feat!: implement the changes for the dash7, draft 2024#16
feat!: implement the changes for the dash7, draft 2024#16jmcabrera wants to merge 16 commits intoauth0-lab:mainfrom
Conversation
BREAKING CHANGE: remove the deprecated .usingHandover method
BREAKING CHANGE: session transcripts are calculated differently so signature and MAC auth break.
jmcabrera
force-pushed
the
iso-draft-2024
branch
from
c510fc4 to
f054ff6
Compare
jmcabrera
force-pushed
the
iso-draft-2024
branch
from
f054ff6 to
2a0e9f8
Compare
BREAKING CHANGE: Verifier#verify options are moved to a builder pattern
README.md
Outdated
| [ISO 18013-5](https://www.iso.org/standard/69084.html) defines mDL (mobile Driver Licenses): an ISO standard for digital driver licenses. | ||
|
|
||
| This is a Node.js library to issue and verify mDL [CBOR encoded](https://cbor.io/) documents in accordance with **ISO 18013-7 (draft's date: 2023-08-02)**. | ||
| > [!WARNING] This is a Node.js library to issue and verify mDL [CBOR encoded](https://cbor.io/) documents in accordance with **ISO 18013-7 (draft's date: 2024-02-13)**. |
There was a problem hiding this comment.
I wouldn't put a warning here
Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>
README.md
Outdated
|
|
||
| const diagnosticInfo = await verifier | ||
| .usingEphemeralReaderKey(ephemeralReaderKey) | ||
| .usingSessionTranscriptBytes(encodedSessionTranscript) |
There was a problem hiding this comment.
can we show the wrappers for OID4VP and Web API in the doc?
src/mdoc/Verifier.ts
Outdated
| * | ||
| * This should match the session transcript as it will be calculated by the mdoc app. | ||
| * | ||
| * @param {string} mdocGeneratedNonce - A cryptographically random number with sufficient entropy. |
There was a problem hiding this comment.
We are on the verifier side here, use a proper description (I don't remember where this nonce value is taken when using OID4VP)
There was a problem hiding this comment.
src/mdoc/Verifier.ts
Outdated
| * @param encodedDeviceResponse | ||
| * @param options.encodedSessionTranscript The CBOR encoded SessionTranscript. | ||
| * @param options.ephemeralReaderKey The private part of the ephemeral key used in the session where the DeviceResponse was obtained. This is only required if the DeviceResponse is using the MAC method for device authentication. | ||
| * @param options.disableCertificateChainValidation Whether to use the certificate validation. |
There was a problem hiding this comment.
Is this expected? It seems like you are removing the options param
src/mdoc/model/DeviceResponse.ts
Outdated
| @@ -1,3 +1,4 @@ | |||
| import { createHash } from 'node:crypto'; | |||
There was a problem hiding this comment.
consider using uncrypto (this should works on browsers)
There was a problem hiding this comment.
Added a hash function based on uncrypto.
Had to revisit a bit the way we deal with the session transcript, as hashing is done async in uncrypto and sync in node:crypto
Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>
src/mdoc/model/DeviceResponse.ts
Outdated
| return this; | ||
| } | ||
|
|
||
| async #oid4vptranscript( |
There was a problem hiding this comment.
minor: consider moving this helper (and the one for web api) to utils.ts (just to avoid duplicating code)
There was a problem hiding this comment.
Done here and in the Verifier in 2e172eb 👍🏼
src/mdoc/model/DeviceResponse.ts
Outdated
| if (sessionTranscriptBytes instanceof Buffer) { | ||
| this.sessionTranscriptBytes = Promise.resolve(sessionTranscriptBytes); | ||
| } else { | ||
| this.sessionTranscriptBytes = sessionTranscriptBytes; | ||
| } |
There was a problem hiding this comment.
is this change necessary?
There was a problem hiding this comment.
Indeed, the field is awaited everywhere. I removed this check in 40bc700
Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>
2 participants
BREAKING CHANGE: remove the deprecated .usingHandover method