refactor!: put crypto layer additions into separate folder and rewrote getProvider function

BREAKING CHANGE: `getProvider` takes `ProviderIdentifier` type.

Author: WyvernIXTL

src/CryptoLayerKeyPair.ts

@@ -1,22 +1,12 @@
 import { serialize, type, validate } from "@js-soft/ts-serval";
 import { KeyPairHandle, KeyPairSpec, Provider } from "@nmshd/rs-crypto-types";
-import { CryptoError } from "./CryptoError";
-import { CryptoErrorCode } from "./CryptoErrorCode";
+import { CryptoError } from "../CryptoError";
+import { CryptoErrorCode } from "../CryptoErrorCode";
+import { CryptoSerializable } from "../CryptoSerializable";
 import { getProvider } from "./CryptoLayerProviders";
-import { CryptoSerializable } from "./CryptoSerializable";
 
-export interface ICryptoPrivateKeyHandle {
-    keyPairHandle: KeyPairHandle;
-    spec: KeyPairSpec;
-}
-
-export interface ICryptoPrivateKeyHandleStatic {
-    new (): ICryptoPrivateKeyHandle;
-    fromNativeKey(key: any, spec: KeyPairSpec): Promise<ICryptoPrivateKeyHandle>;
-}
-
-@type("CryptoPrivateKeyHandle")
-export class CryptoPrivateKeyHandle extends CryptoSerializable implements ICryptoPrivateKeyHandle {
+@type("CryptoAsymmetricKeyHandle")
+export class CryptoAsymmetricKeyHandle extends CryptoSerializable {
     @validate()
     @serialize()
     public spec: KeyPairSpec;
@@ -33,11 +23,11 @@ export class CryptoPrivateKeyHandle extends CryptoSerializable implements ICrypt
 
     public keyPairHandle: KeyPairHandle;
 
-    public static from(value: any): CryptoPrivateKeyHandle {
+    public static from(value: any): CryptoAsymmetricKeyHandle {
         return this.fromAny(value);
     }
 
-    public static override async postFrom(value: CryptoPrivateKeyHandle): Promise<CryptoPrivateKeyHandle> {
+    public static override async postFrom(value: CryptoAsymmetricKeyHandle): Promise<CryptoAsymmetricKeyHandle> {
         const provider = getProvider(value.providerName);
         if (!provider) {
             throw new CryptoError(

src/CryptoPrivateKeyHandle.ts renamed to src/crypto-layer/CryptoAsymmetricKeyHandle.ts

@@ -8,8 +8,8 @@ import {
 } from "@nmshd/rs-crypto-types";
 
 import { defaults } from "lodash";
-import { CryptoError } from "./CryptoError";
-import { CryptoErrorCode } from "./CryptoErrorCode";
+import { CryptoError } from "../CryptoError";
+import { CryptoErrorCode } from "../CryptoErrorCode";
 import { CryptoLayerConfig, CryptoLayerProviderFilter } from "./CryptoLayerConfig";
 
 let PROVIDERS_BY_SECURITY: Map<SecurityLevel, Provider[]> | undefined = undefined;
@@ -110,37 +110,35 @@ export async function initCryptoLayerProviders(config: CryptoLayerConfig): Promi
     PROVIDERS_BY_SECURITY = await providerBySecurityMapFromProviderByNameMap(PROVIDERS_BY_NAME);
 }
 
-function isSecurityLevel(value: string): value is SecurityLevel {
-    const securityLevels = ["Hardware", "Network", "Software", "Unsafe"];
-    return securityLevels.includes(value);
-}
+export type ProviderIdentifier = Exclude<CryptoLayerProviderFilter, { providerConfig: any }>;
 
 /**
  * Returns an initialized provider with the given name or security level if possible.
  *
- * This function is structured in a way that if `initCryptoLayerProviders()` was never called it always returns undefined.
- *
- * @param key Name of a provider or security level.
- * @returns `Provider` with security level or name if providers are initialized (with `initCryptoLayerProviders`).
- *              `undefined` if providers where not initialized or if key is undefined.
- *
- * @throws `CryptoError` with `CryptoErrorCode.WrongParameters` if provider name or security level could not be matched to any provider
- *              if providers have been initialized.
+ * Returns `undefined` if providers are not initialized or provider asked for was not initialized by `initCryptoLayerProviders`.
  */
-export function getProvider(key: string | SecurityLevel | undefined): Provider | undefined {
-    if (!key) {
+export function getProvider(identifier: ProviderIdentifier): Provider | undefined {
+    if (!PROVIDERS_BY_NAME || !PROVIDERS_BY_SECURITY) {
         return undefined;
     }
 
-    if (!PROVIDERS_BY_NAME || !PROVIDERS_BY_SECURITY) {
-        return undefined;
+    if ("providerName" in identifier) {
+        return PROVIDERS_BY_NAME.get(identifier.providerName);
+    }
+    if ("securityLevel" in identifier) {
+        return PROVIDERS_BY_SECURITY.get(identifier.securityLevel)?.[0];
     }
 
-    const provider = isSecurityLevel(key) ? PROVIDERS_BY_SECURITY.get(key)?.[0] : PROVIDERS_BY_NAME.get(key);
+    throw new CryptoError(CryptoErrorCode.WrongParameters);
+}
 
+export function getProviderOrThrow(identifier: ProviderIdentifier): Provider {
+    const provider = getProvider(identifier);
     if (!provider) {
-        throw new CryptoError(CryptoErrorCode.WrongParameters, `No such provider with name or security level: ${key}`);
+        throw new CryptoError(
+            CryptoErrorCode.WrongParameters,
+            `Failed finding provider with name or security level ${identifier}`
+        );
     }
-
     return provider;
 }

src/CryptoLayerConfig.ts renamed to src/crypto-layer/CryptoLayerConfig.ts

@@ -0,0 +1,118 @@
+/* eslint-disable @typescript-eslint/naming-convention */
+import { AsymmetricKeySpec, CryptoHash, KeyPairHandle, KeyPairSpec, Provider } from "@nmshd/rs-crypto-types";
+import { defaults } from "lodash";
+import { CoreBuffer } from "../CoreBuffer";
+import { CryptoError } from "../CryptoError";
+import { CryptoErrorCode } from "../CryptoErrorCode";
+import { CryptoExchangeAlgorithm } from "../exchange/CryptoExchange";
+import { CryptoHashAlgorithm } from "../hash/CryptoHash";
+import { CryptoSignatureAlgorithm } from "../signature/CryptoSignatureAlgorithm";
+import { getProviderOrThrow, ProviderIdentifier } from "./CryptoLayerProviders";
+
+export const DEFAULT_KEY_PAIR_SPEC: KeyPairSpec = {
+    asym_spec: "P256",
+    cipher: "AesGcm256",
+    signing_hash: "Sha2_512",
+    ephemeral: false,
+    non_exportable: false
+};
+
+export function asymSpecFromCryptoAlgorithm(
+    algorithm: CryptoExchangeAlgorithm | CryptoSignatureAlgorithm
+): AsymmetricKeySpec {
+    switch (algorithm) {
+        case CryptoExchangeAlgorithm.ECDH_P256:
+            return "P256";
+        case CryptoExchangeAlgorithm.ECDH_P521:
+            return "P521";
+        case CryptoExchangeAlgorithm.ECDH_X25519:
+            return "Curve25519";
+        case CryptoSignatureAlgorithm.ECDSA_P256:
+            return "P256";
+        case CryptoSignatureAlgorithm.ECDSA_P521:
+            return "P521";
+        case CryptoSignatureAlgorithm.ECDSA_ED25519:
+            return "Curve25519";
+    }
+}
+
+export function cryptoHashFromCryptoHashAlgorithm(algorithm: CryptoHashAlgorithm): CryptoHash {
+    switch (algorithm) {
+        case CryptoHashAlgorithm.SHA256:
+            return "Sha2_256";
+        case CryptoHashAlgorithm.SHA512:
+            return "Sha2_512";
+        case CryptoHashAlgorithm.BLAKE2B:
+            throw new CryptoError(CryptoErrorCode.CalUnsupportedAlgorithm);
+    }
+}
+
+export class CryptoLayerUtils {
+    /**
+     * Returns a provider and a key pair handle from default key spec and a raw private key.
+     *
+     * @param providerIdent An identifier of an initialized provider.
+     * @param privateKeyBuffer The raw private key.
+     * @param specOverride Override default key pair spec.
+     * @returns Tuple with provider and handle to key pair.
+     *
+     * @throws `CryptoErrorCode.WrongParameters` if providerIdent does not match any initialized providers or if provider cannot import key pair.
+     */
+    public static async providerAndKeyPairFromPrivateBuffer(
+        providerIdent: ProviderIdentifier,
+        privateKeyBuffer: CoreBuffer,
+        specOverride: Partial<KeyPairSpec>
+    ): Promise<[Provider, KeyPairHandle]> {
+        const provider = getProviderOrThrow(providerIdent);
+        const spec = defaults(specOverride, DEFAULT_KEY_PAIR_SPEC);
+        const keyPair = await provider.importKeyPair(spec, new Uint8Array(0), privateKeyBuffer.buffer);
+        return [provider, keyPair];
+    }
+
+    public static async providerAndKeyPairFromPrivateBufferWithAlgorithm(
+        providerIdent: ProviderIdentifier,
+        privateKeyBuffer: CoreBuffer,
+        asymmetricAlgorithm?: CryptoExchangeAlgorithm | CryptoSignatureAlgorithm,
+        hashAlgorithm?: CryptoHashAlgorithm
+    ): Promise<[Provider, KeyPairHandle]> {
+        const override: Partial<KeyPairSpec> = {
+            asym_spec: asymmetricAlgorithm ? asymSpecFromCryptoAlgorithm(asymmetricAlgorithm) : undefined,
+            signing_hash: hashAlgorithm ? cryptoHashFromCryptoHashAlgorithm(hashAlgorithm) : undefined
+        };
+        return await this.providerAndKeyPairFromPrivateBuffer(providerIdent, privateKeyBuffer, override);
+    }
+
+    /**
+     * Returns a provider and a key pair handle from default key spec and a raw public key.
+     *
+     * @param providerIdent An identifier of an initialized provider.
+     * @param privateKeyBuffer The raw public key.
+     * @param specOverride Override default key pair spec.
+     * @returns Tuple with provider and handle to key pair.
+     *
+     * @throws `CryptoErrorCode.WrongParameters` if providerIdent does not match any initialized providers or if provider cannot import key pair.
+     */
+    public static async providerAndKeyPairFromPublicBuffer(
+        providerIdent: ProviderIdentifier,
+        publicKeyBuffer: CoreBuffer,
+        specOverride: Partial<KeyPairSpec>
+    ): Promise<[Provider, KeyPairHandle]> {
+        const provider = getProviderOrThrow(providerIdent);
+        const spec = defaults(specOverride, DEFAULT_KEY_PAIR_SPEC);
+        const keyPair = await provider.importPublicKey(spec, publicKeyBuffer.buffer);
+        return [provider, keyPair];
+    }
+
+    public static async providerAndKeyPairFromPublicBufferWithAlgorithm(
+        providerIdent: ProviderIdentifier,
+        privateKeyBuffer: CoreBuffer,
+        asymmetricAlgorithm?: CryptoExchangeAlgorithm | CryptoSignatureAlgorithm,
+        hashAlgorithm?: CryptoHashAlgorithm
+    ): Promise<CryptoLayerUtils> {
+        const override: Partial<KeyPairSpec> = {
+            asym_spec: asymmetricAlgorithm ? asymSpecFromCryptoAlgorithm(asymmetricAlgorithm) : undefined,
+            signing_hash: hashAlgorithm ? cryptoHashFromCryptoHashAlgorithm(hashAlgorithm) : undefined
+        };
+        return await this.providerAndKeyPairFromPublicBuffer(providerIdent, privateKeyBuffer, override);
+    }
+}