@microsoft/ccf-app 4.0.6 → 5.0.0-dev0

package/crypto.d.ts

@@ -29,7 +29,7 @@ export declare const verifySignature: (algorithm: import("./global.js").SigningA
 /**
  * @inheritDoc global!CCFCrypto.digest
  */
-export declare const digest: (algorithm: "SHA-256", plaintext: ArrayBuffer) => ArrayBuffer;
+export declare const digest: (algorithm: import("./global.js").DigestAlgorithm, plaintext: ArrayBuffer) => ArrayBuffer;
 /**
  * @inheritDoc global!CCFCrypto.isValidX509CertBundle
  */

package/endpoints.d.ts

@@ -120,10 +120,18 @@ export interface UserCertAuthnIdentity extends UserMemberAuthnIdentityCommon {
 export interface MemberCertAuthnIdentity extends UserMemberAuthnIdentityCommon {
     policy: "member_cert";
 }
-export interface MemberCOSESign1AuthnIdentity extends UserMemberAuthnIdentityCommon {
+interface UserMemberCOSEAuthIdentityCommon {
+    cose: {
+        /**
+         * COSE content
+         */
+        content: ArrayBuffer;
+    };
+}
+export interface MemberCOSESign1AuthnIdentity extends UserMemberAuthnIdentityCommon, UserMemberCOSEAuthIdentityCommon {
     policy: "member_cose_sign1";
 }
-export interface UserCOSESign1AuthnIdentity extends UserMemberAuthnIdentityCommon {
+export interface UserCOSESign1AuthnIdentity extends UserMemberAuthnIdentityCommon, UserMemberCOSEAuthIdentityCommon {
     policy: "user_cose_sign1";
 }
 export interface JwtAuthnIdentity extends AuthnIdentityCommon {

package/global.d.ts

@@ -172,12 +172,12 @@ export interface CryptoKeyPair {
      */
     publicKey: string;
 }
-export type AlgorithmName = "RSASSA-PKCS1-v1_5" | "ECDSA" | "EdDSA";
-export type DigestAlgorithm = "SHA-256";
+export type AlgorithmName = "RSASSA-PKCS1-v1_5" | "ECDSA" | "EdDSA" | "HMAC";
+export type DigestAlgorithm = "SHA-256" | "SHA-384" | "SHA-512";
 export interface SigningAlgorithm {
     name: AlgorithmName;
     /**
-     * Digest algorithm. It's necessary for "RSASSA-PKCS1-v1_5" and "ECDSA"
+     * Digest algorithm. It's necessary for "RSASSA-PKCS1-v1_5", "ECDSA", and "HMAC"
      */
     hash?: DigestAlgorithm;
 }
@@ -496,6 +496,9 @@ export interface CCF {
     strToBuf(v: string): ArrayBuffer;
     /**
      * Convert an ArrayBuffer into a string.
+     *
+     * Note that this function does not perform any encoding validation, and may produce
+     * an invalid JS string if the input is not valid UTF-8.
      */
     bufToStr(v: ArrayBuffer): string;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@microsoft/ccf-app",
-  "version": "4.0.6",
+  "version": "5.0.0-dev0",
   "description": "CCF app support package",
   "main": "index.js",
   "files": [
@@ -20,7 +20,7 @@
   "devDependencies": {
     "@types/chai": "^4.2.15",
     "@types/mocha": "^10.0.0",
-    "@types/node": "^18.0.0",
+    "@types/node": "^20.1.0",
     "@types/node-forge": "^1.0.0",
     "chai": "^4.3.4",
     "colors": "1.4.0",

package/polyfill.js

@@ -92,6 +92,14 @@ class CCFPolyfill {
         };
         this.crypto = {
             sign(algorithm, key, data) {
+                if (algorithm.name === "HMAC") {
+                    const hashAlg = algorithm.hash
+                        .replace("-", "")
+                        .toLowerCase();
+                    const hmac = jscrypto.createHmac(hashAlg, key);
+                    hmac.update(new Uint8Array(data));
+                    return hmac.digest();
+                }
                 let padding = undefined;
                 const privKey = jscrypto.createPrivateKey(key);
                 if (privKey.asymmetricKeyType == "rsa") {
@@ -425,8 +433,10 @@ class CCFPolyfill {
     strToBuf(s) {
         return typedArrToArrBuf(new TextEncoder().encode(s));
     }
+    // Note: this is stricter than CCF's bufToStr, as it will
+    // reject buffers that are not valid UTF-8.
     bufToStr(v) {
-        return new TextDecoder().decode(v);
+        return new TextDecoder("utf-8", { fatal: true }).decode(v);
     }
     jsonCompatibleToBuf(v) {
         return this.strToBuf(JSON.stringify(v));