@shapeshiftoss/hdwallet-native-vault 1.55.4-alpha.1 → 1.55.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +28 -14
- package/dist/index.js.map +1 -1
- package/dist/mapVault.js +105 -42
- package/dist/mapVault.js.map +1 -1
- package/dist/rawVault.js +228 -168
- package/dist/rawVault.js.map +1 -1
- package/dist/test/mockVault.skip.js +129 -73
- package/dist/test/mockVault.skip.js.map +1 -1
- package/dist/types.js +2 -1
- package/dist/util.js +68 -24
- package/dist/util.js.map +1 -1
- package/dist/vault.js +183 -121
- package/dist/vault.js.map +1 -1
- package/package.json +3 -3
package/dist/rawVault.js
CHANGED
|
@@ -1,81 +1,241 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
26
|
+
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
27
|
+
return new (P || (P = Promise))(function (resolve, reject) {
|
|
28
|
+
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
29
|
+
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
30
|
+
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
31
|
+
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
32
|
+
});
|
|
33
|
+
};
|
|
34
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
35
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
36
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
37
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
38
|
+
};
|
|
39
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
40
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
41
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
42
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
43
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
44
|
+
};
|
|
45
|
+
var _a, _RawVault_machineSeed, _RawVault_keyStore, _RawVault_vaultStore, _RawVault_deriveVaultKey, _RawVault_argonParams, _RawVault_key;
|
|
46
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
47
|
+
exports.RawVault = void 0;
|
|
48
|
+
const core = __importStar(require("@shapeshiftoss/hdwallet-core"));
|
|
49
|
+
const hash_wasm_1 = require("hash-wasm");
|
|
50
|
+
const idb = __importStar(require("idb-keyval"));
|
|
51
|
+
const jose = __importStar(require("jose"));
|
|
52
|
+
const ta = __importStar(require("type-assertions"));
|
|
53
|
+
const uuid = __importStar(require("uuid"));
|
|
54
|
+
const util_1 = require("./util");
|
|
8
55
|
// This has to be outside the class so the static initializers for defaultArgonParams and #machineSeed can reference it.
|
|
9
56
|
let resolvers = {};
|
|
10
57
|
ta.assert();
|
|
11
|
-
|
|
58
|
+
class RawVault extends (0, util_1.Revocable)(Object.freeze(class {
|
|
12
59
|
})) {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
currentResolvers.keyStore?.(params?.keyStore ?? idb.createStore(keyStoreUUID, "keyval"));
|
|
30
|
-
currentResolvers.vaultStore?.(params?.vaultStore ?? idb.createStore(vaultStoreUUID, "keyval"));
|
|
31
|
-
currentResolvers.machineSeed?.((await idb.get("machineSeed", await RawVault.#keyStore)) ??
|
|
32
|
-
(await (async () => {
|
|
33
|
-
const machineSeed = await (await crypto).subtle.importKey("raw", await (await crypto).getRandomValues(new Uint8Array(32)), "HKDF", false, [
|
|
60
|
+
static prepare(params) {
|
|
61
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
62
|
+
var _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
|
|
63
|
+
const currentResolvers = resolvers;
|
|
64
|
+
resolvers = undefined;
|
|
65
|
+
if (!currentResolvers) {
|
|
66
|
+
if (params)
|
|
67
|
+
throw new Error("can't call prepare with a parameters object after vault is already prepared");
|
|
68
|
+
return;
|
|
69
|
+
}
|
|
70
|
+
(0, util_1.setCrypto)((_b = params === null || params === void 0 ? void 0 : params.crypto) !== null && _b !== void 0 ? _b : globalThis.crypto);
|
|
71
|
+
(0, util_1.setPerformance)((_c = params === null || params === void 0 ? void 0 : params.performance) !== null && _c !== void 0 ? _c : globalThis.performance);
|
|
72
|
+
(_d = currentResolvers.keyStore) === null || _d === void 0 ? void 0 : _d.call(currentResolvers, (_e = params === null || params === void 0 ? void 0 : params.keyStore) !== null && _e !== void 0 ? _e : idb.createStore(util_1.keyStoreUUID, "keyval"));
|
|
73
|
+
(_f = currentResolvers.vaultStore) === null || _f === void 0 ? void 0 : _f.call(currentResolvers, (_g = params === null || params === void 0 ? void 0 : params.vaultStore) !== null && _g !== void 0 ? _g : idb.createStore(util_1.vaultStoreUUID, "keyval"));
|
|
74
|
+
(_h = currentResolvers.machineSeed) === null || _h === void 0 ? void 0 : _h.call(currentResolvers, (_j = (yield idb.get("machineSeed", yield __classPrivateFieldGet(_a, _a, "f", _RawVault_keyStore)))) !== null && _j !== void 0 ? _j : (yield (() => __awaiter(this, void 0, void 0, function* () {
|
|
75
|
+
const machineSeed = yield (yield util_1.crypto).subtle.importKey("raw", yield (yield util_1.crypto).getRandomValues(new Uint8Array(32)), "HKDF", false, [
|
|
34
76
|
"deriveBits",
|
|
35
77
|
"deriveKey",
|
|
36
78
|
]);
|
|
37
|
-
|
|
79
|
+
yield idb.set("machineSeed", machineSeed, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_keyStore));
|
|
38
80
|
return machineSeed;
|
|
39
|
-
})()));
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
81
|
+
}))()));
|
|
82
|
+
(_k = currentResolvers.defaultArgonParams) === null || _k === void 0 ? void 0 : _k.call(currentResolvers, (_l = (yield idb.get("defaultArgonParams", yield __classPrivateFieldGet(_a, _a, "f", _RawVault_keyStore)))) !== null && _l !== void 0 ? _l : {
|
|
83
|
+
then: (onfulfilled, onrejected) => {
|
|
84
|
+
return (() => __awaiter(this, void 0, void 0, function* () {
|
|
85
|
+
// For more details on parameter selection, see:
|
|
86
|
+
// https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-argon2-04#section-4
|
|
87
|
+
const out = {
|
|
88
|
+
parallelism: 1,
|
|
89
|
+
memorySize: 32 * 1024,
|
|
90
|
+
iterations: 16,
|
|
91
|
+
};
|
|
92
|
+
yield idb.set("defaultArgonParams", out, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_keyStore));
|
|
93
|
+
return out;
|
|
94
|
+
}))().then(onfulfilled, onrejected);
|
|
95
|
+
},
|
|
96
|
+
});
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
//#region static: VaultFactory<RawVault>
|
|
100
|
+
static create(password) {
|
|
101
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
102
|
+
return yield _a.open(undefined, password);
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
static open(id, password) {
|
|
106
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
107
|
+
yield _a.prepare();
|
|
108
|
+
// eslint-disable-next-line @typescript-eslint/no-shadow
|
|
109
|
+
const factory = (id, argonParams) => __awaiter(this, void 0, void 0, function* () {
|
|
110
|
+
const vaultRevoker = new ((0, util_1.Revocable)(class {
|
|
111
|
+
}))();
|
|
112
|
+
const vault = (0, util_1.revocable)(new _a(id, argonParams), (x) => vaultRevoker.addRevoker(x));
|
|
113
|
+
vault.addRevoker(() => vaultRevoker.revoke());
|
|
114
|
+
return vault;
|
|
115
|
+
});
|
|
116
|
+
const out = yield (() => __awaiter(this, void 0, void 0, function* () {
|
|
117
|
+
if (id !== undefined) {
|
|
118
|
+
const jwe = yield idb.get(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
119
|
+
if (!jwe)
|
|
120
|
+
throw new Error("can't find specified vault");
|
|
121
|
+
const protectedHeader = jose.decodeProtectedHeader(jwe);
|
|
122
|
+
const argonParams = protectedHeader.argon;
|
|
123
|
+
if (!argonParams)
|
|
124
|
+
throw new Error("can't decode vault with missing argon parameters");
|
|
125
|
+
return yield factory(id, Promise.resolve(argonParams));
|
|
126
|
+
}
|
|
127
|
+
else {
|
|
128
|
+
return yield factory(uuid.v4({
|
|
129
|
+
random: yield (yield util_1.crypto).getRandomValues(new Uint8Array(16)),
|
|
130
|
+
}), _a.defaultArgonParams);
|
|
131
|
+
}
|
|
132
|
+
}))();
|
|
133
|
+
if (password !== undefined)
|
|
134
|
+
yield out.setPassword(password);
|
|
135
|
+
return out;
|
|
136
|
+
});
|
|
137
|
+
}
|
|
138
|
+
static list() {
|
|
139
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
140
|
+
yield _a.prepare();
|
|
141
|
+
const out = (yield idb.keys(yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore)))
|
|
142
|
+
.filter((k) => typeof k === "string")
|
|
143
|
+
.map((k) => k);
|
|
144
|
+
return out;
|
|
145
|
+
});
|
|
146
|
+
}
|
|
147
|
+
static meta(id) {
|
|
148
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
149
|
+
yield _a.prepare();
|
|
150
|
+
const jwe = yield idb.get(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
151
|
+
if (!jwe)
|
|
152
|
+
return undefined;
|
|
153
|
+
const meta = jose.decodeProtectedHeader(jwe).meta;
|
|
154
|
+
if (!meta || !core.isIndexable(meta))
|
|
155
|
+
return undefined;
|
|
156
|
+
const out = new Map();
|
|
157
|
+
Object.entries(meta).forEach(([k, v]) => out.set(k, v));
|
|
158
|
+
return out;
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
static delete(id) {
|
|
162
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
163
|
+
yield _a.prepare();
|
|
164
|
+
yield idb.del(id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
constructor(id, argonParams) {
|
|
168
|
+
super();
|
|
169
|
+
_RawVault_argonParams.set(this, void 0);
|
|
170
|
+
this.meta = new Map();
|
|
171
|
+
_RawVault_key.set(this, void 0);
|
|
172
|
+
this.id = id;
|
|
173
|
+
__classPrivateFieldSet(this, _RawVault_argonParams, argonParams.then((x) => Object.freeze(JSON.parse(JSON.stringify(x)))), "f");
|
|
174
|
+
}
|
|
175
|
+
setPassword(password) {
|
|
176
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
177
|
+
__classPrivateFieldSet(this, _RawVault_key, yield __classPrivateFieldGet(_a, _a, "m", _RawVault_deriveVaultKey).call(_a, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_machineSeed), this.id, yield __classPrivateFieldGet(this, _RawVault_argonParams, "f"), password, (x) => this.addRevoker(x)), "f");
|
|
178
|
+
return this;
|
|
179
|
+
});
|
|
180
|
+
}
|
|
181
|
+
load(deserialize) {
|
|
182
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
183
|
+
var _b;
|
|
184
|
+
if (!__classPrivateFieldGet(this, _RawVault_key, "f"))
|
|
185
|
+
throw new Error("can't load vault until key is set");
|
|
186
|
+
const jwe = yield idb.get(this.id, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
187
|
+
if (!jwe)
|
|
188
|
+
throw new Error("can't load missing vault");
|
|
189
|
+
const decryptResult = yield jose.flattenedDecrypt(jwe, __classPrivateFieldGet(this, _RawVault_key, "f"), {
|
|
190
|
+
keyManagementAlgorithms: ["A256KW"],
|
|
191
|
+
contentEncryptionAlgorithms: ["A256GCM"],
|
|
192
|
+
});
|
|
193
|
+
this.meta.clear();
|
|
194
|
+
const meta = (_b = decryptResult.protectedHeader) === null || _b === void 0 ? void 0 : _b.meta;
|
|
195
|
+
if (core.isIndexable(meta)) {
|
|
196
|
+
Object.entries(meta).forEach(([k, v]) => this.meta.set(k, v));
|
|
197
|
+
}
|
|
198
|
+
yield deserialize(decryptResult.plaintext);
|
|
199
|
+
return this;
|
|
54
200
|
});
|
|
55
201
|
}
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
202
|
+
save(serialize) {
|
|
203
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
204
|
+
if (!__classPrivateFieldGet(this, _RawVault_key, "f"))
|
|
205
|
+
throw new Error("can't save vault until key is set");
|
|
206
|
+
const payload = yield serialize();
|
|
207
|
+
//TODO: override the rng used by jose to calculate the CEK and IV with the dependency-injected one.
|
|
208
|
+
const jwe = yield new jose.FlattenedEncrypt(payload)
|
|
209
|
+
.setProtectedHeader({
|
|
210
|
+
alg: "A256KW",
|
|
211
|
+
enc: "A256GCM",
|
|
212
|
+
argon: yield __classPrivateFieldGet(this, _RawVault_argonParams, "f"),
|
|
213
|
+
meta: Array.from(this.meta.entries()).reduce((a, [k, v]) => ((a[k] = v), a), {}),
|
|
214
|
+
})
|
|
215
|
+
.encrypt(__classPrivateFieldGet(this, _RawVault_key, "f"));
|
|
216
|
+
yield idb.set(this.id, jwe, yield __classPrivateFieldGet(_a, _a, "f", _RawVault_vaultStore));
|
|
217
|
+
return this;
|
|
218
|
+
});
|
|
219
|
+
}
|
|
220
|
+
}
|
|
221
|
+
exports.RawVault = RawVault;
|
|
222
|
+
_a = RawVault, _RawVault_argonParams = new WeakMap(), _RawVault_key = new WeakMap(), _RawVault_deriveVaultKey = function _RawVault_deriveVaultKey(machineSeed, id, argonParams, password,
|
|
223
|
+
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
224
|
+
addRevoker) {
|
|
225
|
+
return __awaiter(this, void 0, void 0, function* () {
|
|
226
|
+
const idBuf = util_1.encoder.encode(id);
|
|
227
|
+
const argonSalt = new Uint8Array(yield (yield util_1.crypto).subtle.deriveBits({
|
|
62
228
|
name: "HKDF",
|
|
63
229
|
hash: "SHA-256",
|
|
64
230
|
salt: idBuf,
|
|
65
|
-
info: encoder.encode("argonSalt"),
|
|
231
|
+
info: util_1.encoder.encode("argonSalt"),
|
|
66
232
|
}, machineSeed, 128));
|
|
67
|
-
const argonKey =
|
|
68
|
-
...argonParams,
|
|
69
|
-
password,
|
|
70
|
-
salt: argonSalt,
|
|
71
|
-
hashLength: 32,
|
|
72
|
-
outputType: "binary",
|
|
73
|
-
});
|
|
233
|
+
const argonKey = yield (0, hash_wasm_1.argon2id)(Object.assign(Object.assign({}, argonParams), { password, salt: argonSalt, hashLength: 32, outputType: "binary" }));
|
|
74
234
|
// It might make more logical sense to use the argon-derived key in the salt field, but both fields provide
|
|
75
235
|
// equivalent security, and using idBuf as the seed in both places permits some optimization by sharing
|
|
76
236
|
// the result of HDKF-Extract between both calculations. (This isn't done right now, and can't be done with
|
|
77
237
|
// the WebCrypto API as it is, but maybe we'll use something else some day.)
|
|
78
|
-
const vaultKey =
|
|
238
|
+
const vaultKey = yield (yield util_1.crypto).subtle.deriveKey({
|
|
79
239
|
name: "HKDF",
|
|
80
240
|
hash: "SHA-256",
|
|
81
241
|
salt: idBuf,
|
|
@@ -87,114 +247,14 @@ export class RawVault extends Revocable(Object.freeze(class {
|
|
|
87
247
|
//TODO: Returning a revocable doesn't work here; WebCrypto in the browser complains about the proxy. Fix this.
|
|
88
248
|
return vaultKey;
|
|
89
249
|
// return revocable(vaultKey, addRevoker);
|
|
90
|
-
}
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
const factory = async (id, argonParams) => {
|
|
99
|
-
const vaultRevoker = new (Revocable(class {
|
|
100
|
-
}))();
|
|
101
|
-
const vault = revocable(new RawVault(id, argonParams), (x) => vaultRevoker.addRevoker(x));
|
|
102
|
-
vault.addRevoker(() => vaultRevoker.revoke());
|
|
103
|
-
return vault;
|
|
104
|
-
};
|
|
105
|
-
const out = await (async () => {
|
|
106
|
-
if (id !== undefined) {
|
|
107
|
-
const jwe = await idb.get(id, await RawVault.#vaultStore);
|
|
108
|
-
if (!jwe)
|
|
109
|
-
throw new Error("can't find specified vault");
|
|
110
|
-
const protectedHeader = jose.decodeProtectedHeader(jwe);
|
|
111
|
-
const argonParams = protectedHeader.argon;
|
|
112
|
-
if (!argonParams)
|
|
113
|
-
throw new Error("can't decode vault with missing argon parameters");
|
|
114
|
-
return await factory(id, Promise.resolve(argonParams));
|
|
115
|
-
}
|
|
116
|
-
else {
|
|
117
|
-
return await factory(uuid.v4({
|
|
118
|
-
random: await (await crypto).getRandomValues(new Uint8Array(16)),
|
|
119
|
-
}), RawVault.defaultArgonParams);
|
|
120
|
-
}
|
|
121
|
-
})();
|
|
122
|
-
if (password !== undefined)
|
|
123
|
-
await out.setPassword(password);
|
|
124
|
-
return out;
|
|
125
|
-
}
|
|
126
|
-
static async list() {
|
|
127
|
-
await RawVault.prepare();
|
|
128
|
-
const out = (await idb.keys(await RawVault.#vaultStore))
|
|
129
|
-
.filter((k) => typeof k === "string")
|
|
130
|
-
.map((k) => k);
|
|
131
|
-
return out;
|
|
132
|
-
}
|
|
133
|
-
static async meta(id) {
|
|
134
|
-
await RawVault.prepare();
|
|
135
|
-
const jwe = await idb.get(id, await RawVault.#vaultStore);
|
|
136
|
-
if (!jwe)
|
|
137
|
-
return undefined;
|
|
138
|
-
const meta = jose.decodeProtectedHeader(jwe).meta;
|
|
139
|
-
if (!meta || !core.isIndexable(meta))
|
|
140
|
-
return undefined;
|
|
141
|
-
const out = new Map();
|
|
142
|
-
Object.entries(meta).forEach(([k, v]) => out.set(k, v));
|
|
143
|
-
return out;
|
|
144
|
-
}
|
|
145
|
-
static async delete(id) {
|
|
146
|
-
await RawVault.prepare();
|
|
147
|
-
await idb.del(id, await RawVault.#vaultStore);
|
|
148
|
-
}
|
|
149
|
-
//#endregion
|
|
150
|
-
id;
|
|
151
|
-
#argonParams;
|
|
152
|
-
meta = new Map();
|
|
153
|
-
#key;
|
|
154
|
-
constructor(id, argonParams) {
|
|
155
|
-
super();
|
|
156
|
-
this.id = id;
|
|
157
|
-
this.#argonParams = argonParams.then((x) => Object.freeze(JSON.parse(JSON.stringify(x))));
|
|
158
|
-
}
|
|
159
|
-
async setPassword(password) {
|
|
160
|
-
this.#key = await RawVault.#deriveVaultKey(await RawVault.#machineSeed, this.id, await this.#argonParams, password, (x) => this.addRevoker(x));
|
|
161
|
-
return this;
|
|
162
|
-
}
|
|
163
|
-
async load(deserialize) {
|
|
164
|
-
if (!this.#key)
|
|
165
|
-
throw new Error("can't load vault until key is set");
|
|
166
|
-
const jwe = await idb.get(this.id, await RawVault.#vaultStore);
|
|
167
|
-
if (!jwe)
|
|
168
|
-
throw new Error("can't load missing vault");
|
|
169
|
-
const decryptResult = await jose.flattenedDecrypt(jwe, this.#key, {
|
|
170
|
-
keyManagementAlgorithms: ["A256KW"],
|
|
171
|
-
contentEncryptionAlgorithms: ["A256GCM"],
|
|
172
|
-
});
|
|
173
|
-
this.meta.clear();
|
|
174
|
-
const meta = decryptResult.protectedHeader?.meta;
|
|
175
|
-
if (core.isIndexable(meta)) {
|
|
176
|
-
Object.entries(meta).forEach(([k, v]) => this.meta.set(k, v));
|
|
177
|
-
}
|
|
178
|
-
await deserialize(decryptResult.plaintext);
|
|
179
|
-
return this;
|
|
180
|
-
}
|
|
181
|
-
async save(serialize) {
|
|
182
|
-
if (!this.#key)
|
|
183
|
-
throw new Error("can't save vault until key is set");
|
|
184
|
-
const payload = await serialize();
|
|
185
|
-
//TODO: override the rng used by jose to calculate the CEK and IV with the dependency-injected one.
|
|
186
|
-
const jwe = await new jose.FlattenedEncrypt(payload)
|
|
187
|
-
.setProtectedHeader({
|
|
188
|
-
alg: "A256KW",
|
|
189
|
-
enc: "A256GCM",
|
|
190
|
-
argon: await this.#argonParams,
|
|
191
|
-
meta: Array.from(this.meta.entries()).reduce((a, [k, v]) => ((a[k] = v), a), {}),
|
|
192
|
-
})
|
|
193
|
-
.encrypt(this.#key);
|
|
194
|
-
await idb.set(this.id, jwe, await RawVault.#vaultStore);
|
|
195
|
-
return this;
|
|
196
|
-
}
|
|
197
|
-
}
|
|
250
|
+
});
|
|
251
|
+
};
|
|
252
|
+
//#region static: prepare()
|
|
253
|
+
RawVault.defaultArgonParams = new Promise((resolve) => resolvers && (resolvers.defaultArgonParams = resolve));
|
|
254
|
+
// Caching the machine seed also conveniently hides the inability of the fake-indexeddb package to store CryptoKey objects.
|
|
255
|
+
_RawVault_machineSeed = { value: new Promise((resolve) => resolvers && (resolvers.machineSeed = resolve)) };
|
|
256
|
+
_RawVault_keyStore = { value: new Promise((resolve) => resolvers && (resolvers.keyStore = resolve)) };
|
|
257
|
+
_RawVault_vaultStore = { value: new Promise((resolve) => resolvers && (resolvers.vaultStore = resolve)) };
|
|
198
258
|
Object.freeze(RawVault);
|
|
199
259
|
Object.freeze(RawVault.prototype);
|
|
200
260
|
Object.freeze(Object.getPrototypeOf(RawVault));
|
package/dist/rawVault.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"rawVault.js","sourceRoot":"","sources":["../src/rawVault.ts"],"names":[],"mappings":"AAAA,
|
|
1
|
+
{"version":3,"file":"rawVault.js","sourceRoot":"","sources":["../src/rawVault.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,mEAAqD;AACrD,yCAAqC;AACrC,gDAAkC;AAClC,2CAA6B;AAC7B,oDAAsC;AACtC,2CAA6B;AAG7B,iCAAwH;AAExH,wHAAwH;AACxH,IAAI,SAAS,GAOG,EAAE,CAAC;AAEnB,EAAE,CAAC,MAAM,EAAwD,CAAC;AAElE,MAAa,QAAS,SAAQ,IAAA,gBAAS,EAAC,MAAM,CAAC,MAAM,CAAC;CAAQ,CAAC,CAAC;IAiB9D,MAAM,CAAO,OAAO,CAAC,MAA2B;;;YAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;YACnC,SAAS,GAAG,SAAS,CAAC;YACtB,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,IAAI,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;gBAC3G,OAAO;YACT,CAAC;YAED,IAAA,gBAAS,EAAC,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,MAAM,mCAAI,UAAU,CAAC,MAAM,CAAC,CAAC;YAC/C,IAAA,qBAAc,EAAC,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,WAAW,mCAAI,UAAU,CAAC,WAAW,CAAC,CAAC;YAE9D,MAAA,gBAAgB,CAAC,QAAQ,iEAAG,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,QAAQ,mCAAI,GAAG,CAAC,WAAW,CAAC,mBAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;YACzF,MAAA,gBAAgB,CAAC,UAAU,iEAAG,MAAA,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,UAAU,mCAAI,GAAG,CAAC,WAAW,CAAC,qBAAc,EAAE,QAAQ,CAAC,CAAC,CAAC;YAC/F,MAAA,gBAAgB,CAAC,WAAW,iEAC1B,MAAA,CAAC,MAAM,GAAG,CAAC,GAAG,CAAY,aAAa,EAAE,MAAM,uBAAA,EAAQ,8BAAU,CAAC,CAAC,mCACjE,CAAC,MAAM,CAAC,GAAS,EAAE;gBACjB,MAAM,WAAW,GAAG,MAAM,CACxB,MAAM,aAAM,CACb,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,MAAM,CAAC,MAAM,aAAM,CAAC,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE;oBACjG,YAAY;oBACZ,WAAW;iBACZ,CAAC,CAAC;gBACH,MAAM,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,WAAW,EAAE,MAAM,uBAAA,EAAQ,8BAAU,CAAC,CAAC;gBACpE,OAAO,WAAW,CAAC;YACrB,CAAC,CAAA,CAAC,EAAE,CAAC,CACR,CAAC;YAEF,MAAA,gBAAgB,CAAC,kBAAkB,iEACjC,MAAA,CAAC,MAAM,GAAG,CAAC,GAAG,CAAc,oBAAoB,EAAE,MAAM,uBAAA,EAAQ,8BAAU,CAAC,CAAC,mCAAI;gBAC9E,IAAI,EAAE,CAAC,WAAW,EAAE,UAAU,EAAE,EAAE;oBAChC,OAAO,CAAC,GAAS,EAAE;wBACjB,gDAAgD;wBAChD,4EAA4E;wBAC5E,MAAM,GAAG,GAAgB;4BACvB,WAAW,EAAE,CAAC;4BACd,UAAU,EAAE,EAAE,GAAG,IAAI;4BACrB,UAAU,EAAE,EAAE;yBACf,CAAC;wBAEF,MAAM,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,GAAG,EAAE,MAAM,uBAAA,EAAQ,8BAAU,CAAC,CAAC;wBAEnE,OAAO,GAAG,CAAC;oBACb,CAAC,CAAA,CAAC,EAAE,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;gBACrC,CAAC;aACF,CACF,CAAC;QACJ,CAAC;KAAA;IA+DD,wCAAwC;IACxC,MAAM,CAAO,MAAM,CAAC,QAAiB;;YACnC,OAAO,MAAM,EAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;QAClD,CAAC;KAAA;IAED,MAAM,CAAO,IAAI,CAAC,EAAW,EAAE,QAAiB;;YAC9C,MAAM,EAAQ,CAAC,OAAO,EAAE,CAAC;YAEzB,wDAAwD;YACxD,MAAM,OAAO,GAAG,CAAO,EAAU,EAAE,WAAiC,EAAE,EAAE;gBACtE,MAAM,YAAY,GAAG,IAAI,CAAC,IAAA,gBAAS,EAAC;iBAAQ,CAAC,CAAC,EAAE,CAAC;gBACjD,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,IAAI,EAAQ,CAAC,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC1F,KAAK,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;gBAC9C,OAAO,KAAK,CAAC;YACf,CAAC,CAAA,CAAC;YAEF,MAAM,GAAG,GAAG,MAAM,CAAC,GAAS,EAAE;gBAC5B,IAAI,EAAE,KAAK,SAAS,EAAE,CAAC;oBACrB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAoB,EAAE,EAAE,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;oBAC7E,IAAI,CAAC,GAAG;wBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;oBACxD,MAAM,eAAe,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;oBACxD,MAAM,WAAW,GAAG,eAAe,CAAC,KAAgC,CAAC;oBACrE,IAAI,CAAC,WAAW;wBAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;oBAEtF,OAAO,MAAM,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC;gBACzD,CAAC;qBAAM,CAAC;oBACN,OAAO,MAAM,OAAO,CAClB,IAAI,CAAC,EAAE,CAAC;wBACN,MAAM,EAAE,MAAM,CAAC,MAAM,aAAM,CAAC,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;qBACjE,CAAC,EACF,EAAQ,CAAC,kBAAkB,CAC5B,CAAC;gBACJ,CAAC;YACH,CAAC,CAAA,CAAC,EAAE,CAAC;YACL,IAAI,QAAQ,KAAK,SAAS;gBAAE,MAAM,GAAG,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;YAC5D,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED,MAAM,CAAO,IAAI;;YACf,MAAM,EAAQ,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;iBACrD,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;iBACpC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAW,CAAC,CAAC;YAC3B,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED,MAAM,CAAO,IAAI,CAAC,EAAU;;YAC1B,MAAM,EAAQ,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;YAC1D,IAAI,CAAC,GAAG;gBAAE,OAAO,SAAS,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAClD,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC;gBAAE,OAAO,SAAS,CAAC;YACvD,MAAM,GAAG,GAAG,IAAI,GAAG,EAAE,CAAC;YACtB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,GAAG,CAAC;QACb,CAAC;KAAA;IAED,MAAM,CAAO,MAAM,CAAC,EAAU;;YAC5B,MAAM,EAAQ,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;QAChD,CAAC;KAAA;IASD,YAAsB,EAAU,EAAE,WAAiC;QACjE,KAAK,EAAE,CAAC;QAND,wCAA6C;QAC7C,SAAI,GAAyB,IAAI,GAAG,EAAE,CAAC;QAEhD,gCAA4B;QAI1B,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,uBAAA,IAAI,yBAAgB,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAA,CAAC;IAC5F,CAAC;IAEK,WAAW,CAAC,QAAgB;;YAChC,uBAAA,IAAI,iBAAQ,MAAM,uBAAA,EAAQ,oCAAgB,MAAxB,EAAQ,EACxB,MAAM,uBAAA,EAAQ,iCAAa,EAC3B,IAAI,CAAC,EAAE,EACP,MAAM,uBAAA,IAAI,6BAAa,EACvB,QAAQ,EACR,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAC1B,MAAA,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;IAEK,IAAI,CAAC,WAA6C;;;YACtD,IAAI,CAAC,uBAAA,IAAI,qBAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACrE,MAAM,GAAG,GAAG,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;YAC/D,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;YAEtD,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,GAAG,EAAE,uBAAA,IAAI,qBAAK,EAAE;gBAChE,uBAAuB,EAAE,CAAC,QAAQ,CAAC;gBACnC,2BAA2B,EAAE,CAAC,SAAS,CAAC;aACzC,CAAC,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAA,aAAa,CAAC,eAAe,0CAAE,IAAI,CAAC;YACjD,IAAI,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3B,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;YAChE,CAAC;YACD,MAAM,WAAW,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YAE3C,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;IAEK,IAAI,CAAC,SAAoC;;YAC7C,IAAI,CAAC,uBAAA,IAAI,qBAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACrE,MAAM,OAAO,GAAG,MAAM,SAAS,EAAE,CAAC;YAClC,mGAAmG;YACnG,MAAM,GAAG,GAAG,MAAM,IAAI,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC;iBACjD,kBAAkB,CAAC;gBAClB,GAAG,EAAE,QAAQ;gBACb,GAAG,EAAE,SAAS;gBACd,KAAK,EAAE,MAAM,uBAAA,IAAI,6BAAa;gBAC9B,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAA6B,CAAC;aAC5G,CAAC;iBACD,OAAO,CAAC,uBAAA,IAAI,qBAAK,CAAC,CAAC;YACtB,MAAM,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,MAAM,uBAAA,EAAQ,gCAAY,CAAC,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;KAAA;;AArPH,4BAsPC;kJAnLG,WAAsB,EACtB,EAAU,EACV,WAAwB,EACxB,QAAgB;AAChB,6DAA6D;AAC7D,UAAwC;;QAExC,MAAM,KAAK,GAAG,cAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAEjC,MAAM,SAAS,GAAG,IAAI,UAAU,CAC9B,MAAM,CACJ,MAAM,aAAM,CACb,CAAC,MAAM,CAAC,UAAU,CACjB;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,cAAO,CAAC,MAAM,CAAC,WAAW,CAAC;SAClC,EACD,WAAW,EACX,GAAG,CACJ,CACF,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAA,oBAAQ,kCAC1B,WAAW,KACd,QAAQ,EACR,IAAI,EAAE,SAAS,EACf,UAAU,EAAE,EAAE,EACd,UAAU,EAAE,QAAQ,IACpB,CAAC;QAEH,2GAA2G;QAC3G,uGAAuG;QACvG,2GAA2G;QAC3G,4EAA4E;QAC5E,MAAM,QAAQ,GAAG,MAAM,CACrB,MAAM,aAAM,CACb,CAAC,MAAM,CAAC,SAAS,CAChB;YACE,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,KAAK;YACX,IAAI,EAAE,QAAQ;SACf,EACD,WAAW,EACX;YACE,IAAI,EAAE,QAAQ;YACd,MAAM,EAAE,GAAG;SACZ,EACD,KAAK,EACL,CAAC,SAAS,EAAE,WAAW,CAAC,CACzB,CAAC;QAEF,8GAA8G;QAC9G,OAAO,QAAQ,CAAC;QAChB,0CAA0C;IAC5C,CAAC;;AA3HD,2BAA2B;AACX,2BAAkB,GAAyB,IAAI,OAAO,CACpE,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,kBAAkB,GAAG,OAAO,CAAC,CACnE,AAFiC,CAEhC;AAEF,2HAA2H;AAC3G,iCAAmC,IAAI,OAAO,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,WAAW,GAAG,OAAO,CAAC,CAC5D,EAF2B,CAE1B;AACc,8BAAmC,IAAI,OAAO,CAC5D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,QAAQ,GAAG,OAAO,CAAC,CACzD,EAFwB,CAEvB;AACc,gCAAqC,IAAI,OAAO,CAC9D,CAAC,OAAO,EAAE,EAAE,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,UAAU,GAAG,OAAO,CAAC,CAC3D,EAF0B,CAEzB;AAyOJ,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;AACxB,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC"}
|