@atproto/crypto 0.2.2 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/LICENSE.txt +7 -0
- package/README.md +50 -2
- package/build.js +0 -8
- package/dist/index.js +85 -63
- package/dist/index.js.map +4 -4
- package/dist/p256/operations.d.ts +4 -2
- package/dist/secp256k1/operations.d.ts +4 -2
- package/dist/types.d.ts +4 -1
- package/dist/verify.d.ts +3 -2
- package/jest.config.js +1 -1
- package/package.json +17 -19
- package/src/p256/operations.ts +23 -2
- package/src/secp256k1/operations.ts +23 -2
- package/src/types.ts +5 -0
- package/src/verify.ts +6 -3
- package/tests/signatures.test.ts +135 -0
- package/tsconfig.build.json +1 -1
- package/tsconfig.json +2 -2
- package/tests/signature-fixtures.json +0 -34
- package/tsconfig.build.tsbuildinfo +0 -1
- package/update-pkg.js +0 -14
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# @atproto/crypto
|
|
2
|
+
|
|
3
|
+
## 0.3.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- [#1839](https://github.com/bluesky-social/atproto/pull/1839) [`e1b5f253`](https://github.com/bluesky-social/atproto/commit/e1b5f2537a5ba4d8b951a741269b604856028ae5) Thanks [@dholms](https://github.com/dholms)! - Prevent signature malleability through DER-encoded signatures
|
|
8
|
+
|
|
9
|
+
## 0.2.3
|
|
10
|
+
|
|
11
|
+
### Patch Changes
|
|
12
|
+
|
|
13
|
+
- [#1788](https://github.com/bluesky-social/atproto/pull/1788) [`84e2d4d2`](https://github.com/bluesky-social/atproto/commit/84e2d4d2b6694f344d80c18672c78b650189d423) Thanks [@bnewbold](https://github.com/bnewbold)! - update license to "MIT or Apache2"
|
package/LICENSE.txt
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
Dual MIT/Apache-2.0 License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2022-2023 Bluesky PBC, and Contributors
|
|
4
|
+
|
|
5
|
+
Except as otherwise noted in individual files, this software is licensed under the MIT license (<http://opensource.org/licenses/MIT>), or the Apache License, Version 2.0 (<http://www.apache.org/licenses/LICENSE-2.0>).
|
|
6
|
+
|
|
7
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
package/README.md
CHANGED
|
@@ -1,3 +1,51 @@
|
|
|
1
|
-
#
|
|
1
|
+
# @atproto/crypto
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
TypeScript library providing basic cryptographic helpers as needed in [atproto](https://atproto.com).
|
|
4
|
+
|
|
5
|
+
[](https://www.npmjs.com/package/@atproto/crypto)
|
|
6
|
+
[](https://github.com/bluesky-social/atproto/actions/workflows/repo.yaml)
|
|
7
|
+
|
|
8
|
+
This package implements the two currently supported cryptographic systems:
|
|
9
|
+
|
|
10
|
+
- P-256 elliptic curve: aka "NIST P-256", aka secp256r1 (note the r), aka prime256v1
|
|
11
|
+
- K-256 elliptic curve: aka "NIST K-256", aka secp256k1 (note the k)
|
|
12
|
+
|
|
13
|
+
The details of cryptography in atproto are described in [the specification](https://atproto.com/specs/cryptography). This includes string encodings, validity of "low-S" signatures, byte representation "compression", hashing, and more.
|
|
14
|
+
|
|
15
|
+
## Usage
|
|
16
|
+
|
|
17
|
+
```typescript
|
|
18
|
+
import { verifySignature, Secp256k1Keypair, P256Keypair } from '@atproto/crypto'
|
|
19
|
+
|
|
20
|
+
// generate a new random K-256 private key
|
|
21
|
+
const keypair = await Secp256k1Keypair.create({ exportable: true })
|
|
22
|
+
|
|
23
|
+
// sign binary data, resulting signature bytes.
|
|
24
|
+
// SHA-256 hash of data is what actually gets signed.
|
|
25
|
+
// signature output is often base64-encoded.
|
|
26
|
+
const data = new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8])
|
|
27
|
+
const sig = await keypair.sign(data)
|
|
28
|
+
|
|
29
|
+
// serialize the public key as a did:key string, which includes key type metadata
|
|
30
|
+
const pubDidKey = keypair.did()
|
|
31
|
+
console.log(pubDidKey)
|
|
32
|
+
|
|
33
|
+
// output would look something like: 'did:key:zQ3shVRtgqTRHC7Lj4DYScoDgReNpsDp3HBnuKBKt1FSXKQ38'
|
|
34
|
+
|
|
35
|
+
// verify signature using public key
|
|
36
|
+
const ok = verifySignature(pubDidKey, data, sig)
|
|
37
|
+
if (!ok) {
|
|
38
|
+
throw new Error('Uh oh, something is fishy')
|
|
39
|
+
} else {
|
|
40
|
+
console.log('Success')
|
|
41
|
+
}
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## License
|
|
45
|
+
|
|
46
|
+
This project is dual-licensed under MIT and Apache 2.0 terms:
|
|
47
|
+
|
|
48
|
+
- MIT license ([LICENSE-MIT.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-MIT.txt) or http://opensource.org/licenses/MIT)
|
|
49
|
+
- Apache License, Version 2.0, ([LICENSE-APACHE.txt](https://github.com/bluesky-social/atproto/blob/main/LICENSE-APACHE.txt) or http://www.apache.org/licenses/LICENSE-2.0)
|
|
50
|
+
|
|
51
|
+
Downstream projects and end users may chose either license individually, or both together, at their discretion. The motivation for this dual-licensing is the additional software patent assurance provided by Apache 2.0.
|
package/build.js
CHANGED
|
@@ -1,16 +1,8 @@
|
|
|
1
|
-
const pkgJson = require('@npmcli/package-json')
|
|
2
1
|
const { nodeExternalsPlugin } = require('esbuild-node-externals')
|
|
3
2
|
|
|
4
3
|
const buildShallow =
|
|
5
4
|
process.argv.includes('--shallow') || process.env.ATP_BUILD_SHALLOW === 'true'
|
|
6
5
|
|
|
7
|
-
if (process.argv.includes('--update-main-to-dist')) {
|
|
8
|
-
return pkgJson
|
|
9
|
-
.load(__dirname)
|
|
10
|
-
.then((pkg) => pkg.update({ main: 'dist/index.js' }))
|
|
11
|
-
.then((pkg) => pkg.save())
|
|
12
|
-
}
|
|
13
|
-
|
|
14
6
|
require('esbuild').build({
|
|
15
7
|
logLevel: 'info',
|
|
16
8
|
entryPoints: ['src/index.ts'],
|
package/dist/index.js
CHANGED
|
@@ -17,10 +17,7 @@ var __copyProps = (to, from3, except, desc) => {
|
|
|
17
17
|
}
|
|
18
18
|
return to;
|
|
19
19
|
};
|
|
20
|
-
var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__getProtoOf(mod2)) : {}, __copyProps(
|
|
21
|
-
isNodeMode || !mod2 || !mod2.__esModule ? __defProp(target, "default", { value: mod2, enumerable: true }) : target,
|
|
22
|
-
mod2
|
|
23
|
-
));
|
|
20
|
+
var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__getProtoOf(mod2)) : {}, __copyProps(isNodeMode || !mod2 || !mod2.__esModule ? __defProp(target, "default", { value: mod2, enumerable: true }) : target, mod2));
|
|
24
21
|
var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
|
|
25
22
|
|
|
26
23
|
// src/index.ts
|
|
@@ -59,7 +56,7 @@ var DID_KEY_PREFIX = "did:key:";
|
|
|
59
56
|
var P256_JWT_ALG = "ES256";
|
|
60
57
|
var SECP256K1_JWT_ALG = "ES256K";
|
|
61
58
|
|
|
62
|
-
// ../../node_modules/uint8arrays/esm/src/concat.js
|
|
59
|
+
// ../../node_modules/.pnpm/uint8arrays@3.0.0/node_modules/uint8arrays/esm/src/concat.js
|
|
63
60
|
function concat(arrays, length2) {
|
|
64
61
|
if (!length2) {
|
|
65
62
|
length2 = arrays.reduce((acc, curr) => acc + curr.length, 0);
|
|
@@ -73,7 +70,7 @@ function concat(arrays, length2) {
|
|
|
73
70
|
return output2;
|
|
74
71
|
}
|
|
75
72
|
|
|
76
|
-
// ../../node_modules/uint8arrays/esm/src/equals.js
|
|
73
|
+
// ../../node_modules/.pnpm/uint8arrays@3.0.0/node_modules/uint8arrays/esm/src/equals.js
|
|
77
74
|
function equals(a, b) {
|
|
78
75
|
if (a === b) {
|
|
79
76
|
return true;
|
|
@@ -89,13 +86,13 @@ function equals(a, b) {
|
|
|
89
86
|
return true;
|
|
90
87
|
}
|
|
91
88
|
|
|
92
|
-
// ../../node_modules/multiformats/esm/src/bases/identity.js
|
|
89
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/identity.js
|
|
93
90
|
var identity_exports = {};
|
|
94
91
|
__export(identity_exports, {
|
|
95
92
|
identity: () => identity
|
|
96
93
|
});
|
|
97
94
|
|
|
98
|
-
// ../../node_modules/multiformats/esm/vendor/base-x.js
|
|
95
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/vendor/base-x.js
|
|
99
96
|
function base(ALPHABET, name2) {
|
|
100
97
|
if (ALPHABET.length >= 255) {
|
|
101
98
|
throw new TypeError("Alphabet too long");
|
|
@@ -231,7 +228,7 @@ var src = base;
|
|
|
231
228
|
var _brrp__multiformats_scope_baseX = src;
|
|
232
229
|
var base_x_default = _brrp__multiformats_scope_baseX;
|
|
233
230
|
|
|
234
|
-
// ../../node_modules/multiformats/esm/src/bytes.js
|
|
231
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bytes.js
|
|
235
232
|
var empty = new Uint8Array(0);
|
|
236
233
|
var equals2 = (aa, bb) => {
|
|
237
234
|
if (aa === bb)
|
|
@@ -259,7 +256,7 @@ var coerce = (o) => {
|
|
|
259
256
|
var fromString = (str) => new TextEncoder().encode(str);
|
|
260
257
|
var toString = (b) => new TextDecoder().decode(b);
|
|
261
258
|
|
|
262
|
-
// ../../node_modules/multiformats/esm/src/bases/base.js
|
|
259
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base.js
|
|
263
260
|
var Encoder = class {
|
|
264
261
|
constructor(name2, prefix, baseEncode) {
|
|
265
262
|
this.name = name2;
|
|
@@ -412,7 +409,7 @@ var rfc4648 = ({ name: name2, prefix, bitsPerChar, alphabet: alphabet2 }) => {
|
|
|
412
409
|
});
|
|
413
410
|
};
|
|
414
411
|
|
|
415
|
-
// ../../node_modules/multiformats/esm/src/bases/identity.js
|
|
412
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/identity.js
|
|
416
413
|
var identity = from({
|
|
417
414
|
prefix: "\0",
|
|
418
415
|
name: "identity",
|
|
@@ -420,7 +417,7 @@ var identity = from({
|
|
|
420
417
|
decode: (str) => fromString(str)
|
|
421
418
|
});
|
|
422
419
|
|
|
423
|
-
// ../../node_modules/multiformats/esm/src/bases/base2.js
|
|
420
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base2.js
|
|
424
421
|
var base2_exports = {};
|
|
425
422
|
__export(base2_exports, {
|
|
426
423
|
base2: () => base2
|
|
@@ -432,7 +429,7 @@ var base2 = rfc4648({
|
|
|
432
429
|
bitsPerChar: 1
|
|
433
430
|
});
|
|
434
431
|
|
|
435
|
-
// ../../node_modules/multiformats/esm/src/bases/base8.js
|
|
432
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base8.js
|
|
436
433
|
var base8_exports = {};
|
|
437
434
|
__export(base8_exports, {
|
|
438
435
|
base8: () => base8
|
|
@@ -444,7 +441,7 @@ var base8 = rfc4648({
|
|
|
444
441
|
bitsPerChar: 3
|
|
445
442
|
});
|
|
446
443
|
|
|
447
|
-
// ../../node_modules/multiformats/esm/src/bases/base10.js
|
|
444
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base10.js
|
|
448
445
|
var base10_exports = {};
|
|
449
446
|
__export(base10_exports, {
|
|
450
447
|
base10: () => base10
|
|
@@ -455,7 +452,7 @@ var base10 = baseX({
|
|
|
455
452
|
alphabet: "0123456789"
|
|
456
453
|
});
|
|
457
454
|
|
|
458
|
-
// ../../node_modules/multiformats/esm/src/bases/base16.js
|
|
455
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base16.js
|
|
459
456
|
var base16_exports = {};
|
|
460
457
|
__export(base16_exports, {
|
|
461
458
|
base16: () => base16,
|
|
@@ -474,7 +471,7 @@ var base16upper = rfc4648({
|
|
|
474
471
|
bitsPerChar: 4
|
|
475
472
|
});
|
|
476
473
|
|
|
477
|
-
// ../../node_modules/multiformats/esm/src/bases/base32.js
|
|
474
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base32.js
|
|
478
475
|
var base32_exports = {};
|
|
479
476
|
__export(base32_exports, {
|
|
480
477
|
base32: () => base32,
|
|
@@ -542,7 +539,7 @@ var base32z = rfc4648({
|
|
|
542
539
|
bitsPerChar: 5
|
|
543
540
|
});
|
|
544
541
|
|
|
545
|
-
// ../../node_modules/multiformats/esm/src/bases/base36.js
|
|
542
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base36.js
|
|
546
543
|
var base36_exports = {};
|
|
547
544
|
__export(base36_exports, {
|
|
548
545
|
base36: () => base36,
|
|
@@ -559,7 +556,7 @@ var base36upper = baseX({
|
|
|
559
556
|
alphabet: "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
|
|
560
557
|
});
|
|
561
558
|
|
|
562
|
-
// ../../node_modules/multiformats/esm/src/bases/base58.js
|
|
559
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base58.js
|
|
563
560
|
var base58_exports = {};
|
|
564
561
|
__export(base58_exports, {
|
|
565
562
|
base58btc: () => base58btc,
|
|
@@ -576,7 +573,7 @@ var base58flickr = baseX({
|
|
|
576
573
|
alphabet: "123456789abcdefghijkmnopqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ"
|
|
577
574
|
});
|
|
578
575
|
|
|
579
|
-
// ../../node_modules/multiformats/esm/src/bases/base64.js
|
|
576
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base64.js
|
|
580
577
|
var base64_exports = {};
|
|
581
578
|
__export(base64_exports, {
|
|
582
579
|
base64: () => base64,
|
|
@@ -609,7 +606,7 @@ var base64urlpad = rfc4648({
|
|
|
609
606
|
bitsPerChar: 6
|
|
610
607
|
});
|
|
611
608
|
|
|
612
|
-
// ../../node_modules/multiformats/esm/src/bases/base256emoji.js
|
|
609
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/bases/base256emoji.js
|
|
613
610
|
var base256emoji_exports = {};
|
|
614
611
|
__export(base256emoji_exports, {
|
|
615
612
|
base256emoji: () => base256emoji
|
|
@@ -647,7 +644,7 @@ var base256emoji = from({
|
|
|
647
644
|
decode: decode2
|
|
648
645
|
});
|
|
649
646
|
|
|
650
|
-
// ../../node_modules/multiformats/esm/src/hashes/sha2.js
|
|
647
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/hashes/sha2.js
|
|
651
648
|
var sha2_exports = {};
|
|
652
649
|
__export(sha2_exports, {
|
|
653
650
|
sha256: () => sha256,
|
|
@@ -655,7 +652,7 @@ __export(sha2_exports, {
|
|
|
655
652
|
});
|
|
656
653
|
var import_crypto = __toESM(require("crypto"), 1);
|
|
657
654
|
|
|
658
|
-
// ../../node_modules/multiformats/esm/vendor/varint.js
|
|
655
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/vendor/varint.js
|
|
659
656
|
var encode_1 = encode3;
|
|
660
657
|
var MSB = 128;
|
|
661
658
|
var REST = 127;
|
|
@@ -714,7 +711,7 @@ var varint = {
|
|
|
714
711
|
var _brrp_varint = varint;
|
|
715
712
|
var varint_default = _brrp_varint;
|
|
716
713
|
|
|
717
|
-
// ../../node_modules/multiformats/esm/src/varint.js
|
|
714
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/varint.js
|
|
718
715
|
var decode4 = (data, offset = 0) => {
|
|
719
716
|
const code2 = varint_default.decode(data, offset);
|
|
720
717
|
return [
|
|
@@ -730,7 +727,7 @@ var encodingLength = (int) => {
|
|
|
730
727
|
return varint_default.encodingLength(int);
|
|
731
728
|
};
|
|
732
729
|
|
|
733
|
-
// ../../node_modules/multiformats/esm/src/hashes/digest.js
|
|
730
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/hashes/digest.js
|
|
734
731
|
var create = (code2, digest2) => {
|
|
735
732
|
const size = digest2.byteLength;
|
|
736
733
|
const sizeOffset = encodingLength(code2);
|
|
@@ -767,7 +764,7 @@ var Digest = class {
|
|
|
767
764
|
}
|
|
768
765
|
};
|
|
769
766
|
|
|
770
|
-
// ../../node_modules/multiformats/esm/src/hashes/hasher.js
|
|
767
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/hashes/hasher.js
|
|
771
768
|
var from2 = ({ name: name2, code: code2, encode: encode5 }) => new Hasher(name2, code2, encode5);
|
|
772
769
|
var Hasher = class {
|
|
773
770
|
constructor(name2, code2, encode5) {
|
|
@@ -785,7 +782,7 @@ var Hasher = class {
|
|
|
785
782
|
}
|
|
786
783
|
};
|
|
787
784
|
|
|
788
|
-
// ../../node_modules/multiformats/esm/src/hashes/sha2.js
|
|
785
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/hashes/sha2.js
|
|
789
786
|
var sha256 = from2({
|
|
790
787
|
name: "sha2-256",
|
|
791
788
|
code: 18,
|
|
@@ -797,7 +794,7 @@ var sha512 = from2({
|
|
|
797
794
|
encode: (input) => coerce(import_crypto.default.createHash("sha512").update(input).digest())
|
|
798
795
|
});
|
|
799
796
|
|
|
800
|
-
// ../../node_modules/multiformats/esm/src/hashes/identity.js
|
|
797
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/hashes/identity.js
|
|
801
798
|
var identity_exports2 = {};
|
|
802
799
|
__export(identity_exports2, {
|
|
803
800
|
identity: () => identity2
|
|
@@ -813,11 +810,11 @@ var identity2 = {
|
|
|
813
810
|
digest
|
|
814
811
|
};
|
|
815
812
|
|
|
816
|
-
// ../../node_modules/multiformats/esm/src/codecs/json.js
|
|
813
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/codecs/json.js
|
|
817
814
|
var textEncoder = new TextEncoder();
|
|
818
815
|
var textDecoder = new TextDecoder();
|
|
819
816
|
|
|
820
|
-
// ../../node_modules/multiformats/esm/src/cid.js
|
|
817
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/cid.js
|
|
821
818
|
var CID = class {
|
|
822
819
|
constructor(version2, code2, multihash, bytes2) {
|
|
823
820
|
this.code = code2;
|
|
@@ -1122,7 +1119,7 @@ if (cid) {
|
|
|
1122
1119
|
}
|
|
1123
1120
|
`;
|
|
1124
1121
|
|
|
1125
|
-
// ../../node_modules/multiformats/esm/src/basics.js
|
|
1122
|
+
// ../../node_modules/.pnpm/multiformats@9.9.0/node_modules/multiformats/esm/src/basics.js
|
|
1126
1123
|
var bases = {
|
|
1127
1124
|
...identity_exports,
|
|
1128
1125
|
...base2_exports,
|
|
@@ -1140,7 +1137,7 @@ var hashes = {
|
|
|
1140
1137
|
...identity_exports2
|
|
1141
1138
|
};
|
|
1142
1139
|
|
|
1143
|
-
// ../../node_modules/uint8arrays/esm/src/util/bases.js
|
|
1140
|
+
// ../../node_modules/.pnpm/uint8arrays@3.0.0/node_modules/uint8arrays/esm/src/util/bases.js
|
|
1144
1141
|
function createCodec(name2, prefix, encode5, decode6) {
|
|
1145
1142
|
return {
|
|
1146
1143
|
name: name2,
|
|
@@ -1185,7 +1182,7 @@ var BASES = {
|
|
|
1185
1182
|
};
|
|
1186
1183
|
var bases_default = BASES;
|
|
1187
1184
|
|
|
1188
|
-
// ../../node_modules/uint8arrays/esm/src/from-string.js
|
|
1185
|
+
// ../../node_modules/.pnpm/uint8arrays@3.0.0/node_modules/uint8arrays/esm/src/from-string.js
|
|
1189
1186
|
function fromString2(string2, encoding = "utf8") {
|
|
1190
1187
|
const base3 = bases_default[encoding];
|
|
1191
1188
|
if (!base3) {
|
|
@@ -1194,7 +1191,7 @@ function fromString2(string2, encoding = "utf8") {
|
|
|
1194
1191
|
return base3.decoder.decode(`${base3.prefix}${string2}`);
|
|
1195
1192
|
}
|
|
1196
1193
|
|
|
1197
|
-
// ../../node_modules/uint8arrays/esm/src/to-string.js
|
|
1194
|
+
// ../../node_modules/.pnpm/uint8arrays@3.0.0/node_modules/uint8arrays/esm/src/to-string.js
|
|
1198
1195
|
function toString2(array, encoding = "utf8") {
|
|
1199
1196
|
const base3 = bases_default[encoding];
|
|
1200
1197
|
if (!base3) {
|
|
@@ -1203,7 +1200,7 @@ function toString2(array, encoding = "utf8") {
|
|
|
1203
1200
|
return base3.encoder.encode(array).substring(1);
|
|
1204
1201
|
}
|
|
1205
1202
|
|
|
1206
|
-
// ../../node_modules/@noble/hashes/esm/_assert.js
|
|
1203
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/_assert.js
|
|
1207
1204
|
function number(n) {
|
|
1208
1205
|
if (!Number.isSafeInteger(n) || n < 0)
|
|
1209
1206
|
throw new Error(`Wrong positive integer: ${n}`);
|
|
@@ -1247,11 +1244,11 @@ var assert = {
|
|
|
1247
1244
|
};
|
|
1248
1245
|
var assert_default = assert;
|
|
1249
1246
|
|
|
1250
|
-
// ../../node_modules/@noble/hashes/esm/cryptoNode.js
|
|
1247
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/cryptoNode.js
|
|
1251
1248
|
var nc = __toESM(require("node:crypto"), 1);
|
|
1252
1249
|
var crypto2 = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : void 0;
|
|
1253
1250
|
|
|
1254
|
-
// ../../node_modules/@noble/hashes/esm/utils.js
|
|
1251
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/utils.js
|
|
1255
1252
|
var u8a = (a) => a instanceof Uint8Array;
|
|
1256
1253
|
var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
|
|
1257
1254
|
var rotr = (word, shift) => word << 32 - shift | word >>> shift;
|
|
@@ -1302,7 +1299,7 @@ function randomBytes(bytesLength = 32) {
|
|
|
1302
1299
|
throw new Error("crypto.getRandomValues must be defined");
|
|
1303
1300
|
}
|
|
1304
1301
|
|
|
1305
|
-
// ../../node_modules/@noble/hashes/esm/hmac.js
|
|
1302
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/hmac.js
|
|
1306
1303
|
var HMAC = class extends Hash {
|
|
1307
1304
|
constructor(hash2, _key) {
|
|
1308
1305
|
super();
|
|
@@ -1367,7 +1364,7 @@ var HMAC = class extends Hash {
|
|
|
1367
1364
|
var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
|
|
1368
1365
|
hmac.create = (hash2, key) => new HMAC(hash2, key);
|
|
1369
1366
|
|
|
1370
|
-
// ../../node_modules/@noble/curves/esm/abstract/utils.js
|
|
1367
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/abstract/utils.js
|
|
1371
1368
|
var utils_exports = {};
|
|
1372
1369
|
__export(utils_exports, {
|
|
1373
1370
|
bitGet: () => bitGet,
|
|
@@ -1581,7 +1578,7 @@ function validateObject(object, validators, optValidators = {}) {
|
|
|
1581
1578
|
return object;
|
|
1582
1579
|
}
|
|
1583
1580
|
|
|
1584
|
-
// ../../node_modules/@noble/curves/esm/abstract/modular.js
|
|
1581
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/abstract/modular.js
|
|
1585
1582
|
var _0n2 = BigInt(0);
|
|
1586
1583
|
var _1n2 = BigInt(1);
|
|
1587
1584
|
var _2n2 = BigInt(2);
|
|
@@ -1833,7 +1830,7 @@ function hashToPrivateScalar(hash2, groupOrder, isLE2 = false) {
|
|
|
1833
1830
|
return mod(num, groupOrder - _1n2) + _1n2;
|
|
1834
1831
|
}
|
|
1835
1832
|
|
|
1836
|
-
// ../../node_modules/@noble/curves/esm/abstract/curve.js
|
|
1833
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/abstract/curve.js
|
|
1837
1834
|
var _0n3 = BigInt(0);
|
|
1838
1835
|
var _1n3 = BigInt(1);
|
|
1839
1836
|
function wNAF(c, bits) {
|
|
@@ -1933,7 +1930,7 @@ function validateBasic(curve) {
|
|
|
1933
1930
|
});
|
|
1934
1931
|
}
|
|
1935
1932
|
|
|
1936
|
-
// ../../node_modules/@noble/curves/esm/abstract/weierstrass.js
|
|
1933
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/abstract/weierstrass.js
|
|
1937
1934
|
function validatePointOpts(curve) {
|
|
1938
1935
|
const opts = validateBasic(curve);
|
|
1939
1936
|
validateObject(opts, {
|
|
@@ -2655,7 +2652,7 @@ function weierstrass(curveDef) {
|
|
|
2655
2652
|
};
|
|
2656
2653
|
}
|
|
2657
2654
|
|
|
2658
|
-
// ../../node_modules/@noble/curves/esm/_shortw_utils.js
|
|
2655
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/_shortw_utils.js
|
|
2659
2656
|
function getHash(hash2) {
|
|
2660
2657
|
return {
|
|
2661
2658
|
hash: hash2,
|
|
@@ -2668,7 +2665,7 @@ function createCurve(curveDef, defHash) {
|
|
|
2668
2665
|
return Object.freeze({ ...create2(defHash), create: create2 });
|
|
2669
2666
|
}
|
|
2670
2667
|
|
|
2671
|
-
// ../../node_modules/@noble/hashes/esm/_sha2.js
|
|
2668
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/_sha2.js
|
|
2672
2669
|
function setBigUint64(view, byteOffset, value, isLE2) {
|
|
2673
2670
|
if (typeof view.setBigUint64 === "function")
|
|
2674
2671
|
return view.setBigUint64(byteOffset, value, isLE2);
|
|
@@ -2768,7 +2765,7 @@ var SHA2 = class extends Hash {
|
|
|
2768
2765
|
}
|
|
2769
2766
|
};
|
|
2770
2767
|
|
|
2771
|
-
// ../../node_modules/@noble/hashes/esm/sha256.js
|
|
2768
|
+
// ../../node_modules/.pnpm/@noble+hashes@1.3.1/node_modules/@noble/hashes/esm/sha256.js
|
|
2772
2769
|
var Chi = (a, b, c) => a & b ^ ~a & c;
|
|
2773
2770
|
var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
|
|
2774
2771
|
var SHA256_K = new Uint32Array([
|
|
@@ -2934,7 +2931,7 @@ var SHA224 = class extends SHA256 {
|
|
|
2934
2931
|
var sha2562 = wrapConstructor(() => new SHA256());
|
|
2935
2932
|
var sha224 = wrapConstructor(() => new SHA224());
|
|
2936
2933
|
|
|
2937
|
-
// ../../node_modules/@noble/curves/esm/p256.js
|
|
2934
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/p256.js
|
|
2938
2935
|
var Fp = Field(BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"));
|
|
2939
2936
|
var CURVE_A = Fp.create(BigInt("-3"));
|
|
2940
2937
|
var CURVE_B = BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b");
|
|
@@ -2962,7 +2959,7 @@ var decompressPubkey = (compressed) => {
|
|
|
2962
2959
|
return point.toRawBytes(false);
|
|
2963
2960
|
};
|
|
2964
2961
|
|
|
2965
|
-
// ../../node_modules/@noble/curves/esm/secp256k1.js
|
|
2962
|
+
// ../../node_modules/.pnpm/@noble+curves@1.1.0/node_modules/@noble/curves/esm/secp256k1.js
|
|
2966
2963
|
var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
|
|
2967
2964
|
var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
|
|
2968
2965
|
var _1n5 = BigInt(1);
|
|
@@ -3043,16 +3040,30 @@ var decompressPubkey2 = (compressed) => {
|
|
|
3043
3040
|
};
|
|
3044
3041
|
|
|
3045
3042
|
// src/p256/operations.ts
|
|
3046
|
-
var verifyDidSig = async (did, data, sig) => {
|
|
3043
|
+
var verifyDidSig = async (did, data, sig, opts) => {
|
|
3047
3044
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
3048
3045
|
if (jwtAlg !== P256_JWT_ALG) {
|
|
3049
3046
|
throw new Error(`Not a P-256 did:key: ${did}`);
|
|
3050
3047
|
}
|
|
3051
|
-
return verifySig(keyBytes, data, sig);
|
|
3048
|
+
return verifySig(keyBytes, data, sig, opts);
|
|
3052
3049
|
};
|
|
3053
|
-
var verifySig = async (publicKey, data, sig) => {
|
|
3050
|
+
var verifySig = async (publicKey, data, sig, opts) => {
|
|
3051
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
3054
3052
|
const msgHash = await sha2562(data);
|
|
3055
|
-
|
|
3053
|
+
if (!allowMalleable && !isCompactFormat(sig)) {
|
|
3054
|
+
return false;
|
|
3055
|
+
}
|
|
3056
|
+
return p256.verify(sig, msgHash, publicKey, {
|
|
3057
|
+
lowS: !allowMalleable
|
|
3058
|
+
});
|
|
3059
|
+
};
|
|
3060
|
+
var isCompactFormat = (sig) => {
|
|
3061
|
+
try {
|
|
3062
|
+
const parsed = p256.Signature.fromCompact(sig);
|
|
3063
|
+
return equals(parsed.toCompactRawBytes(), sig);
|
|
3064
|
+
} catch {
|
|
3065
|
+
return false;
|
|
3066
|
+
}
|
|
3056
3067
|
};
|
|
3057
3068
|
|
|
3058
3069
|
// src/p256/plugin.ts
|
|
@@ -3064,16 +3075,30 @@ var p256Plugin = {
|
|
|
3064
3075
|
var plugin_default = p256Plugin;
|
|
3065
3076
|
|
|
3066
3077
|
// src/secp256k1/operations.ts
|
|
3067
|
-
var verifyDidSig2 = async (did, data, sig) => {
|
|
3078
|
+
var verifyDidSig2 = async (did, data, sig, opts) => {
|
|
3068
3079
|
const { jwtAlg, keyBytes } = parseDidKey(did);
|
|
3069
3080
|
if (jwtAlg !== SECP256K1_JWT_ALG) {
|
|
3070
3081
|
throw new Error(`Not a secp256k1 did:key: ${did}`);
|
|
3071
3082
|
}
|
|
3072
|
-
return verifySig2(keyBytes, data, sig);
|
|
3083
|
+
return verifySig2(keyBytes, data, sig, opts);
|
|
3073
3084
|
};
|
|
3074
|
-
var verifySig2 = async (publicKey, data, sig) => {
|
|
3085
|
+
var verifySig2 = async (publicKey, data, sig, opts) => {
|
|
3086
|
+
const allowMalleable = opts?.allowMalleableSig ?? false;
|
|
3075
3087
|
const msgHash = await sha2562(data);
|
|
3076
|
-
|
|
3088
|
+
if (!allowMalleable && !isCompactFormat2(sig)) {
|
|
3089
|
+
return false;
|
|
3090
|
+
}
|
|
3091
|
+
return secp256k1.verify(sig, msgHash, publicKey, {
|
|
3092
|
+
lowS: !allowMalleable
|
|
3093
|
+
});
|
|
3094
|
+
};
|
|
3095
|
+
var isCompactFormat2 = (sig) => {
|
|
3096
|
+
try {
|
|
3097
|
+
const parsed = secp256k1.Signature.fromCompact(sig);
|
|
3098
|
+
return equals(parsed.toCompactRawBytes(), sig);
|
|
3099
|
+
} catch {
|
|
3100
|
+
return false;
|
|
3101
|
+
}
|
|
3077
3102
|
};
|
|
3078
3103
|
|
|
3079
3104
|
// src/secp256k1/plugin.ts
|
|
@@ -3093,10 +3118,7 @@ var parseMultikey = (multikey) => {
|
|
|
3093
3118
|
if (!multikey.startsWith(BASE58_MULTIBASE_PREFIX)) {
|
|
3094
3119
|
throw new Error(`Incorrect prefix for multikey: ${multikey}`);
|
|
3095
3120
|
}
|
|
3096
|
-
const prefixedBytes = fromString2(
|
|
3097
|
-
multikey.slice(BASE58_MULTIBASE_PREFIX.length),
|
|
3098
|
-
"base58btc"
|
|
3099
|
-
);
|
|
3121
|
+
const prefixedBytes = fromString2(multikey.slice(BASE58_MULTIBASE_PREFIX.length), "base58btc");
|
|
3100
3122
|
const plugin = plugins_default.find((p) => hasPrefix(prefixedBytes, p.prefix));
|
|
3101
3123
|
if (!plugin) {
|
|
3102
3124
|
throw new Error("Unsupported key type");
|
|
@@ -3207,18 +3229,18 @@ var randomIntFromSeed = async (seed, high, low = 0) => {
|
|
|
3207
3229
|
};
|
|
3208
3230
|
|
|
3209
3231
|
// src/verify.ts
|
|
3210
|
-
var verifySignature = (didKey, data, sig) => {
|
|
3232
|
+
var verifySignature = (didKey, data, sig, opts) => {
|
|
3211
3233
|
const parsed = parseDidKey(didKey);
|
|
3212
3234
|
const plugin = plugins_default.find((p) => p.jwtAlg === parsed.jwtAlg);
|
|
3213
3235
|
if (!plugin) {
|
|
3214
|
-
throw new Error(`Unsupported signature alg:
|
|
3236
|
+
throw new Error(`Unsupported signature alg: ${parsed.jwtAlg}`);
|
|
3215
3237
|
}
|
|
3216
|
-
return plugin.verifySignature(didKey, data, sig);
|
|
3238
|
+
return plugin.verifySignature(didKey, data, sig, opts);
|
|
3217
3239
|
};
|
|
3218
|
-
var verifySignatureUtf8 = async (didKey, data, sig) => {
|
|
3240
|
+
var verifySignatureUtf8 = async (didKey, data, sig, opts) => {
|
|
3219
3241
|
const dataBytes = fromString2(data, "utf8");
|
|
3220
3242
|
const sigBytes = fromString2(sig, "base64url");
|
|
3221
|
-
return verifySignature(didKey, dataBytes, sigBytes);
|
|
3243
|
+
return verifySignature(didKey, dataBytes, sigBytes, opts);
|
|
3222
3244
|
};
|
|
3223
3245
|
|
|
3224
3246
|
// src/p256/keypair.ts
|