@haex-space/vault-sdk 2.5.80 → 2.5.84

package/dist/index.d.mts

@@ -532,6 +532,78 @@ declare function decryptCrdtData<T = object>(encryptedData: string, nonce: strin
 declare function arrayBufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
 declare function base64ToArrayBuffer(base64: string): Uint8Array;
 
+/**
+ * Crypto utilities for WebAuthn/Passkey operations
+ * Implements ECDSA P-256 (ES256) key generation and signing
+ *
+ * Used for:
+ * - Generating passkey key pairs during WebAuthn registration
+ * - Signing authentication challenges during WebAuthn authentication
+ * - Exporting/importing keys for storage
+ *
+ * Browser-compatible using the Web Crypto API
+ */
+
+declare const COSE_ALGORITHM: {
+    readonly ES256: -7;
+    readonly ES384: -35;
+    readonly ES512: -36;
+    readonly EdDSA: -8;
+    readonly RS256: -257;
+};
+type CoseAlgorithm = (typeof COSE_ALGORITHM)[keyof typeof COSE_ALGORITHM];
+interface PasskeyKeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+}
+interface ExportedPasskeyKeyPair {
+    publicKeyBase64: string;
+    privateKeyBase64: string;
+    publicKeyCoseBase64: string;
+}
+/**
+ * Generates a new ECDSA P-256 key pair for passkey operations
+ */
+declare function generatePasskeyPairAsync(): Promise<PasskeyKeyPair>;
+/**
+ * Exports the public key in SPKI format (Base64)
+ */
+declare function exportPublicKeyAsync(publicKey: CryptoKey): Promise<string>;
+/**
+ * Exports the private key in PKCS8 format (Base64)
+ */
+declare function exportPrivateKeyAsync(privateKey: CryptoKey): Promise<string>;
+/**
+ * Exports the public key in raw format and converts to COSE key format
+ * Required for WebAuthn attestation response
+ */
+declare function exportPublicKeyCoseAsync(publicKey: CryptoKey): Promise<string>;
+/**
+ * Imports a private key from PKCS8 format (Base64)
+ */
+declare function importPrivateKeyAsync(privateKeyBase64: string): Promise<CryptoKey>;
+/**
+ * Imports a public key from SPKI format (Base64)
+ */
+declare function importPublicKeyAsync(publicKeyBase64: string): Promise<CryptoKey>;
+/**
+ * Signs data with a passkey private key using ECDSA with SHA-256
+ * Returns the signature in DER format (as used by WebAuthn)
+ */
+declare function signWithPasskeyAsync(privateKey: CryptoKey, data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>;
+/**
+ * Verifies a signature with a passkey public key
+ */
+declare function verifyWithPasskeyAsync(publicKey: CryptoKey, signature: ArrayBuffer | Uint8Array, data: ArrayBuffer | Uint8Array): Promise<boolean>;
+/**
+ * Generates a random credential ID (16 bytes)
+ */
+declare function generateCredentialId(): Uint8Array;
+/**
+ * Exports a full key pair for storage
+ */
+declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPasskeyKeyPair>;
+
 declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
 
-export { ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, TAURI_COMMANDS, type TauriCommand, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptString, encryptVaultKey, generateVaultKey, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, wrapKey };
+export { COSE_ALGORITHM, type CoseAlgorithm, type ExportedPasskeyKeyPair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type PasskeyKeyPair, TAURI_COMMANDS, type TauriCommand, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, generateCredentialId, generatePasskeyPairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyWithPasskeyAsync, wrapKey };

package/dist/index.d.ts

@@ -532,6 +532,78 @@ declare function decryptCrdtData<T = object>(encryptedData: string, nonce: strin
 declare function arrayBufferToBase64(buffer: ArrayBuffer | Uint8Array): string;
 declare function base64ToArrayBuffer(base64: string): Uint8Array;
 
+/**
+ * Crypto utilities for WebAuthn/Passkey operations
+ * Implements ECDSA P-256 (ES256) key generation and signing
+ *
+ * Used for:
+ * - Generating passkey key pairs during WebAuthn registration
+ * - Signing authentication challenges during WebAuthn authentication
+ * - Exporting/importing keys for storage
+ *
+ * Browser-compatible using the Web Crypto API
+ */
+
+declare const COSE_ALGORITHM: {
+    readonly ES256: -7;
+    readonly ES384: -35;
+    readonly ES512: -36;
+    readonly EdDSA: -8;
+    readonly RS256: -257;
+};
+type CoseAlgorithm = (typeof COSE_ALGORITHM)[keyof typeof COSE_ALGORITHM];
+interface PasskeyKeyPair {
+    publicKey: CryptoKey;
+    privateKey: CryptoKey;
+}
+interface ExportedPasskeyKeyPair {
+    publicKeyBase64: string;
+    privateKeyBase64: string;
+    publicKeyCoseBase64: string;
+}
+/**
+ * Generates a new ECDSA P-256 key pair for passkey operations
+ */
+declare function generatePasskeyPairAsync(): Promise<PasskeyKeyPair>;
+/**
+ * Exports the public key in SPKI format (Base64)
+ */
+declare function exportPublicKeyAsync(publicKey: CryptoKey): Promise<string>;
+/**
+ * Exports the private key in PKCS8 format (Base64)
+ */
+declare function exportPrivateKeyAsync(privateKey: CryptoKey): Promise<string>;
+/**
+ * Exports the public key in raw format and converts to COSE key format
+ * Required for WebAuthn attestation response
+ */
+declare function exportPublicKeyCoseAsync(publicKey: CryptoKey): Promise<string>;
+/**
+ * Imports a private key from PKCS8 format (Base64)
+ */
+declare function importPrivateKeyAsync(privateKeyBase64: string): Promise<CryptoKey>;
+/**
+ * Imports a public key from SPKI format (Base64)
+ */
+declare function importPublicKeyAsync(publicKeyBase64: string): Promise<CryptoKey>;
+/**
+ * Signs data with a passkey private key using ECDSA with SHA-256
+ * Returns the signature in DER format (as used by WebAuthn)
+ */
+declare function signWithPasskeyAsync(privateKey: CryptoKey, data: ArrayBuffer | Uint8Array): Promise<ArrayBuffer>;
+/**
+ * Verifies a signature with a passkey public key
+ */
+declare function verifyWithPasskeyAsync(publicKey: CryptoKey, signature: ArrayBuffer | Uint8Array, data: ArrayBuffer | Uint8Array): Promise<boolean>;
+/**
+ * Generates a random credential ID (16 bytes)
+ */
+declare function generateCredentialId(): Uint8Array;
+/**
+ * Exports a full key pair for storage
+ */
+declare function exportKeyPairAsync(keyPair: PasskeyKeyPair): Promise<ExportedPasskeyKeyPair>;
+
 declare function createHaexVaultSdk(config?: HaexHubConfig): HaexVaultSdk;
 
-export { ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, TAURI_COMMANDS, type TauriCommand, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptString, encryptVaultKey, generateVaultKey, hexToBytes, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, wrapKey };
+export { COSE_ALGORITHM, type CoseAlgorithm, type ExportedPasskeyKeyPair, ExtensionManifest, HAEXSPACE_MESSAGE_TYPES, HaexHubConfig, HaexVaultSdk, type HaexspaceMessageType, type PasskeyKeyPair, TAURI_COMMANDS, type TauriCommand, type VerifyResult, type ZipFileEntry, arrayBufferToBase64, base64ToArrayBuffer, createHaexVaultSdk, decryptCrdtData, decryptString, decryptVaultKey, decryptVaultName, deriveKeyFromPassword, encryptCrdtData, encryptString, encryptVaultKey, exportKeyPairAsync, exportPrivateKeyAsync, exportPublicKeyAsync, exportPublicKeyCoseAsync, generateCredentialId, generatePasskeyPairAsync, generateVaultKey, hexToBytes, importPrivateKeyAsync, importPublicKeyAsync, installBaseTag, installCookiePolyfill, installHistoryPolyfill, installLocalStoragePolyfill, installPolyfills, installSessionStoragePolyfill, signWithPasskeyAsync, sortObjectKeysRecursively, unwrapKey, verifyExtensionSignature, verifyWithPasskeyAsync, wrapKey };

package/dist/index.js

@@ -1436,7 +1436,7 @@ var BackendManagement = class {
   async add(request) {
     return this.client.request(
       REMOTE_STORAGE_COMMANDS.addBackend,
-      request
+      { request }
     );
   }
   /**
@@ -1448,7 +1448,7 @@ var BackendManagement = class {
   async update(request) {
     return this.client.request(
       REMOTE_STORAGE_COMMANDS.updateBackend,
-      request
+      { request }
     );
   }
   /**
@@ -2389,11 +2389,177 @@ async function verifyExtensionSignature(files, manifest) {
   }
 }
 
+// src/crypto/passkey.ts
+function toArrayBuffer(data) {
+  if (data instanceof ArrayBuffer) {
+    return data;
+  }
+  const buffer = new ArrayBuffer(data.byteLength);
+  new Uint8Array(buffer).set(data);
+  return buffer;
+}
+var COSE_ALGORITHM = {
+  ES256: -7,
+  // ECDSA with SHA-256 and P-256 curve
+  ES384: -35,
+  // ECDSA with SHA-384 and P-384 curve
+  ES512: -36,
+  // ECDSA with SHA-512 and P-521 curve
+  EdDSA: -8,
+  // EdDSA (Ed25519)
+  RS256: -257
+  // RSASSA-PKCS1-v1_5 with SHA-256
+};
+var ES256_ALGORITHM = {
+  name: "ECDSA",
+  namedCurve: "P-256"
+};
+var ES256_SIGN_ALGORITHM = {
+  name: "ECDSA",
+  hash: "SHA-256"
+};
+async function generatePasskeyPairAsync() {
+  const keyPair = await crypto.subtle.generateKey(ES256_ALGORITHM, true, ["sign", "verify"]);
+  return {
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey
+  };
+}
+async function exportPublicKeyAsync(publicKey) {
+  const exported = await crypto.subtle.exportKey("spki", publicKey);
+  return arrayBufferToBase64(exported);
+}
+async function exportPrivateKeyAsync(privateKey) {
+  const exported = await crypto.subtle.exportKey("pkcs8", privateKey);
+  return arrayBufferToBase64(exported);
+}
+async function exportPublicKeyCoseAsync(publicKey) {
+  const rawKey = await crypto.subtle.exportKey("raw", publicKey);
+  const rawBytes = new Uint8Array(rawKey);
+  if (rawBytes.length !== 65 || rawBytes[0] !== 4) {
+    throw new Error("Invalid P-256 public key format");
+  }
+  const x = rawBytes.slice(1, 33);
+  const y = rawBytes.slice(33, 65);
+  const coseKey = encodeCoseKey(x, y);
+  return arrayBufferToBase64(coseKey);
+}
+async function importPrivateKeyAsync(privateKeyBase64) {
+  const keyData = base64ToArrayBuffer(privateKeyBase64);
+  return crypto.subtle.importKey("pkcs8", toArrayBuffer(keyData), ES256_ALGORITHM, true, ["sign"]);
+}
+async function importPublicKeyAsync(publicKeyBase64) {
+  const keyData = base64ToArrayBuffer(publicKeyBase64);
+  return crypto.subtle.importKey("spki", toArrayBuffer(keyData), ES256_ALGORITHM, true, ["verify"]);
+}
+async function signWithPasskeyAsync(privateKey, data) {
+  const dataBuffer = data instanceof Uint8Array ? toArrayBuffer(data) : data;
+  const signature = await crypto.subtle.sign(ES256_SIGN_ALGORITHM, privateKey, dataBuffer);
+  return convertP1363ToDer(new Uint8Array(signature));
+}
+async function verifyWithPasskeyAsync(publicKey, signature, data) {
+  const p1363Signature = convertDerToP1363(new Uint8Array(signature));
+  const dataBuffer = data instanceof Uint8Array ? toArrayBuffer(data) : data;
+  return crypto.subtle.verify(ES256_SIGN_ALGORITHM, publicKey, p1363Signature, dataBuffer);
+}
+function generateCredentialId() {
+  return crypto.getRandomValues(new Uint8Array(16));
+}
+async function exportKeyPairAsync(keyPair) {
+  const [publicKeyBase64, privateKeyBase64, publicKeyCoseBase64] = await Promise.all([
+    exportPublicKeyAsync(keyPair.publicKey),
+    exportPrivateKeyAsync(keyPair.privateKey),
+    exportPublicKeyCoseAsync(keyPair.publicKey)
+  ]);
+  return {
+    publicKeyBase64,
+    privateKeyBase64,
+    publicKeyCoseBase64
+  };
+}
+function encodeCoseKey(x, y) {
+  const parts = [];
+  parts.push(165);
+  parts.push(1, 2);
+  parts.push(3, 38);
+  parts.push(32, 1);
+  parts.push(33);
+  parts.push(88, 32);
+  for (let i = 0; i < x.length; i++) {
+    parts.push(x[i]);
+  }
+  parts.push(34);
+  parts.push(88, 32);
+  for (let i = 0; i < y.length; i++) {
+    parts.push(y[i]);
+  }
+  return new Uint8Array(parts);
+}
+function convertP1363ToDer(signature) {
+  const r = signature.slice(0, 32);
+  const s = signature.slice(32, 64);
+  const rDer = encodeIntegerDer(r);
+  const sDer = encodeIntegerDer(s);
+  const sequenceLength = rDer.length + sDer.length;
+  const result = new Uint8Array(2 + sequenceLength);
+  result[0] = 48;
+  result[1] = sequenceLength;
+  result.set(rDer, 2);
+  result.set(sDer, 2 + rDer.length);
+  return result.buffer;
+}
+function convertDerToP1363(derSignature) {
+  if (derSignature[0] !== 48) {
+    throw new Error("Invalid DER signature: expected SEQUENCE");
+  }
+  let offset = 2;
+  if (derSignature[offset] !== 2) {
+    throw new Error("Invalid DER signature: expected INTEGER for r");
+  }
+  offset++;
+  const rLength = derSignature[offset];
+  offset++;
+  let r = derSignature.slice(offset, offset + rLength);
+  offset += rLength;
+  if (derSignature[offset] !== 2) {
+    throw new Error("Invalid DER signature: expected INTEGER for s");
+  }
+  offset++;
+  const sLength = derSignature[offset];
+  offset++;
+  let s = derSignature.slice(offset, offset + sLength);
+  if (r.length === 33 && r[0] === 0) r = r.slice(1);
+  if (s.length === 33 && s[0] === 0) s = s.slice(1);
+  const result = new Uint8Array(64);
+  result.set(r, 32 - r.length);
+  result.set(s, 64 - s.length);
+  return result.buffer;
+}
+function encodeIntegerDer(value) {
+  let start = 0;
+  while (start < value.length - 1 && value[start] === 0) {
+    start++;
+  }
+  const trimmed = value.slice(start);
+  const needsPadding = (trimmed[0] & 128) !== 0;
+  const result = new Uint8Array(2 + (needsPadding ? 1 : 0) + trimmed.length);
+  result[0] = 2;
+  result[1] = (needsPadding ? 1 : 0) + trimmed.length;
+  if (needsPadding) {
+    result[2] = 0;
+    result.set(trimmed, 3);
+  } else {
+    result.set(trimmed, 2);
+  }
+  return result;
+}
+
 // src/index.ts
 function createHaexVaultSdk(config = {}) {
   return new HaexVaultSdk(config);
 }
 
+exports.COSE_ALGORITHM = COSE_ALGORITHM;
 exports.DEFAULT_TIMEOUT = DEFAULT_TIMEOUT;
 exports.DatabaseAPI = DatabaseAPI;
 exports.EXTERNAL_EVENTS = EXTERNAL_EVENTS;
@@ -2423,9 +2589,17 @@ exports.deriveKeyFromPassword = deriveKeyFromPassword;
 exports.encryptCrdtData = encryptCrdtData;
 exports.encryptString = encryptString;
 exports.encryptVaultKey = encryptVaultKey;
+exports.exportKeyPairAsync = exportKeyPairAsync;
+exports.exportPrivateKeyAsync = exportPrivateKeyAsync;
+exports.exportPublicKeyAsync = exportPublicKeyAsync;
+exports.exportPublicKeyCoseAsync = exportPublicKeyCoseAsync;
+exports.generateCredentialId = generateCredentialId;
+exports.generatePasskeyPairAsync = generatePasskeyPairAsync;
 exports.generateVaultKey = generateVaultKey;
 exports.getTableName = getTableName;
 exports.hexToBytes = hexToBytes;
+exports.importPrivateKeyAsync = importPrivateKeyAsync;
+exports.importPublicKeyAsync = importPublicKeyAsync;
 exports.installBaseTag = installBaseTag;
 exports.installCookiePolyfill = installCookiePolyfill;
 exports.installHistoryPolyfill = installHistoryPolyfill;
@@ -2433,9 +2607,11 @@ exports.installLocalStoragePolyfill = installLocalStoragePolyfill;
 exports.installPolyfills = installPolyfills;
 exports.installSessionStoragePolyfill = installSessionStoragePolyfill;
 exports.isExternalClientConnected = isExternalClientConnected;
+exports.signWithPasskeyAsync = signWithPasskeyAsync;
 exports.sortObjectKeysRecursively = sortObjectKeysRecursively;
 exports.unwrapKey = unwrapKey;
 exports.verifyExtensionSignature = verifyExtensionSignature;
+exports.verifyWithPasskeyAsync = verifyWithPasskeyAsync;
 exports.wrapKey = wrapKey;
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map