UNPKG

@web5/agent

Version:

github.com/TBD54566975/web5-js/tree/main/packages/agent

TBD54566975/web5-js

346 lines 17.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; import { Sha2Algorithm, computeJwkThumbprint } from '@web5/crypto'; import { HkdfAlgorithm } from './prototyping/crypto/algorithms/hkdf.js'; import { EcdsaAlgorithm } from './prototyping/crypto/algorithms/ecdsa.js'; import { EdDsaAlgorithm } from './prototyping/crypto/algorithms/eddsa.js'; import { AesKwAlgorithm } from './prototyping/crypto/algorithms/aes-kw.js'; import { Pbkdf2Algorithm } from './prototyping/crypto/algorithms/pbkdf2.js'; import { AesGcmAlgorithm } from './prototyping/crypto/algorithms/aes-gcm.js'; import { CryptoError, CryptoErrorCode } from './prototyping/crypto/crypto-error.js'; /** * `supportedAlgorithms` is an object mapping algorithm names to their respective implementations * Each entry in this map specifies the algorithm name and its associated properties, including the * implementation class and any relevant names or identifiers for the algorithm. This structure * allows for easy retrieval and instantiation of algorithm implementations based on the algorithm * name or key specification. It facilitates the support of multiple algorithms within the * `LocalKeyManager` class. */ const supportedAlgorithms = { 'AES-GCM': { implementation: AesGcmAlgorithm, names: ['A128GCM', 'A192GCM', 'A256GCM'], operations: ['bytesToPrivateKey', 'decrypt', 'encrypt', 'generateKey'], }, 'AES-KW': { implementation: AesKwAlgorithm, names: ['A128KW', 'A192KW', 'A256KW'], operations: ['bytesToPrivateKey', 'generateKey', 'privateKeyToBytes', 'wrapKey', 'unwrapKey'], }, 'Ed25519': { implementation: EdDsaAlgorithm, names: ['Ed25519'], operations: ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'HKDF': { implementation: HkdfAlgorithm, names: ['HKDF-256', 'HKDF-384', 'HKDF-512'], operations: ['deriveKey', 'deriveKeyBytes'], }, 'PBKDF2': { implementation: Pbkdf2Algorithm, names: ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW'], operations: ['deriveKey', 'deriveKeyBytes'], }, 'secp256k1': { implementation: EcdsaAlgorithm, names: ['ES256K', 'secp256k1'], operations: ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'secp256r1': { implementation: EcdsaAlgorithm, names: ['ES256', 'secp256r1'], operations: ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'SHA-256': { implementation: Sha2Algorithm, names: ['SHA-256'], operations: ['digest'], } }; export class AgentCryptoApi { constructor() { /** * A private map that stores instances of cryptographic algorithm implementations. Each key in * this map is an `AlgorithmConstructor`, and its corresponding value is an instance of a class * that implements a specific cryptographic algorithm. This map is used to cache and reuse * instances for performance optimization, ensuring that each algorithm is instantiated only once. */ this._algorithmInstances = new Map(); } bytesToPrivateKey({ algorithm: algorithmIdentifier, privateKeyBytes }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: algorithmIdentifier }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }); // Convert the byte array to a JWK. const privateKey = yield keyConverter.bytesToPrivateKey({ algorithm: algorithmIdentifier, privateKeyBytes }); return privateKey; }); } bytesToPublicKey({ algorithm: algorithmIdentifier, publicKeyBytes }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: algorithmIdentifier }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }); // Convert the byte array to a JWK. const publicKey = yield keyConverter.bytesToPublicKey({ algorithm: algorithmIdentifier, publicKeyBytes }); return publicKey; }); } decrypt(params) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.key }); // Get the cipher algorithm based on the algorithm name. const cipher = this.getAlgorithm({ algorithm }); // Decrypt the data. return yield cipher.decrypt(params); }); } deriveKey(params) { var _a, _b; return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key derivation function based on the algorithm name. const kdf = this.getAlgorithm({ algorithm }); let derivedKeyAlgorithm; switch (params.algorithm) { case 'HKDF-256': case 'HKDF-384': case 'HKDF-512': { derivedKeyAlgorithm = params.derivedKeyAlgorithm; break; } case 'PBES2-HS256+A128KW': case 'PBES2-HS384+A192KW': case 'PBES2-HS512+A256KW': { derivedKeyAlgorithm = params.algorithm.split(/[-+]/)[2]; break; } default: throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The specified "algorithm" is not supported: ${params.algorithm}`); } // Determine the bit length of the derived key based on the given algorithm. const length = +((_b = (_a = derivedKeyAlgorithm.match(/\d+/)) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : -1); if (length === -1) { throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The derived key algorithm" is not supported: ${derivedKeyAlgorithm}`); } // Derive the byte array. const privateKeyBytes = yield kdf.deriveKeyBytes(Object.assign(Object.assign({}, params), { length })); return yield this.bytesToPrivateKey({ algorithm: derivedKeyAlgorithm, privateKeyBytes }); }); } deriveKeyBytes(params) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key derivation function based on the algorithm name. const kdf = this.getAlgorithm({ algorithm }); // Derive the byte array. const derivedKeyBytes = yield kdf.deriveKeyBytes(params); return derivedKeyBytes; }); } /** * Generates a hash digest of the provided data. * * @remarks * A digest is the output of the hash function. It's a fixed-size string of bytes that uniquely * represents the data input into the hash function. The digest is often used for data integrity * checks, as any alteration in the input data results in a significantly different digest. * * It takes the algorithm identifier of the hash function and data to digest as input and returns * the digest of the data. * * @example * ```ts * const cryptoApi = new AgentCryptoApi(); * const data = new Uint8Array([...]); * const digest = await cryptoApi.digest({ algorithm: 'SHA-256', data }); * ``` * * @param params - The parameters for the digest operation. * @param params.algorithm - The name of hash function to use. * @param params.data - The data to digest. * * @returns A Promise which will be fulfilled with the hash digest. */ digest({ algorithm, data }) { return __awaiter(this, void 0, void 0, function* () { // Get the hash function implementation based on the specified `algorithm` parameter. const hasher = this.getAlgorithm({ algorithm }); // Compute the hash. const hash = yield hasher.digest({ algorithm, data }); return hash; }); } encrypt(params) { return __awaiter(this, void 0, void 0, function* () { // If th // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.key }); // Get the cipher algorithm based on the algorithm name. const cipher = this.getAlgorithm({ algorithm }); // Encrypt the data and return the ciphertext. return yield cipher.encrypt(params); }); } generateKey(params) { var _a; return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key generator implementation based on the algorithm. const keyGenerator = this.getAlgorithm({ algorithm }); // Generate the key. const privateKey = yield keyGenerator.generateKey({ algorithm: params.algorithm }); // If the key ID is undefined, set it to the JWK thumbprint. (_a = privateKey.kid) !== null && _a !== void 0 ? _a : (privateKey.kid = yield computeJwkThumbprint({ jwk: privateKey })); return privateKey; }); } // ! TODO: Remove this once the `Dsa` interface is updated in @web5/crypto to remove KMS-specific methods. getKeyUri(_params) { return __awaiter(this, void 0, void 0, function* () { throw new Error('Method not implemented.'); }); } getPublicKey({ key }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the key generator based on the algorithm name. const keyGenerator = this.getAlgorithm({ algorithm }); // Get the public key properties from the private JWK. const publicKey = yield keyGenerator.getPublicKey({ key }); return publicKey; }); } privateKeyToBytes({ privateKey }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: privateKey }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }); // Convert the JWK to a byte array. const privateKeyBytes = yield keyConverter.privateKeyToBytes({ privateKey }); return privateKeyBytes; }); } publicKeyToBytes({ publicKey }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: publicKey }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }); // Convert the JWK to a byte array. const publicKeyBytes = yield keyConverter.publicKeyToBytes({ publicKey }); return publicKeyBytes; }); } sign({ key, data }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the signature algorithm based on the algorithm name. const signer = this.getAlgorithm({ algorithm }); // Sign the data. const signature = signer.sign({ data, key }); return signature; }); } unwrapKey(params) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.decryptionKey }); // Get the key wrapping algorithm based on the algorithm name. const keyWrapper = this.getAlgorithm({ algorithm }); // decrypt the key and return the ciphertext. return yield keyWrapper.unwrapKey(params); }); } verify({ key, signature, data }) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the signature algorithm based on the algorithm name. const signer = this.getAlgorithm({ algorithm }); // Verify the signature. const isSignatureValid = signer.verify({ key, signature, data }); return isSignatureValid; }); } wrapKey(params) { return __awaiter(this, void 0, void 0, function* () { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.encryptionKey }); // Get the key wrapping algorithm based on the algorithm name. const keyWrapper = this.getAlgorithm({ algorithm }); // Encrypt the key and return the ciphertext. return yield keyWrapper.wrapKey(params); }); } /** * Retrieves an algorithm implementation instance based on the provided algorithm name. * * @remarks * This method checks if the requested algorithm is supported and returns a cached instance * if available. If an instance does not exist, it creates and caches a new one. This approach * optimizes performance by reusing algorithm instances across cryptographic operations. * * @example * ```ts * const signer = this.getAlgorithm({ algorithm: 'Ed25519' }); * ``` * * @param params - The parameters for retrieving the algorithm implementation. * @param params.algorithm - The name of the algorithm to retrieve. * * @returns An instance of the requested algorithm implementation. * * @throws Error if the requested algorithm is not supported. */ getAlgorithm({ algorithm }) { var _a; // Check if algorithm is supported. const AlgorithmImplementation = (_a = supportedAlgorithms[algorithm]) === null || _a === void 0 ? void 0 : _a['implementation']; if (!AlgorithmImplementation) { throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Algorithm not supported: ${algorithm}`); } // Check if instance already exists for the `AlgorithmImplementation`. if (!this._algorithmInstances.has(AlgorithmImplementation)) { // If not, create a new instance and store it in the cache this._algorithmInstances.set(AlgorithmImplementation, new AlgorithmImplementation()); } // Return the cached instance return this._algorithmInstances.get(AlgorithmImplementation); } getAlgorithmName({ algorithm, key }) { var _a; const algProperty = (_a = key === null || key === void 0 ? void 0 : key.alg) !== null && _a !== void 0 ? _a : algorithm; const crvProperty = key === null || key === void 0 ? void 0 : key.crv; for (const algorithmIdentifier of Object.keys(supportedAlgorithms)) { const algorithmNames = supportedAlgorithms[algorithmIdentifier].names; if (algProperty && algorithmNames.includes(algProperty)) { return algorithmIdentifier; } else if (crvProperty && algorithmNames.includes(crvProperty)) { return algorithmIdentifier; } } throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Algorithm not supported based on provided input: alg=${algProperty}, crv=${crvProperty}. ` + 'Please check the documentation for the list of supported algorithms.'); } } //# sourceMappingURL=crypto-api.js.map