feat: implement rsa signer / verifier

.github/workflows/principal.yml

@@ -51,7 +51,6 @@ jobs:
     strategy:
       matrix:
         node-version:
-          - 14
           - 16
         os:
           - ubuntu-latest

packages/interface/src/lib.ts

@@ -14,8 +14,8 @@ import {
   Resource,
   Signature,
   Principal,
-  Verifier,
-  Signer,
+  Verifier as UCANVerifier,
+  Signer as UCANSigner,
 } from '@ipld/dag-ucan'
 import * as UCAN from '@ipld/dag-ucan'
 import {
@@ -39,8 +39,6 @@ export * from './transport.js'
 export type {
   Transport,
   Principal,
-  Verifier,
-  Signer,
   Phantom,
   Tuple,
   DID,
@@ -388,7 +386,23 @@ export type URI<P extends Protocol = Protocol> = `${P}${string}` &
   }>
 
 export interface PrincipalParser {
-  parse(did: UCAN.DID): UCAN.Verifier
+  parse(did: UCAN.DID): Verifier
+}
+
+export interface IntoSigner {
+  decode: (bytes: Uint8Array) => Signer
+}
+
+export interface Signer<M extends string = string, A extends number = number>
+  extends UCANSigner<M, A> {
+  export?: () => Await<ByteView<Signer<M, A>>>
+  toCryptoKey?: () => Await<CryptoKey>
+}
+
+export interface Verifier<M extends string = string, A extends number = number>
+  extends UCANVerifier<M, A> {
+  export?: () => Await<ByteView<Verifier<M, A>>>
+  toCryptoKey?: () => Await<CryptoKey>
 }
 
 export type InferInvokedCapability<

packages/principal/package.json

@@ -30,7 +30,8 @@
     "@ipld/dag-ucan": "^4.0.0-beta",
     "@noble/ed25519": "^1.7.0",
     "@ucanto/interface": "^1.0.0",
-    "multiformats": "^9.8.1"
+    "multiformats": "^9.8.1",
+    "one-webcrypto": "^1.0.3"
   },
   "devDependencies": {
     "@types/chai": "^4.3.3",
@@ -52,13 +53,20 @@
       ],
       "ed25519": [
         "dist/src/ed25519.d.ts"
+      ],
+      "rsa": [
+        "dist/src/rsa.d.ts"
       ]
     }
   },
   "exports": {
     "./ed25519": {
       "types": "./dist/src/ed25519.d.ts",
       "import": "./src/ed25519.js"
+    },
+    "./rsa": {
+      "types": "./dist/src/rsa.d.ts",
+      "import": "./src/rsa.js"
     }
   },
   "c8": {

packages/principal/src/ed25519/signer.js

@@ -1,12 +1,14 @@
 import * as ED25519 from '@noble/ed25519'
 import { varint } from 'multiformats'
-import * as API from '@ucanto/interface'
+import * as API from './type.js'
 import * as Verifier from './verifier.js'
 import { base64pad, base64url } from 'multiformats/bases/base64'
 import * as Signature from '@ipld/dag-ucan/signature'
 
 export const code = 0x1300
 export const name = Verifier.name
+export const signatureAlgorithm = Verifier.signatureAlgorithm
+export const signatureCode = Verifier.signatureCode
 
 const PRIVATE_TAG_SIZE = varint.encodingLength(code)
 const PUBLIC_TAG_SIZE = varint.encodingLength(Verifier.code)
@@ -15,20 +17,16 @@ const SIZE = PRIVATE_TAG_SIZE + KEY_SIZE + PUBLIC_TAG_SIZE + KEY_SIZE
 
 export const PUB_KEY_OFFSET = PRIVATE_TAG_SIZE + KEY_SIZE
 
-/**
- * @typedef {API.Signer<"key", typeof Signature.EdDSA> & Uint8Array & { verifier: API.Verifier<"key", typeof Signature.EdDSA> }} Signer
- */
-
 /**
  * Generates new issuer by generating underlying ED25519 keypair.
- * @returns {Promise<Signer>}
+ * @returns {Promise<API.EdSigner>}
  */
 export const generate = () => derive(ED25519.utils.randomPrivateKey())
 
 /**
  * Derives issuer from 32 byte long secret key.
  * @param {Uint8Array} secret
- * @returns {Promise<Signer>}
+ * @returns {Promise<API.EdSigner>}
  */
 export const derive = async secret => {
   if (secret.byteLength !== KEY_SIZE) {
@@ -51,7 +49,7 @@ export const derive = async secret => {
 
 /**
  * @param {Uint8Array} bytes
- * @returns {Signer}
+ * @returns {API.EdSigner}
  */
 export const decode = bytes => {
   if (bytes.byteLength !== SIZE) {
@@ -80,31 +78,40 @@ export const decode = bytes => {
 }
 
 /**
- * @param {Signer} signer
- * @return {API.ByteView<Signer>}
+ * @param {API.EdSigner} signer
+ * @return {API.ByteView<API.EdSigner>}
  */
-export const encode = signer => signer
+export const encode = signer => signer.encode()
 
 /**
  * @template {string} Prefix
- * @param {Signer} signer
+ * @param {API.EdSigner} signer
  * @param {API.MultibaseEncoder<Prefix>} [encoder]
  */
-export const format = (signer, encoder) => (encoder || base64pad).encode(signer)
+export const format = (signer, encoder) =>
+  (encoder || base64pad).encode(signer.encode())
 
 /**
  * @template {string} Prefix
  * @param {string} principal
  * @param {API.MultibaseDecoder<Prefix>} [decoder]
- * @returns {Signer}
+ * @returns {API.EdSigner}
  */
 export const parse = (principal, decoder) =>
   decode((decoder || base64pad).decode(principal))
 
 /**
- * @implements {API.Signer<'key', typeof Signature.EdDSA>}
+ * @implements {API.EdSigner}
  */
 class Ed25519Signer extends Uint8Array {
+  /** @type {typeof code} */
+  get code() {
+    return code
+  }
+  get signer() {
+    return this
+  }
+  /** @type {API.EdVerifier} */
   get verifier() {
     const bytes = new Uint8Array(this.buffer, PRIVATE_TAG_SIZE + KEY_SIZE)
     const verifier = Verifier.decode(bytes)
@@ -149,11 +156,27 @@ class Ed25519Signer extends Uint8Array {
 
     return Signature.create(this.signatureCode, raw)
   }
+  /**
+   * @template T
+   * @param {API.ByteView<T>} payload
+   * @param {API.Signature<T, typeof this.signatureCode>} signature
+   */
+
+  verify(payload, signature) {
+    return this.verifier.verify(payload, signature)
+  }
 
   get signatureAlgorithm() {
     return 'EdDSA'
   }
   get signatureCode() {
     return Signature.EdDSA
   }
+
+  export() {
+    return this
+  }
+  encode() {
+    return this
+  }
 }

packages/principal/src/ed25519/type.ts

@@ -0,0 +1,26 @@
+import { Signer, Verifier, ByteView, UCAN, Await } from '@ucanto/interface'
+import * as Signature from '@ipld/dag-ucan/signature'
+
+export * from '@ucanto/interface'
+
+type CODE = typeof Signature.EdDSA
+type ALG = 'EdDSA'
+
+export interface EdSigner<M extends string = 'key'>
+  extends Signer<M, CODE>,
+    UCAN.Verifier<M, CODE> {
+  readonly signer: EdSigner<M>
+  readonly verifier: EdVerifier<M>
+
+  readonly code: 0x1300
+  encode(): ByteView<EdSigner<M>>
+}
+
+export interface EdVerifier<M extends string = 'key'>
+  extends Verifier<M, CODE> {
+  readonly code: 0xed
+  readonly signatureCode: CODE
+  readonly signatureAlgorithm: ALG
+
+  encode: () => ByteView<EdVerifier<M>>
+}

packages/principal/src/ed25519/verifier.js

@@ -1,13 +1,14 @@
 import * as DID from '@ipld/dag-ucan/did'
 import * as ED25519 from '@noble/ed25519'
 import { varint } from 'multiformats'
-import * as API from '@ucanto/interface'
+import * as API from './type.js'
 import * as Signature from '@ipld/dag-ucan/signature'
 import { base58btc } from 'multiformats/bases/base58'
 export const code = 0xed
+export const name = 'Ed25519'
 
 export const signatureCode = Signature.EdDSA
-export const name = 'Ed25519'
+export const signatureAlgorithm = 'EdDSA'
 const PUBLIC_TAG_SIZE = varint.encodingLength(code)
 const SIZE = 32 + PUBLIC_TAG_SIZE
 
@@ -27,7 +28,7 @@ export const parse = did => decode(DID.parse(did))
  * corresponding `Principal` that can be used to verify signatures.
  *
  * @param {Uint8Array} bytes
- * @returns {Verifier}
+ * @returns {API.EdVerifier}
  */
 export const decode = bytes => {
   const [algorithm] = varint.decode(bytes)
@@ -40,11 +41,7 @@ export const decode = bytes => {
       `Expected Uint8Array with byteLength ${SIZE}, instead got Uint8Array with byteLength ${bytes.byteLength}`
     )
   } else {
-    return new Ed25519Principal(
-      bytes.buffer,
-      bytes.byteOffset,
-      bytes.byteLength
-    )
+    return new Ed25519Verifier(bytes.buffer, bytes.byteOffset, bytes.byteLength)
   }
 }
 
@@ -64,10 +61,21 @@ export const format = principal => DID.format(principal)
 export const encode = principal => DID.encode(principal)
 
 /**
- * @implements {API.Verifier<"key", typeof Signature.EdDSA>}
- * @implements {API.Principal<"key">}
+ * @implements {API.EdVerifier}
  */
-class Ed25519Principal extends Uint8Array {
+class Ed25519Verifier extends Uint8Array {
+  /** @type {typeof code} */
+  get code() {
+    return code
+  }
+  /** @type {typeof signatureCode} */
+  get signatureCode() {
+    return signatureCode
+  }
+  /** @type {typeof signatureAlgorithm} */
+  get signatureAlgorithm() {
+    return signatureAlgorithm
+  }
   /**
    * Raw public key without a multiformat code.
    *
@@ -101,4 +109,11 @@ class Ed25519Principal extends Uint8Array {
       ED25519.verify(signature.raw, payload, this.publicKey)
     )
   }
+
+  export() {
+    return this
+  }
+  encode() {
+    return this
+  }
 }

packages/principal/src/lib.js

@@ -1 +1,9 @@
-export * as ed25519 from './ed25519.js'
+import * as ed25519 from './ed25519.js'
+import * as RSA from './rsa.js'
+import { create as createVerifier } from './verifier.js'
+import { create as createSigner } from './signer.js'
+
+export const Verifier = createVerifier([ed25519.Verifier, RSA.Verifier])
+export const Signer = createSigner([ed25519, RSA])
+
+export { ed25519, RSA }

packages/principal/src/multiformat.js

@@ -0,0 +1,35 @@
+import { varint } from 'multiformats'
+
+/**
+ *
+ * @param {number} code
+ * @param {Uint8Array} bytes
+ */
+export const tagWith = (code, bytes) => {
+  const offset = varint.encodingLength(code)
+  const multiformat = new Uint8Array(bytes.byteLength + offset)
+  varint.encodeTo(code, multiformat, 0)
+  multiformat.set(bytes, offset)
+
+  return multiformat
+}
+
+/**
+ * @param {number} code
+ * @param {Uint8Array} source
+ * @param {number} byteOffset
+ * @returns
+ */
+export const untagWith = (code, source, byteOffset = 0) => {
+  const bytes = byteOffset !== 0 ? source.subarray(byteOffset) : source
+  const [tag, size] = varint.decode(bytes)
+  if (tag !== code) {
+    throw new Error(
+      `Expected multiformat with 0x${code.toString(
+        16
+      )} tag instead got 0x${tag.toString(16)}`
+    )
+  } else {
+    return new Uint8Array(bytes.buffer, bytes.byteOffset + size)
+  }
+}