npm - toiljs - Versions diffs - 0.0.51 → 0.0.52 - Mend

toiljs 0.0.51 → 0.0.52

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/CHANGELOG.md +9 -0
package/TYPESCRIPT_LAW.md +12601 -0
package/build/cli/.tsbuildinfo +1 -1
package/build/cli/index.js +16 -1
package/build/client/.tsbuildinfo +1 -1
package/build/client/auth.d.ts +8 -8
package/build/client/auth.js +105 -24
package/build/client/index.d.ts +1 -1
package/build/compiler/.tsbuildinfo +1 -1
package/build/compiler/generate.js +1 -1
package/build/devserver/.tsbuildinfo +1 -1
package/build/devserver/crypto.js +33 -0
package/build/devserver/host.js +2 -0
package/build/devserver/kv.d.ts +3 -0
package/build/devserver/kv.js +53 -0
package/build/devserver/module.js +2 -1
package/examples/basic/client/routes/pq.tsx +67 -104
package/examples/basic/server/routes/Auth.ts +274 -100
package/package.json +2 -1
package/server/globals/auth.ts +215 -0
package/src/cli/diagnostics.ts +22 -0
package/src/cli/doctor.ts +2 -0
package/src/client/auth.ts +179 -51
package/src/client/index.ts +1 -1
package/src/compiler/generate.ts +1 -1
package/src/devserver/crypto.ts +54 -0
package/src/devserver/host.ts +6 -0
package/src/devserver/kv.ts +96 -0
package/src/devserver/module.ts +4 -1
package/test/devserver-pqauth.test.ts +153 -0
package/test/doctor.test.ts +22 -0
package/test/pqauth-e2e.test.ts +162 -0

package/build/client/auth.d.ts CHANGED Viewed

@@ -1,4 +1,10 @@
 export declare const LOGIN_CONTEXT = "qauth:login:v1";
+export declare const REGISTER_CONTEXT = "qauth:register:v1";
+export declare const SERVER_CONFIRM_LABEL = "toil-server-confirm-v1";
+export declare const KEM_PUBLIC_KEY_LEN = 1184;
+export declare const KEM_CIPHERTEXT_LEN = 1088;
+export declare const SHARED_SECRET_LEN = 32;
+export declare const SERVER_KEM_PUBLIC_KEY: Uint8Array<ArrayBufferLike>;
 export declare const PUBLIC_KEY_LEN = 1312;
 export declare const SECRET_KEY_LEN = 2560;
 export declare const SIGNATURE_LEN = 2420;
@@ -9,15 +15,9 @@ export interface KdfParams {
     readonly parallelism: number;
     readonly salt: Uint8Array;
 }
-export interface Challenge {
-    readonly cid: Uint8Array;
-    readonly aud: string;
-    readonly kdf: KdfParams;
-    readonly nonce: Uint8Array;
-    readonly iat: bigint;
-    readonly exp: bigint;
-}
 export declare function buildLoginMessage(sub: string, aud: string, cid: Uint8Array, nonce: Uint8Array, iat: bigint, exp: bigint): Uint8Array;
+export declare function buildLoginMessageV2(sub: string, aud: string, cid: Uint8Array, nonce: Uint8Array, iat: bigint, exp: bigint, ciphertext: Uint8Array): Uint8Array;
+export declare function buildRegisterMessage(username: string, publicKey: Uint8Array): Uint8Array;
 export interface AuthOptions {
     readonly baseUrl?: string;
 }

package/build/client/auth.js CHANGED Viewed

@@ -1,7 +1,21 @@
-import { argon2id, sha256 } from 'hash-wasm';
+import { argon2id, sha256, createSHA256 } from 'hash-wasm';
 import { ml_dsa44 } from '@dacely/noble-post-quantum/ml-dsa.js';
+import { ml_kem768 } from '@dacely/noble-post-quantum/ml-kem.js';
+import { ristretto255_oprf } from '@noble/curves/ed25519.js';
 import { DataReader, DataWriter } from 'toiljs/io';
 export const LOGIN_CONTEXT = 'qauth:login:v1';
+export const REGISTER_CONTEXT = 'qauth:register:v1';
+export const SERVER_CONFIRM_LABEL = 'toil-server-confirm-v1';
+export const KEM_PUBLIC_KEY_LEN = 1184;
+export const KEM_CIPHERTEXT_LEN = 1088;
+export const SHARED_SECRET_LEN = 32;
+function fromHex(hex) {
+    const out = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < out.length; i++)
+        out[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+    return out;
+}
+export const SERVER_KEM_PUBLIC_KEY = fromHex('29d765e8083182891302569b3712a856e564fdd484b0706b0c68568d5ab7edc742cf74459d64595455a60f267973aa55e43c5be61925a3822eafcca445e36dc4655636e31e6fc9bec338b253f94290008ef7f40dbddb49c15c690f6755a23a1b3c85cfd5207e71a607086a6fc6d74a05080f43276901a19cafdb8de7771d58ea07f0f1056b905127b22223d08e75173199f13ab13c5dcd3b51ac784f84e520484a262b845a897c41cf27324ab6ba545c78c9ccab361051e0bba53498af26240fa0d566d1572684f4b42e253e6d052c848650915063c35641e1121ef8d9cfd17b667b351103c56d195007c9376d0c08aa268396814490eab4c364175a94533267a1933862cc4c33bcf0a13d1fa2b9d6c5082eeca1480672f2526cbe013beff14dc908a386e0b633c8761023cbed760deac6709bc328d865ac82e12307b673d96711dbb27a4d939230d25b53d594169a318be0200fa33550e9418e2a3b30e9719edc09d5fc4306f1abfd021eab14637a8a72c5931d25dc9b56db0e6ab677522b10f25307dbb804a6774ce05b87b0976a4b227bfe6caf20a79e64004fbd27b1eea018b3ab8ffa629f2dc87f19278f95168e94e44660a3370c537795678eb2f056260609769740583b51b291862927a1938737c6a37f40b78f00671cccbcb88ac3427b37915ed58782998f84051647707d48995472baad3f64a7cca54e1c0734db08751c614a34f28b84f2c1b5a6817355ab61957c486b7acffbc092bc8a7b46387f33b53ed372f7168d31a71cd008539928b0cdf91e835aa97f6a2be6d327b87a6ae478701d75a59a25179cb14997bb2552853014724170a1c49b82c2bcebc3279024e1fa44c53c7afdc43f0bd22116490f3b74c90e7296be58b9a91168f2fa0c3d378a3bcac959f357825c9976a8c9ee944f29b45e96d7345d9b478431a20cf1c5d3a3227c717fd204619777636c0cb140db5c50d2a3302334461030bee34e4eb1a6f02b733f9ccda4290fa168bc039568373241542728d00030d1f251e83737cb215adbdc1de75978675a0cd0d75b12748abdda7a9852629c63697d145af2c69854b06e03f37c4b064e4c9a4c03f2ad4d081e70180e9547247921918118086b62b4f7727f46b24e3e79ba3f28209f32b5102035bf935856232f83642268c0292ec6bf8e9462382163d30a20b4bcb7b4439310ec9d0a148193907fc07697342967cf1a16c6b3c71558951fa915400736cf699262b54b723abb2ecc27b74b68ee494287595ef818388adb49e883c67bfa5c226c0eef037a0851a29d34675912c1ea1068310b6dfcd017c809c8fbfc2c3ae78dfef07299960eeefba182662a90fa422c1790f356a2ea909012b15623a9b9e450a282cb530589a68368b3583159d9010ac3e52cc974753c342e58279516339dfb691df94b13a223ad97eb6a09c21dafe6304a3642d6d2067b5238497661fe88ad1227ca3557be2a576b6e17c5a7f997ea07929e76407e376aba74c44cd8504804776f39bbb8327624188a63501e83b404d9438cade0b11dc3ac61856447fb072b91761c228878f01b2eb6b4b21ba664c2c75882431603b25a449ffeb8410b910558581777562aa9b2181fd9c04713ad9326462d3e842121c4997f9aa932417c67851625816de66e0d65637434629f39');
 export const PUBLIC_KEY_LEN = 1312;
 export const SECRET_KEY_LEN = 2560;
 export const SIGNATURE_LEN = 2420;
@@ -10,9 +24,9 @@ function wipe(buf) {
     crypto.getRandomValues(buf);
     buf.fill(0);
 }
-async function deriveSeed(password, kdf) {
+async function deriveSeed(oprfOutput, kdf) {
     return argon2id({
-        password: new TextEncoder().encode(password.normalize('NFKC')),
+        password: oprfOutput,
         salt: kdf.salt,
         iterations: kdf.iterations,
         parallelism: kdf.parallelism,
@@ -21,6 +35,33 @@ async function deriveSeed(password, kdf) {
         outputType: 'binary',
     });
 }
+const utf8 = (s) => new TextEncoder().encode(s);
+async function sha256Bytes(data) {
+    const h = await createSHA256();
+    h.init();
+    h.update(data);
+    return h.digest('binary');
+}
+function concatBytes(...parts) {
+    let n = 0;
+    for (const p of parts)
+        n += p.length;
+    const out = new Uint8Array(n);
+    let off = 0;
+    for (const p of parts) {
+        out.set(p, off);
+        off += p.length;
+    }
+    return out;
+}
+function bytesEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let diff = 0;
+    for (let i = 0; i < a.length; i++)
+        diff |= a[i] ^ b[i];
+    return diff === 0;
+}
 export function buildLoginMessage(sub, aud, cid, nonce, iat, exp) {
     return new DataWriter()
         .writeU8(1)
@@ -32,6 +73,21 @@ export function buildLoginMessage(sub, aud, cid, nonce, iat, exp) {
         .writeU64(exp)
         .toBytes();
 }
+export function buildLoginMessageV2(sub, aud, cid, nonce, iat, exp, ciphertext) {
+    return new DataWriter()
+        .writeU8(2)
+        .writeString(sub)
+        .writeString(aud)
+        .writeBytes(cid)
+        .writeBytes(nonce)
+        .writeU64(iat)
+        .writeU64(exp)
+        .writeBytes(ciphertext)
+        .toBytes();
+}
+export function buildRegisterMessage(username, publicKey) {
+    return new DataWriter().writeU8(1).writeString(username).writeBytes(publicKey).toBytes();
+}
 function decodeKdf(r) {
     return {
         memKiB: r.readU32(),
@@ -40,15 +96,6 @@ function decodeKdf(r) {
         salt: r.readBytes(),
     };
 }
-function decodeChallenge(r) {
-    const cid = r.readBytes();
-    const aud = r.readString();
-    const kdf = decodeKdf(r);
-    const nonce = r.readBytes();
-    const iat = r.readU64();
-    const exp = r.readU64();
-    return { cid, aud, kdf, nonce, iat, exp };
-}
 async function postBinary(baseUrl, path, body) {
     const res = await fetch(baseUrl + path, {
         method: 'POST',
@@ -62,39 +109,64 @@ async function postBinary(baseUrl, path, body) {
 }
 export async function register(username, password, opts = {}) {
     const baseUrl = opts.baseUrl ?? '/auth';
-    const start = await postBinary(baseUrl, '/register/start', new DataWriter().writeString(username).toBytes());
+    const oprf = ristretto255_oprf.oprf;
+    const pw = utf8(password.normalize('NFKC'));
+    const { blind, blinded } = oprf.blind(pw);
+    const start = await postBinary(baseUrl, '/register/start', new DataWriter().writeString(username).writeBytes(blinded).toBytes());
     const status = start.readU8();
     if (status !== 0)
         throw new Error('auth: registration unavailable');
     const kdf = decodeKdf(start);
-    const seed = await deriveSeed(password, kdf);
+    const evaluated = start.readBytes();
+    const oprfOutput = oprf.finalize(pw, blind, evaluated);
+    const seed = await deriveSeed(oprfOutput, kdf);
     let publicKey;
+    let regProof;
     try {
         const kp = ml_dsa44.keygen(seed);
         publicKey = kp.publicKey;
-        wipe(kp.secretKey);
+        try {
+            regProof = ml_dsa44.sign(buildRegisterMessage(username, publicKey), kp.secretKey, {
+                context: utf8(REGISTER_CONTEXT),
+            });
+        }
+        finally {
+            wipe(kp.secretKey);
+        }
     }
     finally {
         wipe(seed);
     }
     if (publicKey.length !== PUBLIC_KEY_LEN)
         throw new Error('auth: bad public key length');
-    const finish = await postBinary(baseUrl, '/register/finish', new DataWriter().writeString(username).writeBytes(publicKey).toBytes());
+    const finish = await postBinary(baseUrl, '/register/finish', new DataWriter().writeString(username).writeBytes(publicKey).writeBytes(regProof).toBytes());
     if (finish.readU8() !== 0)
         throw new Error('auth: registration rejected');
 }
 export async function login(username, password, opts = {}) {
     const baseUrl = opts.baseUrl ?? '/auth';
-    const ch = decodeChallenge(await postBinary(baseUrl, '/login/start', new DataWriter().writeString(username).toBytes()));
-    if (BigInt(Math.floor(Date.now() / 1000)) >= ch.exp)
+    const oprf = ristretto255_oprf.oprf;
+    const pw = utf8(password.normalize('NFKC'));
+    const { blind, blinded } = oprf.blind(pw);
+    const r = await postBinary(baseUrl, '/login/start', new DataWriter().writeString(username).writeBytes(blinded).toBytes());
+    const cid = r.readBytes();
+    const aud = r.readString();
+    const kdf = decodeKdf(r);
+    const nonce = r.readBytes();
+    const iat = r.readU64();
+    const exp = r.readU64();
+    const evaluated = r.readBytes();
+    if (BigInt(Math.floor(Date.now() / 1000)) >= exp)
         throw new Error('auth: challenge expired');
-    const message = buildLoginMessage(username, ch.aud, ch.cid, ch.nonce, ch.iat, ch.exp);
-    const seed = await deriveSeed(password, ch.kdf);
+    const oprfOutput = oprf.finalize(pw, blind, evaluated);
+    const seed = await deriveSeed(oprfOutput, kdf);
+    const { cipherText, sharedSecret } = ml_kem768.encapsulate(SERVER_KEM_PUBLIC_KEY);
+    const message = buildLoginMessageV2(username, aud, cid, nonce, iat, exp, cipherText);
     let signature;
     try {
         const kp = ml_dsa44.keygen(seed);
         try {
-            signature = ml_dsa44.sign(message, kp.secretKey, { context: new TextEncoder().encode(LOGIN_CONTEXT) });
+            signature = ml_dsa44.sign(message, kp.secretKey, { context: utf8(LOGIN_CONTEXT) });
         }
         finally {
             wipe(kp.secretKey);
@@ -105,10 +177,19 @@ export async function login(username, password, opts = {}) {
     }
     if (signature.length !== SIGNATURE_LEN)
         throw new Error('auth: bad signature length');
-    const res = await postBinary(baseUrl, '/login/finish', new DataWriter().writeBytes(ch.cid).writeBytes(signature).toBytes());
-    if (res.readU8() !== 0)
+    const res = await postBinary(baseUrl, '/login/finish', new DataWriter().writeBytes(cid).writeBytes(cipherText).writeBytes(signature).toBytes());
+    if (res.readU8() !== 0) {
+        wipe(sharedSecret);
         throw new Error('auth: login failed');
-    return res.readBytes();
+    }
+    const session = res.readBytes();
+    const serverConfirm = res.readBytes();
+    const transcriptHash = await sha256Bytes(message);
+    const expected = await sha256Bytes(concatBytes(utf8(SERVER_CONFIRM_LABEL), sharedSecret, transcriptHash));
+    wipe(sharedSecret);
+    if (!bytesEqual(expected, serverConfirm))
+        throw new Error('auth: server authentication failed');
+    return session;
 }
 function toHex(bytes) {
     let s = '';

package/build/client/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 export { mount } from './routing/mount.js';
 export { Router } from './routing/Router.js';
 export { Auth, register as authRegister, login as authLogin, proveIdentity, buildLoginMessage, LOGIN_CONTEXT } from './auth.js';
-export type { KdfParams, Challenge, AuthOptions, IdentityProof } from './auth.js';
+export type { KdfParams, AuthOptions, IdentityProof } from './auth.js';
 export { Link } from './navigation/Link.js';
 export type { LinkProps } from './navigation/Link.js';
 export { NavLink, matchActive } from './navigation/NavLink.js';