@sphereon/ssi-sdk-ext.key-utils 0.34.1-feature.SSISDK.26.RP.58 → 0.34.1-feature.SSISDK.44.finish.dcql.309

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/index.cjs +69 -35
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +3 -1
  4. package/dist/index.d.ts +3 -1
  5. package/dist/index.js +70 -36
  6. package/dist/index.js.map +1 -1
  7. package/package.json +4 -4
  8. package/src/conversion.ts +38 -19
  9. package/src/functions.ts +49 -32
  10. package/src/types/key-util-types.ts +1 -0
package/dist/index.js CHANGED
@@ -4,7 +4,7 @@ var __name = (target, value) => __defProp(target, "name", { value, configurable:
4
4
  // src/functions.ts
5
5
  import { randomBytes } from "@ethersproject/random";
6
6
  import { bls12_381 } from "@noble/curves/bls12-381";
7
- import { ed25519 } from "@noble/curves/ed25519";
7
+ import { ed25519, x25519 } from "@noble/curves/ed25519";
8
8
  import { p256 } from "@noble/curves/p256";
9
9
  import { p384 } from "@noble/curves/p384";
10
10
  import { p521 } from "@noble/curves/p521";
@@ -193,17 +193,17 @@ __name(jcsCanonicalize, "jcsCanonicalize");
193
193
  // src/types/key-util-types.ts
194
194
  var JWK_JCS_PUB_NAME = "jwk_jcs-pub";
195
195
  var JWK_JCS_PUB_PREFIX = 60241;
196
- var Key = /* @__PURE__ */ function(Key2) {
196
+ var Key = /* @__PURE__ */ (function(Key2) {
197
197
  Key2["Ed25519"] = "Ed25519";
198
198
  Key2["Secp256k1"] = "Secp256k1";
199
199
  Key2["Secp256r1"] = "Secp256r1";
200
200
  return Key2;
201
- }({});
202
- var JwkKeyUse = /* @__PURE__ */ function(JwkKeyUse2) {
201
+ })({});
202
+ var JwkKeyUse = /* @__PURE__ */ (function(JwkKeyUse2) {
203
203
  JwkKeyUse2["Encryption"] = "enc";
204
204
  JwkKeyUse2["Signature"] = "sig";
205
205
  return JwkKeyUse2;
206
- }({});
206
+ })({});
207
207
  var SIG_KEY_ALGS = [
208
208
  "ES256",
209
209
  "ES384",
@@ -296,14 +296,19 @@ var keyMetaAlgorithmsFromKeyType = /* @__PURE__ */ __name((type) => {
296
296
  async function importProvidedOrGeneratedKey(args, context) {
297
297
  const type = args.options?.type ?? args.options?.key?.type ?? args.options?.keyType ?? "Secp256r1";
298
298
  const key = args?.options?.key;
299
- if (args.options?.x509 && key) {
299
+ if (key) {
300
300
  key.meta = {
301
- ...key.meta,
302
- x509: {
303
- ...args.options.x509,
304
- ...key.meta?.x509
305
- }
301
+ providerName: args.providerName
306
302
  };
303
+ if (args.options?.x509) {
304
+ key.meta = {
305
+ ...key.meta,
306
+ x509: {
307
+ ...args.options.x509,
308
+ ...key.meta?.x509
309
+ }
310
+ };
311
+ }
307
312
  }
308
313
  if (args.options && args.options?.use === JwkKeyUse.Encryption && !ENC_KEY_ALGS.includes(type)) {
309
314
  throw new Error(`${type} keys are not valid for encryption`);
@@ -550,6 +555,15 @@ function octJwkToRawHexKey(jwk) {
550
555
  return toString2(key, "hex");
551
556
  }
552
557
  __name(octJwkToRawHexKey, "octJwkToRawHexKey");
558
+ function x25519PublicHexFromPrivateHex(privateKeyHex) {
559
+ if (!/^[0-9a-fA-F]{64}$/.test(privateKeyHex)) {
560
+ throw new Error("Private key must be 32-byte hex (64 chars)");
561
+ }
562
+ const priv = Uint8Array.from(Buffer.from(privateKeyHex, "hex"));
563
+ const pub = x25519.getPublicKey(priv);
564
+ return Buffer.from(pub).toString("hex");
565
+ }
566
+ __name(x25519PublicHexFromPrivateHex, "x25519PublicHexFromPrivateHex");
553
567
  var jwkDetermineUse = /* @__PURE__ */ __name((type, suppliedUse) => {
554
568
  return suppliedUse ? suppliedUse : SIG_KEY_ALGS.includes(type) ? JwkKeyUse.Signature : ENC_KEY_ALGS.includes(type) ? JwkKeyUse.Encryption : void 0;
555
569
  }, "jwkDetermineUse");
@@ -586,8 +600,8 @@ var toSecp256k1Jwk = /* @__PURE__ */ __name((keyHex, opts) => {
586
600
  },
587
601
  kty: JwkKeyType.EC,
588
602
  crv: JoseCurve.secp256k1,
589
- x: hexToBase64(pubPoint.getX().toString("hex"), "base64url"),
590
- y: hexToBase64(pubPoint.getY().toString("hex"), "base64url"),
603
+ x: hexToBase64(pubPoint.getX().toString("hex").padStart(64, "0"), "base64url"),
604
+ y: hexToBase64(pubPoint.getY().toString("hex").padStart(64, "0"), "base64url"),
591
605
  ...opts?.isPrivateKey && {
592
606
  d: hexToBase64(keyPair.getPrivate("hex"), "base64url")
593
607
  }
@@ -618,8 +632,8 @@ var toSecp256r1Jwk = /* @__PURE__ */ __name((keyHex, opts) => {
618
632
  },
619
633
  kty: JwkKeyType.EC,
620
634
  crv: JoseCurve.P_256,
621
- x: hexToBase64(pubPoint.getX().toString("hex"), "base64url"),
622
- y: hexToBase64(pubPoint.getY().toString("hex"), "base64url"),
635
+ x: hexToBase64(pubPoint.getX().toString("hex").padStart(64, "0"), "base64url"),
636
+ y: hexToBase64(pubPoint.getY().toString("hex").padStart(64, "0"), "base64url"),
623
637
  ...opts?.isPrivateKey && {
624
638
  d: hexToBase64(keyPair.getPrivate("hex"), "base64url")
625
639
  }
@@ -1020,7 +1034,7 @@ async function verifyRawSignature({ data, signature, key: inputKey, opts }) {
1020
1034
  return bls12_381.verify(signature, data, fromString2(publicKeyHex, "hex"));
1021
1035
  case "RSA": {
1022
1036
  const signatureAlgorithm = opts?.signatureAlg ?? jwk.alg ?? JoseSignatureAlgorithm.PS256;
1023
- const hashAlg = signatureAlgorithm === (JoseSignatureAlgorithm.RS512 || JoseSignatureAlgorithm.PS512) ? sha5122 : signatureAlgorithm === (JoseSignatureAlgorithm.RS384 || JoseSignatureAlgorithm.PS384) ? sha3842 : sha2562;
1037
+ const hashAlg = signatureAlgorithm === JoseSignatureAlgorithm.RS512 || signatureAlgorithm === JoseSignatureAlgorithm.PS512 ? sha5122 : signatureAlgorithm === JoseSignatureAlgorithm.RS384 || signatureAlgorithm === JoseSignatureAlgorithm.PS384 ? sha3842 : sha2562;
1024
1038
  switch (signatureAlgorithm) {
1025
1039
  case JoseSignatureAlgorithm.RS256:
1026
1040
  return rsa.PKCS1_SHA256.verify({
@@ -1229,27 +1243,38 @@ function coseToJoseSignatureAlg(coseAlg) {
1229
1243
  __name(coseToJoseSignatureAlg, "coseToJoseSignatureAlg");
1230
1244
  function joseToCoseSignatureAlg(joseAlg) {
1231
1245
  switch (joseAlg) {
1232
- case (JoseSignatureAlgorithm2.ES256K, "ES256K"):
1246
+ case JoseSignatureAlgorithm2.ES256K:
1247
+ case "ES256K":
1233
1248
  return ICoseSignatureAlgorithm.ES256K;
1234
- case (JoseSignatureAlgorithm2.ES256, "ES256"):
1249
+ case JoseSignatureAlgorithm2.ES256:
1250
+ case "ES256":
1235
1251
  return ICoseSignatureAlgorithm.ES256;
1236
- case (JoseSignatureAlgorithm2.ES384, "ES384"):
1252
+ case JoseSignatureAlgorithm2.ES384:
1253
+ case "ES384":
1237
1254
  return ICoseSignatureAlgorithm.ES384;
1238
- case (JoseSignatureAlgorithm2.ES512, "ES512"):
1255
+ case JoseSignatureAlgorithm2.ES512:
1256
+ case "ES512":
1239
1257
  return ICoseSignatureAlgorithm.ES512;
1240
- case (JoseSignatureAlgorithm2.PS256, "PS256"):
1258
+ case JoseSignatureAlgorithm2.PS256:
1259
+ case "PS256":
1241
1260
  return ICoseSignatureAlgorithm.PS256;
1242
- case (JoseSignatureAlgorithm2.PS384, "PS384"):
1261
+ case JoseSignatureAlgorithm2.PS384:
1262
+ case "PS384":
1243
1263
  return ICoseSignatureAlgorithm.PS384;
1244
- case (JoseSignatureAlgorithm2.PS512, "PS512"):
1264
+ case JoseSignatureAlgorithm2.PS512:
1265
+ case "PS512":
1245
1266
  return ICoseSignatureAlgorithm.PS512;
1246
- case (JoseSignatureAlgorithm2.HS256, "HS256"):
1267
+ case JoseSignatureAlgorithm2.HS256:
1268
+ case "HS256":
1247
1269
  return ICoseSignatureAlgorithm.HS256;
1248
- case (JoseSignatureAlgorithm2.HS384, "HS384"):
1270
+ case JoseSignatureAlgorithm2.HS384:
1271
+ case "HS384":
1249
1272
  return ICoseSignatureAlgorithm.HS384;
1250
- case (JoseSignatureAlgorithm2.HS512, "HS512"):
1273
+ case JoseSignatureAlgorithm2.HS512:
1274
+ case "HS512":
1251
1275
  return ICoseSignatureAlgorithm.HS512;
1252
- case (JoseSignatureAlgorithm2.EdDSA, "EdDSA"):
1276
+ case JoseSignatureAlgorithm2.EdDSA:
1277
+ case "EdDSA":
1253
1278
  return ICoseSignatureAlgorithm.EdDSA;
1254
1279
  default:
1255
1280
  throw Error(`Signature algorithm ${joseAlg} not supported in Cose`);
@@ -1258,21 +1283,29 @@ function joseToCoseSignatureAlg(joseAlg) {
1258
1283
  __name(joseToCoseSignatureAlg, "joseToCoseSignatureAlg");
1259
1284
  function joseToCoseKeyOperation(keyOp) {
1260
1285
  switch (keyOp) {
1261
- case (JoseKeyOperation.SIGN, "sign"):
1286
+ case JoseKeyOperation.SIGN:
1287
+ case "sign":
1262
1288
  return ICoseKeyOperation.SIGN;
1263
- case (JoseKeyOperation.VERIFY, "verify"):
1289
+ case JoseKeyOperation.VERIFY:
1290
+ case "verify":
1264
1291
  return ICoseKeyOperation.VERIFY;
1265
- case (JoseKeyOperation.ENCRYPT, "encrypt"):
1292
+ case JoseKeyOperation.ENCRYPT:
1293
+ case "encrypt":
1266
1294
  return ICoseKeyOperation.ENCRYPT;
1267
- case (JoseKeyOperation.DECRYPT, "decrypt"):
1295
+ case JoseKeyOperation.DECRYPT:
1296
+ case "decrypt":
1268
1297
  return ICoseKeyOperation.DECRYPT;
1269
- case (JoseKeyOperation.WRAP_KEY, "wrapKey"):
1298
+ case JoseKeyOperation.WRAP_KEY:
1299
+ case "wrapKey":
1270
1300
  return ICoseKeyOperation.WRAP_KEY;
1271
- case (JoseKeyOperation.UNWRAP_KEY, "unwrapKey"):
1301
+ case JoseKeyOperation.UNWRAP_KEY:
1302
+ case "unwrapKey":
1272
1303
  return ICoseKeyOperation.UNWRAP_KEY;
1273
- case (JoseKeyOperation.DERIVE_KEY, "deriveKey"):
1304
+ case JoseKeyOperation.DERIVE_KEY:
1305
+ case "deriveKey":
1274
1306
  return ICoseKeyOperation.DERIVE_KEY;
1275
- case (JoseKeyOperation.DERIVE_BITS, "deriveBits"):
1307
+ case JoseKeyOperation.DERIVE_BITS:
1308
+ case "deriveBits":
1276
1309
  return ICoseKeyOperation.DERIVE_BITS;
1277
1310
  default:
1278
1311
  throw Error(`Key operation ${keyOp} not supported in Cose`);
@@ -1398,6 +1431,7 @@ export {
1398
1431
  toPkcs1FromHex,
1399
1432
  toRawCompressedHexPublicKey,
1400
1433
  validateJwk,
1401
- verifyRawSignature
1434
+ verifyRawSignature,
1435
+ x25519PublicHexFromPrivateHex
1402
1436
  };
1403
1437
  //# sourceMappingURL=index.js.map