@mentaproject/signer-react-native 0.0.1

package/src/utils/base64url.ts

@@ -0,0 +1,161 @@
+import { toHex, type Hex } from "viem";
+
+/**
+ * Converts a Base64URL encoded string to a Uint8Array.
+ * Base64URL uses - instead of + and _ instead of /, with no padding.
+ *
+ * @param base64url - The Base64URL encoded string
+ * @returns The decoded bytes as Uint8Array
+ */
+export function base64UrlToBytes(base64url: string): Uint8Array {
+  // Convert Base64URL to standard Base64
+  let base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+
+  // Add padding if needed
+  const padding = base64.length % 4;
+  if (padding) {
+    base64 += "=".repeat(4 - padding);
+  }
+
+  // Decode Base64 to binary string
+  const binaryString = atob(base64);
+
+  // Convert binary string to Uint8Array
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+
+  return bytes;
+}
+
+/**
+ * Converts a Uint8Array to a Base64URL encoded string.
+ *
+ * @param bytes - The bytes to encode
+ * @returns The Base64URL encoded string (no padding)
+ */
+export function bytesToBase64Url(bytes: Uint8Array): string {
+  // Convert bytes to binary string
+  let binaryString = "";
+  for (let i = 0; i < bytes.length; i++) {
+    binaryString += String.fromCharCode(bytes[i]);
+  }
+
+  // Encode to Base64
+  const base64 = btoa(binaryString);
+
+  // Convert to Base64URL (remove padding, replace + with -, / with _)
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+
+/**
+ * Converts a Base64URL encoded string to a Hex string.
+ *
+ * @param base64url - The Base64URL encoded string
+ * @returns The hex representation with 0x prefix
+ */
+export function base64UrlToHex(base64url: string): Hex {
+  const bytes = base64UrlToBytes(base64url);
+  return toHex(bytes);
+}
+
+/**
+ * Converts a Hex string to a Base64URL encoded string.
+ *
+ * @param hex - The hex string (with or without 0x prefix)
+ * @returns The Base64URL encoded string
+ */
+export function hexToBase64Url(hex: Hex): string {
+  // Remove 0x prefix if present
+  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+
+  // Convert hex to bytes
+  const bytes = new Uint8Array(cleanHex.length / 2);
+  for (let i = 0; i < cleanHex.length; i += 2) {
+    bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);
+  }
+
+  return bytesToBase64Url(bytes);
+}
+
+/**
+ * Converts a Uint8Array to a Hex string.
+ *
+ * @param bytes - The bytes to convert
+ * @returns The hex representation with 0x prefix
+ */
+export function bytesToHex(bytes: Uint8Array): Hex {
+  return toHex(bytes);
+}
+
+/**
+ * Converts a Hex string to a Uint8Array.
+ *
+ * @param hex - The hex string (with or without 0x prefix)
+ * @returns The bytes as Uint8Array
+ */
+export function hexToBytes(hex: Hex): Uint8Array {
+  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(cleanHex.length / 2);
+  for (let i = 0; i < cleanHex.length; i += 2) {
+    bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+
+/**
+ * Converts a UTF-8 string to a Base64URL encoded string.
+ *
+ * @param str - The UTF-8 string
+ * @returns The Base64URL encoded string
+ */
+export function stringToBase64Url(str: string): string {
+  const encoder = new TextEncoder();
+  const bytes = encoder.encode(str);
+  return bytesToBase64Url(bytes);
+}
+
+/**
+ * Converts a Base64URL encoded string to a UTF-8 string.
+ *
+ * @param base64url - The Base64URL encoded string
+ * @returns The decoded UTF-8 string
+ */
+export function base64UrlToString(base64url: string): string {
+  const bytes = base64UrlToBytes(base64url);
+  const decoder = new TextDecoder();
+  return decoder.decode(bytes);
+}
+
+/**
+ * Pads a hex value to ensure it has the specified byte length.
+ * Useful for ensuring coordinates are 32 bytes.
+ *
+ * @param hex - The hex string to pad
+ * @param byteLength - The desired byte length (default: 32)
+ * @returns The padded hex string with 0x prefix
+ */
+export function padHex(hex: Hex, byteLength = 32): Hex {
+  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const targetLength = byteLength * 2;
+
+  if (cleanHex.length >= targetLength) {
+    return `0x${cleanHex.slice(-targetLength)}` as Hex;
+  }
+
+  return `0x${cleanHex.padStart(targetLength, "0")}` as Hex;
+}
+
+/**
+ * Concatenates multiple Hex values into a single Hex value.
+ *
+ * @param hexValues - The hex values to concatenate
+ * @returns The concatenated hex string with 0x prefix
+ */
+export function concatHex(...hexValues: Hex[]): Hex {
+  const combined = hexValues
+    .map((h) => (h.startsWith("0x") ? h.slice(2) : h))
+    .join("");
+  return `0x${combined}` as Hex;
+}

package/src/utils/cose.ts

@@ -0,0 +1,356 @@
+import { decode as cborDecode } from "cbor-x";
+import type { Hex } from "viem";
+import type { P256PublicKey } from "../types/index.js";
+import { base64UrlToBytes, bytesToHex, padHex, concatHex } from "./base64url.js";
+
+/**
+ * COSE Key Types (kty)
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#key-type
+ */
+const COSE_KEY_TYPE = {
+  OKP: 1, // Octet Key Pair
+  EC2: 2, // Elliptic Curve with x and y coordinates
+  RSA: 3, // RSA
+  SYMMETRIC: 4, // Symmetric key
+} as const;
+
+/**
+ * COSE Algorithms
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#algorithms
+ */
+const COSE_ALGORITHM = {
+  ES256: -7, // ECDSA w/ SHA-256 (P-256)
+  ES384: -35, // ECDSA w/ SHA-384 (P-384)
+  ES512: -36, // ECDSA w/ SHA-512 (P-521)
+  EDDSA: -8, // EdDSA
+} as const;
+
+/**
+ * COSE Elliptic Curves
+ * @see https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves
+ */
+const COSE_CURVE = {
+  P256: 1, // NIST P-256 (secp256r1)
+  P384: 2, // NIST P-384
+  P521: 3, // NIST P-521
+  ED25519: 6, // Ed25519
+} as const;
+
+/**
+ * COSE Key Parameter Labels
+ */
+const COSE_KEY_PARAMS = {
+  KTY: 1, // Key type
+  ALG: 3, // Algorithm
+  CRV: -1, // Curve (for EC2 keys)
+  X: -2, // X coordinate (for EC2 keys)
+  Y: -3, // Y coordinate (for EC2 keys)
+} as const;
+
+/**
+ * Error thrown when COSE key parsing fails.
+ */
+export class COSEParseError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "COSEParseError";
+  }
+}
+
+/**
+ * Represents a parsed COSE key structure.
+ */
+interface COSEKey {
+  kty: number;
+  alg?: number;
+  crv?: number;
+  x?: Uint8Array;
+  y?: Uint8Array;
+}
+
+/**
+ * Parses a COSE key from CBOR-encoded bytes.
+ *
+ * @param coseBytes - The CBOR-encoded COSE key bytes
+ * @returns The parsed COSE key structure
+ * @throws COSEParseError if parsing fails
+ */
+function parseCOSEKey(coseBytes: Uint8Array): COSEKey {
+  let decoded: Map<number, unknown>;
+
+  try {
+    decoded = cborDecode(coseBytes);
+  } catch (error) {
+    throw new COSEParseError(
+      `Failed to decode CBOR: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
+  }
+
+  // COSE keys are encoded as CBOR maps
+  if (!(decoded instanceof Map)) {
+    throw new COSEParseError(
+      "Invalid COSE key format: expected CBOR map"
+    );
+  }
+
+  const kty = decoded.get(COSE_KEY_PARAMS.KTY);
+  if (typeof kty !== "number") {
+    throw new COSEParseError("Invalid COSE key: missing or invalid kty");
+  }
+
+  const result: COSEKey = { kty };
+
+  // Optional algorithm
+  const alg = decoded.get(COSE_KEY_PARAMS.ALG);
+  if (typeof alg === "number") {
+    result.alg = alg;
+  }
+
+  // For EC2 keys, extract curve and coordinates
+  if (kty === COSE_KEY_TYPE.EC2) {
+    const crv = decoded.get(COSE_KEY_PARAMS.CRV);
+    if (typeof crv === "number") {
+      result.crv = crv;
+    }
+
+    const x = decoded.get(COSE_KEY_PARAMS.X);
+    if (x instanceof Uint8Array) {
+      result.x = x;
+    }
+
+    const y = decoded.get(COSE_KEY_PARAMS.Y);
+    if (y instanceof Uint8Array) {
+      result.y = y;
+    }
+  }
+
+  return result;
+}
+
+/**
+ * Extracts the attestedCredentialData from authenticatorData.
+ * The attestedCredentialData contains the COSE public key.
+ *
+ * AuthenticatorData structure:
+ * - rpIdHash (32 bytes)
+ * - flags (1 byte)
+ * - signCount (4 bytes, big endian)
+ * - attestedCredentialData (variable, if AT flag is set)
+ *   - aaguid (16 bytes)
+ *   - credentialIdLength (2 bytes, big endian)
+ *   - credentialId (credentialIdLength bytes)
+ *   - credentialPublicKey (remaining bytes, CBOR encoded)
+ *
+ * @param authenticatorData - Raw authenticator data bytes
+ * @returns Object containing credentialId and publicKey bytes
+ * @throws COSEParseError if parsing fails
+ */
+export function parseAuthenticatorData(authenticatorData: Uint8Array): {
+  credentialId: Uint8Array;
+  publicKeyBytes: Uint8Array;
+} {
+  // Minimum length: 37 bytes (rpIdHash + flags + signCount)
+  if (authenticatorData.length < 37) {
+    throw new COSEParseError(
+      "Authenticator data too short: minimum 37 bytes required"
+    );
+  }
+
+  // Check AT (attestedCredentialData) flag (bit 6)
+  const flags = authenticatorData[32];
+  const hasAttestedCredData = (flags & 0x40) !== 0;
+
+  if (!hasAttestedCredData) {
+    throw new COSEParseError(
+      "Authenticator data does not contain attested credential data"
+    );
+  }
+
+  // Skip rpIdHash (32) + flags (1) + signCount (4) = 37 bytes
+  let offset = 37;
+
+  // Skip aaguid (16 bytes)
+  offset += 16;
+
+  if (authenticatorData.length < offset + 2) {
+    throw new COSEParseError(
+      "Authenticator data too short: missing credentialIdLength"
+    );
+  }
+
+  // Read credentialIdLength (2 bytes, big endian)
+  const credentialIdLength =
+    (authenticatorData[offset] << 8) | authenticatorData[offset + 1];
+  offset += 2;
+
+  if (authenticatorData.length < offset + credentialIdLength) {
+    throw new COSEParseError(
+      "Authenticator data too short: missing credentialId"
+    );
+  }
+
+  // Read credentialId
+  const credentialId = authenticatorData.slice(offset, offset + credentialIdLength);
+  offset += credentialIdLength;
+
+  // Remaining bytes are the CBOR-encoded public key
+  const publicKeyBytes = authenticatorData.slice(offset);
+
+  if (publicKeyBytes.length === 0) {
+    throw new COSEParseError(
+      "Authenticator data too short: missing public key"
+    );
+  }
+
+  return { credentialId, publicKeyBytes };
+}
+
+/**
+ * Extracts P256 (secp256r1) public key coordinates from a COSE key.
+ * This is the CRUCIAL function for Passkey integration.
+ *
+ * @param coseBytes - The CBOR-encoded COSE key bytes
+ * @returns The X and Y coordinates as 32-byte hex strings
+ * @throws COSEParseError if the key is not a valid P256 key
+ */
+export function extractP256PublicKey(coseBytes: Uint8Array): P256PublicKey {
+  const coseKey = parseCOSEKey(coseBytes);
+
+  // Validate key type
+  if (coseKey.kty !== COSE_KEY_TYPE.EC2) {
+    throw new COSEParseError(
+      `Invalid key type: expected EC2 (${COSE_KEY_TYPE.EC2}), got ${coseKey.kty}`
+    );
+  }
+
+  // Validate curve (if present)
+  if (coseKey.crv !== undefined && coseKey.crv !== COSE_CURVE.P256) {
+    throw new COSEParseError(
+      `Invalid curve: expected P-256 (${COSE_CURVE.P256}), got ${coseKey.crv}`
+    );
+  }
+
+  // Validate algorithm (if present)
+  if (coseKey.alg !== undefined && coseKey.alg !== COSE_ALGORITHM.ES256) {
+    throw new COSEParseError(
+      `Invalid algorithm: expected ES256 (${COSE_ALGORITHM.ES256}), got ${coseKey.alg}`
+    );
+  }
+
+  // Validate coordinates
+  if (!coseKey.x || coseKey.x.length === 0) {
+    throw new COSEParseError("Missing X coordinate in COSE key");
+  }
+
+  if (!coseKey.y || coseKey.y.length === 0) {
+    throw new COSEParseError("Missing Y coordinate in COSE key");
+  }
+
+  // P-256 coordinates should be exactly 32 bytes
+  // However, some implementations may include leading zeros or strip them
+  // We handle both cases by padding/trimming to exactly 32 bytes
+  const xHex = padHex(bytesToHex(coseKey.x), 32);
+  const yHex = padHex(bytesToHex(coseKey.y), 32);
+
+  return { x: xHex, y: yHex };
+}
+
+/**
+ * Extracts the public key from a WebAuthn attestation response.
+ *
+ * @param attestationObject - Base64URL encoded attestation object from registration
+ * @returns The P256 public key coordinates
+ * @throws COSEParseError if extraction fails
+ */
+export function extractPublicKeyFromAttestation(
+  attestationObject: string
+): {
+  credentialId: Uint8Array;
+  publicKey: P256PublicKey;
+} {
+  // Decode the attestation object
+  const attestationBytes = base64UrlToBytes(attestationObject);
+
+  let attestation: { authData?: Uint8Array; fmt?: string };
+  try {
+    attestation = cborDecode(attestationBytes);
+  } catch (error) {
+    throw new COSEParseError(
+      `Failed to decode attestation object: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
+  }
+
+  // Extract authData from attestation
+  if (!attestation.authData || !(attestation.authData instanceof Uint8Array)) {
+    throw new COSEParseError(
+      "Invalid attestation object: missing or invalid authData"
+    );
+  }
+
+  // Parse the authenticator data to get the public key
+  const { credentialId, publicKeyBytes } = parseAuthenticatorData(
+    attestation.authData
+  );
+
+  // Extract the P256 coordinates from the COSE key
+  const publicKey = extractP256PublicKey(publicKeyBytes);
+
+  return { credentialId, publicKey };
+}
+
+/**
+ * Encodes a P256 public key to the uncompressed format (0x04 || x || y).
+ * This is the standard SEC1 uncompressed point format.
+ *
+ * @param publicKey - The P256 public key coordinates
+ * @returns The uncompressed public key as hex (65 bytes total)
+ */
+export function encodeUncompressedPublicKey(publicKey: P256PublicKey): Hex {
+  // Ensure coordinates are exactly 32 bytes each
+  const x = padHex(publicKey.x, 32);
+  const y = padHex(publicKey.y, 32);
+
+  // Uncompressed format: 0x04 || x || y
+  return concatHex("0x04" as Hex, x, y);
+}
+
+/**
+ * Validates that a public key is on the P256 curve.
+ * This is a basic validation - for full security, use a proper crypto library.
+ *
+ * @param publicKey - The public key coordinates to validate
+ * @returns true if the key appears valid
+ */
+export function isValidP256PublicKey(publicKey: P256PublicKey): boolean {
+  // Basic validation: check that coordinates are 32 bytes each
+  const xClean = publicKey.x.startsWith("0x")
+    ? publicKey.x.slice(2)
+    : publicKey.x;
+  const yClean = publicKey.y.startsWith("0x")
+    ? publicKey.y.slice(2)
+    : publicKey.y;
+
+  // Each coordinate should be at most 64 hex chars (32 bytes)
+  if (xClean.length > 64 || yClean.length > 64) {
+    return false;
+  }
+
+  // Coordinates should not be zero
+  if (BigInt(`0x${xClean}`) === 0n || BigInt(`0x${yClean}`) === 0n) {
+    return false;
+  }
+
+  // P-256 prime
+  const p = BigInt(
+    "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"
+  );
+
+  // Coordinates should be less than the prime
+  if (BigInt(`0x${xClean}`) >= p || BigInt(`0x${yClean}`) >= p) {
+    return false;
+  }
+
+  return true;
+}
+
+export { COSE_KEY_TYPE, COSE_ALGORITHM, COSE_CURVE };

package/src/utils/index.ts

@@ -0,0 +1,40 @@
+// Base64URL encoding utilities
+export {
+  base64UrlToBytes,
+  bytesToBase64Url,
+  base64UrlToHex,
+  hexToBase64Url,
+  bytesToHex,
+  hexToBytes,
+  stringToBase64Url,
+  base64UrlToString,
+  padHex,
+  concatHex,
+} from "./base64url.js";
+
+// COSE key parsing utilities
+export {
+  extractP256PublicKey,
+  extractPublicKeyFromAttestation,
+  parseAuthenticatorData,
+  encodeUncompressedPublicKey,
+  isValidP256PublicKey,
+  COSEParseError,
+  COSE_KEY_TYPE,
+  COSE_ALGORITHM,
+  COSE_CURVE,
+} from "./cose.js";
+
+// Passkey/WebAuthn utilities
+export {
+  parseAuthenticatorDataFromAssertion,
+  parseDERSignature,
+  normalizeSignatureS,
+  findJsonFieldPosition,
+  parseWebAuthnAssertion,
+  encodeWebAuthnSignature,
+  createChallenge,
+  hashMessage,
+  createAssertionOptions,
+  SignatureError,
+} from "./passkey.js";