@nuggetslife/vc-rn 0.1.0

package/src/Bls12381G2KeyPair.ts

@@ -0,0 +1,447 @@
+import { vc_facade } from '.';
+import bs58 from 'bs58';
+import {
+  assertBls12381G2PrivateJwk,
+  assertBls12381G2PublicJwk,
+} from './validators/Bls12381G2Jwk';
+import { convertBase64urlToBase58, uint8ArrayToHexString } from './utils';
+import {
+  BlsCurveName,
+  type GenerateKeyPairOptions,
+  type JsonWebKey,
+  type JwkKeyPairOptions,
+  type KeyPairOptions,
+  type KeyPairSigner,
+  type KeyPairVerifier,
+} from './types';
+import { base64url } from 'rfc4648';
+
+/**
+ * z represents the multibase encoding scheme of base58 encoding
+ * @see https://github.com/multiformats/multibase/blob/master/multibase.csv#L18
+ * @ignore
+ */
+const MULTIBASE_ENCODED_BASE58_IDENTIFIER = 'z';
+
+/**
+ * 0x01 indicates the end of the leading bytes according to variable integer spec
+ * @see https://github.com/multiformats/multicodec
+ * @ignore
+ */
+const VARIABLE_INTEGER_TRAILING_BYTE = 0x01;
+
+/**
+ * 0xeb indicates a BLS 12-381 G2 public key
+ *
+ */
+const BLS12381G2_MULTICODEC_IDENTIFIER = 0xeb;
+
+const DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH = 96;
+
+/**
+ * Returns an object with an async sign function for producing BBS+ signatures.
+ * The sign function is bound to the KeyPair
+ * and then returned by the KeyPair's signer method.
+ * @param key - A Bls12381G2KeyPair.
+ *
+ * @returns An object with an async function sign
+ * using the private key passed in.
+ */
+
+const signerFactory = (key: Bls12381G2KeyPair): KeyPairSigner => {
+  if (!key.privateKeyInner) {
+    return {
+      async sign(): Promise<Uint8Array> {
+        throw new Error('No private key to sign with.');
+      },
+    };
+  }
+  return {
+    async sign({ data }): Promise<Uint8Array> {
+      const messages = data.map((m) => bs58.encode(m));
+      let sig_bs58 = await vc_facade(
+        'bls_sign',
+        JSON.stringify({
+          messages,
+          keyPair: {
+            secretKey: key.privateKey,
+            publicKey: key.publicKey,
+          },
+        })
+      );
+      return bs58.decode(sig_bs58);
+    },
+  };
+};
+
+/**
+ * @ignore
+ * Returns an object with an async verify function for verifying BBS+ signatures.
+ * The verify function is bound to the KeyPair
+ * and then returned by the KeyPair's verifier method.
+ * @param key - A Bls12381G2KeyPair.
+ *
+ * @returns An async verifier specific
+ * to the key passed in.
+ */
+const verifierFactory = (key: Bls12381G2KeyPair): KeyPairVerifier => {
+  if (!key.publicKeyInner) {
+    return {
+      async verify(): Promise<boolean> {
+        throw new Error('No public key to verify with.');
+      },
+    };
+  }
+
+  return {
+    async verify({ data, signature }): Promise<boolean> {
+      const messages = data.map((m) => bs58.encode(m));
+      const sig_bs58 = bs58.encode(signature);
+      let res = await vc_facade(
+        'bls_verify',
+        JSON.stringify({
+          messages,
+          publicKey: key.publicKey,
+          signature: sig_bs58,
+        })
+      );
+      return JSON.parse(res);
+    },
+  };
+};
+
+export class Bls12381G2KeyPair {
+  id?: string;
+  controller?: string;
+  privateKeyInner?: Array<number>;
+  publicKeyInner?: Array<number>;
+  type = 'Bls12381G2Key2020';
+
+  constructor(options?: KeyPairOptions | undefined | null) {
+    /**
+     * The provided publicKey needs to be 384 bits / 5.85 = 65.6
+     * which means the base58 encoded publicKey can be either 65 or 66 chars
+     * 5.85 = log base 2 (58) which is equivalent to the number of bits
+     * encoded per character of a base58 encoded string.
+     *
+     */
+    if (
+      options?.publicKeyBase58?.length !== 131 &&
+      options?.publicKeyBase58?.length !== 132
+    ) {
+      throw new Error(
+        `The size of the public key is incorrect. Expected 131 or 132 chars got: ${options?.publicKeyBase58?.length}`
+      );
+    }
+
+    /**
+     * Validates the size of the private key if one is included
+     * This is done by 256 bits / 5.85 = 43.7 which means
+     * the base58 encoded privateKey can be either 43 or 44 chars
+     */
+    if (
+      typeof options.privateKeyBase58 !== 'undefined' &&
+      options.privateKeyBase58.length !== 43 &&
+      options.privateKeyBase58.length !== 44
+    ) {
+      throw new Error(
+        `The size of the private key is incorrect. Expected 65 or 66 chars got: ${options.privateKeyBase58.length}`
+      );
+    }
+    this.id = options.id;
+    this.controller = options.controller;
+    this.privateKeyInner = options.privateKeyBase58
+      ? Array.from(bs58.decode(options.privateKeyBase58))
+      : undefined;
+    this.publicKeyInner = Array.from(bs58.decode(options.publicKeyBase58));
+    //TODO assert if key pair is the wrong length?
+  }
+  /**
+   * Generates a BLS 12-381 key pair
+   * @param options [Optional] options for the key pair generation
+   *
+   * @returns A BLS 12-381 key pair
+   */
+  static async generate(
+    options?: GenerateKeyPairOptions
+  ): Promise<Bls12381G2KeyPair> {
+    const res = options?.seed
+      ? await vc_facade(
+          'bls_generate_g2_key',
+          JSON.stringify({
+            seed: bs58.encode(options.seed),
+          })
+        )
+      : await vc_facade('bls_generate_g2_key', JSON.stringify({}));
+
+    const keyPair: { publicKey: string; secretKey: string } = JSON.parse(res);
+    return new Bls12381G2KeyPair({
+      ...options,
+      privateKeyBase58: keyPair.secretKey,
+      publicKeyBase58: keyPair.publicKey,
+    });
+  }
+  /**
+   * Constructs a BLS 12-381 key pair from options
+   * @param options [Optional] options for key pair
+   *
+   * @returns A BLS 12-381 key pair
+   */
+  static async from(options: KeyPairOptions): Promise<Bls12381G2KeyPair> {
+    return new Bls12381G2KeyPair(options);
+  }
+  /**
+   * Constructs a BLS 12-381 key pair from options
+   * @param options [Optional] options for key pair
+   *
+   * @returns A BLS 12-381 G2 key pair
+   */
+  static async fromJwk(options: JwkKeyPairOptions): Promise<Bls12381G2KeyPair> {
+    const { id, controller, publicKeyJwk, privateKeyJwk } = options;
+    if (
+      typeof privateKeyJwk !== 'undefined' &&
+      /**
+       * The type casting is verified through the use of this assert function
+       * However because the returned interface leaves the properties as optional
+       * they need to be cast to pass to the convert function.
+       **/
+      assertBls12381G2PrivateJwk(privateKeyJwk)
+    ) {
+      return new Bls12381G2KeyPair({
+        id,
+        controller,
+        publicKeyBase58: convertBase64urlToBase58(privateKeyJwk.x as string),
+        privateKeyBase58: convertBase64urlToBase58(privateKeyJwk.d as string),
+      });
+    }
+
+    if (assertBls12381G2PublicJwk(publicKeyJwk)) {
+      return new Bls12381G2KeyPair({
+        id,
+        controller,
+        publicKeyBase58: convertBase64urlToBase58(publicKeyJwk.x as string),
+      });
+    }
+
+    throw Error('The JWK provided is not a valid');
+  }
+  /**
+   * Constructs a BLS 12-381 key pair from a public key fingerprint
+   * @param fingerprint [Optional] public key fingerprint
+   *
+   * TODO this interface needs to be refactored, there should be no
+   * hard coded notion of DIDs at this layer
+   *
+   * @returns A BLS 12-381 key pair
+   */
+  static fromFingerprint({
+    id,
+    controller,
+    fingerprint,
+  }: any): Bls12381G2KeyPair {
+    if (fingerprint.substr(0, 1) != MULTIBASE_ENCODED_BASE58_IDENTIFIER) {
+      throw new Error(
+        `Unsupported fingerprint type: expected first character to be \`z\` indicating base58 encoding, received \`${fingerprint.substr(
+          0,
+          1
+        )}\``
+      );
+    }
+
+    // parse of the multi-format public key removing the `z` that indicates base58 encoding
+    const buffer = bs58.decode(fingerprint.substr(1));
+
+    if (buffer.length !== DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH + 2) {
+      throw new Error(
+        `Unsupported public key length: expected \`${DEFAULT_BLS12381_G2_PUBLIC_KEY_LENGTH}\` received \`${
+          buffer.length - 2
+        }\``
+      );
+    }
+
+    if (buffer[0] !== BLS12381G2_MULTICODEC_IDENTIFIER) {
+      throw new Error(
+        `Unsupported public key identifier: expected second character to be \`${BLS12381G2_MULTICODEC_IDENTIFIER}\` indicating BLS12381G2 key pair, received \`${buffer[0]}\``
+      );
+    }
+
+    if (buffer[1] !== VARIABLE_INTEGER_TRAILING_BYTE) {
+      throw new Error(
+        `Missing variable integer trailing byte: expected third character to be \`${VARIABLE_INTEGER_TRAILING_BYTE}\` indicating trailing integer, received \`${buffer[1]}\``
+      );
+    }
+
+    const publicKeyBase58 = bs58.encode(buffer.slice(2));
+
+    //Defaults the controller to a DID key based controller
+    if (!controller) {
+      controller = `did:key:${Bls12381G2KeyPair.fingerprintFromPublicKey({
+        publicKeyBase58,
+      })}`;
+    }
+
+    //Defaults the id to the did key based fragment
+    if (!id) {
+      id = `#${Bls12381G2KeyPair.fingerprintFromPublicKey({
+        publicKeyBase58,
+      })}`;
+    }
+
+    return new Bls12381G2KeyPair({
+      id,
+      controller,
+      publicKeyBase58,
+    });
+  }
+
+  /**
+   * Returns the base58 encoded public key.
+   *
+   * @returns The base58 encoded public key.
+   */
+  get publicKey(): string {
+    return bs58.encode(this.publicKeyBuffer);
+  }
+
+  /**
+   * Returns the JWK structured public key.
+   *
+   * @returns The JWK public key.
+   */
+  get publicKeyJwk(): JsonWebKey {
+    return {
+      kid: this.id,
+      kty: 'EC',
+      crv: BlsCurveName.G2,
+      x: base64url.stringify(this.publicKeyBuffer, { pad: false }),
+    };
+  }
+
+  /**
+   * Returns the base58 encoded private key.
+   *
+   * @returns The base58 encoded private key.
+   */
+  get privateKey(): string | undefined {
+    if (this.privateKeyInner) {
+      return bs58.encode(this.privateKeyBuffer);
+    }
+    return undefined;
+  }
+
+  /**
+   * Returns the JWK formatted private key.
+   *
+   * @returns The JWK formatted private key.
+   */
+  get privateKeyJwk(): JsonWebKey | undefined {
+    if (this.privateKeyInner) {
+      return {
+        kid: this.id,
+        kty: 'EC',
+        crv: BlsCurveName.G2,
+        x: base64url.stringify(this.publicKeyBuffer, { pad: false }),
+        d: base64url.stringify(this.privateKeyBuffer, { pad: false }),
+      };
+    }
+    return undefined;
+  }
+
+  /**
+   * Adds a public key base to a public key node.
+   *
+   * @param publicKeyNode - The public key node.
+   * @param publicKeyNode.publicKeyBase58 - Base58 public key.
+   *
+   * @returns A PublicKeyNode in a block.
+   */
+  addEncodedPublicKey(publicKeyNode: any): any {
+    publicKeyNode.publicKeyBase58 = this.publicKey;
+    return publicKeyNode;
+  }
+  get publicKeyBuffer(): Buffer {
+    return Buffer.from(this.publicKeyInner ?? []);
+  }
+  get privateKeyBuffer(): Buffer {
+    return Buffer.from(this.privateKeyInner ?? []);
+  }
+
+  /**
+   * Returns a signer object for use with jsonld-signatures.
+   *
+   * @returns {{sign: Function}} A signer for the json-ld block.
+   */
+  signer(): KeyPairSigner {
+    return signerFactory(this);
+  }
+
+  /**
+   * Returns a verifier object for use with jsonld-signatures.
+   *
+   * @returns {{verify: Function}} Used to verify jsonld-signatures.
+   */
+  verifier(): KeyPairVerifier {
+    return verifierFactory(this);
+  }
+
+  /**
+   * Generates and returns a public key fingerprint.
+   *
+   * @returns The fingerprint.
+   */
+  fingerprint(): string {
+    const publicKeyBase58 = this.publicKey;
+    return Bls12381G2KeyPair.fingerprintFromPublicKey({ publicKeyBase58 });
+  }
+  static fingerprintFromPublicKey({ publicKeyBase58 }: any): string {
+    const keyBytes = bs58.decode(publicKeyBase58);
+    const buffer = new Uint8Array(2 + keyBytes.length);
+
+    buffer[0] = BLS12381G2_MULTICODEC_IDENTIFIER;
+    buffer[1] = VARIABLE_INTEGER_TRAILING_BYTE;
+    buffer.set(keyBytes, 2);
+
+    return `${MULTIBASE_ENCODED_BASE58_IDENTIFIER}${bs58.encode(buffer)}`;
+  }
+  /**
+   * Verifies whether the fingerprint was generated from a given key pair.
+   *
+   * @param fingerprint - A Base58 public key.
+   *
+   * @returns An object indicating valid is true or false.
+   */
+  verifyFingerprint(fingerprint: string): any {
+    // fingerprint should have `z` prefix indicating
+    // that it's multi-base encoded
+    if (
+      !(
+        typeof fingerprint === 'string' &&
+        fingerprint[0] === MULTIBASE_ENCODED_BASE58_IDENTIFIER
+      )
+    ) {
+      return {
+        error: new Error('`fingerprint` must be a multibase encoded string.'),
+        valid: false,
+      };
+    }
+    let fingerprintBuffer;
+    try {
+      fingerprintBuffer = bs58.decode(fingerprint.slice(1));
+    } catch (e) {
+      return { error: e, valid: false };
+    }
+    const publicKeyBuffer = this.publicKeyBuffer;
+
+    // validate the first two multicodec bytes 0xeb01
+    const valid =
+      uint8ArrayToHexString(fingerprintBuffer.slice(0, 2)) === 'eb01' &&
+      publicKeyBuffer.equals(fingerprintBuffer.slice(2));
+    if (!valid) {
+      return {
+        error: new Error('The fingerprint does not match the public key.'),
+        valid: false,
+      };
+    }
+    return { valid };
+  }
+}

package/src/index.d.ts

@@ -0,0 +1,126 @@
+/* tslint:disable */
+/* eslint-disable */
+
+/* auto-generated by NAPI-RS */
+
+export interface KeyPairOptions {
+  id?: string
+  controller?: string
+  privateKeyBase58?: string
+  publicKeyBase58?: string
+}
+export interface JwkKeyPairOptions {
+  id?: string
+  controller?: string
+  privateKeyJwk?: JsonWebKey
+  publicKeyJwk?: JsonWebKey
+}
+export interface FingerPrintFromPublicKeyOptions {
+  publicKeyBase58: string
+}
+export interface KeyPairFromFingerPrintOptions {
+  id?: string
+  controller?: string
+  fingerprint: string
+}
+export interface JsonWebKey {
+  /**
+   * Indicates the key type used
+   * For BLS12381_G1 and BLS12381_G2 the string "EC" MUST be used
+   * @see https://tools.ietf.org/html/rfc7517#section-4.1
+   *
+   */
+  kty: string
+  /**
+   * Indicates the curve this key is associated with
+   * In the case of BLS12-381, the curve will also indicate if it's a G1 or G2 point
+   * For a G1 point, use the string "BLS12381_G1"
+   * For a G2 point, use the string "BLS12381_G2"
+   */
+  crv: string
+  /**
+   * This is a compression of the public key point
+   * For a G1 public key, X is a 384bit base64url encoding of the octet string representation of the coordinate
+   * For a G2 public key, X is a 768bit made up of the concatenation of two 384 bit x coordinates known as
+   * x_a and x_b in the following form (x_a || x_b) as a base64url encoding of the octet string representation of the two coordinates
+   *
+   */
+  x: string
+  /** @see https://tools.ietf.org/html/rfc7517#section-4.2 */
+  use?: string
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.3
+   *
+   */
+  keyOps?: Array<string>
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.4
+   *
+   */
+  alg?: string
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.5
+   * TODO: Add note about referencing did-jose-extensions when ready
+   *
+   */
+  kid?: string
+  /**
+   * IMPORTANT NOTE: d represents the private key value and should not be shared
+   * IT IS HIGHLY SENSITIVE DATA AND IF NOT SECURED PROPERLY CONSIDER THE KEY COMPROMISED
+   * @see https://tools.ietf.org/html/rfc7517#section-9.2
+   *
+   */
+  d?: string
+  /**
+   * This coordinate is not used for BLS Keys, but is kept here to make the interface more standard
+   *
+   */
+  y?: string
+  /**
+   * @see https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-members
+   *
+   */
+  ext?: boolean
+}
+export interface GenerateKeyPairOptions {
+  id?: string
+  controller?: string
+  seed?: Buffer
+}
+export interface KeyPairSignerOptions {
+  data: Array<Uint8Array>
+}
+export interface KeyPairVerifierOptions {
+  data: Array<Uint8Array>
+  signature: Uint8Array
+}
+export class Bls12381G2KeyPair {
+  id?: string
+  controller?: string
+  privateKeyInner?: Array<number>
+  publicKeyInner?: Array<number>
+  type: string
+  constructor(options?: KeyPairOptions | undefined | null)
+  static generate(options?: GenerateKeyPairOptions | undefined | null): Promise<Bls12381G2KeyPair>
+  static from(options: KeyPairOptions): Promise<Bls12381G2KeyPair>
+  static fromJwk(options: JwkKeyPairOptions): Promise<Bls12381G2KeyPair>
+  static fromFingerprint(options: KeyPairFromFingerPrintOptions): Promise<Bls12381G2KeyPair>
+  get publicKey(): string | null
+  get publicKeyBuffer(): Buffer
+  get privateKeyBuffer(): Buffer
+  publicKeyJwk(): JsonWebKey
+  get privateKey(): string | null
+  privateKeyJwk(): JsonWebKey
+  signer(): KeyPairSigner
+  verifier(): KeyPairVerifier
+  fingerprint(): string
+  static fingerprintFromPublicKey(options: FingerPrintFromPublicKeyOptions): string
+  verifyFingerprint(fingerprint: string): void
+}
+export class KeyPairSigner {
+  sign(options: KeyPairSignerOptions): Promise<Uint8Array>
+}
+export class KeyPairVerifier {
+  verify(options: KeyPairVerifierOptions): Promise<boolean>
+}
+

package/src/index.tsx

@@ -0,0 +1,22 @@
+import { NativeModules, Platform } from 'react-native';
+
+const LINKING_ERROR =
+  `The package '@nuggetslife/vc' doesn't seem to be linked. Make sure: \n\n` +
+  Platform.select({ ios: "- You have run 'pod install'\n", default: '' }) +
+  '- You rebuilt the app after installing the package\n' +
+  '- You are not using Expo Go\n';
+
+const Vc = NativeModules.Vc
+  ? NativeModules.Vc
+  : new Proxy(
+    {},
+    {
+      get() {
+        throw new Error(LINKING_ERROR);
+      },
+    }
+  );
+
+export function vc_facade(action: string, options: string): Promise<string> {
+  return Vc.vc_facade(action, options);
+}

package/src/types/BlsCurveName.ts

@@ -0,0 +1,6 @@
+export enum BlsCurveName {
+  DEPRECATED_G1 = "BLS12381_G1",
+  DEPRECATED_G2 = "BLS12381_G2",
+  G1 = "Bls12381G1",
+  G2 = "Bls12381G2"
+}

package/src/types/GenerateKeyPairOptions.ts

@@ -0,0 +1,17 @@
+/**
+ * Options for generating a new key pair
+ */
+export interface GenerateKeyPairOptions {
+  /**
+   * The key id
+   */
+  readonly id?: string;
+  /**
+   * The key controller
+   */
+  readonly controller?: string;
+  /**
+   * An optional seed to derive the key pair from
+   */
+  readonly seed?: Uint8Array;
+}

package/src/types/JsonWebKey.ts

@@ -0,0 +1,68 @@
+export interface JsonWebKey {
+  /**
+   * Indicates the key type used
+   * For BLS12381_G1 and BLS12381_G2 the string "EC" MUST be used
+   *
+   * @see https://tools.ietf.org/html/rfc7517#section-4.1
+   */
+  kty: string;
+
+  /**
+   * Indicates the curve this key is associated with
+   * In the case of BLS12-381, the curve will also indicate if it's a G1 or G2 point
+   *
+   * For a G1 point, use the string "BLS12381_G1"
+   * For a G2 point, use the string "BLS12381_G2"
+   */
+  crv: string;
+
+  /**
+   * This is a compression of the public key point
+   *
+   * For a G1 public key, X is a 384bit base64url encoding of the octet string representation of the coordinate
+   * For a G2 public key, X is a 768bit made up of the concatenation of two 384 bit x coordinates known as
+   * x_a and x_b in the following form (x_a || x_b) as a base64url encoding of the octet string representation of the two coordinates
+   */
+  x: string;
+
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.2
+   */
+  use?: string;
+
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.3
+   */
+  key_ops?: string[];
+
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.4
+   */
+  alg?: string;
+
+  /**
+   * @see https://tools.ietf.org/html/rfc7517#section-4.5
+   *
+   * TODO: Add note about referencing did-jose-extensions when ready
+   */
+  kid?: string;
+
+  /**
+   *
+   * IMPORTANT NOTE: d represents the private key value and should not be shared
+   * IT IS HIGHLY SENSITIVE DATA AND IF NOT SECURED PROPERLY CONSIDER THE KEY COMPROMISED
+   *
+   * @see https://tools.ietf.org/html/rfc7517#section-9.2
+   */
+  d?: string;
+
+  /**
+   * This coordinate is not used for BLS Keys, but is kept here to make the interface more standard
+   */
+  y?: string;
+
+  /**
+   * @see https://www.w3.org/TR/WebCryptoAPI/#cryptokey-interface-members
+   */
+  ext?: boolean;
+}

package/src/types/JwkKeyPairOptions.ts

@@ -0,0 +1,24 @@
+import type { JsonWebKey } from "./JsonWebKey"
+
+/**
+ * Options for constructing a key pair
+ */
+export interface JwkKeyPairOptions {
+  /**
+   * The key id
+   */
+  readonly id?: string;
+  /**
+   * The key controller
+   */
+  readonly controller?: string;
+  /**
+   * Base58 encoding of the private key
+   */
+  readonly privateKeyJwk?: JsonWebKey;
+  /**
+   * Base58 encoding of the public key
+   */
+  readonly publicKeyJwk: JsonWebKey;
+}
+