hbsig 0.3.2 → 0.3.3

package/src/id.js

@@ -0,0 +1,459 @@
+import { hash, hmac } from "fast-sha256"
+
+/**
+ * Parse structured field dictionary format
+ * Handles both complex format: name=(components);params
+ * and simple format: name=:value:
+ */
+function parseStructuredFieldDictionary(input) {
+  // Try complex format first
+  const match = input.match(/([^=]+)=\((.*?)\);(.*)$/)
+  if (match) {
+    const name = match[1]
+    const components = match[2].split(" ")
+    const params = {}
+
+    const paramPairs = match[3].split(";").filter(p => p)
+    paramPairs.forEach(pair => {
+      const [key, value] = pair.split("=")
+      if (key && value) {
+        params[key] = value.replace(/"/g, "")
+      }
+    })
+
+    return { name, components, params }
+  }
+
+  // Try simple format
+  const simpleMatch = input.match(/([^=]+)=:([^:]+):/)
+  if (simpleMatch) {
+    return { name: simpleMatch[1], value: simpleMatch[2] }
+  }
+
+  return null
+}
+
+/**
+ * Convert base64url string to base64
+ */
+function base64urlToBase64(str) {
+  return str.replace(/-/g, "+").replace(/_/g, "/")
+}
+
+/**
+ * Generate commitment ID for RSA-PSS and ECDSA signatures
+ * The ID is the SHA256 hash of the raw signature bytes
+ *
+ * @param {Object} commitment - The commitment object containing signature
+ * @returns {string} The commitment ID in base64url format
+ */
+function rsaid(commitment) {
+  // Extract the base64 signature from structured field format
+  // Format: "signature-name=:BASE64_SIGNATURE:"
+  const match = commitment.signature.match(/^[^=]+=:([^:]+):/)
+  if (!match) {
+    throw new Error("Invalid signature format")
+  }
+
+  const signatureBase64 = match[1]
+  // Convert base64 to Uint8Array
+  const signatureBinary = Uint8Array.from(atob(signatureBase64), c =>
+    c.charCodeAt(0)
+  )
+
+  // SHA256 hash of the raw signature
+  const hashResult = hash(signatureBinary)
+  const id = uint8ArrayToBase64url(hashResult)
+
+  return id
+}
+
+/**
+ * Generate HMAC commitment ID for HyperBEAM messages
+ * The ID is deterministic based on message content only
+ *
+ * The Erlang implementation sorts components WITH @ prefix included,
+ * then removes @ from derived components in the signature base.
+ *
+ * @param {Object} message - The message with signature and signature-input
+ * @returns {string} The commitment ID in base64url format
+ */
+function hmacid(message) {
+  // Parse signature-input to get components
+  const parsed = parseStructuredFieldDictionary(message["signature-input"])
+  if (!parsed || !parsed.components) {
+    throw new Error("Failed to parse signature-input")
+  }
+
+  // Sort components AS-IS (with quotes and @ prefix)
+  const sortedComponents = [...parsed.components].sort()
+
+  // Build signature base in sorted order
+  const lines = []
+
+  sortedComponents.forEach(component => {
+    const cleanComponent = component.replace(/"/g, "")
+    let fieldName = cleanComponent
+    let value
+
+    // For derived components (starting with @), remove @ in the signature base
+    if (cleanComponent.startsWith("@")) {
+      fieldName = cleanComponent.substring(1)
+      value = message[fieldName]
+    } else {
+      value = message[cleanComponent]
+    }
+
+    if (value === undefined || value === null) {
+      value = ""
+    } else if (typeof value === "number") {
+      value = value.toString()
+    }
+
+    lines.push(`"${fieldName}": ${value}`)
+  })
+
+  // Add signature-params line with sorted components (keeping @ prefix)
+  const paramsComponents = sortedComponents.join(" ")
+  lines.push(
+    `"@signature-params": (${paramsComponents});alg="hmac-sha256";keyid="ao"`
+  )
+
+  const signatureBase = lines.join("\n")
+
+  // Generate HMAC with key "ao"
+  // Convert string to Uint8Array
+  const messageBytes = new TextEncoder().encode(signatureBase)
+  const keyBytes = new TextEncoder().encode("ao")
+
+  const hmacResult = hmac(keyBytes, messageBytes)
+  return uint8ArrayToBase64url(hmacResult)
+}
+
+/**
+ * Generate commitment ID based on the algorithm type
+ *
+ * @param {Object} commitment - The commitment object containing alg, signature, etc.
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {string} The commitment ID in base64url format
+ */
+function generateCommitmentId(commitment, fullMessage = null) {
+  switch (commitment.alg) {
+    case "rsa-pss-sha512":
+    case "ecdsa-p256-sha256":
+      return rsaid(commitment)
+
+    case "hmac-sha256":
+      if (!fullMessage) {
+        throw new Error("HMAC commitment IDs require full message context")
+      }
+      return hmacid(fullMessage)
+
+    default:
+      throw new Error(`Unsupported algorithm: ${commitment.alg}`)
+  }
+}
+
+/**
+ * Extract all commitment IDs from a HyperBEAM message
+ *
+ * @param {Object} message - The message with commitments
+ * @returns {Object} Map of commitment IDs to their types
+ */
+function extractCommitmentIds(message) {
+  const ids = {}
+
+  if (!message.commitments) {
+    return ids
+  }
+
+  for (const [id, commitment] of Object.entries(message.commitments)) {
+    ids[id] = {
+      alg: commitment.alg,
+      committer: commitment.committer,
+      device: commitment["commitment-device"],
+    }
+  }
+
+  return ids
+}
+
+/**
+ * Verify a commitment ID matches the expected value
+ *
+ * @param {Object} commitment - The commitment object
+ * @param {string} expectedId - The expected commitment ID
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {boolean} True if the ID matches
+ */
+function verifyCommitmentId(commitment, expectedId, fullMessage = null) {
+  try {
+    const calculatedId = generateCommitmentId(commitment, fullMessage)
+    return calculatedId === expectedId
+  } catch (error) {
+    console.error("Error verifying commitment ID:", error)
+    return false
+  }
+}
+
+/**
+ * Convert Uint8Array to base64url string
+ */
+function uint8ArrayToBase64url(bytes) {
+  let binary = ""
+  for (let i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i])
+  }
+  const base64 = btoa(binary)
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "")
+}
+
+/**
+ * Parse structured field dictionary to extract components
+ * Handles format: name=(components);params
+ */
+function parseSignatureInput(sigInput) {
+  // Extract components from format: name=(components);params
+  const match = sigInput.match(/[^=]+=\(([^)]+)\)/)
+  if (!match) return []
+
+  // Split components and clean quotes
+  return match[1].split(" ").map(c => c.replace(/"/g, ""))
+}
+
+/**
+ * Calculate HMAC commitment ID for HyperBEAM messages
+ */
+function calculateHmacId(message) {
+  if (!message["signature-input"]) {
+    throw new Error("HMAC calculation requires signature-input")
+  }
+
+  // Parse components from signature-input
+  const components = parseSignatureInput(message["signature-input"])
+
+  // Sort components AS-IS (with @ prefix)
+  const sortedComponents = [...components].sort()
+
+  // Build signature base in sorted order
+  const lines = []
+
+  for (const component of sortedComponents) {
+    let fieldName = component
+    let value
+
+    // For derived components (starting with @), remove @ in the signature base
+    if (component.startsWith("@")) {
+      fieldName = component.substring(1)
+      value = message[fieldName]
+    } else {
+      value = message[component]
+    }
+
+    if (value === undefined || value === null) {
+      value = ""
+    } else if (typeof value === "number") {
+      value = value.toString()
+    }
+
+    lines.push(`"${fieldName}": ${value}`)
+  }
+
+  // Add signature-params line with sorted components (keeping @ prefix)
+  const paramsComponents = sortedComponents.join(" ")
+  lines.push(
+    `"@signature-params": (${paramsComponents});alg="hmac-sha256";keyid="ao"`
+  )
+
+  const signatureBase = lines.join("\n")
+
+  // Generate HMAC with key "ao"
+  const messageBytes = new TextEncoder().encode(signatureBase)
+  const keyBytes = new TextEncoder().encode("ao")
+
+  const hmacResult = hmac(keyBytes, messageBytes)
+  return uint8ArrayToBase64url(hmacResult)
+}
+
+/**
+ * Calculate unsigned message ID following the exact Erlang flow
+ */
+function calculateUnsignedId(message) {
+  // Derived components from Erlang ?DERIVED_COMPONENTS
+  const DERIVED_COMPONENTS = [
+    "method",
+    "target-uri",
+    "authority",
+    "scheme",
+    "request-target",
+    "path",
+    "query",
+    "query-param",
+    "status",
+  ]
+
+  // Convert message for httpsig format
+  const httpsigMsg = {}
+  for (const [key, value] of Object.entries(message)) {
+    httpsigMsg[key.toLowerCase()] = value
+  }
+
+  // Get keys and add @ to derived components
+  const keys = Object.keys(httpsigMsg)
+  const componentsWithPrefix = keys
+    .map(key => {
+      // Check if this is a derived component
+      if (DERIVED_COMPONENTS.includes(key.replace(/_/g, "-"))) {
+        return "@" + key
+      }
+      return key
+    })
+    .sort() // Sort AFTER adding @ prefix
+
+  // Build signature base - use the components in order
+  const lines = []
+  for (const component of componentsWithPrefix) {
+    const key = component.replace("@", "")
+    const value = httpsigMsg[key]
+    const valueStr = typeof value === "string" ? value : String(value)
+    lines.push(`"${key}": ${valueStr}`)
+  }
+
+  // Add signature-params line with the @ prefixes
+  const componentsList = componentsWithPrefix.map(k => `"${k}"`).join(" ")
+  lines.push(
+    `"@signature-params": (${componentsList});alg="hmac-sha256";keyid="ao"`
+  )
+
+  const signatureBase = lines.join("\n")
+
+  // HMAC with key "ao"
+  const messageBytes = new TextEncoder().encode(signatureBase)
+  const keyBytes = new TextEncoder().encode("ao")
+
+  const hmacResult = hmac(keyBytes, messageBytes)
+  return uint8ArrayToBase64url(hmacResult)
+}
+
+function id(message) {
+  // Get commitment IDs
+  const commitmentIds = Object.keys(message.commitments || {})
+
+  if (commitmentIds.length === 0) {
+    // No commitments - calculate unsigned ID using HMAC
+    return calculateUnsignedId(message)
+  } else if (commitmentIds.length === 1) {
+    // Single commitment - the ID is just the commitment ID
+    return commitmentIds[0]
+  } else {
+    // Multiple commitments - sort, join with ", ", and hash
+    const sortedIds = commitmentIds.sort()
+    const idsLine = sortedIds.join(", ")
+
+    // Calculate SHA-256 hash using fast-sha256
+    const encoder = new TextEncoder()
+    const data = encoder.encode(idsLine)
+    const hashArray = hash(data)
+
+    // Convert to base64url
+    return uint8ArrayToBase64url(hashArray)
+  }
+}
+// Export all functions
+export {
+  id,
+  generateCommitmentId,
+  rsaid,
+  hmacid,
+  extractCommitmentIds,
+  verifyCommitmentId,
+  parseStructuredFieldDictionary,
+}
+
+/**
+ * Calculate the next base from a hashpath
+ * A hashpath has the format: base/request
+ * The next base is calculated as: sha256(base + request)
+ *
+ * @param {string} hashpath - The current hashpath in format "base/request"
+ * @returns {string} The next base in base64url format
+ */
+function base(hashpath) {
+  // Split the hashpath into base and request
+  const parts = hashpath.split("/")
+  if (parts.length !== 2) {
+    throw new Error("Invalid hashpath format. Expected 'base/request'")
+  }
+
+  const [base, request] = parts
+
+  // Convert base64url to native binary (Uint8Array)
+  const baseBinary = base64urlToUint8Array(base)
+  const requestBinary = base64urlToUint8Array(request)
+
+  // Concatenate base and request
+  const combined = new Uint8Array(baseBinary.length + requestBinary.length)
+  combined.set(baseBinary, 0)
+  combined.set(requestBinary, baseBinary.length)
+
+  // Calculate SHA256 of the combined data
+  const nextBaseHash = hash(combined)
+
+  // Convert to base64url
+  return uint8ArrayToBase64url(nextBaseHash)
+}
+
+/**
+ * Calculate the next hashpath given the current hashpath and a new message
+ *
+ * @param {string} currentHashpath - The current hashpath (or null for first operation)
+ * @param {Object} newMessage - The new message/request
+ * @returns {string} The next hashpath in format "nextBase/newMessageId"
+ */
+function hashpath(currentHashpath, newMessage) {
+  // Calculate the ID of the new message
+  const newMessageId = id(newMessage)
+
+  if (!currentHashpath) {
+    // First operation: the hashpath is just the message ID
+    // In the Erlang code, the first hashpath is "baseId/requestId"
+    // where baseId is the ID of the initial message
+    throw new Error(
+      "For first operation, provide the base message ID as currentHashpath"
+    )
+  }
+
+  // Check if this is the first operation (currentHashpath is just an ID, not a path)
+  if (!currentHashpath.includes("/")) {
+    // First operation: currentHashpath is the base message ID
+    return `${currentHashpath}/${newMessageId}`
+  }
+
+  // Subsequent operations: calculate the next base from current hashpath
+  const nextBase = base(currentHashpath)
+
+  // Return the new hashpath
+  return `${nextBase}/${newMessageId}`
+}
+
+/**
+ * Helper function to convert base64url string to Uint8Array
+ */
+function base64urlToUint8Array(base64url) {
+  // Convert base64url to base64
+  const base64 = base64urlToBase64(base64url)
+
+  // Decode base64 to binary string
+  const binaryString = atob(base64)
+
+  // Convert binary string to Uint8Array
+  const bytes = new Uint8Array(binaryString.length)
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i)
+  }
+
+  return bytes
+}
+
+// Export the new functions
+export { base, hashpath }

package/src/index.js

@@ -0,0 +1,13 @@
+export { id, base, hashpath, rsaid, hmacid } from "./id.js"
+export { toAddr } from "./utils.js"
+export { sign, signer, createSigner } from "./signer.js"
+export { send } from "./send.js"
+export { commit } from "./commit.js"
+export { result } from "./send-utils.js"
+export { extractPubKey, decodeSigInput } from "./parser.js"
+export { verify } from "./signer-utils.js"
+export { normalize, erl_json_to, erl_json_from } from "./erl_json.js"
+export { erl_str_from, erl_str_to } from "./erl_str.js"
+export { structured_from, structured_to } from "./structured.js"
+export { httpsig_from, httpsig_to } from "./httpsig.js"
+export { flat_from, flat_to } from "./flat.js"

package/src/nocrypto.js

@@ -0,0 +1,4 @@
+export { id, hashpath, rsaid, hmacid } from "./id.js"
+export { extractPubKey } from "./parser.js"
+export { structured_to } from "./structured.js"
+export { httpsig_from } from "./httpsig.js"

package/src/parser.js

@@ -0,0 +1,171 @@
+import base64url from "base64url"
+
+/**
+ * Decode signature-input header to extract all components
+ * Handles format: signature-name=(components);params
+ *
+ * @param {string} signatureInput - The signature-input header value
+ * @param {string} [signatureName] - Optional specific signature name to decode
+ * @returns {Object} Decoded signature input with components and parameters
+ */
+export function decodeSigInput(signatureInput, signatureName = null) {
+  if (!signatureInput) {
+    return null
+  }
+
+  try {
+    // If signature name is provided, extract just that section
+    let inputToDecode = signatureInput
+    if (signatureName) {
+      // Find the section for this specific signature
+      const startIndex = signatureInput.indexOf(signatureName)
+      if (startIndex === -1) {
+        return null
+      }
+
+      // Extract from signature name to the next signature (if any) or end
+      const nextSigMatch = signatureInput
+        .substring(startIndex + signatureName.length)
+        .match(/,\s*[a-zA-Z0-9_-]+=/)
+      const endIndex = nextSigMatch
+        ? startIndex + signatureName.length + nextSigMatch.index
+        : signatureInput.length
+
+      inputToDecode = signatureInput.substring(startIndex, endIndex).trim()
+    }
+
+    // Parse each signature entry
+    const signatures = {}
+
+    // Split by signature entries (handle multiple signatures)
+    const entries = inputToDecode.split(/,(?=\s*[a-zA-Z0-9_-]+=)/)
+
+    for (const entry of entries) {
+      const trimmedEntry = entry.trim()
+
+      // Match signature-name=(components);params format
+      const match = trimmedEntry.match(/^([a-zA-Z0-9_-]+)=\(([^)]*)\)(.*)$/)
+      if (!match) {
+        continue
+      }
+
+      const sigName = match[1]
+      const componentsStr = match[2]
+      const paramsStr = match[3]
+
+      // Parse components (space-separated, may be quoted)
+      const components = []
+      const componentRegex = /"[^"]+"|[^\s]+/g
+      let componentMatch
+      while ((componentMatch = componentRegex.exec(componentsStr)) !== null) {
+        components.push(componentMatch[0].replace(/"/g, ""))
+      }
+
+      // Parse parameters (semicolon-separated key="value" pairs)
+      const params = {}
+      if (paramsStr) {
+        const paramPairs = paramsStr.split(";").filter(p => p.trim())
+        for (const pair of paramPairs) {
+          const [key, ...valueParts] = pair.split("=")
+          if (key && valueParts.length > 0) {
+            const value = valueParts.join("=").replace(/^"|"$/g, "")
+            params[key.trim()] = value
+          }
+        }
+      }
+
+      signatures[sigName] = {
+        components,
+        params,
+        raw: trimmedEntry,
+      }
+    }
+
+    // If specific signature was requested, return just that one
+    if (signatureName && signatures[signatureName]) {
+      return signatures[signatureName]
+    }
+
+    // Return all signatures or the first one if no specific name was given
+    return signatureName ? null : signatures
+  } catch (error) {
+    console.error("Error decoding signature-input:", error)
+    return null
+  }
+}
+
+/**
+ * Extract signature name from headers
+ * @param {Object} headers - Request headers
+ * @returns {string|null} Signature name or null
+ */
+function extractSignatureName(headers) {
+  const signatureHeader = headers["signature"] || headers["Signature"]
+  if (!signatureHeader) return null
+
+  // Extract signature name (e.g., "http-sig-xxxxxxxx")
+  // Handle both "name:" and "name=" formats
+  const match = signatureHeader.match(/^([^:=]+)[:=]/)
+  return match ? match[1] : null
+}
+
+/**
+ * Extract public key from signature-input header
+ * @param {Object} headers - Request headers
+ * @param {string} [signatureName] - Optional signature name to look for
+ * @returns {Buffer|null} Public key buffer or null
+ */
+export function extractPubKey(headers, signatureName) {
+  const signatureInput =
+    headers["signature-input"] || headers["Signature-Input"]
+  if (!signatureInput) return null
+
+  // Use the decoder to properly parse the signature-input
+  const decoded = decodeSigInput(signatureInput, signatureName)
+
+  if (!decoded) return null
+
+  // If we decoded a specific signature, use its keyid
+  // When no specific signatureName, prefer RSA signature over HMAC
+  // (HMAC keyid is "constant:ao" which is not a real public key)
+  let keyid = null
+  if (signatureName && decoded.params) {
+    keyid = decoded.params.keyid
+  } else {
+    const entries = Object.values(decoded)
+    const rsaEntry = entries.find(e => e.params?.alg?.startsWith("rsa-"))
+    keyid = rsaEntry?.params?.keyid || entries[0]?.params?.keyid
+  }
+
+  if (!keyid) return null
+
+  try {
+    // Strip scheme prefix if present (e.g., "publickey:base64data" -> "base64data")
+    let keyidToDecode = keyid
+    if (keyid.includes(":")) {
+      const colonIndex = keyid.indexOf(":")
+      keyidToDecode = keyid.substring(colonIndex + 1)
+    }
+    // Handle both base64url and standard base64 encoding
+    // Standard base64 uses +/ while base64url uses -_
+    if (keyidToDecode.includes("+") || keyidToDecode.includes("/")) {
+      // Standard base64 - convert to buffer directly
+      return Buffer.from(keyidToDecode, "base64")
+    }
+    return base64url.toBuffer(keyidToDecode)
+  } catch (error) {
+    return null
+  }
+}
+
+/**
+ * Extract public key from a signed message
+ * This is a convenience wrapper that extracts the signature name first
+ *
+ * @param {Object} signedMessage - The signed message with headers
+ * @returns {Buffer|null} The public key buffer or null
+ */
+export function extractPublicKeyFromMessage(signedMessage) {
+  const signatureName = extractSignatureName(signedMessage.headers)
+  return extractPubKey(signedMessage.headers, signatureName)
+}