UNPKG

@web5/agent

Version:

github.com/TBD54566975/web5-js/tree/main/packages/agent

TBD54566975/web5-js

593 lines (491 loc) 24.9 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
import type { Jwk, Cipher, Hasher, Signer, KeyWrapper, SignParams, AesGcmParams, DigestParams, VerifyParams, GenerateKeyParams, GetPublicKeyParams, KmsGetKeyUriParams, AsymmetricKeyGenerator, } from '@web5/crypto'; import { CryptoAlgorithm, Sha2Algorithm, computeJwkThumbprint } from '@web5/crypto'; import type { CryptoApi } from './prototyping/crypto/types/crypto-api.js'; import type { HkdfParams } from './prototyping/crypto/primitives/hkdf.js'; import type { Pbkdf2Params } from './prototyping/crypto/primitives/pbkdf2.js'; import type { KeyBytesDeriver } from './prototyping/crypto/types/key-deriver.js'; import type { AsymmetricKeyConverter, KeyConverter } from './prototyping/crypto/types/key-converter.js'; import type { BytesToPrivateKeyParams, BytesToPublicKeyParams, CipherParams, DeriveKeyBytesParams, DeriveKeyParams, PrivateKeyToBytesParams, PublicKeyToBytesParams, UnwrapKeyParams, WrapKeyParams } from './prototyping/crypto/types/params-direct.js'; import { HkdfAlgorithm } from './prototyping/crypto/algorithms/hkdf.js'; import { EcdsaAlgorithm } from './prototyping/crypto/algorithms/ecdsa.js'; import { EdDsaAlgorithm } from './prototyping/crypto/algorithms/eddsa.js'; import { AesKwAlgorithm } from './prototyping/crypto/algorithms/aes-kw.js'; import { Pbkdf2Algorithm } from './prototyping/crypto/algorithms/pbkdf2.js'; import { AesGcmAlgorithm } from './prototyping/crypto/algorithms/aes-gcm.js'; import { CryptoError, CryptoErrorCode } from './prototyping/crypto/crypto-error.js'; export interface CryptoApiBytesToPrivateKeyParams extends BytesToPrivateKeyParams { algorithm: KeyConversionAlgorithm; } export interface CryptoApiBytesToPublicKeyParams extends BytesToPublicKeyParams { algorithm: AsymmetricKeyConversionAlgorithm; } /** * The `CryptoApiCipherParams` interface defines the algorithm-specific parameters that should * be passed into the {@link AgentCryptoApi.encrypt | `AgentCryptoApi.encrypt()`} or * {@link AgentCryptoApi.decrypt | `AgentCryptoApi.decrypt()`} method. */ export interface CryptoApiCipherParams extends CipherParams, AesGcmParams {} /** * The `CryptoApiDigestParams` interface defines the algorithm-specific parameters that should * be passed into the {@link AgentCryptoApi.digest | `AgentCryptoApi.digest()`} method. */ export interface CryptoApiDigestParams extends DigestParams { /** * A string defining the name of hash function to use. The value must be one of the following: * - `"SHA-256"`: Generates a 256-bit digest. */ algorithm: DigestAlgorithm; } export interface CryptoApiDeriveKeyOptions { 'HKDF-256': Omit<HkdfParams, 'hash'> & { derivedKeyAlgorithm: CipherAlgorithm | KeyWrappingAlgorithm}; 'HKDF-384': Omit<HkdfParams, 'hash'> & { derivedKeyAlgorithm: CipherAlgorithm | KeyWrappingAlgorithm}; 'HKDF-512': Omit<HkdfParams, 'hash'> & { derivedKeyAlgorithm: CipherAlgorithm | KeyWrappingAlgorithm}; 'PBES2-HS256+A128KW': Omit<Pbkdf2Params, 'hash'> & { derivedKeyAlgorithm?: never }; 'PBES2-HS384+A192KW': Omit<Pbkdf2Params, 'hash'> & { derivedKeyAlgorithm?: never }; 'PBES2-HS512+A256KW': Omit<Pbkdf2Params, 'hash'> & { derivedKeyAlgorithm?: never }; } export interface CryptoApiDeriveKeyBytesOptions { 'HKDF-256': Omit<HkdfParams, 'hash'>; 'HKDF-384': Omit<HkdfParams, 'hash'>; 'HKDF-512': Omit<HkdfParams, 'hash'>; 'PBES2-HS256+A128KW': Omit<Pbkdf2Params, 'hash'>; 'PBES2-HS384+A192KW': Omit<Pbkdf2Params, 'hash'>; 'PBES2-HS512+A256KW': Omit<Pbkdf2Params, 'hash'>; } /** * The `CryptoApiDeriveKeyParams` interface defines the algorithm-specific parameters that * should be passed into the {@link AgentCryptoApi.deriveKey | `AgentCryptoApi.deriveKey()`} method. */ export type CryptoApiDeriveKeyParams<T extends DeriveKeyAlgorithm> = DeriveKeyParams & { /** * A string defining the name of key derivation function to use. The value must be one of the * following: * - `"HKDF-256"`: HKDF with SHA-256. * - `"HKDF-384"`: HKDF with SHA-384. * - `"HKDF-512"`: HKDF with SHA-512. * - `"PBKDF2-HS256+A128KW"`: PBKDF2 with HMAC SHA-256 and A128KW key wrapping. * - `"PBKDF2-HS384+A192KW"`: PBKDF2 with HMAC SHA-384 and A192KW key wrapping. * - `"PBKDF2-HS512+A256KW"`: PBKDF2 with HMAC SHA-512 and A256KW key wrapping. */ algorithm: T; } & CryptoApiDeriveKeyOptions[T]; /** * The `CryptoApiDeriveKeyBytesParams` interface defines the algorithm-specific parameters that * should be passed into the {@link AgentCryptoApi.deriveKeyBytes | `AgentCryptoApi.deriveKeyBytes()`} method. */ export type CryptoApiDeriveKeyBytesParams<T extends DeriveKeyByteAlgorithm> = DeriveKeyBytesParams & { /** * A string defining the name of key derivation function to use. The value must be one of the * following: * - `"HKDF-256"`: HKDF with SHA-256. * - `"HKDF-384"`: HKDF with SHA-384. * - `"HKDF-512"`: HKDF with SHA-512. * - `"PBKDF2-HS256+A128KW"`: PBKDF2 with HMAC SHA-256 and A128KW key wrapping. * - `"PBKDF2-HS384+A192KW"`: PBKDF2 with HMAC SHA-384 and A192KW key wrapping. * - `"PBKDF2-HS512+A256KW"`: PBKDF2 with HMAC SHA-512 and A256KW key wrapping. */ algorithm: T; } & CryptoApiDeriveKeyBytesOptions[T]; export interface CryptoApiGenerateKeyParams extends GenerateKeyParams { algorithm: KeyGenerationAlgorithm; } /** * `supportedAlgorithms` is an object mapping algorithm names to their respective implementations * Each entry in this map specifies the algorithm name and its associated properties, including the * implementation class and any relevant names or identifiers for the algorithm. This structure * allows for easy retrieval and instantiation of algorithm implementations based on the algorithm * name or key specification. It facilitates the support of multiple algorithms within the * `LocalKeyManager` class. */ const supportedAlgorithms = { 'AES-GCM': { implementation : AesGcmAlgorithm, names : ['A128GCM', 'A192GCM', 'A256GCM'], operations : ['bytesToPrivateKey', 'decrypt', 'encrypt', 'generateKey'], }, 'AES-KW': { implementation : AesKwAlgorithm, names : ['A128KW', 'A192KW', 'A256KW'], operations : ['bytesToPrivateKey', 'generateKey', 'privateKeyToBytes', 'wrapKey', 'unwrapKey'], }, 'Ed25519': { implementation : EdDsaAlgorithm, names : ['Ed25519'], operations : ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'HKDF': { implementation : HkdfAlgorithm, names : ['HKDF-256', 'HKDF-384', 'HKDF-512'], operations : ['deriveKey', 'deriveKeyBytes'], }, 'PBKDF2': { implementation : Pbkdf2Algorithm, names : ['PBES2-HS256+A128KW', 'PBES2-HS384+A192KW', 'PBES2-HS512+A256KW'], operations : ['deriveKey', 'deriveKeyBytes'], }, 'secp256k1': { implementation : EcdsaAlgorithm, names : ['ES256K', 'secp256k1'], operations : ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'secp256r1': { implementation : EcdsaAlgorithm, names : ['ES256', 'secp256r1'], operations : ['bytesToPrivateKey', 'bytesToPublicKey', 'generateKey', 'sign', 'verify'], }, 'SHA-256': { implementation : Sha2Algorithm, names : ['SHA-256'], operations : ['digest'], } } as const; /* Helper types for `supportedAlgorithms`. */ type SupportedAlgorithm = keyof typeof supportedAlgorithms; type SupportedAlgorithms = typeof supportedAlgorithms; /* Helper type for `supportedAlgorithms` implementations. */ type AlgorithmConstructor = typeof supportedAlgorithms[SupportedAlgorithm]['implementation']; type CipherAlgorithms = { [K in keyof SupportedAlgorithms]: 'encrypt' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type CipherAlgorithm = typeof supportedAlgorithms[CipherAlgorithms]['names'][number]; type DeriveKeyAlgorithms = { [K in keyof SupportedAlgorithms]: 'deriveKey' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type DeriveKeyAlgorithm = typeof supportedAlgorithms[DeriveKeyAlgorithms]['names'][number]; type DeriveKeyBytesAlgorithms = { [K in keyof SupportedAlgorithms]: 'deriveKeyBytes' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type DeriveKeyByteAlgorithm = typeof supportedAlgorithms[DeriveKeyBytesAlgorithms]['names'][number]; type DigestAlgorithms = { [K in keyof SupportedAlgorithms]: 'digest' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type DigestAlgorithm = typeof supportedAlgorithms[DigestAlgorithms]['names'][number]; type KeyConversionAlgorithms = { [K in keyof SupportedAlgorithms]: 'bytesToPrivateKey' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type KeyConversionAlgorithm = typeof supportedAlgorithms[KeyConversionAlgorithms]['names'][number]; type AsymmetricKeyConversionAlgorithms = { [K in keyof SupportedAlgorithms]: 'bytesToPublicKey' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type AsymmetricKeyConversionAlgorithm = typeof supportedAlgorithms[AsymmetricKeyConversionAlgorithms]['names'][number]; type KeyWrappingAlgorithms = { [K in keyof SupportedAlgorithms]: 'wrapKey' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type KeyWrappingAlgorithm = typeof supportedAlgorithms[KeyWrappingAlgorithms]['names'][number]; type KeyGenerationAlgorithms = { [K in keyof SupportedAlgorithms]: 'generateKey' extends SupportedAlgorithms[K]['operations'][number] ? K : never }[keyof SupportedAlgorithms]; type KeyGenerationAlgorithm = typeof supportedAlgorithms[KeyGenerationAlgorithms]['names'][number]; export class AgentCryptoApi implements CryptoApi< CryptoApiGenerateKeyParams, Jwk, GetPublicKeyParams, CryptoApiDigestParams, SignParams, VerifyParams, CryptoApiCipherParams, CryptoApiCipherParams, CryptoApiBytesToPublicKeyParams, PublicKeyToBytesParams, CryptoApiBytesToPrivateKeyParams, PrivateKeyToBytesParams, CryptoApiDeriveKeyParams<DeriveKeyAlgorithm>, Jwk, CryptoApiDeriveKeyBytesParams<DeriveKeyAlgorithm>, Uint8Array, WrapKeyParams, UnwrapKeyParams > { /** * A private map that stores instances of cryptographic algorithm implementations. Each key in * this map is an `AlgorithmConstructor`, and its corresponding value is an instance of a class * that implements a specific cryptographic algorithm. This map is used to cache and reuse * instances for performance optimization, ensuring that each algorithm is instantiated only once. */ private _algorithmInstances: Map<AlgorithmConstructor, InstanceType<typeof CryptoAlgorithm>> = new Map(); public async bytesToPrivateKey({ algorithm: algorithmIdentifier, privateKeyBytes }: CryptoApiBytesToPrivateKeyParams ): Promise<Jwk> { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: algorithmIdentifier }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }) as KeyConverter<CryptoApiBytesToPrivateKeyParams, PrivateKeyToBytesParams>; // Convert the byte array to a JWK. const privateKey = await keyConverter.bytesToPrivateKey({ algorithm: algorithmIdentifier, privateKeyBytes }); return privateKey; } public async bytesToPublicKey({ algorithm: algorithmIdentifier, publicKeyBytes }: CryptoApiBytesToPublicKeyParams ): Promise<Jwk> { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: algorithmIdentifier }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }) as AsymmetricKeyConverter<CryptoApiBytesToPublicKeyParams, PublicKeyToBytesParams>; // Convert the byte array to a JWK. const publicKey = await keyConverter.bytesToPublicKey({ algorithm: algorithmIdentifier, publicKeyBytes }); return publicKey; } public async decrypt(params: CryptoApiCipherParams): Promise<Uint8Array> { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.key }); // Get the cipher algorithm based on the algorithm name. const cipher = this.getAlgorithm({ algorithm }) as Cipher<CipherParams, CipherParams>; // Decrypt the data. return await cipher.decrypt(params); } public async deriveKey<T extends DeriveKeyAlgorithm>( params: CryptoApiDeriveKeyParams<T> ): Promise<Jwk> { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key derivation function based on the algorithm name. const kdf = this.getAlgorithm({ algorithm }) as KeyBytesDeriver<DeriveKeyBytesParams, Uint8Array>; let derivedKeyAlgorithm: CipherAlgorithm | KeyWrappingAlgorithm; switch (params.algorithm) { case 'HKDF-256': case 'HKDF-384': case 'HKDF-512': { derivedKeyAlgorithm = params.derivedKeyAlgorithm as CipherAlgorithm | KeyWrappingAlgorithm; break; } case 'PBES2-HS256+A128KW': case 'PBES2-HS384+A192KW': case 'PBES2-HS512+A256KW': { derivedKeyAlgorithm = params.algorithm.split(/[-+]/)[2] as 'A128KW' | 'A192KW' | 'A256KW'; break; } default: throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The specified "algorithm" is not supported: ${params.algorithm}`); } // Determine the bit length of the derived key based on the given algorithm. const length = +(derivedKeyAlgorithm.match(/\d+/)?.[0] ?? -1); if (length === -1) { throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `The derived key algorithm" is not supported: ${derivedKeyAlgorithm}`); } // Derive the byte array. const privateKeyBytes = await kdf.deriveKeyBytes({ ...params, length }); return await this.bytesToPrivateKey({ algorithm: derivedKeyAlgorithm, privateKeyBytes }); } public async deriveKeyBytes<T extends DeriveKeyAlgorithm>( params: CryptoApiDeriveKeyBytesParams<T> ): Promise<Uint8Array> { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key derivation function based on the algorithm name. const kdf = this.getAlgorithm({ algorithm }) as KeyBytesDeriver<DeriveKeyBytesParams, Uint8Array>; // Derive the byte array. const derivedKeyBytes = await kdf.deriveKeyBytes(params); return derivedKeyBytes; } /** * Generates a hash digest of the provided data. * * @remarks * A digest is the output of the hash function. It's a fixed-size string of bytes that uniquely * represents the data input into the hash function. The digest is often used for data integrity * checks, as any alteration in the input data results in a significantly different digest. * * It takes the algorithm identifier of the hash function and data to digest as input and returns * the digest of the data. * * @example * ```ts * const cryptoApi = new AgentCryptoApi(); * const data = new Uint8Array([...]); * const digest = await cryptoApi.digest({ algorithm: 'SHA-256', data }); * ``` * * @param params - The parameters for the digest operation. * @param params.algorithm - The name of hash function to use. * @param params.data - The data to digest. * * @returns A Promise which will be fulfilled with the hash digest. */ public async digest({ algorithm, data }: CryptoApiDigestParams ): Promise<Uint8Array> { // Get the hash function implementation based on the specified `algorithm` parameter. const hasher = this.getAlgorithm({ algorithm }) as Hasher<CryptoApiDigestParams>; // Compute the hash. const hash = await hasher.digest({ algorithm, data }); return hash; } public async encrypt(params: CryptoApiCipherParams): Promise<Uint8Array> { // If th // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.key }); // Get the cipher algorithm based on the algorithm name. const cipher = this.getAlgorithm({ algorithm }) as Cipher<CipherParams, CipherParams>; // Encrypt the data and return the ciphertext. return await cipher.encrypt(params); } public async generateKey(params: CryptoApiGenerateKeyParams): Promise<Jwk> { // Determine the algorithm name based on the given algorithm identifier. const algorithm = this.getAlgorithmName({ algorithm: params.algorithm }); // Get the key generator implementation based on the algorithm. const keyGenerator = this.getAlgorithm({ algorithm }) as AsymmetricKeyGenerator<CryptoApiGenerateKeyParams, Jwk, GetPublicKeyParams>; // Generate the key. const privateKey = await keyGenerator.generateKey({ algorithm: params.algorithm }); // If the key ID is undefined, set it to the JWK thumbprint. privateKey.kid ??= await computeJwkThumbprint({ jwk: privateKey }); return privateKey; } // ! TODO: Remove this once the `Dsa` interface is updated in @web5/crypto to remove KMS-specific methods. public async getKeyUri(_params: KmsGetKeyUriParams): Promise<string> { throw new Error('Method not implemented.'); } public async getPublicKey({ key }: GetPublicKeyParams ): Promise<Jwk> { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the key generator based on the algorithm name. const keyGenerator = this.getAlgorithm({ algorithm }) as AsymmetricKeyGenerator<CryptoApiGenerateKeyParams, Jwk, GetPublicKeyParams>; // Get the public key properties from the private JWK. const publicKey = await keyGenerator.getPublicKey({ key }); return publicKey; } public async privateKeyToBytes({ privateKey }: { privateKey: Jwk; }): Promise<Uint8Array> { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: privateKey }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }) as KeyConverter<CryptoApiBytesToPrivateKeyParams, PrivateKeyToBytesParams>; // Convert the JWK to a byte array. const privateKeyBytes = await keyConverter.privateKeyToBytes({ privateKey }); return privateKeyBytes; } public async publicKeyToBytes({ publicKey }: { publicKey: Jwk; }): Promise<Uint8Array> { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: publicKey }); // Get the key converter based on the algorithm name. const keyConverter = this.getAlgorithm({ algorithm }) as AsymmetricKeyConverter<CryptoApiBytesToPublicKeyParams, PublicKeyToBytesParams>; // Convert the JWK to a byte array. const publicKeyBytes = await keyConverter.publicKeyToBytes({ publicKey }); return publicKeyBytes; } public async sign({ key, data }: SignParams ): Promise<Uint8Array> { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the signature algorithm based on the algorithm name. const signer = this.getAlgorithm({ algorithm }) as Signer<SignParams, VerifyParams>; // Sign the data. const signature = signer.sign({ data, key }); return signature; } public async unwrapKey(params: UnwrapKeyParams): Promise<Jwk> { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.decryptionKey }); // Get the key wrapping algorithm based on the algorithm name. const keyWrapper = this.getAlgorithm({ algorithm }) as KeyWrapper<WrapKeyParams, UnwrapKeyParams>; // decrypt the key and return the ciphertext. return await keyWrapper.unwrapKey(params); } public async verify({ key, signature, data }: VerifyParams ): Promise<boolean> { // Determine the algorithm name based on the JWK's `alg` and `crv` properties. const algorithm = this.getAlgorithmName({ key }); // Get the signature algorithm based on the algorithm name. const signer = this.getAlgorithm({ algorithm }) as Signer<SignParams, VerifyParams>; // Verify the signature. const isSignatureValid = signer.verify({ key, signature, data }); return isSignatureValid; } public async wrapKey(params: WrapKeyParams): Promise<Uint8Array> { // Determine the algorithm name based on the JWK's `alg` property. const algorithm = this.getAlgorithmName({ key: params.encryptionKey }); // Get the key wrapping algorithm based on the algorithm name. const keyWrapper = this.getAlgorithm({ algorithm }) as KeyWrapper<WrapKeyParams, UnwrapKeyParams>; // Encrypt the key and return the ciphertext. return await keyWrapper.wrapKey(params); } /** * Retrieves an algorithm implementation instance based on the provided algorithm name. * * @remarks * This method checks if the requested algorithm is supported and returns a cached instance * if available. If an instance does not exist, it creates and caches a new one. This approach * optimizes performance by reusing algorithm instances across cryptographic operations. * * @example * ```ts * const signer = this.getAlgorithm({ algorithm: 'Ed25519' }); * ``` * * @param params - The parameters for retrieving the algorithm implementation. * @param params.algorithm - The name of the algorithm to retrieve. * * @returns An instance of the requested algorithm implementation. * * @throws Error if the requested algorithm is not supported. */ private getAlgorithm({ algorithm }: { algorithm: SupportedAlgorithm; }): InstanceType<typeof CryptoAlgorithm> { // Check if algorithm is supported. const AlgorithmImplementation = supportedAlgorithms[algorithm]?.['implementation']; if (!AlgorithmImplementation) { throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Algorithm not supported: ${algorithm}`); } // Check if instance already exists for the `AlgorithmImplementation`. if (!this._algorithmInstances.has(AlgorithmImplementation)) { // If not, create a new instance and store it in the cache this._algorithmInstances.set(AlgorithmImplementation, new AlgorithmImplementation()); } // Return the cached instance return this._algorithmInstances.get(AlgorithmImplementation)!; } /** * Determines the algorithm name based on the key's properties. * * @remarks * This method facilitates the identification of the correct algorithm for cryptographic * operations based on the `alg` or `crv` properties of a {@link Jwk | JWK}. * * @example * ```ts * const key = { ... }; // Public key in JWK format * const algorithm = this.getAlgorithmName({ key }); * ``` * * @example * ```ts * const algorithm = this.getAlgorithmName({ algorithm: 'ES256' }); * ``` * * @param params - The parameters for determining the algorithm name. * @param params.key - A JWK containing the `alg` or `crv` properties. * * @returns The algorithm name associated with the key. * * @throws Error if the algorithm name cannot be determined from the provided input. */ private getAlgorithmName({ key }: { key: Jwk }): SupportedAlgorithm; private getAlgorithmName({ algorithm }: { algorithm: string }): SupportedAlgorithm; private getAlgorithmName({ algorithm, key }: { algorithm?: string; key?: { alg?: string, crv?: string }; }): SupportedAlgorithm { const algProperty = key?.alg ?? algorithm; const crvProperty = key?.crv; for (const algorithmIdentifier of Object.keys(supportedAlgorithms) as SupportedAlgorithm[]) { const algorithmNames = supportedAlgorithms[algorithmIdentifier].names as readonly string[]; if (algProperty && algorithmNames.includes(algProperty)) { return algorithmIdentifier; } else if (crvProperty && algorithmNames.includes(crvProperty)) { return algorithmIdentifier; } } throw new CryptoError(CryptoErrorCode.AlgorithmNotSupported, `Algorithm not supported based on provided input: alg=${algProperty}, crv=${crvProperty}. ` + 'Please check the documentation for the list of supported algorithms.' ); } }