@sovrahq/kms-core 1.4.0-4

package/src/models/suites/didcomm/didcomm-packed-message.ts

@@ -0,0 +1,20 @@
+export interface DIDCommPackedMessage {
+    protected: string;
+    iv: string;
+    ciphertext: string;
+    tag: string;
+    recipients: [{
+        encrypted_key: string;
+        header: {
+            alg: string;
+            iv: string;
+            tag: string;
+            epk: {
+                kty: string;
+                crv: string;
+                x: string;
+            };
+            kid: string;
+        }
+    }]
+}

package/src/models/suites/didcomm/didcomm-signed-message.ts

@@ -0,0 +1,40 @@
+import { JWE } from 'did-jwt'
+import { DIDCommMessageMediaType, IDIDCommMessage } from './didcomm-message-media-type'
+
+/**
+ * Represents a plaintext DIDComm v2 message object.
+ * @internal
+ */
+export type _DIDCommPlainMessage = IDIDCommMessage & { typ: DIDCommMessageMediaType.PLAIN }
+
+/**
+ * Represents an encrypted DIDComm v2 message object
+ * @internal
+ */
+export type _DIDCommEncryptedMessage = JWE
+
+/**
+ * Type definition of a JSON serialized JWS in flattened form (only one signer)
+ * @internal
+ */
+export type _FlattenedJWS = {
+    payload: string
+    protected?: string
+    header?: Record<string, any>
+    signature: string
+}
+
+/**
+ * Type definition of a JSON serialized JWS in generic form
+ * @internal
+ */
+export type _GenericJWS = {
+    payload: string
+    signatures: [{ protected?: string; header?: Record<string, any>; signature: string }]
+}
+
+/**
+ * Composite type representing the 2 accepted forms of JWS DIDComm v2 message
+ * @internal
+ */
+export type _DIDCommSignedMessage = _FlattenedJWS | _GenericJWS

package/src/models/suites/didcomm.suite.ts

@@ -0,0 +1,34 @@
+import { IJWK } from "../../utils/base-converter";
+import { IKeyPair } from "../keypair";
+import { IPackDIDCommMessageArgs } from "./didcomm/didcomm-message";
+import { DIDCommMessagePacking, IDIDCommMessage, IPackedDIDCommMessage, IUnpackedDIDCommMessage } from "./didcomm/didcomm-message-media-type";
+
+export interface IDidCommKeyPair extends IKeyPair {
+    keyType: 'curve25519' | 'Ed25519' | 'x25519' | 'Secp256k1';
+}
+
+export interface IDIDCommSuite {
+    load(secrets: IDidCommKeyPair);
+    create(): Promise<IDidCommKeyPair>;
+    pack(encrypt: boolean,
+        toHexKeys: string[],
+        documentToSign: string): Promise<string>;
+    unpack: (encryptedDocument: string) => Promise<any>;
+}
+
+export interface IDIDCommV2Suite {
+    load(secrets: IDidCommKeyPair);
+    create(): Promise<IDidCommKeyPair>;
+    //Deprecated: This method will be removed soon.
+    pack(params: {
+        senderVerificationMethodId: string,
+        toKeys: {
+            verificationMethodId: string;
+            publicKeyHex: string;
+            publicKeyCrv?: string;
+        }[];
+        message: IDIDCommMessage;
+        packing: DIDCommMessagePacking;
+    }): Promise<IPackedDIDCommMessage>;
+    unpack: (jwe: any) => Promise<any>;
+}

package/src/models/suites/es256k-signer.suite.ts

@@ -0,0 +1,15 @@
+import { LANG } from "../lang";
+import { IKeyPair } from "../keypair";
+import { IJWK } from "../../utils/base-converter";
+
+export interface IES256kKeyPair extends IKeyPair {
+    readonly mnemonic?: string;
+    readonly curve?: string;
+}
+
+export interface IES256kSuite {
+    load(IEthrKeyPair: IES256kKeyPair): Promise<void>;
+    create(params: { lang: LANG }): Promise<IES256kKeyPair>;
+    sign(content: string): Promise<string>;
+    verifySignature(originalContent: string, flatSignature: any, publicKey: IJWK): Promise<boolean>;
+}

package/src/models/suites/selective-disclosure-zkp.suite.ts

@@ -0,0 +1,7 @@
+import { DIDDocument } from "@sovrahq/did-core";
+import { VerifiableCredential } from "@sovrahq/vc-core";
+import { IVCSuite } from "./vc.suite";
+
+export interface SelectiveDisclosureZKPSuite extends IVCSuite {
+    deriveVC(signedDocument: VerifiableCredential, deriveProofFrame: string, didDocumentResolver: (did: string) => Promise<DIDDocument>): Promise<VerifiableCredential>;
+}

package/src/models/suites/vc.suite.ts

@@ -0,0 +1,16 @@
+import { DIDDocument, Purpose } from "@sovrahq/did-core";
+import { VerifiableCredential } from "@sovrahq/vc-core";
+import { IKeyPair } from "../keypair";
+
+export interface IVCJsonLDKeyPair extends IKeyPair {
+    readonly id?: string;
+    readonly controller?: string;
+}
+
+export interface IVCSuite {
+    loadSuite(params: {
+        secrets: IVCJsonLDKeyPair,
+        useCache: boolean,
+    });
+    sign: (documentToSign: string, did: string, verificationMethodId: string, porpuse: Purpose) => Promise<any>;
+}

package/src/models/supported-suites.ts

@@ -0,0 +1,22 @@
+export enum Suite {
+    ES256k = "es256k",
+    DIDComm = "didcomm",
+    DIDCommV2 = "didcommv2",
+    Bbsbls2020 = "bbsbls2020",
+    RsaSignature2018 = "rsaSignature2018",
+    Ed25519Suite = "ed25519Suite",
+}
+
+export enum VCSuite {
+    Bbsbls2020 = "bbsbls2020",
+    RsaSignature2018 = "rsaSignature2018",
+}
+
+export function getTypeBySuite(suite: Suite) {
+    switch (suite) {
+        case Suite.DIDComm: return "X25519KeyAgreementKey2019";
+        case Suite.Bbsbls2020: return "Bls12381G1Key2020";
+        case Suite.RsaSignature2018: return "RsaSignature2018";
+    }
+    return null;
+}

package/src/utils/base-converter.ts

@@ -0,0 +1,137 @@
+let multibase = require("multibase");
+let bs58 = require("bs58");
+import { base64url as base64urlformats } from "multiformats/bases/base64";
+import { TextDecoder } from "text-encoding";
+
+export enum Base {
+  Hex = "hex",
+  Base58 = "base58",
+  Base64 = "base64",
+  JWK = "jwk",
+}
+
+export interface IJWK {
+  kty: string;
+  crv: string;
+  x: string;
+  y?: string;
+}
+
+export class BaseConverter {
+  private static hex2base64url(dataHex) {
+    const buffer = Buffer.from(dataHex, "hex");
+    const base64 = buffer.toString("base64");
+    const base64url = base64
+      .replace(/\+/g, "-")
+      .replace(/\//g, "_")
+      .replace(/=/g, "");
+    return base64url;
+  }
+
+  public static getPrivateJWKfromHex(_privKey: string, pubKey: string) {
+    let privKey = _privKey;
+    // remove 0x and 0x04 to be used in jose library
+
+    privKey = privKey.replace("0x", "");
+    pubKey = pubKey.replace("0x04", "");
+
+    return {
+      crv: "secp256k1",
+      kty: "EC",
+      d: BaseConverter.hex2base64url(privKey),
+      x: BaseConverter.hex2base64url(pubKey.substr(0, 64)),
+      y: BaseConverter.hex2base64url(pubKey.substr(64, 64))
+    };
+  }
+
+  static convert(value: any, fromBase: Base, toBase: Base, keyType?: string) {
+    if (fromBase == Base.Base58 && toBase == Base.Hex) {
+      const hex = this.toHexString(bs58.decode(value));
+      return hex;
+    }
+    if (fromBase == Base.Hex && toBase == Base.Base58) {
+      return bs58.encode(Buffer.from(value, "hex"));
+    }
+    if (fromBase == Base.Hex && toBase == Base.JWK) {
+      return this.hexToJWK(value, keyType);
+    }
+    if (fromBase == Base.JWK && toBase == Base.Hex) {
+      return this.JWKToHex(value);
+    }
+    if (fromBase == Base.Base58 && toBase == Base.JWK) {
+      const hex = this.toHexString(bs58.decode(value));
+      return this.hexToJWK(hex, keyType);
+    }
+    if (fromBase == Base.JWK && toBase == Base.Base58) {
+      return bs58.encode(Buffer.from(this.JWKToHex(value).replace("0x", ""), "hex"));
+    }
+  }
+
+  private static hexToJWK(value: string, keyType: string) {
+    // OKP support (Ed25519 / X25519) — x-only, no y
+    if (keyType === 'OKP' || keyType === 'Ed25519' || keyType === 'X25519') {
+      const hex = value.replace('0x04', '').replace('0x', '');
+      const xBuf = Buffer.from(hex, 'hex');
+      const crv = keyType === 'X25519' ? 'X25519' : 'Ed25519';
+      const b64 = xBuf.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+      return { kty: 'OKP', crv, x: b64 };
+    }
+
+    value = value.replace("0x04", "");
+    value = value.replace("0x", "");
+
+    return {
+      kty: "EC",
+      crv: keyType,
+      x: this.base64url(
+        Buffer.from(value.substring(0, value.length / 2), "hex")
+      ),
+      y: this.base64url(Buffer.from(value.substring(value.length / 2), "hex")),
+    };
+  }
+
+  private static base64url(buffer: Uint8Array) {
+    const decoder = new TextDecoder();
+    const bytes = multibase.encode("base64url", buffer);
+    return decoder.decode(bytes).slice(1);
+  }
+
+  private static JWKToHex(value: {
+    kty: string;
+    crv: string;
+    x?: string;
+    y?: string;
+    n?: string;
+  }) {
+    // OKP support (Ed25519, X25519) — only x, no y
+    if (value.kty === 'OKP' || value.crv === 'Ed25519' || value.crv === 'X25519') {
+      const xStr = value.x || '';
+      let padded = xStr.replace(/-/g, '+').replace(/_/g, '/');
+      while (padded.length % 4) padded += '=';
+      return '0x' + Buffer.from(padded, 'base64').toString('hex');
+    }
+
+    if (value.kty == "RSA" && value.n) {
+      return `0x${Buffer.from(base64urlformats.baseDecode(value.n)).toString("hex")}`
+    }
+    else if (value.x && value.y) {
+      const b1 = Buffer.from(base64urlformats.baseDecode(value.x)).toString(
+        "hex"
+      );
+      const b2 = Buffer.from(base64urlformats.baseDecode(value.y)).toString(
+        "hex"
+      );
+      return `0x${b1}${b2}`;
+    }
+
+    throw new Error("This JWK To Hex conversion is not supported: " + JSON.stringify(value));
+  }
+
+  private static fromHexString = (hexString) =>
+    Uint8Array.from(
+      hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16))
+    );
+
+  private static toHexString = (bytes) =>
+    bytes.reduce((str, byte) => str + byte.toString(16).padStart(2, "0"), "");
+}

package/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "es5",
+    "lib": [
+      "es6"
+    ],
+    "types": [
+      "reflect-metadata",
+      "node"
+    ],
+    "outDir": "dist",
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "sourceMap": true,
+    "declaration": true,
+    "experimentalDecorators": true,
+    "emitDecoratorMetadata": true,
+    
+  }
+}