feat(did-comm): add support for the AES based content and key encrypt…

…ion algorithms (#1180)

* feat(did-comm): initial support for A256KW key wrapping for didcomm
* feat(did-comm): support A256GCM content encryption
* chore(deps): use @noble/* libraries instead of elliptic, @stablelib/, js-sha3, blakejs
* feat(did-comm): add AES encryption and key wrapping
* fix(data-store): compare decrypted keys when importing
* feat(did-comm): add support for A256CBC-HS512 content encryption

__tests__/initial.migration.test.ts

@@ -167,7 +167,7 @@ describe('database initial migration tests', () => {
           encoding: 'utf-8',
         })
         expect(signedMessage).toEqual(
-          'vzDocUViJh7ooOCZ-jBHKZddEsTa4yClHwhIL9SHJwjAv3bC6TZIcUnX36ZqNBWvLbnNAQvdtzqrVf3l0pv3QQ',
+          'vzDocUViJh7ooOCZ-jBHKZddEsTa4yClHwhIL9SHJwg_QIk9Fsm3jrYoIFmVy-pPjPUP5aNq6QEUfGCm_ZpKAA',
         )
       })
 
@@ -203,7 +203,7 @@ describe('database initial migration tests', () => {
           encoding: 'utf-8',
         })
         expect(signedMessage).toEqual(
-          'JDaZFSC4eWQdau4G9a8l8ml0rhwmzCY4oEDIr-cjWK2nVCOGZP94HV3EfbpO_X3bZKPITLg8FJgVVSyRRPcObQ',
+          'JDaZFSC4eWQdau4G9a8l8ml0rhwmzCY4oEDIr-cjWK1Yq9x5mwCH4qI7gkWxAoIjVgsUmfcMi6OqfTH7iz8y1A',
         )
       })
 

__tests__/shared/verifiableDataJWT.ts

@@ -100,7 +100,7 @@ export default (testContext: {
         },
         proofFormat: 'jwt',
       })
-      const verifyResult = await agent.verifyCredential({credential: verifiableCredential})
+      const verifyResult = await agent.verifyCredential({ credential: verifiableCredential })
 
       expect(verifyResult.verified).toBe(true)
       expect(verifiableCredential).toHaveProperty('proof.jwt')
@@ -403,7 +403,7 @@ export default (testContext: {
               hello: 'world',
             },
             credentialStatus: {
-              id: 'override me',
+              id: 'override:me',
               type: 'ThisMethodDoesNotExist2022',
             },
           },

__tests__/shared/verifiableDataLD.ts

@@ -37,7 +37,11 @@ export default (testContext: {
       challenge = 'TEST_CHALLENGE_STRING'
       didEthrIdentifier = await agent.didManagerCreate({ kms: 'local', provider: 'did:ethr' })
       didKeyIdentifier = await agent.didManagerCreate({ kms: 'local', provider: 'did:key' })
-      pkhIdentifier = await agent.didManagerCreate({ kms: 'local', provider: "did:pkh", options: { chainId: "1"} })
+      pkhIdentifier = await agent.didManagerCreate({
+        kms: 'local',
+        provider: 'did:pkh',
+        options: { chainId: '1' },
+      })
     })
     afterAll(testContext.tearDown)
 
@@ -295,7 +299,7 @@ export default (testContext: {
           issuer: { id: pkhIdentifier.did },
           '@context': [
             'https://www.w3.org/2018/credentials/v1',
-            'https://veramo.io/contexts/discord-kudos/v1'
+            'https://veramo.io/contexts/discord-kudos/v1',
           ],
           type: ['VerifiableCredential', 'DiscordKudos'],
           issuanceDate: new Date().toISOString(),
@@ -315,10 +319,9 @@ export default (testContext: {
 
       const result = await agent.verifyCredential({
         credential,
-        fetchRemoteContexts: true
+        fetchRemoteContexts: true,
       })
       expect(result.verified).toBe(true)
-
     })
 
     describe('credential verification policies', () => {
@@ -363,7 +366,7 @@ export default (testContext: {
               name: 'hello',
             },
             credentialStatus: {
-              id: 'override me',
+              id: 'override:me',
               type: 'ThisMethodDoesNotExist2022',
             },
           },

package.json

@@ -24,26 +24,27 @@
     "docs": "pnpm docs:copy && pnpm docs:build",
     "docs:copy": "ts-node ./scripts/docs-copy.ts",
     "docs:build": "ts-node ./scripts/docs-build.ts && pnpm docs:pretty",
-    "docs:pretty": "pretty-quick"
+    "docs:pretty": "prettier --write docs/**/*.md"
   },
   "devDependencies": {
     "@ethersproject/contracts": "^5.7.0",
     "@ethersproject/providers": "^5.7.2",
     "@ethersproject/transactions": "^5.7.0",
     "@ethersproject/wallet": "^5.7.0",
-    "@jest/globals": "^29.5.0",
+    "@jest/globals": "29.5.0",
     "@metamask/eth-sig-util": "6.0.0",
     "@microsoft/api-documenter": "7.22.16",
     "@microsoft/api-extractor": "7.35.2",
     "@microsoft/api-extractor-model": "7.27.2",
     "@microsoft/tsdoc": "0.14.2",
+    "@noble/hashes": "1.3.1",
+    "@stablelib/ed25519": "1.0.3",
     "@transmute/credentials-context": "0.7.0-unstable.81",
     "@types/express": "4.17.17",
     "@types/fs-extra": "11.0.1",
     "@types/jest": "29.5.2",
     "@types/node": "20.3.0",
-    "@types/uuid": "9.0.1",
-    "blakejs": "1.2.1",
+    "@types/uuid": "9.0.2",
     "caip": "1.1.0",
     "credential-status": "2.0.5",
     "cross-env": "7.0.3",
@@ -63,15 +64,14 @@
     "oas-resolver": "2.5.6",
     "openapi-types": "12.1.3",
     "prettier": "3.0.0",
-    "pretty-quick": "3.1.3",
     "rimraf": "5.0.1",
     "semantic-release": "21.0.5",
     "ts-jest": "29.1.0",
     "ts-json-schema-generator": "1.2.0",
     "ts-node": "10.9.1",
     "typeorm": "0.3.16",
     "typescript": "5.1.3",
-    "uint8arrays": "4.0.3",
+    "uint8arrays": "4.0.4",
     "uuid": "9.0.0",
     "web-did-resolver": "2.0.27"
   },

packages/cli/package.json

@@ -33,10 +33,10 @@
     "update-veramo-latest": "pnpm add @veramo/core@latest @veramo/discovery@latest @veramo/remote-client@latest @veramo/remote-server@latest @veramo/did-provider-key@latest @veramo/did-resolver@latest @veramo/did-jwt@latest @veramo/credential-w3c@latest @veramo/did-provider-ethr@latest @veramo/did-provider-web@latest @veramo/did-comm@latest @veramo/kms-local@latest @veramo/selective-disclosure@latest @veramo/data-store@latest @veramo/key-manager@latest @veramo/message-handler@latest @veramo/did-manager@latest @veramo/url-handler@latest @veramo/credential-eip712@latest @veramo/utils@latest"
   },
   "dependencies": {
-    "@microsoft/api-extractor": "^7.35.1",
-    "@microsoft/api-extractor-model": "^7.27.1",
-    "@transmute/credentials-context": "^0.7.0-unstable.79",
-    "@types/blessed": "^0.1.19",
+    "@microsoft/api-extractor": "^7.35.2",
+    "@microsoft/api-extractor-model": "^7.27.2",
+    "@transmute/credentials-context": "^0.7.0-unstable.81",
+    "@types/blessed": "^0.1.22",
     "@types/swagger-ui-express": "^4.1.3",
     "@veramo/core": "workspace:^",
     "@veramo/core-types": "workspace:^",
@@ -64,37 +64,37 @@
     "@veramo/utils": "workspace:^",
     "blessed": "^0.1.81",
     "commander": "^11.0.0",
-    "console-table-printer": "^2.10.0",
+    "console-table-printer": "^2.11.1",
     "cors": "^2.8.5",
     "cross-fetch": "^3.1.6",
-    "date-fns": "^2.28.0",
-    "debug": "^4.3.3",
-    "did-resolver": "^4.0.1",
-    "dotenv": "^16.0.0",
+    "date-fns": "^2.30.0",
+    "debug": "^4.3.4",
+    "did-resolver": "^4.1.0",
+    "dotenv": "^16.1.4",
     "ethr-did-resolver": "^8.0.0",
     "express": "^4.18.2",
-    "express-handlebars": "^7.0.0",
+    "express-handlebars": "^7.0.7",
     "fuzzy": "^0.1.3",
-    "handlebars": "^4.7.6",
-    "inquirer": "^9.1.4",
+    "handlebars": "^4.7.7",
+    "inquirer": "^9.2.7",
     "inquirer-autocomplete-prompt": "^3.0.0",
     "json-schema": "^0.4.0",
-    "json5": "^2.2.0",
-    "jsonpointer": "^5.0.0",
-    "oas-resolver": "^2.5.3",
-    "openapi-types": "^12.0.2",
+    "json5": "^2.2.3",
+    "jsonpointer": "^5.0.1",
+    "oas-resolver": "^2.5.6",
+    "openapi-types": "^12.1.3",
     "passport": "^0.6.0",
     "passport-http-bearer": "^1.0.1",
-    "pg": "^8.7.1",
+    "pg": "^8.11.0",
     "qrcode-terminal": "^0.12.0",
-    "sqlite3": "^5.0.8",
-    "swagger-ui-express": "^4.6.0",
+    "sqlite3": "^5.1.6",
+    "swagger-ui-express": "^4.6.3",
     "ts-json-schema-generator": "^1.2.0",
     "typeorm": "^0.3.10",
-    "url-parse": "^1.5.4",
-    "web-did-resolver": "^2.0.21",
-    "ws": "^8.11.0",
-    "yaml": "^2.1.3"
+    "url-parse": "^1.5.10",
+    "web-did-resolver": "^2.0.24",
+    "ws": "^8.13.0",
+    "yaml": "^2.3.1"
   },
   "devDependencies": {
     "@types/debug": "4.1.8",
@@ -105,7 +105,7 @@
     "@types/passport-http-bearer": "1.0.37",
     "@types/qrcode-terminal": "0.12.0",
     "@types/url-parse": "1.4.8",
-    "@types/ws": "8.5.4",
+    "@types/ws": "8.5.5",
     "typescript": "5.1.3"
   },
   "files": [

packages/core-types/package.json

@@ -35,8 +35,8 @@
   "dependencies": {
     "credential-status": "^2.0.5",
     "debug": "^4.3.3",
-    "did-jwt-vc": "^3.1.0",
-    "did-resolver": "^4.0.1"
+    "did-jwt-vc": "^3.2.3",
+    "did-resolver": "^4.1.0"
   },
   "devDependencies": {
     "@types/debug": "4.1.8",

packages/core/package.json

@@ -16,7 +16,7 @@
     "@veramo/core-types": "workspace:^",
     "debug": "^4.3.4",
     "events": "^3.2.0",
-    "z-schema": "^6.0.0"
+    "z-schema": "^6.0.1"
   },
   "devDependencies": {
     "@types/debug": "4.1.8",

packages/credential-ld/package.json

@@ -23,16 +23,15 @@
     "@digitalcredentials/jsonld": "^5.2.1",
     "@digitalcredentials/jsonld-signatures": "^9.3.1",
     "@digitalcredentials/vc": "^5.0.0",
-    "@transmute/credentials-context": "^0.7.0-unstable.79",
-    "@transmute/ed25519-signature-2018": "^0.7.0-unstable.79",
-    "@transmute/json-web-signature": "^0.7.0-unstable.79",
+    "@transmute/credentials-context": "^0.7.0-unstable.81",
+    "@transmute/ed25519-signature-2018": "^0.7.0-unstable.81",
+    "@transmute/json-web-signature": "^0.7.0-unstable.81",
     "@veramo-community/lds-ecdsa-secp256k1-recovery2020": "uport-project/EcdsaSecp256k1RecoverySignature2020",
     "@veramo/core-types": "workspace:^",
     "@veramo/utils": "workspace:^",
     "cross-fetch": "^3.1.6",
     "debug": "^4.3.3",
-    "did-resolver": "^4.0.1",
-    "uint8arrays": "^4.0.3"
+    "did-resolver": "^4.1.0"
   },
   "resolutions": {
     "@types/react": "18.0.26",

packages/credential-ld/src/suites/EcdsaSecp256k1RecoverySignature2020.ts

@@ -1,8 +1,7 @@
 import { RequiredAgentMethods, VeramoLdSignature } from '../ld-suites.js'
 import { CredentialPayload, DIDDocument, IAgentContext, IKey, TKeyType } from '@veramo/core-types'
 import ldsEcdsa from '@veramo-community/lds-ecdsa-secp256k1-recovery2020'
-import * as u8a from 'uint8arrays'
-import { asArray, encodeJoseBlob } from '@veramo/utils'
+import { asArray, bytesToBase64, concat, encodeJoseBlob, stringToUtf8Bytes } from '@veramo/utils'
 
 const { EcdsaSecp256k1RecoveryMethod2020, EcdsaSecp256k1RecoverySignature2020 } = ldsEcdsa
 
@@ -36,8 +35,8 @@ export class VeramoEcdsaSecp256k1RecoverySignature2020 extends VeramoLdSignature
           crit: ['b64'],
         }
         const headerString = encodeJoseBlob(header)
-        const messageBuffer = u8a.concat([u8a.fromString(`${headerString}.`, 'utf-8'), args.data])
-        const messageString = u8a.toString(messageBuffer, 'base64')
+        const messageBuffer = concat([stringToUtf8Bytes(`${headerString}.`), args.data])
+        const messageString = bytesToBase64(messageBuffer)
         const signature = await context.agent.keyManagerSign({
           keyRef: key.kid,
           algorithm: 'ES256K-R',
@@ -59,7 +58,7 @@ export class VeramoEcdsaSecp256k1RecoverySignature2020 extends VeramoLdSignature
       }),
     })
 
-    suite.ensureSuiteContext = ({ document }: { document: any, addSuiteContext: boolean }) => {
+    suite.ensureSuiteContext = ({ document }: { document: any; addSuiteContext: boolean }) => {
       document['@context'] = [...asArray(document['@context'] || []), this.getContext()]
     }
 
@@ -70,12 +69,14 @@ export class VeramoEcdsaSecp256k1RecoverySignature2020 extends VeramoLdSignature
     return new EcdsaSecp256k1RecoverySignature2020()
   }
 
-  preSigningCredModification(credential: CredentialPayload): void {
-  }
+  preSigningCredModification(credential: CredentialPayload): void {}
 
   async preDidResolutionModification(didUrl: string, didDoc: DIDDocument): Promise<DIDDocument> {
-//    did:ethr
-    const idx = didDoc['@context']?.indexOf('https://identity.foundation/EcdsaSecp256k1RecoverySignature2020/lds-ecdsa-secp256k1-recovery2020-0.0.jsonld') || -1
+    //    did:ethr
+    const idx =
+      didDoc['@context']?.indexOf(
+        'https://identity.foundation/EcdsaSecp256k1RecoverySignature2020/lds-ecdsa-secp256k1-recovery2020-0.0.jsonld',
+      ) || -1
     if (Array.isArray(didDoc['@context']) && idx !== -1) {
       didDoc['@context'][idx] = this.getContext()
     }
@@ -85,7 +86,7 @@ export class VeramoEcdsaSecp256k1RecoverySignature2020 extends VeramoLdSignature
       didDoc.verificationMethod?.forEach((x) => {
         if (x.blockchainAccountId) {
           if (x.blockchainAccountId.lastIndexOf('@eip155:') !== -1) {
-            const [ address, chain ] = x.blockchainAccountId.split("@eip155:")
+            const [address, chain] = x.blockchainAccountId.split('@eip155:')
             x.blockchainAccountId = `eip155:${chain}:${address}`
           }
         }

packages/credential-ld/src/suites/Ed25519Signature2018.ts

@@ -1,7 +1,6 @@
-import { encodeJoseBlob } from '@veramo/utils'
+import { bytesToBase64, concat, encodeJoseBlob, hexToBytes, stringToUtf8Bytes } from '@veramo/utils'
 import { RequiredAgentMethods, VeramoLdSignature } from '../ld-suites.js'
 import { CredentialPayload, DIDDocument, IAgentContext, IKey, TKeyType } from '@veramo/core-types'
-import * as u8a from 'uint8arrays'
 import { Ed25519Signature2018, Ed25519VerificationKey2018 } from '@transmute/ed25519-signature-2018'
 
 /**
@@ -38,8 +37,8 @@ export class VeramoEd25519Signature2018 extends VeramoLdSignature {
           crit: ['b64'],
         }
         const headerString = encodeJoseBlob(header)
-        const messageBuffer = u8a.concat([u8a.fromString(`${headerString}.`, 'utf-8'), args.data])
-        const messageString = u8a.toString(messageBuffer, 'base64')
+        const messageBuffer = concat([stringToUtf8Bytes(`${headerString}.`), args.data])
+        const messageString = bytesToBase64(messageBuffer)
         const signature = await context.agent.keyManagerSign({
           keyRef: key.kid,
           algorithm: 'EdDSA',
@@ -53,7 +52,7 @@ export class VeramoEd25519Signature2018 extends VeramoLdSignature {
     const verificationKey = new Ed25519VerificationKey2018({
       id,
       controller,
-      publicKey: u8a.fromString(key.publicKeyHex, 'base16'),
+      publicKey: hexToBytes(key.publicKeyHex),
       signer: () => signer,
       type: this.getSupportedVerificationType(),
     })

packages/credential-ld/src/suites/Ed25519Signature2020.ts

@@ -8,10 +8,16 @@ import {
   IResolver,
   TKeyType,
 } from '@veramo/core-types'
-import * as u8a from 'uint8arrays'
 import { Ed25519Signature2020 } from '@digitalcredentials/ed25519-signature-2020'
 import { Ed25519VerificationKey2020 } from '@digitalcredentials/ed25519-verification-key-2020'
-import { asArray, base64ToBytes, bytesToMultibase, extractPublicKeyHex, hexToBytes } from '@veramo/utils'
+import {
+  asArray,
+  base64ToBytes,
+  bytesToBase64,
+  bytesToMultibase,
+  extractPublicKeyHex,
+  hexToBytes,
+} from '@veramo/utils'
 import { VerificationMethod } from 'did-resolver'
 
 import Debug from 'debug'
@@ -46,7 +52,7 @@ export class VeramoEd25519Signature2020 extends VeramoLdSignature {
     const signer = {
       // returns signatureBytes
       sign: async (args: { data: Uint8Array }): Promise<Uint8Array> => {
-        const messageString = u8a.toString(args.data, 'base64')
+        const messageString = bytesToBase64(args.data)
         const signature = await context.agent.keyManagerSign({
           keyRef: key.kid,
           data: messageString,