npm - @sphereon/ssi-sdk-ext.key-utils - Versions diffs - 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.SSISDK.98.deep.merge.metadata.109 - Mend

@sphereon/ssi-sdk-ext.key-utils 0.36.1-feature.SSISDK.82.and.SSISDK.70.37 → 0.36.1-feature.SSISDK.98.deep.merge.metadata.109

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/index.cjs +143 -9
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +8 -1
package/dist/index.d.ts +8 -1
package/dist/index.js +143 -9
package/dist/index.js.map +1 -1
package/package.json +4 -4
package/src/conversion.ts +53 -0
package/src/functions.ts +66 -10
package/src/types/key-util-types.ts +1 -0

package/src/conversion.ts CHANGED Viewed

@@ -242,3 +242,56 @@ export function coseToJoseCurve(curve: ICoseCurve): JoseCurve {
       throw Error(`Curve ${curve} not supported in Jose`)
   }
 }
+export function joseSignatureAlgToWebCrypto(alg: JoseSignatureAlgorithm | JoseSignatureAlgorithmString): {
+  name: string
+  hash: string
+  saltLength?: number
+} {
+  switch (alg) {
+    case JoseSignatureAlgorithm.RS256:
+    case 'RS256':
+      return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-256' }
+    case JoseSignatureAlgorithm.RS384:
+    case 'RS384':
+      return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-384' }
+    case JoseSignatureAlgorithm.RS512:
+    case 'RS512':
+      return { name: 'RSASSA-PKCS1-v1_5', hash: 'SHA-512' }
+    case JoseSignatureAlgorithm.PS256:
+    case 'PS256':
+      return { name: 'RSA-PSS', hash: 'SHA-256', saltLength: 32 }
+    case JoseSignatureAlgorithm.PS384:
+    case 'PS384':
+      return { name: 'RSA-PSS', hash: 'SHA-384', saltLength: 48 }
+    case JoseSignatureAlgorithm.PS512:
+    case 'PS512':
+      return { name: 'RSA-PSS', hash: 'SHA-512', saltLength: 64 }
+    case JoseSignatureAlgorithm.ES256:
+    case 'ES256':
+      return { name: 'ECDSA', hash: 'SHA-256' }
+    case JoseSignatureAlgorithm.ES384:
+    case 'ES384':
+      return { name: 'ECDSA', hash: 'SHA-384' }
+    case JoseSignatureAlgorithm.ES512:
+    case 'ES512':
+      return { name: 'ECDSA', hash: 'SHA-512' }
+    case JoseSignatureAlgorithm.ES256K:
+    case 'ES256K':
+      return { name: 'ECDSA', hash: 'SHA-256' }
+    case JoseSignatureAlgorithm.EdDSA:
+    case 'EdDSA':
+      return { name: 'Ed25519', hash: '' }
+    case JoseSignatureAlgorithm.HS256:
+    case 'HS256':
+      return { name: 'HMAC', hash: 'SHA-256' }
+    case JoseSignatureAlgorithm.HS384:
+    case 'HS384':
+      return { name: 'HMAC', hash: 'SHA-384' }
+    case JoseSignatureAlgorithm.HS512:
+    case 'HS512':
+      return { name: 'HMAC', hash: 'SHA-512' }
+    default:
+      throw Error(`Signature algorithm ${alg} not supported in Web Crypto API`)
+  }
+}

package/src/functions.ts CHANGED Viewed

@@ -789,11 +789,49 @@ export const hexStringFromUint8Array = (value: Uint8Array): string => toString(v
 export const signatureAlgorithmFromKey = async (args: SignatureAlgorithmFromKeyArgs): Promise<JoseSignatureAlgorithm> => {
   const { key } = args
-  return signatureAlgorithmFromKeyType({ type: key.type })
+  return signatureAlgorithmFromKeyType({ type: key.type, algorithms: key.meta?.algorithms })
+}
+export function signatureAlgorithmToJoseAlgorithm(alg: string): JoseSignatureAlgorithm {
+  switch (alg) {
+    case 'RSA_SHA256':
+      return JoseSignatureAlgorithm.RS256
+    case 'RSA_SHA384':
+      return JoseSignatureAlgorithm.RS384
+    case 'RSA_SHA512':
+      return JoseSignatureAlgorithm.RS512
+    case 'RSA_SSA_PSS_SHA256_MGF1':
+      return JoseSignatureAlgorithm.PS256
+    case 'RSA_SSA_PSS_SHA384_MGF1':
+      return JoseSignatureAlgorithm.PS384
+    case 'RSA_SSA_PSS_SHA512_MGF1':
+      return JoseSignatureAlgorithm.PS512
+    case 'ECDSA_SHA256':
+      return JoseSignatureAlgorithm.ES256
+    case 'ECDSA_SHA384':
+      return JoseSignatureAlgorithm.ES384
+    case 'ECDSA_SHA512':
+      return JoseSignatureAlgorithm.ES512
+    case 'ES256K':
+      return JoseSignatureAlgorithm.ES256K
+    case 'ED25519':
+    case 'EdDSA':
+      return JoseSignatureAlgorithm.EdDSA
+    default:
+      // If already in JOSE format, return as-is
+      return alg as JoseSignatureAlgorithm
+  }
 }
 export const signatureAlgorithmFromKeyType = (args: SignatureAlgorithmFromKeyTypeArgs): JoseSignatureAlgorithm => {
-  const { type } = args
+  const { type, algorithms } = args
+  // If algorithms metadata is provided, use the first one
+  if (algorithms && algorithms.length > 0) {
+    return signatureAlgorithmToJoseAlgorithm(algorithms[0])
+  }
+  // Fallback to type-based defaults
   switch (type) {
     case 'Ed25519':
     case 'X25519':
@@ -807,7 +845,7 @@ export const signatureAlgorithmFromKeyType = (args: SignatureAlgorithmFromKeyTyp
     case 'Secp256k1':
       return JoseSignatureAlgorithm.ES256K
     case 'RSA':
-      return JoseSignatureAlgorithm.PS256
+      return JoseSignatureAlgorithm.RS256 // Default to RS256 instead of PS256
     default:
       throw new Error(`Key type '${type}' not supported`)
   }
@@ -1122,7 +1160,10 @@ export function toPkcs1FromHex(publicKeyHex: string) {
 }
 export function joseAlgorithmToDigest(alg: string): DigestAlgorithm {
-  switch (alg.toUpperCase().replace('-', '')) {
+  // Normalize the algorithm string by converting to uppercase and removing hyphens
+  const normalized = alg.toUpperCase().replace(/-/g, '')
+  switch (normalized) {
     case 'RS256':
     case 'ES256':
     case 'ES256K':
@@ -1139,10 +1180,11 @@ export function joseAlgorithmToDigest(alg: string): DigestAlgorithm {
     case 'PS512':
     case 'HS512':
       return 'SHA-512'
-    case 'EdDSA':
+    case 'EDDSA':
+    case 'ED25519':
       return 'SHA-512'
     default:
-      return 'SHA-256'
+      throw new Error(`Unsupported JOSE algorithm: ${alg}. Cannot determine digest algorithm.`)
   }
 }
@@ -1161,17 +1203,31 @@ export function isHashString(input: Uint8Array): boolean {
   if (length !== 32 && length !== 48 && length !== 64) {
     return false
   }
+  // A hash digest is raw binary data (any byte values 0x00-0xFF are valid).
+  // We should NOT check if bytes are ASCII hex characters, as that would only detect
+  // hex-encoded strings, not actual binary hash digests.
+  // Instead, we use a heuristic: if the data looks like it has high entropy
+  // and is the right length, we assume it's already a hash.
+  // Simple heuristic: Check if data is all printable ASCII (which would indicate it's NOT a hash)
+  // Printable ASCII is roughly 0x20-0x7E
+  let printableCount = 0
   for (let i = 0; i < length; i++) {
     const byte = input[i]
     if (byte === undefined) {
       return false
     }
-    // 0-9: 48-57, A-F: 65-70, a-f: 97-102
-    if (!((byte >= 48 && byte <= 57) || (byte >= 65 && byte <= 70) || (byte >= 97 && byte <= 102))) {
-      return false
+    // Count printable ASCII characters
+    if (byte >= 0x20 && byte <= 0x7e) {
+      printableCount++
     }
   }
-  return true
+  // If more than 90% of bytes are printable ASCII, it's likely NOT a raw binary hash
+  // Raw binary hashes should have a more uniform distribution across all byte values
+  const printableRatio = printableCount / length
+  return printableRatio < 0.9
 }
 export type HashAlgorithm = 'SHA-256' | 'sha256' | 'SHA-384' | 'sha384' | 'SHA-512' | 'sha512'

package/src/types/key-util-types.ts CHANGED Viewed

@@ -55,6 +55,7 @@ export type SignatureAlgorithmFromKeyArgs = {
 export type SignatureAlgorithmFromKeyTypeArgs = {
   type: TKeyType
+  algorithms?: string[]
 }
 export type KeyTypeFromCryptographicSuiteArgs = {