@koralabs/kora-labs-common 6.4.25 → 6.6.0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@koralabs/kora-labs-common",
-    "version": "6.4.25",
+    "version": "6.6.0",
     "description": "Kora Labs Common Utilities",
     "main": "index.js",
     "types": "index.d.ts",
@@ -40,6 +40,7 @@
     },
     "dependencies": {
         "@aws-sdk/client-kms": "^3.1003.0",
+        "@emurgo/cardano-message-signing-nodejs": "^1.0.1",
         "bech32": "^2.0.0",
         "blakejs": "^1.2.1",
         "boolean": "^3.2.0",

package/utils/cip8/index.d.ts

@@ -0,0 +1,14 @@
+/**
+ * Verify a CIP-30 signData (CIP-8) signature.
+ *
+ * Parses the COSE structures produced by the wallet, reconstructs the
+ * SigStructure using the library (not manual CBOR), and verifies the
+ * Ed25519 signature with Node.js crypto.
+ *
+ * @param signatureCborHex - COSESign1 CBOR hex from wallet signData response
+ * @param publicKeyCborHex - COSEKey CBOR hex from wallet signData response
+ * @param expectedPayloadHex - hex of the expected signed payload (e.g. requestId + handle as UTF-8 bytes)
+ * @param expectedAddressHex - hex of the expected signing address (must match the address in the COSE protected headers)
+ * @returns true if the signature is valid
+ */
+export declare const verifyCip30SignData: (signatureCborHex: string, publicKeyCborHex: string, expectedPayloadHex: string, expectedAddressHex: string) => Promise<boolean>;

package/utils/cip8/index.js

@@ -0,0 +1,95 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyCip30SignData = void 0;
+const crypto_1 = require("crypto");
+let _cms;
+const getCms = async () => {
+    if (!_cms) {
+        _cms = await Promise.resolve().then(() => __importStar(require('@emurgo/cardano-message-signing-nodejs')));
+    }
+    return _cms;
+};
+/**
+ * Verify a CIP-30 signData (CIP-8) signature.
+ *
+ * Parses the COSE structures produced by the wallet, reconstructs the
+ * SigStructure using the library (not manual CBOR), and verifies the
+ * Ed25519 signature with Node.js crypto.
+ *
+ * @param signatureCborHex - COSESign1 CBOR hex from wallet signData response
+ * @param publicKeyCborHex - COSEKey CBOR hex from wallet signData response
+ * @param expectedPayloadHex - hex of the expected signed payload (e.g. requestId + handle as UTF-8 bytes)
+ * @param expectedAddressHex - hex of the expected signing address (must match the address in the COSE protected headers)
+ * @returns true if the signature is valid
+ */
+const verifyCip30SignData = async (signatureCborHex, publicKeyCborHex, expectedPayloadHex, expectedAddressHex) => {
+    var _a;
+    const cms = await getCms();
+    // Parse COSESign1 and COSEKey from wallet output
+    const coseSign1 = cms.COSESign1.from_bytes(Buffer.from(signatureCborHex, 'hex'));
+    const coseKey = cms.COSEKey.from_bytes(Buffer.from(publicKeyCborHex, 'hex'));
+    // Extract the address from the protected headers and verify it matches
+    const protectedHeaders = coseSign1.headers().protected().deserialized_headers();
+    const addressLabel = cms.Label.new_text('address');
+    const addressValue = protectedHeaders.header(addressLabel);
+    if (addressValue) {
+        const addressBytes = Buffer.from((_a = addressValue.as_bytes()) !== null && _a !== void 0 ? _a : new Uint8Array()).toString('hex');
+        if (addressBytes !== expectedAddressHex) {
+            return false;
+        }
+    }
+    // Verify the payload matches what we expect
+    const signedPayload = coseSign1.payload();
+    if (signedPayload) {
+        const payloadHex = Buffer.from(signedPayload).toString('hex');
+        if (payloadHex !== expectedPayloadHex) {
+            return false;
+        }
+    }
+    // Reconstruct the SigStructure (what was actually signed) using the library
+    const sigStructure = coseSign1.signed_data();
+    const sigStructureBytes = sigStructure.to_bytes();
+    // Extract the raw Ed25519 signature
+    const signatureBytes = coseSign1.signature();
+    // Extract the Ed25519 public key from COSEKey (label -2 is the "x" coordinate / public key)
+    const xLabel = cms.Label.new_int(cms.Int.new_i32(-2));
+    const pubKeyValue = coseKey.header(xLabel);
+    if (!pubKeyValue) {
+        return false;
+    }
+    const pubKeyBytes = pubKeyValue.as_bytes();
+    if (!pubKeyBytes || pubKeyBytes.length !== 32) {
+        return false;
+    }
+    // Wrap the raw Ed25519 public key in DER SPKI format for Node.js crypto
+    const pubKeyDer = Buffer.concat([
+        Buffer.from('302a300506032b6570032100', 'hex'),
+        Buffer.from(pubKeyBytes)
+    ]);
+    const keyObject = (0, crypto_1.createPublicKey)({ key: pubKeyDer, format: 'der', type: 'spki' });
+    return (0, crypto_1.verify)(null, Buffer.from(sigStructureBytes), keyObject, Buffer.from(signatureBytes));
+};
+exports.verifyCip30SignData = verifyCip30SignData;

package/utils/crypto/index.d.ts

@@ -23,4 +23,5 @@ export declare const bech32AddressFromHashes: (paymentHash: string, paymentHashT
 export declare const buildHolderInfo: (addr: string) => AddressDetails;
 export declare const getDateStringFromSlot: (currentSlot: number) => Date;
 export declare const getSlotNumberFromDate: (date: Date) => number;
+export declare const addressHexToBech32: (hex: string) => string;
 export declare const blake2b: (input: string | Buffer | Uint8Array, outlen?: number) => string;

package/utils/crypto/index.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.blake2b = exports.getSlotNumberFromDate = exports.getDateStringFromSlot = exports.buildHolderInfo = exports.bech32AddressFromHashes = exports.bech32FromHex = exports.getPaymentKeyHash = exports.buildStakeKey = exports.buildPaymentAddressType = exports.getPaymentAddressType = exports.checkNameLabel = exports.parseAssetNameLabel = exports.decodeAddress = exports.getChallengeFromVerifier = exports.base64urlencode = exports.sha256 = exports.getRandomCodeVerifier = exports.dec2hex = exports.getNativeCrypto = void 0;
+exports.blake2b = exports.addressHexToBech32 = exports.getSlotNumberFromDate = exports.getDateStringFromSlot = exports.buildHolderInfo = exports.bech32AddressFromHashes = exports.bech32FromHex = exports.getPaymentKeyHash = exports.buildStakeKey = exports.buildPaymentAddressType = exports.getPaymentAddressType = exports.checkNameLabel = exports.parseAssetNameLabel = exports.decodeAddress = exports.getChallengeFromVerifier = exports.base64urlencode = exports.sha256 = exports.getRandomCodeVerifier = exports.dec2hex = exports.getNativeCrypto = void 0;
 const bech32_1 = require("bech32");
 const blakejs_1 = require("blakejs");
 const bs58_1 = __importDefault(require("bs58"));
@@ -271,6 +271,21 @@ const getSlotNumberFromDate = (date) => {
     return (Math.floor(date.getTime() / 1000) - 1596491091) + 4924800;
 };
 exports.getSlotNumberFromDate = getSlotNumberFromDate;
+const addressHexToBech32 = (hex) => {
+    const bytes = Uint8Array.from(Buffer.from(hex, 'hex'));
+    if (bytes.length === 0)
+        return '';
+    const header = bytes[0];
+    const addressType = header >> 4;
+    const networkId = header & 0x0f;
+    const isTestnet = networkId === 0;
+    const isReward = addressType === 14 || addressType === 15;
+    const type = isReward ? 'stake' : 'addr';
+    const prefix = isTestnet && (type === 'addr' || type === 'stake') ? `${type}_test` : type;
+    const words = bech32_1.bech32.toWords(bytes);
+    return bech32_1.bech32.encode(prefix, words, 2048);
+};
+exports.addressHexToBech32 = addressHexToBech32;
 const blake2b = (input, outlen = 32) => {
     if (typeof input == 'string') {
         input = Buffer.from(input, 'hex');

package/utils/index.d.ts

@@ -30,4 +30,5 @@ export declare const isUserIssueTrackingId: (value: unknown) => value is string;
 export declare const normalizeUserIssueEventSegment: (value: string) => string;
 export declare const buildUserIssueEventKey: (repo: string, flow: string, pathOrFunction: string, step: string) => string;
 export { decodeCborToJson, encodeJsonToDatum, DefaultTextFormat as KeyType } from './cbor';
+export * from './cip8';
 export * from './crypto';

package/utils/index.js

@@ -199,4 +199,5 @@ var cbor_1 = require("./cbor");
 Object.defineProperty(exports, "decodeCborToJson", { enumerable: true, get: function () { return cbor_1.decodeCborToJson; } });
 Object.defineProperty(exports, "encodeJsonToDatum", { enumerable: true, get: function () { return cbor_1.encodeJsonToDatum; } });
 Object.defineProperty(exports, "KeyType", { enumerable: true, get: function () { return cbor_1.DefaultTextFormat; } });
+__exportStar(require("./cip8"), exports);
 __exportStar(require("./crypto"), exports);