UNPKG

did-jwt

Version:

Library for Signing and Verifying JWTs that use DIDs as issuers and JWEs that use DIDs as recipients

github.com/decentralized-identity/did-jwt

decentralized-identity/did-jwt

296 lines (273 loc) 11.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
import type { Resolvable, VerificationMethod } from 'did-resolver' import type { AnonEncryptParams, AuthEncryptParams, Decrypter, ECDH, Encrypter, KeyWrapper, ProtectedHeader, Recipient, WrappingResult, } from './types.js' import { base64ToBytes, extractPublicKeyBytes, isDefined, toSealed } from '../util.js' import { xc20pDirDecrypter, xc20pDirEncrypter, xc20pEncrypter } from './xc20pDir.js' import { computeX25519Ecdh1PUv3Kek, createX25519Ecdh1PUv3Kek } from './X25519-ECDH-1PU.js' import { computeX25519EcdhEsKek, createX25519EcdhEsKek } from './X25519-ECDH-ES.js' import { createFullEncrypter } from './createEncrypter.js' /** * @deprecated Use * {@link xc20pAuthEncrypterEcdh1PuV3x25519WithXc20PkwV2 | xc20pAuthEncrypterEcdh1PuV3x25519WithXc20PkwV2() } instead */ export function createAuthEncrypter( recipientPublicKey: Uint8Array, senderSecret: Uint8Array | ECDH, options: Partial<AuthEncryptParams> = {} ): Encrypter { return xc20pAuthEncrypterEcdh1PuV3x25519WithXc20PkwV2(recipientPublicKey, senderSecret, options) } /** * @deprecated Use {@link xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2 | xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2() } * instead */ export function createAnonEncrypter(publicKey: Uint8Array, options: Partial<AnonEncryptParams> = {}): Encrypter { return xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2(publicKey, options) } /** * @deprecated Use * {@link xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2 | xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2() } instead */ export function createAuthDecrypter(recipientSecret: Uint8Array | ECDH, senderPublicKey: Uint8Array): Decrypter { return xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2(recipientSecret, senderPublicKey) } /** * @deprecated Use {@link xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2 | xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2() } * instead */ export function createAnonDecrypter(recipientSecret: Uint8Array | ECDH): Decrypter { return xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2(recipientSecret) } export function validateHeader(header?: ProtectedHeader): Required<Pick<ProtectedHeader, 'epk' | 'iv' | 'tag'>> { if (!(header && header.epk && header.iv && header.tag)) { throw new Error('bad_jwe: malformed header') } return header as Required<Pick<ProtectedHeader, 'epk' | 'iv' | 'tag'>> } export const xc20pKeyWrapper: KeyWrapper = { from: (wrappingKey: Uint8Array) => { const wrap = async (cek: Uint8Array): Promise<WrappingResult> => { return xc20pEncrypter(wrappingKey)(cek) } return { wrap } }, alg: 'XC20PKW', } /** * @deprecated Use {@link xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2 | xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2() } * instead */ export function x25519Encrypter(publicKey: Uint8Array, kid?: string, apv?: string): Encrypter { return xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2(publicKey, { kid, apv }) } /** * Recommended encrypter for anonymous encryption (i.e. no sender authentication). * Uses {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | ECDH-ES+XC20PKW v2}. * * @param recipientPublicKey - the byte array representing the recipient public key * @param options - {@link AnonEncryptParams} used to specify the recipient key ID (`kid`) * * @returns an {@link Encrypter} instance usable with {@link createJWE} * * NOTE: ECDH-ES+XC20PKW is a proposed draft in IETF and not a standard yet and * is subject to change as new revisions or until the official CFRG specification is released. */ export function xc20pAnonEncrypterEcdhESx25519WithXc20PkwV2( recipientPublicKey: Uint8Array, options: Partial<AnonEncryptParams> = {} ): Encrypter { return createFullEncrypter( recipientPublicKey, undefined, options, { createKek: createX25519EcdhEsKek, alg: 'ECDH-ES' }, xc20pKeyWrapper, { from: (cek: Uint8Array) => xc20pDirEncrypter(cek), enc: 'XC20P' } ) } /** * Recommended encrypter for authenticated encryption (i.e. sender authentication and requires * sender private key to encrypt the data). * Uses {@link https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03 | ECDH-1PU v3 } and * {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | XC20PKW v2 }. * * @param recipientPublicKey - the byte array representing the recipient public key * @param senderSecret - either a Uint8Array representing the sender secret key or * an ECDH function that wraps the key and can promise a shared secret given a public key * @param options - {@link AuthEncryptParams} used to specify extra header parameters * * @returns an {@link Encrypter} instance usable with {@link createJWE} * * NOTE: ECDH-1PU and XC20PKW are proposed drafts in IETF and not a standard yet and * are subject to change as new revisions or until the official CFRG specification are released. * * Implements ECDH-1PU+XC20PKW with XChaCha20Poly1305 based on the following specs: * - {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | XC20PKW} * - {@link https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03 | ECDH-1PU} */ export function xc20pAuthEncrypterEcdh1PuV3x25519WithXc20PkwV2( recipientPublicKey: Uint8Array, senderSecret: Uint8Array | ECDH, options: Partial<AuthEncryptParams> = {} ): Encrypter { return createFullEncrypter( recipientPublicKey, senderSecret, options, { createKek: createX25519Ecdh1PUv3Kek, alg: 'ECDH-1PU' }, xc20pKeyWrapper, { from: (cek: Uint8Array) => xc20pDirEncrypter(cek), enc: 'XC20P' } ) } export async function resolveX25519Encrypters(dids: string[], resolver: Resolvable): Promise<Encrypter[]> { const encryptersForDID = async (did: string, resolved: string[] = []): Promise<Encrypter[]> => { const { didResolutionMetadata, didDocument } = await resolver.resolve(did) resolved.push(did) if (didResolutionMetadata?.error || didDocument == null) { throw new Error( `resolver_error: Could not resolve ${did}: ${didResolutionMetadata.error}, ${didResolutionMetadata.message}` ) } let controllerEncrypters: Encrypter[] = [] if (!didDocument.controller && !didDocument.keyAgreement) { throw new Error(`no_suitable_keys: Could not find x25519 key for ${did}`) } if (didDocument.controller) { let controllers = Array.isArray(didDocument.controller) ? didDocument.controller : [didDocument.controller] controllers = controllers.filter((c) => !resolved.includes(c)) const encrypterPromises = controllers.map((did) => encryptersForDID(did, resolved).catch(() => { return [] }) ) const encrypterArrays = await Promise.all(encrypterPromises) controllerEncrypters = ([] as Encrypter[]).concat(...encrypterArrays) } const agreementKeys: VerificationMethod[] = didDocument.keyAgreement ?.map((key) => { if (typeof key === 'string') { return [...(didDocument.publicKey || []), ...(didDocument.verificationMethod || [])].find( (pk) => pk.id === key ) } return key }) ?.filter((key) => typeof key !== 'undefined') as VerificationMethod[] const pks = agreementKeys?.filter((key) => ['X25519KeyAgreementKey2019', 'X25519KeyAgreementKey2020', 'JsonWebKey2020', 'Multikey'].includes(key.type) ) ?? [] if (!pks.length && !controllerEncrypters.length) throw new Error(`no_suitable_keys: Could not find X25519 key for ${did}`) return pks .map((pk) => { const { keyBytes, keyType } = extractPublicKeyBytes(pk) if (keyType === 'X25519') { return x25519Encrypter(keyBytes, pk.id) } else { return null } }) .filter(isDefined) .concat(...controllerEncrypters) } const encrypterPromises = dids.map((did) => encryptersForDID(did)) const encrypterArrays = await Promise.all(encrypterPromises) return ([] as Encrypter[]).concat(...encrypterArrays) } /** * @deprecated Use {@link xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2 | xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2() } * instead */ export function x25519Decrypter(receiverSecret: Uint8Array | ECDH): Decrypter { return xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2(receiverSecret) } /** * Recommended decrypter for anonymous encryption (i.e. no sender authentication). * Uses {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | ECDH-ES+XC20PKW v2 }. * * @param recipientSecret - either a Uint8Array representing the recipient secret key or * an ECDH function that wraps the key and can promise a shared secret given a public key * * @returns a {@link Decrypter} instance usable with {@link decryptJWE} * * NOTE: ECDH-ES+XC20PKW is a proposed draft in IETF and not a standard yet and * is subject to change as new revisions or until the official CFRG specification is released. * * @beta */ export function xc20pAnonDecrypterEcdhESx25519WithXc20PkwV2(recipientSecret: Uint8Array | ECDH): Decrypter { const alg = 'ECDH-ES+XC20PKW' const enc = 'XC20P' async function decrypt( sealed: Uint8Array, iv: Uint8Array, aad?: Uint8Array, recipient?: Recipient ): Promise<Uint8Array | null> { recipient = <Recipient>recipient const header = validateHeader(recipient.header) const kek = await computeX25519EcdhEsKek(recipient, recipientSecret, alg) if (!kek) return null // Content Encryption Key const sealedCek = toSealed(recipient.encrypted_key, header.tag) const cek = await xc20pDirDecrypter(kek).decrypt(sealedCek, base64ToBytes(header.iv)) if (cek === null) return null return xc20pDirDecrypter(cek).decrypt(sealed, iv, aad) } return { alg, enc, decrypt } } /** * Recommended decrypter for authenticated encryption (i.e. sender authentication and requires * sender public key to decrypt the data). * Uses {@link https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03 | ECDH-1PU v3 } and * {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | XC20PKW v2 }. * * @param recipientSecret - either a Uint8Array representing the recipient secret key or * an ECDH function that wraps the key and can promise a shared secret given a public key * @param senderPublicKey - the byte array representing the sender public key * * @returns a {@link Decrypter} instance usable with {@link decryptJWE} * * NOTE: ECDH-1PU and XC20PKW are proposed drafts in IETF and not a standard yet and * are subject to change as new revisions or until the official CFRG specification are released. * * @beta * * Implements ECDH-1PU+XC20PKW with XChaCha20Poly1305 based on the following specs: * - {@link https://tools.ietf.org/html/draft-amringer-jose-chacha-02 | XC20PKW} * - {@link https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03 | ECDH-1PU} */ export function xc20pAuthDecrypterEcdh1PuV3x25519WithXc20PkwV2( recipientSecret: Uint8Array | ECDH, senderPublicKey: Uint8Array ): Decrypter { const alg = 'ECDH-1PU+XC20PKW' const enc = 'XC20P' async function decrypt( sealed: Uint8Array, iv: Uint8Array, aad?: Uint8Array, recipient?: Recipient ): Promise<Uint8Array | null> { recipient = <Recipient>recipient const header = validateHeader(recipient.header) const kek = await computeX25519Ecdh1PUv3Kek(recipient, recipientSecret, senderPublicKey, alg) if (!kek) return null // Content Encryption Key const sealedCek = toSealed(recipient.encrypted_key, header.tag) const cek = await xc20pDirDecrypter(kek).decrypt(sealedCek, base64ToBytes(header.iv)) if (cek === null) return null return xc20pDirDecrypter(cek).decrypt(sealed, iv, aad) } return { alg, enc, decrypt } }