@dwn-protocol/id-sdk 0.2.5 → 0.2.6

package/src/crypto/algorithms-api/crypto-algorithm.ts

@@ -1,127 +0,0 @@
-import type { IDCrypto } from '../types/iddwn-crypto.js';
-
-import { InvalidAccessError, NotSupportedError } from './errors.js';
-
-export abstract class CryptoAlgorithm {
-
-  /**
-   * Name of the algorithm
-   */
-  public abstract readonly name: string;
-
-  /**
-   * Indicates which cryptographic operations are permissible to be used with this algorithm.
-   */
-  public abstract readonly keyUsages: IDCrypto.KeyUsage[] | IDCrypto.KeyPairUsage;
-
-  public checkAlgorithmName(options: {
-    algorithmName: string
-  }): void {
-    const { algorithmName } = options;
-    if (algorithmName === undefined) {
-      throw new TypeError(`Required parameter missing: 'algorithmName'`);
-    }
-    if (algorithmName !== this.name) {
-      throw new NotSupportedError(`Algorithm not supported: '${algorithmName}'`);
-    }
-  }
-
-  public checkCryptoKey(options: {
-    key: IDCrypto.CryptoKey
-  }): void {
-    const { key } = options;
-    if (!('algorithm' in key && 'extractable' in key && 'type' in key && 'usages' in key)) {
-      throw new TypeError('Object is not a CryptoKey');
-    }
-  }
-
-  public checkKeyAlgorithm(options: {
-    keyAlgorithmName: string
-  }): void {
-    const { keyAlgorithmName } = options;
-    if (keyAlgorithmName === undefined) {
-      throw new TypeError(`Required parameter missing: 'keyAlgorithmName'`);
-    }
-    if (keyAlgorithmName && keyAlgorithmName !== this.name) {
-      throw new InvalidAccessError(`Algorithm '${this.name}' does not match the provided '${keyAlgorithmName}' key.`);
-    }
-  }
-
-  public checkKeyType(options: {
-    keyType: IDCrypto.KeyType,
-    allowedKeyType: IDCrypto.KeyType
-  }): void {
-    const { keyType, allowedKeyType } = options;
-    if (keyType === undefined || allowedKeyType === undefined) {
-      throw new TypeError(`One or more required parameters missing: 'keyType, allowedKeyType'`);
-    }
-    if (keyType && keyType !== allowedKeyType) {
-      throw new InvalidAccessError(`Requested operation is not valid for the provided '${keyType}' key.`);
-    }
-  }
-
-  public checkKeyUsages(options: {
-    keyUsages: IDCrypto.KeyUsage[],
-    allowedKeyUsages: IDCrypto.KeyUsage[] | IDCrypto.KeyPairUsage
-  }): void {
-    const { keyUsages, allowedKeyUsages } = options;
-    if (!(keyUsages && keyUsages.length > 0)) {
-      throw new TypeError(`Required parameter missing or empty: 'keyUsages'`);
-    }
-    const allowedUsages = (Array.isArray(allowedKeyUsages)) ? allowedKeyUsages : [...allowedKeyUsages.privateKey, ...allowedKeyUsages.publicKey];
-    if (!keyUsages.every(usage => allowedUsages.includes(usage))) {
-      throw new InvalidAccessError(`Requested operation(s) '${keyUsages.join(', ')}' is not valid for the provided key.`);
-    }
-  }
-
-  /**
-   * Creates an instance of the class on which it is called.
-   *
-   * This is a generic factory method that creates an instance of any
-   * crypto algorithm that extends this abstract class.
-   *
-   * @template T The type of the instance to be created.
-   * @returns An instance of the class it is called on.
-   * @throws {TypeError} If the class it is called on cannot be constructed.
-   */
-  static create<T extends CryptoAlgorithm>(this: new () => T): T {
-    return new this();
-  }
-
-  public abstract decrypt(options: {
-    algorithm: IDCrypto.AlgorithmIdentifier | IDCrypto.AesCtrOptions | IDCrypto.AesGcmOptions,
-    key: IDCrypto.CryptoKey,
-    data: Uint8Array
-  }): Promise<Uint8Array>;
-
-  public abstract deriveBits(options: {
-    algorithm: IDCrypto.AlgorithmIdentifier | IDCrypto.EcdhDeriveKeyOptions,
-    baseKey: IDCrypto.CryptoKey,
-    length: number | null
-  }): Promise<Uint8Array>;
-
-  public abstract encrypt(options: {
-    algorithm: IDCrypto.AlgorithmIdentifier | IDCrypto.AesCtrOptions | IDCrypto.AesGcmOptions,
-    key: IDCrypto.CryptoKey,
-    data: Uint8Array
-  }): Promise<Uint8Array>;
-
-  public abstract generateKey(options: {
-    algorithm: Partial<IDCrypto.GenerateKeyOptions>,
-    extractable: boolean,
-    keyUsages: IDCrypto.KeyUsage[],
-  }): Promise<IDCrypto.CryptoKey | IDCrypto.CryptoKeyPair>;
-
-  public abstract sign(options: {
-    algorithm: IDCrypto.AlgorithmIdentifier | IDCrypto.EcdsaOptions | IDCrypto.EdDsaOptions,
-    key: IDCrypto.CryptoKey,
-    data: Uint8Array
-  }): Promise<Uint8Array>;
-
-  public abstract verify(options: {
-    algorithm: IDCrypto.AlgorithmIdentifier | IDCrypto.EcdsaOptions | IDCrypto.EdDsaOptions,
-    key: IDCrypto.CryptoKey,
-    signature: Uint8Array,
-    data: Uint8Array
-  }): Promise<boolean>;
-}

package/src/crypto/algorithms-api/crypto-key.ts

@@ -1,56 +0,0 @@
-import type { IDCrypto } from '../types/iddwn-crypto.js';
-
-export class CryptoKey implements IDCrypto.CryptoKey {
-  public algorithm: IDCrypto.KeyAlgorithm | IDCrypto.GenerateKeyOptions;
-  public extractable: boolean;
-  public material: Uint8Array;
-  public type: IDCrypto.KeyType;
-  public usages: IDCrypto.KeyUsage[];
-
-  constructor (algorithm: IDCrypto.KeyAlgorithm | IDCrypto.GenerateKeyOptions, extractable: boolean, material: Uint8Array, type: IDCrypto.KeyType, usages: IDCrypto.KeyUsage[]) {
-    this.algorithm = algorithm;
-    this.extractable = extractable;
-    this.material = material;
-    this.type = type;
-    this.usages = usages;
-
-    // ensure values are not writeable
-    Object.defineProperties(this, {
-      // TODO
-      // These properties can't be fixed immediately on creation of the
-      // object because the implementation may build it up in stages.
-      // At some point in the operations before returning a key we should
-      // freeze the object to prevent further manipulation.
-
-      type: {
-        enumerable : true,
-        writable   : false,
-        value      : type
-      },
-      extractable: {
-        enumerable : true,
-        writable   : true,
-        value      : extractable
-      },
-      algorithm: {
-        enumerable : true,
-        writable   : false,
-        value      : algorithm
-      },
-      usages: {
-        enumerable : true,
-        writable   : true,
-        value      : usages
-      },
-
-      // this is the "key material" used internally
-      // it is not enumerable, but we need it to be
-      // accessible by algorithm implementations
-      material: {
-        enumerable : false,
-        writable   : false,
-        value      : material
-      }
-    });
-  }
-}

package/src/crypto/algorithms-api/ec/base.ts

@@ -1,39 +0,0 @@
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { InvalidAccessError } from '../errors.js';
-import { CryptoAlgorithm } from '../crypto-algorithm.js';
-import { checkValidProperty, checkRequiredProperty } from '../../utils.js';
-
-export abstract class BaseEllipticCurveAlgorithm extends CryptoAlgorithm {
-
-  public abstract namedCurves: string[];
-
-  public checkGenerateKey(options: {
-    algorithm: IDCrypto.EcGenerateKeyOptions,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): void {
-    const { algorithm, keyUsages } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a namedCurve property.
-    checkRequiredProperty({ property: 'namedCurve', inObject: algorithm });
-    // The named curve specified must be supported by the algorithm implementation processing the operation.
-    checkValidProperty({ property: algorithm.namedCurve, allowedProperties: this.namedCurves });
-    // The key usages specified must be permitted by the algorithm implementation processing the operation.
-    this.checkKeyUsages({ keyUsages, allowedKeyUsages: this.keyUsages });
-  }
-
-  public override async decrypt(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'decrypt' is not valid for ${this.name} keys.`);
-  }
-
-  public override async encrypt(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'encrypt' is not valid for ${this.name} keys.`);
-  }
-
-  public abstract generateKey(options: {
-    algorithm: IDCrypto.EcGenerateKeyOptions,
-    extractable: boolean,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): Promise<IDCrypto.CryptoKeyPair>;
-}

package/src/crypto/algorithms-api/ec/ecdh.ts

@@ -1,53 +0,0 @@
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { InvalidAccessError } from '../errors.js';
-import { BaseEllipticCurveAlgorithm } from './base.js';
-import { checkRequiredProperty } from '../../utils.js';
-
-export abstract class BaseEcdhAlgorithm extends BaseEllipticCurveAlgorithm {
-
-  public readonly name: string = 'ECDH';
-
-  public keyUsages: IDCrypto.KeyPairUsage = {
-    privateKey : ['deriveBits', 'deriveKey'],
-    publicKey  : ['deriveBits', 'deriveKey'],
-  };
-
-  public checkAlgorithmOptions(options: {
-    algorithm: IDCrypto.EcdhDeriveKeyOptions,
-    baseKey: IDCrypto.CryptoKey
-  }): void {
-    const { algorithm, baseKey } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a publicKey property.
-    checkRequiredProperty({ property: 'publicKey', inObject: algorithm });
-    // The publicKey object must be a CryptoKey.
-    this.checkCryptoKey({ key: algorithm.publicKey });
-    // The CryptoKey object must be a public key.
-    this.checkKeyType({ keyType: algorithm.publicKey.type, allowedKeyType: 'public' });
-    // The publicKey algorithm must match the algorithm implementation processing the operation.
-    this.checkKeyAlgorithm({ keyAlgorithmName: algorithm.publicKey.algorithm.name });
-    // The options object must contain a baseKey property.
-    checkRequiredProperty({ property: 'baseKey', inObject: options });
-    // The baseKey object must be a CryptoKey.
-    this.checkCryptoKey({ key: baseKey });
-    // The baseKey algorithm must match the algorithm implementation processing the operation.
-    this.checkKeyAlgorithm({ keyAlgorithmName: baseKey.algorithm.name });
-    // The CryptoKey object must be a private key.
-    this.checkKeyType({ keyType: baseKey.type, allowedKeyType: 'private' });
-    // The public and base key named curves must match.
-    if (('namedCurve' in algorithm.publicKey.algorithm) && ('namedCurve' in baseKey.algorithm)
-      && (algorithm.publicKey.algorithm.namedCurve !== baseKey.algorithm.namedCurve)) {
-      throw new InvalidAccessError('The named curve of the publicKey and baseKey must match.');
-    }
-  }
-
-  public override async sign(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'sign' is not valid for ${this.name} keys.`);
-  }
-
-  public override async verify(): Promise<boolean> {
-    throw new InvalidAccessError(`Requested operation 'verify' is not valid for ${this.name} keys.`);
-  }
-}

package/src/crypto/algorithms-api/ec/ecdsa.ts

@@ -1,37 +0,0 @@
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { InvalidAccessError } from '../errors.js';
-import { BaseEllipticCurveAlgorithm } from './base.js';
-import { checkValidProperty, checkRequiredProperty } from '../../utils.js';
-
-export abstract class BaseEcdsaAlgorithm extends BaseEllipticCurveAlgorithm {
-
-  public readonly name: string = 'ECDSA';
-
-  public readonly abstract hashAlgorithms: string[];
-
-  public readonly keyUsages: IDCrypto.KeyPairUsage = {
-    privateKey : ['sign'],
-    publicKey  : ['verify'],
-  };
-
-  public checkAlgorithmOptions(options: {
-    algorithm: IDCrypto.EcdsaOptions
-  }): void {
-    const { algorithm } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a hash property.
-    checkRequiredProperty({ property: 'hash', inObject: algorithm });
-    // The hash algorithm specified must be supported by the algorithm implementation processing the operation.
-    checkValidProperty({ property: algorithm.hash, allowedProperties: this.hashAlgorithms });
-  }
-
-  public override async deriveBits(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'deriveBits' is not valid for ${this.name} keys.`);
-  }
-
-  public abstract sign(options: { algorithm: IDCrypto.EcdsaOptions; key: IDCrypto.CryptoKey; data: Uint8Array; }): Promise<Uint8Array>;
-
-  public abstract verify(options: { algorithm: IDCrypto.EcdsaOptions; key: IDCrypto.CryptoKey; signature: Uint8Array; data: Uint8Array; }): Promise<boolean>;
-}

package/src/crypto/algorithms-api/ec/eddsa.ts

@@ -1,30 +0,0 @@
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { InvalidAccessError } from '../errors.js';
-import { BaseEllipticCurveAlgorithm } from './base.js';
-
-export abstract class BaseEdDsaAlgorithm extends BaseEllipticCurveAlgorithm {
-
-  public readonly name: string = 'EdDSA';
-
-  public readonly keyUsages: IDCrypto.KeyPairUsage = {
-    privateKey : ['sign'],
-    publicKey  : ['verify'],
-  };
-
-  public checkAlgorithmOptions(options: {
-    algorithm: IDCrypto.EdDsaOptions
-  }): void {
-    const { algorithm } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-  }
-
-  public override async deriveBits(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'deriveBits' is not valid for ${this.name} keys.`);
-  }
-
-  public abstract sign(options: { algorithm: IDCrypto.EdDsaOptions; key: IDCrypto.CryptoKey; data: Uint8Array; }): Promise<Uint8Array>;
-
-  public abstract verify(options: { algorithm: IDCrypto.EdDsaOptions; key: IDCrypto.CryptoKey; signature: Uint8Array; data: Uint8Array; }): Promise<boolean>;
-}

package/src/crypto/algorithms-api/ec/index.ts

@@ -1,4 +0,0 @@
-export * from './base.js';
-export * from './ecdh.js';
-export * from './ecdsa.js';
-export * from './eddsa.js';

package/src/crypto/algorithms-api/errors.ts

@@ -1,29 +0,0 @@
-/**
- * The methods of KeyManager and KeyManagementSystem interfaces return
- * errors by rejecting the returned promise with a predefined exception
- * defined in ECMAScript [ECMA-262] or DOMException.
- *
- * The following predefined exceptions are used: TypeError.
- *
- * The following DOMException types from [DOM4] are used:
- *   DataError: Data provided to an operation does not meet requirements
- *   InvalidAccessError: The requested operation is not valid for the provided key
- *   NotSupportedError: The algorithm is not supported
- *   OperationError: The operation failed for an operation-specific reason
- *   SyntaxError: A required parameter was missing or out-of-range
- *
- * Reference: https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-Exceptions
- *            Section 14.4. Exceptions
- */
-
-export class CryptoError extends Error {}
-
-export class DataError extends CryptoError {}
-
-export class InvalidAccessError extends CryptoError {}
-
-export class NotSupportedError extends CryptoError {}
-
-export class OperationError extends CryptoError {}
-
-export class SyntaxError extends CryptoError {}

package/src/crypto/algorithms-api/index.ts

@@ -1,6 +0,0 @@
-export * from './errors.js';
-export * from './ec/index.js';
-export * from './aes/index.js';
-export * from './crypto-key.js';
-export * from './pbkdf/index.js';
-export * from './crypto-algorithm.js';

package/src/crypto/algorithms-api/pbkdf/index.ts

@@ -1 +0,0 @@
-export * from './pbkdf2.js';

package/src/crypto/algorithms-api/pbkdf/pbkdf2.ts

@@ -1,91 +0,0 @@
-import type { IDCrypto } from '../../types/iddwn-crypto.js';
-
-import { InvalidAccessError, OperationError } from '../errors.js';
-import { CryptoAlgorithm } from '../crypto-algorithm.js';
-import { checkRequiredProperty, checkValidProperty } from '../../utils.js';
-import { universalTypeOf } from '../../../common/index.js';
-
-export abstract class BasePbkdf2Algorithm extends CryptoAlgorithm {
-
-  public readonly name: string = 'PBKDF2';
-
-  public readonly abstract hashAlgorithms: string[];
-
-  public readonly keyUsages: IDCrypto.KeyUsage[] = ['deriveBits', 'deriveKey'];
-
-  public checkAlgorithmOptions(options: {
-    algorithm: IDCrypto.Pbkdf2Options,
-    baseKey: IDCrypto.CryptoKey
-  }): void {
-    const { algorithm, baseKey } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The algorithm object must contain a hash property.
-    checkRequiredProperty({ property: 'hash', inObject: algorithm });
-    // The hash algorithm specified must be supported by the algorithm implementation processing the operation.
-    checkValidProperty({ property: algorithm.hash, allowedProperties: this.hashAlgorithms });
-    // The algorithm object must contain a iterations property.
-    checkRequiredProperty({ property: 'iterations', inObject: algorithm });
-    // The iterations value must a number.
-    if (!(universalTypeOf(algorithm.iterations) === 'Number')) {
-      throw new TypeError(`Algorithm 'iterations' is not of type: Number.`);
-    }
-    // The iterations value must be greater than 0.
-    if (algorithm.iterations < 1) {
-      throw new OperationError(`Algorithm 'iterations' must be > 0.`);
-    }
-    // The algorithm object must contain a salt property.
-    checkRequiredProperty({ property: 'salt', inObject: algorithm });
-    // The salt must a Uint8Array.
-    if (!(universalTypeOf(algorithm.salt) === 'Uint8Array')) {
-      throw new TypeError(`Algorithm 'salt' is not of type: Uint8Array.`);
-    }
-    // The options object must contain a baseKey property.
-    checkRequiredProperty({ property: 'baseKey', inObject: options });
-    // The baseKey object must be a CryptoKey.
-    this.checkCryptoKey({ key: baseKey });
-    // The baseKey algorithm must match the algorithm implementation processing the operation.
-    this.checkKeyAlgorithm({ keyAlgorithmName: baseKey.algorithm.name });
-  }
-
-  public checkImportKey(options: {
-    algorithm: IDCrypto.Algorithm,
-    format: IDCrypto.KeyFormat,
-    extractable: boolean,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): void {
-    const { algorithm, format, extractable, keyUsages } = options;
-    // Algorithm specified in the operation must match the algorithm implementation processing the operation.
-    this.checkAlgorithmName({ algorithmName: algorithm.name });
-    // The format specified must be 'raw'.
-    if (format !== 'raw') {
-      throw new SyntaxError(`Format '${format}' not supported. Only 'raw' is supported.`);
-    }
-    // The extractable value specified must be false.
-    if (extractable !== false) {
-      throw new SyntaxError(`Extractable '${extractable}' not supported. Only 'false' is supported.`);
-    }
-    // The key usages specified must be permitted by the algorithm implementation processing the operation.
-    this.checkKeyUsages({ keyUsages, allowedKeyUsages: this.keyUsages });
-  }
-
-  public override async decrypt(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'decrypt' is not valid for ${this.name} keys.`);
-  }
-
-  public override async encrypt(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'encrypt' is not valid for ${this.name} keys.`);
-  }
-
-  public override async generateKey(): Promise<IDCrypto.CryptoKey> {
-    throw new InvalidAccessError(`Requested operation 'generateKey' is not valid for ${this.name} keys.`);
-  }
-
-  public override async sign(): Promise<Uint8Array> {
-    throw new InvalidAccessError(`Requested operation 'sign' is not valid for ${this.name} keys.`);
-  }
-
-  public override async verify(): Promise<boolean> {
-    throw new InvalidAccessError(`Requested operation 'verify' is not valid for ${this.name} keys.`);
-  }
-}

package/src/crypto/crypto-algorithms/aes-ctr.ts

@@ -1,70 +0,0 @@
-import { universalTypeOf } from '../../common/index.js';
-
-import type { IDCrypto } from '../types/iddwn-crypto.js';
-
-import { AesCtr } from '../crypto-primitives/index.js';
-import { BaseAesCtrAlgorithm, CryptoKey } from '../algorithms-api/index.js';
-
-export class AesCtrAlgorithm extends BaseAesCtrAlgorithm {
-  public async decrypt(options: {
-    algorithm: IDCrypto.AesCtrOptions,
-    key: IDCrypto.CryptoKey,
-    data: Uint8Array
-  }): Promise<Uint8Array> {
-    const { algorithm, key, data } = options;
-
-    this.checkAlgorithmOptions({ algorithm, key });
-    // The secret key must be allowed to be used for 'decrypt' operations.
-    this.checkKeyUsages({ keyUsages: ['decrypt'], allowedKeyUsages: key.usages });
-
-    const plaintext = AesCtr.decrypt({
-      counter : algorithm.counter,
-      data    : data,
-      key     : key.material,
-      length  : algorithm.length
-    });
-
-    return plaintext;
-  }
-
-  public async encrypt(options: {
-    algorithm: IDCrypto.AesCtrOptions,
-    key: IDCrypto.CryptoKey,
-    data: Uint8Array
-  }): Promise<Uint8Array> {
-    const { algorithm, key, data } = options;
-
-    this.checkAlgorithmOptions({ algorithm, key });
-    // The secret key must be allowed to be used for 'encrypt' operations.
-    this.checkKeyUsages({ keyUsages: ['encrypt'], allowedKeyUsages: key.usages });
-
-    const ciphertext = AesCtr.encrypt({
-      counter : algorithm.counter,
-      data    : data,
-      key     : key.material,
-      length  : algorithm.length
-    });
-
-    return ciphertext;
-  }
-
-  public async generateKey(options: {
-    algorithm: IDCrypto.AesGenerateKeyOptions,
-    extractable: boolean,
-    keyUsages: IDCrypto.KeyUsage[]
-  }): Promise<IDCrypto.CryptoKey> {
-    const { algorithm, extractable, keyUsages } = options;
-
-    this.checkGenerateKey({ algorithm, keyUsages });
-
-    const secretKey = await AesCtr.generateKey({ length: algorithm.length });
-
-    if (universalTypeOf(secretKey) !== 'Uint8Array') {
-      throw new Error('Operation failed to generate key.');
-    }
-
-    const secretCryptoKey = new CryptoKey(algorithm, extractable, secretKey, 'secret', this.keyUsages);
-
-    return secretCryptoKey;
-  }
-}

package/src/crypto/crypto-algorithms/bbs.ts

@@ -1,110 +0,0 @@
-import type { IDCrypto } from '../types/iddwn-crypto.js';
-import type { BbsKeyPair } from '../crypto-primitives/bbs.js';
-
-import { Bbs } from '../crypto-primitives/bbs.js';
-import { CryptoKey } from '../algorithms-api/index.js';
-
-export interface BbsGenerateKeyOptions extends IDCrypto.Algorithm {
-  name: 'BBS';
-}
-
-export interface BbsSignOptions extends IDCrypto.Algorithm {
-  name: 'BBS';
-}
-
-/**
- * High-level BBS+ signature algorithm implementing multi-message signing,
- * verification, and zero-knowledge selective disclosure proof operations.
- *
- * Unlike EdDSA/ECDSA which sign a single data buffer, BBS+ signs an array
- * of messages and supports deriving proofs that reveal only a subset.
- */
-export class BbsAlgorithm {
-  public readonly name = 'BBS';
-
-  public readonly keyUsages: IDCrypto.KeyPairUsage = {
-    privateKey: ['sign'],
-    publicKey: ['verify'],
-  };
-
-  /**
-   * Generates a BLS12-381 G2 key pair for BBS+ operations.
-   */
-  public async generateKey(): Promise<IDCrypto.CryptoKeyPair> {
-    const keyPair = await Bbs.generateKeyPair();
-
-    const algorithm: BbsGenerateKeyOptions = { name: 'BBS' };
-
-    const cryptoKeyPair: IDCrypto.CryptoKeyPair = {
-      privateKey: new CryptoKey(algorithm, true, keyPair.secretKey, 'private', ['sign']),
-      publicKey: new CryptoKey(algorithm, true, keyPair.publicKey, 'public', ['verify']),
-    };
-
-    return cryptoKeyPair;
-  }
-
-  /**
-   * Signs multiple messages with BBS+ producing a single signature.
-   *
-   * @param options.keyPair - Raw BBS key pair (publicKey + secretKey as Uint8Array).
-   * @param options.messages - Array of messages to sign.
-   * @returns The BBS+ signature.
-   */
-  public async sign(options: {
-    keyPair: BbsKeyPair;
-    messages: Uint8Array[];
-  }): Promise<Uint8Array> {
-    return Bbs.sign(options);
-  }
-
-  /**
-   * Verifies a BBS+ signature against the full message set.
-   *
-   * @param options.publicKey - The issuer's BLS12-381 G2 public key.
-   * @param options.signature - The BBS+ signature to verify.
-   * @param options.messages - The complete set of signed messages.
-   */
-  public async verify(options: {
-    publicKey: Uint8Array;
-    signature: Uint8Array;
-    messages: Uint8Array[];
-  }): Promise<boolean> {
-    return Bbs.verify(options);
-  }
-
-  /**
-   * Derives a zero-knowledge proof revealing only selected messages.
-   *
-   * @param options.publicKey - Issuer's public key.
-   * @param options.signature - Original BBS+ signature.
-   * @param options.messages - Complete message set.
-   * @param options.revealed - Indices of messages to disclose.
-   * @param options.nonce - Session-binding nonce.
-   */
-  public async createProof(options: {
-    publicKey: Uint8Array;
-    signature: Uint8Array;
-    messages: Uint8Array[];
-    revealed: number[];
-    nonce: Uint8Array;
-  }): Promise<Uint8Array> {
-    return Bbs.createProof(options);
-  }
-
-  /**
-   * Verifies a BBS+ selective disclosure proof.
-   *
-   * @param options.publicKey - Issuer's public key.
-   * @param options.proof - The derived proof.
-   * @param options.messages - Only the disclosed messages.
-   * @param options.nonce - The nonce used during proof creation.
-   */
-  public async verifyProof(options: {
-    publicKey: Uint8Array;
-    proof: Uint8Array;
-    messages: Uint8Array[];
-    nonce: Uint8Array;
-  }): Promise<boolean> {
-    return Bbs.verifyProof(options);
-  }
-}