiresAfterSeconds),
+      serverSession: !this.config.disableSessionEncryptionKey,
+    });
+  }
+
+  async setMasterKeyExpiresAfterSeconds(seconds: number): Promise<void> {
+    const storedKey = await this.persistService.get(this.STORE_MASTER_KEY);
+    if (storedKey == null) {
+      throw new LrNotFoundException(
+        `Can not find masterKey in persisted storage using name: ${this.STORE_MASTER_KEY}`
+      );
+    }
+    await this.persistService.set({
+      name: this.STORE_MASTER_KEY,
+      value: storedKey,
+      expiry: this.expiresAfter(seconds),
+      serverSession: !this.config.disableSessionEncryptionKey,
+    });
+  }
+
+  // There's little benefit in using WebCrypto's none-extractable keys because if there
+  // is an XSS attack, then the attacker has control over the js that downloads the keys. The
+  // attacker can modify the code to import the keys as extractable. So none-extractable keys
+  // are only useful if they are already persisted and the user cannot download any more keys,
+  // which is not feasible.
+  // So storing the PassKey in localstorage for now, at least till we know what the usage
+  // pattern is, i.e. how often do we need to use the RootK, MaterK, and PassK.
+  async loadMasterKey(masterKeyId: string): Promise<Key> {
+    if (!this.masterKey) {
+      const storedKey = await this.persistService.get(this.STORE_MASTER_KEY);
+
+      if (!storedKey) {
+        throw new LrNotFoundException(
+          'Could not find masterKey in persisted storage'
+        );
+      }
+
+      if (storedKey.id !== masterKeyId) {
+        throw new LrNotFoundException(
+          `masterKeyId ${storedKey.id} in persisted storage does not match the one requested ${masterKeyId}`
+        );
+      }
+
+      storedKey.jwk = await KFS.asKey(storedKey.jwk);
+
+      this.masterKey = storedKey;
+    }
+
+    return this.masterKey;
+  }
+}

package/src/lib/cryptography/slip39.service.spec.ts

@@ -0,0 +1,44 @@
+import { TestBed } from '@angular/core/testing';
+import { Slip39Service, Assembly, SubAssembly } from './slip39.service';
+import { ScenarioApproverService } from '../scenario/approvals/scenario-approver.service';
+import { lrConfigureTestingModule } from '../_common/tests';
+
+describe('Slip32Service', () => {
+  let slip39Service: Slip39Service;
+
+  beforeEach(() => {
+    lrConfigureTestingModule();
+    slip39Service = TestBed.inject(Slip39Service);
+  });
+
+  it('should combine mnemonics', async () => {
+    const quorum = 2;
+    const slipAssembly = new Assembly(quorum);
+
+    slipAssembly.addSubAssembly(new SubAssembly(0, 2, 3));
+    slipAssembly.addSubAssembly(new SubAssembly(1, 2, 2));
+    slipAssembly.addSubAssembly(new SubAssembly(2, 3, 5));
+
+    const secret = '123456abcdefg';
+    await slip39Service.generateShares(
+      secret,
+      ScenarioApproverService.SLIP39_PASSPHRASE,
+      slipAssembly
+    );
+
+    const mnemonics = [];
+
+    slipAssembly.subAssemblies.forEach((sa) => {
+      sa.shares.forEach((share) => mnemonics.push(share.mnemonics));
+    });
+
+    expect(mnemonics.length).toBe(10);
+
+    // The recoverSecret() should
+    const recovered = await slip39Service.recoverSecret(
+      mnemonics,
+      ScenarioApproverService.SLIP39_PASSPHRASE
+    );
+    expect(recovered).toEqual(secret);
+  });
+});

package/src/lib/cryptography/slip39.service.ts

@@ -0,0 +1,204 @@
+import { Injectable } from '@angular/core';
+import { Slip39, Slip39Helper } from 'slip39';
+
+export class SecretShare {
+  constructor(
+    public assembly: number = 0,
+    public subAssembly: number = 0,
+    public mnemonics: string = ''
+  ) {}
+}
+
+export class SubAssembly {
+  constructor(
+    public index: number,
+    public threshold: number = 0,
+    public size: number = 0
+  ) {
+    this.clearShares();
+  }
+
+  shares: SecretShare[];
+
+  public clearShares() {
+    this.shares = Array();
+  }
+
+  public addShare(share: SecretShare) {
+    this.shares.push(share);
+  }
+}
+
+export class Assembly {
+  constructor(public threshold: number = 0) {
+    this.clearSubAssemblies();
+  }
+
+  subAssemblies: SubAssembly[];
+
+  public size() {
+    return this.subAssemblies.length;
+  }
+
+  public clearSubAssemblies() {
+    this.subAssemblies = new Array();
+  }
+
+  public addSubAssembly(subAssembly: SubAssembly) {
+    this.subAssemblies.push(subAssembly);
+  }
+}
+
+export class SubQuorum {
+  shares: string[];
+
+  constructor(public subAssemblyIndex: number) {
+    this.clearShares();
+  }
+
+  public clearShares() {
+    this.shares = new Array();
+  }
+
+  public addShare(share: string) {
+    this.shares.push(share);
+  }
+}
+
+export class Quorum {
+  subQuora: SubQuorum[];
+
+  constructor() {
+    this.clearSubQuora();
+  }
+
+  public clearSubQuora() {
+    this.subQuora = new Array();
+  }
+
+  public addSubQuorum(subQuorum: SubQuorum) {
+    this.subQuora.push(subQuorum);
+  }
+
+  public serialiseShares() {
+    let shares = [];
+
+    this.subQuora.forEach((subQuorum) => {
+      shares = shares.concat(subQuorum.shares);
+    });
+
+    return shares;
+  }
+}
+
+@Injectable({
+  providedIn: 'root',
+})
+export class Slip39Service {
+  constructor() {}
+
+  public async generateShares(secret, passphrase: string, assembly: Assembly) {
+    // Hex-encode secret.
+    let ems = btoa(secret);
+    ems = Slip39Helper.slip39EncodeHex(ems);
+
+    // Construct group specifications
+    const groups = [];
+
+    for (const sa of assembly.subAssemblies) {
+      groups.push([sa.threshold, sa.size]);
+    }
+
+    // Split!
+    const slip = await Slip39.fromArray(ems, {
+      passphrase,
+      threshold: assembly.threshold,
+      groups,
+      title: '',
+    });
+
+    // Extract shares
+    assembly.subAssemblies.forEach((sa, isa) => {
+      // Remove any existing shares
+      sa.clearShares();
+
+      for (let im = 0; im < sa.size; im++) {
+        // Construct the path to the share, formatted as "r/<subassembly index>/<member index>"
+        // with <subassembly index> and <member index> being two-digit, zero-padded integers.
+        const path =
+          'r/' +
+          isa.toString().padStart(2, '0') +
+          '/' +
+          im.toString().padStart(2, '0');
+        const mnemonics = slip.fromPath(path).mnemonics[0];
+        const share = new SecretShare(isa, im, mnemonics);
+
+        sa.addShare(share);
+      }
+    });
+  }
+
+  // Remove all redundant shares. i.e. keep only enough members and groups to satisfy the thresholds.
+  private minimalSet(mnemonics: string[]): string[] {
+    // Decode the mnemonics and sort then into groups.
+    let groupThresh = null;
+    const groups = new Map();
+    for (const mnemonic of mnemonics) {
+      const decoded = Slip39Helper.decodeMnemonic(mnemonic);
+
+      if (groupThresh && groupThresh !== decoded.groupThreshold) {
+        throw new Error('groupThreshold is different in mnemonics');
+      }
+
+      groupThresh = decoded.groupThreshold;
+
+      // Note that Slip39.recoverSecret() will do all the error checking again. So it's not critical
+      // that we error check here. So we just optimistically assume it's all good.
+      let g = groups.get(decoded.groupIndex);
+      if (g == null) {
+        g = {
+          memberThreshold: decoded.memberThreshold,
+          members: [],
+        };
+        groups.set(decoded.groupIndex, g);
+      }
+
+      g.members.push({
+        mnemonic,
+        decoded,
+      });
+    }
+
+    // Keep the minimum set of groups that meet threshold.
+    const mnemonicsMinSet = [];
+    let groupCount = 0;
+    for (const g of groups.values()) {
+      // Keep only groups that meet threshold
+      if (g.members.length < g.memberThreshold) {
+        continue;
+      }
+
+      // Keep minimum number of approvals needed for group
+      g.members.slice(0, g.memberThreshold).forEach((member) => {
+        mnemonicsMinSet.push(member.mnemonic);
+      });
+
+      ++groupCount;
+      if (groupCount >= groupThresh) {
+        break;
+      }
+    }
+
+    return mnemonicsMinSet;
+  }
+
+  public async recoverSecret(shares: string[], passphrase: string) {
+    shares = this.minimalSet(shares);
+
+    const recovered = await Slip39.recoverSecret(shares, passphrase);
+
+    const secret = Slip39Helper.slip39DecodeHex(recovered);
+
+    return atob(secret);
+  }
+}

package/src/lib/cryptography/web-crypto.service.ts

@@ -0,0 +1,22 @@
+import { Injectable } from '@angular/core';
+
+@Injectable({
+  providedIn: 'root',
+})
+export class WebCryptoService {
+  crypto: Crypto = window.crypto;
+
+  toHex(buffer: ArrayBuffer) {
+    // Ref: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
+    const array = Array.from(new Uint8Array(buffer)); // convert buffer to byte array
+    const hex = array.map((b) => b.toString(16).padStart(2, '0')).join(''); // convert bytes to hex string
+    return hex;
+  }
+
+  async stringDigest(algorithm: string, message: string): Promise<string> {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(message);
+    const hash = await this.crypto.subtle.digest(algorithm, data);
+    return this.toHex(hash);
+  }
+}

package/src/lib/life-ready.config.ts

@@ -0,0 +1,127 @@
+import { InjectionToken } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import {
+  ApolloClientOptions,
+  ApolloLink,
+  createHttpLink,
+  DefaultOptions,
+  from,
+  InMemoryCache,
+} from '@apollo/client/core';
+import { setContext } from '@apollo/client/link/context';
+import { RetryLink } from '@apollo/client/link/retry';
+import { LrApiErrorCode } from './_common/exceptions';
+import { GraphQLError } from 'graphql';
+
+export const LR_CONFIG = new InjectionToken<LifeReadyConfig>('LR.AUTH');
+const RETRY_ERROR_CODES = [LrApiErrorCode.CONCURRENT_ACCESS];
+
+export interface LifeReadyConfig {
+  authUrl: string;
+  apiUrl: string;
+  apolloUrl: string;
+  userPoolId: string;
+  userPoolWebClientId: string;
+  apolloConfig?: ApolloClientOptions<any>;
+  // Mainly to allow localhost to not needing this. Default to falsy
+  disableSessionEncryptionKey?: boolean;
+}
+
+export const configureApollo = (
+  config: LifeReadyConfig,
+  auth: AuthClass
+): ApolloClientOptions<any> => {
+  const defaultOptions: DefaultOptions = {
+    watchQuery: {
+      fetchPolicy: 'no-cache',
+      errorPolicy: 'all',
+    },
+    query: {
+      fetchPolicy: 'no-cache',
+      errorPolicy: 'all',
+    },
+    mutate: {
+      errorPolicy: 'all',
+    },
+  };
+
+  const authLink = setContext(async (_, { headers }) => {
+    let accessJwt = null;
+    try {
+      accessJwt = (await auth.currentSession()).getAccessToken();
+    } catch {
+      console.log('User not signed in');
+    }
+
+    return {
+      headers: {
+        ...headers,
+        authorization: accessJwt ? `Bearer ${accessJwt.jwtToken}` : '',
+      },
+    };
+  });
+
+  // We are only retrying on certain errors, like the CONCURRENT_ACCESS gql
+  // error which indicates DB race condition. So can be safely retried.
+  const retryIf = (error, _) => {
+    // The RetryLink is called on network error as well, so we need to filter for GraphQL errors.
+    if (error instanceof GraphQLErrorException) {
+      if (
+        error.errors.some((e) => RETRY_ERROR_CODES.includes(e.extensions?.code))
+      ) {
+        return true;
+      }
+    }
+
+    return false;
+  };
+
+  const retryLink = new RetryLink({
+    delay: {
+      initial: 300,
+      max: Infinity,
+      jitter: true,
+    },
+    attempts: {
+      max: 3,
+      retryIf,
+    },
+  });
+
+  class GraphQLErrorException extends Error {
+    constructor(public errors: readonly GraphQLError[]) {
+      super(errors.map((e) => e.message).join(', '));
+    }
+  }
+
+  // Throw exception on gql errors which effectively promotes it to a network
+  // error, which can then be handled by the RetryLink.
+  const promoteGqlErrors = new ApolloLink((operation, forward) => {
+    return forward(operation).map((data) => {
+      if (data && data.errors) {
+        const errors = data.errors.filter((e) =>
+          RETRY_ERROR_CODES.includes(e.extensions?.code)
+        );
+
+        if (errors.length > 0) {
+          throw new GraphQLErrorException(data.errors);
+        }
+      }
+      return data;
+    });
+  });
+
+  const httpLink = createHttpLink({
+    uri: config.apolloUrl,
+    // Sending the sessionid cookie so that the server can use session data when needed.
+    // eg. setting the session encryption key.
+    credentials: 'include',
+  });
+
+  return {
+    link: from([retryLink, promoteGqlErrors, authLink, httpLink]),
+    cache: new InMemoryCache(),
+    defaultOptions,
+    ...config.apolloConfig,
+  };
+};

package/src/lib/life-ready.module.ts

@@ -0,0 +1,81 @@
+import { HttpClientModule } from '@angular/common/http';
+import { APP_INITIALIZER, ModuleWithProviders, NgModule } from '@angular/core';
+import Auth from '@aws-amplify/auth';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { APOLLO_OPTIONS } from 'apollo-angular';
+import { CookieService } from 'ngx-cookie-service';
+import { FileService } from './api/file.service';
+import { ProfileService } from './users/profile.service';
+import { configureAmplifyAuth } from './auth/auth.config';
+import {
+  initialiseAuth,
+  LifeReadyAuthService,
+} from './auth/life-ready-auth.service';
+import { PasswordService } from './auth/password.service';
+import { RegisterService } from './auth/register.service';
+import { EncryptionService } from './cryptography/encryption.service';
+import { KeyGraphService } from './cryptography/key-graph.service';
+import { KeyService } from './cryptography/key.service';
+import { KeyFactoryService } from './cryptography/key-factory.service';
+import { WebCryptoService } from './cryptography/web-crypto.service';
+import {
+  configureApollo,
+  LifeReadyConfig,
+  LR_CONFIG,
+} from './life-ready.config';
+import { TimeService } from './api/time.service';
+import { NgIdleKeepaliveModule } from '@ng-idle/keepalive';
+
+@NgModule({
+  imports: [HttpClientModule, NgIdleKeepaliveModule.forRoot()],
+  providers: [
+    CookieService,
+    TimeService,
+    FileService,
+    ProfileService,
+    RegisterService,
+    LifeReadyAuthService,
+    PasswordService,
+    WebCryptoService,
+    EncryptionService,
+    KeyGraphService,
+    KeyService,
+    KeyFactoryService,
+  ],
+})
+export class LifeReadyModule {
+  public static forRoot(
+    config: LifeReadyConfig
+  ): ModuleWithProviders<LifeReadyModule> {
+    return {
+      ngModule: LifeReadyModule,
+      providers: [
+        {
+          provide: LR_CONFIG,
+          useValue: config,
+        },
+        {
+          provide: AuthClass,
+          useValue: Auth,
+        },
+        {
+          provide: APP_INITIALIZER,
+          useFactory: configureAmplifyAuth,
+          deps: [LR_CONFIG, AuthClass],
+          multi: true,
+        },
+        {
+          provide: APP_INITIALIZER,
+          useFactory: initialiseAuth,
+          deps: [LifeReadyAuthService],
+          multi: true,
+        },
+        {
+          provide: APOLLO_OPTIONS,
+          useFactory: configureApollo,
+          deps: [LR_CONFIG, AuthClass],
+        },
+      ],
+    };
+  }
+}