feat: add COSE function for 'ic_message' app

Author: zensh

pnpm-lock.yaml

@@ -5,11 +5,12 @@
     "@dfinity/candid": "^2.0.0",
     "@dfinity/principal": "^2.0.0",
     "@dfinity/utils": "^2.4.0",
-    "@ldclabs/cose-ts": "^1.2.0",
+    "@ldclabs/cose-ts": "^1.3.1",
     "@noble/hashes": "^1.4.0",
     "@paulmillr/qr": "^0.2.0",
     "@scure/base": "^1.1.7",
-    "cborg": "^4.2.3"
+    "cborg": "^4.2.3",
+    "idb": "^7.1.1"
   },
   "devDependencies": {
     "@floating-ui/dom": "^1.6.10",

src/ic_panda_frontend/package.json

@@ -0,0 +1,3 @@
+import { KVStore } from '$lib/utils/store'
+
+export const userStore = new KVStore('ICPanda_Users')

src/ic_panda_frontend/src/lib/stores/user.ts

@@ -0,0 +1,79 @@
+import { AesGcmKey } from '@ldclabs/cose-ts/aesgcm'
+import { Encrypt0Message } from '@ldclabs/cose-ts/encrypt0'
+import { Header } from '@ldclabs/cose-ts/header'
+import { hkdf256 } from '@ldclabs/cose-ts/hkdf'
+import * as iana from '@ldclabs/cose-ts/iana'
+import { KDFContext, PartyInfo, SuppPubInfo } from '@ldclabs/cose-ts/kdfcontext'
+import { argon2id } from '@noble/hashes/argon2'
+
+export {
+  assertEqual,
+  base64ToBytes,
+  bytesToBase64Url,
+  bytesToHex,
+  compareBytes,
+  concatBytes,
+  decodeCBOR,
+  encodeCBOR,
+  hexToBytes,
+  randomBytes,
+  toBytes,
+  utf8ToBytes
+} from '@ldclabs/cose-ts/utils'
+
+export { AesGcmKey } from '@ldclabs/cose-ts/aesgcm'
+export { ECDHKey } from '@ldclabs/cose-ts/ecdh'
+
+export function hashPassword(password: string, salt: string): Uint8Array {
+  // default params from https://docs.rs/argon2/latest/argon2/struct.Params.html
+  return argon2id(password, salt, { t: 2, m: 19456, p: 1 })
+}
+
+// HKDF-SHA-256 with Context Information Structure
+// https://datatracker.ietf.org/doc/html/rfc9053#name-context-information-structu
+export function deriveA256GCMSecret(
+  secret: Uint8Array,
+  salt: Uint8Array
+): Uint8Array {
+  const ctx = new KDFContext(
+    iana.AlgorithmA256GCM,
+    new PartyInfo(),
+    new PartyInfo(),
+    new SuppPubInfo(
+      256,
+      new Header(
+        new Map([[iana.HeaderParameterAlg, iana.AlgorithmDirect_HKDF_SHA_256]])
+      )
+    )
+  )
+
+  return hkdf256(secret, salt, ctx.toBytes(), 32)
+}
+
+export async function coseA256GCMEncrypt0(
+  key: AesGcmKey,
+  payload: Uint8Array,
+  aad: Uint8Array,
+  nonce: Uint8Array, // 12 bytes
+  key_id?: Uint8Array
+): Promise<Uint8Array> {
+  const protect = new Header().setParam(
+    iana.HeaderParameterAlg,
+    iana.AlgorithmA256GCM
+  )
+  const unprotected = new Header().setParam(iana.HeaderParameterIV, nonce)
+  if (key_id) {
+    unprotected.setParam(iana.HeaderParameterKid, key_id)
+  }
+  const msg = new Encrypt0Message(payload, protect, unprotected)
+  return await msg.toBytes(key, aad)
+}
+
+export async function coseA256GCMDecrypt0(
+  key: AesGcmKey,
+  data: Uint8Array,
+  aad: Uint8Array
+): Promise<Uint8Array> {
+  const msg = await Encrypt0Message.fromBytes(key, data, aad)
+  return msg.payload
+}

src/ic_panda_frontend/src/lib/utils/crypto.ts

@@ -0,0 +1,36 @@
+import { openDB, type IDBPDatabase } from 'idb'
+
+export type IDBValidKey = string | number | Date | BufferSource | IDBValidKey[]
+
+export class KVStore {
+  private static storeName = 'KV'
+  private db: Promise<IDBPDatabase>
+
+  constructor(dbName: string) {
+    if (!dbName.trim()) {
+      throw new Error('dbName is required')
+    }
+    this.db = openDB(dbName, 1, {
+      upgrade(db) {
+        db.createObjectStore(KVStore.storeName)
+      }
+    })
+  }
+
+  async getItem<T>(key: IDBValidKey): Promise<T | null> {
+    const db = await this.db
+    return (await db.get(KVStore.storeName, key)) || null
+  }
+
+  async setItem<T>(key: IDBValidKey, value: T): Promise<void> {
+    const db = await this.db
+    const tx = db.transaction(KVStore.storeName, 'readwrite')
+    await Promise.all([tx.store.put(value, key), tx.done])
+  }
+
+  async removeItem(key: IDBValidKey): Promise<void> {
+    const db = await this.db
+    const tx = db.transaction(KVStore.storeName, 'readwrite')
+    await Promise.all([tx.store.delete(key), tx.done])
+  }
+}