@microsoft/ccf-app 3.0.0-rc0 → 3.0.0-rc1

package/consensus.d.ts

@@ -1,13 +1,13 @@
 /**
- * @inheritDoc CCFConsensus.getLastCommittedTxId;
+ * @inheritDoc global!CCFConsensus.getLastCommittedTxId
  */
 export declare const getLastCommittedTxId: () => import("./global.js").TransactionId;
 /**
- * @inheritDoc CCFConsensus.getStatusForTxId;
+ * @inheritDoc global!CCFConsensus.getStatusForTxId
  */
 export declare const getStatusForTxId: (view: number, seqno: number) => import("./global.js").TransactionStatus;
 /**
- * @inheritDoc CCFConsensus.getViewForSeqno;
+ * @inheritDoc global!CCFConsensus.getViewForSeqno
  */
 export declare const getViewForSeqno: (seqno: number) => number | null;
 export { TransactionStatus } from "./global";

package/consensus.js

@@ -8,14 +8,14 @@
  */
 import { ccf } from "./global.js";
 /**
- * @inheritDoc CCFConsensus.getLastCommittedTxId;
+ * @inheritDoc global!CCFConsensus.getLastCommittedTxId
  */
 export const getLastCommittedTxId = ccf.consensus.getLastCommittedTxId.bind(ccf.consensus);
 /**
- * @inheritDoc CCFConsensus.getStatusForTxId;
+ * @inheritDoc global!CCFConsensus.getStatusForTxId
  */
 export const getStatusForTxId = ccf.consensus.getStatusForTxId.bind(ccf.consensus);
 /**
- * @inheritDoc CCFConsensus.getViewForSeqno;
+ * @inheritDoc global!CCFConsensus.getViewForSeqno
  */
 export const getViewForSeqno = ccf.consensus.getViewForSeqno.bind(ccf.consensus);

package/crypto.d.ts

@@ -1,53 +1,57 @@
 /**
- * @inheritDoc CCF.generateAesKey
+ * @inheritDoc global!CCF.generateAesKey
  */
 export declare const generateAesKey: (size: number) => ArrayBuffer;
 /**
- * @inheritDoc CCF.generateRsaKeyPair
+ * @inheritDoc global!CCF.generateRsaKeyPair
  */
 export declare const generateRsaKeyPair: (size: number, exponent?: number | undefined) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCF.generateEcdsaKeyPair
  */
 export declare const generateEcdsaKeyPair: (curve: string) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc CCFCrypto.generateEcdsaKeyPair
+ * @inheritDoc global!CCF.generateEcdsaKeyPair
  */
 export declare const generateEddsaKeyPair: (curve: string) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc CCF.wrapKey
+ * @inheritDoc global!CCF.wrapKey
  */
 export declare const wrapKey: (key: ArrayBuffer, wrappingKey: ArrayBuffer, wrapAlgo: import("./global.js").WrapAlgoParams) => ArrayBuffer;
 /**
- * @inheritDoc CCFCrypto.verifySignature
+ * @inheritDoc global!CCFCrypto.verifySignature
  */
-export declare const verifySignature: (algorithm: import("./global.js").SigningAlgorithm, key: string, signature: ArrayBuffer, data: ArrayBuffer) => boolean;
+export declare const sign: (algorithm: import("./global.js").SigningAlgorithm, key: string, plaintext: ArrayBuffer) => ArrayBuffer;
 /**
- * @inheritDoc CCF.digest
+ * @inheritDoc global!CCFCrypto.verifySignature
  */
-export declare const digest: (algorithm: "SHA-256", data: ArrayBuffer) => ArrayBuffer;
+export declare const verifySignature: (algorithm: import("./global.js").SigningAlgorithm, key: string, signature: ArrayBuffer, plaintext: ArrayBuffer) => boolean;
 /**
- * @inheritDoc CCF.isValidX509CertBundle
+ * @inheritDoc global!CCFCrypto.digest
+ */
+export declare const digest: (algorithm: "SHA-256", plaintext: ArrayBuffer) => ArrayBuffer;
+/**
+ * @inheritDoc global!CCFCrypto.isValidX509CertBundle
  */
 export declare const isValidX509CertBundle: (pem: string) => boolean;
 /**
- * @inheritDoc CCF.isValidX509CertChain
+ * @inheritDoc global!CCFCrypto.isValidX509CertChain
  */
 export declare const isValidX509CertChain: (chain: string, trusted: string) => boolean;
 /**
- * @inheritDoc CCF.pubPemToJwk
+ * @inheritDoc global!CCFCrypto.pubPemToJwk
  */
 export declare const pubPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyECPublic;
 /**
- * @inheritDoc CCF.pemToJwk
+ * @inheritDoc global!CCFCrypto.pemToJwk
  */
 export declare const pemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyECPrivate;
 /**
- * @inheritDoc CCF.pubRsaPemToJwk
+ * @inheritDoc global!CCFCrypto.pubRsaPemToJwk
  */
 export declare const pubRsaPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyRSAPublic;
 /**
- * @inheritDoc CCF.rsaPemToJwk
+ * @inheritDoc global!CCFCrypto.rsaPemToJwk
  */
 export declare const rsaPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyRSAPrivate;
-export { WrapAlgoParams, AesKwpParams, RsaOaepParams, RsaOaepAesKwpParams, CryptoKeyPair, DigestAlgorithm, SigningAlgorithm, RsaPkcsParams, EcdsaParams, } from "./global";
+export { WrapAlgoParams, AesKwpParams, RsaOaepParams, RsaOaepAesKwpParams, CryptoKeyPair, DigestAlgorithm, SigningAlgorithm, } from "./global";

package/crypto.js

@@ -15,54 +15,58 @@
  */
 import { ccf } from "./global.js";
 /**
- * @inheritDoc CCF.generateAesKey
+ * @inheritDoc global!CCF.generateAesKey
  */
 export const generateAesKey = ccf.crypto.generateAesKey;
 /**
- * @inheritDoc CCF.generateRsaKeyPair
+ * @inheritDoc global!CCF.generateRsaKeyPair
  */
 export const generateRsaKeyPair = ccf.crypto.generateRsaKeyPair;
 /**
- * @inheritDoc CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCF.generateEcdsaKeyPair
  */
 export const generateEcdsaKeyPair = ccf.crypto.generateEcdsaKeyPair;
 /**
- * @inheritDoc CCFCrypto.generateEcdsaKeyPair
+ * @inheritDoc global!CCF.generateEcdsaKeyPair
  */
 export const generateEddsaKeyPair = ccf.crypto.generateEddsaKeyPair;
 /**
- * @inheritDoc CCF.wrapKey
+ * @inheritDoc global!CCF.wrapKey
  */
 export const wrapKey = ccf.crypto.wrapKey;
 /**
- * @inheritDoc CCFCrypto.verifySignature
+ * @inheritDoc global!CCFCrypto.verifySignature
+ */
+export const sign = ccf.crypto.sign;
+/**
+ * @inheritDoc global!CCFCrypto.verifySignature
  */
 export const verifySignature = ccf.crypto.verifySignature;
 /**
- * @inheritDoc CCF.digest
+ * @inheritDoc global!CCFCrypto.digest
  */
 export const digest = ccf.crypto.digest;
 /**
- * @inheritDoc CCF.isValidX509CertBundle
+ * @inheritDoc global!CCFCrypto.isValidX509CertBundle
  */
 export const isValidX509CertBundle = ccf.crypto.isValidX509CertBundle;
 /**
- * @inheritDoc CCF.isValidX509CertChain
+ * @inheritDoc global!CCFCrypto.isValidX509CertChain
  */
 export const isValidX509CertChain = ccf.crypto.isValidX509CertChain;
 /**
- * @inheritDoc CCF.pubPemToJwk
+ * @inheritDoc global!CCFCrypto.pubPemToJwk
  */
 export const pubPemToJwk = ccf.crypto.pubPemToJwk;
 /**
- * @inheritDoc CCF.pemToJwk
+ * @inheritDoc global!CCFCrypto.pemToJwk
  */
 export const pemToJwk = ccf.crypto.pemToJwk;
 /**
- * @inheritDoc CCF.pubRsaPemToJwk
+ * @inheritDoc global!CCFCrypto.pubRsaPemToJwk
  */
 export const pubRsaPemToJwk = ccf.crypto.pubRsaPemToJwk;
 /**
- * @inheritDoc CCF.rsaPemToJwk
+ * @inheritDoc global!CCFCrypto.rsaPemToJwk
  */
 export const rsaPemToJwk = ccf.crypto.rsaPemToJwk;

package/endpoints.d.ts

@@ -221,11 +221,11 @@ export interface Response<T extends ResponseBodyType<T> = any> {
  */
 export declare type EndpointFn<A extends JsonCompatible<A> = any, B extends ResponseBodyType<B> = any> = (request: Request<A>) => Response<B>;
 /**
- * @inheritDoc CCF.rpc.setApplyWrites
+ * @inheritDoc global!CCFRpc.setApplyWrites
  */
 export declare const setApplyWrites: (force: boolean) => void;
 /**
- * @inheritDoc CCF.rpc.setClaimsDigest
+ * @inheritDoc global!CCFRpc.setClaimsDigest
  */
 export declare const setClaimsDigest: (digest: ArrayBuffer) => void;
 export {};

package/endpoints.js

@@ -8,10 +8,10 @@
  */
 import { ccf } from "./global.js";
 /**
- * @inheritDoc CCF.rpc.setApplyWrites
+ * @inheritDoc global!CCFRpc.setApplyWrites
  */
 export const setApplyWrites = ccf.rpc.setApplyWrites.bind(ccf.rpc);
 /**
- * @inheritDoc CCF.rpc.setClaimsDigest
+ * @inheritDoc global!CCFRpc.setClaimsDigest
  */
 export const setClaimsDigest = ccf.rpc.setClaimsDigest.bind(ccf.rpc);

package/global.d.ts

@@ -172,27 +172,15 @@ export interface CryptoKeyPair {
      */
     publicKey: string;
 }
-/**
- * RSASSA-PKCS1-v1_5 signature algorithm parameters.
- */
-export interface RsaPkcsParams {
-    name: "RSASSA-PKCS1-v1_5";
-    hash: DigestAlgorithm;
-}
-/**
- * ECDSA signature algorithm parameters.
- *
- * Note: ECDSA signatures are assumed to be encoded according
- * to the Web Crypto API specification, which is the same
- * format used in JSON Web Tokens and more generally known
- * as IEEE P1363 encoding.
- */
-export interface EcdsaParams {
-    name: "ECDSA";
-    hash: DigestAlgorithm;
-}
-export declare type SigningAlgorithm = RsaPkcsParams | EcdsaParams;
+export declare type AlgorithmName = "RSASSA-PKCS1-v1_5" | "ECDSA" | "EdDSA";
 export declare type DigestAlgorithm = "SHA-256";
+export interface SigningAlgorithm {
+    name: AlgorithmName;
+    /**
+     * Digest algorithm. It's necessary for "RSASSA-PKCS1-v1_5" and "ECDSA"
+     */
+    hash?: DigestAlgorithm;
+}
 /**
  * Interfaces for JSON Web Key objects, as per [RFC7517](https://www.rfc-editor.org/rfc/rfc751).
  */
@@ -251,17 +239,27 @@ export interface JsonWebKeyRSAPrivate extends JsonWebKeyRSAPublic {
     qi: string;
 }
 export interface CCFCrypto {
+    /**
+     * Generate a signature.
+     *
+     * @param algorithm Signing algorithm and parameters
+     * @param key A PEM-encoded private key
+     * @param plaintext Input data that will be signed
+     * @throws Will throw an error if the key is not compatible with the
+     *  signing algorithm or if an unknown algorithm is used.
+     */
+    sign(algorithm: SigningAlgorithm, key: string, plaintext: ArrayBuffer): ArrayBuffer;
     /**
      * Returns whether digital signature is valid.
      *
      * @param algorithm Signing algorithm and parameters
      * @param key A PEM-encoded public key or X.509 certificate
      * @param signature Signature to verify
-     * @param data Data that was signed
+     * @param plaintext Input data that was signed
      * @throws Will throw an error if the key is not compatible with the
      *  signing algorithm or if an unknown algorithm is used.
      */
-    verifySignature(algorithm: SigningAlgorithm, key: string, signature: ArrayBuffer, data: ArrayBuffer): boolean;
+    verifySignature(algorithm: SigningAlgorithm, key: string, signature: ArrayBuffer, plaintext: ArrayBuffer): boolean;
     /**
      * Generate an AES key.
      *
@@ -297,7 +295,7 @@ export interface CCFCrypto {
     /**
      * Generate a digest (hash) of the given data.
      */
-    digest(algorithm: DigestAlgorithm, data: ArrayBuffer): ArrayBuffer;
+    digest(algorithm: DigestAlgorithm, plaintext: ArrayBuffer): ArrayBuffer;
     /**
      * Returns whether a string is a PEM-encoded bundle of X.509 certificates.
      *

package/historical.d.ts

@@ -3,11 +3,11 @@
  */
 export declare const historicalState: import("./global.js").HistoricalState | undefined;
 /**
- * @inheritDoc CCFHistorical.getStateRange
+ * @inheritDoc global!CCFHistorical.getStateRange
  */
 export declare const getStateRange: (handle: number, startSeqno: number, endSeqno: number, secondsUntilExpiry: number) => import("./global.js").HistoricalState[] | null;
 /**
- * @inheritDoc CCFHistorical.dropCachedStates
+ * @inheritDoc global!CCFHistorical.dropCachedStates
  */
 export declare const dropCachedStates: (handle: number) => boolean;
 export { HistoricalState, Receipt, Proof, ProofElement } from "./global";

package/historical.js

@@ -33,10 +33,10 @@ import { ccf } from "./global.js";
  */
 export const historicalState = ccf.historicalState;
 /**
- * @inheritDoc CCFHistorical.getStateRange
+ * @inheritDoc global!CCFHistorical.getStateRange
  */
 export const getStateRange = ccf.historical.getStateRange.bind(ccf.historical);
 /**
- * @inheritDoc CCFHistorical.dropCachedStates
+ * @inheritDoc global!CCFHistorical.dropCachedStates
  */
 export const dropCachedStates = ccf.historical.dropCachedStates.bind(ccf.historical);

package/openenclave.d.ts

@@ -1,5 +1,5 @@
 /**
- * @inheritDoc OpenEnclave.verifyOpenEnclaveEvidence
+ * @inheritDoc global!OpenEnclave.verifyOpenEnclaveEvidence
  */
 export declare const verifyOpenEnclaveEvidence: (format: string | undefined, evidence: ArrayBuffer, endorsements?: ArrayBuffer | undefined) => import("./global").EvidenceClaims;
 export { EvidenceClaims } from "./global";

package/openenclave.js

@@ -7,6 +7,6 @@
  */
 import { openenclave } from "./global";
 /**
- * @inheritDoc OpenEnclave.verifyOpenEnclaveEvidence
+ * @inheritDoc global!OpenEnclave.verifyOpenEnclaveEvidence
  */
 export const verifyOpenEnclaveEvidence = openenclave.verifyOpenEnclaveEvidence;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/ccf-app",
-  "version": "3.0.0-rc0",
+  "version": "3.0.0-rc1",
   "description": "CCF app support package",
   "main": "index.js",
   "files": [

package/polyfill.js

@@ -92,6 +92,42 @@ class CCFPolyfill {
             },
         };
         this.crypto = {
+            sign(algorithm, key, data) {
+                let padding = undefined;
+                const privKey = jscrypto.createPrivateKey(key);
+                if (privKey.asymmetricKeyType == "rsa") {
+                    if (algorithm.name === "RSASSA-PKCS1-v1_5") {
+                        padding = jscrypto.constants.RSA_PKCS1_PADDING;
+                    }
+                    else {
+                        throw new Error("incompatible signing algorithm for given key type");
+                    }
+                }
+                else if (privKey.asymmetricKeyType == "ec") {
+                    if (algorithm.name !== "ECDSA") {
+                        throw new Error("incompatible signing algorithm for given key type");
+                    }
+                }
+                else if (privKey.asymmetricKeyType == "ed25519") {
+                    if (algorithm.name !== "EdDSA") {
+                        throw new Error("incompatible signing algorithm for given key type");
+                    }
+                }
+                else {
+                    throw new Error("unrecognized signing algorithm");
+                }
+                if (algorithm.name === "EdDSA") {
+                    return jscrypto.sign(null, new Uint8Array(data), privKey);
+                }
+                const hashAlg = algorithm.hash.replace("-", "").toLowerCase();
+                const signer = jscrypto.createSign(hashAlg);
+                signer.update(new Uint8Array(data));
+                return signer.sign({
+                    key: privKey,
+                    dsaEncoding: "ieee-p1363",
+                    padding: padding,
+                });
+            },
             verifySignature(algorithm, key, signature, data) {
                 let padding = undefined;
                 const pubKey = jscrypto.createPublicKey(key);
@@ -108,9 +144,17 @@ class CCFPolyfill {
                         throw new Error("incompatible signing algorithm for given key type");
                     }
                 }
+                else if (pubKey.asymmetricKeyType == "ed25519") {
+                    if (algorithm.name !== "EdDSA") {
+                        throw new Error("incompatible signing algorithm for given key type");
+                    }
+                }
                 else {
                     throw new Error("unrecognized signing algorithm");
                 }
+                if (algorithm.name === "EdDSA") {
+                    return jscrypto.verify(null, new Uint8Array(data), pubKey, new Uint8Array(signature));
+                }
                 const hashAlg = algorithm.hash.replace("-", "").toLowerCase();
                 const verifier = jscrypto.createVerify(hashAlg);
                 verifier.update(new Uint8Array(data));