@mocanetwork/privado-js-sdk 1.0.0

package/src/identity/index.ts

@@ -0,0 +1,2 @@
+export * from './identity-wallet';
+export * from './common';

package/src/index.ts

@@ -0,0 +1,16 @@
+export * from './identity';
+export * from './credentials';
+export * from './kms';
+export * from './storage';
+export * from './verifiable';
+export * from './schema-processor';
+export * from './proof';
+export * from './iden3comm';
+export * from './circuits';
+export * from './iden3comm';
+export * from './utils';
+export * from './blockchain';
+import * as core from '@mocanetwork/moca-iden3';
+import * as jsonLDMerklizer from '@iden3/js-jsonld-merklization';
+export { core };
+export { jsonLDMerklizer };

package/src/kms/index.ts

@@ -0,0 +1,4 @@
+export * from './kms';
+export * from './key-providers';
+export * from './store';
+export * from './provider-helpers';

package/src/kms/key-providers/bjj-provider.ts

@@ -0,0 +1,118 @@
+import { Hex, PrivateKey, PublicKey, Signature } from '@iden3/js-crypto';
+import { BytesHelper, checkBigIntInField } from '@mocanetwork/moca-iden3';
+import { IKeyProvider } from '../kms';
+import { AbstractPrivateKeyStore, KmsKeyId, KmsKeyType } from '../store';
+
+import * as providerHelpers from '../provider-helpers';
+import { hexToBytes } from '../../utils';
+
+/**
+ * Provider for Baby Jub Jub keys
+ * @public
+ * @class BjjProvider
+ * @implements implements IKeyProvider interface
+ */
+export class BjjProvider implements IKeyProvider {
+  /**
+   * key type that is handled by BJJ Provider
+   * @type {KmsKeyType}
+   */
+  keyType: KmsKeyType;
+  private keyStore: AbstractPrivateKeyStore;
+  /**
+   * Creates an instance of BjjProvider.
+   * @param {KmsKeyType} keyType - kms key type
+   * @param {AbstractPrivateKeyStore} keyStore - key store for kms
+   */
+  constructor(keyType: KmsKeyType, keyStore: AbstractPrivateKeyStore) {
+    if (keyType !== KmsKeyType.BabyJubJub) {
+      throw new Error('Key type must be BabyJubJub');
+    }
+    this.keyType = keyType;
+    this.keyStore = keyStore;
+  }
+  /**
+   * get all keys
+   * @returns list of keys
+   */
+  async list(): Promise<
+    {
+      alias: string;
+      key: string;
+    }[]
+  > {
+    const allKeysFromKeyStore = await this.keyStore.list();
+    return allKeysFromKeyStore.filter((key) => key.alias.startsWith(this.keyType));
+  }
+
+  /**
+   * generates a baby jub jub key from a seed phrase
+   * @param {Uint8Array} seed - byte array seed
+   * @returns kms key identifier
+   */
+  async newPrivateKeyFromSeed(seed: Uint8Array): Promise<KmsKeyId> {
+    const newKey: Uint8Array = new Uint8Array(32);
+    newKey.set(Uint8Array.from(seed), 0);
+    newKey.fill(seed.length, 32, 0);
+    const privateKey: PrivateKey = new PrivateKey(seed);
+
+    const publicKey = privateKey.public();
+
+    const kmsId = {
+      type: this.keyType,
+      id: providerHelpers.keyPath(this.keyType, publicKey.hex())
+    };
+    await this.keyStore.importKey({ alias: kmsId.id, key: privateKey.hex() });
+
+    return kmsId;
+  }
+
+  /**
+   * Gets public key by kmsKeyId
+   *
+   * @param {KmsKeyId} keyId - key identifier
+   */
+  async publicKey(keyId: KmsKeyId): Promise<string> {
+    const privateKey: PrivateKey = await this.privateKey(keyId);
+    return privateKey.public().hex();
+  }
+
+  /**
+   * signs prepared payload of size,
+   * with a key id
+   *
+   * @param {KmsKeyId} keyId  - key identifier
+   * @param {Uint8Array} data - data to sign (32 bytes)
+   * @returns Uint8Array signature
+   */
+  async sign(keyId: KmsKeyId, data: Uint8Array): Promise<Uint8Array> {
+    if (data.length != 32) {
+      throw new Error('data to sign is too large');
+    }
+
+    const i = BytesHelper.bytesToInt(data);
+    if (!checkBigIntInField(i)) {
+      throw new Error('data to sign is too large');
+    }
+    const privateKey = await this.privateKey(keyId);
+
+    const signature = privateKey.signPoseidon(i);
+
+    return signature.compress();
+  }
+
+  private async privateKey(keyId: KmsKeyId): Promise<PrivateKey> {
+    const privateKeyHex = await this.keyStore.get({ alias: keyId.id });
+
+    return new PrivateKey(Hex.decodeString(privateKeyHex));
+  }
+
+  async verify(message: Uint8Array, signatureHex: string, keyId: KmsKeyId): Promise<boolean> {
+    const publicKey = await this.publicKey(keyId);
+
+    return PublicKey.newFromCompressed(hexToBytes(publicKey)).verifyPoseidon(
+      BytesHelper.bytesToInt(message),
+      Signature.newFromCompressed(hexToBytes(signatureHex))
+    );
+  }
+}

package/src/kms/key-providers/ed25519-provider.ts

@@ -0,0 +1,105 @@
+import { IKeyProvider } from '../kms';
+import { AbstractPrivateKeyStore, KmsKeyId, KmsKeyType } from '../store';
+import * as providerHelpers from '../provider-helpers';
+import { ed25519 } from '@noble/curves/ed25519';
+import { bytesToHex } from '../../utils';
+
+/**
+ * Provider for Ed25519 keys
+ * @public
+ * @class Ed25519Provider
+ * @implements IKeyProvider interface
+ */
+export class Ed25519Provider implements IKeyProvider {
+  /**
+   * Creates an instance of Ed25519Provider.
+   * @param {KmsKeyType} keyType - kms key type
+   * @param {AbstractPrivateKeyStore} keyStore - key store for kms
+   */
+  constructor(
+    public readonly keyType: KmsKeyType,
+    private readonly _keyStore: AbstractPrivateKeyStore
+  ) {}
+
+  /**
+   * get all keys
+   * @returns list of keys
+   */
+  async list(): Promise<
+    {
+      alias: string;
+      key: string;
+    }[]
+  > {
+    const allKeysFromKeyStore = await this._keyStore.list();
+    return allKeysFromKeyStore.filter((key) => key.alias.startsWith(this.keyType));
+  }
+
+  /**
+   * generates a ed25519 key from a seed phrase
+   * @param {Uint8Array} seed - byte array seed
+   * @returns {Promise<KmsKeyId>} kms key identifier
+   */
+  async newPrivateKeyFromSeed(seed: Uint8Array): Promise<KmsKeyId> {
+    if (seed.length !== 32) {
+      throw new Error('Seed should be 32 bytes');
+    }
+
+    const publicKey = ed25519.getPublicKey(seed);
+    const kmsId = {
+      type: this.keyType,
+      id: providerHelpers.keyPath(this.keyType, bytesToHex(publicKey))
+    };
+
+    await this._keyStore.importKey({
+      alias: kmsId.id,
+      key: bytesToHex(seed)
+    });
+
+    return kmsId;
+  }
+
+  /**
+   * Gets public key by kmsKeyId
+   * @param {KmsKeyId} keyId - key identifier
+   * @returns {Promise<string>} Public key as a hex string
+   */
+  async publicKey(keyId: KmsKeyId): Promise<string> {
+    const privateKeyHex = await this.privateKey(keyId);
+    const publicKey = ed25519.getPublicKey(privateKeyHex);
+    return bytesToHex(publicKey);
+  }
+
+  /**
+   * signs prepared payload of size,
+   * with a key id
+   * @param {KmsKeyId} keyId  - key identifier
+   * @param {Uint8Array} digest - data to sign (32 bytes)
+   * @returns {Promise<Uint8Array>} signature
+   */
+  async sign(keyId: KmsKeyId, digest: Uint8Array): Promise<Uint8Array> {
+    const privateKeyHex = await this.privateKey(keyId);
+    return ed25519.sign(digest, privateKeyHex);
+  }
+
+  /**
+   * Verifies a signature for the given message and key identifier.
+   * @param digest - The message to verify the signature against.
+   * @param signatureHex - The signature to verify, as a hexadecimal string.
+   * @param keyId - The key identifier to use for verification.
+   * @returns A Promise that resolves to a boolean indicating whether the signature is valid.
+   */
+  async verify(digest: Uint8Array, signatureHex: string, keyId: KmsKeyId): Promise<boolean> {
+    const publicKeyHex = await this.publicKey(keyId);
+    return ed25519.verify(signatureHex, digest, publicKeyHex);
+  }
+
+  /**
+   * Retrieves the private key for a given keyId from the key store.
+   * @param {KmsKeyId} keyId - The identifier of the key to retrieve.
+   * @returns {Promise<string>} The private key associated with the keyId.
+   */
+  private async privateKey(keyId: KmsKeyId): Promise<string> {
+    return this._keyStore.get({ alias: keyId.id });
+  }
+}

package/src/kms/key-providers/index.ts

@@ -0,0 +1,3 @@
+export * from './bjj-provider';
+export * from './ed25519-provider';
+export * from './secp256k1-provider';

package/src/kms/key-providers/secp256k1-provider.ts

@@ -0,0 +1,125 @@
+import { IKeyProvider } from '../kms';
+import { AbstractPrivateKeyStore, KmsKeyId, KmsKeyType } from '../store';
+import * as providerHelpers from '../provider-helpers';
+import { base64UrlToBytes, bytesToHex } from '../../utils';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { sha256 } from '@iden3/js-crypto';
+import { ES256KSigner, hexToBytes } from 'did-jwt';
+
+/**
+ * Provider for Secp256k1
+ * @public
+ * @class Secp256k1Provider
+ * @implements implements IKeyProvider interface
+ */
+export class Sec256k1Provider implements IKeyProvider {
+  /**
+   * key type that is handled by BJJ Provider
+   * @type {KmsKeyType}
+   */
+  keyType: KmsKeyType;
+  private _keyStore: AbstractPrivateKeyStore;
+
+  /**
+   * Creates an instance of BjjProvider.
+   * @param {KmsKeyType} keyType - kms key type
+   * @param {AbstractPrivateKeyStore} keyStore - key store for kms
+   */
+  constructor(keyType: KmsKeyType, keyStore: AbstractPrivateKeyStore) {
+    if (keyType !== KmsKeyType.Secp256k1) {
+      throw new Error('Key type must be Secp256k1');
+    }
+    this.keyType = keyType;
+    this._keyStore = keyStore;
+  }
+
+  /**
+   * get all keys
+   * @returns list of keys
+   */
+  async list(): Promise<
+    {
+      alias: string;
+      key: string;
+    }[]
+  > {
+    const allKeysFromKeyStore = await this._keyStore.list();
+    return allKeysFromKeyStore.filter((key) => key.alias.startsWith(this.keyType));
+  }
+
+  /**
+   * generates a baby jub jub key from a seed phrase
+   * @param {Uint8Array} seed - byte array seed
+   * @returns kms key identifier
+   */
+  async newPrivateKeyFromSeed(seed: Uint8Array): Promise<KmsKeyId> {
+    if (seed.length !== 32) {
+      throw new Error('Seed should be 32 bytes');
+    }
+    const publicKey = secp256k1.getPublicKey(seed);
+    const kmsId = {
+      type: this.keyType,
+      id: providerHelpers.keyPath(this.keyType, bytesToHex(publicKey))
+    };
+
+    await this._keyStore.importKey({
+      alias: kmsId.id,
+      key: bytesToHex(seed).padStart(64, '0')
+    });
+
+    return kmsId;
+  }
+
+  /**
+   * Gets public key by kmsKeyId
+   *
+   * @param {KmsKeyId} keyId - key identifier
+   */
+  async publicKey(keyId: KmsKeyId): Promise<string> {
+    const privateKeyHex = await this.privateKey(keyId);
+    const publicKey = secp256k1.getPublicKey(privateKeyHex, false); // 04 + x + y (uncompressed key)
+    return bytesToHex(publicKey);
+  }
+
+  /**
+   * Signs the given data using the private key associated with the specified key identifier.
+   * @param keyId - The key identifier to use for signing.
+   * @param data - The data to sign.
+   * @param opts - Signing options, such as the algorithm to use.
+   * @returns A Promise that resolves to the signature as a Uint8Array.
+   */
+  async sign(
+    keyId: KmsKeyId,
+    data: Uint8Array,
+    opts: { [key: string]: unknown } = { alg: 'ES256K' }
+  ): Promise<Uint8Array> {
+    const privateKeyHex = await this.privateKey(keyId);
+
+    const signatureBase64 = await ES256KSigner(
+      hexToBytes(privateKeyHex),
+      opts.alg === 'ES256K-R'
+    )(data);
+
+    if (typeof signatureBase64 !== 'string') {
+      throw new Error('signatureBase64 must be a string');
+    }
+
+    return base64UrlToBytes(signatureBase64);
+  }
+
+  /**
+   * Verifies a signature for the given message and key identifier.
+   * @param message - The message to verify the signature against.
+   * @param signatureHex - The signature to verify, as a hexadecimal string.
+   * @param keyId - The key identifier to use for verification.
+   * @returns A Promise that resolves to a boolean indicating whether the signature is valid.
+   */
+  async verify(message: Uint8Array, signatureHex: string, keyId: KmsKeyId): Promise<boolean> {
+    const publicKeyHex = await this.publicKey(keyId);
+    return secp256k1.verify(signatureHex, sha256(message), publicKeyHex);
+  }
+
+  private async privateKey(keyId: KmsKeyId): Promise<string> {
+    return this._keyStore.get({ alias: keyId.id });
+  }
+}

package/src/kms/kms.ts

@@ -0,0 +1,173 @@
+import { KmsKeyId, KmsKeyType } from './store';
+
+/**
+ * KeyProvider is responsible for signing and creation of the keys
+ *
+ * @public
+ * @interface   IKeyProvider
+ */
+export interface IKeyProvider {
+  /**
+   * property to store key type
+   *
+   * @type {KmsKeyType}
+   */
+  keyType: KmsKeyType;
+
+  /**
+   * get all keys
+   *
+   * @returns list of keys
+   */
+  list(): Promise<
+    {
+      alias: string;
+      key: string;
+    }[]
+  >;
+  /**
+   * gets public key by key id
+   *
+   * @param {KmsKeyId} keyID - kms key identifier
+   * @returns `Promise<PublicKey>`
+   */
+  publicKey(keyID: KmsKeyId): Promise<string>;
+  /**
+   * sign data with kms key
+   *
+   * @param {KmsKeyId} keyId - key identifier
+   * @param {Uint8Array} data  - bytes payload
+   * @param {{ [key: string]: unknown }} opts  - additional options for signing
+   * @returns `Promise<Uint8Array>`
+   */
+  sign(keyId: KmsKeyId, data: Uint8Array, opts?: { [key: string]: unknown }): Promise<Uint8Array>;
+
+  /**
+   * creates new key pair from given seed
+   *
+   * @param {Uint8Array} seed - seed
+   * @returns `Promise<KmsKeyId>`
+   */
+  newPrivateKeyFromSeed(seed: Uint8Array): Promise<KmsKeyId>;
+
+  /**
+   * Verifies a message signature using the provided key ID.
+   *
+   * @param message - The message bytes to verify.
+   * @param signatureHex - The signature in hexadecimal format.
+   * @param keyId - The KMS key ID used to verify the signature.
+   * @returns A promise that resolves to a boolean indicating whether the signature is valid.
+   */
+  verify(message: Uint8Array, signatureHex: string, keyId: KmsKeyId): Promise<boolean>;
+}
+/**
+ * Key management system class contains different key providers.
+ * allows to register custom provider, create key, get public key and sign
+ *
+ * @public
+ * @class KMS - class
+ */
+export class KMS {
+  private readonly _registry = new Map<KmsKeyType, IKeyProvider>();
+
+  /**
+   * register key provider in the KMS
+   *
+   * @param {KmsKeyType} keyType - kms key type
+   * @param {IKeyProvider} keyProvider - key provider implementation
+   */
+  registerKeyProvider(keyType: KmsKeyType, keyProvider: IKeyProvider): void {
+    if (this._registry.get(keyType)) {
+      throw new Error('present keyType');
+    }
+    this._registry.set(keyType, keyProvider);
+  }
+
+  /**
+   * generates a new key and returns it kms key id
+   *
+   * @param {KmsKeyType} keyType
+   * @param {Uint8Array} bytes
+   * @returns kms key id
+   */
+  async createKeyFromSeed(keyType: KmsKeyType, bytes: Uint8Array): Promise<KmsKeyId> {
+    const keyProvider = this._registry.get(keyType);
+    if (!keyProvider) {
+      throw new Error(`keyProvider not found for: ${keyType}`);
+    }
+    return keyProvider.newPrivateKeyFromSeed(bytes);
+  }
+
+  /**
+   * gets public key for key id
+   *
+   * @param {KmsKeyId} keyId -- key id
+   * @returns public key
+   */
+  async publicKey(keyId: KmsKeyId): Promise<string> {
+    const keyProvider = this._registry.get(keyId.type);
+    if (!keyProvider) {
+      throw new Error(`keyProvider not found for: ${keyId.type}`);
+    }
+
+    return keyProvider.publicKey(keyId);
+  }
+
+  /**
+   * sign Uint8Array with giv KmsKeyIden
+   *
+   * @param {KmsKeyId} keyId - key id
+   * @param {Uint8Array} data - prepared data bytes
+   * @returns `Promise<Uint8Array>` - return signature
+   */
+  async sign(
+    keyId: KmsKeyId,
+    data: Uint8Array,
+    opts?: {
+      [key: string]: unknown;
+    }
+  ): Promise<Uint8Array> {
+    const keyProvider = this._registry.get(keyId.type);
+    if (!keyProvider) {
+      throw new Error(`keyProvider not found for: ${keyId.type}`);
+    }
+
+    return keyProvider.sign(keyId, data, opts);
+  }
+
+  /**
+   * Verifies a signature against the provided data and key ID.
+   *
+   * @param data - The data to verify the signature against.
+   * @param signatureHex - The signature to verify, in hexadecimal format.
+   * @param keyId - The key ID to use for verification.
+   * @returns A promise that resolves to a boolean indicating whether the signature is valid.
+   */
+  verify(data: Uint8Array, signatureHex: string, keyId: KmsKeyId): Promise<boolean> {
+    const keyProvider = this._registry.get(keyId.type);
+    if (!keyProvider) {
+      throw new Error(`keyProvider not found for: ${keyId.type}`);
+    }
+    return keyProvider.verify(data, signatureHex, keyId);
+  }
+
+  /**
+   * get all keys by key type
+   *
+   * @param keyType - Key type
+   * @returns list of keys
+   */
+  list(keyType: KmsKeyType): Promise<
+    {
+      alias: string;
+      key: string;
+    }[]
+  > {
+    const keyProvider = this._registry.get(keyType);
+    if (!keyProvider) {
+      throw new Error(`keyProvider not found for: ${keyType}`);
+    }
+
+    return keyProvider.list();
+  }
+}

package/src/kms/provider-helpers.ts

@@ -0,0 +1,13 @@
+import { KmsKeyType } from './store';
+
+/**
+ * builds key path
+ *
+ * @param {KmsKeyType} keyType - key type
+ * @param {string} keyID - key id
+ * @returns string path
+ */
+export function keyPath(keyType: KmsKeyType, keyID: string): string {
+  const basePath = '';
+  return basePath + String(keyType) + ':' + keyID;
+}

package/src/kms/store/abstract-key-store.ts

@@ -0,0 +1,34 @@
+/**
+ * KeyStore that allows to import and get keys by alias.
+ *
+ * @abstract
+ * @public
+ * @class AbstractPrivateKeyStore
+ */
+export abstract class AbstractPrivateKeyStore {
+  /**
+   * imports key by alias
+   *
+   * @abstract
+   * @param {{ alias: string; key: string }} args - key alias and hex representation
+   * @returns `Promise<void>`
+   */
+  abstract importKey(args: { alias: string; key: string }): Promise<void>;
+
+  /**
+   * get key by alias
+   *
+   * @abstract
+   * @param {{ alias: string }} args -key alias
+   * @returns `Promise<string>`
+   */
+  abstract get(args: { alias: string }): Promise<string>;
+
+  /**
+   * get all keys
+   *
+   * @abstract
+   * @returns `Promise<{ alias: string; key: string }[]>`
+   */
+  abstract list(): Promise<{ alias: string; key: string }[]>;
+}

package/src/kms/store/index.ts

@@ -0,0 +1,5 @@
+export * from './abstract-key-store';
+export * from './memory-key-store';
+export * from './types';
+export * from './local-storage-key-store';
+export * from './indexed-db-key-store';

package/src/kms/store/indexed-db-key-store.ts

@@ -0,0 +1,60 @@
+import { UseStore, createStore, get, set, entries } from 'idb-keyval';
+import { AbstractPrivateKeyStore } from './abstract-key-store';
+
+/**
+ * Allows storing keys in the indexed db storage of the browser
+ * (NOT ENCRYPTED: DO NOT USE IN THE PRODUCTION)
+ *
+ * @public
+ * @class IndexedDBPrivateKeyStore
+ * @implements implements AbstractPrivateKeyStore interface
+ */
+export class IndexedDBPrivateKeyStore implements AbstractPrivateKeyStore {
+  static readonly storageKey = 'keystore';
+  private readonly _store: UseStore;
+
+  constructor() {
+    this._store = createStore(
+      `${IndexedDBPrivateKeyStore.storageKey}-db`,
+      IndexedDBPrivateKeyStore.storageKey
+    );
+  }
+
+  /**
+   * get all keys
+   *
+   * @abstract
+   * @returns `Promise<{ alias: string; key: string }[]>`
+   */
+  async list(): Promise<{ alias: string; key: string }[]> {
+    const allEntries = await entries(this._store);
+    return allEntries.map(([alias, key]) => ({ alias, key: key.value })) as unknown as {
+      alias: string;
+      key: string;
+    }[];
+  }
+
+  /**
+   * Gets key from the indexed db storage
+   *
+   * @param {{ alias: string }} args
+   * @returns hex string
+   */
+  async get(args: { alias: string }): Promise<string> {
+    const key = await get(args.alias, this._store);
+    if (!key) {
+      throw new Error('no key under given alias');
+    }
+    return key.value;
+  }
+
+  /**
+   * Import key to the indexed db storage
+   *
+   * @param {{ alias: string; key: string }} args - alias and private key in the hex
+   * @returns void
+   */
+  async importKey(args: { alias: string; key: string }): Promise<void> {
+    await set(args.alias, { value: args.key }, this._store);
+  }
+}