@microsoft/ccf-app 3.0.0-rc1 → 4.0.0-dev0

package/converters.d.ts

@@ -1,9 +1,9 @@
-export declare type JsonCompatible<T> = any;
+export type JsonCompatible<T> = any;
 export interface DataConverter<T> {
     encode(val: T): ArrayBuffer;
     decode(arr: ArrayBuffer): T;
 }
-export declare type TypedArray = ArrayBufferView;
+export type TypedArray = ArrayBufferView;
 export interface TypedArrayConstructor<T extends TypedArray> {
     new (buffer: ArrayBuffer, byteOffset?: number, length?: number): T;
 }

package/crypto.d.ts

@@ -1,25 +1,25 @@
 /**
- * @inheritDoc global!CCF.generateAesKey
+ * @inheritDoc global!CCFCrypto.generateAesKey
  */
 export declare const generateAesKey: (size: number) => ArrayBuffer;
 /**
- * @inheritDoc global!CCF.generateRsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateRsaKeyPair
  */
 export declare const generateRsaKeyPair: (size: number, exponent?: number | undefined) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc global!CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateEcdsaKeyPair
  */
 export declare const generateEcdsaKeyPair: (curve: string) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc global!CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateEcdsaKeyPair
  */
 export declare const generateEddsaKeyPair: (curve: string) => import("./global.js").CryptoKeyPair;
 /**
- * @inheritDoc global!CCF.wrapKey
+ * @inheritDoc global!CCFCrypto.wrapKey
  */
 export declare const wrapKey: (key: ArrayBuffer, wrappingKey: ArrayBuffer, wrapAlgo: import("./global.js").WrapAlgoParams) => ArrayBuffer;
 /**
- * @inheritDoc global!CCFCrypto.verifySignature
+ * @inheritDoc global!CCFCrypto.sign
  */
 export declare const sign: (algorithm: import("./global.js").SigningAlgorithm, key: string, plaintext: ArrayBuffer) => ArrayBuffer;
 /**
@@ -54,4 +54,12 @@ export declare const pubRsaPemToJwk: (pem: string, kid?: string | undefined) =>
  * @inheritDoc global!CCFCrypto.rsaPemToJwk
  */
 export declare const rsaPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyRSAPrivate;
+/**
+ * @inheritDoc global!CCFCrypto.pubEddsaPemToJwk
+ */
+export declare const pubEddsaPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyEdDSAPrivate;
+/**
+ * @inheritDoc global!CCFCrypto.eddsaPemToJwk
+ */
+export declare const eddsaPemToJwk: (pem: string, kid?: string | undefined) => import("./global.js").JsonWebKeyEdDSAPrivate;
 export { WrapAlgoParams, AesKwpParams, RsaOaepParams, RsaOaepAesKwpParams, CryptoKeyPair, DigestAlgorithm, SigningAlgorithm, } from "./global";

package/crypto.js

@@ -15,27 +15,27 @@
  */
 import { ccf } from "./global.js";
 /**
- * @inheritDoc global!CCF.generateAesKey
+ * @inheritDoc global!CCFCrypto.generateAesKey
  */
 export const generateAesKey = ccf.crypto.generateAesKey;
 /**
- * @inheritDoc global!CCF.generateRsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateRsaKeyPair
  */
 export const generateRsaKeyPair = ccf.crypto.generateRsaKeyPair;
 /**
- * @inheritDoc global!CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateEcdsaKeyPair
  */
 export const generateEcdsaKeyPair = ccf.crypto.generateEcdsaKeyPair;
 /**
- * @inheritDoc global!CCF.generateEcdsaKeyPair
+ * @inheritDoc global!CCFCrypto.generateEcdsaKeyPair
  */
 export const generateEddsaKeyPair = ccf.crypto.generateEddsaKeyPair;
 /**
- * @inheritDoc global!CCF.wrapKey
+ * @inheritDoc global!CCFCrypto.wrapKey
  */
 export const wrapKey = ccf.crypto.wrapKey;
 /**
- * @inheritDoc global!CCFCrypto.verifySignature
+ * @inheritDoc global!CCFCrypto.sign
  */
 export const sign = ccf.crypto.sign;
 /**
@@ -70,3 +70,11 @@ export const pubRsaPemToJwk = ccf.crypto.pubRsaPemToJwk;
  * @inheritDoc global!CCFCrypto.rsaPemToJwk
  */
 export const rsaPemToJwk = ccf.crypto.rsaPemToJwk;
+/**
+ * @inheritDoc global!CCFCrypto.pubEddsaPemToJwk
+ */
+export const pubEddsaPemToJwk = ccf.crypto.pubEddsaPemToJwk;
+/**
+ * @inheritDoc global!CCFCrypto.eddsaPemToJwk
+ */
+export const eddsaPemToJwk = ccf.crypto.eddsaPemToJwk;

package/endpoints.d.ts

@@ -152,9 +152,9 @@ export interface JwtAuthnIdentity extends AuthnIdentityCommon {
  * Each identity corresponds to a matching {@linkcode AuthnIdentityCommon.policy | policy}.
  * Policies have to be declared for each endpoint in ``app.json``.
  */
-export declare type AuthnIdentity = EmptyAuthnIdentity | UserCertAuthnIdentity | MemberCertAuthnIdentity | UserSignatureAuthnIdentity | MemberSignatureAuthnIdentity | JwtAuthnIdentity;
+export type AuthnIdentity = EmptyAuthnIdentity | UserCertAuthnIdentity | MemberCertAuthnIdentity | UserSignatureAuthnIdentity | MemberSignatureAuthnIdentity | JwtAuthnIdentity;
 /** See {@linkcode Response.body}. */
-export declare type ResponseBodyType<T> = string | ArrayBuffer | JsonCompatible<T>;
+export type ResponseBodyType<T> = string | ArrayBuffer | JsonCompatible<T>;
 /**
  * The response object returned from an endpoint function.
  *
@@ -219,7 +219,7 @@ export interface Response<T extends ResponseBodyType<T> = any> {
  * { ... }
  * ```
  */
-export declare type EndpointFn<A extends JsonCompatible<A> = any, B extends ResponseBodyType<B> = any> = (request: Request<A>) => Response<B>;
+export type EndpointFn<A extends JsonCompatible<A> = any, B extends ResponseBodyType<B> = any> = (request: Request<A>) => Response<B>;
 /**
  * @inheritDoc global!CCFRpc.setApplyWrites
  */

package/global.d.ts

@@ -14,7 +14,7 @@
  * @module
  */
 export declare const ccf: CCF;
-export declare type JsonCompatible<T> = any;
+export type JsonCompatible<T> = any;
 /**
  * A map in the Key Value Store.
  *
@@ -35,7 +35,7 @@ export interface KvMap {
 /**
  * @inheritDoc CCF.kv
  */
-export declare type KvMaps = {
+export type KvMaps = {
     [key: string]: KvMap;
 };
 export interface ProofElement {
@@ -65,7 +65,7 @@ export interface LeafComponents {
 /**
  * @inheritDoc Receipt.proof
  */
-export declare type Proof = ProofElement[];
+export type Proof = ProofElement[];
 export interface Receipt {
     /**
      * Base64-encoded signature of the Merkle tree root hash.
@@ -115,7 +115,7 @@ export interface TransactionId {
     view: number;
     seqno: number;
 }
-export declare type TransactionStatus = "Committed" | "Invalid" | "Pending" | "Unknown";
+export type TransactionStatus = "Committed" | "Invalid" | "Pending" | "Unknown";
 /**
  * [RSA-OAEP](https://datatracker.ietf.org/doc/html/rfc8017)
  * key wrapping with SHA-256 as digest function.
@@ -161,7 +161,7 @@ export interface RsaOaepAesKwpParams {
      */
     label?: ArrayBuffer;
 }
-export declare type WrapAlgoParams = RsaOaepParams | AesKwpParams | RsaOaepAesKwpParams;
+export type WrapAlgoParams = RsaOaepParams | AesKwpParams | RsaOaepAesKwpParams;
 export interface CryptoKeyPair {
     /**
      * Private key in PEM encoding.
@@ -172,8 +172,8 @@ export interface CryptoKeyPair {
      */
     publicKey: string;
 }
-export declare type AlgorithmName = "RSASSA-PKCS1-v1_5" | "ECDSA" | "EdDSA";
-export declare type DigestAlgorithm = "SHA-256";
+export type AlgorithmName = "RSASSA-PKCS1-v1_5" | "ECDSA" | "EdDSA";
+export type DigestAlgorithm = "SHA-256";
 export interface SigningAlgorithm {
     name: AlgorithmName;
     /**
@@ -182,7 +182,7 @@ export interface SigningAlgorithm {
     hash?: DigestAlgorithm;
 }
 /**
- * Interfaces for JSON Web Key objects, as per [RFC7517](https://www.rfc-editor.org/rfc/rfc751).
+ * Interfaces for JSON Web Key objects, as per [RFC7517](https://www.rfc-editor.org/rfc/rfc7517).
  */
 export interface JsonWebKey {
     /**
@@ -238,6 +238,22 @@ export interface JsonWebKeyRSAPrivate extends JsonWebKeyRSAPublic {
     dq: string;
     qi: string;
 }
+export interface JsonWebKeyEdDSAPublic extends JsonWebKey {
+    /**
+     * Elliptic curve identifier.
+     */
+    crv: string;
+    /**
+     * Base64url-encoded public key.
+     */
+    x: string;
+}
+export interface JsonWebKeyEdDSAPrivate extends JsonWebKeyEdDSAPublic {
+    /**
+     * Base64url-encoded private key.
+     */
+    d: string;
+}
 export interface CCFCrypto {
     /**
      * Generate a signature.
@@ -337,6 +353,22 @@ export interface CCFCrypto {
      * @param kid Key identifier (optional)
      */
     rsaPemToJwk(pem: string, kid?: string): JsonWebKeyRSAPrivate;
+    /**
+     * Converts an EdDSA public key as PEM to JSON Web Key (JWK) object.
+     * Currently only Curve25519 is supported.
+     *
+     * @param pem EdDSA public key as PEM
+     * @param kid Key identifier (optional)
+     */
+    pubEddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPrivate;
+    /**
+     * Converts an EdDSA private key as PEM to JSON Web Key (JWK) object.
+     * Currently only Curve25519 is supported.
+     *
+     * @param pem EdDSA private key as PEM
+     * @param kid Key identifier (optional)
+     */
+    eddsaPemToJwk(pem: string, kid?: string): JsonWebKeyEdDSAPrivate;
 }
 export interface CCFRpc {
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/ccf-app",
-  "version": "3.0.0-rc1",
+  "version": "4.0.0-dev0",
   "description": "CCF app support package",
   "main": "index.js",
   "files": [
@@ -19,14 +19,12 @@
   "license": "Apache-2.0",
   "devDependencies": {
     "@types/chai": "^4.2.15",
-    "@types/jsrsasign": "^10.5.4",
     "@types/mocha": "^10.0.0",
     "@types/node": "^18.0.0",
     "@types/node-forge": "^1.0.0",
     "chai": "^4.3.4",
     "colors": "1.4.0",
     "cross-env": "^7.0.3",
-    "jsrsasign": "^10.5.27",
     "mocha": "^10.0.0",
     "node-forge": "^1.2.0",
     "ts-node": "^10.4.0",

package/polyfill.js

@@ -16,7 +16,6 @@
  */
 import * as jscrypto from "crypto";
 import { TextEncoder, TextDecoder } from "util";
-import * as rs from "jsrsasign";
 // JavaScript's Map uses reference equality for non-primitive types,
 // whereas CCF compares the content of the ArrayBuffer.
 // To achieve CCF's semantics, all keys are base64-encoded.
@@ -320,32 +319,98 @@ class CCFPolyfill {
                 }
             },
             pubPemToJwk(pem, kid) {
-                let jwk = rs.KEYUTIL.getJWK(rs.KEYUTIL.getKey(pem));
-                if (kid !== undefined) {
-                    jwk.kid = kid;
-                }
-                return jwk;
+                const key = jscrypto.createPublicKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    crv: jwk.crv,
+                    x: jwk.x,
+                    y: jwk.y,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
             },
             pemToJwk(pem, kid) {
-                let jwk = rs.KEYUTIL.getJWK(rs.KEYUTIL.getKey(pem));
-                if (kid !== undefined) {
-                    jwk.kid = kid;
-                }
-                return jwk;
+                const key = jscrypto.createPrivateKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    d: jwk.d,
+                    crv: jwk.crv,
+                    x: jwk.x,
+                    y: jwk.y,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
             },
             pubRsaPemToJwk(pem, kid) {
-                let jwk = rs.KEYUTIL.getJWK(rs.KEYUTIL.getKey(pem));
-                if (kid !== undefined) {
-                    jwk.kid = kid;
-                }
-                return jwk;
+                const key = jscrypto.createPublicKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    n: jwk.n,
+                    e: jwk.e,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
             },
             rsaPemToJwk(pem, kid) {
-                let jwk = rs.KEYUTIL.getJWK(rs.KEYUTIL.getKey(pem));
-                if (kid !== undefined) {
-                    jwk.kid = kid;
-                }
-                return jwk;
+                const key = jscrypto.createPrivateKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    d: jwk.d,
+                    p: jwk.p,
+                    q: jwk.d,
+                    dp: jwk.dp,
+                    dq: jwk.dq,
+                    qi: jwk.qi,
+                    n: jwk.n,
+                    e: jwk.e,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
+            },
+            pubEddsaPemToJwk(pem, kid) {
+                const key = jscrypto.createPublicKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    crv: jwk.crv,
+                    x: jwk.x,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
+            },
+            eddsaPemToJwk(pem, kid) {
+                const key = jscrypto.createPrivateKey({
+                    key: pem,
+                });
+                const jwk = key.export({
+                    format: "jwk",
+                });
+                return {
+                    crv: jwk.crv,
+                    x: jwk.x,
+                    d: jwk.d,
+                    kty: jwk.kty,
+                    kid: kid,
+                };
             },
         };
     }