@zkpassport/sdk 0.3.4 → 0.4.1

package/src/encryption.ts

@@ -1,45 +0,0 @@
-import { gcm } from "@noble/ciphers/aes"
-import { utf8ToBytes } from "@noble/ciphers/utils"
-
-async function sha256Truncate(topic: string): Promise<Uint8Array> {
-  const encoder = new TextEncoder()
-  const data = encoder.encode(topic)
-  const hashBuffer = await crypto.subtle.digest("SHA-256", data)
-  const fullHashArray = new Uint8Array(hashBuffer)
-  const truncatedHashArray = fullHashArray.slice(0, 12)
-  return truncatedHashArray
-}
-
-export async function generateECDHKeyPair() {
-  const secp256k1 = await import("@noble/secp256k1")
-  const privKey = secp256k1.utils.randomPrivateKey()
-  const pubKey = secp256k1.getPublicKey(privKey)
-  return {
-    privateKey: privKey,
-    publicKey: pubKey,
-  }
-}
-
-export async function getSharedSecret(privateKey: string, publicKey: string) {
-  const secp256k1 = await import("@noble/secp256k1")
-  const sharedSecret = secp256k1.getSharedSecret(privateKey, publicKey)
-  return sharedSecret.slice(0, 32)
-}
-
-export async function encrypt(message: string, sharedSecret: Uint8Array, topic: string) {
-  // Nonce must be 12 bytes
-  const nonce = await sha256Truncate(topic)
-  const aes = gcm(sharedSecret, nonce)
-  const data = utf8ToBytes(message)
-  const ciphertext = aes.encrypt(data)
-  return ciphertext
-}
-
-export async function decrypt(ciphertext: Uint8Array, sharedSecret: Uint8Array, topic: string) {
-  // Nonce must be 12 bytes
-  const nonce = await sha256Truncate(topic)
-  const aes = gcm(sharedSecret, nonce)
-  const data = aes.decrypt(ciphertext)
-  const dataString = new TextDecoder().decode(data)
-  return dataString
-}

package/src/json-rpc.ts

@@ -1,61 +0,0 @@
-import { randomBytes } from "crypto"
-import type { JsonRpcRequest, JsonRpcResponse } from "@zkpassport/utils"
-import { encrypt } from "./encryption"
-import { WebSocketClient } from "./websocket"
-import { noLogger as logger } from "./logger"
-
-export function createJsonRpcRequest(method: string, params: any): JsonRpcRequest {
-  return {
-    jsonrpc: "2.0",
-    id: randomBytes(16).toString("hex"),
-    method,
-    params,
-  }
-}
-
-export async function createEncryptedJsonRpcRequest(
-  method: string,
-  params: any,
-  sharedSecret: Uint8Array,
-  topic: string,
-): Promise<JsonRpcRequest> {
-  const encryptedMessage = await encrypt(
-    JSON.stringify({ method, params: params || {} }),
-    sharedSecret,
-    topic,
-  )
-  return createJsonRpcRequest("encryptedMessage", {
-    payload: Buffer.from(encryptedMessage).toString("base64"),
-  })
-}
-
-export async function sendEncryptedJsonRpcRequest(
-  method: string,
-  params: any,
-  sharedSecret: Uint8Array,
-  topic: string,
-  wsClient: WebSocketClient,
-): Promise<boolean> {
-  try {
-    const message = { method, params: params || {} }
-    const encryptedMessage = await encrypt(JSON.stringify(message), sharedSecret, topic)
-    const request = createJsonRpcRequest("encryptedMessage", {
-      payload: Buffer.from(encryptedMessage).toString("base64"),
-    })
-    logger.debug("Sending encrypted message (original):", message)
-    logger.debug("Sending encrypted message (encrypted):", request)
-    wsClient.send(JSON.stringify(request))
-    return true
-  } catch (error) {
-    logger.error("Error sending encrypted message:", error)
-    return false
-  }
-}
-
-export function createJsonRpcResponse(id: string, result: any): JsonRpcResponse {
-  return {
-    jsonrpc: "2.0",
-    id,
-    result,
-  }
-}

package/src/mobile.ts

@@ -1,186 +0,0 @@
-import { bytesToHex } from "@noble/ciphers/utils"
-import { getWebSocketClient, WebSocketClient } from "./websocket"
-import { sendEncryptedJsonRpcRequest } from "./json-rpc"
-import { decrypt, generateECDHKeyPair, getSharedSecret } from "./encryption"
-import type { JsonRpcRequest } from "@zkpassport/utils"
-import { noLogger as logger } from "./logger"
-
-export class ZkPassportProver {
-  private domain?: string
-  private topicToKeyPair: Record<string, { privateKey: Uint8Array; publicKey: Uint8Array }> = {}
-  private topicToWebSocketClient: Record<string, WebSocketClient> = {}
-  private topicToRemoteDomainVerified: Record<string, boolean> = {}
-  private topicToSharedSecret: Record<string, Uint8Array> = {}
-  private topicToRemotePublicKey: Record<string, Uint8Array> = {}
-
-  private onDomainVerifiedCallbacks: Record<string, Array<() => void>> = {}
-  private onBridgeConnectCallbacks: Record<string, Array<() => void>> = {}
-  private onWebsiteDomainVerifyFailureCallbacks: Record<string, Array<() => void>> = {}
-
-  constructor() {}
-
-  /**
-   * @notice Handle an encrypted message.
-   * @param request The request.
-   * @param outerRequest The outer request.
-   */
-  private async handleEncryptedMessage(
-    topic: string,
-    request: JsonRpcRequest,
-    outerRequest: JsonRpcRequest,
-  ) {
-    logger.debug("Received encrypted message:", request)
-    if (request.method === "hello") {
-      logger.info(`Successfully verified origin domain name: ${outerRequest.origin}`)
-      this.topicToRemoteDomainVerified[topic] = true
-      await Promise.all(this.onDomainVerifiedCallbacks[topic].map((callback) => callback()))
-    } else if (request.method === "closed_page") {
-      // TODO: Implement
-    }
-  }
-
-  /**
-   * @notice Scan a credentirequest QR code.
-   * @returns
-   */
-  public async scan(
-    url: string,
-    {
-      keyPairOverride,
-    }: {
-      keyPairOverride?: { privateKey: Uint8Array; publicKey: Uint8Array }
-    } = {},
-  ) {
-    const parsedUrl = new URL(url)
-    const domain = parsedUrl.searchParams.get("d")
-    const topic = parsedUrl.searchParams.get("t")
-    const pubkeyHex = parsedUrl.searchParams.get("p")
-
-    if (!domain || !topic || !pubkeyHex) {
-      throw new Error("Invalid URL: missing required parameters")
-    }
-
-    const pubkey = new Uint8Array(Buffer.from(pubkeyHex, "hex"))
-
-    this.domain = domain
-    const keyPair = keyPairOverride || (await generateECDHKeyPair())
-
-    this.topicToKeyPair[topic] = {
-      privateKey: keyPair.privateKey,
-      publicKey: keyPair.publicKey,
-    }
-    this.topicToRemotePublicKey[topic] = pubkey
-    this.topicToSharedSecret[topic] = await getSharedSecret(
-      bytesToHex(keyPair.privateKey),
-      bytesToHex(pubkey),
-    )
-    this.topicToRemoteDomainVerified[topic] = false
-    this.onDomainVerifiedCallbacks[topic] = []
-    this.onBridgeConnectCallbacks[topic] = []
-
-    // Set up WebSocket connection
-    const wsClient = getWebSocketClient(
-      `wss://bridge.zkpassport.id?topic=${topic}&pubkey=${bytesToHex(keyPair.publicKey)}`,
-    )
-    this.topicToWebSocketClient[topic] = wsClient
-
-    wsClient.onopen = async () => {
-      logger.info("[mobile] WebSocket connection established")
-      await Promise.all(this.onBridgeConnectCallbacks[topic].map((callback) => callback()))
-      // Server sends handshake automatically (when it sees a pubkey in websocket URI)
-      // wsClient.send(
-      //   JSON.stringify(
-      //     createJsonRpcRequest('handshake', {
-      //       pubkey: bytesToHex(keyPair.publicKey),
-      //     }),
-      //   ),
-      // )
-    }
-
-    wsClient.addEventListener("message", async (event: any) => {
-      logger.info("[mobile] Received message:", event.data)
-
-      try {
-        const data: JsonRpcRequest = JSON.parse(event.data)
-        const originDomain = data.origin ? new URL(data.origin).hostname : undefined
-        // Origin domain must match domain in QR code
-        if (originDomain !== this.domain) {
-          logger.warn(
-            `[mobile] Origin does not match domain in QR code. Expected ${this.domain} but got ${originDomain}`,
-          )
-          return
-        }
-
-        if (data.method === "encryptedMessage") {
-          // Decode the payload from base64 to Uint8Array
-          const payload = new Uint8Array(
-            atob(data.params.payload)
-              .split("")
-              .map((c) => c.charCodeAt(0)),
-          )
-          try {
-            // Decrypt the payload using the shared secret
-            const decrypted = await decrypt(payload, this.topicToSharedSecret[topic], topic)
-            const decryptedJson: JsonRpcRequest = JSON.parse(decrypted)
-            await this.handleEncryptedMessage(topic, decryptedJson, data)
-          } catch (error) {
-            logger.error("[mobile] Error decrypting message:", error)
-          }
-        }
-      } catch (error) {
-        logger.error("[mobile] Error:", error)
-      }
-    })
-
-    wsClient.onerror = (error: Event) => {
-      logger.error("[mobile] WebSocket error:", error)
-    }
-
-    return {
-      domain: this.domain,
-      requestId: topic,
-      isBridgeConnected: () => this.topicToWebSocketClient[topic].readyState === WebSocket.OPEN,
-      isDomainVerified: () => this.topicToRemoteDomainVerified[topic] === true,
-      onDomainVerified: (callback: () => void) =>
-        this.onDomainVerifiedCallbacks[topic].push(callback),
-      onBridgeConnect: (callback: () => void) =>
-        this.onBridgeConnectCallbacks[topic].push(callback),
-      notifyReject: async () => {
-        await sendEncryptedJsonRpcRequest(
-          "reject",
-          null,
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyAccept: async () => {
-        await sendEncryptedJsonRpcRequest(
-          "accept",
-          null,
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyDone: async (proof: any) => {
-        await sendEncryptedJsonRpcRequest(
-          "done",
-          { proof },
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-      notifyError: async (error: string) => {
-        await sendEncryptedJsonRpcRequest(
-          "error",
-          { error },
-          this.topicToSharedSecret[topic],
-          topic,
-          this.topicToWebSocketClient[topic],
-        )
-      },
-    }
-  }
-}

package/src/websocket.ts

@@ -1,16 +0,0 @@
-export function getWebSocketClient(url: string, origin?: string) {
-  if (typeof window !== "undefined" && window.WebSocket) {
-    // Browser environment
-    return new WebSocket(url)
-  } else {
-    // Node.js environment
-    const WebSocket = require("ws")
-    return new WebSocket(url, {
-      headers: {
-        Origin: origin || "nodejs",
-      },
-    }) as import("ws").WebSocket
-  }
-}
-
-export type WebSocketClient = ReturnType<typeof getWebSocketClient>