npm - @koralabs/kora-labs-common - Versions diffs - 6.4.25 → 6.6.1 - Mend

@koralabs/kora-labs-common 6.4.25 → 6.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
     "name": "@koralabs/kora-labs-common",
-    "version": "6.4.25",
+    "version": "6.6.1",
     "description": "Kora Labs Common Utilities",
     "main": "index.js",
     "types": "index.d.ts",
@@ -40,12 +40,14 @@
     },
     "dependencies": {
         "@aws-sdk/client-kms": "^3.1003.0",
+        "@emurgo/cardano-message-signing-nodejs": "^1.0.1",
         "bech32": "^2.0.0",
         "blakejs": "^1.2.1",
         "boolean": "^3.2.0",
         "bs58": "^6.0.0",
         "cbor": "^9.0.2",
         "crc": "^4.3.2",
+        "libsodium-wrappers-sumo": "^0.8.3",
         "pluralize-esm": "^9.0.5"
     },
     "overrides": {

package/utils/cip8/index.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Produce a CIP-30 signData (CIP-8) signature.
+ *
+ * Builds COSE_Sign1 and COSE_Key structures that verifyCip30SignData can verify.
+ *
+ * @param privateKeyHex - raw Ed25519 private key (32 bytes hex)
+ * @param publicKeyHex  - raw Ed25519 public key (32 bytes hex)
+ * @param payloadHex    - hex of the payload to sign (e.g. UTF-8 bytes of requestId + handle)
+ * @param addressHex    - hex of the signing address (included in COSE protected headers)
+ * @returns { signature: string, key: string } — COSESign1 and COSEKey as CBOR hex
+ */
+export declare const signCip30Data: (privateKeyHex: string, publicKeyHex: string, payloadHex: string, addressHex: string, signFn?: ((messageHex: string) => string) | undefined) => Promise<{
+    signature: string;
+    key: string;
+}>;
+/**
+ * Verify a CIP-30 signData (CIP-8) signature.
+ *
+ * Parses the COSE structures produced by the wallet, reconstructs the
+ * SigStructure using the library (not manual CBOR), and verifies the
+ * Ed25519 signature with Node.js crypto.
+ *
+ * @param signatureCborHex - COSESign1 CBOR hex from wallet signData response
+ * @param publicKeyCborHex - COSEKey CBOR hex from wallet signData response
+ * @param expectedPayloadHex - hex of the expected signed payload (e.g. requestId + handle as UTF-8 bytes)
+ * @param expectedAddressHex - hex of the expected signing address (must match the address in the COSE protected headers)
+ * @returns true if the signature is valid
+ */
+export declare const verifyCip30SignData: (signatureCborHex: string, publicKeyCborHex: string, expectedPayloadHex: string, expectedAddressHex: string) => Promise<boolean>;

package/utils/cip8/index.js ADDED Viewed

@@ -0,0 +1,154 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyCip30SignData = exports.signCip30Data = void 0;
+const crypto_1 = require("crypto");
+let _cms;
+const getCms = async () => {
+    if (!_cms) {
+        _cms = await Promise.resolve().then(() => __importStar(require('@emurgo/cardano-message-signing-nodejs')));
+    }
+    return _cms;
+};
+/**
+ * Produce a CIP-30 signData (CIP-8) signature.
+ *
+ * Builds COSE_Sign1 and COSE_Key structures that verifyCip30SignData can verify.
+ *
+ * @param privateKeyHex - raw Ed25519 private key (32 bytes hex)
+ * @param publicKeyHex  - raw Ed25519 public key (32 bytes hex)
+ * @param payloadHex    - hex of the payload to sign (e.g. UTF-8 bytes of requestId + handle)
+ * @param addressHex    - hex of the signing address (included in COSE protected headers)
+ * @returns { signature: string, key: string } — COSESign1 and COSEKey as CBOR hex
+ */
+const signCip30Data = async (privateKeyHex, publicKeyHex, payloadHex, addressHex,
+/** Optional sign function for extended keys. Takes message hex, returns signature hex. */
+signFn) => {
+    const cms = await getCms();
+    const payloadBytes = Buffer.from(payloadHex, 'hex');
+    const addrBytes = Buffer.from(addressHex, 'hex');
+    const pubKeyBytes = Buffer.from(publicKeyHex, 'hex');
+    // Build protected headers: algorithm = EdDSA, address = signing address
+    const protectedHeaders = cms.HeaderMap.new();
+    protectedHeaders.set_algorithm_id(cms.Label.from_algorithm_id(cms.AlgorithmId.EdDSA));
+    protectedHeaders.set_header(cms.Label.new_text('address'), cms.CBORValue.new_bytes(addrBytes));
+    const headers = cms.Headers.new(cms.ProtectedHeaderMap.new(protectedHeaders), cms.HeaderMap.new());
+    const builder = cms.COSESign1Builder.new(headers, payloadBytes, false);
+    // Sign the SigStructure with the Ed25519 private key.
+    // Accepts 32-byte seed (Node.js crypto) or 64-byte extended key (Cardano BIP32).
+    // For extended keys, a signFn callback must be provided since the standard
+    // DER format doesn't support pre-clamped scalars.
+    const sigStructureBytes = builder.make_data_to_sign().to_bytes();
+    const privKeyRaw = Buffer.from(privateKeyHex, 'hex');
+    let signatureBytes;
+    if (privKeyRaw.length <= 32) {
+        // 32-byte seed: use Node.js crypto
+        const privKeyDer = Buffer.concat([
+            Buffer.from('302e020100300506032b657004220420', 'hex'),
+            privKeyRaw
+        ]);
+        const keyObject = (0, crypto_1.createPrivateKey)({ key: privKeyDer, format: 'der', type: 'pkcs8' });
+        signatureBytes = (0, crypto_1.sign)(null, Buffer.from(sigStructureBytes), keyObject);
+    }
+    else if (signFn) {
+        // Extended key with custom sign function (e.g. @cardano-sdk/crypto Ed25519PrivateKey.sign)
+        signatureBytes = Buffer.from(signFn(Buffer.from(sigStructureBytes).toString('hex')), 'hex');
+    }
+    else {
+        throw new Error('64-byte extended key requires a signFn parameter');
+    }
+    const coseSign1 = builder.build(signatureBytes);
+    // Build COSE_Key with the public key
+    const coseKey = cms.COSEKey.new(cms.Label.from_key_type(cms.KeyType.OKP));
+    coseKey.set_algorithm_id(cms.Label.from_algorithm_id(cms.AlgorithmId.EdDSA));
+    coseKey.set_header(cms.Label.new_int(cms.Int.new_i32(-1)), cms.CBORValue.from_label(cms.Label.from_curve_type(cms.CurveType.Ed25519)));
+    coseKey.set_header(cms.Label.new_int(cms.Int.new_i32(-2)), cms.CBORValue.new_bytes(pubKeyBytes));
+    return {
+        signature: Buffer.from(coseSign1.to_bytes()).toString('hex'),
+        key: Buffer.from(coseKey.to_bytes()).toString('hex')
+    };
+};
+exports.signCip30Data = signCip30Data;
+/**
+ * Verify a CIP-30 signData (CIP-8) signature.
+ *
+ * Parses the COSE structures produced by the wallet, reconstructs the
+ * SigStructure using the library (not manual CBOR), and verifies the
+ * Ed25519 signature with Node.js crypto.
+ *
+ * @param signatureCborHex - COSESign1 CBOR hex from wallet signData response
+ * @param publicKeyCborHex - COSEKey CBOR hex from wallet signData response
+ * @param expectedPayloadHex - hex of the expected signed payload (e.g. requestId + handle as UTF-8 bytes)
+ * @param expectedAddressHex - hex of the expected signing address (must match the address in the COSE protected headers)
+ * @returns true if the signature is valid
+ */
+const verifyCip30SignData = async (signatureCborHex, publicKeyCborHex, expectedPayloadHex, expectedAddressHex) => {
+    var _a;
+    const cms = await getCms();
+    // Parse COSESign1 and COSEKey from wallet output
+    const coseSign1 = cms.COSESign1.from_bytes(Buffer.from(signatureCborHex, 'hex'));
+    const coseKey = cms.COSEKey.from_bytes(Buffer.from(publicKeyCborHex, 'hex'));
+    // Extract the address from the protected headers and verify it matches
+    const protectedHeaders = coseSign1.headers().protected().deserialized_headers();
+    const addressLabel = cms.Label.new_text('address');
+    const addressValue = protectedHeaders.header(addressLabel);
+    if (addressValue) {
+        const addressBytes = Buffer.from((_a = addressValue.as_bytes()) !== null && _a !== void 0 ? _a : new Uint8Array()).toString('hex');
+        if (addressBytes !== expectedAddressHex) {
+            return false;
+        }
+    }
+    // Verify the payload matches what we expect
+    const signedPayload = coseSign1.payload();
+    if (signedPayload) {
+        const payloadHex = Buffer.from(signedPayload).toString('hex');
+        if (payloadHex !== expectedPayloadHex) {
+            return false;
+        }
+    }
+    // Reconstruct the SigStructure (what was actually signed) using the library
+    const sigStructure = coseSign1.signed_data();
+    const sigStructureBytes = sigStructure.to_bytes();
+    // Extract the raw Ed25519 signature
+    const signatureBytes = coseSign1.signature();
+    // Extract the Ed25519 public key from COSEKey (label -2 is the "x" coordinate / public key)
+    const xLabel = cms.Label.new_int(cms.Int.new_i32(-2));
+    const pubKeyValue = coseKey.header(xLabel);
+    if (!pubKeyValue) {
+        return false;
+    }
+    const pubKeyBytes = pubKeyValue.as_bytes();
+    if (!pubKeyBytes || pubKeyBytes.length !== 32) {
+        return false;
+    }
+    // Wrap the raw Ed25519 public key in DER SPKI format for Node.js crypto
+    const pubKeyDer = Buffer.concat([
+        Buffer.from('302a300506032b6570032100', 'hex'),
+        Buffer.from(pubKeyBytes)
+    ]);
+    const keyObject = (0, crypto_1.createPublicKey)({ key: pubKeyDer, format: 'der', type: 'spki' });
+    return (0, crypto_1.verify)(null, Buffer.from(sigStructureBytes), keyObject, Buffer.from(signatureBytes));
+};
+exports.verifyCip30SignData = verifyCip30SignData;

package/utils/crypto/index.d.ts CHANGED Viewed

@@ -23,4 +23,5 @@ export declare const bech32AddressFromHashes: (paymentHash: string, paymentHashT
 export declare const buildHolderInfo: (addr: string) => AddressDetails;
 export declare const getDateStringFromSlot: (currentSlot: number) => Date;
 export declare const getSlotNumberFromDate: (date: Date) => number;
+export declare const addressHexToBech32: (hex: string) => string;
 export declare const blake2b: (input: string | Buffer | Uint8Array, outlen?: number) => string;

package/utils/crypto/index.js CHANGED Viewed

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.blake2b = exports.getSlotNumberFromDate = exports.getDateStringFromSlot = exports.buildHolderInfo = exports.bech32AddressFromHashes = exports.bech32FromHex = exports.getPaymentKeyHash = exports.buildStakeKey = exports.buildPaymentAddressType = exports.getPaymentAddressType = exports.checkNameLabel = exports.parseAssetNameLabel = exports.decodeAddress = exports.getChallengeFromVerifier = exports.base64urlencode = exports.sha256 = exports.getRandomCodeVerifier = exports.dec2hex = exports.getNativeCrypto = void 0;
+exports.blake2b = exports.addressHexToBech32 = exports.getSlotNumberFromDate = exports.getDateStringFromSlot = exports.buildHolderInfo = exports.bech32AddressFromHashes = exports.bech32FromHex = exports.getPaymentKeyHash = exports.buildStakeKey = exports.buildPaymentAddressType = exports.getPaymentAddressType = exports.checkNameLabel = exports.parseAssetNameLabel = exports.decodeAddress = exports.getChallengeFromVerifier = exports.base64urlencode = exports.sha256 = exports.getRandomCodeVerifier = exports.dec2hex = exports.getNativeCrypto = void 0;
 const bech32_1 = require("bech32");
 const blakejs_1 = require("blakejs");
 const bs58_1 = __importDefault(require("bs58"));
@@ -271,6 +271,21 @@ const getSlotNumberFromDate = (date) => {
     return (Math.floor(date.getTime() / 1000) - 1596491091) + 4924800;
 };
 exports.getSlotNumberFromDate = getSlotNumberFromDate;
+const addressHexToBech32 = (hex) => {
+    const bytes = Uint8Array.from(Buffer.from(hex, 'hex'));
+    if (bytes.length === 0)
+        return '';
+    const header = bytes[0];
+    const addressType = header >> 4;
+    const networkId = header & 0x0f;
+    const isTestnet = networkId === 0;
+    const isReward = addressType === 14 || addressType === 15;
+    const type = isReward ? 'stake' : 'addr';
+    const prefix = isTestnet && (type === 'addr' || type === 'stake') ? `${type}_test` : type;
+    const words = bech32_1.bech32.toWords(bytes);
+    return bech32_1.bech32.encode(prefix, words, 2048);
+};
+exports.addressHexToBech32 = addressHexToBech32;
 const blake2b = (input, outlen = 32) => {
     if (typeof input == 'string') {
         input = Buffer.from(input, 'hex');

package/utils/index.d.ts CHANGED Viewed

@@ -30,4 +30,5 @@ export declare const isUserIssueTrackingId: (value: unknown) => value is string;
 export declare const normalizeUserIssueEventSegment: (value: string) => string;
 export declare const buildUserIssueEventKey: (repo: string, flow: string, pathOrFunction: string, step: string) => string;
 export { decodeCborToJson, encodeJsonToDatum, DefaultTextFormat as KeyType } from './cbor';
+export * from './cip8';
 export * from './crypto';

package/utils/index.js CHANGED Viewed

@@ -199,4 +199,5 @@ var cbor_1 = require("./cbor");
 Object.defineProperty(exports, "decodeCborToJson", { enumerable: true, get: function () { return cbor_1.decodeCborToJson; } });
 Object.defineProperty(exports, "encodeJsonToDatum", { enumerable: true, get: function () { return cbor_1.encodeJsonToDatum; } });
 Object.defineProperty(exports, "KeyType", { enumerable: true, get: function () { return cbor_1.DefaultTextFormat; } });
+__exportStar(require("./cip8"), exports);
 __exportStar(require("./crypto"), exports);