@sovrahq/kms-client 1.4.0-4

package/readme.md

@@ -0,0 +1,142 @@
+# Extrimian - KMS Client
+KMS comes from the English key management system and is the component in charge of creating key pairs, encrypting, decrypting and signing content.
+The current Extrimian KMS implementation supports the ES256k, DIDComm, and BBSBLS2020 algorithms.
+
+##  KMS Constructor
+```
+constructor(
+  config: {
+        lang: LANG;
+        storage: KMSStorage;
+        didResolver ?: (did: string) => Promise<DIDDocument>;
+        mobile ?: boolean
+    }
+)
+```
+
+* lang: The preferred language for the creation of ES256k keys mnemonic.
+* storage: The reference to an object that satisfies the KMSStorage interface is needed, which will store the generated key pairs, and which is accessed to make use of the keys either for signature operations or to export them, using the public component as an index.
+* didResolver: Optionally, a callback can be defined that provides the functionality to resolve a DID. If this parameter is not defined, the functionality of signing verifiable credentials will not be available.
+* mobile: Optionally, a flag can be set to indicate whether the KMSClient instance will work on a mobile platform or not. By default this option is false. In case this option is true, the Bbsbls2020 suite will not be available.
+
+## KMS Storage
+KMS applies dependency inversion concepts so it requires send a KMSStorage by its constructor.
+
+```
+interface KMSStorage {
+  add(key: string, data: any): Promise<void>;
+  get(key: string): Promise<any>;
+  getAll(): Promise<Map<string, any>>;
+  update(key: string, data: any);
+  remove(key: string);
+}
+```
+
+### Example of KMS Storage Implementation
+This is a mock implementation example
+
+```
+import { KMSStorage } from "@quarkid/kms-core";
+
+export class SecureStorage implements KMSStorage {
+    map = new Map<string, any>();
+
+    async add(key: string, data: any): Promise<void> {
+        this.map.set(key, data);
+    }
+
+    async get(key: string): Promise<any> {
+        return this.map.get(key);
+    }
+
+    async getAll(): Promise<Map<string, any>> {
+        return this.map;
+    }
+
+    async update(key: string, data: any) {
+        this.map.set(key, data);
+    }
+
+    async remove(key: string) {
+        this.map.delete(key);
+    }
+}
+```
+
+## Example to create Keys
+```
+const updateKey = await kms.create(Suite.ES256k);
+const recoveryKey = await kms.create(Suite.ES256k);
+const didComm = await kms.create(Suite.DIDComm);
+const bbsbls = await kms.create(Suite.Bbsbls2020);
+```
+
+##  Sign Content
+```
+sign(
+  suite: Suite,
+    publicKeyJWK: IJWK,
+    content: any
+): Promise<string>
+```
+
+### Example signing using ES256k Suite
+```
+return await kms.sign(Suite.ES256k, updateKey, content)
+```
+
+## Sign VC
+It is used to sign a verifiable credential.
+
+* suite: Suite to use for the signature.
+* publicKeyJWK: Public component of the key pair to use as signer, in JWK format.
+* vc: Credential to sign.
+* did: DID of the issuer of the credential.
+* verificationMethodId: Identifier of the Verification Method to use to verify.
+* purpose: Indicates the Verification Relationship corresponding to the Verification Method to be used.
+
+```
+signVC(
+    suite: Suite,
+    publicKeyJWK: IJWK,
+    vc: any,
+    did: string,
+    verificationMethodId: string,
+    purpose: Purpose
+): Promise<VerifiableCredential>
+```
+
+## DIDComm Pack and Unpack
+```
+pack(
+    publicKeyJWK: IJWK,
+    toHexPublicKeys: string[],
+    contentToSign: string
+): Promise<string>
+```
+
+```
+unpack(
+  publicKeyJWK: IJWK,
+    packedContent: string
+): Promise<string>
+```
+
+## Export private keys
+```
+export(
+  publicKeyJWK: IJWK
+): Promise<any>
+```
+
+## Get public keys by specific suite
+```
+getPublicKeysBySuiteType(
+  suite: Suite
+): Promise<IJWK[]>
+```
+
+## Get All public keys
+```
+getAllPublicKeys(): Promise<IJWK[]>
+```

package/src/index.ts

@@ -0,0 +1,2 @@
+export { BaseConverter, Base } from "@sovrahq/kms-core";
+export { KMSClient } from "./services/kms-client";

package/src/services/kms-client.ts

@@ -0,0 +1,497 @@
+import {
+  DIDCommMessage,
+  DIDDocument,
+  DIDDocumentUtils,
+  Purpose,
+  VerificationMethodJwk
+} from "@sovrahq/did-core";
+import {
+  IES256kSuite,
+  IVCSuite,
+  IKMS,
+  Suite,
+  VCSuite,
+  LANG,
+  KMSStorage,
+  IVCJsonLDKeyPair,
+  IKeyPair,
+  IES256kKeyPair,
+  IDIDCommSuite,
+  IDidCommKeyPair,
+  BaseConverter,
+  Base,
+  IJWK,
+  IDIDCommV2Suite,
+  IPackedDIDCommMessage,
+  IDIDCommMessage,
+  DIDCommMessagePacking,
+  SelectiveDisclosureZKPSuite,
+  DIDCommPackedMessage,
+} from "@sovrahq/kms-core";
+import { VerifiableCredential } from "@sovrahq/vc-core";
+import "@sovrahq/kms-suite-didcomm";
+import "@sovrahq/kms-suite-didcomm-v2";
+import "@sovrahq/kms-suite-es256k";
+import "@sovrahq/kms-suite-rsa-signature-2018";
+import { DIDCommSuite as DIDCommSuiteV1 } from "@sovrahq/kms-suite-didcomm";
+import { DIDCommSuite } from "@sovrahq/kms-suite-didcomm-v2";
+import { BbsBls2020Suite } from "@sovrahq/kms-suite-bbsbls2020";
+import { RSASignature2018Suite } from "@sovrahq/kms-suite-rsa-signature-2018";
+import { ES256kSuite } from "@sovrahq/kms-suite-es256k";
+
+export class KMSClient implements IKMS {
+  suites: Map<Suite, new (...args: never[]) => any> = new Map();
+
+  constructor(
+    private config: {
+      lang: LANG;
+      storage: KMSStorage;
+      didResolver?: (did: string) => Promise<DIDDocument>;
+      mobile?: boolean;
+    }
+  ) {
+    this.suites.set(Suite.DIDComm, DIDCommSuiteV1)
+    this.suites.set(Suite.DIDCommV2, DIDCommSuite)
+    this.suites.set(Suite.ES256k, ES256kSuite)
+    this.suites.set(Suite.RsaSignature2018, RSASignature2018Suite)
+
+    if (!config.mobile) {
+      import("@sovrahq/kms-suite-bbsbls2020");
+      this.suites.set(Suite.Bbsbls2020, BbsBls2020Suite)
+    }
+    if (!config.didResolver)
+      console.info(
+        "KMS didResolver not configured. You need set a didResolver to signVC"
+      );
+
+  }
+
+  async create(suite: Suite): Promise<{ publicKeyJWK: IJWK }> {
+    const suiteType = this.suites.get(suite);
+    let suiteInstance;
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    suiteInstance = new suiteType();
+
+    let secrets: IKeyPair;
+    let jwk: IJWK;
+
+    if (suite == Suite.ES256k) {
+      const ethrSuite = suiteInstance as IES256kSuite;
+      secrets = await ethrSuite.create({ lang: this.config.lang });
+      jwk = BaseConverter.convert(secrets.publicKey, Base.Hex, Base.JWK, secrets.keyType || (<IES256kKeyPair>secrets).curve);
+    } else if (suite == Suite.Bbsbls2020) {
+      secrets = await suiteInstance.create();
+      jwk = BaseConverter.convert(secrets.publicKey, Base.Base58, Base.JWK, secrets.keyType);
+    } else if (suite == Suite.RsaSignature2018) {
+      secrets = await suiteInstance.create();
+      jwk = secrets!.publicKeyJWK!;
+    } else if (suite == Suite.DIDComm) {
+      secrets = await suiteInstance.create();
+      jwk = BaseConverter.convert(secrets.publicKey, Base.Hex, Base.JWK, secrets.keyType);
+    } else if (suite == Suite.DIDCommV2) {
+      secrets = await suiteInstance.create();
+      // Convert Ed25519 public key to X25519 for DIDComm key agreement
+      const ed25519 = require('@stablelib/ed25519');
+      const rawHex = secrets.publicKey.replace('0x', '');
+      const edPub = new Uint8Array(Buffer.from(rawHex, 'hex'));
+      const x25519Pub = ed25519.convertPublicKeyToX25519(edPub);
+      const x25519B64 = Buffer.from(x25519Pub).toString('base64')
+        .replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+      jwk = { kty: 'OKP', crv: 'X25519', x: x25519B64 } as any;
+    } else {
+      throw new Error("Unsupported Suite");
+    }
+
+    const pkHex = BaseConverter.convert(jwk, Base.JWK, Base.Hex);
+
+    await this.config.storage.add(pkHex, {
+      suite,
+      ...secrets,
+    });
+
+    return { publicKeyJWK: jwk };
+  }
+
+  async sign(suite: Suite, publicKeyJWK: IJWK, content: any): Promise<string> {
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+    const suiteType = this.suites.get(suite);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const privateKey = (await this.config.storage.get(
+      publicKeyHex
+    )) as IES256kKeyPair;
+    const suiteInstance = new suiteType() as IES256kSuite;
+
+    await suiteInstance.load(privateKey);
+
+    return await suiteInstance.sign(content);
+  }
+
+  async verifySignature(publicKeyJWK: IJWK, originalContent: string, signature: string): Promise<boolean> {
+    const suiteType = this.suites.get(Suite.ES256k);
+    const suiteInstance = new suiteType() as IES256kSuite;
+    return await suiteInstance.verifySignature(originalContent, signature, publicKeyJWK);
+  }
+
+  async signVC(
+    suite: Suite,
+    publicKeyJWK: IJWK,
+    vc: any,
+    did: string,
+    verificationMethodId: string,
+    purpose: Purpose
+  ): Promise<VerifiableCredential> {
+    const suiteType = this.suites.get(suite);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const suiteInstance = new suiteType() as IVCSuite;
+
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const key = (await this.config.storage.get(
+      publicKeyHex
+    )) as IVCJsonLDKeyPair;
+
+    suiteInstance.loadSuite({
+      secrets: key,
+      useCache: true,
+    });
+
+    return (await suiteInstance.sign(
+      vc,
+      did,
+      verificationMethodId,
+      purpose
+    )) as VerifiableCredential;
+  }
+
+  async deriveVC(params: {
+    vc: VerifiableCredential<any>,
+    frame: any,
+  }): Promise<VerifiableCredential<any>> {
+    const suiteType = this.suites.get(Suite.Bbsbls2020);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const suiteInstance = new suiteType() as SelectiveDisclosureZKPSuite;
+
+    const derivedVc = await suiteInstance.deriveVC(params.vc, params.frame, this.config.didResolver);
+
+    return derivedVc;
+  }
+
+  async signVCPresentation(params: {
+    publicKeyJWK: IJWK,
+    presentationObject: any,
+    did: string,
+    verificationMethodId: string,
+    purpose: Purpose
+  }) {
+    const suiteType = this.suites.get(Suite.RsaSignature2018);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const suiteInstance = new suiteType() as IVCSuite;
+
+    const publicKeyHex = BaseConverter.convert(
+      params.publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const key = (await this.config.storage.get(
+      publicKeyHex
+    )) as IVCJsonLDKeyPair;
+
+    suiteInstance.loadSuite({
+      secrets: key,
+      useCache: true,
+    });
+
+    return (await suiteInstance.sign(
+      params.presentationObject,
+      params.did,
+      params.verificationMethodId,
+      params.purpose
+    ));
+  }
+
+  async pack(
+    publicKeyJWK: IJWK,
+    toHexPublicKeys: string[],
+    contentToSign: string
+  ): Promise<string> {
+    const suiteType = this.suites.get(Suite.DIDComm);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const privateKey = (await this.config.storage.get(
+      publicKeyHex
+    )) as IDidCommKeyPair;
+    const suiteInstance = new suiteType() as IDIDCommSuite;
+
+    suiteInstance.load(privateKey);
+
+    return await suiteInstance.pack(true, toHexPublicKeys, contentToSign);
+  }
+
+  async packDIDCommV2(params: {
+    senderVerificationMethodId: string,
+    recipientVerificationMethodIds: string[],
+    message: IDIDCommMessage,
+    packing: DIDCommMessagePacking
+  }): Promise<{ packedMessage: DIDCommPackedMessage }> {
+
+    // if (!this.config.didResolver) {
+    //   console.log()
+    // }
+
+    const suiteType = this.suites.get(Suite.DIDCommV2);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const receiptKeys = await Promise.all(params.recipientVerificationMethodIds.map(async vmId => {
+      const didDoc = await this.config.didResolver(vmId.substring(0, vmId.indexOf("#")));
+
+      const vm = await DIDDocumentUtils.getVerificationMethodById(didDoc, vmId) as VerificationMethodJwk;
+
+      if (vm) {
+        return {
+          verificationMethodId: vmId,
+          publicKeyHex: BaseConverter.convert(
+            vm.publicKeyJwk,
+            Base.JWK,
+            Base.Hex
+          ),
+          publicKeyCrv: vm.publicKeyJwk && (vm.publicKeyJwk as any).crv,
+        }
+      }
+    }));
+
+    const senderDoc = await this.config.didResolver(
+      params.senderVerificationMethodId.substring(0, params.senderVerificationMethodId.indexOf("#")));
+
+    const senderPbk = DIDDocumentUtils.getVerificationMethodById(senderDoc, params.senderVerificationMethodId) as VerificationMethodJwk;
+
+    const senderPublicKeyHex = BaseConverter.convert(
+      senderPbk.publicKeyJwk,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const privateKey = (await this.config.storage.get(
+      senderPublicKeyHex
+    )) as IDidCommKeyPair;
+
+    if (!privateKey) {
+      throw new Error(`Cannot find private key for public '${senderPublicKeyHex}' key on KMS storage.`)
+    }
+
+    const suiteInstance = new (<any>suiteType)(this.config.didResolver) as IDIDCommV2Suite;
+
+    suiteInstance.load(privateKey);
+
+    const packedMessage = await suiteInstance.pack({
+      packing: params.packing,
+      message: params.message,
+      toKeys: receiptKeys,
+      senderVerificationMethodId: params.senderVerificationMethodId
+    });
+
+    return { packedMessage: JSON.parse(packedMessage.message) as DIDCommPackedMessage };
+  }
+
+  async packv2(publicKeyJWK: IJWK,
+    senderVerificationMethodId: string,
+    toHexPublicKeys: string[],
+    message: IDIDCommMessage,
+    packing: DIDCommMessagePacking
+  ): Promise<IPackedDIDCommMessage> {
+    const suiteType = this.suites.get(Suite.DIDCommV2);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const privateKey = (await this.config.storage.get(
+      publicKeyHex
+    )) as IDidCommKeyPair;
+    const suiteInstance = new (<any>suiteType)(this.config.didResolver) as IDIDCommV2Suite;
+
+    suiteInstance.load(privateKey);
+
+    return await suiteInstance.pack({
+      packing: packing,
+      message: message,
+      senderVerificationMethodId: senderVerificationMethodId,
+      toKeys: toHexPublicKeys.map(x => ({
+        publicKeyHex: x,
+        verificationMethodId: senderVerificationMethodId
+      })),
+    });
+  }
+
+  async unpack(publicKeyJWK: IJWK, packedContent: string): Promise<string> {
+    const suiteType = this.suites.get(Suite.DIDComm);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const privateKey = (await this.config.storage.get(
+      publicKeyHex
+    )) as IDidCommKeyPair;
+    const suiteInstance = new suiteType() as IDIDCommSuite;
+
+    suiteInstance.load(privateKey);
+
+    return await suiteInstance.unpack(packedContent);
+  }
+
+  async unpackv2(publicKeyJWK: IJWK, jwe: any): Promise<string> {
+    if (!this.config.didResolver) {
+      throw new Error("DID Resolver required on KMSClient instance to Unpack DIDComm v2")
+    }
+
+    const suiteType = this.suites.get(Suite.DIDCommV2);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const privateKey = (await this.config.storage.get(
+      publicKeyHex
+    )) as IDidCommKeyPair;
+    const suiteInstance = new (<any>suiteType)(this.config.didResolver) as IDIDCommV2Suite;
+
+    suiteInstance.load(privateKey);
+
+    return await suiteInstance.unpack(jwe);
+  }
+
+  async unpackvDIDCommV2(receiptDID: string,
+    packedMessage: any | DIDCommPackedMessage): Promise<{ message: DIDCommMessage, metaData: { packing: DIDCommMessagePacking } }> {
+    if (!this.config.didResolver) {
+      throw new Error("DID Resolver required on KMSClient instance to Unpack DIDComm v2")
+    }
+
+    let publicKeyHex = null;
+
+    const dcpm = packedMessage as DIDCommPackedMessage;
+    const receiptKid = dcpm.recipients?.find(x => x.header.kid.indexOf(receiptDID) > -1);
+
+    if (receiptKid != null) {
+      const receiptDoc = await this.config.didResolver(receiptDID);
+      const pbk = DIDDocumentUtils.getVerificationMethodById(receiptDoc, receiptKid.header.kid) as VerificationMethodJwk;
+      publicKeyHex = BaseConverter.convert(pbk.publicKeyJwk, Base.JWK, Base.Hex, pbk.type);
+    }
+
+    const suiteType = this.suites.get(Suite.DIDCommV2);
+
+    if (!suiteType) {
+      throw new Error("Unsupported Suite");
+    }
+
+    const suiteInstance = new (<any>suiteType)(this.config.didResolver) as IDIDCommV2Suite;
+
+    if (publicKeyHex) {
+      const privateKey = (await this.config.storage.get(
+        publicKeyHex
+      )) as IDidCommKeyPair;
+
+      suiteInstance.load(privateKey);
+    }
+
+    const result = await suiteInstance.unpack({ message: packedMessage });
+
+    return result;
+  }
+
+  async export(publicKeyJWK: IJWK): Promise<IKeyPair> {
+    const publicKeyHex = BaseConverter.convert(
+      publicKeyJWK,
+      Base.JWK,
+      Base.Hex
+    );
+
+    const data = await this.config.storage.get(publicKeyHex);
+    return data;
+  }
+
+  async import(key: {
+    publicKeyHex: string,
+    secret: IKeyPair
+  }) {
+    await this.config.storage.add(key.publicKeyHex, key.secret);
+  }
+
+  async getPublicKeysBySuiteType(suite: Suite): Promise<IJWK[]> {
+    const data = await this.config.storage.getAll();
+    const returnKeys = new Array<IJWK>();
+
+    data.forEach((value: IKeyPair, key) => {
+      if (data.get(key).suite == suite)
+        value.publicKeyJWK ? returnKeys.push(value.publicKeyJWK) :
+          returnKeys.push(BaseConverter.convert(key, Base.Hex, Base.JWK, (<IES256kKeyPair>value).curve || value.keyType));
+    });
+
+    return returnKeys;
+  }
+
+  async getAllPublicKeys(): Promise<IJWK[]> {
+    const data = await this.config.storage.getAll();
+    return Array.from(data.keys()).map((x) =>
+      BaseConverter.convert(x, Base.Hex, Base.JWK, (<IES256kKeyPair>data.get(x)).curve || data.get(x).keyType)
+    );
+  }
+}

package/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "es5",
+    "lib": [
+      "es6"
+    ],
+    "types": [
+      "node",
+      "jest"
+    ],
+    "resolveJsonModule": true,
+    "outDir": "dist",
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "declaration": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+  }
+}