@metamask-previews/passkey-controller 0.0.0-preview-4c0846313

package/dist/webauthn/verify-signature.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-signature.mjs","sourceRoot":"","sources":["../../src/webauthn/verify-signature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,wBAAwB;AAC9C,OAAO,EAAE,OAAO,EAAE,8BAA8B;AAChD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,2BAA2B;AACtD,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,2BAA2B;AAE5D,OAAO,EAAE,gBAAgB,EAAE,8BAA0B;AACrD,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,wBAAoB;AAIlE;;;;;GAKG;AACH,SAAS,UAAU,CAAC,aAA4B;IAC9C,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;GAUG;AACH,SAAS,SAAS,CAChB,aAA4B,EAC5B,SAAqB,EACrB,IAAgB;IAEhB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAW,CAAC;IACtD,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAe,CAAC;IAC3D,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAe,CAAC;IAE3D,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAC9D,CAAC;IAED,MAAM,YAAY,GAAG,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAE3E,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC,IAAI;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;QAC5D,KAAK,OAAO,CAAC,IAAI;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;QAC5D,KAAK,OAAO,CAAC,IAAI;YACf,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,YAAY,CAAC,CAAC;QAC5D;YACE,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC;IACrD,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAS,SAAS,CAChB,aAA4B,EAC5B,SAAqB,EACrB,IAAgB;IAEhB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAe,CAAC;IAE3D,IAAI,GAAG,KAAK,OAAO,CAAC,KAAK,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,6BAA6B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC9D,CAAC;IAED,IAAI,GAAG,KAAK,OAAO,CAAC,OAAO,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,0BAA0B,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,OAAO,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AACjD,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,SAAS,CACtB,aAA4B,EAC5B,SAAqB,EACrB,IAAgB;IAEhB,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAe,CAAC;IAC5D,MAAM,QAAQ,GAAG,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAe,CAAC;IAE7D,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,CAAC;IAED,IAAI,CAAC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,gBAAiD,CAAC;IACtD,IAAI,OAAe,CAAC;IACpB,IAAI,UAA8B,CAAC;IACnC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC,GAAG;YACd,gBAAgB,GAAG,mBAAmB,CAAC;YACvC,OAAO,GAAG,OAAO,CAAC;YAClB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,mBAAmB,CAAC;YACvC,OAAO,GAAG,SAAS,CAAC;YACpB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,mBAAmB,CAAC;YACvC,OAAO,GAAG,SAAS,CAAC;YACpB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,mBAAmB,CAAC;YACvC,OAAO,GAAG,SAAS,CAAC;YACpB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,SAAS,CAAC;YAC7B,OAAO,GAAG,SAAS,CAAC;YACpB,UAAU,GAAG,EAAE,CAAC;YAChB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,SAAS,CAAC;YAC7B,OAAO,GAAG,SAAS,CAAC;YACpB,UAAU,GAAG,EAAE,CAAC;YAChB,MAAM;QACR,KAAK,OAAO,CAAC,KAAK;YAChB,gBAAgB,GAAG,SAAS,CAAC;YAC7B,OAAO,GAAG,SAAS,CAAC;YACpB,UAAU,GAAG,EAAE,CAAC;YAChB,MAAM;QACR;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAClD,KAAK,EACL;QACE,GAAG,EAAE,KAAK;QACV,CAAC,EAAE,gBAAgB,CAAC,OAAO,CAAC;QAC5B,CAAC,EAAE,gBAAgB,CAAC,QAAQ,CAAC;KAC9B,EACD,EAAE,IAAI,EAAE,gBAAgB,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EACnD,KAAK,EACL,CAAC,QAAQ,CAAC,CACX,CAAC;IAEF,MAAM,eAAe,GACnB,gBAAgB,KAAK,SAAS;QAC5B,CAAC,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,UAAU,EAAE,UAAoB,EAAE;QACvD,CAAC,CAAC,mBAAmB,CAAC;IAE1B,MAAM,cAAc,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAClD,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACxC,OAAO,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CACpC,eAAe,EACf,GAAG,EACH,cAAc,EACd,SAAS,CACV,CAAC;AACJ,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,IAIrC;IACC,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC;IAChD,MAAM,GAAG,GAAG,UAAU,CAAC,aAAa,CAAC,CAAC;IAEtC,QAAQ,GAAG,EAAE,CAAC;QACZ,KAAK,OAAO,CAAC,GAAG;YACd,OAAO,SAAS,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QACnD,KAAK,OAAO,CAAC,GAAG;YACd,OAAO,SAAS,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QACnD,KAAK,OAAO,CAAC,GAAG;YACd,OAAO,SAAS,CAAC,aAAa,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QACnD;YACE,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,EAAE,CAAC,CAAC;IACzD,CAAC;AACH,CAAC","sourcesContent":["import { concatBytes } from '@metamask/utils';\nimport { ed25519 } from '@noble/curves/ed25519';\nimport { p256, p384, p521 } from '@noble/curves/nist';\nimport { sha256, sha384, sha512 } from '@noble/hashes/sha2';\n\nimport { bytesToBase64URL } from '../utils/encoding';\nimport { COSEALG, COSECRV, COSEKEYS, COSEKTY } from './constants';\n\ntype COSEPublicKey = Map<number, number | Uint8Array>;\n\n/**\n * Get the key type from a COSE public key map.\n *\n * @param cosePublicKey - COSE public key map.\n * @returns The COSEKTY value.\n */\nfunction getKeyType(cosePublicKey: COSEPublicKey): number {\n  const kty = cosePublicKey.get(COSEKEYS.Kty);\n  if (typeof kty !== 'number') {\n    throw new Error('COSE public key missing kty');\n  }\n  return kty;\n}\n\n/**\n * Verify an EC2 (P-256, P-384, P-521) signature using @noble/curves.\n *\n * ECDSA requires the data to be hashed with the curve-appropriate\n * algorithm before verification: SHA-256 for P-256 and SHA-384 for P-384.\n *\n * @param cosePublicKey - COSE-encoded EC2 public key.\n * @param signature - DER-encoded ECDSA signature.\n * @param data - Data that was signed.\n * @returns Whether the signature is valid.\n */\nfunction verifyEC2(\n  cosePublicKey: COSEPublicKey,\n  signature: Uint8Array,\n  data: Uint8Array,\n): boolean {\n  const alg = cosePublicKey.get(COSEKEYS.Alg);\n  const crv = cosePublicKey.get(COSEKEYS.Crv) as number;\n  const xCoord = cosePublicKey.get(COSEKEYS.X) as Uint8Array;\n  const yCoord = cosePublicKey.get(COSEKEYS.Y) as Uint8Array;\n\n  if (typeof alg !== 'number') {\n    throw new Error('EC2 public key missing alg');\n  }\n\n  if (!xCoord || !yCoord) {\n    throw new Error('EC2 public key missing x or y coordinate');\n  }\n\n  const uncompressed = concatBytes([new Uint8Array([0x04]), xCoord, yCoord]);\n\n  switch (crv) {\n    case COSECRV.P256:\n      return p256.verify(signature, sha256(data), uncompressed);\n    case COSECRV.P384:\n      return p384.verify(signature, sha384(data), uncompressed);\n    case COSECRV.P521:\n      return p521.verify(signature, sha512(data), uncompressed);\n    default:\n      throw new Error(`Unsupported EC2 curve: ${crv}`);\n  }\n}\n\n/**\n * Verify an OKP (Ed25519) signature using @noble/curves.\n *\n * @param cosePublicKey - COSE-encoded OKP public key.\n * @param signature - Raw Ed25519 signature (64 bytes).\n * @param data - Data that was signed.\n * @returns Whether the signature is valid.\n */\nfunction verifyOKP(\n  cosePublicKey: COSEPublicKey,\n  signature: Uint8Array,\n  data: Uint8Array,\n): boolean {\n  const alg = cosePublicKey.get(COSEKEYS.Alg);\n  const crv = cosePublicKey.get(COSEKEYS.Crv);\n  const xCoord = cosePublicKey.get(COSEKEYS.X) as Uint8Array;\n\n  if (alg !== COSEALG.EdDSA) {\n    throw new Error(`Unexpected OKP algorithm: ${String(alg)}`);\n  }\n\n  if (crv !== COSECRV.ED25519) {\n    throw new Error(`Unsupported OKP curve: ${String(crv)}`);\n  }\n\n  if (!xCoord) {\n    throw new Error('OKP public key missing x coordinate');\n  }\n\n  return ed25519.verify(signature, data, xCoord);\n}\n\n/**\n * Verify an RSA signature using Web Crypto API.\n *\n * @param cosePublicKey - COSE-encoded RSA public key.\n * @param signature - RSA PKCS#1 v1.5 signature.\n * @param data - Data that was signed.\n * @returns Whether the signature is valid.\n */\nasync function verifyRSA(\n  cosePublicKey: COSEPublicKey,\n  signature: Uint8Array,\n  data: Uint8Array,\n): Promise<boolean> {\n  const alg = cosePublicKey.get(COSEKEYS.Alg);\n  const modulus = cosePublicKey.get(COSEKEYS.N) as Uint8Array;\n  const exponent = cosePublicKey.get(COSEKEYS.E) as Uint8Array;\n\n  if (typeof alg !== 'number') {\n    throw new Error('RSA public key missing alg');\n  }\n\n  if (!modulus || !exponent) {\n    throw new Error('RSA public key missing n or e');\n  }\n\n  let keyAlgorithmName: 'RSASSA-PKCS1-v1_5' | 'RSA-PSS';\n  let hashAlg: string;\n  let saltLength: number | undefined;\n  switch (alg) {\n    case COSEALG.RS1:\n      keyAlgorithmName = 'RSASSA-PKCS1-v1_5';\n      hashAlg = 'SHA-1';\n      break;\n    case COSEALG.RS256:\n      keyAlgorithmName = 'RSASSA-PKCS1-v1_5';\n      hashAlg = 'SHA-256';\n      break;\n    case COSEALG.RS384:\n      keyAlgorithmName = 'RSASSA-PKCS1-v1_5';\n      hashAlg = 'SHA-384';\n      break;\n    case COSEALG.RS512:\n      keyAlgorithmName = 'RSASSA-PKCS1-v1_5';\n      hashAlg = 'SHA-512';\n      break;\n    case COSEALG.PS256:\n      keyAlgorithmName = 'RSA-PSS';\n      hashAlg = 'SHA-256';\n      saltLength = 32;\n      break;\n    case COSEALG.PS384:\n      keyAlgorithmName = 'RSA-PSS';\n      hashAlg = 'SHA-384';\n      saltLength = 48;\n      break;\n    case COSEALG.PS512:\n      keyAlgorithmName = 'RSA-PSS';\n      hashAlg = 'SHA-512';\n      saltLength = 64;\n      break;\n    default:\n      throw new Error(`Unsupported RSA algorithm: ${alg}`);\n  }\n\n  const key = await globalThis.crypto.subtle.importKey(\n    'jwk',\n    {\n      kty: 'RSA',\n      n: bytesToBase64URL(modulus),\n      e: bytesToBase64URL(exponent),\n    },\n    { name: keyAlgorithmName, hash: { name: hashAlg } },\n    false,\n    ['verify'],\n  );\n\n  const verifyAlgorithm =\n    keyAlgorithmName === 'RSA-PSS'\n      ? { name: 'RSA-PSS', saltLength: saltLength as number }\n      : 'RSASSA-PKCS1-v1_5';\n\n  const signatureBytes = Uint8Array.from(signature);\n  const dataBytes = Uint8Array.from(data);\n  return globalThis.crypto.subtle.verify(\n    verifyAlgorithm,\n    key,\n    signatureBytes,\n    dataBytes,\n  );\n}\n\n/**\n * Verify a WebAuthn signature using the appropriate algorithm based on\n * the COSE key type.\n *\n * Uses @noble/curves for EC2 and OKP (synchronous, audited, handles DER\n * natively). Falls back to Web Crypto API for RSA.\n *\n * @param opts - Options object.\n * @param opts.cosePublicKey - COSE-encoded public key as a Map.\n * @param opts.signature - The signature bytes.\n * @param opts.data - The data that was signed.\n * @returns Whether the signature is valid.\n */\nexport async function verifySignature(opts: {\n  cosePublicKey: COSEPublicKey;\n  signature: Uint8Array;\n  data: Uint8Array;\n}): Promise<boolean> {\n  const { cosePublicKey, signature, data } = opts;\n  const kty = getKeyType(cosePublicKey);\n\n  switch (kty) {\n    case COSEKTY.EC2:\n      return verifyEC2(cosePublicKey, signature, data);\n    case COSEKTY.OKP:\n      return verifyOKP(cosePublicKey, signature, data);\n    case COSEKTY.RSA:\n      return verifyRSA(cosePublicKey, signature, data);\n    default:\n      throw new Error(`Unsupported COSE key type: ${kty}`);\n  }\n}\n"]}

package/package.json

@@ -0,0 +1,78 @@
+{
+  "name": "@metamask-previews/passkey-controller",
+  "version": "0.0.0-preview-4c0846313",
+  "description": "Controller and utilities for passkey-based wallet unlock",
+  "keywords": [
+    "Ethereum",
+    "MetaMask"
+  ],
+  "homepage": "https://github.com/MetaMask/core/tree/main/packages/passkey-controller#readme",
+  "bugs": {
+    "url": "https://github.com/MetaMask/core/issues"
+  },
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/MetaMask/core.git"
+  },
+  "files": [
+    "dist/"
+  ],
+  "sideEffects": false,
+  "main": "./dist/index.cjs",
+  "types": "./dist/index.d.cts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
+      }
+    },
+    "./package.json": "./package.json"
+  },
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "scripts": {
+    "build": "ts-bridge --project tsconfig.build.json --verbose --clean --no-references",
+    "build:all": "ts-bridge --project tsconfig.build.json --verbose --clean",
+    "build:docs": "typedoc",
+    "changelog:update": "../../scripts/update-changelog.sh @metamask/passkey-controller",
+    "changelog:validate": "../../scripts/validate-changelog.sh @metamask/passkey-controller",
+    "publish:preview": "yarn npm publish --tag preview",
+    "since-latest-release": "../../scripts/since-latest-release.sh",
+    "test": "NODE_OPTIONS=--experimental-vm-modules jest --reporters=jest-silent-reporter",
+    "test:clean": "NODE_OPTIONS=--experimental-vm-modules jest --clearCache",
+    "test:verbose": "NODE_OPTIONS=--experimental-vm-modules jest --verbose",
+    "test:watch": "NODE_OPTIONS=--experimental-vm-modules jest --watch"
+  },
+  "dependencies": {
+    "@levischuck/tiny-cbor": "^0.3.3",
+    "@metamask/base-controller": "^9.1.0",
+    "@metamask/messenger": "^1.1.1",
+    "@metamask/utils": "^11.9.0",
+    "@noble/ciphers": "^1.3.0",
+    "@noble/curves": "^1.9.2",
+    "@noble/hashes": "^1.8.0"
+  },
+  "devDependencies": {
+    "@metamask/auto-changelog": "^6.1.0",
+    "@ts-bridge/cli": "^0.6.4",
+    "@types/jest": "^29.5.14",
+    "deepmerge": "^4.2.2",
+    "jest": "^29.7.0",
+    "jest-environment-node": "^29.7.0",
+    "ts-jest": "^29.2.5",
+    "typedoc": "^0.25.13",
+    "typedoc-plugin-missing-exports": "^2.0.0",
+    "typescript": "~5.3.3"
+  },
+  "engines": {
+    "node": "^18.18 || >=20"
+  }
+}