feat!: implement the changes for the dash7, draft 2024 #16

jmcabrera · 2024-10-04T10:12:11Z

BREAKING CHANGE: remove the deprecated .usingHandover method

BREAKING CHANGE: session transcripts are calculated differently so signature and MAC auth break.

BREAKING CHANGE: Verifier#verify options are moved to a builder pattern

siacomuzzi · 2024-10-04T16:49:21Z

README.md

@@ -2,7 +2,9 @@

 [ISO 18013-5](https://www.iso.org/standard/69084.html) defines mDL (mobile Driver Licenses): an ISO standard for digital driver licenses.

-This is a Node.js library to issue and verify mDL [CBOR encoded](https://cbor.io/) documents in accordance with **ISO 18013-7 (draft's date: 2023-08-02)**.
+> [!WARNING] This is a Node.js library to issue and verify mDL [CBOR encoded](https://cbor.io/) documents in accordance with **ISO 18013-7 (draft's date: 2024-02-13)**.


I wouldn't put a warning here

I removed the callout, see 655f534

README.md

Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>

siacomuzzi · 2024-10-04T16:54:34Z

README.md

+
+  const diagnosticInfo = await verifier
+    .usingEphemeralReaderKey(ephemeralReaderKey)
+    .usingSessionTranscriptBytes(encodedSessionTranscript)


can we show the wrappers for OID4VP and Web API in the doc?

see 4fd262c

src/mdoc/Verifier.ts

siacomuzzi · 2024-10-04T17:01:01Z

src/mdoc/Verifier.ts

+   *
+   * This should match the session transcript as it will be calculated by the mdoc app.
+   *
+   * @param {string} mdocGeneratedNonce - A cryptographically random number with sufficient entropy.


We are on the verifier side here, use a proper description (I don't remember where this nonce value is taken when using OID4VP)

👍🏼 see 10fe386#diff-f2508718eb8e318b6393b4a87fa592e807459ec03ca673a133ae9634f9f5d09dR344
and 10fe386#diff-f2508718eb8e318b6393b4a87fa592e807459ec03ca673a133ae9634f9f5d09dR347

siacomuzzi · 2024-10-04T17:02:55Z

src/mdoc/Verifier.ts

  /**
   * Parse and validate a DeviceResponse as specified in ISO/IEC 18013-5 (Device Retrieval section).
   *
   * @param encodedDeviceResponse
-   * @param options.encodedSessionTranscript The CBOR encoded SessionTranscript.
-   * @param options.ephemeralReaderKey The private part of the ephemeral key used in the session where the DeviceResponse was obtained. This is only required if the DeviceResponse is using the MAC method for device authentication.
+   * @param options.disableCertificateChainValidation Whether to use the certificate validation.


Is this expected? It seems like you are removing the options param

👍🏼 Removed in 10fe386

siacomuzzi · 2024-10-04T17:07:23Z

src/mdoc/model/DeviceResponse.ts

@@ -1,3 +1,4 @@
+import { createHash } from 'node:crypto';


consider using uncrypto (this should works on browsers)

Added a hash function based on uncrypto.
Had to revisit a bit the way we deal with the session transcript, as hashing is done async in uncrypto and sync in node:crypto

Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>

README.md

siacomuzzi · 2024-10-07T12:10:28Z

src/mdoc/model/DeviceResponse.ts

    );
    return this;
  }

+  async #oid4vptranscript(


minor: consider moving this helper (and the one for web api) to utils.ts (just to avoid duplicating code)

Done here and in the Verifier in 2e172eb 👍🏼

siacomuzzi · 2024-10-07T12:12:50Z

src/mdoc/model/DeviceResponse.ts

+    if (sessionTranscriptBytes instanceof Buffer) {
+      this.sessionTranscriptBytes = Promise.resolve(sessionTranscriptBytes);
+    } else {
+      this.sessionTranscriptBytes = sessionTranscriptBytes;
+    }


is this change necessary?

Indeed, the field is awaited everywhere. I removed this check in 40bc700

Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>

jmcabrera added 3 commits October 4, 2024 12:07

fix!: remove the deprecated .usingHandover method

24c8e2c

BREAKING CHANGE: remove the deprecated .usingHandover method

feat!: calculating the session transcripts as defined in dash7:2024

1733c66

BREAKING CHANGE: session transcripts are calculated differently so signature and MAC auth break.

docs: update README.MD

3d34245

jmcabrera force-pushed the iso-draft-2024 branch from c510fc4 to f054ff6 Compare October 4, 2024 13:35

docs: add a warning in the README about versions

2a0e9f8

jmcabrera force-pushed the iso-draft-2024 branch from f054ff6 to 2a0e9f8 Compare October 4, 2024 13:35

jmcabrera added 3 commits October 4, 2024 17:02

docs: fix method documentation

5e1c885

feat!: use Builder Pattern for the Verifier

75afd03

BREAKING CHANGE: Verifier#verify options are moved to a builder pattern

fix: remove dead code and fix linting

6eae5de

siacomuzzi reviewed Oct 4, 2024

View reviewed changes

docs: take review into account

655f534

siacomuzzi reviewed Oct 4, 2024

View reviewed changes

README.md Outdated Show resolved Hide resolved

docs: update README.md

f0646f1

Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>

siacomuzzi reviewed Oct 4, 2024

View reviewed changes

src/mdoc/Verifier.ts Outdated Show resolved Hide resolved

siacomuzzi reviewed Oct 4, 2024

View reviewed changes

src/mdoc/Verifier.ts Outdated Show resolved Hide resolved

siacomuzzi reviewed Oct 4, 2024

View reviewed changes

jmcabrera and others added 3 commits October 4, 2024 19:11

docs: update code snippets

4fd262c

docs: apply suggestions from code review

d4da76e

Co-authored-by: Sebastian Iacomuzzi <siacomuzzi@users.noreply.github.com>

fix: don't use node:crypto

10fe386