@abraca/dabra 0.1.0

package/src/CryptoIdentityKeystore.ts

@@ -0,0 +1,294 @@
+/**
+ * CryptoIdentityKeystore
+ *
+ * Per-device Ed25519 keypair, private key protected by WebAuthn PRF + AES-256-GCM.
+ * Stored in IndexedDB under "abracadabra:identity" / "identity" / key "current".
+ *
+ * No private key is ever shared between devices. Each device generates its own
+ * keypair, encrypts the private key with the PRF output from its own WebAuthn
+ * credential, and stores the ciphertext in IndexedDB.
+ *
+ * Dependencies: @noble/ed25519, @noble/hashes (for HKDF)
+ */
+
+import * as ed from "@noble/ed25519";
+import { hkdf } from "@noble/hashes/hkdf";
+import { sha256 } from "@noble/hashes/sha256";
+
+// ── Types ────────────────────────────────────────────────────────────────────
+
+interface StoredIdentity {
+	username: string;
+	/** base64url-encoded Ed25519 public key (32 bytes) */
+	publicKey: string;
+	/** AES-GCM ciphertext of the 32-byte private key */
+	encryptedPrivateKey: ArrayBuffer;
+	/** 12-byte AES-GCM nonce */
+	iv: Uint8Array;
+	/** 32-byte constant PRF input salt (per-enrollment) */
+	salt: Uint8Array;
+	/** WebAuthn credential ID */
+	credentialId: ArrayBuffer;
+}
+
+// ── Helpers ──────────────────────────────────────────────────────────────────
+
+function toBase64url(bytes: Uint8Array): string {
+	return btoa(String.fromCharCode(...bytes))
+		.replace(/\+/g, "-")
+		.replace(/\//g, "_")
+		.replace(/=/g, "");
+}
+
+function fromBase64url(b64: string): Uint8Array {
+	const padded = b64.replace(/-/g, "+").replace(/_/g, "/");
+	const padLen = (4 - (padded.length % 4)) % 4;
+	const padded2 = padded + "=".repeat(padLen);
+	return Uint8Array.from(atob(padded2), (c) => c.charCodeAt(0));
+}
+
+const DB_NAME = "abracadabra:identity";
+const STORE_NAME = "identity";
+const RECORD_KEY = "current";
+const HKDF_INFO = new TextEncoder().encode("abracadabra-identity-v1");
+
+// ── IndexedDB helpers ─────────────────────────────────────────────────────────
+
+function openDb(): Promise<IDBDatabase> {
+	return new Promise((resolve, reject) => {
+		const req = indexedDB.open(DB_NAME, 1);
+		req.onupgradeneeded = () => {
+			req.result.createObjectStore(STORE_NAME);
+		};
+		req.onsuccess = () => resolve(req.result);
+		req.onerror = () => reject(req.error);
+	});
+}
+
+async function dbGet(db: IDBDatabase): Promise<StoredIdentity | undefined> {
+	return new Promise((resolve, reject) => {
+		const tx = db.transaction(STORE_NAME, "readonly");
+		const req = tx.objectStore(STORE_NAME).get(RECORD_KEY);
+		req.onsuccess = () => resolve(req.result as StoredIdentity | undefined);
+		req.onerror = () => reject(req.error);
+	});
+}
+
+async function dbPut(db: IDBDatabase, value: StoredIdentity): Promise<void> {
+	return new Promise((resolve, reject) => {
+		const tx = db.transaction(STORE_NAME, "readwrite");
+		const req = tx.objectStore(STORE_NAME).put(value, RECORD_KEY);
+		req.onsuccess = () => resolve();
+		req.onerror = () => reject(req.error);
+	});
+}
+
+async function dbDelete(db: IDBDatabase): Promise<void> {
+	return new Promise((resolve, reject) => {
+		const tx = db.transaction(STORE_NAME, "readwrite");
+		const req = tx.objectStore(STORE_NAME).delete(RECORD_KEY);
+		req.onsuccess = () => resolve();
+		req.onerror = () => reject(req.error);
+	});
+}
+
+// ── Key derivation ────────────────────────────────────────────────────────────
+
+async function deriveAesKey(prfOutput: ArrayBuffer, salt: Uint8Array): Promise<CryptoKey> {
+	const ikm = new Uint8Array(prfOutput);
+	const keyBytes = hkdf(sha256, ikm, salt, HKDF_INFO, 32);
+	return crypto.subtle.importKey("raw", keyBytes, { name: "AES-GCM" }, false, [
+		"encrypt",
+		"decrypt",
+	]);
+}
+
+// ── Main class ───────────────────────────────────────────────────────────────
+
+export class CryptoIdentityKeystore {
+	/**
+	 * One-time setup for a device: generates an Ed25519 keypair, creates a
+	 * WebAuthn credential with PRF extension, encrypts the private key, and
+	 * stores everything in IndexedDB.
+	 *
+	 * Returns the base64url-encoded public key. The caller must register this
+	 * key with the server via POST /auth/register (first device) or
+	 * POST /auth/keys (additional device).
+	 *
+	 * @param username  - The user's account name.
+	 * @param rpId      - WebAuthn relying party ID (e.g. "example.com").
+	 * @param rpName    - Human-readable relying party name.
+	 */
+	async register(username: string, rpId: string, rpName: string): Promise<string> {
+		// 1. Generate Ed25519 keypair
+		const privateKey = ed.utils.randomPrivateKey();
+		const publicKey = await ed.getPublicKeyAsync(privateKey);
+
+		// 2. Generate per-enrollment salt
+		const salt = crypto.getRandomValues(new Uint8Array(32));
+
+		// 3. Create WebAuthn credential with PRF extension
+		const credential = await navigator.credentials.create({
+			publicKey: {
+				challenge: crypto.getRandomValues(new Uint8Array(32)),
+				rp: { id: rpId, name: rpName },
+				user: {
+					id: new TextEncoder().encode(username),
+					name: username,
+					displayName: username,
+				},
+				pubKeyCredParams: [
+					{ alg: -7, type: "public-key" },  // ES256
+					{ alg: -257, type: "public-key" }, // RS256
+				],
+				authenticatorSelection: {
+					userVerification: "required",
+				},
+				extensions: {
+					prf: { eval: { first: salt.buffer } },
+				} as AuthenticationExtensionsClientInputs,
+			},
+		}) as PublicKeyCredential | null;
+
+		if (!credential) {
+			throw new Error("WebAuthn credential creation failed");
+		}
+
+		const extResults = credential.getClientExtensionResults() as {
+			prf?: { results?: { first?: ArrayBuffer } };
+		};
+		const prfOutput = extResults?.prf?.results?.first;
+		if (!prfOutput) {
+			throw new Error(
+				"WebAuthn PRF extension not available on this authenticator. " +
+					"A PRF-capable authenticator (e.g. platform authenticator with PRF support) is required.",
+			);
+		}
+
+		// 4. Derive AES key from PRF output via HKDF
+		const aesKey = await deriveAesKey(prfOutput, salt);
+
+		// 5. Encrypt private key
+		const iv = crypto.getRandomValues(new Uint8Array(12));
+		const encryptedPrivateKey = await crypto.subtle.encrypt(
+			{ name: "AES-GCM", iv },
+			aesKey,
+			privateKey,
+		);
+
+		// 6. Store in IndexedDB
+		const db = await openDb();
+		await dbPut(db, {
+			username,
+			publicKey: toBase64url(publicKey),
+			encryptedPrivateKey,
+			iv,
+			salt,
+			credentialId: credential.rawId,
+		});
+		db.close();
+
+		return toBase64url(publicKey);
+	}
+
+	/**
+	 * Sign a base64url-encoded challenge using the stored Ed25519 private key.
+	 *
+	 * This triggers a WebAuthn assertion (biometric / PIN prompt) to unlock the
+	 * private key via PRF → HKDF → AES-GCM decryption. The private key is
+	 * wiped from memory after signing.
+	 *
+	 * @param challengeB64 - base64url-encoded challenge bytes from the server.
+	 * @returns base64url-encoded Ed25519 signature (64 bytes).
+	 */
+	async sign(challengeB64: string): Promise<string> {
+		const db = await openDb();
+		const stored = await dbGet(db);
+		db.close();
+
+		if (!stored) {
+			throw new Error("No identity stored. Call register() first.");
+		}
+
+		// WebAuthn assertion with PRF
+		const assertion = await navigator.credentials.get({
+			publicKey: {
+				challenge: crypto.getRandomValues(new Uint8Array(32)),
+				allowCredentials: [
+					{
+						id: stored.credentialId,
+						type: "public-key",
+					},
+				],
+				userVerification: "required",
+				extensions: {
+					prf: { eval: { first: stored.salt.buffer } },
+				} as AuthenticationExtensionsClientInputs,
+			},
+		}) as PublicKeyCredential | null;
+
+		if (!assertion) {
+			throw new Error("WebAuthn assertion failed");
+		}
+
+		const extResults = assertion.getClientExtensionResults() as {
+			prf?: { results?: { first?: ArrayBuffer } };
+		};
+		const prfOutput = extResults?.prf?.results?.first;
+		if (!prfOutput) {
+			throw new Error("PRF output not available from authenticator");
+		}
+
+		// Derive the same AES key
+		const aesKey = await deriveAesKey(prfOutput, stored.salt);
+
+		// Decrypt private key
+		const privateKeyBytes = await crypto.subtle.decrypt(
+			{ name: "AES-GCM", iv: stored.iv },
+			aesKey,
+			stored.encryptedPrivateKey,
+		);
+
+		const privateKey = new Uint8Array(privateKeyBytes);
+
+		// Sign the challenge
+		const challengeBytes = fromBase64url(challengeB64);
+		const signature = await ed.signAsync(challengeBytes, privateKey);
+
+		// Wipe private key from memory
+		privateKey.fill(0);
+
+		return toBase64url(signature);
+	}
+
+	/** Returns the stored base64url public key, or null if no identity exists. */
+	async getPublicKey(): Promise<string | null> {
+		const db = await openDb();
+		const stored = await dbGet(db);
+		db.close();
+		return stored?.publicKey ?? null;
+	}
+
+	/** Returns the stored username, or null if no identity exists. */
+	async getUsername(): Promise<string | null> {
+		const db = await openDb();
+		const stored = await dbGet(db);
+		db.close();
+		return stored?.username ?? null;
+	}
+
+	/** Returns true if an identity is stored in IndexedDB. */
+	async hasIdentity(): Promise<boolean> {
+		const db = await openDb();
+		const stored = await dbGet(db);
+		db.close();
+		return stored !== undefined;
+	}
+
+	/** Remove the stored identity from IndexedDB. */
+	async clear(): Promise<void> {
+		const db = await openDb();
+		await dbDelete(db);
+		db.close();
+	}
+}

package/src/EventEmitter.ts

@@ -0,0 +1,44 @@
+export default class EventEmitter {
+	// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
+	public callbacks: { [key: string]: Function[] } = {};
+
+	// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
+	public on(event: string, fn: Function): this {
+		if (!this.callbacks[event]) {
+			this.callbacks[event] = [];
+		}
+
+		this.callbacks[event].push(fn);
+
+		return this;
+	}
+
+	protected emit(event: string, ...args: any): this {
+		const callbacks = this.callbacks[event];
+
+		if (callbacks) {
+			callbacks.forEach((callback) => callback.apply(this, args));
+		}
+
+		return this;
+	}
+
+	// eslint-disable-next-line @typescript-eslint/no-unsafe-function-type
+	public off(event: string, fn?: Function): this {
+		const callbacks = this.callbacks[event];
+
+		if (callbacks) {
+			if (fn) {
+				this.callbacks[event] = callbacks.filter((callback) => callback !== fn);
+			} else {
+				delete this.callbacks[event];
+			}
+		}
+
+		return this;
+	}
+
+	removeAllListeners(): void {
+		this.callbacks = {};
+	}
+}