Add Diffie-Hellman key exchange for encryption to Account

bindings/stronghold-nodejs/examples/src/tests/key_exchange.ts

@@ -0,0 +1,9 @@
+import { keyExchange } from "../../../../wasm/examples-account/src/key_exchange";
+import { stronghold } from '../stronghold';
+
+// Only verifies that no uncaught exceptions are thrown, including syntax errors etc.
+describe("Test Stronghold Node.js examples", function () {
+    it("Key Exchange", async () => {
+        await keyExchange(await stronghold());
+    });
+})

bindings/stronghold-nodejs/js/stronghold.ts

@@ -1,5 +1,5 @@
-import { NapiStronghold, NapiDID, NapiKeyLocation, NapiChainState, NapiDocument, NapiKeyType, NapiDidLocation } from '../napi-dist/napi';
-import { DID, KeyLocation, Signature, ChainState, Storage, KeyType, Document } from "@iota/identity-wasm/node";
+import { NapiStronghold, NapiDID, NapiKeyLocation, NapiChainState, NapiDocument, NapiKeyType, NapiDidLocation, NapiEncryptedData } from '../napi-dist/napi';
+import { DID, KeyLocation, Signature, ChainState, Storage, KeyType, Document, EncryptedData } from "@iota/identity-wasm/node";
 
 export class Stronghold implements Storage {
     private napiStronghold: NapiStronghold;
@@ -97,6 +97,28 @@ export class Stronghold implements Storage {
         return Signature.fromJSON(napiSignature.toJSON());
     }
 
+    public async keyExchange(did: DID, keyLocation: KeyLocation, publicKey: Uint8Array, fragment: string): Promise<KeyLocation> {
+        const napiDID: NapiDID = NapiDID.fromJSON(did.toJSON());
+        const napiKeyLocation = NapiKeyLocation.fromJSON(keyLocation.toJSON());
+        const secretLocation = await this.napiStronghold.keyExchange(napiDID, napiKeyLocation, Array.from(publicKey), fragment);
+        return KeyLocation.fromJSON(secretLocation.toJSON());
+    }
+
+    public async encryptData(did: DID, keyLocation: KeyLocation, data: Uint8Array, associatedData: Uint8Array): Promise<EncryptedData> {
+        const napiDID: NapiDID = NapiDID.fromJSON(did.toJSON());
+        const napiKeyLocation = NapiKeyLocation.fromJSON(keyLocation.toJSON());
+        const napiEncryptedData = await this.napiStronghold.encryptData(napiDID, napiKeyLocation, Array.from(data), Array.from(associatedData));
+        return EncryptedData.fromJSON(napiEncryptedData.toJSON());
+    }
+
+    public async decryptData(did: DID, keyLocation: KeyLocation, data: EncryptedData): Promise<Uint8Array> {
+        const napiDID: NapiDID = NapiDID.fromJSON(did.toJSON());
+        const napiKeyLocation = NapiKeyLocation.fromJSON(keyLocation.toJSON());
+        const napiEncryptedData = NapiEncryptedData.fromJSON(data.toJSON());
+        const decryptedData = await this.napiStronghold.decryptData(napiDID, napiKeyLocation, napiEncryptedData);
+        return Uint8Array.from(decryptedData);
+    }
+
     public async chainStateGet(did: DID): Promise<ChainState | undefined> {
         const napiDID: NapiDID = NapiDID.fromJSON(did.toJSON());
         const napiChainState: NapiChainState | undefined = await this.napiStronghold.chainStateGet(napiDID);

bindings/stronghold-nodejs/src/account/storage/stronghold.rs

@@ -3,6 +3,7 @@
 
 use identity_account_storage::storage::Storage;
 use identity_account_storage::storage::Stronghold;
+use identity_account_storage::types::EncryptedData;
 use identity_account_storage::types::KeyLocation;
 use identity_core::crypto::PrivateKey;
 use identity_core::crypto::PublicKey;
@@ -13,6 +14,7 @@ use napi::Result;
 use napi_derive::napi;
 
 use crate::account::identity::NapiDidLocation;
+use crate::account::types::NapiEncryptedData;
 use crate::account::types::NapiKeyType;
 use crate::account::NapiChainState;
 use crate::account::NapiDocument;
@@ -175,6 +177,62 @@ impl NapiStronghold {
     self.0.key_exists(&did.0, &location.0).await.napi_result()
   }
 
+  /// Performs Diffie-Hellman key exchange using the private key of the first party with the
+  /// public key of the second party, resulting in a shared secret.
+  ///
+  /// Returns the location where the shared secred was stored
+  #[napi]
+  pub async fn key_exchange(
+    &self,
+    did: &NapiDID,
+    location: &NapiKeyLocation,
+    public_key: Vec<u32>,
+    fragment: String,
+  ) -> Result<NapiKeyLocation> {
+    let public_key: PublicKey = public_key.try_into_bytes()?.into();
+    let location: KeyLocation = self
+      .0
+      .key_exchange(&did.0, &location.0, public_key, &fragment)
+      .await
+      .napi_result()?;
+    Ok(NapiKeyLocation(location))
+  }
+
+  /// Encrypts the given `data` using the key at the specified `location`.
+  #[napi]
+  pub async fn encrypt_data(
+    &self,
+    did: &NapiDID,
+    location: &NapiKeyLocation,
+    data: Vec<u32>,
+    associated_data: Vec<u32>,
+  ) -> Result<NapiEncryptedData> {
+    let data: Vec<u8> = data.try_into_bytes()?;
+    let associated_data: Vec<u8> = associated_data.try_into_bytes()?;
+    let encrypted_data: EncryptedData = self
+      .0
+      .encrypt_data(&did.0, &location.0, data, associated_data)
+      .await
+      .napi_result()?;
+    Ok(NapiEncryptedData(encrypted_data))
+  }
+
+  /// Decrypts the given `data` using the key at the specified `location`.
+  #[napi]
+  pub async fn decrypt_data(
+    &self,
+    did: &NapiDID,
+    location: &NapiKeyLocation,
+    data: &NapiEncryptedData,
+  ) -> Result<Vec<u32>> {
+    let data: Vec<u8> = self
+      .0
+      .decrypt_data(&did.0, &location.0, data.0.clone())
+      .await
+      .napi_result()?;
+    Ok(data.into_iter().map(u32::from).collect())
+  }
+
   /// Returns the chain state of the identity specified by `did`.
   #[napi]
   pub async fn chain_state_get(&self, did: &NapiDID) -> Result<Option<NapiChainState>> {

bindings/stronghold-nodejs/src/account/types/encrypted_data.rs

@@ -0,0 +1,24 @@
+// Copyright 2020-2022 IOTA Stiftung
+// SPDX-License-Identifier: Apache-2.0
+
+use identity_account_storage::types::EncryptedData;
+use napi::Result;
+use napi_derive::napi;
+
+use crate::error::NapiResult;
+
+#[napi]
+pub struct NapiEncryptedData(pub(crate) EncryptedData);
+
+#[napi]
+impl NapiEncryptedData {
+  #[napi(js_name = fromJSON)]
+  pub fn from_json(json_value: serde_json::Value) -> Result<NapiEncryptedData> {
+    serde_json::from_value(json_value).map(Self).napi_result()
+  }
+
+  #[napi(js_name = toJSON)]
+  pub fn to_json(&self) -> Result<serde_json::Value> {
+    serde_json::to_value(&self.0).napi_result()
+  }
+}

bindings/stronghold-nodejs/src/account/types/mod.rs

@@ -1,10 +1,12 @@
 // Copyright 2020-2022 IOTA Stiftung
 // SPDX-License-Identifier: Apache-2.0
 
+pub use encrypted_data::NapiEncryptedData;
 pub use key_location::NapiKeyLocation;
 pub use key_type::NapiKeyType;
 pub use signature::NapiSignature;
 
+mod encrypted_data;
 mod key_location;
 mod key_type;
 mod signature;