@metamask-previews/passkey-controller 0.0.0-preview-4c0846313

package/dist/errors.mjs

@@ -0,0 +1,53 @@
+/**
+ * Error class for PasskeyController-related errors.
+ */
+export class PasskeyControllerError extends Error {
+    /**
+     * @param message - The error message.
+     * @param options - Error options or an `Error` instance used as `cause` (Keyring-style overload).
+     */
+    constructor(message, options) {
+        super(message);
+        this.name = 'PasskeyControllerError';
+        const cause = options instanceof Error ? options : options?.cause;
+        const code = options instanceof Error ? undefined : options?.code;
+        const context = options instanceof Error ? undefined : options?.context;
+        if (cause) {
+            this.cause = cause;
+        }
+        if (code) {
+            this.code = code;
+        }
+        if (context) {
+            this.context = context;
+        }
+        Object.setPrototypeOf(this, PasskeyControllerError.prototype);
+    }
+    toJSON() {
+        return {
+            name: this.name,
+            message: this.message,
+            code: this.code,
+            context: this.context,
+            stack: this.stack,
+            cause: this.cause
+                ? {
+                    name: this.cause.name,
+                    message: this.cause.message,
+                    stack: this.cause.stack,
+                }
+                : undefined,
+        };
+    }
+    toString() {
+        let result = `${this.name}: ${this.message}`;
+        if (this.code) {
+            result += ` [${this.code}]`;
+        }
+        if (this.cause) {
+            result += `\n  Caused by: ${this.cause}`;
+        }
+        return result;
+    }
+}
+//# sourceMappingURL=errors.mjs.map

package/dist/errors.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"errors.mjs","sourceRoot":"","sources":["../src/errors.ts"],"names":[],"mappings":"AAoBA;;GAEG;AACH,MAAM,OAAO,sBAAuB,SAAQ,KAAK;IAO/C;;;OAGG;IACH,YACE,OAAe,EACf,OAA+C;QAE/C,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,wBAAwB,CAAC;QAErC,MAAM,KAAK,GAAG,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC;QAClE,MAAM,IAAI,GAAG,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,IAAI,CAAC;QAClE,MAAM,OAAO,GAAG,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC;QAExE,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACrB,CAAC;QACD,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACnB,CAAC;QACD,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACzB,CAAC;QAED,MAAM,CAAC,cAAc,CAAC,IAAI,EAAE,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAChE,CAAC;IAED,MAAM;QACJ,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACf,CAAC,CAAC;oBACE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI;oBACrB,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,OAAO;oBAC3B,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK;iBACxB;gBACH,CAAC,CAAC,SAAS;SACd,CAAC;IACJ,CAAC;IAEQ,QAAQ;QACf,IAAI,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;QAC7C,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,IAAI,CAAC,IAAI,GAAG,CAAC;QAC9B,CAAC;QACD,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,kBAAkB,IAAI,CAAC,KAAK,EAAE,CAAC;QAC3C,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;CACF","sourcesContent":["import type { PasskeyControllerErrorCode as PasskeyControllerErrorCodeType } from './constants';\n\n/**\n * Options for creating a {@link PasskeyControllerError}.\n */\nexport type PasskeyControllerErrorOptions = {\n  /**\n   * The underlying error that caused this error (for error chaining).\n   */\n  cause?: Error;\n  /**\n   * Stable code for programmatic handling (see {@link PasskeyControllerErrorCode}).\n   */\n  code?: PasskeyControllerErrorCodeType;\n  /**\n   * Additional context for debugging or reporting.\n   */\n  context?: Record<string, unknown>;\n};\n\n/**\n * Error class for PasskeyController-related errors.\n */\nexport class PasskeyControllerError extends Error {\n  code?: PasskeyControllerErrorCodeType;\n\n  context?: Record<string, unknown>;\n\n  cause?: Error;\n\n  /**\n   * @param message - The error message.\n   * @param options - Error options or an `Error` instance used as `cause` (Keyring-style overload).\n   */\n  constructor(\n    message: string,\n    options?: PasskeyControllerErrorOptions | Error,\n  ) {\n    super(message);\n    this.name = 'PasskeyControllerError';\n\n    const cause = options instanceof Error ? options : options?.cause;\n    const code = options instanceof Error ? undefined : options?.code;\n    const context = options instanceof Error ? undefined : options?.context;\n\n    if (cause) {\n      this.cause = cause;\n    }\n    if (code) {\n      this.code = code;\n    }\n    if (context) {\n      this.context = context;\n    }\n\n    Object.setPrototypeOf(this, PasskeyControllerError.prototype);\n  }\n\n  toJSON(): Record<string, unknown> {\n    return {\n      name: this.name,\n      message: this.message,\n      code: this.code,\n      context: this.context,\n      stack: this.stack,\n      cause: this.cause\n        ? {\n            name: this.cause.name,\n            message: this.cause.message,\n            stack: this.cause.stack,\n          }\n        : undefined,\n    };\n  }\n\n  override toString(): string {\n    let result = `${this.name}: ${this.message}`;\n    if (this.code) {\n      result += ` [${this.code}]`;\n    }\n    if (this.cause) {\n      result += `\\n  Caused by: ${this.cause}`;\n    }\n    return result;\n  }\n}\n"]}

package/dist/index.cjs

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MAX_CONCURRENT_PASSKEY_CEREMONIES = exports.CEREMONY_MAX_AGE_MS = exports.CEREMONY_TTL_SLACK_MS = exports.WEBAUTHN_TIMEOUT_MS = exports.passkeyControllerSelectors = exports.getDefaultPasskeyControllerState = exports.PasskeyController = exports.PasskeyControllerError = exports.PasskeyControllerErrorMessage = exports.PasskeyControllerErrorCode = exports.controllerName = void 0;
+var constants_1 = require("./constants.cjs");
+Object.defineProperty(exports, "controllerName", { enumerable: true, get: function () { return constants_1.controllerName; } });
+Object.defineProperty(exports, "PasskeyControllerErrorCode", { enumerable: true, get: function () { return constants_1.PasskeyControllerErrorCode; } });
+Object.defineProperty(exports, "PasskeyControllerErrorMessage", { enumerable: true, get: function () { return constants_1.PasskeyControllerErrorMessage; } });
+var errors_1 = require("./errors.cjs");
+Object.defineProperty(exports, "PasskeyControllerError", { enumerable: true, get: function () { return errors_1.PasskeyControllerError; } });
+var PasskeyController_1 = require("./PasskeyController.cjs");
+Object.defineProperty(exports, "PasskeyController", { enumerable: true, get: function () { return PasskeyController_1.PasskeyController; } });
+Object.defineProperty(exports, "getDefaultPasskeyControllerState", { enumerable: true, get: function () { return PasskeyController_1.getDefaultPasskeyControllerState; } });
+Object.defineProperty(exports, "passkeyControllerSelectors", { enumerable: true, get: function () { return PasskeyController_1.passkeyControllerSelectors; } });
+var ceremony_manager_1 = require("./ceremony-manager.cjs");
+Object.defineProperty(exports, "WEBAUTHN_TIMEOUT_MS", { enumerable: true, get: function () { return ceremony_manager_1.WEBAUTHN_TIMEOUT_MS; } });
+Object.defineProperty(exports, "CEREMONY_TTL_SLACK_MS", { enumerable: true, get: function () { return ceremony_manager_1.CEREMONY_TTL_SLACK_MS; } });
+Object.defineProperty(exports, "CEREMONY_MAX_AGE_MS", { enumerable: true, get: function () { return ceremony_manager_1.CEREMONY_MAX_AGE_MS; } });
+Object.defineProperty(exports, "MAX_CONCURRENT_PASSKEY_CEREMONIES", { enumerable: true, get: function () { return ceremony_manager_1.MAX_CONCURRENT_PASSKEY_CEREMONIES; } });
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6CAIqB;AAHnB,2GAAA,cAAc,OAAA;AACd,uHAAA,0BAA0B,OAAA;AAC1B,0HAAA,6BAA6B,OAAA;AAE/B,uCAAkD;AAAzC,gHAAA,sBAAsB,OAAA;AAE/B,6DAI6B;AAH3B,sHAAA,iBAAiB,OAAA;AACjB,qIAAA,gCAAgC,OAAA;AAChC,+HAAA,0BAA0B,OAAA;AAE5B,2DAK4B;AAJ1B,uHAAA,mBAAmB,OAAA;AACnB,yHAAA,qBAAqB,OAAA;AACrB,uHAAA,mBAAmB,OAAA;AACnB,qIAAA,iCAAiC,OAAA","sourcesContent":["export {\n  controllerName,\n  PasskeyControllerErrorCode,\n  PasskeyControllerErrorMessage,\n} from './constants';\nexport { PasskeyControllerError } from './errors';\nexport type { PasskeyControllerErrorOptions } from './errors';\nexport {\n  PasskeyController,\n  getDefaultPasskeyControllerState,\n  passkeyControllerSelectors,\n} from './PasskeyController';\nexport {\n  WEBAUTHN_TIMEOUT_MS,\n  CEREMONY_TTL_SLACK_MS,\n  CEREMONY_MAX_AGE_MS,\n  MAX_CONCURRENT_PASSKEY_CEREMONIES,\n} from './ceremony-manager';\nexport type {\n  PasskeyControllerState,\n  PasskeyControllerMessenger,\n  PasskeyControllerGetStateAction,\n  PasskeyControllerActions,\n  PasskeyControllerStateChangedEvent,\n  PasskeyControllerEvents,\n} from './PasskeyController';\nexport type {\n  EncryptedVaultKey,\n  PasskeyCredentialInfo,\n  PasskeyDerivationMethod,\n  PasskeyKeyDerivation,\n  PasskeyRecord,\n  PrfEvalExtension,\n  PrfClientExtensionResults,\n} from './types';\nexport type {\n  PasskeyRegistrationOptions,\n  PasskeyRegistrationResponse,\n  PasskeyAuthenticationOptions,\n  PasskeyAuthenticationResponse,\n  PublicKeyCredentialHint,\n} from './webauthn/types';\n"]}

package/dist/index.d.cts

@@ -0,0 +1,9 @@
+export { controllerName, PasskeyControllerErrorCode, PasskeyControllerErrorMessage, } from "./constants.cjs";
+export { PasskeyControllerError } from "./errors.cjs";
+export type { PasskeyControllerErrorOptions } from "./errors.cjs";
+export { PasskeyController, getDefaultPasskeyControllerState, passkeyControllerSelectors, } from "./PasskeyController.cjs";
+export { WEBAUTHN_TIMEOUT_MS, CEREMONY_TTL_SLACK_MS, CEREMONY_MAX_AGE_MS, MAX_CONCURRENT_PASSKEY_CEREMONIES, } from "./ceremony-manager.cjs";
+export type { PasskeyControllerState, PasskeyControllerMessenger, PasskeyControllerGetStateAction, PasskeyControllerActions, PasskeyControllerStateChangedEvent, PasskeyControllerEvents, } from "./PasskeyController.cjs";
+export type { EncryptedVaultKey, PasskeyCredentialInfo, PasskeyDerivationMethod, PasskeyKeyDerivation, PasskeyRecord, PrfEvalExtension, PrfClientExtensionResults, } from "./types.cjs";
+export type { PasskeyRegistrationOptions, PasskeyRegistrationResponse, PasskeyAuthenticationOptions, PasskeyAuthenticationResponse, PublicKeyCredentialHint, } from "./webauthn/types.cjs";
+//# sourceMappingURL=index.d.cts.map

package/dist/index.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.cts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,6BAA6B,GAC9B,wBAAoB;AACrB,OAAO,EAAE,sBAAsB,EAAE,qBAAiB;AAClD,YAAY,EAAE,6BAA6B,EAAE,qBAAiB;AAC9D,OAAO,EACL,iBAAiB,EACjB,gCAAgC,EAChC,0BAA0B,GAC3B,gCAA4B;AAC7B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,iCAAiC,GAClC,+BAA2B;AAC5B,YAAY,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,+BAA+B,EAC/B,wBAAwB,EACxB,kCAAkC,EAClC,uBAAuB,GACxB,gCAA4B;AAC7B,YAAY,EACV,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,yBAAyB,GAC1B,oBAAgB;AACjB,YAAY,EACV,0BAA0B,EAC1B,2BAA2B,EAC3B,4BAA4B,EAC5B,6BAA6B,EAC7B,uBAAuB,GACxB,6BAAyB"}

package/dist/index.d.mts

@@ -0,0 +1,9 @@
+export { controllerName, PasskeyControllerErrorCode, PasskeyControllerErrorMessage, } from "./constants.mjs";
+export { PasskeyControllerError } from "./errors.mjs";
+export type { PasskeyControllerErrorOptions } from "./errors.mjs";
+export { PasskeyController, getDefaultPasskeyControllerState, passkeyControllerSelectors, } from "./PasskeyController.mjs";
+export { WEBAUTHN_TIMEOUT_MS, CEREMONY_TTL_SLACK_MS, CEREMONY_MAX_AGE_MS, MAX_CONCURRENT_PASSKEY_CEREMONIES, } from "./ceremony-manager.mjs";
+export type { PasskeyControllerState, PasskeyControllerMessenger, PasskeyControllerGetStateAction, PasskeyControllerActions, PasskeyControllerStateChangedEvent, PasskeyControllerEvents, } from "./PasskeyController.mjs";
+export type { EncryptedVaultKey, PasskeyCredentialInfo, PasskeyDerivationMethod, PasskeyKeyDerivation, PasskeyRecord, PrfEvalExtension, PrfClientExtensionResults, } from "./types.mjs";
+export type { PasskeyRegistrationOptions, PasskeyRegistrationResponse, PasskeyAuthenticationOptions, PasskeyAuthenticationResponse, PublicKeyCredentialHint, } from "./webauthn/types.mjs";
+//# sourceMappingURL=index.d.mts.map

package/dist/index.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.mts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,6BAA6B,GAC9B,wBAAoB;AACrB,OAAO,EAAE,sBAAsB,EAAE,qBAAiB;AAClD,YAAY,EAAE,6BAA6B,EAAE,qBAAiB;AAC9D,OAAO,EACL,iBAAiB,EACjB,gCAAgC,EAChC,0BAA0B,GAC3B,gCAA4B;AAC7B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,iCAAiC,GAClC,+BAA2B;AAC5B,YAAY,EACV,sBAAsB,EACtB,0BAA0B,EAC1B,+BAA+B,EAC/B,wBAAwB,EACxB,kCAAkC,EAClC,uBAAuB,GACxB,gCAA4B;AAC7B,YAAY,EACV,iBAAiB,EACjB,qBAAqB,EACrB,uBAAuB,EACvB,oBAAoB,EACpB,aAAa,EACb,gBAAgB,EAChB,yBAAyB,GAC1B,oBAAgB;AACjB,YAAY,EACV,0BAA0B,EAC1B,2BAA2B,EAC3B,4BAA4B,EAC5B,6BAA6B,EAC7B,uBAAuB,GACxB,6BAAyB"}

package/dist/index.mjs

@@ -0,0 +1,5 @@
+export { controllerName, PasskeyControllerErrorCode, PasskeyControllerErrorMessage } from "./constants.mjs";
+export { PasskeyControllerError } from "./errors.mjs";
+export { PasskeyController, getDefaultPasskeyControllerState, passkeyControllerSelectors } from "./PasskeyController.mjs";
+export { WEBAUTHN_TIMEOUT_MS, CEREMONY_TTL_SLACK_MS, CEREMONY_MAX_AGE_MS, MAX_CONCURRENT_PASSKEY_CEREMONIES } from "./ceremony-manager.mjs";
+//# sourceMappingURL=index.mjs.map

package/dist/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,0BAA0B,EAC1B,6BAA6B,EAC9B,wBAAoB;AACrB,OAAO,EAAE,sBAAsB,EAAE,qBAAiB;AAElD,OAAO,EACL,iBAAiB,EACjB,gCAAgC,EAChC,0BAA0B,EAC3B,gCAA4B;AAC7B,OAAO,EACL,mBAAmB,EACnB,qBAAqB,EACrB,mBAAmB,EACnB,iCAAiC,EAClC,+BAA2B","sourcesContent":["export {\n  controllerName,\n  PasskeyControllerErrorCode,\n  PasskeyControllerErrorMessage,\n} from './constants';\nexport { PasskeyControllerError } from './errors';\nexport type { PasskeyControllerErrorOptions } from './errors';\nexport {\n  PasskeyController,\n  getDefaultPasskeyControllerState,\n  passkeyControllerSelectors,\n} from './PasskeyController';\nexport {\n  WEBAUTHN_TIMEOUT_MS,\n  CEREMONY_TTL_SLACK_MS,\n  CEREMONY_MAX_AGE_MS,\n  MAX_CONCURRENT_PASSKEY_CEREMONIES,\n} from './ceremony-manager';\nexport type {\n  PasskeyControllerState,\n  PasskeyControllerMessenger,\n  PasskeyControllerGetStateAction,\n  PasskeyControllerActions,\n  PasskeyControllerStateChangedEvent,\n  PasskeyControllerEvents,\n} from './PasskeyController';\nexport type {\n  EncryptedVaultKey,\n  PasskeyCredentialInfo,\n  PasskeyDerivationMethod,\n  PasskeyKeyDerivation,\n  PasskeyRecord,\n  PrfEvalExtension,\n  PrfClientExtensionResults,\n} from './types';\nexport type {\n  PasskeyRegistrationOptions,\n  PasskeyRegistrationResponse,\n  PasskeyAuthenticationOptions,\n  PasskeyAuthenticationResponse,\n  PublicKeyCredentialHint,\n} from './webauthn/types';\n"]}

package/dist/key-derivation.cjs

@@ -0,0 +1,76 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveKeyFromAuthenticationResponse = exports.deriveKeyFromRegistrationResponse = void 0;
+const constants_1 = require("./constants.cjs");
+const errors_1 = require("./errors.cjs");
+const crypto_1 = require("./utils/crypto.cjs");
+const encoding_1 = require("./utils/encoding.cjs");
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn registration ceremony
+ * response.
+ *
+ * Uses the PRF output as HKDF input key material when
+ * `clientExtensionResults.prf.results.first` is a non-empty string;
+ * otherwise falls back to the random `userHandle` created during option
+ * generation (including when PRF is enabled but no output is present).
+ *
+ * @param registrationResponse - The registration credential result from
+ *   `navigator.credentials.create()`.
+ * @param registrationCeremony - In-flight registration ceremony state from
+ *   when `generateRegistrationOptions()` was called.
+ * @param verifiedCredentialId - Base64url credential id from verified
+ *   authenticator data (same value as persisted `credential.id` after
+ *   `verifyRegistrationResponse`), not the client wrapper field alone.
+ * @returns The derived 32-byte AES wrapping key and the
+ *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.
+ */
+function deriveKeyFromRegistrationResponse(registrationResponse, registrationCeremony, verifiedCredentialId) {
+    const prfFirst = registrationResponse.clientExtensionResults?.prf?.results?.first;
+    const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;
+    const keyDerivation = hasPrfOutput
+        ? { method: 'prf', prfSalt: registrationCeremony.prfSalt }
+        : { method: 'userHandle' };
+    const ikm = keyDerivation.method === 'prf'
+        ? (0, encoding_1.base64URLToBytes)(prfFirst)
+        : (0, encoding_1.base64URLToBytes)(registrationCeremony.userHandle);
+    const encKey = (0, crypto_1.deriveEncryptionKey)(ikm, (0, encoding_1.base64URLToBytes)(verifiedCredentialId));
+    return { encKey, keyDerivation };
+}
+exports.deriveKeyFromRegistrationResponse = deriveKeyFromRegistrationResponse;
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony
+ * response.
+ *
+ * The derivation method is determined by `record.keyDerivation`:
+ * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.
+ * - `userHandle` -- uses the `userHandle` returned in the assertion.
+ *
+ * @param authenticationResponse - The authentication credential result
+ *   from `navigator.credentials.get()`.
+ * @param record - The persisted passkey record that was created during
+ *   enrollment.
+ * @returns The derived 32-byte AES wrapping key.
+ * @throws {@link PasskeyControllerError} with code `missing_key_material` if the
+ *   required key material (PRF result or userHandle) is missing from the response.
+ */
+function deriveKeyFromAuthenticationResponse(authenticationResponse, record) {
+    const { userHandle } = authenticationResponse.response;
+    const prfFirst = authenticationResponse.clientExtensionResults?.prf?.results?.first;
+    const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;
+    let ikm;
+    if (record.keyDerivation.method === 'prf') {
+        if (!hasPrfOutput) {
+            throw new errors_1.PasskeyControllerError(constants_1.PasskeyControllerErrorMessage.MissingKeyMaterial, { code: constants_1.PasskeyControllerErrorCode.MissingKeyMaterial });
+        }
+        ikm = (0, encoding_1.base64URLToBytes)(prfFirst);
+    }
+    else if (userHandle) {
+        ikm = (0, encoding_1.base64URLToBytes)(userHandle);
+    }
+    else {
+        throw new errors_1.PasskeyControllerError(constants_1.PasskeyControllerErrorMessage.MissingKeyMaterial, { code: constants_1.PasskeyControllerErrorCode.MissingKeyMaterial });
+    }
+    return (0, crypto_1.deriveEncryptionKey)(ikm, (0, encoding_1.base64URLToBytes)(record.credential.id));
+}
+exports.deriveKeyFromAuthenticationResponse = deriveKeyFromAuthenticationResponse;
+//# sourceMappingURL=key-derivation.cjs.map

package/dist/key-derivation.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.cjs","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":";;;AAAA,+CAGqB;AACrB,yCAAkD;AAOlD,+CAAqD;AACrD,mDAAoD;AAMpD;;;;;;;;;;;;;;;;;;GAkBG;AACH,SAAgB,iCAAiC,CAC/C,oBAAiD,EACjD,oBAAiD,EACjD,oBAA4B;IAK5B,MAAM,QAAQ,GACZ,oBAAoB,CAAC,sBACtB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC;IACvB,MAAM,YAAY,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEzE,MAAM,aAAa,GAAyB,YAAY;QACtD,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,oBAAoB,CAAC,OAAO,EAAE;QAC1D,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC7B,MAAM,GAAG,GACP,aAAa,CAAC,MAAM,KAAK,KAAK;QAC5B,CAAC,CAAC,IAAA,2BAAgB,EAAC,QAAkB,CAAC;QACtC,CAAC,CAAC,IAAA,2BAAgB,EAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,IAAA,4BAAmB,EAChC,GAAG,EACH,IAAA,2BAAgB,EAAC,oBAAoB,CAAC,CACvC,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AACnC,CAAC;AA1BD,8EA0BC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAgB,mCAAmC,CACjD,sBAAqD,EACrD,MAAqB;IAErB,MAAM,EAAE,UAAU,EAAE,GAAG,sBAAsB,CAAC,QAAQ,CAAC;IACvD,MAAM,QAAQ,GACZ,sBAAsB,CAAC,sBACxB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC;IACvB,MAAM,YAAY,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEzE,IAAI,GAAe,CAAC;IACpB,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,+BAAsB,CAC9B,yCAA6B,CAAC,kBAAkB,EAChD,EAAE,IAAI,EAAE,sCAA0B,CAAC,kBAAkB,EAAE,CACxD,CAAC;QACJ,CAAC;QACD,GAAG,GAAG,IAAA,2BAAgB,EAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,GAAG,GAAG,IAAA,2BAAgB,EAAC,UAAU,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,+BAAsB,CAC9B,yCAA6B,CAAC,kBAAkB,EAChD,EAAE,IAAI,EAAE,sCAA0B,CAAC,kBAAkB,EAAE,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,IAAA,4BAAmB,EAAC,GAAG,EAAE,IAAA,2BAAgB,EAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1E,CAAC;AA7BD,kFA6BC","sourcesContent":["import {\n  PasskeyControllerErrorCode,\n  PasskeyControllerErrorMessage,\n} from './constants';\nimport { PasskeyControllerError } from './errors';\nimport type {\n  PasskeyKeyDerivation,\n  PasskeyRecord,\n  PasskeyRegistrationCeremony,\n  PrfClientExtensionResults,\n} from './types';\nimport { deriveEncryptionKey } from './utils/crypto';\nimport { base64URLToBytes } from './utils/encoding';\nimport type {\n  PasskeyAuthenticationResponse,\n  PasskeyRegistrationResponse,\n} from './webauthn/types';\n\n/**\n * Derives an AES-256 wrapping key from a WebAuthn registration ceremony\n * response.\n *\n * Uses the PRF output as HKDF input key material when\n * `clientExtensionResults.prf.results.first` is a non-empty string;\n * otherwise falls back to the random `userHandle` created during option\n * generation (including when PRF is enabled but no output is present).\n *\n * @param registrationResponse - The registration credential result from\n *   `navigator.credentials.create()`.\n * @param registrationCeremony - In-flight registration ceremony state from\n *   when `generateRegistrationOptions()` was called.\n * @param verifiedCredentialId - Base64url credential id from verified\n *   authenticator data (same value as persisted `credential.id` after\n *   `verifyRegistrationResponse`), not the client wrapper field alone.\n * @returns The derived 32-byte AES wrapping key and the\n *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.\n */\nexport function deriveKeyFromRegistrationResponse(\n  registrationResponse: PasskeyRegistrationResponse,\n  registrationCeremony: PasskeyRegistrationCeremony,\n  verifiedCredentialId: string,\n): {\n  encKey: Uint8Array;\n  keyDerivation: PasskeyKeyDerivation;\n} {\n  const prfFirst = (\n    registrationResponse.clientExtensionResults as PrfClientExtensionResults\n  )?.prf?.results?.first;\n  const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;\n\n  const keyDerivation: PasskeyKeyDerivation = hasPrfOutput\n    ? { method: 'prf', prfSalt: registrationCeremony.prfSalt }\n    : { method: 'userHandle' };\n  const ikm =\n    keyDerivation.method === 'prf'\n      ? base64URLToBytes(prfFirst as string)\n      : base64URLToBytes(registrationCeremony.userHandle);\n  const encKey = deriveEncryptionKey(\n    ikm,\n    base64URLToBytes(verifiedCredentialId),\n  );\n\n  return { encKey, keyDerivation };\n}\n\n/**\n * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony\n * response.\n *\n * The derivation method is determined by `record.keyDerivation`:\n * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.\n * - `userHandle` -- uses the `userHandle` returned in the assertion.\n *\n * @param authenticationResponse - The authentication credential result\n *   from `navigator.credentials.get()`.\n * @param record - The persisted passkey record that was created during\n *   enrollment.\n * @returns The derived 32-byte AES wrapping key.\n * @throws {@link PasskeyControllerError} with code `missing_key_material` if the\n *   required key material (PRF result or userHandle) is missing from the response.\n */\nexport function deriveKeyFromAuthenticationResponse(\n  authenticationResponse: PasskeyAuthenticationResponse,\n  record: PasskeyRecord,\n): Uint8Array {\n  const { userHandle } = authenticationResponse.response;\n  const prfFirst = (\n    authenticationResponse.clientExtensionResults as PrfClientExtensionResults\n  )?.prf?.results?.first;\n  const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;\n\n  let ikm: Uint8Array;\n  if (record.keyDerivation.method === 'prf') {\n    if (!hasPrfOutput) {\n      throw new PasskeyControllerError(\n        PasskeyControllerErrorMessage.MissingKeyMaterial,\n        { code: PasskeyControllerErrorCode.MissingKeyMaterial },\n      );\n    }\n    ikm = base64URLToBytes(prfFirst);\n  } else if (userHandle) {\n    ikm = base64URLToBytes(userHandle);\n  } else {\n    throw new PasskeyControllerError(\n      PasskeyControllerErrorMessage.MissingKeyMaterial,\n      { code: PasskeyControllerErrorCode.MissingKeyMaterial },\n    );\n  }\n\n  return deriveEncryptionKey(ikm, base64URLToBytes(record.credential.id));\n}\n"]}

package/dist/key-derivation.d.cts

@@ -0,0 +1,43 @@
+import type { PasskeyKeyDerivation, PasskeyRecord, PasskeyRegistrationCeremony } from "./types.cjs";
+import type { PasskeyAuthenticationResponse, PasskeyRegistrationResponse } from "./webauthn/types.cjs";
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn registration ceremony
+ * response.
+ *
+ * Uses the PRF output as HKDF input key material when
+ * `clientExtensionResults.prf.results.first` is a non-empty string;
+ * otherwise falls back to the random `userHandle` created during option
+ * generation (including when PRF is enabled but no output is present).
+ *
+ * @param registrationResponse - The registration credential result from
+ *   `navigator.credentials.create()`.
+ * @param registrationCeremony - In-flight registration ceremony state from
+ *   when `generateRegistrationOptions()` was called.
+ * @param verifiedCredentialId - Base64url credential id from verified
+ *   authenticator data (same value as persisted `credential.id` after
+ *   `verifyRegistrationResponse`), not the client wrapper field alone.
+ * @returns The derived 32-byte AES wrapping key and the
+ *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.
+ */
+export declare function deriveKeyFromRegistrationResponse(registrationResponse: PasskeyRegistrationResponse, registrationCeremony: PasskeyRegistrationCeremony, verifiedCredentialId: string): {
+    encKey: Uint8Array;
+    keyDerivation: PasskeyKeyDerivation;
+};
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony
+ * response.
+ *
+ * The derivation method is determined by `record.keyDerivation`:
+ * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.
+ * - `userHandle` -- uses the `userHandle` returned in the assertion.
+ *
+ * @param authenticationResponse - The authentication credential result
+ *   from `navigator.credentials.get()`.
+ * @param record - The persisted passkey record that was created during
+ *   enrollment.
+ * @returns The derived 32-byte AES wrapping key.
+ * @throws {@link PasskeyControllerError} with code `missing_key_material` if the
+ *   required key material (PRF result or userHandle) is missing from the response.
+ */
+export declare function deriveKeyFromAuthenticationResponse(authenticationResponse: PasskeyAuthenticationResponse, record: PasskeyRecord): Uint8Array;
+//# sourceMappingURL=key-derivation.d.cts.map

package/dist/key-derivation.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.d.cts","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,oBAAoB,EACpB,aAAa,EACb,2BAA2B,EAE5B,oBAAgB;AAGjB,OAAO,KAAK,EACV,6BAA6B,EAC7B,2BAA2B,EAC5B,6BAAyB;AAE1B;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iCAAiC,CAC/C,oBAAoB,EAAE,2BAA2B,EACjD,oBAAoB,EAAE,2BAA2B,EACjD,oBAAoB,EAAE,MAAM,GAC3B;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,aAAa,EAAE,oBAAoB,CAAC;CACrC,CAmBA;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mCAAmC,CACjD,sBAAsB,EAAE,6BAA6B,EACrD,MAAM,EAAE,aAAa,GACpB,UAAU,CA0BZ"}

package/dist/key-derivation.d.mts

@@ -0,0 +1,43 @@
+import type { PasskeyKeyDerivation, PasskeyRecord, PasskeyRegistrationCeremony } from "./types.mjs";
+import type { PasskeyAuthenticationResponse, PasskeyRegistrationResponse } from "./webauthn/types.mjs";
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn registration ceremony
+ * response.
+ *
+ * Uses the PRF output as HKDF input key material when
+ * `clientExtensionResults.prf.results.first` is a non-empty string;
+ * otherwise falls back to the random `userHandle` created during option
+ * generation (including when PRF is enabled but no output is present).
+ *
+ * @param registrationResponse - The registration credential result from
+ *   `navigator.credentials.create()`.
+ * @param registrationCeremony - In-flight registration ceremony state from
+ *   when `generateRegistrationOptions()` was called.
+ * @param verifiedCredentialId - Base64url credential id from verified
+ *   authenticator data (same value as persisted `credential.id` after
+ *   `verifyRegistrationResponse`), not the client wrapper field alone.
+ * @returns The derived 32-byte AES wrapping key and the
+ *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.
+ */
+export declare function deriveKeyFromRegistrationResponse(registrationResponse: PasskeyRegistrationResponse, registrationCeremony: PasskeyRegistrationCeremony, verifiedCredentialId: string): {
+    encKey: Uint8Array;
+    keyDerivation: PasskeyKeyDerivation;
+};
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony
+ * response.
+ *
+ * The derivation method is determined by `record.keyDerivation`:
+ * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.
+ * - `userHandle` -- uses the `userHandle` returned in the assertion.
+ *
+ * @param authenticationResponse - The authentication credential result
+ *   from `navigator.credentials.get()`.
+ * @param record - The persisted passkey record that was created during
+ *   enrollment.
+ * @returns The derived 32-byte AES wrapping key.
+ * @throws {@link PasskeyControllerError} with code `missing_key_material` if the
+ *   required key material (PRF result or userHandle) is missing from the response.
+ */
+export declare function deriveKeyFromAuthenticationResponse(authenticationResponse: PasskeyAuthenticationResponse, record: PasskeyRecord): Uint8Array;
+//# sourceMappingURL=key-derivation.d.mts.map

package/dist/key-derivation.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.d.mts","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACV,oBAAoB,EACpB,aAAa,EACb,2BAA2B,EAE5B,oBAAgB;AAGjB,OAAO,KAAK,EACV,6BAA6B,EAC7B,2BAA2B,EAC5B,6BAAyB;AAE1B;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,iCAAiC,CAC/C,oBAAoB,EAAE,2BAA2B,EACjD,oBAAoB,EAAE,2BAA2B,EACjD,oBAAoB,EAAE,MAAM,GAC3B;IACD,MAAM,EAAE,UAAU,CAAC;IACnB,aAAa,EAAE,oBAAoB,CAAC;CACrC,CAmBA;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,mCAAmC,CACjD,sBAAsB,EAAE,6BAA6B,EACrD,MAAM,EAAE,aAAa,GACpB,UAAU,CA0BZ"}

package/dist/key-derivation.mjs

@@ -0,0 +1,71 @@
+import { PasskeyControllerErrorCode, PasskeyControllerErrorMessage } from "./constants.mjs";
+import { PasskeyControllerError } from "./errors.mjs";
+import { deriveEncryptionKey } from "./utils/crypto.mjs";
+import { base64URLToBytes } from "./utils/encoding.mjs";
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn registration ceremony
+ * response.
+ *
+ * Uses the PRF output as HKDF input key material when
+ * `clientExtensionResults.prf.results.first` is a non-empty string;
+ * otherwise falls back to the random `userHandle` created during option
+ * generation (including when PRF is enabled but no output is present).
+ *
+ * @param registrationResponse - The registration credential result from
+ *   `navigator.credentials.create()`.
+ * @param registrationCeremony - In-flight registration ceremony state from
+ *   when `generateRegistrationOptions()` was called.
+ * @param verifiedCredentialId - Base64url credential id from verified
+ *   authenticator data (same value as persisted `credential.id` after
+ *   `verifyRegistrationResponse`), not the client wrapper field alone.
+ * @returns The derived 32-byte AES wrapping key and the
+ *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.
+ */
+export function deriveKeyFromRegistrationResponse(registrationResponse, registrationCeremony, verifiedCredentialId) {
+    const prfFirst = registrationResponse.clientExtensionResults?.prf?.results?.first;
+    const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;
+    const keyDerivation = hasPrfOutput
+        ? { method: 'prf', prfSalt: registrationCeremony.prfSalt }
+        : { method: 'userHandle' };
+    const ikm = keyDerivation.method === 'prf'
+        ? base64URLToBytes(prfFirst)
+        : base64URLToBytes(registrationCeremony.userHandle);
+    const encKey = deriveEncryptionKey(ikm, base64URLToBytes(verifiedCredentialId));
+    return { encKey, keyDerivation };
+}
+/**
+ * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony
+ * response.
+ *
+ * The derivation method is determined by `record.keyDerivation`:
+ * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.
+ * - `userHandle` -- uses the `userHandle` returned in the assertion.
+ *
+ * @param authenticationResponse - The authentication credential result
+ *   from `navigator.credentials.get()`.
+ * @param record - The persisted passkey record that was created during
+ *   enrollment.
+ * @returns The derived 32-byte AES wrapping key.
+ * @throws {@link PasskeyControllerError} with code `missing_key_material` if the
+ *   required key material (PRF result or userHandle) is missing from the response.
+ */
+export function deriveKeyFromAuthenticationResponse(authenticationResponse, record) {
+    const { userHandle } = authenticationResponse.response;
+    const prfFirst = authenticationResponse.clientExtensionResults?.prf?.results?.first;
+    const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;
+    let ikm;
+    if (record.keyDerivation.method === 'prf') {
+        if (!hasPrfOutput) {
+            throw new PasskeyControllerError(PasskeyControllerErrorMessage.MissingKeyMaterial, { code: PasskeyControllerErrorCode.MissingKeyMaterial });
+        }
+        ikm = base64URLToBytes(prfFirst);
+    }
+    else if (userHandle) {
+        ikm = base64URLToBytes(userHandle);
+    }
+    else {
+        throw new PasskeyControllerError(PasskeyControllerErrorMessage.MissingKeyMaterial, { code: PasskeyControllerErrorCode.MissingKeyMaterial });
+    }
+    return deriveEncryptionKey(ikm, base64URLToBytes(record.credential.id));
+}
+//# sourceMappingURL=key-derivation.mjs.map

package/dist/key-derivation.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.mjs","sourceRoot":"","sources":["../src/key-derivation.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,0BAA0B,EAC1B,6BAA6B,EAC9B,wBAAoB;AACrB,OAAO,EAAE,sBAAsB,EAAE,qBAAiB;AAOlD,OAAO,EAAE,mBAAmB,EAAE,2BAAuB;AACrD,OAAO,EAAE,gBAAgB,EAAE,6BAAyB;AAMpD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,iCAAiC,CAC/C,oBAAiD,EACjD,oBAAiD,EACjD,oBAA4B;IAK5B,MAAM,QAAQ,GACZ,oBAAoB,CAAC,sBACtB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC;IACvB,MAAM,YAAY,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEzE,MAAM,aAAa,GAAyB,YAAY;QACtD,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,oBAAoB,CAAC,OAAO,EAAE;QAC1D,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;IAC7B,MAAM,GAAG,GACP,aAAa,CAAC,MAAM,KAAK,KAAK;QAC5B,CAAC,CAAC,gBAAgB,CAAC,QAAkB,CAAC;QACtC,CAAC,CAAC,gBAAgB,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;IACxD,MAAM,MAAM,GAAG,mBAAmB,CAChC,GAAG,EACH,gBAAgB,CAAC,oBAAoB,CAAC,CACvC,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,mCAAmC,CACjD,sBAAqD,EACrD,MAAqB;IAErB,MAAM,EAAE,UAAU,EAAE,GAAG,sBAAsB,CAAC,QAAQ,CAAC;IACvD,MAAM,QAAQ,GACZ,sBAAsB,CAAC,sBACxB,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC;IACvB,MAAM,YAAY,GAAG,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC;IAEzE,IAAI,GAAe,CAAC;IACpB,IAAI,MAAM,CAAC,aAAa,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;QAC1C,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,sBAAsB,CAC9B,6BAA6B,CAAC,kBAAkB,EAChD,EAAE,IAAI,EAAE,0BAA0B,CAAC,kBAAkB,EAAE,CACxD,CAAC;QACJ,CAAC;QACD,GAAG,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACnC,CAAC;SAAM,IAAI,UAAU,EAAE,CAAC;QACtB,GAAG,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,MAAM,IAAI,sBAAsB,CAC9B,6BAA6B,CAAC,kBAAkB,EAChD,EAAE,IAAI,EAAE,0BAA0B,CAAC,kBAAkB,EAAE,CACxD,CAAC;IACJ,CAAC;IAED,OAAO,mBAAmB,CAAC,GAAG,EAAE,gBAAgB,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;AAC1E,CAAC","sourcesContent":["import {\n  PasskeyControllerErrorCode,\n  PasskeyControllerErrorMessage,\n} from './constants';\nimport { PasskeyControllerError } from './errors';\nimport type {\n  PasskeyKeyDerivation,\n  PasskeyRecord,\n  PasskeyRegistrationCeremony,\n  PrfClientExtensionResults,\n} from './types';\nimport { deriveEncryptionKey } from './utils/crypto';\nimport { base64URLToBytes } from './utils/encoding';\nimport type {\n  PasskeyAuthenticationResponse,\n  PasskeyRegistrationResponse,\n} from './webauthn/types';\n\n/**\n * Derives an AES-256 wrapping key from a WebAuthn registration ceremony\n * response.\n *\n * Uses the PRF output as HKDF input key material when\n * `clientExtensionResults.prf.results.first` is a non-empty string;\n * otherwise falls back to the random `userHandle` created during option\n * generation (including when PRF is enabled but no output is present).\n *\n * @param registrationResponse - The registration credential result from\n *   `navigator.credentials.create()`.\n * @param registrationCeremony - In-flight registration ceremony state from\n *   when `generateRegistrationOptions()` was called.\n * @param verifiedCredentialId - Base64url credential id from verified\n *   authenticator data (same value as persisted `credential.id` after\n *   `verifyRegistrationResponse`), not the client wrapper field alone.\n * @returns The derived 32-byte AES wrapping key and the\n *   {@link PasskeyKeyDerivation} parameters needed to reproduce it.\n */\nexport function deriveKeyFromRegistrationResponse(\n  registrationResponse: PasskeyRegistrationResponse,\n  registrationCeremony: PasskeyRegistrationCeremony,\n  verifiedCredentialId: string,\n): {\n  encKey: Uint8Array;\n  keyDerivation: PasskeyKeyDerivation;\n} {\n  const prfFirst = (\n    registrationResponse.clientExtensionResults as PrfClientExtensionResults\n  )?.prf?.results?.first;\n  const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;\n\n  const keyDerivation: PasskeyKeyDerivation = hasPrfOutput\n    ? { method: 'prf', prfSalt: registrationCeremony.prfSalt }\n    : { method: 'userHandle' };\n  const ikm =\n    keyDerivation.method === 'prf'\n      ? base64URLToBytes(prfFirst as string)\n      : base64URLToBytes(registrationCeremony.userHandle);\n  const encKey = deriveEncryptionKey(\n    ikm,\n    base64URLToBytes(verifiedCredentialId),\n  );\n\n  return { encKey, keyDerivation };\n}\n\n/**\n * Derives an AES-256 wrapping key from a WebAuthn authentication ceremony\n * response.\n *\n * The derivation method is determined by `record.keyDerivation`:\n * - `prf` -- uses the PRF evaluation result from `clientExtensionResults`.\n * - `userHandle` -- uses the `userHandle` returned in the assertion.\n *\n * @param authenticationResponse - The authentication credential result\n *   from `navigator.credentials.get()`.\n * @param record - The persisted passkey record that was created during\n *   enrollment.\n * @returns The derived 32-byte AES wrapping key.\n * @throws {@link PasskeyControllerError} with code `missing_key_material` if the\n *   required key material (PRF result or userHandle) is missing from the response.\n */\nexport function deriveKeyFromAuthenticationResponse(\n  authenticationResponse: PasskeyAuthenticationResponse,\n  record: PasskeyRecord,\n): Uint8Array {\n  const { userHandle } = authenticationResponse.response;\n  const prfFirst = (\n    authenticationResponse.clientExtensionResults as PrfClientExtensionResults\n  )?.prf?.results?.first;\n  const hasPrfOutput = typeof prfFirst === 'string' && prfFirst.length > 0;\n\n  let ikm: Uint8Array;\n  if (record.keyDerivation.method === 'prf') {\n    if (!hasPrfOutput) {\n      throw new PasskeyControllerError(\n        PasskeyControllerErrorMessage.MissingKeyMaterial,\n        { code: PasskeyControllerErrorCode.MissingKeyMaterial },\n      );\n    }\n    ikm = base64URLToBytes(prfFirst);\n  } else if (userHandle) {\n    ikm = base64URLToBytes(userHandle);\n  } else {\n    throw new PasskeyControllerError(\n      PasskeyControllerErrorMessage.MissingKeyMaterial,\n      { code: PasskeyControllerErrorCode.MissingKeyMaterial },\n    );\n  }\n\n  return deriveEncryptionKey(ikm, base64URLToBytes(record.credential.id));\n}\n"]}

package/dist/logger.cjs

@@ -0,0 +1,9 @@
+"use strict";
+/* istanbul ignore file */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createModuleLogger = exports.projectLogger = void 0;
+const utils_1 = require("@metamask/utils");
+Object.defineProperty(exports, "createModuleLogger", { enumerable: true, get: function () { return utils_1.createModuleLogger; } });
+const constants_1 = require("./constants.cjs");
+exports.projectLogger = (0, utils_1.createProjectLogger)(constants_1.controllerName);
+//# sourceMappingURL=logger.cjs.map

package/dist/logger.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.cjs","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";AAAA,0BAA0B;;;AAE1B,2CAA0E;AAMjE,mGANqB,0BAAkB,OAMrB;AAJ3B,+CAA6C;AAEhC,QAAA,aAAa,GAAG,IAAA,2BAAmB,EAAC,0BAAc,CAAC,CAAC","sourcesContent":["/* istanbul ignore file */\n\nimport { createProjectLogger, createModuleLogger } from '@metamask/utils';\n\nimport { controllerName } from './constants';\n\nexport const projectLogger = createProjectLogger(controllerName);\n\nexport { createModuleLogger };\n"]}

package/dist/logger.d.cts

@@ -0,0 +1,5 @@
+/// <reference types="debug" />
+import { createModuleLogger } from "@metamask/utils";
+export declare const projectLogger: import("debug").Debugger;
+export { createModuleLogger };
+//# sourceMappingURL=logger.d.cts.map

package/dist/logger.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.cts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";AAEA,OAAO,EAAuB,kBAAkB,EAAE,wBAAwB;AAI1E,eAAO,MAAM,aAAa,0BAAsC,CAAC;AAEjE,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/logger.d.mts

@@ -0,0 +1,5 @@
+/// <reference types="debug" />
+import { createModuleLogger } from "@metamask/utils";
+export declare const projectLogger: import("debug").Debugger;
+export { createModuleLogger };
+//# sourceMappingURL=logger.d.mts.map

package/dist/logger.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.d.mts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":";AAEA,OAAO,EAAuB,kBAAkB,EAAE,wBAAwB;AAI1E,eAAO,MAAM,aAAa,0BAAsC,CAAC;AAEjE,OAAO,EAAE,kBAAkB,EAAE,CAAC"}

package/dist/logger.mjs

@@ -0,0 +1,6 @@
+/* istanbul ignore file */
+import { createProjectLogger, createModuleLogger } from "@metamask/utils";
+import { controllerName } from "./constants.mjs";
+export const projectLogger = createProjectLogger(controllerName);
+export { createModuleLogger };
+//# sourceMappingURL=logger.mjs.map

package/dist/logger.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.mjs","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA,0BAA0B;AAE1B,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,wBAAwB;AAE1E,OAAO,EAAE,cAAc,EAAE,wBAAoB;AAE7C,MAAM,CAAC,MAAM,aAAa,GAAG,mBAAmB,CAAC,cAAc,CAAC,CAAC;AAEjE,OAAO,EAAE,kBAAkB,EAAE,CAAC","sourcesContent":["/* istanbul ignore file */\n\nimport { createProjectLogger, createModuleLogger } from '@metamask/utils';\n\nimport { controllerName } from './constants';\n\nexport const projectLogger = createProjectLogger(controllerName);\n\nexport { createModuleLogger };\n"]}

package/dist/types.cjs

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.cjs.map

package/dist/types.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.cjs","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"","sourcesContent":["export type Base64String = string;\n\nexport type Base64URLString = string;\n\nexport type AuthenticatorTransportFuture =\n  | 'ble'\n  | 'cable'\n  | 'hybrid'\n  | 'internal'\n  | 'nfc'\n  | 'smart-card'\n  | 'usb';\n\n/**\n * WebAuthn credential metadata used to identify the passkey and verify\n * subsequent assertions.\n */\nexport type PasskeyCredentialInfo = {\n  /** WebAuthn credential ID (base64url). */\n  id: Base64URLString;\n  /** COSE-encoded credential public key (base64url) used to verify assertions. */\n  publicKey: Base64URLString;\n  /** Authenticator signature counter for replay/clone detection. */\n  counter: number;\n  /** Authenticator transports hint for `allowCredentials`. */\n  transports?: AuthenticatorTransportFuture[];\n};\n\n/**\n * Vault key wrapped under the passkey-derived AES-256-GCM key.\n */\nexport type EncryptedVaultKey = {\n  /** Base64-encoded AES-256-GCM ciphertext of the vault key. */\n  ciphertext: Base64String;\n  /** Base64-encoded AES-GCM IV used during encryption. */\n  iv: Base64String;\n};\n\n/**\n * Parameters needed to reproduce the AES-256 wrapping key at unlock time.\n *\n * Encoded as a discriminated union so PRF-only fields (e.g. `prfSalt`) can\n * only exist on the PRF branch, removing the \"optional but actually\n * required\" footgun.\n */\nexport type PasskeyKeyDerivation =\n  | {\n      method: 'prf';\n      /**\n       * PRF salt sent in `get()` extension options to reproduce the same PRF\n       * output that was generated at registration.\n       */\n      prfSalt: Base64URLString;\n    }\n  | { method: 'userHandle' };\n\n/** Discriminator value for {@link PasskeyKeyDerivation}. */\nexport type PasskeyDerivationMethod = PasskeyKeyDerivation['method'];\n\nexport type PasskeyRecord = {\n  /** WebAuthn credential metadata used for assertion verification & re-discovery. */\n  credential: PasskeyCredentialInfo;\n  /** Vault key wrapped under the passkey-derived key. */\n  encryptedVaultKey: EncryptedVaultKey;\n  /** How the wrapping key is reconstructed at unlock time. */\n  keyDerivation: PasskeyKeyDerivation;\n};\n\n/**\n * In-memory state for one **in-flight** WebAuthn **registration** ceremony\n * (from `create()` options until `protectVaultKeyWithPasskey` completes). This is\n * not a user login session; it is keyed by challenge and distinct from the full\n * spec ceremony (which includes the authenticator round-trip).\n */\nexport type PasskeyRegistrationCeremony = {\n  userHandle: Base64URLString;\n  prfSalt: Base64URLString;\n  challenge: Base64URLString;\n  /** When this ceremony was started (ms since epoch); used for TTL pruning. */\n  createdAt: number;\n};\n\n/**\n * In-memory state for one **in-flight** WebAuthn **authentication** ceremony\n * (`get()` options until the assertion is verified). Not a user login session.\n */\nexport type PasskeyAuthenticationCeremony = {\n  challenge: Base64URLString;\n  /** When this ceremony was started (ms since epoch); used for TTL pruning. */\n  createdAt: number;\n};\n\n/**\n * PRF extension types not covered by DOM typings.\n */\nexport type PrfEvalExtension = {\n  eval: {\n    first: Base64URLString;\n  };\n};\n\nexport type PrfClientExtensionResults = {\n  prf?: {\n    enabled?: boolean;\n    results?: { first?: Base64URLString };\n  };\n};\n"]}

package/dist/types.d.cts

@@ -0,0 +1,92 @@
+export type Base64String = string;
+export type Base64URLString = string;
+export type AuthenticatorTransportFuture = 'ble' | 'cable' | 'hybrid' | 'internal' | 'nfc' | 'smart-card' | 'usb';
+/**
+ * WebAuthn credential metadata used to identify the passkey and verify
+ * subsequent assertions.
+ */
+export type PasskeyCredentialInfo = {
+    /** WebAuthn credential ID (base64url). */
+    id: Base64URLString;
+    /** COSE-encoded credential public key (base64url) used to verify assertions. */
+    publicKey: Base64URLString;
+    /** Authenticator signature counter for replay/clone detection. */
+    counter: number;
+    /** Authenticator transports hint for `allowCredentials`. */
+    transports?: AuthenticatorTransportFuture[];
+};
+/**
+ * Vault key wrapped under the passkey-derived AES-256-GCM key.
+ */
+export type EncryptedVaultKey = {
+    /** Base64-encoded AES-256-GCM ciphertext of the vault key. */
+    ciphertext: Base64String;
+    /** Base64-encoded AES-GCM IV used during encryption. */
+    iv: Base64String;
+};
+/**
+ * Parameters needed to reproduce the AES-256 wrapping key at unlock time.
+ *
+ * Encoded as a discriminated union so PRF-only fields (e.g. `prfSalt`) can
+ * only exist on the PRF branch, removing the "optional but actually
+ * required" footgun.
+ */
+export type PasskeyKeyDerivation = {
+    method: 'prf';
+    /**
+     * PRF salt sent in `get()` extension options to reproduce the same PRF
+     * output that was generated at registration.
+     */
+    prfSalt: Base64URLString;
+} | {
+    method: 'userHandle';
+};
+/** Discriminator value for {@link PasskeyKeyDerivation}. */
+export type PasskeyDerivationMethod = PasskeyKeyDerivation['method'];
+export type PasskeyRecord = {
+    /** WebAuthn credential metadata used for assertion verification & re-discovery. */
+    credential: PasskeyCredentialInfo;
+    /** Vault key wrapped under the passkey-derived key. */
+    encryptedVaultKey: EncryptedVaultKey;
+    /** How the wrapping key is reconstructed at unlock time. */
+    keyDerivation: PasskeyKeyDerivation;
+};
+/**
+ * In-memory state for one **in-flight** WebAuthn **registration** ceremony
+ * (from `create()` options until `protectVaultKeyWithPasskey` completes). This is
+ * not a user login session; it is keyed by challenge and distinct from the full
+ * spec ceremony (which includes the authenticator round-trip).
+ */
+export type PasskeyRegistrationCeremony = {
+    userHandle: Base64URLString;
+    prfSalt: Base64URLString;
+    challenge: Base64URLString;
+    /** When this ceremony was started (ms since epoch); used for TTL pruning. */
+    createdAt: number;
+};
+/**
+ * In-memory state for one **in-flight** WebAuthn **authentication** ceremony
+ * (`get()` options until the assertion is verified). Not a user login session.
+ */
+export type PasskeyAuthenticationCeremony = {
+    challenge: Base64URLString;
+    /** When this ceremony was started (ms since epoch); used for TTL pruning. */
+    createdAt: number;
+};
+/**
+ * PRF extension types not covered by DOM typings.
+ */
+export type PrfEvalExtension = {
+    eval: {
+        first: Base64URLString;
+    };
+};
+export type PrfClientExtensionResults = {
+    prf?: {
+        enabled?: boolean;
+        results?: {
+            first?: Base64URLString;
+        };
+    };
+};
+//# sourceMappingURL=types.d.cts.map

package/dist/types.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.cts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,YAAY,GAAG,MAAM,CAAC;AAElC,MAAM,MAAM,eAAe,GAAG,MAAM,CAAC;AAErC,MAAM,MAAM,4BAA4B,GACpC,KAAK,GACL,OAAO,GACP,QAAQ,GACR,UAAU,GACV,KAAK,GACL,YAAY,GACZ,KAAK,CAAC;AAEV;;;GAGG;AACH,MAAM,MAAM,qBAAqB,GAAG;IAClC,0CAA0C;IAC1C,EAAE,EAAE,eAAe,CAAC;IACpB,gFAAgF;IAChF,SAAS,EAAE,eAAe,CAAC;IAC3B,kEAAkE;IAClE,OAAO,EAAE,MAAM,CAAC;IAChB,4DAA4D;IAC5D,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;CAC7C,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,iBAAiB,GAAG;IAC9B,8DAA8D;IAC9D,UAAU,EAAE,YAAY,CAAC;IACzB,wDAAwD;IACxD,EAAE,EAAE,YAAY,CAAC;CAClB,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,MAAM,oBAAoB,GAC5B;IACE,MAAM,EAAE,KAAK,CAAC;IACd;;;OAGG;IACH,OAAO,EAAE,eAAe,CAAC;CAC1B,GACD;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,CAAC;AAE7B,4DAA4D;AAC5D,MAAM,MAAM,uBAAuB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAC;AAErE,MAAM,MAAM,aAAa,GAAG;IAC1B,mFAAmF;IACnF,UAAU,EAAE,qBAAqB,CAAC;IAClC,uDAAuD;IACvD,iBAAiB,EAAE,iBAAiB,CAAC;IACrC,4DAA4D;IAC5D,aAAa,EAAE,oBAAoB,CAAC;CACrC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,MAAM,2BAA2B,GAAG;IACxC,UAAU,EAAE,eAAe,CAAC;IAC5B,OAAO,EAAE,eAAe,CAAC;IACzB,SAAS,EAAE,eAAe,CAAC;IAC3B,6EAA6E;IAC7E,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;;GAGG;AACH,MAAM,MAAM,6BAA6B,GAAG;IAC1C,SAAS,EAAE,eAAe,CAAC;IAC3B,6EAA6E;IAC7E,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE;QACJ,KAAK,EAAE,eAAe,CAAC;KACxB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,GAAG,CAAC,EAAE;QACJ,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,OAAO,CAAC,EAAE;YAAE,KAAK,CAAC,EAAE,eAAe,CAAA;SAAE,CAAC;KACvC,CAAC;CACH,CAAC"}