@docknetwork/wallet-sdk-wasm 1.7.0 → 1.7.7-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (85) hide show
  1. package/lib/index.js +1 -0
  2. package/lib/index.mjs +1 -0
  3. package/lib/modules/network-manager.js +15 -12
  4. package/lib/modules/network-manager.mjs +15 -12
  5. package/lib/rpc-server.js +1 -0
  6. package/lib/rpc-server.mjs +1 -0
  7. package/lib/services/blockchain/service.js +22 -9
  8. package/lib/services/blockchain/service.mjs +23 -10
  9. package/lib/services/credential/bound-check.js +1 -1
  10. package/lib/services/credential/bound-check.mjs +1 -1
  11. package/lib/services/credential/delegatable-credentials.js +300 -0
  12. package/lib/services/credential/delegatable-credentials.mjs +263 -0
  13. package/lib/services/credential/index.js +39 -0
  14. package/lib/services/credential/index.mjs +4 -0
  15. package/lib/services/credential/pex-helpers.js +4 -4
  16. package/lib/services/credential/pex-helpers.mjs +4 -4
  17. package/lib/services/edv/index.js +1 -0
  18. package/lib/services/edv/index.mjs +1 -0
  19. package/lib/services/edv/service-rpc.js +23 -0
  20. package/lib/services/edv/service-rpc.mjs +23 -0
  21. package/lib/services/edv/service.js +81 -1
  22. package/lib/services/edv/service.mjs +78 -2
  23. package/lib/services/index.js +1 -0
  24. package/lib/services/index.mjs +1 -0
  25. package/lib/services/pex/config.js +4 -0
  26. package/lib/services/pex/config.mjs +4 -0
  27. package/lib/services/pex/service-rpc.js +4 -0
  28. package/lib/services/pex/service-rpc.mjs +4 -0
  29. package/lib/services/pex/service.js +7 -0
  30. package/lib/services/pex/service.mjs +7 -0
  31. package/lib/setup-nodejs.js +1 -0
  32. package/lib/setup-nodejs.mjs +1 -0
  33. package/lib/setup-tests.js +1 -0
  34. package/lib/setup-tests.mjs +1 -0
  35. package/lib/src/modules/event-manager.d.ts +0 -1
  36. package/lib/src/modules/event-manager.d.ts.map +1 -1
  37. package/lib/src/modules/network-manager.d.ts +2 -4
  38. package/lib/src/modules/network-manager.d.ts.map +1 -1
  39. package/lib/src/services/blockchain/configs.d.ts +1 -2
  40. package/lib/src/services/blockchain/configs.d.ts.map +1 -1
  41. package/lib/src/services/blockchain/service.d.ts +4 -3
  42. package/lib/src/services/blockchain/service.d.ts.map +1 -1
  43. package/lib/src/services/credential/bbs-revocation.d.ts +1 -1
  44. package/lib/src/services/credential/bbs-revocation.d.ts.map +1 -1
  45. package/lib/src/services/credential/bound-check.d.ts.map +1 -1
  46. package/lib/src/services/credential/delegatable-credentials.d.ts +272 -0
  47. package/lib/src/services/credential/delegatable-credentials.d.ts.map +1 -0
  48. package/lib/src/services/credential/index.d.ts +1 -0
  49. package/lib/src/services/credential/index.d.ts.map +1 -1
  50. package/lib/src/services/credential/pex-helpers.d.ts +2 -2
  51. package/lib/src/services/credential/pex-helpers.d.ts.map +1 -1
  52. package/lib/src/services/dids/keypair-utils.d.ts +2 -2
  53. package/lib/src/services/dids/keypair-utils.d.ts.map +1 -1
  54. package/lib/src/services/dids/service.d.ts +35 -3
  55. package/lib/src/services/dids/service.d.ts.map +1 -1
  56. package/lib/src/services/edv/service.d.ts +50 -1
  57. package/lib/src/services/edv/service.d.ts.map +1 -1
  58. package/lib/src/services/pex/config.d.ts +1 -0
  59. package/lib/src/services/pex/config.d.ts.map +1 -1
  60. package/lib/src/services/pex/service.d.ts +1 -0
  61. package/lib/src/services/pex/service.d.ts.map +1 -1
  62. package/lib/src/services/relay-service/service.d.ts +19 -7
  63. package/lib/src/services/relay-service/service.d.ts.map +1 -1
  64. package/lib/src/services/storage/service.d.ts.map +1 -1
  65. package/lib/src/services/util-crypto/service.d.ts +2 -2
  66. package/lib/src/services/util-crypto/service.d.ts.map +1 -1
  67. package/lib/tsconfig.tsbuildinfo +1 -1
  68. package/package.json +36 -16
  69. package/rollup.config.mjs +5 -3
  70. package/src/globals.d.ts +3 -0
  71. package/src/modules/network-manager.ts +15 -14
  72. package/src/services/blockchain/configs.ts +1 -2
  73. package/src/services/blockchain/service.ts +26 -10
  74. package/src/services/credential/bound-check.ts +1 -1
  75. package/src/services/credential/delegatable-credentials.ts +409 -0
  76. package/src/services/credential/index.ts +16 -0
  77. package/src/services/credential/pex-helpers.js +4 -4
  78. package/src/services/credential/pex-helpers.test.js +2 -2
  79. package/src/services/edv/index.test.js +229 -0
  80. package/src/services/edv/service-rpc.js +23 -0
  81. package/src/services/edv/service.ts +119 -0
  82. package/src/services/pex/config.ts +4 -0
  83. package/src/services/pex/service-rpc.js +4 -0
  84. package/src/services/pex/service.ts +13 -0
  85. package/src/services/pex/tests/pex-service.test.js +210 -0
@@ -0,0 +1,263 @@
1
+ import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
2
+ export { cedar };
3
+ import { issueCredential, signPresentation, documentLoader, verifyPresentation } from '@docknetwork/credential-sdk/vc';
4
+ import { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
5
+ export { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
6
+ import { getKeypairFromDoc } from '@docknetwork/universal-wallet/methods/keypairs';
7
+ import { blockchainService } from '../blockchain/service.mjs';
8
+ import '@cosmjs/proto-signing';
9
+ import '@docknetwork/cheqd-blockchain-api';
10
+ import '@docknetwork/cheqd-blockchain-modules';
11
+ import '@docknetwork/credential-sdk/modules';
12
+ import '@docknetwork/credential-sdk/resolver';
13
+ import '@docknetwork/crypto-wasm-ts/lib/index';
14
+ import 'events';
15
+ import '../../core/logger.mjs';
16
+ import '../../modules/event-manager.mjs';
17
+ import 'assert';
18
+ import '../util-crypto/service.mjs';
19
+ import '@docknetwork/credential-sdk/utils';
20
+ import '@scure/bip39';
21
+ import '@scure/bip39/wordlists/english';
22
+ import '../util-crypto/configs.mjs';
23
+ import '@docknetwork/credential-sdk/types';
24
+ import '../blockchain/cached-did-resolver.mjs';
25
+ import '../storage/index.mjs';
26
+ import '../storage/service.mjs';
27
+ import '../storage/service-rpc.mjs';
28
+ import '../rpc-service-client.mjs';
29
+ import '../../rpc-client.mjs';
30
+ import 'json-rpc-2.0';
31
+ import '../../core/crypto.mjs';
32
+ import 'crypto';
33
+ import '../../logger.mjs';
34
+ import '../../rpc-util.mjs';
35
+
36
+ // @ts-nocheck
37
+ /**
38
+ * Prepares a key document for signing by creating a proper keypair with signer capability
39
+ * @param keyDoc - The key document with id, controller, type, and key material
40
+ * @returns A key document with an active signer
41
+ */
42
+ function prepareKeyForSigning(keyDoc) {
43
+ const kp = getKeypairFromDoc(keyDoc);
44
+ // Get the signer from the keypair - this returns an object with id and sign method
45
+ const signer = kp.signer();
46
+ // Set the id on the signer to match the verification method
47
+ signer.id = keyDoc.id;
48
+ return {
49
+ ...keyDoc,
50
+ keypair: kp,
51
+ signer,
52
+ };
53
+ }
54
+ /**
55
+ * W3C Credentials V1 context URL
56
+ */
57
+ const W3C_CREDENTIALS_V1 = 'https://www.w3.org/2018/credentials/v1';
58
+ /**
59
+ * Namespace used by the vc-delegation-engine for delegation properties
60
+ */
61
+ const DELEGATION_ENGINE_NS = 'https://ld.truvera.io/credentials/delegation#';
62
+ /**
63
+ * Base delegation context terms required for delegation credentials.
64
+ * These terms define the JSON-LD mappings needed for the vc-delegation-engine
65
+ * to properly process delegation chains.
66
+ *
67
+ * Use this as a base and extend with your own application-specific terms:
68
+ * @example
69
+ * const myContext = [
70
+ * W3C_CREDENTIALS_V1,
71
+ * {
72
+ * ...DELEGATION_CONTEXT_TERMS,
73
+ * // Add your custom terms here
74
+ * MyCredentialType: 'https://example.org/MyCredentialType',
75
+ * myField: 'https://example.org/myField',
76
+ * },
77
+ * ];
78
+ */
79
+ const DELEGATION_CONTEXT_TERMS = {
80
+ '@version': 1.1,
81
+ '@protected': true,
82
+ DelegationCredential: `${DELEGATION_ENGINE_NS}DelegationCredential`,
83
+ mayClaim: { '@id': MAY_CLAIM_IRI, '@container': '@set' },
84
+ rootCredentialId: { '@id': `${DELEGATION_ENGINE_NS}rootCredentialId`, '@type': '@id' },
85
+ previousCredentialId: { '@id': `${DELEGATION_ENGINE_NS}previousCredentialId`, '@type': '@id' },
86
+ };
87
+ /**
88
+ * Default context for verifiable presentations
89
+ */
90
+ const PRESENTATION_CONTEXT = [W3C_CREDENTIALS_V1];
91
+ /**
92
+ * Issues a delegation credential that grants authority to a delegate
93
+ * @param keyPair - The key pair to sign the credential
94
+ * @param params - Delegation parameters
95
+ * @returns Signed delegation credential
96
+ */
97
+ async function issueDelegationCredential(keyPair, credential) {
98
+ const preparedKey = prepareKeyForSigning(keyPair);
99
+ return issueCredential(preparedKey, credential);
100
+ }
101
+ /**
102
+ * Issues a credential as a delegate (with delegation chain reference)
103
+ * @param keyPair - The delegate's key pair to sign the credential
104
+ * @param params - Credential parameters
105
+ * @returns Signed credential
106
+ */
107
+ async function issueDelegatedCredential(keyPair, credential) {
108
+ const preparedKey = prepareKeyForSigning(keyPair);
109
+ return issueCredential(preparedKey, credential);
110
+ }
111
+ /**
112
+ * Creates and signs a verifiable presentation with delegation credentials
113
+ * @param keyPair - The key pair to sign the presentation
114
+ * @param params - Presentation parameters
115
+ * @returns Signed verifiable presentation
116
+ */
117
+ async function createSignedPresentation(keyPair, params) {
118
+ const { credentials, holderDid, challenge, domain, context = PRESENTATION_CONTEXT, } = params;
119
+ const presentation = {
120
+ '@context': context,
121
+ type: ['VerifiablePresentation'],
122
+ holder: holderDid,
123
+ verifiableCredential: credentials,
124
+ };
125
+ // Create key document for signing with proper keypair
126
+ const keyDoc = {
127
+ ...keyPair,
128
+ id: keyPair.id || `${holderDid}#keys-1`,
129
+ controller: keyPair.controller || holderDid,
130
+ };
131
+ const preparedKey = prepareKeyForSigning(keyDoc);
132
+ return signPresentation(presentation, preparedKey, challenge, domain);
133
+ }
134
+ /**
135
+ * Verifies a verifiable presentation with optional delegation chain validation
136
+ * Uses the credential-sdk's verifyPresentation which automatically:
137
+ * 1. Verifies the presentation signature
138
+ * 2. Verifies all credentials
139
+ * 3. Detects delegation credentials
140
+ * 4. Validates the delegation chain
141
+ * 5. Applies Cedar policies if provided
142
+ *
143
+ * @param vp - The verifiable presentation to verify
144
+ * @param options - Verification options
145
+ * @returns Verification result with delegation info if applicable
146
+ */
147
+ async function verifyDelegatablePresentation(vp, options = {}) {
148
+ const { challenge = vp.proof?.challenge || 'default-challenge', domain = vp.proof?.domain || 'default-domain', unsignedPresentation = false, failOnUnauthorizedClaims = true, policies, } = options;
149
+ const verifyOptions = {
150
+ challenge,
151
+ domain,
152
+ documentLoader: documentLoader(blockchainService.resolver),
153
+ unsignedPresentation,
154
+ failOnUnauthorizedClaims,
155
+ };
156
+ // Add Cedar authorization if policies are provided
157
+ if (policies) {
158
+ verifyOptions.cedarAuth = {
159
+ policies,
160
+ cedar,
161
+ };
162
+ }
163
+ return verifyPresentation(vp, verifyOptions);
164
+ }
165
+ /**
166
+ * Creates a Cedar policy for delegation verification
167
+ * @param config - Policy configuration
168
+ * @returns Cedar policy object
169
+ */
170
+ function createCedarPolicy(config) {
171
+ const { maxDepth = 2, rootIssuer, requiredClaims = {} } = config;
172
+ let claimsConditions = '';
173
+ for (const [key, value] of Object.entries(requiredClaims)) {
174
+ if (typeof value === 'number') {
175
+ claimsConditions += ` &&\n context.authorizedClaims.${key} >= ${value}`;
176
+ }
177
+ else if (typeof value === 'string') {
178
+ claimsConditions += ` &&\n context.authorizedClaims.${key} == "${value}"`;
179
+ }
180
+ }
181
+ const policyText = `
182
+ permit(
183
+ principal in Credential::Chain::"Action:Verify",
184
+ action == Credential::Action::"Verify",
185
+ resource
186
+ ) when {
187
+ principal == context.vpSigner &&
188
+ context.tailDepth <= ${maxDepth} &&
189
+ context.rootIssuer == Credential::Actor::"${rootIssuer}"${claimsConditions}
190
+ };
191
+ `;
192
+ return { staticPolicies: policyText };
193
+ }
194
+ /**
195
+ * Creates an unsigned verifiable presentation (for testing)
196
+ * @param credentials - Array of credentials to include
197
+ * @param proof - Optional proof object
198
+ * @param context - Optional context
199
+ * @returns Verifiable presentation object
200
+ */
201
+ function createUnsignedPresentation(credentials, proof, context = PRESENTATION_CONTEXT) {
202
+ const vp = {
203
+ '@context': context,
204
+ type: ['VerifiablePresentation'],
205
+ verifiableCredential: credentials,
206
+ };
207
+ if (proof) {
208
+ vp.proof = proof;
209
+ }
210
+ return vp;
211
+ }
212
+ /**
213
+ * Service class for delegatable credentials operations
214
+ */
215
+ class DelegatableCredentialsService {
216
+ name = 'delegatable-credentials';
217
+ rpcMethods = [
218
+ DelegatableCredentialsService.prototype.issueDelegation,
219
+ DelegatableCredentialsService.prototype.issueDelegatedCredential,
220
+ DelegatableCredentialsService.prototype.createPresentation,
221
+ DelegatableCredentialsService.prototype.verifyPresentation,
222
+ DelegatableCredentialsService.prototype.createPolicy,
223
+ ];
224
+ /**
225
+ * Issues a delegation credential
226
+ */
227
+ async issueDelegation(params) {
228
+ return issueDelegationCredential(params.keyPair, params);
229
+ }
230
+ /**
231
+ * Issues a credential as a delegate
232
+ */
233
+ async issueDelegatedCredential(params) {
234
+ return issueDelegatedCredential(params.keyPair, params);
235
+ }
236
+ /**
237
+ * Creates and signs a verifiable presentation
238
+ */
239
+ async createPresentation(params) {
240
+ return createSignedPresentation(params.keyPair, params);
241
+ }
242
+ /**
243
+ * Verifies a verifiable presentation with delegation chain
244
+ */
245
+ async verifyPresentation(params) {
246
+ return verifyDelegatablePresentation(params.presentation, {
247
+ challenge: params.challenge,
248
+ domain: params.domain,
249
+ unsignedPresentation: params.unsignedPresentation,
250
+ failOnUnauthorizedClaims: params.failOnUnauthorizedClaims,
251
+ policies: params.policies,
252
+ });
253
+ }
254
+ /**
255
+ * Creates a Cedar policy for delegation verification
256
+ */
257
+ createPolicy(params) {
258
+ return createCedarPolicy(params);
259
+ }
260
+ }
261
+ const delegatableCredentialsService = new DelegatableCredentialsService();
262
+
263
+ export { DELEGATION_CONTEXT_TERMS, DELEGATION_ENGINE_NS, PRESENTATION_CONTEXT, W3C_CREDENTIALS_V1, createCedarPolicy, createSignedPresentation, createUnsignedPresentation, delegatableCredentialsService, issueDelegatedCredential, issueDelegationCredential, verifyDelegatablePresentation };
@@ -3,6 +3,9 @@
3
3
  Object.defineProperty(exports, '__esModule', { value: true });
4
4
 
5
5
  var services_credential_service = require('./service.js');
6
+ var services_credential_delegatableCredentials = require('./delegatable-credentials.js');
7
+ var cedar = require('@cedar-policy/cedar-wasm/nodejs');
8
+ var vcDelegationEngine = require('@docknetwork/vc-delegation-engine');
6
9
  require('./config.js');
7
10
  require('assert');
8
11
  require('@docknetwork/crypto-wasm-ts');
@@ -60,8 +63,44 @@ require('./sd-jwt.js');
60
63
  require('@sd-jwt/sd-jwt-vc');
61
64
  require('@sd-jwt/crypto-nodejs');
62
65
 
66
+ function _interopNamespace(e) {
67
+ if (e && e.__esModule) return e;
68
+ var n = Object.create(null);
69
+ if (e) {
70
+ Object.keys(e).forEach(function (k) {
71
+ if (k !== 'default') {
72
+ var d = Object.getOwnPropertyDescriptor(e, k);
73
+ Object.defineProperty(n, k, d.get ? d : {
74
+ enumerable: true,
75
+ get: function () { return e[k]; }
76
+ });
77
+ }
78
+ });
79
+ }
80
+ n["default"] = e;
81
+ return Object.freeze(n);
82
+ }
83
+
84
+ var cedar__namespace = /*#__PURE__*/_interopNamespace(cedar);
85
+
63
86
  // @ts-nocheck
64
87
  // TODO: rename it to credentialService, will need to update dock-app
65
88
  const credentialServiceRPC = services_credential_service.credentialService;
66
89
 
90
+ exports.DELEGATION_CONTEXT_TERMS = services_credential_delegatableCredentials.DELEGATION_CONTEXT_TERMS;
91
+ exports.DELEGATION_ENGINE_NS = services_credential_delegatableCredentials.DELEGATION_ENGINE_NS;
92
+ exports.PRESENTATION_CONTEXT = services_credential_delegatableCredentials.PRESENTATION_CONTEXT;
93
+ exports.W3C_CREDENTIALS_V1 = services_credential_delegatableCredentials.W3C_CREDENTIALS_V1;
94
+ exports.createCedarPolicy = services_credential_delegatableCredentials.createCedarPolicy;
95
+ exports.createSignedPresentation = services_credential_delegatableCredentials.createSignedPresentation;
96
+ exports.createUnsignedPresentation = services_credential_delegatableCredentials.createUnsignedPresentation;
97
+ exports.delegatableCredentialsService = services_credential_delegatableCredentials.delegatableCredentialsService;
98
+ exports.issueDelegatedCredential = services_credential_delegatableCredentials.issueDelegatedCredential;
99
+ exports.issueDelegationCredential = services_credential_delegatableCredentials.issueDelegationCredential;
100
+ exports.verifyDelegatablePresentation = services_credential_delegatableCredentials.verifyDelegatablePresentation;
101
+ exports.cedar = cedar__namespace;
102
+ Object.defineProperty(exports, 'MAY_CLAIM_IRI', {
103
+ enumerable: true,
104
+ get: function () { return vcDelegationEngine.MAY_CLAIM_IRI; }
105
+ });
67
106
  exports.credentialServiceRPC = credentialServiceRPC;
@@ -1,4 +1,8 @@
1
1
  import { credentialService } from './service.mjs';
2
+ export { DELEGATION_CONTEXT_TERMS, DELEGATION_ENGINE_NS, PRESENTATION_CONTEXT, W3C_CREDENTIALS_V1, createCedarPolicy, createSignedPresentation, createUnsignedPresentation, delegatableCredentialsService, issueDelegatedCredential, issueDelegationCredential, verifyDelegatablePresentation } from './delegatable-credentials.mjs';
3
+ import * as cedar from '@cedar-policy/cedar-wasm/nodejs';
4
+ export { cedar };
5
+ export { MAY_CLAIM_IRI } from '@docknetwork/vc-delegation-engine';
2
6
  import './config.mjs';
3
7
  import 'assert';
4
8
  import '@docknetwork/crypto-wasm-ts';
@@ -9,10 +9,10 @@ const EPSILON_INT = 1;
9
9
 
10
10
  const MAX_DATE_PLACEHOLDER = 884541351600000;
11
11
  const MIN_DATE_PLACEHOLDER = -17592186044415;
12
- const MAX_INTEGER = 100 ** 9;
13
- const MIN_INTEGER = -4294967295;
14
- const MAX_NUMBER = 100 ** 5;
15
- const MIN_NUMBER = -4294967294;
12
+ const MAX_INTEGER = Number.MAX_SAFE_INTEGER;
13
+ const MIN_INTEGER = Number.MIN_SAFE_INTEGER;
14
+ const MAX_NUMBER = Number.MAX_SAFE_INTEGER;
15
+ const MIN_NUMBER = Number.MIN_SAFE_INTEGER;
16
16
 
17
17
  /*
18
18
  PEX Filter rules:
@@ -5,10 +5,10 @@ const EPSILON_INT = 1;
5
5
 
6
6
  const MAX_DATE_PLACEHOLDER = 884541351600000;
7
7
  const MIN_DATE_PLACEHOLDER = -17592186044415;
8
- const MAX_INTEGER = 100 ** 9;
9
- const MIN_INTEGER = -4294967295;
10
- const MAX_NUMBER = 100 ** 5;
11
- const MIN_NUMBER = -4294967294;
8
+ const MAX_INTEGER = Number.MAX_SAFE_INTEGER;
9
+ const MIN_INTEGER = Number.MIN_SAFE_INTEGER;
10
+ const MAX_NUMBER = Number.MAX_SAFE_INTEGER;
11
+ const MIN_NUMBER = Number.MIN_SAFE_INTEGER;
12
12
 
13
13
  /*
14
14
  PEX Filter rules:
@@ -25,6 +25,7 @@ require('@docknetwork/credential-sdk/vc/crypto');
25
25
  require('@docknetwork/credential-sdk/utils');
26
26
  require('@digitalbazaar/x25519-key-agreement-key-2019');
27
27
  require('../dids/keypair-utils.js');
28
+ require('futoin-hkdf');
28
29
 
29
30
 
30
31
 
@@ -21,3 +21,4 @@ import '@docknetwork/credential-sdk/vc/crypto';
21
21
  import '@docknetwork/credential-sdk/utils';
22
22
  import '@digitalbazaar/x25519-key-agreement-key-2019';
23
23
  import '../dids/keypair-utils.mjs';
24
+ import 'futoin-hkdf';
@@ -50,6 +50,29 @@ class EDVServiceRpc extends services_rpcServiceClient.RpcService {
50
50
  delete(params ) {
51
51
  return this.call('delete', params);
52
52
  }
53
+
54
+ deriveBiometricKey(biometricData , identifier ) {
55
+ return this.call('deriveBiometricKey', {biometricData, identifier});
56
+ }
57
+
58
+ deriveBiometricEncryptionKey(biometricData , identifier ) {
59
+ return this.call('deriveBiometricEncryptionKey', {
60
+ biometricData,
61
+ identifier,
62
+ });
63
+ }
64
+
65
+ encryptMasterKey(masterKey , encryptionKey , iv ) {
66
+ return this.call('encryptMasterKey', {masterKey, encryptionKey, iv});
67
+ }
68
+
69
+ decryptMasterKey(
70
+ encryptedKey ,
71
+ decryptionKey ,
72
+ iv ,
73
+ ) {
74
+ return this.call('decryptMasterKey', {encryptedKey, decryptionKey, iv});
75
+ }
53
76
  }
54
77
 
55
78
  exports.EDVServiceRpc = EDVServiceRpc;
@@ -46,6 +46,29 @@ class EDVServiceRpc extends RpcService {
46
46
  delete(params ) {
47
47
  return this.call('delete', params);
48
48
  }
49
+
50
+ deriveBiometricKey(biometricData , identifier ) {
51
+ return this.call('deriveBiometricKey', {biometricData, identifier});
52
+ }
53
+
54
+ deriveBiometricEncryptionKey(biometricData , identifier ) {
55
+ return this.call('deriveBiometricEncryptionKey', {
56
+ biometricData,
57
+ identifier,
58
+ });
59
+ }
60
+
61
+ encryptMasterKey(masterKey , encryptionKey , iv ) {
62
+ return this.call('encryptMasterKey', {masterKey, encryptionKey, iv});
63
+ }
64
+
65
+ decryptMasterKey(
66
+ encryptedKey ,
67
+ decryptionKey ,
68
+ iv ,
69
+ ) {
70
+ return this.call('decryptMasterKey', {encryptedKey, decryptionKey, iv});
71
+ }
49
72
  }
50
73
 
51
74
  export { EDVServiceRpc };
@@ -12,9 +12,10 @@ var keypairs = require('@docknetwork/universal-wallet/methods/keypairs');
12
12
  var logger = require('@docknetwork/wallet-sdk-data-store/lib/logger');
13
13
  var services_dids_service = require('../dids/service.js');
14
14
  var keypairs$1 = require('@docknetwork/credential-sdk/keypairs');
15
+ var hkdf = require('futoin-hkdf');
16
+ var crypto = require('@docknetwork/universal-wallet/crypto');
15
17
  require('assert');
16
18
  require('base64url-universal');
17
- require('@docknetwork/universal-wallet/crypto');
18
19
  require('@docknetwork/wallet-sdk-dids/lib');
19
20
  require('../dids/config.js');
20
21
  require('base64url');
@@ -28,8 +29,12 @@ require('../dids/keypair-utils.js');
28
29
  function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; }
29
30
 
30
31
  var EDVHTTPStorageInterface__default = /*#__PURE__*/_interopDefaultLegacy(EDVHTTPStorageInterface);
32
+ var hkdf__default = /*#__PURE__*/_interopDefaultLegacy(hkdf);
33
+ var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto);
31
34
 
32
35
  // @ts-nocheck
36
+ const HKDF_LENGTH = 32;
37
+ const HKDF_HASH = 'SHA-256';
33
38
  /**
34
39
  * Service class for managing Encrypted Data Vaults
35
40
  * @class
@@ -49,6 +54,10 @@ class EDVService {
49
54
  EDVService.prototype.update,
50
55
  EDVService.prototype.insert,
51
56
  EDVService.prototype.delete,
57
+ EDVService.prototype.deriveBiometricKey,
58
+ EDVService.prototype.deriveBiometricEncryptionKey,
59
+ EDVService.prototype.encryptMasterKey,
60
+ EDVService.prototype.decryptMasterKey,
52
61
  ];
53
62
  /**
54
63
  * Creates a new EDVService instance
@@ -249,6 +258,75 @@ class EDVService {
249
258
  delete(params) {
250
259
  return this.storageInterface.delete(params);
251
260
  }
261
+ /**
262
+ * Derives a key from biometric data using HKDF
263
+ * @param {Buffer} biometricData - Biometric data from provider
264
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
265
+ * @returns {Buffer} Derived key
266
+ * @example
267
+ * const key = edvService.deriveBiometricKey(biometricData, 'user@example.com');
268
+ */
269
+ deriveBiometricKey(biometricData, identifier) {
270
+ const salt = identifier;
271
+ return hkdf__default["default"](biometricData, HKDF_LENGTH, { salt, hash: HKDF_HASH });
272
+ }
273
+ /**
274
+ * Generates a key for encrypting/decrypting the master key
275
+ * @param {Buffer} biometricData - Biometric data from provider
276
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
277
+ * @returns {Promise<Object>} Encryption key and IV for AES encryption
278
+ * @returns {Buffer} returns.key - Encryption key
279
+ * @returns {Buffer} returns.iv - Initialization vector
280
+ * @example
281
+ * const { key, iv } = await edvService.deriveBiometricEncryptionKey(biometricData, 'user@example.com');
282
+ */
283
+ async deriveBiometricEncryptionKey(biometricData, identifier) {
284
+ const key = this.deriveBiometricKey(biometricData, identifier);
285
+ const randomBytes = crypto__default["default"].getRandomValues(new Uint8Array(16));
286
+ const iv = Buffer.from(randomBytes);
287
+ return {
288
+ key,
289
+ iv
290
+ };
291
+ }
292
+ /**
293
+ * Encrypts the master key using a key derived from biometric data
294
+ * @param {Uint8Array} masterKey - The CloudWalletVault master key to encrypt
295
+ * @param {Buffer} encryptionKey - Key derived from biometric data
296
+ * @param {Buffer} iv - Initialization vector
297
+ * @returns {Promise<Uint8Array>} Encrypted master key
298
+ * @example
299
+ * const encrypted = await edvService.encryptMasterKey(masterKey, encryptionKey, iv);
300
+ */
301
+ async encryptMasterKey(masterKey, encryptionKey, iv) {
302
+ const keyData = new Uint8Array(encryptionKey);
303
+ const ivData = new Uint8Array(iv);
304
+ const key = await crypto__default["default"].subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['encrypt']);
305
+ const encryptedBuffer = await crypto__default["default"].subtle.encrypt({ name: 'AES-GCM', iv: ivData }, key, masterKey);
306
+ return new Uint8Array(encryptedBuffer);
307
+ }
308
+ /**
309
+ * Decrypts the master key using biometric-derived key
310
+ * @param {Uint8Array} encryptedKey - The encrypted master key
311
+ * @param {Buffer} decryptionKey - Key derived from biometric data
312
+ * @param {Buffer} iv - Initialization vector
313
+ * @returns {Promise<Uint8Array>} The decrypted master key
314
+ * @throws {Error} If decryption fails
315
+ * @example
316
+ * const masterKey = await edvService.decryptMasterKey(encryptedKey, decryptionKey, iv);
317
+ */
318
+ async decryptMasterKey(encryptedKey, decryptionKey, iv) {
319
+ try {
320
+ const keyData = new Uint8Array(decryptionKey);
321
+ const ivData = new Uint8Array(iv);
322
+ const key = await crypto__default["default"].subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['decrypt']);
323
+ const decryptedBuffer = await crypto__default["default"].subtle.decrypt({ name: 'AES-GCM', iv: ivData }, key, encryptedKey);
324
+ return new Uint8Array(decryptedBuffer);
325
+ }
326
+ catch (error) {
327
+ throw new Error('Decryption failed: Invalid key or corrupted data');
328
+ }
329
+ }
252
330
  }
253
331
  /**
254
332
  * Singleton instance of the EDV service
@@ -287,4 +365,6 @@ class EDVService {
287
365
  const edvService = new EDVService();
288
366
 
289
367
  exports.EDVService = EDVService;
368
+ exports.HKDF_HASH = HKDF_HASH;
369
+ exports.HKDF_LENGTH = HKDF_LENGTH;
290
370
  exports.edvService = edvService;
@@ -8,9 +8,10 @@ import { getKeypairFromDoc } from '@docknetwork/universal-wallet/methods/keypair
8
8
  import { logger } from '@docknetwork/wallet-sdk-data-store/lib/logger';
9
9
  import { didService } from '../dids/service.mjs';
10
10
  import { Ed25519Keypair } from '@docknetwork/credential-sdk/keypairs';
11
+ import hkdf from 'futoin-hkdf';
12
+ import crypto from '@docknetwork/universal-wallet/crypto';
11
13
  import 'assert';
12
14
  import 'base64url-universal';
13
- import '@docknetwork/universal-wallet/crypto';
14
15
  import '@docknetwork/wallet-sdk-dids/lib';
15
16
  import '../dids/config.mjs';
16
17
  import 'base64url';
@@ -22,6 +23,8 @@ import '@digitalbazaar/x25519-key-agreement-key-2019';
22
23
  import '../dids/keypair-utils.mjs';
23
24
 
24
25
  // @ts-nocheck
26
+ const HKDF_LENGTH = 32;
27
+ const HKDF_HASH = 'SHA-256';
25
28
  /**
26
29
  * Service class for managing Encrypted Data Vaults
27
30
  * @class
@@ -41,6 +44,10 @@ class EDVService {
41
44
  EDVService.prototype.update,
42
45
  EDVService.prototype.insert,
43
46
  EDVService.prototype.delete,
47
+ EDVService.prototype.deriveBiometricKey,
48
+ EDVService.prototype.deriveBiometricEncryptionKey,
49
+ EDVService.prototype.encryptMasterKey,
50
+ EDVService.prototype.decryptMasterKey,
44
51
  ];
45
52
  /**
46
53
  * Creates a new EDVService instance
@@ -241,6 +248,75 @@ class EDVService {
241
248
  delete(params) {
242
249
  return this.storageInterface.delete(params);
243
250
  }
251
+ /**
252
+ * Derives a key from biometric data using HKDF
253
+ * @param {Buffer} biometricData - Biometric data from provider
254
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
255
+ * @returns {Buffer} Derived key
256
+ * @example
257
+ * const key = edvService.deriveBiometricKey(biometricData, 'user@example.com');
258
+ */
259
+ deriveBiometricKey(biometricData, identifier) {
260
+ const salt = identifier;
261
+ return hkdf(biometricData, HKDF_LENGTH, { salt, hash: HKDF_HASH });
262
+ }
263
+ /**
264
+ * Generates a key for encrypting/decrypting the master key
265
+ * @param {Buffer} biometricData - Biometric data from provider
266
+ * @param {string} identifier - User's identifier as salt (email, phone number, etc.)
267
+ * @returns {Promise<Object>} Encryption key and IV for AES encryption
268
+ * @returns {Buffer} returns.key - Encryption key
269
+ * @returns {Buffer} returns.iv - Initialization vector
270
+ * @example
271
+ * const { key, iv } = await edvService.deriveBiometricEncryptionKey(biometricData, 'user@example.com');
272
+ */
273
+ async deriveBiometricEncryptionKey(biometricData, identifier) {
274
+ const key = this.deriveBiometricKey(biometricData, identifier);
275
+ const randomBytes = crypto.getRandomValues(new Uint8Array(16));
276
+ const iv = Buffer.from(randomBytes);
277
+ return {
278
+ key,
279
+ iv
280
+ };
281
+ }
282
+ /**
283
+ * Encrypts the master key using a key derived from biometric data
284
+ * @param {Uint8Array} masterKey - The CloudWalletVault master key to encrypt
285
+ * @param {Buffer} encryptionKey - Key derived from biometric data
286
+ * @param {Buffer} iv - Initialization vector
287
+ * @returns {Promise<Uint8Array>} Encrypted master key
288
+ * @example
289
+ * const encrypted = await edvService.encryptMasterKey(masterKey, encryptionKey, iv);
290
+ */
291
+ async encryptMasterKey(masterKey, encryptionKey, iv) {
292
+ const keyData = new Uint8Array(encryptionKey);
293
+ const ivData = new Uint8Array(iv);
294
+ const key = await crypto.subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['encrypt']);
295
+ const encryptedBuffer = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: ivData }, key, masterKey);
296
+ return new Uint8Array(encryptedBuffer);
297
+ }
298
+ /**
299
+ * Decrypts the master key using biometric-derived key
300
+ * @param {Uint8Array} encryptedKey - The encrypted master key
301
+ * @param {Buffer} decryptionKey - Key derived from biometric data
302
+ * @param {Buffer} iv - Initialization vector
303
+ * @returns {Promise<Uint8Array>} The decrypted master key
304
+ * @throws {Error} If decryption fails
305
+ * @example
306
+ * const masterKey = await edvService.decryptMasterKey(encryptedKey, decryptionKey, iv);
307
+ */
308
+ async decryptMasterKey(encryptedKey, decryptionKey, iv) {
309
+ try {
310
+ const keyData = new Uint8Array(decryptionKey);
311
+ const ivData = new Uint8Array(iv);
312
+ const key = await crypto.subtle.importKey('raw', keyData, { name: 'AES-GCM' }, false, ['decrypt']);
313
+ const decryptedBuffer = await crypto.subtle.decrypt({ name: 'AES-GCM', iv: ivData }, key, encryptedKey);
314
+ return new Uint8Array(decryptedBuffer);
315
+ }
316
+ catch (error) {
317
+ throw new Error('Decryption failed: Invalid key or corrupted data');
318
+ }
319
+ }
244
320
  }
245
321
  /**
246
322
  * Singleton instance of the EDV service
@@ -278,4 +354,4 @@ class EDVService {
278
354
  */
279
355
  const edvService = new EDVService();
280
356
 
281
- export { EDVService, edvService };
357
+ export { EDVService, HKDF_HASH, HKDF_LENGTH, edvService };
@@ -77,6 +77,7 @@ require('./edv/hmac.js');
77
77
  require('base64url-universal');
78
78
  require('@docknetwork/universal-wallet/crypto');
79
79
  require('@docknetwork/wallet-sdk-data-store/lib/logger');
80
+ require('futoin-hkdf');
80
81
 
81
82
  var services = [
82
83
  services_blockchain_service.blockchainService,