oydid 0.4.3 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20d91a8c36a05670346244339ea68ec0288c1550994a421e51d4eeb4c6906234
-  data.tar.gz: 32722af4d3ab83842ad7cc3428834bccecdf0a987c3cb5c86683c7b5208fabe8
+  metadata.gz: 872454b12ba811fdab1ac25967a94f2555b3a3eb5e0b9e33128f671084c1c8ba
+  data.tar.gz: ba79bd15b747a1ff8344bb0084184bdd6f810cc4f13dde5e2abda974459d6576
 SHA512:
-  metadata.gz: 965132e50470d2423fce55a6f9cef44c34747585c3a46646f4ed1d546f9acfb25058bfe1cff3dcef1cd151e7ed40964f4f5f5cb55943872534c55610fc90ed1f
-  data.tar.gz: 06e4978da7ae725b69ae07e95fd92638b966c4ae3a111d5a18202739ba4bb0a9496c85f3cd4aae76041958f321d8a3337f94a5774d3df3600287677338442f76
+  metadata.gz: 6f365d7a094576d29cf1dc056a6c0ac6ff869b3f7ebe26d99817f439b369f7537caef79f170d1fbe8201eb7d44b36f29f0a0028f858d5ba0bace8de10f6972f6
+  data.tar.gz: 6e7425342af56e8bb2139138ad3162a82fc5023af0db7ba8d005abf5231e098df5d9718af1ee144ca4d8100a69c57e448dd5a4c3c20bc10127be317e1e05eff5

data/VERSION

@@ -1 +1 @@
-0.4.3
+0.5.3

data/lib/oydid/basic.rb

@@ -4,16 +4,79 @@
 class Oydid
 
     # basic functions ---------------------------
-    def self.encode(message, method = "base58btc")
-        Multibases.pack(method, message).to_s
+    # %w[multibases multihashes rbnacl json].each { |f| require f }
+    def self.multi_encode(message, options)
+        method = options[:encode] || DEFAULT_ENCODING rescue DEFAULT_ENCODING
+        case method
+        when *SUPPORTED_ENCODINGS
+            return [Multibases.pack(method, message).to_s, ""]
+        else
+            return [nil, "unsupported encoding: '" + method + "'"]
+        end
     end
 
-    def self.decode(message)
-        Multibases.unpack(message).decode.to_s('ASCII-8BIT')
+    def self.multi_decode(message)
+        begin
+            [Multibases.unpack(message).decode.to_s('ASCII-8BIT'), ""]
+        rescue => error
+            [nil, error.message] 
+        end
     end
 
     def self.hash(message)
-        encode(Multihashes.encode(RbNaCl::Hash.sha256(message), "sha2-256").unpack('C*'))
+        return multi_hash(message, {:digest => DEFAULT_DIGEST}).first
+    end
+
+    def self.multi_hash(message, options)
+        method = options[:digest] || DEFAULT_DIGEST
+        case method.to_s
+        when "sha2-256"
+            digest = RbNaCl::Hash.sha256(message)
+        when "sha2-512"
+            digest = RbNaCl::Hash.sha512(message)
+        when "sha3-224", "sha3-256", "sha3-384", "sha3-512"
+            digest = OpenSSL::Digest.digest(method, message)
+        when "blake2b-16"
+            digest = RbNaCl::Hash.blake2b(message, {digest_size: 16})
+        when "blake2b-32"
+            digest = RbNaCl::Hash.blake2b(message, {digest_size: 32})
+        when "blake2b-64"
+            digest = RbNaCl::Hash.blake2b(message)
+        else
+            return [nil, "unsupported digest: '" + method.to_s + "'"]
+        end
+        encoded = multi_encode(Multihashes.encode(digest, method.to_s), options)
+        if encoded.first.nil?
+            return [nil, encoded.last]
+        else
+            return [encoded.first, ""]
+        end
+    end
+
+    def self.get_digest(message)
+        retVal = Multihashes.decode Oydid.multi_decode(message).first
+        if retVal[:hash_function].to_s != ""
+            return [retVal[:hash_function].to_s, ""]
+        end
+        case Oydid.multi_decode(message).first[0..1].to_s
+        when "\x02\x10"
+            return ["blake2b-16", ""]
+        when "\x04 "
+            return ["blake2b-32", ""]
+        when "\b@"
+            return ["blake2b-64", ""]
+        else
+            return [nil, "unknown digest"]
+        end
+    end
+
+    def self.get_encoding(message)
+        # from https://github.com/multiformats/multibase/blob/master/multibase.csv 
+        begin
+            [Multibases.unpack(message).encoding, ""]
+        rescue => error
+            [nil, error.message] 
+        end
     end
 
     def self.canonical(message)
@@ -25,8 +88,13 @@ class Oydid
         message.to_json_c14n
     end
 
+    def self.percent_encode(did)
+        # remove "https://" from string as it is default
+        did = did.sub("https://","").sub("@", "%40").sub("http://","http%3A%2F%2F").gsub(":","%3A").sub("did%3Aoyd%3A", "did:oyd:")
+    end
+
     # key management ----------------------------
-    def self.generate_private_key(input, method = "ed25519-priv")
+    def self.generate_private_key(input, method = "ed25519-priv", options)
         begin
             omc = Multicodecs[method].code
         rescue
@@ -44,26 +112,70 @@ class Oydid
             return [nil, "unsupported key codec"]
         end
         length = raw_key.bytesize
-        return [encode([omc, length, raw_key].pack("SCa#{length}")), ""]
+        encoded = multi_encode([omc, length, raw_key].pack("SCa#{length}"), options)
+        if encoded.first.nil?
+            return [nil, encoded.last]
+        else
+            return [encoded.first, ""]
+        end
     end
 
-    def self.public_key(private_key)
-        code, length, digest = decode(private_key).unpack('SCa*')
+    def self.public_key(private_key, options, method = "ed25519-pub")
+        code, length, digest = multi_decode(private_key).first.unpack('SCa*')
         case Multicodecs[code].name
         when 'ed25519-priv'
-            public_key = Ed25519::SigningKey.new(digest).verify_key
+            case method
+            when 'ed25519-pub'
+                public_key = Ed25519::SigningKey.new(digest).verify_key
+            when 'x25519-pub'
+                public_key = RbNaCl::PrivateKey.new(digest).public_key
+            else
+                return [nil, "unsupported key codec"]
+            end
             length = public_key.to_bytes.bytesize
-            return [encode([Multicodecs['ed25519-pub'].code, length, public_key].pack("CCa#{length}")), ""]
+            encoded = multi_encode([Multicodecs[method].code, length, public_key].pack("CCa#{length}"), options)
+            if encoded.first.nil?
+                return [nil, encoded.last]
+            else
+                return [encoded.first, ""]
+            end
         else
             return [nil, "unsupported key codec"]
         end
     end
 
-    def self.sign(message, private_key)
-        code, length, digest = decode(private_key).unpack('SCa*')
+    def self.getPubKeyFromDID(did)
+        identifier = did.split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first rescue did
+        identifier = identifier.delete_prefix("did:oyd:")
+
+        # check if identifier is already PubKey
+        if decode_public_key(identifier).first.nil?
+            did_document, msg = read(did, {})
+            if did_document.nil?
+                return [nil, msg]
+                exit
+            end
+            pubKey = did_document["doc"]["key"].split(":").first rescue nil
+            if pubKey.nil?
+                return [nil, "cannot resolve " + did.to_s]
+            else
+                return [pubKey, ""]
+            end
+        else
+            return [identifier, ""]
+        end
+    end
+
+    def self.sign(message, private_key, options)
+        code, length, digest = multi_decode(private_key).first.unpack('SCa*')
         case Multicodecs[code].name
         when 'ed25519-priv'
-            return [encode(Ed25519::SigningKey.new(digest).sign(message)), ""]
+            encoded = multi_encode(Ed25519::SigningKey.new(digest).sign(message), options)
+            if encoded.first.nil?
+                return [nil, encoded.last]
+            else
+                return [encoded.first, ""]
+            end
         else
             return [nil, "unsupported key codec"]
         end
@@ -71,13 +183,13 @@ class Oydid
 
     def self.verify(message, signature, public_key)
         begin
-            code, length, digest = decode(public_key).unpack('CCa*')
+            code, length, digest = multi_decode(public_key).first.unpack('CCa*')
             case Multicodecs[code].name
             when 'ed25519-pub'
                 verify_key = Ed25519::VerifyKey.new(digest)
                 signature_verification = false
                 begin
-                    verify_key.verify(decode(signature), message)
+                    verify_key.verify(multi_decode(signature).first, message)
                     signature_verification = true
                 rescue Ed25519::VerifyError
                     signature_verification = false
@@ -91,7 +203,54 @@ class Oydid
         end
     end
 
-    def self.read_private_key(filename)
+    def self.encrypt(message, public_key, options)
+        begin
+            code, length, digest = multi_decode(public_key).first.unpack('CCa*')
+            case Multicodecs[code].name
+            when 'x25519-pub'
+                pubKey = RbNaCl::PublicKey.new(digest)
+                authHash = RbNaCl::Hash.sha256('auth'.dup.force_encoding('ASCII-8BIT'))
+                authKey = RbNaCl::PrivateKey.new(authHash)
+                box = RbNaCl::Box.new(pubKey, authKey)
+                nonce = RbNaCl::Random.random_bytes(box.nonce_bytes)
+                msg = message.force_encoding('ASCII-8BIT')
+                cipher = box.encrypt(nonce, msg)
+                return [
+                    { 
+                        value: cipher.unpack('H*')[0], 
+                        nonce: nonce.unpack('H*')[0]
+                    }, ""
+                ]
+            else
+                return [nil, "unsupported key codec"]
+            end
+        rescue
+            return [nil, "encryption failed"]
+        end
+    end
+
+    def self.decrypt(message, private_key, options)
+        begin
+            cipher = [JSON.parse(message)["value"]].pack('H*')
+            nonce = [JSON.parse(message)["nonce"]].pack('H*')
+            code, length, digest = multi_decode(private_key).first.unpack('SCa*')
+            case Multicodecs[code].name
+            when 'ed25519-priv'
+                privKey = RbNaCl::PrivateKey.new(digest)
+                authHash = RbNaCl::Hash.sha256('auth'.dup.force_encoding('ASCII-8BIT'))
+                authKey = RbNaCl::PrivateKey.new(authHash).public_key
+                box = RbNaCl::Box.new(authKey, privKey)
+                retVal = box.decrypt(nonce, cipher)
+                return [retVal, ""]
+            else
+                return [nil, "unsupported key codec"]
+            end
+        rescue
+            return [nil, "decryption failed"]
+        end
+    end
+
+    def self.read_private_key(filename, options)
         begin
             f = File.open(filename)
             key_encoded = f.read
@@ -99,12 +258,12 @@ class Oydid
         rescue
             return [nil, "cannot read file"]
         end
-        decode_private_key(key_encoded)
+        decode_private_key(key_encoded, options)
     end
 
-    def self.decode_private_key(key_encoded)
+    def self.decode_private_key(key_encoded, options)
         begin
-            code, length, digest = decode(key_encoded).unpack('SCa*')
+            code, length, digest = multi_decode(key_encoded).first.unpack('SCa*')
             case Multicodecs[code].name
             when 'ed25519-priv'
                 private_key = Ed25519::SigningKey.new(digest).to_bytes
@@ -112,12 +271,27 @@ class Oydid
                 return [nil, "unsupported key codec"]
             end
             length = private_key.bytesize
-            return [Oydid.encode([code, length, private_key].pack("SCa#{length}")), ""]
+            return multi_encode([code, length, private_key].pack("SCa#{length}"), options)
         rescue
             return [nil, "invalid key"]
         end
     end
 
+    def self.decode_public_key(key_encoded)
+        begin
+            code, length, digest = multi_decode(key_encoded).first.unpack('CCa*')
+            case Multicodecs[code].name
+            when 'ed25519-pub'
+                verify_key = Ed25519::VerifyKey.new(digest)
+                return [verify_key, ""]
+            else
+                return [nil, "unsupported key codec"]
+            end
+        rescue
+            return [nil, "unknown key codec"]
+        end
+    end
+
     # storage functions -----------------------------
     def self.write_private_storage(payload, filename)
         File.open(filename, 'w') {|f| f.write(payload)}
@@ -145,7 +319,7 @@ class Oydid
         end
     end
 
-    def self.retrieve_document(doc_hash, doc_file, doc_location, options)
+    def self.retrieve_document(doc_identifier, doc_file, doc_location, options)
         if doc_location == ""
             doc_location = DEFAULT_LOCATION
         end
@@ -154,17 +328,17 @@ class Oydid
                 doc_location = "https://" + doc_location
             end
         end
-
         case doc_location
         when /^http/
-            retVal = HTTParty.get(doc_location + "/doc/" + doc_hash)
+            doc_location = doc_location.sub("%3A%2F%2F","://").sub("%3A", ":")
+            retVal = HTTParty.get(doc_location + "/doc/" + doc_identifier)
             if retVal.code != 200
-                msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" + doc_hash.to_s
+                msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" + doc_identifier.to_s
                 return [nil, msg]
             end
             if options.transform_keys(&:to_s)["trace"]
                 if options[:silent].nil? || !options[:silent]
-                    puts "GET " + doc_hash + " from " + doc_location
+                    puts "GET " + doc_identifier + " from " + doc_location
                 end
             end
             return [retVal.parsed_response, ""]
@@ -179,6 +353,9 @@ class Oydid
     end
 
     def self.retrieve_document_raw(doc_hash, doc_file, doc_location, options)
+        doc_hash = doc_hash.split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first rescue doc_hash
+        doc_hash = doc_hash.delete_prefix("did:oyd:")
+
         if doc_location == ""
             doc_location = DEFAULT_LOCATION
         end
@@ -190,6 +367,7 @@ class Oydid
 
         case doc_location
         when /^http/
+            doc_location = doc_location.sub("%3A%2F%2F","://").sub("%3A", ":")
             retVal = HTTParty.get(doc_location + "/doc_raw/" + doc_hash)
             if retVal.code != 200
                 msg = retVal.parsed_response("error").to_s rescue "invalid response from " + doc_location.to_s + "/doc/" + doc_hash.to_s

data/lib/oydid/didcomm.rb

@@ -21,7 +21,7 @@ class Oydid
     # DIDComm Signed Message --------------------
     def self.dcsm(payload, private_key_encoded, options)
         error = ""
-        code, length, digest = decode(private_key_encoded).unpack('SCa*')
+        code, length, digest = multi_decode(private_key_encoded).first.unpack('SCa*')
         case Multicodecs[code].name
         when 'ed25519-priv'
             private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(digest)
@@ -40,7 +40,7 @@ class Oydid
         result, msg = Oydid.read(pubkey_did, options)
         public_key_encoded = Oydid.w3c(result, options)["authentication"].first["publicKeyMultibase"]
         begin
-            code, length, digest = Oydid.decode(public_key_encoded).unpack('CCa*')
+            code, length, digest = multi_decode(public_key_encoded).first.unpack('CCa*')
             case Multicodecs[code].name
             when 'ed25519-pub'
                 public_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(digest)
@@ -56,9 +56,9 @@ class Oydid
     end
 
     # encryption -----------------------------------
-    def self.msg_encrypt(payload, private_key_encoded, did)
+    def self.msg_encrypt(payload, private_key_encoded, did, options)
         error = ""
-        code, length, digest = decode(private_key_encoded).unpack('SCa*')
+        code, length, digest = multi_decode(private_key_encoded).first.unpack('SCa*')
         case Multicodecs[code].name
         when 'ed25519-priv'
             private_key = RbNaCl::Signatures::Ed25519::SigningKey.new(digest)
@@ -70,9 +70,9 @@ class Oydid
         return [token, error]
     end
 
-    def self.msg_decrypt(token, public_key_encoded)
+    def self.msg_decrypt(token, public_key_encoded, options)
         error = ""
-        code, length, digest = Oydid.decode(public_key_encoded).unpack('CCa*')
+        code, length, digest = Oydid.multi_decode(public_key_encoded).first.unpack('CCa*')
         case Multicodecs[code].name
         when 'ed25519-pub'
             public_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(digest)
@@ -98,4 +98,23 @@ class Oydid
             return [nil, "verification failed"]
         end
     end
+
+    # DID Auth for data container with challenge ---
+    def self.token_from_challenge(host, pwd, options = {})
+        sid = SecureRandom.hex(20).to_s
+        retVal = HTTParty.post(host + "/oydid/init",
+                    headers: { 'Content-Type' => 'application/json' },
+                    body: { "session_id": sid }.to_json )
+        challenge = retVal.parsed_response["challenge"]
+        signed_challenge = sign(challenge, Oydid.generate_private_key(pwd, options).first, options).first
+        public_key = public_key(generate_private_key(pwd, options).first, options).first
+        retVal = HTTParty.post(host + "/oydid/token",
+                    headers: { 'Content-Type' => 'application/json' },
+                    body: {
+                        "session_id": sid,
+                        "signed_challenge": signed_challenge,
+                        "public_key": public_key
+                    }.to_json)
+        return retVal.parsed_response["access_token"]
+    end
 end

data/lib/oydid/log.rb

@@ -7,9 +7,9 @@ class Oydid
         log.map do |item|
             i = item.dup
             i.delete("previous")
-            item["entry-hash"] = hash(canonical(item))
+            item["entry-hash"] = multi_hash(canonical(item), LOG_HASH_OPTIONS).first
             if item.transform_keys(&:to_s)["op"] == 1
-                item["sub-entry-hash"] = hash(canonical(i))
+                item["sub-entry-hash"] = multi_hash(canonical(i), LOG_HASH_OPTIONS).first
             end
             item
         end
@@ -37,6 +37,7 @@ class Oydid
 
         case log_location
         when /^http/
+            log_location = log_location.sub("%3A%2F%2F","://")
             retVal = HTTParty.get(log_location + "/log/" + did_hash)
             if retVal.code != 200
                 msg = retVal.parsed_response("error").to_s rescue 
@@ -78,11 +79,14 @@ class Oydid
             if el["op"].to_i == 0
                 terminate_indices << i
             end
-            log_hash << Oydid.hash(Oydid.canonical(el))
+            log_options = options.dup
+            el_hash = el["doc"].split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first
+            log_options[:digest] = Oydid.get_digest(el_hash).first
+            log_options[:encode] = Oydid.get_encoding(el_hash).first
+            log_hash << Oydid.multi_hash(Oydid.canonical(el), LOG_HASH_OPTIONS).first
             dag_log << dag.add_vertex(id: i)
             i += 1
         end unless logs.nil?
-
         if create_entries != 1
             return [nil, nil, nil, "wrong number of CREATE entries (" + create_entries.to_s + ") in log" ]
         end
@@ -237,7 +241,11 @@ class Oydid
                     log_location = DEFAULT_LOCATION
                 end
                 term = term.split(LOCATION_PREFIX).first
-                if hash(canonical(el)) != term
+                log_options = options.dup
+                el_hash = el["doc"].split(LOCATION_PREFIX).first.split(CGI.escape LOCATION_PREFIX).first
+                log_options[:digest] = Oydid.get_digest(el_hash).first
+                log_options[:encode] = Oydid.get_encoding(el_hash).first
+                if multi_hash(canonical(el), log_options).first != term
                     currentDID["error"] = 1
                     currentDID["message"] = "Log reference and record don't match"
                     if verification_output
@@ -266,7 +274,7 @@ class Oydid
                     if log_el["op"].to_i == 1 # TERMINATE
                         log_el_structure.delete("previous")
                     end
-                    if hash(canonical(log_el_structure)) == revoc_term
+                    if multi_hash(canonical(log_el_structure), log_options).first == revoc_term
                         revoc_term_found = true
                         revocation_record = log_el.dup
                         if verification_output
@@ -306,7 +314,7 @@ class Oydid
                     update_term_found = false
                     log_array.each do |log_el|
                         if log_el["op"].to_i == 3
-                            if log_el["previous"].include?(hash(canonical(revocation_record)))
+                            if log_el["previous"].include?(multi_hash(canonical(revocation_record), LOG_HASH_OPTIONS).first)
                                 update_term_found = true
                                 message = log_el["doc"].to_s