@mentaproject/signer-react-native 0.0.1

package/src/utils/passkey.ts

@@ -0,0 +1,392 @@
+import { type Hex, encodeAbiParameters, keccak256 } from "viem";
+import type {
+  AuthenticatorData,
+  WebAuthnSignature,
+  SignatureEncodingFormat,
+} from "../types/index.js";
+import {
+  base64UrlToBytes,
+  base64UrlToHex,
+  bytesToHex,
+  hexToBase64Url,
+  padHex,
+} from "./base64url.js";
+
+/**
+ * Error thrown when signature parsing or encoding fails.
+ */
+export class SignatureError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = "SignatureError";
+  }
+}
+
+/**
+ * Parses the authenticator data from a WebAuthn assertion.
+ *
+ * @param authenticatorDataB64 - Base64URL encoded authenticator data
+ * @returns Parsed authenticator data structure
+ */
+export function parseAuthenticatorDataFromAssertion(
+  authenticatorDataB64: string
+): AuthenticatorData {
+  const bytes = base64UrlToBytes(authenticatorDataB64);
+
+  if (bytes.length < 37) {
+    throw new SignatureError(
+      "Authenticator data too short: minimum 37 bytes required"
+    );
+  }
+
+  // rpIdHash (32 bytes)
+  const rpIdHash = bytesToHex(bytes.slice(0, 32));
+
+  // flags (1 byte)
+  const flags = bytes[32];
+
+  // signCount (4 bytes, big endian)
+  const signCount =
+    (bytes[33] << 24) | (bytes[34] << 16) | (bytes[35] << 8) | bytes[36];
+
+  return {
+    rpIdHash,
+    flags,
+    signCount,
+    raw: bytesToHex(bytes),
+  };
+}
+
+/**
+ * Parses a DER-encoded ECDSA signature into r and s components.
+ * WebAuthn signatures are DER-encoded ASN.1 sequences.
+ *
+ * DER format: 0x30 [total-length] 0x02 [r-length] [r] 0x02 [s-length] [s]
+ *
+ * @param signatureB64 - Base64URL encoded DER signature
+ * @returns Object with r and s as 32-byte hex strings
+ */
+export function parseDERSignature(signatureB64: string): { r: Hex; s: Hex } {
+  const bytes = base64UrlToBytes(signatureB64);
+
+  if (bytes.length < 8) {
+    throw new SignatureError("DER signature too short");
+  }
+
+  // Verify it's a SEQUENCE
+  if (bytes[0] !== 0x30) {
+    throw new SignatureError(
+      `Invalid DER signature: expected SEQUENCE (0x30), got 0x${bytes[0].toString(16)}`
+    );
+  }
+
+  let offset = 2; // Skip SEQUENCE tag and length
+
+  // Parse R
+  if (bytes[offset] !== 0x02) {
+    throw new SignatureError(
+      `Invalid DER signature: expected INTEGER (0x02) for R, got 0x${bytes[offset].toString(16)}`
+    );
+  }
+  offset++;
+
+  const rLength = bytes[offset];
+  offset++;
+
+  let rBytes = bytes.slice(offset, offset + rLength);
+  offset += rLength;
+
+  // Parse S
+  if (bytes[offset] !== 0x02) {
+    throw new SignatureError(
+      `Invalid DER signature: expected INTEGER (0x02) for S, got 0x${bytes[offset].toString(16)}`
+    );
+  }
+  offset++;
+
+  const sLength = bytes[offset];
+  offset++;
+
+  let sBytes = bytes.slice(offset, offset + sLength);
+
+  // Remove leading zero bytes (DER uses them for positive integers with high bit set)
+  if (rBytes[0] === 0x00 && rBytes.length > 32) {
+    rBytes = rBytes.slice(1);
+  }
+  if (sBytes[0] === 0x00 && sBytes.length > 32) {
+    sBytes = sBytes.slice(1);
+  }
+
+  // Pad to 32 bytes if needed
+  const r = padHex(bytesToHex(rBytes), 32);
+  const s = padHex(bytesToHex(sBytes), 32);
+
+  return { r, s };
+}
+
+/**
+ * Normalizes the S value of an ECDSA signature to low-S form.
+ * This is required by some smart contract implementations to prevent
+ * signature malleability.
+ *
+ * For P-256, the curve order n is:
+ * 0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551
+ *
+ * If s > n/2, we replace s with n - s.
+ *
+ * @param s - The S component of the signature
+ * @returns The normalized S value in low-S form
+ */
+export function normalizeSignatureS(s: Hex): Hex {
+  const sClean = s.startsWith("0x") ? s.slice(2) : s;
+  const sValue = BigInt(`0x${sClean}`);
+
+  // P-256 curve order
+  const n = BigInt(
+    "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"
+  );
+  const halfN = n / 2n;
+
+  if (sValue > halfN) {
+    const normalizedS = n - sValue;
+    return padHex(`0x${normalizedS.toString(16)}` as Hex, 32);
+  }
+
+  return padHex(s, 32);
+}
+
+/**
+ * Finds the position of a substring in a JSON string.
+ * Used to locate the challenge and type fields in clientDataJSON.
+ *
+ * @param json - The JSON string to search
+ * @param key - The key to find (e.g., "challenge", "type")
+ * @returns The byte offset of the key's value
+ */
+export function findJsonFieldPosition(json: string, key: string): number {
+  // Find the key with quotes: "key":"
+  const searchPattern = `"${key}":"`;
+  const position = json.indexOf(searchPattern);
+
+  if (position === -1) {
+    throw new SignatureError(`Field "${key}" not found in clientDataJSON`);
+  }
+
+  // Return position after the opening quote of the value
+  return position + searchPattern.length;
+}
+
+/**
+ * Parses a WebAuthn assertion response into its components.
+ *
+ * @param assertion - The WebAuthn assertion response
+ * @returns Parsed signature components
+ */
+export function parseWebAuthnAssertion(assertion: {
+  authenticatorData: string;
+  clientDataJSON: string;
+  signature: string;
+}): WebAuthnSignature {
+  // Parse authenticator data
+  const authenticatorData = base64UrlToHex(assertion.authenticatorData);
+
+  // Decode clientDataJSON
+  const clientDataJSONBytes = base64UrlToBytes(assertion.clientDataJSON);
+  const decoder = new TextDecoder();
+  const clientDataJSON = decoder.decode(clientDataJSONBytes);
+
+  // Parse the DER signature
+  const { r, s: rawS } = parseDERSignature(assertion.signature);
+
+  // Normalize S to low-S form
+  const s = normalizeSignatureS(rawS);
+
+  // Find positions for challenge and type in clientDataJSON
+  const challengeLocation = findJsonFieldPosition(clientDataJSON, "challenge");
+  const responseTypeLocation = findJsonFieldPosition(clientDataJSON, "type");
+
+  return {
+    authenticatorData,
+    clientDataJSON,
+    r,
+    s,
+    challengeLocation,
+    responseTypeLocation,
+  };
+}
+
+/**
+ * Encodes a WebAuthn signature for smart contract verification.
+ * Different smart contract implementations expect different formats.
+ *
+ * @param signature - The parsed WebAuthn signature
+ * @param format - The encoding format to use
+ * @returns The encoded signature as hex
+ */
+export function encodeWebAuthnSignature(
+  signature: WebAuthnSignature,
+  format: SignatureEncodingFormat = "kernel"
+): Hex {
+  switch (format) {
+    case "kernel":
+      return encodeKernelSignature(signature);
+    case "rhinestone":
+      return encodeRhinestoneSignature(signature);
+    case "raw":
+      return encodeRawSignature(signature);
+    default:
+      throw new SignatureError(`Unknown signature format: ${format}`);
+  }
+}
+
+/**
+ * Encodes signature for Kernel/ZeroDev smart accounts.
+ *
+ * Format: abi.encode(
+ *   bytes authenticatorData,
+ *   string clientDataJSON,
+ *   uint256 responseTypeLocation,
+ *   uint256 r,
+ *   uint256 s,
+ *   bool usePrecompile
+ * )
+ */
+function encodeKernelSignature(signature: WebAuthnSignature): Hex {
+  // Find the challengeIndex (position of challenge value in clientDataJSON)
+  const challengeIndex = signature.challengeLocation;
+
+  // Find responseTypeLocation (position after "type":" in the JSON)
+  const responseTypeIndex = signature.responseTypeLocation;
+
+  return encodeAbiParameters(
+    [
+      { type: "bytes" },      // authenticatorData
+      { type: "string" },     // clientDataJSON
+      { type: "uint256" },    // challengeIndex
+      { type: "uint256" },    // responseTypeIndex
+      { type: "uint256" },    // r
+      { type: "uint256" },    // s
+    ],
+    [
+      signature.authenticatorData,
+      signature.clientDataJSON,
+      BigInt(challengeIndex),
+      BigInt(responseTypeIndex),
+      BigInt(signature.r),
+      BigInt(signature.s),
+    ]
+  );
+}
+
+/**
+ * Encodes signature for Rhinestone smart accounts.
+ *
+ * Format: abi.encode(
+ *   bytes authenticatorData,
+ *   bytes clientDataJSON,
+ *   uint256[2] signature (r, s)
+ * )
+ */
+function encodeRhinestoneSignature(signature: WebAuthnSignature): Hex {
+  const encoder = new TextEncoder();
+  const clientDataBytes = encoder.encode(signature.clientDataJSON);
+
+  return encodeAbiParameters(
+    [
+      { type: "bytes" },      // authenticatorData
+      { type: "bytes" },      // clientDataJSON as bytes
+      { type: "uint256[2]" }, // [r, s]
+    ],
+    [
+      signature.authenticatorData,
+      bytesToHex(clientDataBytes),
+      [BigInt(signature.r), BigInt(signature.s)],
+    ]
+  );
+}
+
+/**
+ * Encodes signature in raw format (just r || s).
+ * Useful for custom implementations or debugging.
+ */
+function encodeRawSignature(signature: WebAuthnSignature): Hex {
+  // Simple concatenation of r and s (64 bytes total)
+  const rClean = signature.r.startsWith("0x")
+    ? signature.r.slice(2)
+    : signature.r;
+  const sClean = signature.s.startsWith("0x")
+    ? signature.s.slice(2)
+    : signature.s;
+
+  return `0x${rClean}${sClean}` as Hex;
+}
+
+/**
+ * Creates a WebAuthn challenge from a message hash.
+ * The challenge is typically the Base64URL encoding of the hash.
+ *
+ * @param messageHash - The message hash (usually a UserOpHash)
+ * @returns The challenge as Base64URL string
+ */
+export function createChallenge(messageHash: Hex): string {
+  return hexToBase64Url(messageHash);
+}
+
+/**
+ * Hashes a message according to EIP-191 (personal_sign).
+ * This is used when signing arbitrary messages.
+ *
+ * @param message - The message to hash
+ * @returns The EIP-191 hash
+ */
+export function hashMessage(message: string | Uint8Array): Hex {
+  const messageBytes =
+    typeof message === "string" ? new TextEncoder().encode(message) : message;
+
+  // EIP-191: "\x19Ethereum Signed Message:\n" + len(message) + message
+  const prefix = `\x19Ethereum Signed Message:\n${messageBytes.length}`;
+  const prefixBytes = new TextEncoder().encode(prefix);
+
+  const combined = new Uint8Array(prefixBytes.length + messageBytes.length);
+  combined.set(prefixBytes, 0);
+  combined.set(messageBytes, prefixBytes.length);
+
+  return keccak256(combined);
+}
+
+/**
+ * Creates an assertion options object for react-native-passkey.
+ *
+ * @param challenge - The challenge as Base64URL string
+ * @param rpId - The Relying Party ID
+ * @param credentialId - The credential ID to use (Base64URL)
+ * @param userVerification - User verification requirement
+ * @param timeout - Timeout in milliseconds
+ * @returns Options object for Passkey.get()
+ */
+export function createAssertionOptions(
+  challenge: string,
+  rpId: string,
+  credentialId: string,
+  userVerification: "required" | "preferred" | "discouraged" = "required",
+  timeout = 60000
+): {
+  rpId: string;
+  challenge: string;
+  allowCredentials: Array<{ id: string; type: "public-key" }>;
+  userVerification: "required" | "preferred" | "discouraged";
+  timeout: number;
+} {
+  return {
+    rpId,
+    challenge,
+    allowCredentials: [
+      {
+        id: credentialId,
+        type: "public-key",
+      },
+    ],
+    userVerification,
+    timeout,
+  };
+}