moeralib 0.15.3 → 0.15.5

package/lib/crypto/crypto.js

@@ -0,0 +1,218 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyFingerprintSignature = exports.signFingerprint = exports.digestFingerprint = exports.fingerprintBytes = exports.rawToPrivateKey = exports.rawPrivateKey = exports.rawToPublicKey = exports.rawPublicKey = exports.mnemonicToPrivateKey = exports.generateMnemonicKey = exports.generateKey = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const util_1 = require("util");
+const bip39 = __importStar(require("@scure/bip39"));
+const english_1 = require("@scure/bip39/wordlists/english");
+const fingerprint_1 = require("./fingerprint");
+const EMPTY_KEY = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
+const CURVE_FIELD = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
+/**
+ * Generate a pair of cryptographic keys.
+ *
+ * @return {Promise<crypto.KeyPairKeyObjectResult>} the keys
+ */
+function generateKey() {
+    return __awaiter(this, void 0, void 0, function* () {
+        return (0, util_1.promisify)(crypto_1.default.generateKeyPair)("ec", { namedCurve: "secp256k1" });
+    });
+}
+exports.generateKey = generateKey;
+/**
+ * Generate a private cryptographic key with a mnemonic.
+ *
+ * @return {Promise<[string, crypto.KeyObject]>} the mnemonic and the key
+ */
+function generateMnemonicKey() {
+    return __awaiter(this, void 0, void 0, function* () {
+        const mnemonic = bip39.generateMnemonic(english_1.wordlist, 256);
+        const privateKey = yield mnemonicToPrivateKey(mnemonic);
+        return [mnemonic, privateKey];
+    });
+}
+exports.generateMnemonicKey = generateMnemonicKey;
+/**
+ * Restore a private key from the given mnemonic.
+ *
+ * @param {string} mnemonic - the mnemonic
+ * @return {Promise<crypto.KeyObject>} the private key
+ */
+function mnemonicToPrivateKey(mnemonic) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const seed = yield bip39.mnemonicToSeed(mnemonic);
+        let seedValue = BigInt(0);
+        for (let i = 0; i < seed.length; i++) {
+            seedValue = (seedValue << BigInt(8)) + BigInt(seed[i]);
+        }
+        const dValue = (seedValue % CURVE_FIELD).toString(16).padStart(64, "0");
+        const d = Buffer.alloc(32);
+        for (let i = 0; i < 32; i++) {
+            d.writeUint8(parseInt(dValue.substring(i * 2, 2), 16), i);
+        }
+        return crypto_1.default.createPrivateKey({
+            format: "jwk",
+            key: {
+                kty: "EC",
+                d: d.toString("base64url"),
+                crv: "secp256k1"
+            }
+        });
+    });
+}
+exports.mnemonicToPrivateKey = mnemonicToPrivateKey;
+/**
+ * Convert a public key to the raw format used by the naming server.
+ *
+ * @param {crypto.KeyObject} publicKey - the public key
+ * @return {Buffer} the raw public key
+ */
+function rawPublicKey(publicKey) {
+    var _a, _b;
+    const jwk = publicKey.export({ format: "jwk" });
+    return Buffer.concat([
+        Buffer.from((_a = jwk.x) !== null && _a !== void 0 ? _a : EMPTY_KEY, "base64url"),
+        Buffer.from((_b = jwk.y) !== null && _b !== void 0 ? _b : EMPTY_KEY, "base64url")
+    ]);
+}
+exports.rawPublicKey = rawPublicKey;
+/**
+ * Restore a public key from the raw format.
+ *
+ * @param {Buffer} rawPublicKey - the raw public key
+ * @return {crypto.KeyObject} the public key
+ */
+function rawToPublicKey(rawPublicKey) {
+    const x = rawPublicKey.subarray(0, 32).toString("base64url");
+    const y = rawPublicKey.subarray(32, 64).toString("base64url");
+    return crypto_1.default.createPublicKey({
+        format: "jwk",
+        key: {
+            kty: "EC",
+            x,
+            y,
+            crv: "secp256k1"
+        }
+    });
+}
+exports.rawToPublicKey = rawToPublicKey;
+/**
+ * Convert a private key to the raw format to pass to the client.
+ *
+ * @param {crypto.KeyObject} privateKey - the private key
+ * @return {Buffer} the raw private key
+ */
+function rawPrivateKey(privateKey) {
+    var _a;
+    const jwk = privateKey.export({ format: "jwk" });
+    return Buffer.from((_a = jwk.d) !== null && _a !== void 0 ? _a : EMPTY_KEY, "base64url");
+}
+exports.rawPrivateKey = rawPrivateKey;
+/**
+ * Restore a private key from the raw format.
+ *
+ * @param {Buffer} rawPrivateKey - the raw private key
+ * @return {crypto.KeyObject} the private key
+ */
+function rawToPrivateKey(rawPrivateKey) {
+    const d = rawPrivateKey.toString("base64url");
+    return crypto_1.default.createPrivateKey({
+        format: "jwk",
+        key: {
+            kty: "EC",
+            // x and y here are placeholders
+            x: 'xJrw0U2Qb1xyoxpfwCYVwCZakhd-LbjeBvLLNGAPTEU',
+            y: 'INp-PvmYleX19zhuXbwfnIcZO9a8RSuK7r-_4jneDGM',
+            d,
+            crv: "secp256k1"
+        }
+    });
+}
+exports.rawToPrivateKey = rawToPrivateKey;
+/**
+ * Encode a fingerprint in the binary form, using the given fingerprint data and schema.
+ *
+ * @param {Fingerprint} fingerprint - the fingerprint data
+ * @param {FingerprintSchema} schema - the fingerprint schema
+ * @return {Buffer} the fingerprint in the binary form
+ */
+function fingerprintBytes(fingerprint, schema) {
+    const fingerprintWriter = new fingerprint_1.FingerprintWriter();
+    fingerprintWriter.append(fingerprint, schema);
+    return fingerprintWriter.toBytes();
+}
+exports.fingerprintBytes = fingerprintBytes;
+/**
+ * Calculate a cryptographic digest of the fingerprint.
+ *
+ * @param {Buffer} fingerprint - the fingerprint
+ * @return {Buffer} the digest
+ */
+function digestFingerprint(fingerprint) {
+    const digest = crypto_1.default.createHash("sha3-256");
+    digest.update(fingerprint);
+    return digest.digest();
+}
+exports.digestFingerprint = digestFingerprint;
+/**
+ * Sign a fingerprint with a private key.
+ *
+ * @param {Buffer} fingerprint - the fingerprint to be signed
+ * @param {crypto.KeyObject} privateKey - the private key
+ * @return {Buffer} the signature
+ */
+function signFingerprint(fingerprint, privateKey) {
+    const sign = crypto_1.default.createSign("SHA3-256");
+    sign.update(fingerprint);
+    return sign.sign(privateKey);
+}
+exports.signFingerprint = signFingerprint;
+/**
+ * Verify a fingerprint signature with the given public key.
+ *
+ * @param {Buffer} fingerprint - the original fingerprint
+ * @param {Buffer} signature - the signature to be verified
+ * @param {crypto.KeyObject} publicKey - the public key for verification
+ * @return {boolean} `true`, if the signature is correct, `false` otherwise
+ */
+function verifyFingerprintSignature(fingerprint, signature, publicKey) {
+    const verify = crypto_1.default.createVerify("SHA3-256");
+    verify.update(fingerprint);
+    return verify.verify(publicKey, signature);
+}
+exports.verifyFingerprintSignature = verifyFingerprintSignature;

package/lib/crypto/fingerprint.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FingerprintWriter = void 0;
+class FingerprintWriter {
+    constructor() {
+        this.data = [];
+    }
+    appendNull() {
+        this.data.push(0xff);
+    }
+    appendString(str) {
+        if (str == null) {
+            this.appendNull();
+            return;
+        }
+        const buf = Buffer.from(str);
+        this.appendNumber(buf.length);
+        this.data.push(...buf.values());
+    }
+    appendBoolean(b) {
+        this.data.push(b ? 1 : 0);
+    }
+    appendNumber(l) {
+        let len;
+        if (l < 0xfc) {
+            len = 1;
+        }
+        else if (l <= 0xffff) {
+            this.data.push(0xfc);
+            len = 2;
+        }
+        else if (l <= 0xffffffff) {
+            this.data.push(0xfd);
+            len = 4;
+        }
+        else {
+            this.data.push(0xfe);
+            len = 8;
+        }
+        for (let i = 0; i < len; i++) {
+            this.data.push(l & 0xff);
+            l = l >> 8;
+        }
+    }
+    appendBytes(b) {
+        this.appendNumber(b.length);
+        this.data.push(...b.values());
+    }
+    appendFingerprint(fingerprint, schema) {
+        for (const field of schema) {
+            this.append(fingerprint[field[0]], field[1]);
+        }
+    }
+    appendList(list, type) {
+        const writer = new FingerprintWriter();
+        list.forEach(value => writer.append(value, type));
+        this.appendBytes(writer.toBytes());
+    }
+    append(value, type) {
+        if (value == null) {
+            this.appendNull();
+        }
+        else if (Array.isArray(type)) {
+            this.appendFingerprint(value, type);
+        }
+        else if (type.endsWith("[]")) {
+            this.appendList(value, type.substring(0, type.length - 2));
+        }
+        else if (type === "string") {
+            this.appendString(value);
+        }
+        else if (type === "boolean") {
+            this.appendBoolean(value);
+        }
+        else if (type === "number") {
+            this.appendNumber(value);
+        }
+        else if (type === "bytes") {
+            this.appendBytes(value);
+        }
+    }
+    toBytes() {
+        return Buffer.from(this.data);
+    }
+}
+exports.FingerprintWriter = FingerprintWriter;

package/lib/crypto/index.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyFingerprintSignature = exports.signFingerprint = exports.digestFingerprint = exports.rawToPublicKey = exports.rawToPrivateKey = exports.rawPublicKey = exports.rawPrivateKey = exports.mnemonicToPrivateKey = exports.generateMnemonicKey = exports.generateKey = void 0;
+var crypto_1 = require("./crypto");
+Object.defineProperty(exports, "generateKey", { enumerable: true, get: function () { return crypto_1.generateKey; } });
+Object.defineProperty(exports, "generateMnemonicKey", { enumerable: true, get: function () { return crypto_1.generateMnemonicKey; } });
+Object.defineProperty(exports, "mnemonicToPrivateKey", { enumerable: true, get: function () { return crypto_1.mnemonicToPrivateKey; } });
+Object.defineProperty(exports, "rawPrivateKey", { enumerable: true, get: function () { return crypto_1.rawPrivateKey; } });
+Object.defineProperty(exports, "rawPublicKey", { enumerable: true, get: function () { return crypto_1.rawPublicKey; } });
+Object.defineProperty(exports, "rawToPrivateKey", { enumerable: true, get: function () { return crypto_1.rawToPrivateKey; } });
+Object.defineProperty(exports, "rawToPublicKey", { enumerable: true, get: function () { return crypto_1.rawToPublicKey; } });
+Object.defineProperty(exports, "digestFingerprint", { enumerable: true, get: function () { return crypto_1.digestFingerprint; } });
+Object.defineProperty(exports, "signFingerprint", { enumerable: true, get: function () { return crypto_1.signFingerprint; } });
+Object.defineProperty(exports, "verifyFingerprintSignature", { enumerable: true, get: function () { return crypto_1.verifyFingerprintSignature; } });

package/lib/index.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/lib/naming/fingeprints.js

@@ -0,0 +1,18 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createPutCallFingerprint0 = void 0;
+const crypto_1 = require("../crypto/crypto");
+const PUT_CALL_FINGERPRINT0_SCHEMA = [
+    ["version", "number"],
+    ["name", "string"],
+    ["generation", "number"],
+    ["updating_key", "bytes"],
+    ["node_uri", "string"],
+    ["signing_key", "bytes"],
+    ["valid_from", "number"],
+    ["previous_digest", "bytes"],
+];
+function createPutCallFingerprint0(name, generation, updatingKey, nodeUri, signingKey, validFrom, previousDigest) {
+    return (0, crypto_1.fingerprintBytes)({ "version": 0, name, generation, updatingKey, nodeUri, signingKey, validFrom, previousDigest }, PUT_CALL_FINGERPRINT0_SCHEMA);
+}
+exports.createPutCallFingerprint0 = createPutCallFingerprint0;

package/lib/naming/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.shorten = exports.resolve = exports.expand = exports.parseNodeName = exports.DEV_NAMING_SERVER = exports.MAIN_NAMING_SERVER = exports.MoeraNamingConnectionError = exports.MoeraNamingApiError = exports.MoeraNamingError = exports.MoeraNaming = void 0;
+exports.validateNamingSchema = exports.shorten = exports.resolve = exports.expand = exports.parseNodeName = exports.DEV_NAMING_SERVER = exports.MAIN_NAMING_SERVER = exports.MoeraNamingConnectionError = exports.MoeraNamingApiError = exports.MoeraNamingError = exports.MoeraNaming = void 0;
 var naming_1 = require("./naming");
 Object.defineProperty(exports, "MoeraNaming", { enumerable: true, get: function () { return naming_1.MoeraNaming; } });
 Object.defineProperty(exports, "MoeraNamingError", { enumerable: true, get: function () { return naming_1.MoeraNamingError; } });
@@ -12,3 +12,5 @@ Object.defineProperty(exports, "parseNodeName", { enumerable: true, get: functio
 Object.defineProperty(exports, "expand", { enumerable: true, get: function () { return naming_1.expand; } });
 Object.defineProperty(exports, "resolve", { enumerable: true, get: function () { return naming_1.resolve; } });
 Object.defineProperty(exports, "shorten", { enumerable: true, get: function () { return naming_1.shorten; } });
+var validate_1 = require("./validate");
+Object.defineProperty(exports, "validateNamingSchema", { enumerable: true, get: function () { return validate_1.validateSchema; } });

package/lib/naming/naming.js

@@ -291,12 +291,6 @@ function parseNodeName(nodeName) {
     return [name, generation];
 }
 exports.parseNodeName = parseNodeName;
-/**
- * Converts the node name to the compact form, omitting generation 0.
- *
- * @param {string | null} nodeName - the node name in compact or full form
- * @return {string | null} the node name in the compact form
- */
 function shorten(nodeName) {
     if (nodeName === null) {
         return null;
@@ -310,12 +304,6 @@ function shorten(nodeName) {
     }
 }
 exports.shorten = shorten;
-/**
- * Converts the node name to the full form, containing generation.
- *
- * @param {string | null} nodeName - the node name in compact or full form
- * @return {string | null} the node name in the full form
- */
 function expand(nodeName) {
     if (nodeName === null) {
         return null;

package/lib/node/cartes.js

@@ -8,8 +8,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.MoeraCarteSource = exports.MoeraCartesError = void 0;
+exports.generateCarte = exports.MoeraCarteSource = exports.MoeraCartesError = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const util_1 = require("util");
+const types_1 = require("./types");
+const fingerprints_1 = require("./fingerprints");
+const crypto_2 = require("../crypto");
 /**
  * Error obtaining valid cartes.
  */
@@ -22,26 +30,36 @@ class MoeraCartesError extends Error {
     }
 }
 exports.MoeraCartesError = MoeraCartesError;
-function isAdminCarte(carte) {
-    return carte.permissions == null || carte.permissions.includes("other");
-}
 /**
  * Class that gets cartes from the given node, caches them and supplies them for authentication.
  */
 class MoeraCarteSource {
     /**
      * @param {MoeraNode} node node to get cartes from
+     * @param {Scope[] | null} clientScope permissions to be granted to the cartes; if not set, all permissions of
+     * the cartes' owner are granted
+     * @param {Scope[] | null} adminScope additional administrative permissions (of those granted to the cartes' owner
+     * by the target node) to be granted to the cartes
+     * @param {string | null} targetNodeName if set, the cartes are valid for authentication on the specified node only
      */
-    constructor(node) {
+    constructor(node, clientScope = null, adminScope = null, targetNodeName = null) {
         this.cartes = [];
         this.node = node;
+        this.clientScope = clientScope !== null && clientScope !== void 0 ? clientScope : ["all"];
+        this.adminScope = adminScope !== null && adminScope !== void 0 ? adminScope : [];
+        this.targetNodeName = targetNodeName;
     }
     /**
      * Force renewing the cached list of cartes.
      */
     renew() {
         return __awaiter(this, void 0, void 0, function* () {
-            this.cartes = (yield this.node.getCartes()).cartes;
+            const attributes = {
+                clientScope: this.clientScope,
+                adminScope: this.adminScope,
+                nodeName: this.targetNodeName
+            };
+            this.cartes = (yield this.node.createCartes(attributes)).cartes;
         });
     }
     /**
@@ -53,7 +71,7 @@ class MoeraCarteSource {
         return __awaiter(this, void 0, void 0, function* () {
             for (const renewed of [false, true]) {
                 const now = Math.floor(Date.now() / 1000);
-                this.cartes = this.cartes.filter(c => c.deadline > now && isAdminCarte(c));
+                this.cartes = this.cartes.filter(c => c.deadline > now);
                 if (this.cartes.length === 0) {
                     if (renewed) {
                         throw new MoeraCartesError("Could not obtain a valid carte from the node");
@@ -73,3 +91,34 @@ class MoeraCarteSource {
     }
 }
 exports.MoeraCarteSource = MoeraCarteSource;
+function toScopeMask(scope) {
+    let mask = 0;
+    for (const sc of scope) {
+        mask |= types_1.SCOPE_VALUES[sc];
+    }
+    return mask;
+}
+/**
+ * Generate a carte with the given parameters and sign it with the provided private signing key.
+ *
+ * @param {string | null} ownerName - name of the node authenticating with the carte
+ * @param {crypto.KeyObject} signingKey - the private signing key to sign the carte
+ * @param {number} beginning - timestamp of the beginning of the carte's life
+ * @param {GenerateCarteOptions} options - carte options
+ * @return {Promise<string>} the carte
+ */
+function generateCarte(ownerName_1, signingKey_1, beginning_1) {
+    return __awaiter(this, arguments, void 0, function* (ownerName, signingKey, beginning, { ttl = 600, address = null, nodeName = null, clientScope = types_1.SCOPE_VALUES["all"], adminScope = 0 } = {}) {
+        if (Array.isArray(clientScope)) {
+            clientScope = toScopeMask(clientScope);
+        }
+        if (Array.isArray(adminScope)) {
+            adminScope = toScopeMask(adminScope);
+        }
+        const salt = yield (0, util_1.promisify)(crypto_1.default.randomBytes)(8);
+        const fingerprint = (0, fingerprints_1.createCarteFingerprint2)(ownerName, address, beginning, beginning + ttl, nodeName, clientScope, adminScope, salt);
+        const signature = (0, crypto_2.signFingerprint)(fingerprint, signingKey);
+        return Buffer.concat([fingerprint, signature]).toString("base64url");
+    });
+}
+exports.generateCarte = generateCarte;