up8-ticket: add gen_ticket_drbg - up8-ticket - Securely generate UP8-compatible, @q-encoded master tickets.

commit 015f397ce184e4048ca7ac4e90d3435c61ebd285
parent 7a9b48c55e356d643f549e3d7c375c17d3273c1e
Author: Jared Tobin <jared@jtobin.io>
Date:   Fri, 25 Sep 2020 11:22:18 -0230

up8-ticket: add gen_ticket_drbg

Diffstat:
M package-lock.json  | 13 ++++---------
M package.json  | 2 ++
M src/index.js  | 39 +++++++++++++++++++++++++++++++++++++++

3 files changed, 45 insertions(+), 9 deletions(-)
diff --git a/package-lock.json b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "up8-ticket",
-  "version": "0.2.0",
+  "version": "0.1.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -1723,7 +1723,6 @@
       "version": "1.1.7",
       "resolved": "https://registry.npmjs.org/hash.js/-/hash.js-1.1.7.tgz",
       "integrity": "sha512-taOaskGt4z4SOANNseOviYDvjEJinIkRgmp7LbKP2YTTmVxWBl87s/uzK9r+44BclBSp2X7K1hqeNfz9JbBeXA==",
-      "dev": true,
       "requires": {
         "inherits": "^2.0.3",
         "minimalistic-assert": "^1.0.1"
@@ -1749,7 +1748,6 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/hmac-drbg/-/hmac-drbg-1.0.1.tgz",
       "integrity": "sha1-0nRXAQJabHdabFRXk+1QL8DGSaE=",
-      "dev": true,
       "requires": {
         "hash.js": "^1.0.3",
         "minimalistic-assert": "^1.0.0",
@@ -1826,8 +1824,7 @@
     "inherits": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
-      "dev": true
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
     },
     "inline-source-map": {
       "version": "0.6.2",
@@ -2329,14 +2326,12 @@
     "minimalistic-assert": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-assert/-/minimalistic-assert-1.0.1.tgz",
-      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A==",
-      "dev": true
+      "integrity": "sha512-UtJcAD4yEaGtjPezWuO9wC4nwUnVH/8/Im3yEHQP4b67cXlD/Qr9hdITCU1xDbSEXg2XKNaP8jsReV7vQd00/A=="
     },
     "minimalistic-crypto-utils": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/minimalistic-crypto-utils/-/minimalistic-crypto-utils-1.0.1.tgz",
-      "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo=",
-      "dev": true
+      "integrity": "sha1-9sAMHAsIIkblxNmd+4x8CDsrWCo="
     },
     "minimatch": {
       "version": "3.0.4",
diff --git a/package.json b/package.json
@@ -26,6 +26,8 @@
   "author": "~nidsut-tomdun",
   "license": "MIT",
   "dependencies": {
+    "hash.js": "^1.1.7",
+    "hmac-drbg": "^1.0.1",
     "lodash.chunk": "^4.2.0",
     "lodash.flatmap": "^4.5.0",
     "lodash.zipwith": "^4.2.0",
diff --git a/src/index.js b/src/index.js
@@ -1,5 +1,7 @@
 const chunk = require('lodash.chunk')
 const flatMap = require('lodash.flatmap')
+const hash = require('hash.js')
+const DRBG = require('hmac-drbg')
 const more = require('more-entropy')
 const ob = require('urbit-ob')
 const secrets = require('secrets.js-grempe')
@@ -93,6 +95,42 @@ const gen_ticket_more = (nbits, addl) => {
 }
 
 /*
+ * Generate a master ticket of the desired bitlength.
+ *
+ * Uses both 'crypto.rng' and 'more-entropy' to produce the required entropy
+ * and nonce for input to a HMAC-DRBG generator, respectively.
+ *
+ * A buffer provided as the second argument will be used as the DRBG
+ * personalisation string.
+ *
+ * @param  {Number}  nbits desired bitlength of ticket (minimum 192)
+ * @param  {Buffer}  addl an optional buffer of additional bytes
+ * @return  {Promise<String>}  a @q-encoded master ticket, wrapped in a Promise
+ */
+const gen_ticket_drbg = async (nbits, addl) => {
+  const nbytes = nbits / 8
+  const entropy = crypto.rng(nbytes)
+
+  const prng  = new more.Generator()
+  const nonce = await new Promise((resolve, reject) => {
+    prng.generate(nbits, result => {
+      resolve(result.toString('hex'))
+      reject("entropy generation failed")
+    })
+  })
+
+  const d = new DRBG({
+    hash: hash.sha256,
+    entropy: entropy,
+    nonce: nonce,
+    pers: Buffer.isBuffer(addl) ? addl.toString('hex') : null
+  })
+
+  const bytes = d.generate(nbytes, 'hex')
+  return ob.hex2patq(bytes)
+}
+
+/*
  * Shard a ticket via a k/n Shamir's Secret Sharing scheme.
  *
  * Provided with a ticket, a desired number of shards 'n', and threshold value
@@ -136,6 +174,7 @@ const combine = shards => {
 module.exports = {
   gen_ticket_simple,
   gen_ticket_more,
+  gen_ticket_drbg,
 
   shard,
   combine

	up8-ticket Securely generate UP8-compatible, @q-encoded master tickets.
	Log \| Files \| Refs \| README \| LICENSE

M	package-lock.json	\|	13	++++---------
M	package.json	\|	2	++
M	src/index.js	\|	39	+++++++++++++++++++++++++++++++++++++++