@vess-id/mdl 0.0.1

package/lib/mdoc/model/types.d.ts

@@ -0,0 +1,110 @@
+import { Mac0, Sign1 } from 'cose-kit';
+import { JWK } from 'jose';
+import IssuerAuth from './IssuerAuth';
+import { IssuerSignedDataItem, IssuerSignedItem } from '../IssuerSignedItem';
+export type ValidityInfo = {
+    signed: Date;
+    validFrom: Date;
+    validUntil: Date;
+    expectedUpdate?: Date;
+};
+export type IssuerNameSpaces = {
+    [x: string]: IssuerSignedItem[];
+};
+export type ValidatedIssuerNameSpaces = {
+    [x: string]: {
+        [x: string]: unknown;
+    };
+};
+export type IssuerSigned = {
+    issuerAuth: IssuerAuth;
+    nameSpaces: IssuerNameSpaces;
+};
+export type DeviceAuth = {
+    deviceMac: Mac0;
+} & {
+    deviceSignature?: never;
+} | ({
+    deviceMac?: never;
+} & {
+    deviceSignature: Sign1;
+});
+export type DeviceSigned = {
+    deviceAuth: DeviceAuth;
+    nameSpaces: Record<string, Record<string, any>>;
+};
+export type RawIndexedDataItem = IssuerSignedDataItem[];
+export type RawNameSpaces = Map<string, RawIndexedDataItem>;
+type RawAuthElement = ConstructorParameters<typeof Sign1>;
+export type RawIssuerAuth = ConstructorParameters<typeof Sign1>;
+export type RawDeviceAuth = Map<'deviceMac' | 'deviceSignature', RawAuthElement>;
+export type DigestAlgorithm = 'SHA-256' | 'SHA-384' | 'SHA-512';
+export type DiagnosticInformation = {
+    general: {
+        type: string;
+        version: string;
+        status: number;
+        documents: number;
+    };
+    validityInfo: ValidityInfo;
+    attributes: {
+        ns: string;
+        id: string;
+        value: any;
+        isValid: boolean;
+        matchCertificate?: boolean;
+    }[];
+    deviceAttributes: {
+        ns: string;
+        id: string;
+        value: any;
+    }[];
+    issuerCertificate?: {
+        subjectName: string;
+        notBefore: Date;
+        notAfter: Date;
+        serialNumber: string;
+        thumbprint: string;
+        pem: string;
+    };
+    issuerSignature: {
+        alg: string;
+        isValid: boolean;
+        reasons?: string[];
+        digests: {
+            [ns: string]: number;
+        };
+    };
+    deviceKey: {
+        jwk: JWK;
+    };
+    deviceSignature: {
+        alg: string;
+        isValid: boolean;
+        reasons?: string[];
+    };
+    dataIntegrity: {
+        disclosedAttributes: string;
+        isValid: boolean;
+        reasons?: string[];
+    };
+};
+export type DeviceKeyInfo = {
+    deviceKey: Map<number, number | Uint8Array>;
+    [key: string]: any;
+};
+export type MSO = {
+    digestAlgorithm: DigestAlgorithm;
+    docType: string;
+    version: string;
+    validityInfo: ValidityInfo;
+    valueDigests?: Map<string, Map<number, Uint8Array>>;
+    validityDigests?: {
+        [key: string]: Map<number, Uint8Array>;
+    };
+    deviceKeyInfo?: DeviceKeyInfo;
+};
+export type DocType = 'org.iso.18013.5.1.mDL' | string;
+export type SupportedAlgs = 'ES256' | 'ES384' | 'ES512' | 'EdDSA';
+export type MacSupportedAlgs = 'HS256';
+export {};

package/lib/mdoc/model/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidHlwZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvbWRvYy9tb2RlbC90eXBlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/lib/mdoc/parser.d.ts

@@ -0,0 +1,8 @@
+import { MDoc } from './model/MDoc';
+/**
+ * Parse an mdoc
+ *
+ * @param encoded - The cbor encoded mdoc
+ * @returns {Promise<MDoc>} - The parsed device response
+ */
+export declare const parse: (encoded: Buffer | Uint8Array) => MDoc;

package/lib/mdoc/parser.js

@@ -0,0 +1,88 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parse = void 0;
+const compare_versions_1 = require("compare-versions");
+const cose_kit_1 = require("cose-kit");
+const cbor_1 = require("../cbor");
+const MDoc_1 = require("./model/MDoc");
+const IssuerAuth_1 = __importDefault(require("./model/IssuerAuth"));
+const IssuerSignedItem_1 = require("./IssuerSignedItem");
+const errors_1 = require("./errors");
+const IssuerSignedDocument_1 = require("./model/IssuerSignedDocument");
+const DeviceSignedDocument_1 = require("./model/DeviceSignedDocument");
+const parseIssuerAuthElement = (rawIssuerAuth, expectedDocType) => {
+    const issuerAuth = new IssuerAuth_1.default(...rawIssuerAuth);
+    const { decodedPayload } = issuerAuth;
+    const { docType, version } = decodedPayload;
+    if (docType !== expectedDocType) {
+        throw new errors_1.MDLParseError(`The issuerAuth docType must be ${expectedDocType}`);
+    }
+    if (!version || (0, compare_versions_1.compareVersions)(version, '1.0') !== 0) {
+        throw new errors_1.MDLParseError("The issuerAuth version must be '1.0'");
+    }
+    return issuerAuth;
+};
+const parseDeviceAuthElement = (rawDeviceAuth) => {
+    const { deviceSignature, deviceMac } = Object.fromEntries(rawDeviceAuth);
+    if (deviceSignature) {
+        return { deviceSignature: new cose_kit_1.Sign1(...deviceSignature) };
+    }
+    return { deviceMac: new cose_kit_1.Mac0(...deviceMac) };
+};
+const namespaceToArray = (entries) => {
+    return entries.map((di) => new IssuerSignedItem_1.IssuerSignedItem(di));
+};
+const mapIssuerNameSpaces = (namespace) => {
+    return Array.from(namespace.entries()).reduce((prev, [nameSpace, entries]) => {
+        const mappedNamespace = namespaceToArray(entries);
+        return {
+            ...prev,
+            [nameSpace]: mappedNamespace,
+        };
+    }, {});
+};
+const mapDeviceNameSpaces = (namespace) => {
+    const entries = Array.from(namespace.entries()).map(([ns, attrs]) => {
+        return [ns, Object.fromEntries(attrs.entries())];
+    });
+    return Object.fromEntries(entries);
+};
+/**
+ * Parse an mdoc
+ *
+ * @param encoded - The cbor encoded mdoc
+ * @returns {Promise<MDoc>} - The parsed device response
+ */
+const parse = (encoded) => {
+    let deviceResponse;
+    try {
+        deviceResponse = (0, cbor_1.cborDecode)(encoded);
+    }
+    catch (err) {
+        throw new errors_1.MDLParseError(`Unable to decode device response: ${err.message}`);
+    }
+    const { version, documents, status } = Object.fromEntries(deviceResponse);
+    const parsedDocuments = documents.map((doc) => {
+        const issuerAuth = parseIssuerAuthElement(doc.get('issuerSigned').get('issuerAuth'), doc.get('docType'));
+        const issuerSigned = doc.has('issuerSigned') ? {
+            ...doc.get('issuerSigned'),
+            nameSpaces: mapIssuerNameSpaces(doc.get('issuerSigned').get('nameSpaces')),
+            issuerAuth,
+        } : undefined;
+        const deviceSigned = doc.has('deviceSigned') ? {
+            ...doc.get('deviceSigned'),
+            nameSpaces: mapDeviceNameSpaces(doc.get('deviceSigned').get('nameSpaces').data),
+            deviceAuth: parseDeviceAuthElement(doc.get('deviceSigned').get('deviceAuth')),
+        } : undefined;
+        if (deviceSigned) {
+            return new DeviceSignedDocument_1.DeviceSignedDocument(doc.get('docType'), issuerSigned, deviceSigned);
+        }
+        return new IssuerSignedDocument_1.IssuerSignedDocument(doc.get('docType'), issuerSigned);
+    });
+    return new MDoc_1.MDoc(parsedDocuments, version, status);
+};
+exports.parse = parse;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFyc2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL21kb2MvcGFyc2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7OztBQUFBLHVEQUFtRDtBQUNuRCx1Q0FBdUM7QUFDdkMsa0NBQXFDO0FBQ3JDLHVDQUFvQztBQUlwQyxvRUFBNEM7QUFDNUMseURBQXNEO0FBQ3RELHFDQUF5QztBQUN6Qyx1RUFBb0U7QUFDcEUsdUVBQW9FO0FBRXBFLE1BQU0sc0JBQXNCLEdBQUcsQ0FDN0IsYUFBNEIsRUFDNUIsZUFBdUIsRUFDWCxFQUFFO0lBQ2QsTUFBTSxVQUFVLEdBQUcsSUFBSSxvQkFBVSxDQUFDLEdBQUcsYUFBYSxDQUFDLENBQUM7SUFDcEQsTUFBTSxFQUFFLGNBQWMsRUFBRSxHQUFHLFVBQVUsQ0FBQztJQUN0QyxNQUFNLEVBQUUsT0FBTyxFQUFFLE9BQU8sRUFBRSxHQUFHLGNBQWMsQ0FBQztJQUU1QyxJQUFJLE9BQU8sS0FBSyxlQUFlLEVBQUUsQ0FBQztRQUNoQyxNQUFNLElBQUksc0JBQWEsQ0FBQyxrQ0FBa0MsZUFBZSxFQUFFLENBQUMsQ0FBQztJQUMvRSxDQUFDO0lBRUQsSUFBSSxDQUFDLE9BQU8sSUFBSSxJQUFBLGtDQUFlLEVBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQ3RELE1BQU0sSUFBSSxzQkFBYSxDQUFDLHNDQUFzQyxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVELE9BQU8sVUFBVSxDQUFDO0FBQ3BCLENBQUMsQ0FBQztBQUVGLE1BQU0sc0JBQXNCLEdBQUcsQ0FBQyxhQUE0QixFQUFjLEVBQUU7SUFDMUUsTUFBTSxFQUFFLGVBQWUsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQ3pFLElBQUksZUFBZSxFQUFFLENBQUM7UUFDcEIsT0FBTyxFQUFFLGVBQWUsRUFBRSxJQUFJLGdCQUFLLENBQUMsR0FBRyxlQUFlLENBQUMsRUFBRSxDQUFDO0lBQzVELENBQUM7SUFDRCxPQUFPLEVBQUUsU0FBUyxFQUFFLElBQUksZUFBSSxDQUFDLEdBQUcsU0FBUyxDQUFDLEVBQUUsQ0FBQztBQUMvQyxDQUFDLENBQUM7QUFFRixNQUFNLGdCQUFnQixHQUFHLENBQ3ZCLE9BQTJCLEVBQ1AsRUFBRTtJQUN0QixPQUFPLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsRUFBRSxDQUFDLElBQUksbUNBQWdCLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUN2RCxDQUFDLENBQUM7QUFFRixNQUFNLG1CQUFtQixHQUFHLENBQUMsU0FBd0IsRUFBb0IsRUFBRTtJQUN6RSxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFLEVBQUU7UUFDM0UsTUFBTSxlQUFlLEdBQUcsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbEQsT0FBTztZQUNMLEdBQUcsSUFBSTtZQUNQLENBQUMsU0FBUyxDQUFDLEVBQUUsZUFBZTtTQUM3QixDQUFDO0lBQ0osQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO0FBQ1QsQ0FBQyxDQUFDO0FBRUYsTUFBTSxtQkFBbUIsR0FBRyxDQUFDLFNBQXdDLEVBQUUsRUFBRTtJQUN2RSxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUU7UUFDbEUsT0FBTyxDQUFDLEVBQUUsRUFBRSxNQUFNLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDbkQsQ0FBQyxDQUFDLENBQUM7SUFDSCxPQUFPLE1BQU0sQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDckMsQ0FBQyxDQUFDO0FBRUY7Ozs7O0dBS0c7QUFDSSxNQUFNLEtBQUssR0FBRyxDQUNuQixPQUE0QixFQUN0QixFQUFFO0lBQ1IsSUFBSSxjQUFjLENBQUM7SUFDbkIsSUFBSSxDQUFDO1FBQ0gsY0FBYyxHQUFHLElBQUEsaUJBQVUsRUFBQyxPQUFPLENBQXFCLENBQUM7SUFDM0QsQ0FBQztJQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7UUFDYixNQUFNLElBQUksc0JBQWEsQ0FBQyxxQ0FBcUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUVELE1BQU0sRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsY0FBYyxDQUFDLENBQUM7SUFFMUUsTUFBTSxlQUFlLEdBQTJCLFNBQVMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFxQixFQUF3QixFQUFFO1FBQzVHLE1BQU0sVUFBVSxHQUFHLHNCQUFzQixDQUN2QyxHQUFHLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsRUFDekMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsQ0FDbkIsQ0FBQztRQUVGLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQzdDLEdBQUcsR0FBRyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUM7WUFDMUIsVUFBVSxFQUFFLG1CQUFtQixDQUM3QixHQUFHLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FDMUM7WUFDRCxVQUFVO1NBQ1gsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUFDO1FBRWQsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDN0MsR0FBRyxHQUFHLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQztZQUMxQixVQUFVLEVBQUUsbUJBQW1CLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUMsSUFBSSxDQUFDO1lBQy9FLFVBQVUsRUFBRSxzQkFBc0IsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLGNBQWMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUM5RSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFZCxJQUFJLFlBQVksRUFBRSxDQUFDO1lBQ2pCLE9BQU8sSUFBSSwyQ0FBb0IsQ0FDN0IsR0FBRyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsRUFDbEIsWUFBWSxFQUNaLFlBQVksQ0FDYixDQUFDO1FBQ0osQ0FBQztRQUNELE9BQU8sSUFBSSwyQ0FBb0IsQ0FDN0IsR0FBRyxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsRUFDbEIsWUFBWSxDQUNiLENBQUM7SUFDSixDQUFDLENBQUMsQ0FBQztJQUVILE9BQU8sSUFBSSxXQUFJLENBQUMsZUFBZSxFQUFFLE9BQU8sRUFBRSxNQUFNLENBQUMsQ0FBQztBQUNwRCxDQUFDLENBQUM7QUE5Q1csUUFBQSxLQUFLLFNBOENoQiJ9

package/lib/mdoc/utils.d.ts

@@ -0,0 +1,17 @@
+export declare const hmacSHA256: (key: ArrayBuffer, data: ArrayBuffer) => Promise<ArrayBuffer>;
+/**
+ * Calculates the ephemeral mac key for the device authentication.
+ *
+ * There are two cases for this function:
+ * 1. SDeviceKey.Priv and EReaderKey.Pub for the mdoc
+ * 2. EReaderKey.Priv and SDeviceKey.Pub for the mdoc reader
+ *
+ * @param {Uint8Array} privateKey - The private key of the current party (COSE)
+ * @param {Uint8Array} publicKey - The public key of the other party, (COSE)
+ * @param {Uint8Array} sessionTranscriptBytes - The session transcript bytes
+ * @returns {Uint8Array} - The ephemeral mac key
+ */
+export declare const calculateEphemeralMacKey: (privateKey: Uint8Array | Map<number, Uint8Array | number>, publicKey: Uint8Array | Map<number, Uint8Array | number>, sessionTranscriptBytes: Uint8Array) => Promise<Uint8Array>;
+export declare const calculateDeviceAutenticationBytes: (sessionTranscript: Uint8Array | any, docType: string, nameSpaces: Record<string, Record<string, any>>) => Uint8Array;
+export declare function getRandomBytes(len: number): Uint8Array<ArrayBuffer>;
+export declare function fromPEM(pem: string): Uint8Array[];

package/lib/mdoc/utils.js

@@ -0,0 +1,145 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calculateDeviceAutenticationBytes = exports.calculateEphemeralMacKey = exports.hmacSHA256 = void 0;
+exports.getRandomBytes = getRandomBytes;
+exports.fromPEM = fromPEM;
+const pkijs = __importStar(require("pkijs"));
+const p256_1 = require("@noble/curves/p256");
+const p384_1 = require("@noble/curves/p384");
+const p521_1 = require("@noble/curves/p521");
+const webcrypto = __importStar(require("uncrypto"));
+const buffer_1 = require("buffer");
+const hkdf_1 = __importDefault(require("@panva/hkdf"));
+const cose_kit_1 = require("cose-kit");
+const cbor_1 = require("../cbor");
+const DataItem_1 = require("../cbor/DataItem");
+const coseKey_1 = __importDefault(require("../cose/coseKey"));
+const { subtle } = webcrypto;
+pkijs.setEngine('webcrypto', new pkijs.CryptoEngine({ name: 'webcrypto', crypto: webcrypto, subtle }));
+const hmacSHA256 = async (key, data) => {
+    const saltHMACKey = await subtle.importKey('raw', key, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign', 'verify']);
+    const hmac = await subtle.sign('HMAC', saltHMACKey, data);
+    return hmac;
+};
+exports.hmacSHA256 = hmacSHA256;
+/**
+ * Calculates the ephemeral mac key for the device authentication.
+ *
+ * There are two cases for this function:
+ * 1. SDeviceKey.Priv and EReaderKey.Pub for the mdoc
+ * 2. EReaderKey.Priv and SDeviceKey.Pub for the mdoc reader
+ *
+ * @param {Uint8Array} privateKey - The private key of the current party (COSE)
+ * @param {Uint8Array} publicKey - The public key of the other party, (COSE)
+ * @param {Uint8Array} sessionTranscriptBytes - The session transcript bytes
+ * @returns {Uint8Array} - The ephemeral mac key
+ */
+const calculateEphemeralMacKey = async (privateKey, publicKey, sessionTranscriptBytes) => {
+    const { kty, crv } = (0, cose_kit_1.COSEKeyToJWK)(privateKey);
+    const privkey = (0, coseKey_1.default)(privateKey); // only d
+    const pubkey = (0, coseKey_1.default)(publicKey); // 0x04 || x || y
+    let ikm;
+    if ((kty === 'EC')) {
+        if (crv === 'P-256') {
+            ikm = p256_1.p256
+                .getSharedSecret(buffer_1.Buffer.from(privkey).toString('hex'), buffer_1.Buffer.from(pubkey).toString('hex'), true)
+                .slice(1);
+        }
+        else if (crv === 'P-384') {
+            ikm = p384_1.p384
+                .getSharedSecret(buffer_1.Buffer.from(privkey).toString('hex'), buffer_1.Buffer.from(pubkey).toString('hex'), true)
+                .slice(1);
+        }
+        else if (crv === 'P-521') {
+            ikm = p521_1.p521
+                .getSharedSecret(buffer_1.Buffer.from(privkey).toString('hex'), buffer_1.Buffer.from(pubkey).toString('hex'), true)
+                .slice(1);
+        }
+        else {
+            throw new Error(`unsupported EC curve: ${crv}`);
+        }
+    }
+    else {
+        throw new Error(`unsupported key type: ${kty}`);
+    }
+    const salt = new Uint8Array(await subtle.digest('SHA-256', sessionTranscriptBytes));
+    const info = buffer_1.Buffer.from('EMacKey', 'utf-8');
+    const result = await (0, hkdf_1.default)('sha256', ikm, salt, info, 32);
+    return result;
+};
+exports.calculateEphemeralMacKey = calculateEphemeralMacKey;
+const calculateDeviceAutenticationBytes = (sessionTranscript, docType, nameSpaces) => {
+    let decodedSessionTranscript;
+    if (sessionTranscript instanceof Uint8Array) {
+        // assume is encoded in a DataItem
+        decodedSessionTranscript = (0, cbor_1.cborDecode)(sessionTranscript).data;
+    }
+    else {
+        decodedSessionTranscript = sessionTranscript;
+    }
+    const nameSpacesAsMap = new Map(Object.entries(nameSpaces).map(([ns, items]) => [ns, new Map(Object.entries(items))]));
+    const encode = DataItem_1.DataItem.fromData([
+        'DeviceAuthentication',
+        decodedSessionTranscript,
+        docType,
+        DataItem_1.DataItem.fromData(nameSpacesAsMap),
+    ]);
+    const result = (0, cbor_1.cborEncode)(encode);
+    return result;
+};
+exports.calculateDeviceAutenticationBytes = calculateDeviceAutenticationBytes;
+function getRandomBytes(len) {
+    return webcrypto.getRandomValues(new Uint8Array(len));
+}
+function fromPEM(pem) {
+    const certs = pem
+        .split(/-----END CERTIFICATE-----/)
+        .map((block) => block.trim())
+        .filter((block) => block.length > 0)
+        .map((block) => {
+        const fullBlock = `${block}\n-----END CERTIFICATE-----`;
+        const base64 = fullBlock
+            .replace(/-----BEGIN CERTIFICATE-----/, '')
+            .replace(/-----END CERTIFICATE-----/, '')
+            .replace(/\s+/g, '');
+        return buffer_1.Buffer.from(base64, 'base64');
+    });
+    return certs;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvbWRvYy91dGlscy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFzSEEsd0NBRUM7QUFFRCwwQkFlQztBQXpJRCw2Q0FBK0I7QUFDL0IsNkNBQTBDO0FBQzFDLDZDQUEwQztBQUMxQyw2Q0FBMEM7QUFDMUMsb0RBQXNDO0FBQ3RDLG1DQUFnQztBQUNoQyx1REFBK0I7QUFDL0IsdUNBQXdDO0FBRXhDLGtDQUFpRDtBQUNqRCwrQ0FBNEM7QUFDNUMsOERBQTJDO0FBRTNDLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxTQUFTLENBQUM7QUFFN0IsS0FBSyxDQUFDLFNBQVMsQ0FBQyxXQUFXLEVBQUUsSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQztBQUVoRyxNQUFNLFVBQVUsR0FBRyxLQUFLLEVBQzdCLEdBQWdCLEVBQ2hCLElBQWlCLEVBQ0ssRUFBRTtJQUN4QixNQUFNLFdBQVcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxTQUFTLENBQ3hDLEtBQUssRUFDTCxHQUFHLEVBQ0gsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsRUFDakMsS0FBSyxFQUNMLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUNuQixDQUFDO0lBRUYsTUFBTSxJQUFJLEdBQUcsTUFBTSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxXQUFXLEVBQUUsSUFBSSxDQUFDLENBQUM7SUFFMUQsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDLENBQUM7QUFmVyxRQUFBLFVBQVUsY0FlckI7QUFFRjs7Ozs7Ozs7Ozs7R0FXRztBQUNJLE1BQU0sd0JBQXdCLEdBQUcsS0FBSyxFQUMzQyxVQUF5RCxFQUN6RCxTQUF3RCxFQUN4RCxzQkFBa0MsRUFDYixFQUFFO0lBQ3ZCLE1BQU0sRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsSUFBQSx1QkFBWSxFQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQzlDLE1BQU0sT0FBTyxHQUFHLElBQUEsaUJBQVksRUFBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLFNBQVM7SUFDbkQsTUFBTSxNQUFNLEdBQUcsSUFBQSxpQkFBWSxFQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsaUJBQWlCO0lBQ3pELElBQUksR0FBRyxDQUFDO0lBQ1IsSUFBSSxDQUFDLEdBQUcsS0FBSyxJQUFJLENBQUMsRUFBRSxDQUFDO1FBQ25CLElBQUksR0FBRyxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQ3BCLEdBQUcsR0FBRyxXQUFJO2lCQUNQLGVBQWUsQ0FDZCxlQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFDcEMsZUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEVBQ25DLElBQUksQ0FDTDtpQkFDQSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDZCxDQUFDO2FBQU0sSUFBSSxHQUFHLEtBQUssT0FBTyxFQUFFLENBQUM7WUFDM0IsR0FBRyxHQUFHLFdBQUk7aUJBQ1AsZUFBZSxDQUNkLGVBQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUNwQyxlQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFDbkMsSUFBSSxDQUNMO2lCQUNBLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNkLENBQUM7YUFBTSxJQUFJLEdBQUcsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUMzQixHQUFHLEdBQUcsV0FBSTtpQkFDUCxlQUFlLENBQ2QsZUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEVBQ3BDLGVBQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUNuQyxJQUFJLENBQ0w7aUJBQ0EsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2QsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ2xELENBQUM7SUFDSCxDQUFDO1NBQU0sQ0FBQztRQUNOLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsRUFBRSxDQUFDLENBQUM7SUFDbEQsQ0FBQztJQUNELE1BQU0sSUFBSSxHQUFHLElBQUksVUFBVSxDQUFDLE1BQU0sTUFBTSxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO0lBQ3BGLE1BQU0sSUFBSSxHQUFHLGVBQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBQSxjQUFJLEVBQUMsUUFBUSxFQUFFLEdBQUcsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ3pELE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUMsQ0FBQztBQTVDVyxRQUFBLHdCQUF3Qiw0QkE0Q25DO0FBRUssTUFBTSxpQ0FBaUMsR0FBRyxDQUMvQyxpQkFBbUMsRUFDbkMsT0FBZSxFQUNmLFVBQStDLEVBQ25DLEVBQUU7SUFDZCxJQUFJLHdCQUE2QixDQUFDO0lBQ2xDLElBQUksaUJBQWlCLFlBQVksVUFBVSxFQUFFLENBQUM7UUFDNUMsa0NBQWtDO1FBQ2xDLHdCQUF3QixHQUFJLElBQUEsaUJBQVUsRUFBQyxpQkFBaUIsQ0FBYyxDQUFDLElBQUksQ0FBQztJQUM5RSxDQUFDO1NBQU0sQ0FBQztRQUNOLHdCQUF3QixHQUFHLGlCQUFpQixDQUFDO0lBQy9DLENBQUM7SUFFRCxNQUFNLGVBQWUsR0FBRyxJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLEVBQUUsRUFBRSxJQUFJLEdBQUcsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdkgsTUFBTSxNQUFNLEdBQUcsbUJBQVEsQ0FBQyxRQUFRLENBQUM7UUFDL0Isc0JBQXNCO1FBQ3RCLHdCQUF3QjtRQUN4QixPQUFPO1FBQ1AsbUJBQVEsQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUFDO0tBQ25DLENBQUMsQ0FBQztJQUVILE1BQU0sTUFBTSxHQUFHLElBQUEsaUJBQVUsRUFBQyxNQUFNLENBQUMsQ0FBQztJQUVsQyxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDLENBQUM7QUF4QlcsUUFBQSxpQ0FBaUMscUNBd0I1QztBQUVGLFNBQWdCLGNBQWMsQ0FBQyxHQUFXO0lBQ3hDLE9BQU8sU0FBUyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQ3hELENBQUM7QUFFRCxTQUFnQixPQUFPLENBQUMsR0FBVztJQUNqQyxNQUFNLEtBQUssR0FBRyxHQUFHO1NBQ2QsS0FBSyxDQUFDLDJCQUEyQixDQUFDO1NBQ2xDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksRUFBRSxDQUFDO1NBQzVCLE1BQU0sQ0FBQyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUM7U0FDbkMsR0FBRyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUU7UUFDYixNQUFNLFNBQVMsR0FBRyxHQUFHLEtBQUssNkJBQTZCLENBQUM7UUFDeEQsTUFBTSxNQUFNLEdBQUcsU0FBUzthQUNyQixPQUFPLENBQUMsNkJBQTZCLEVBQUUsRUFBRSxDQUFDO2FBQzFDLE9BQU8sQ0FBQywyQkFBMkIsRUFBRSxFQUFFLENBQUM7YUFDeEMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztRQUN2QixPQUFPLGVBQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ3ZDLENBQUMsQ0FBQyxDQUFDO0lBRUwsT0FBTyxLQUFLLENBQUM7QUFDZixDQUFDIn0=

package/package.json

@@ -0,0 +1,82 @@
+{
+  "name": "@vess-id/mdl",
+  "version": "0.0.1",
+  "description": "Parse and and validate MDOC CBOR encoded binaries according to ISO 18013-5.",
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "scripts": {
+    "test": "jest --verbose",
+    "lint": "eslint ./src/**/*.ts",
+    "build": "rm -rf lib ; tsc",
+    "prepare": "husky"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/vess-id/mdl.git"
+  },
+  "keywords": [
+    "vess",
+    "mdl",
+    "iso-18013-5",
+    "iso-18013-7",
+    "m-doc",
+    "m-doc-cbor",
+    "m-doc-cbor-parser",
+    "m-doc-cbor-validator",
+    "m-doc-cbor-encoder",
+    "m-doc-cbor-decoder",
+    "m-doc-cbor-iso-18013-5",
+    "m-doc-cbor-iso-18013-5-parser",
+    "m-doc-cbor-iso-18013-5-validator",
+    "m-doc-cbor-iso-18013-5-encoder",
+    "m-doc-cbor-iso-18013-5-decoder"
+  ],
+  "author": {
+    "name": "Auth0 Inc.",
+    "url": "https://auth0.com"
+  },
+  "contributors": [
+    "José Romaniello (https://x.com/jfroma)",
+    "Sebastian Iacomuzzi (https://x.com/sebasiaco)"
+  ],
+  "files": [
+    "lib/**/*"
+  ],
+  "license": "Apache-2.0",
+  "devDependencies": {
+    "@commitlint/cli": "^19.3.0",
+    "@commitlint/config-conventional": "^19.2.2",
+    "@types/debug": "^4.1.8",
+    "@types/jest": "^29.5.4",
+    "@types/node": "^20.5.3",
+    "@typescript-eslint/eslint-plugin": "^6.1.0",
+    "@typescript-eslint/parser": "^6.1.0",
+    "arraybuffer-equal": "^1.0.4",
+    "buffer-tag": "^1.0.2",
+    "eslint": "^8.45.0",
+    "eslint-config-airbnb-base": "^15.0.0",
+    "eslint-plugin-import": "^2.27.5",
+    "eslint-plugin-jest": "^27.2.3",
+    "husky": "^9.1.4",
+    "jest": "^29.6.3",
+    "ts-jest": "^29.1.1",
+    "ts-loader": "^9.4.4",
+    "typescript": "^5.1.6"
+  },
+  "dependencies": {
+    "@noble/curves": "^1.2.0",
+    "@panva/hkdf": "^1.1.1",
+    "@peculiar/x509": "^1.9.5",
+    "buffer": "^6.0.3",
+    "cbor-x": "^1.5.9",
+    "compare-versions": "^6.0.0",
+    "cose-kit": "^1.7.1",
+    "debug": "^4.3.4",
+    "jose": "^4.15.5",
+    "pkijs": "^3.2.5",
+    "uncrypto": "^0.1.3"
+  },
+  "engines": {
+    "node": ">=16.0.0"
+  }
+}