UNPKG

@veramo/did-comm

Version:

Veramo messaging plugin implementing DIDComm v2.

github.com/decentralized-identity/veramo

decentralized-identity/veramo

137 lines 7.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import { computeX25519Ecdh1PUv3Kek, computeX25519EcdhEsKek, createX25519Ecdh1PUv3Kek, createX25519EcdhEsKek, xc20pDirDecrypter, xc20pDirEncrypter, } from 'did-jwt'; import { base64ToBytes } from '@veramo/utils'; import { createFullEncrypter } from './createEncrypter.js'; import { a256KeyUnwrapper, a256KeyWrapper } from './a256kw.js'; import { a256gcmDirDecrypter, a256gcmDirEncrypter } from './a256gcm-dir.js'; import { a256cbcHs512DirDecrypter, a256cbcHs512DirEncrypter } from './a256cbc-hs512-dir.js'; //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // A256CBC-HS512 //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// export function a256cbcHs512AnonEncrypterX25519WithA256KW(recipientPublicKey, kid, apv) { return createFullEncrypter(recipientPublicKey, undefined, { apv, kid }, { createKek: createX25519EcdhEsKek, alg: 'ECDH-ES' }, a256KeyWrapper, { from: (cek) => a256cbcHs512DirEncrypter(cek), enc: 'A256CBC-HS512' }); } export function a256cbcHs512AnonDecrypterX25519WithA256KW(receiverSecret) { const alg = 'ECDH-ES+A256KW'; const enc = 'A256CBC-HS512'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519EcdhEsKek(recipient, receiverSecret, alg); if (kek === null) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return a256cbcHs512DirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } export function a256cbcHs512AuthEncrypterX25519WithA256KW(recipientPublicKey, senderSecret, options = {}) { return createFullEncrypter(recipientPublicKey, senderSecret, options, { createKek: createX25519Ecdh1PUv3Kek, alg: 'ECDH-1PU' }, a256KeyWrapper, { from: (cek) => a256cbcHs512DirEncrypter(cek), enc: 'A256CBC-HS512' }); } export function a256cbcHs512AuthDecrypterX25519WithA256KW(recipientSecret, senderPublicKey) { const alg = 'ECDH-1PU+A256KW'; const enc = 'A256CBC-HS512'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519Ecdh1PUv3Kek(recipient, recipientSecret, senderPublicKey, alg); if (kek === null) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return a256cbcHs512DirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // A256GCM //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// export function a256gcmAnonEncrypterX25519WithA256KW(recipientPublicKey, kid, apv) { return createFullEncrypter(recipientPublicKey, undefined, { apv, kid }, { createKek: createX25519EcdhEsKek, alg: 'ECDH-ES' }, a256KeyWrapper, { from: (cek) => a256gcmDirEncrypter(cek), enc: 'XC20P' }); } export function a256gcmAnonDecrypterX25519WithA256KW(receiverSecret) { const alg = 'ECDH-ES+A256KW'; const enc = 'A256GCM'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519EcdhEsKek(recipient, receiverSecret, alg); if (kek === null) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return a256gcmDirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } export function a256gcmAuthEncrypterEcdh1PuV3x25519WithA256KW(recipientPublicKey, senderSecret, options = {}) { return createFullEncrypter(recipientPublicKey, senderSecret, options, { createKek: createX25519Ecdh1PUv3Kek, alg: 'ECDH-1PU' }, a256KeyWrapper, { from: (cek) => a256gcmDirEncrypter(cek), enc: 'A256GCM' }); } export function a256gcmAuthDecrypterEcdh1PuV3x25519WithA256KW(recipientSecret, senderPublicKey) { const alg = 'ECDH-1PU+A256KW'; const enc = 'A256GCM'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519Ecdh1PUv3Kek(recipient, recipientSecret, senderPublicKey, alg); if (!kek) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return a256gcmDirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// // XC20P //////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// export function xc20pAnonEncrypterX25519WithA256KW(recipientPublicKey, kid, apv) { return createFullEncrypter(recipientPublicKey, undefined, { apv, kid }, { createKek: createX25519EcdhEsKek, alg: 'ECDH-ES' }, a256KeyWrapper, { from: (cek) => xc20pDirEncrypter(cek), enc: 'XC20P' }); } export function xc20pAnonDecrypterX25519WithA256KW(receiverSecret) { const alg = 'ECDH-ES+A256KW'; const enc = 'XC20P'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519EcdhEsKek(recipient, receiverSecret, alg); if (kek === null) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); // FIXME: why is there no tag and IV check here? const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return xc20pDirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } export function xc20pAuthEncrypterEcdh1PuV3x25519WithA256KW(recipientPublicKey, senderSecret, options = {}) { return createFullEncrypter(recipientPublicKey, senderSecret, options, { createKek: createX25519Ecdh1PUv3Kek, alg: 'ECDH-1PU' }, a256KeyWrapper, { from: (cek) => xc20pDirEncrypter(cek), enc: 'XC20P' }); } export function xc20pAuthDecrypterEcdh1PuV3x25519WithA256KW(recipientSecret, senderPublicKey) { const alg = 'ECDH-1PU+A256KW'; const enc = 'XC20P'; async function decrypt(sealed, iv, aad, recipient) { recipient = recipient; const kek = await computeX25519Ecdh1PUv3Kek(recipient, recipientSecret, senderPublicKey, alg); if (!kek) return null; // Content Encryption Key const unwrapper = a256KeyUnwrapper(kek); const cek = await unwrapper.unwrap(base64ToBytes(recipient.encrypted_key)); if (cek === null) return null; return xc20pDirDecrypter(cek).decrypt(sealed, iv, aad); } return { alg, enc, decrypt }; } //# sourceMappingURL=a256kw-encrypters.js.map