@motebit/crypto-android-keystore 1.1.0

package/dist/google-roots.d.ts

@@ -0,0 +1,89 @@
+/**
+ * Pinned Google Hardware Attestation root certificates.
+ *
+ * Every `platform: "android_keystore"` hardware-attestation claim must
+ * chain to one of the root CAs listed here. Pinning is the
+ * self-attesting contract — a verifier that dynamically fetched
+ * Google's attestation roots could not be reproduced by a third-party
+ * audit. By committing the exact bytes of the CAs we accept, anyone
+ * can audit this file, pin the same bytes in their own verifier, and
+ * reach the same yes/no answer.
+ *
+ * Two roots are pinned, covering the in-flight rotation Google
+ * announced for early 2026:
+ *
+ *   - **Legacy RSA-4096 root** — covers all factory-provisioned
+ *     Android devices since 2014. Cannot be rotated on those devices,
+ *     so it stays valid indefinitely for that fleet.
+ *
+ *   - **ECDSA P-384 root** — issued 2025-07-17. Covers RKP-provisioned
+ *     devices (Remote Key Provisioning, the modern flow). Devices
+ *     began emitting chains rooted here on 2026-02-01; switched
+ *     exclusively after 2026-04-10.
+ *
+ * Verifiers MUST pin both. Source of truth: `roots.json` in the
+ * `android/keyattestation` repository (Google's canonical Kotlin
+ * reference verifier), mirrored from Android's published attestation
+ * trust anchor list.
+ *
+ * Operator note — runtime fetching is forbidden. The Android docs are
+ * explicit: "Don't query for roots at runtime. Use formal
+ * configuration updates." A new Google root cert lands here as an
+ * additive constant, never via dynamic fetch — any other path
+ * sacrifices the sovereign-verifier story.
+ *
+ * Each constant ships its real Google-published bytes. Each comment
+ * names: source URL, subject DN, SHA-256 fingerprint, public-key
+ * algorithm, validity window. The fingerprint is the audit anchor — a
+ * third party that fetches the same source and computes its own
+ * SHA-256 should reach the byte-identical value below.
+ */
+/**
+ * Google Hardware Attestation Root — RSA-4096 (legacy / factory-provisioned).
+ *
+ *   Source:     https://github.com/android/keyattestation (roots.json[0])
+ *   Subject:    serialNumber=f92009e853b6b045
+ *   Issuer:     same (self-signed)
+ *   Serial:     0xf1c172a699eaf51d
+ *   SHA-256:    cedb1cb6dc896ae5ec797348bce9286753c2b38ee71ce0fbe34a9a1248800dfc
+ *   Public key: RSA-4096
+ *   Validity:   2022-03-20 → 2042-03-15
+ */
+export declare const GOOGLE_ANDROID_KEYSTORE_ROOT_RSA_PEM = "-----BEGIN CERTIFICATE-----\nMIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV\nBAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgw\nNzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B\nAQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS\nSxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7\ntv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj\nnar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq\nC4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ\noVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O\nJtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg\nsTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi\nigHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M\nRPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E\naDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um\nAGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud\nIwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD\nVR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7\n174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGIC\nW/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2G\ntkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkx\noSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG\n1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mF\nmr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPz\nlHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVw\nn6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1Eu\nzbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHo\nvaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHn\nw1IdYIg2Wxg7yHcQZemFQg==\n-----END CERTIFICATE-----\n";
+/**
+ * Google Hardware Attestation Root — ECDSA P-384 (modern / RKP).
+ *
+ *   Source:     https://github.com/android/keyattestation (roots.json[1])
+ *   Subject:    CN=Key Attestation CA1, OU=Android, O=Google LLC, C=US
+ *   Issuer:     same (self-signed)
+ *   Serial:     0x84a9d0297b0eb58ae7ff0e80de760605
+ *   SHA-256:    6d9db4ce6c5c0b293166d08986e05774a8776ceb525d9e4329520de12ba4bcc0
+ *   Public key: ECDSA P-384
+ *   Validity:   2025-07-17 → 2035-07-15
+ *
+ * Rotation timeline (Google-published, motebit-recorded):
+ *   - 2026-02-01: RKP-enabled devices begin emitting chains rooted here
+ *   - 2026-03-31: target deadline for verifiers to pin both anchors
+ *   - 2026-04-10: RKP-enabled devices switch exclusively to this root
+ */
+export declare const GOOGLE_ANDROID_KEYSTORE_ROOT_ECDSA_PEM = "-----BEGIN CERTIFICATE-----\nMIICIjCCAaigAwIBAgIRAISp0Cl7DrWK5/8OgN52BgUwCgYIKoZIzj0EAwMwUjEc\nMBoGA1UEAwwTS2V5IEF0dGVzdGF0aW9uIENBMTEQMA4GA1UECwwHQW5kcm9pZDET\nMBEGA1UECgwKR29vZ2xlIExMQzELMAkGA1UEBhMCVVMwHhcNMjUwNzE3MjIzMjE4\nWhcNMzUwNzE1MjIzMjE4WjBSMRwwGgYDVQQDDBNLZXkgQXR0ZXN0YXRpb24gQ0Ex\nMRAwDgYDVQQLDAdBbmRyb2lkMRMwEQYDVQQKDApHb29nbGUgTExDMQswCQYDVQQG\nEwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCPaI3FO3z5bBQo8cuiEas4HjqCt\nG/mLFfRT0MsIssPBEEU5Cfbt6sH5yOAxqEi5QagpU1yX4HwnGb7OtBYpDTB57uH5\nEczm34A5FNijV3s0/f0UPl7zbJcTx6xwqMIRq6NCMEAwDwYDVR0TAQH/BAUwAwEB\n/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFIyuyz7RkOb3NaBqQ5lZuA0QepA\nMAoGCCqGSM49BAMDA2gAMGUCMETfjPO/HwqReR2CS7p0ZWoD/LHs6hDi422opifH\nEUaYLxwGlT9SLdjkVpz0UUOR5wIxAIoGyxGKRHVTpqpGRFiJtQEOOTp/+s1GcxeY\nuR2zh/80lQyu9vAFCj6E4AXc+osmRg==\n-----END CERTIFICATE-----\n";
+/**
+ * Default pinned-root set returned when a caller passes no `rootPems`
+ * override. Both Google attestation roots — pin order is irrelevant
+ * to chain validation but is documented for audit-readability.
+ */
+export declare const DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS: readonly string[];
+/**
+ * Sentinel value the consumer-facing verifier emits on a mint path
+ * where the Kotlin bridge returns a `not_supported` failure envelope.
+ * Exposed as a constant so call sites match on a named token rather
+ * than a raw string literal.
+ */
+export declare const ANDROID_KEYSTORE_PLATFORM: "android_keystore";
+/**
+ * The OID Google uses for the Android Key Attestation extension on
+ * the leaf certificate. Defined in the Android security docs:
+ * https://source.android.com/docs/security/features/keystore/attestation
+ */
+export declare const ANDROID_KEY_ATTESTATION_OID = "1.3.6.1.4.1.11129.2.1.17";
+//# sourceMappingURL=google-roots.d.ts.map

package/dist/google-roots.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-roots.d.ts","sourceRoot":"","sources":["../src/google-roots.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oCAAoC,60DA8BhD,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,sCAAsC,qzBAclD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,sCAAsC,EAAE,SAAS,MAAM,EAGnE,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,EAAG,kBAA2B,CAAC;AAErE;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,6BAA6B,CAAC"}

package/dist/google-roots.js

@@ -0,0 +1,136 @@
+/**
+ * Pinned Google Hardware Attestation root certificates.
+ *
+ * Every `platform: "android_keystore"` hardware-attestation claim must
+ * chain to one of the root CAs listed here. Pinning is the
+ * self-attesting contract — a verifier that dynamically fetched
+ * Google's attestation roots could not be reproduced by a third-party
+ * audit. By committing the exact bytes of the CAs we accept, anyone
+ * can audit this file, pin the same bytes in their own verifier, and
+ * reach the same yes/no answer.
+ *
+ * Two roots are pinned, covering the in-flight rotation Google
+ * announced for early 2026:
+ *
+ *   - **Legacy RSA-4096 root** — covers all factory-provisioned
+ *     Android devices since 2014. Cannot be rotated on those devices,
+ *     so it stays valid indefinitely for that fleet.
+ *
+ *   - **ECDSA P-384 root** — issued 2025-07-17. Covers RKP-provisioned
+ *     devices (Remote Key Provisioning, the modern flow). Devices
+ *     began emitting chains rooted here on 2026-02-01; switched
+ *     exclusively after 2026-04-10.
+ *
+ * Verifiers MUST pin both. Source of truth: `roots.json` in the
+ * `android/keyattestation` repository (Google's canonical Kotlin
+ * reference verifier), mirrored from Android's published attestation
+ * trust anchor list.
+ *
+ * Operator note — runtime fetching is forbidden. The Android docs are
+ * explicit: "Don't query for roots at runtime. Use formal
+ * configuration updates." A new Google root cert lands here as an
+ * additive constant, never via dynamic fetch — any other path
+ * sacrifices the sovereign-verifier story.
+ *
+ * Each constant ships its real Google-published bytes. Each comment
+ * names: source URL, subject DN, SHA-256 fingerprint, public-key
+ * algorithm, validity window. The fingerprint is the audit anchor — a
+ * third party that fetches the same source and computes its own
+ * SHA-256 should reach the byte-identical value below.
+ */
+/**
+ * Google Hardware Attestation Root — RSA-4096 (legacy / factory-provisioned).
+ *
+ *   Source:     https://github.com/android/keyattestation (roots.json[0])
+ *   Subject:    serialNumber=f92009e853b6b045
+ *   Issuer:     same (self-signed)
+ *   Serial:     0xf1c172a699eaf51d
+ *   SHA-256:    cedb1cb6dc896ae5ec797348bce9286753c2b38ee71ce0fbe34a9a1248800dfc
+ *   Public key: RSA-4096
+ *   Validity:   2022-03-20 → 2042-03-15
+ */
+export const GOOGLE_ANDROID_KEYSTORE_ROOT_RSA_PEM = `-----BEGIN CERTIFICATE-----
+MIIFHDCCAwSgAwIBAgIJAPHBcqaZ6vUdMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNV
+BAUTEGY5MjAwOWU4NTNiNmIwNDUwHhcNMjIwMzIwMTgwNzQ4WhcNNDIwMzE1MTgw
+NzQ4WjAbMRkwFwYDVQQFExBmOTIwMDllODUzYjZiMDQ1MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr7bHgiuxpwHsK7Qui8xUFmOr75gvMsd/dTEDDJdS
+Sxtf6An7xyqpRR90PL2abxM1dEqlXnf2tqw1Ne4Xwl5jlRfdnJLmN0pTy/4lj4/7
+tv0Sk3iiKkypnEUtR6WfMgH0QZfKHM1+di+y9TFRtv6y//0rb+T+W8a9nsNL/ggj
+nar86461qO0rOs2cXjp3kOG1FEJ5MVmFmBGtnrKpa73XpXyTqRxB/M0n1n/W9nGq
+C4FSYa04T6N5RIZGBN2z2MT5IKGbFlbC8UrW0DxW7AYImQQcHtGl/m00QLVWutHQ
+oVJYnFPlXTcHYvASLu+RhhsbDmxMgJJ0mcDpvsC4PjvB+TxywElgS70vE0XmLD+O
+JtvsBslHZvPBKCOdT0MS+tgSOIfga+z1Z1g7+DVagf7quvmag8jfPioyKvxnK/Eg
+sTUVi2ghzq8wm27ud/mIM7AY2qEORR8Go3TVB4HzWQgpZrt3i5MIlCaY504LzSRi
+igHCzAPlHws+W0rB5N+er5/2pJKnfBSDiCiFAVtCLOZ7gLiMm0jhO2B6tUXHI/+M
+RPjy02i59lINMRRev56GKtcd9qO/0kUJWdZTdA2XoS82ixPvZtXQpUpuL12ab+9E
+aDK8Z4RHJYYfCT3Q5vNAXaiWQ+8PTWm2QgBR/bkwSWc+NpUFgNPN9PvQi8WEg5Um
+AGMCAwEAAaNjMGEwHQYDVR0OBBYEFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMB8GA1Ud
+IwQYMBaAFDZh4QB8iAUJUYtEbEf/GkzJ6k8SMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgIEMA0GCSqGSIb3DQEBCwUAA4ICAQB8cMqTllHc8U+qCrOlg3H7
+174lmaCsbo/bJ0C17JEgMLb4kvrqsXZs01U3mB/qABg/1t5Pd5AORHARs1hhqGIC
+W/nKMav574f9rZN4PC2ZlufGXb7sIdJpGiO9ctRhiLuYuly10JccUZGEHpHSYM2G
+tkgYbZba6lsCPYAAP83cyDV+1aOkTf1RCp/lM0PKvmxYN10RYsK631jrleGdcdkx
+oSK//mSQbgcWnmAEZrzHoF1/0gso1HZgIn0YLzVhLSA/iXCX4QT2h3J5z3znluKG
+1nv8NQdxei2DIIhASWfu804CA96cQKTTlaae2fweqXjdN1/v2nqOhngNyz1361mF
+mr4XmaKH/ItTwOe72NI9ZcwS1lVaCvsIkTDCEXdm9rCNPAY10iTunIHFXRh+7KPz
+lHGewCq/8TOohBRn0/NNfh7uRslOSZ/xKbN9tMBtw37Z8d2vvnXq/YWdsm1+JLVw
+n6yYD/yacNJBlwpddla8eaVMjsF6nBnIgQOf9zKSe06nSTqvgwUHosgOECZJZ1Eu
+zbH4yswbt02tKtKEFhx+v+OTge/06V+jGsqTWLsfrOCNLuA8H++z+pUENmpqnnHo
+vaI47gC+TNpkgYGkkBT6B/m/U01BuOBBTzhIlMEZq9qkDWuM2cA5kW5V3FJUcfHn
+w1IdYIg2Wxg7yHcQZemFQg==
+-----END CERTIFICATE-----
+`;
+/**
+ * Google Hardware Attestation Root — ECDSA P-384 (modern / RKP).
+ *
+ *   Source:     https://github.com/android/keyattestation (roots.json[1])
+ *   Subject:    CN=Key Attestation CA1, OU=Android, O=Google LLC, C=US
+ *   Issuer:     same (self-signed)
+ *   Serial:     0x84a9d0297b0eb58ae7ff0e80de760605
+ *   SHA-256:    6d9db4ce6c5c0b293166d08986e05774a8776ceb525d9e4329520de12ba4bcc0
+ *   Public key: ECDSA P-384
+ *   Validity:   2025-07-17 → 2035-07-15
+ *
+ * Rotation timeline (Google-published, motebit-recorded):
+ *   - 2026-02-01: RKP-enabled devices begin emitting chains rooted here
+ *   - 2026-03-31: target deadline for verifiers to pin both anchors
+ *   - 2026-04-10: RKP-enabled devices switch exclusively to this root
+ */
+export const GOOGLE_ANDROID_KEYSTORE_ROOT_ECDSA_PEM = `-----BEGIN CERTIFICATE-----
+MIICIjCCAaigAwIBAgIRAISp0Cl7DrWK5/8OgN52BgUwCgYIKoZIzj0EAwMwUjEc
+MBoGA1UEAwwTS2V5IEF0dGVzdGF0aW9uIENBMTEQMA4GA1UECwwHQW5kcm9pZDET
+MBEGA1UECgwKR29vZ2xlIExMQzELMAkGA1UEBhMCVVMwHhcNMjUwNzE3MjIzMjE4
+WhcNMzUwNzE1MjIzMjE4WjBSMRwwGgYDVQQDDBNLZXkgQXR0ZXN0YXRpb24gQ0Ex
+MRAwDgYDVQQLDAdBbmRyb2lkMRMwEQYDVQQKDApHb29nbGUgTExDMQswCQYDVQQG
+EwJVUzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCPaI3FO3z5bBQo8cuiEas4HjqCt
+G/mLFfRT0MsIssPBEEU5Cfbt6sH5yOAxqEi5QagpU1yX4HwnGb7OtBYpDTB57uH5
+Eczm34A5FNijV3s0/f0UPl7zbJcTx6xwqMIRq6NCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFFIyuyz7RkOb3NaBqQ5lZuA0QepA
+MAoGCCqGSM49BAMDA2gAMGUCMETfjPO/HwqReR2CS7p0ZWoD/LHs6hDi422opifH
+EUaYLxwGlT9SLdjkVpz0UUOR5wIxAIoGyxGKRHVTpqpGRFiJtQEOOTp/+s1GcxeY
+uR2zh/80lQyu9vAFCj6E4AXc+osmRg==
+-----END CERTIFICATE-----
+`;
+/**
+ * Default pinned-root set returned when a caller passes no `rootPems`
+ * override. Both Google attestation roots — pin order is irrelevant
+ * to chain validation but is documented for audit-readability.
+ */
+export const DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS = [
+    GOOGLE_ANDROID_KEYSTORE_ROOT_RSA_PEM,
+    GOOGLE_ANDROID_KEYSTORE_ROOT_ECDSA_PEM,
+];
+/**
+ * Sentinel value the consumer-facing verifier emits on a mint path
+ * where the Kotlin bridge returns a `not_supported` failure envelope.
+ * Exposed as a constant so call sites match on a named token rather
+ * than a raw string literal.
+ */
+export const ANDROID_KEYSTORE_PLATFORM = "android_keystore";
+/**
+ * The OID Google uses for the Android Key Attestation extension on
+ * the leaf certificate. Defined in the Android security docs:
+ * https://source.android.com/docs/security/features/keystore/attestation
+ */
+export const ANDROID_KEY_ATTESTATION_OID = "1.3.6.1.4.1.11129.2.1.17";
+//# sourceMappingURL=google-roots.js.map

package/dist/google-roots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"google-roots.js","sourceRoot":"","sources":["../src/google-roots.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AAEH;;;;;;;;;;GAUG;AACH,MAAM,CAAC,MAAM,oCAAoC,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA8BnD,CAAC;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAG;;;;;;;;;;;;;;CAcrD,CAAC;AAEF;;;;GAIG;AACH,MAAM,CAAC,MAAM,sCAAsC,GAAsB;IACvE,oCAAoC;IACpC,sCAAsC;CACvC,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,yBAAyB,GAAG,kBAA2B,CAAC;AAErE;;;;GAIG;AACH,MAAM,CAAC,MAAM,2BAA2B,GAAG,0BAA0B,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,97 @@
+/**
+ * @motebit/crypto-android-keystore — Android Hardware-Backed Keystore
+ * Attestation adapter for motebit hardware-attestation claims.
+ *
+ * The metabolic leaf `@motebit/crypto` delegates to when a
+ * `HardwareAttestationClaim` declares `platform: "android_keystore"`.
+ * Dep-thin `@motebit/crypto` stays permissive-floor-pure; this
+ * package, also on the permissive floor (Apache-2.0), metabolizes
+ * `@peculiar/x509` plus a hand-rolled DER walker for the AOSP Key
+ * Attestation extension to judge whether a Google-published
+ * Hardware Attestation root signed the leaf that the device's
+ * Trusted-Environment / StrongBox-backed key signed.
+ *
+ * Wiring from a consumer:
+ *
+ * ```ts
+ * import { verify } from "@motebit/crypto";
+ * import { androidKeystoreVerifier } from "@motebit/crypto-android-keystore";
+ *
+ * const result = await verify(credential, {
+ *   hardwareAttestation: {
+ *     android_keystore: androidKeystoreVerifier({
+ *       expectedAttestationApplicationId,
+ *     }),
+ *   },
+ * });
+ * ```
+ *
+ * This package exports no global state, no side-effect registrations;
+ * the injection is call-site only. Pinned Google attestation roots
+ * live in `./google-roots.ts` and are the self-attesting audit
+ * surface — a third party that fetches the same roots.json and
+ * computes its own SHA-256 should reach the byte-identical
+ * fingerprints documented inline.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+import type { AndroidKeystoreRevocationSnapshot, AndroidKeystoreVerifyResult } from "./verify.js";
+export { parseKeyDescription, SECURITY_LEVEL_SOFTWARE, SECURITY_LEVEL_TRUSTED_ENVIRONMENT, SECURITY_LEVEL_STRONG_BOX, VERIFIED_BOOT_STATE_VERIFIED, VERIFIED_BOOT_STATE_SELF_SIGNED, VERIFIED_BOOT_STATE_UNVERIFIED, VERIFIED_BOOT_STATE_FAILED, type RootOfTrust, type AuthorizationList, type KeyDescription, } from "./asn1.js";
+export { ANDROID_KEYSTORE_PLATFORM, ANDROID_KEY_ATTESTATION_OID, GOOGLE_ANDROID_KEYSTORE_ROOT_RSA_PEM, GOOGLE_ANDROID_KEYSTORE_ROOT_ECDSA_PEM, DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS, } from "./google-roots.js";
+export { verifyAndroidKeystoreAttestation, EMPTY_REVOCATION_SNAPSHOT } from "./verify.js";
+export type { AndroidKeystoreVerifyOptions, AndroidKeystoreVerifyResult, AndroidKeystoreVerifyError, AndroidKeystoreRevocationSnapshot, } from "./verify.js";
+/**
+ * Shape the optional verifier injected into `@motebit/crypto`'s
+ * `HardwareAttestationVerifiers.android_keystore` slot carries.
+ * Mirrors the sync-or-async return shape the dispatcher supports
+ * and extends the canonical shape with `attestation_detail` so
+ * callers can introspect chain / extension / binding independently.
+ */
+export interface AndroidKeystoreVerifierResult {
+    readonly valid: boolean;
+    readonly platform: "android_keystore";
+    readonly errors: ReadonlyArray<{
+        readonly message: string;
+    }>;
+    readonly attestation_detail?: AndroidKeystoreVerifyResult;
+}
+/**
+ * VC-subject fields the dispatcher lifts out of the credential and
+ * threads through to the verifier. All three participate in the JCS
+ * canonical body that derives the attestation challenge; without them
+ * the verifier reports the missing channel explicitly rather than
+ * silently passing.
+ */
+export interface AndroidKeystoreVerifierContext {
+    readonly expectedMotebitId?: string;
+    readonly expectedDeviceId?: string;
+    readonly expectedAttestedAt?: number;
+}
+export interface AndroidKeystoreVerifierConfig {
+    /**
+     * Bound to the registered Android package's
+     * `attestationApplicationId` byte representation (raw OCTET STRING
+     * captured at registration time). Required at wiring time so the
+     * package binding constraint fires on every claim.
+     */
+    readonly expectedAttestationApplicationId: Uint8Array;
+    /** Optional: override the pinned Google attestation roots. */
+    readonly rootPems?: readonly string[];
+    /** Optional: caller-supplied revocation snapshot. */
+    readonly revocationSnapshot?: AndroidKeystoreRevocationSnapshot;
+    /** Optional: allowlist of `verifiedBootState` ENUMERATED values. */
+    readonly verifiedBootStateAllowlist?: readonly number[];
+    /** Optional: minimum `attestationSecurityLevel` (default TRUSTED_ENVIRONMENT). */
+    readonly minSecurityLevel?: number;
+    /** Optional: minimum `attestationVersion` (default 3 / Keymaster 3). */
+    readonly minAttestationVersion?: number;
+    /** Optional: inject a fixed clock for deterministic chain validity. */
+    readonly now?: () => number;
+}
+/**
+ * Factory — build an `android_keystore` verifier bound to a registered
+ * package. The returned function matches the
+ * `HardwareAttestationVerifiers.android_keystore` three-arg signature
+ * the `@motebit/crypto` dispatcher calls.
+ */
+export declare function androidKeystoreVerifier(config: AndroidKeystoreVerifierConfig): (claim: HardwareAttestationClaim, expectedIdentityHex: string, context?: AndroidKeystoreVerifierContext) => Promise<AndroidKeystoreVerifierResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAGlE,OAAO,KAAK,EACV,iCAAiC,EAEjC,2BAA2B,EAC5B,MAAM,aAAa,CAAC;AAErB,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,kCAAkC,EAClC,yBAAyB,EACzB,4BAA4B,EAC5B,+BAA+B,EAC/B,8BAA8B,EAC9B,0BAA0B,EAC1B,KAAK,WAAW,EAChB,KAAK,iBAAiB,EACtB,KAAK,cAAc,GACpB,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,yBAAyB,EACzB,2BAA2B,EAC3B,oCAAoC,EACpC,sCAAsC,EACtC,sCAAsC,GACvC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gCAAgC,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAC1F,YAAY,EACV,4BAA4B,EAC5B,2BAA2B,EAC3B,0BAA0B,EAC1B,iCAAiC,GAClC,MAAM,aAAa,CAAC;AAErB;;;;;;GAMG;AACH,MAAM,WAAW,6BAA6B;IAC5C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,kBAAkB,CAAC;IACtC,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,kBAAkB,CAAC,EAAE,2BAA2B,CAAC;CAC3D;AAED;;;;;;GAMG;AACH,MAAM,WAAW,8BAA8B;IAC7C,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,6BAA6B;IAC5C;;;;;OAKG;IACH,QAAQ,CAAC,gCAAgC,EAAE,UAAU,CAAC;IACtD,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC,qDAAqD;IACrD,QAAQ,CAAC,kBAAkB,CAAC,EAAE,iCAAiC,CAAC;IAChE,oEAAoE;IACpE,QAAQ,CAAC,0BAA0B,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxD,kFAAkF;IAClF,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,wEAAwE;IACxE,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC,uEAAuE;IACvE,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CAC7B;AAED;;;;;GAKG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,6BAA6B,GACpC,CACD,KAAK,EAAE,wBAAwB,EAC/B,mBAAmB,EAAE,MAAM,EAC3B,OAAO,CAAC,EAAE,8BAA8B,KACrC,OAAO,CAAC,6BAA6B,CAAC,CAqC1C"}

package/dist/index.js

@@ -0,0 +1,84 @@
+/**
+ * @motebit/crypto-android-keystore — Android Hardware-Backed Keystore
+ * Attestation adapter for motebit hardware-attestation claims.
+ *
+ * The metabolic leaf `@motebit/crypto` delegates to when a
+ * `HardwareAttestationClaim` declares `platform: "android_keystore"`.
+ * Dep-thin `@motebit/crypto` stays permissive-floor-pure; this
+ * package, also on the permissive floor (Apache-2.0), metabolizes
+ * `@peculiar/x509` plus a hand-rolled DER walker for the AOSP Key
+ * Attestation extension to judge whether a Google-published
+ * Hardware Attestation root signed the leaf that the device's
+ * Trusted-Environment / StrongBox-backed key signed.
+ *
+ * Wiring from a consumer:
+ *
+ * ```ts
+ * import { verify } from "@motebit/crypto";
+ * import { androidKeystoreVerifier } from "@motebit/crypto-android-keystore";
+ *
+ * const result = await verify(credential, {
+ *   hardwareAttestation: {
+ *     android_keystore: androidKeystoreVerifier({
+ *       expectedAttestationApplicationId,
+ *     }),
+ *   },
+ * });
+ * ```
+ *
+ * This package exports no global state, no side-effect registrations;
+ * the injection is call-site only. Pinned Google attestation roots
+ * live in `./google-roots.ts` and are the self-attesting audit
+ * surface — a third party that fetches the same roots.json and
+ * computes its own SHA-256 should reach the byte-identical
+ * fingerprints documented inline.
+ */
+import { verifyAndroidKeystoreAttestation } from "./verify.js";
+export { parseKeyDescription, SECURITY_LEVEL_SOFTWARE, SECURITY_LEVEL_TRUSTED_ENVIRONMENT, SECURITY_LEVEL_STRONG_BOX, VERIFIED_BOOT_STATE_VERIFIED, VERIFIED_BOOT_STATE_SELF_SIGNED, VERIFIED_BOOT_STATE_UNVERIFIED, VERIFIED_BOOT_STATE_FAILED, } from "./asn1.js";
+export { ANDROID_KEYSTORE_PLATFORM, ANDROID_KEY_ATTESTATION_OID, GOOGLE_ANDROID_KEYSTORE_ROOT_RSA_PEM, GOOGLE_ANDROID_KEYSTORE_ROOT_ECDSA_PEM, DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS, } from "./google-roots.js";
+export { verifyAndroidKeystoreAttestation, EMPTY_REVOCATION_SNAPSHOT } from "./verify.js";
+/**
+ * Factory — build an `android_keystore` verifier bound to a registered
+ * package. The returned function matches the
+ * `HardwareAttestationVerifiers.android_keystore` three-arg signature
+ * the `@motebit/crypto` dispatcher calls.
+ */
+export function androidKeystoreVerifier(config) {
+    return async (claim, expectedIdentityHex, context) => {
+        const opts = {
+            expectedAttestationApplicationId: config.expectedAttestationApplicationId,
+            expectedIdentityPublicKeyHex: expectedIdentityHex,
+            ...(config.rootPems !== undefined ? { rootPems: config.rootPems } : {}),
+            ...(config.revocationSnapshot !== undefined
+                ? { revocationSnapshot: config.revocationSnapshot }
+                : {}),
+            ...(config.verifiedBootStateAllowlist !== undefined
+                ? { verifiedBootStateAllowlist: config.verifiedBootStateAllowlist }
+                : {}),
+            ...(config.minSecurityLevel !== undefined
+                ? { minSecurityLevel: config.minSecurityLevel }
+                : {}),
+            ...(config.minAttestationVersion !== undefined
+                ? { minAttestationVersion: config.minAttestationVersion }
+                : {}),
+            ...(config.now !== undefined ? { now: config.now } : {}),
+            ...(context?.expectedMotebitId !== undefined
+                ? { expectedMotebitId: context.expectedMotebitId }
+                : {}),
+            ...(context?.expectedDeviceId !== undefined
+                ? { expectedDeviceId: context.expectedDeviceId }
+                : {}),
+            ...(context?.expectedAttestedAt !== undefined
+                ? { expectedAttestedAt: context.expectedAttestedAt }
+                : {}),
+        };
+        const detail = await verifyAndroidKeystoreAttestation(claim, opts);
+        return {
+            valid: detail.valid,
+            platform: "android_keystore",
+            errors: detail.errors,
+            attestation_detail: detail,
+        };
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkCG;AAIH,OAAO,EAAE,gCAAgC,EAAE,MAAM,aAAa,CAAC;AAO/D,OAAO,EACL,mBAAmB,EACnB,uBAAuB,EACvB,kCAAkC,EAClC,yBAAyB,EACzB,4BAA4B,EAC5B,+BAA+B,EAC/B,8BAA8B,EAC9B,0BAA0B,GAI3B,MAAM,WAAW,CAAC;AACnB,OAAO,EACL,yBAAyB,EACzB,2BAA2B,EAC3B,oCAAoC,EACpC,sCAAsC,EACtC,sCAAsC,GACvC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,gCAAgC,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAyD1F;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAqC;IAMrC,OAAO,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,EAAE;QACnD,MAAM,IAAI,GAAiC;YACzC,gCAAgC,EAAE,MAAM,CAAC,gCAAgC;YACzE,4BAA4B,EAAE,mBAAmB;YACjD,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,kBAAkB,KAAK,SAAS;gBACzC,CAAC,CAAC,EAAE,kBAAkB,EAAE,MAAM,CAAC,kBAAkB,EAAE;gBACnD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,0BAA0B,KAAK,SAAS;gBACjD,CAAC,CAAC,EAAE,0BAA0B,EAAE,MAAM,CAAC,0BAA0B,EAAE;gBACnE,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,gBAAgB,KAAK,SAAS;gBACvC,CAAC,CAAC,EAAE,gBAAgB,EAAE,MAAM,CAAC,gBAAgB,EAAE;gBAC/C,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,qBAAqB,KAAK,SAAS;gBAC5C,CAAC,CAAC,EAAE,qBAAqB,EAAE,MAAM,CAAC,qBAAqB,EAAE;gBACzD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CAAC,OAAO,EAAE,iBAAiB,KAAK,SAAS;gBAC1C,CAAC,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE;gBAClD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,OAAO,EAAE,gBAAgB,KAAK,SAAS;gBACzC,CAAC,CAAC,EAAE,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,EAAE;gBAChD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,SAAS;gBAC3C,CAAC,CAAC,EAAE,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,EAAE;gBACpD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,gCAAgC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QACnE,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,kBAAkB;YAC5B,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,kBAAkB,EAAE,MAAM;SAC3B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/verify.d.ts

@@ -0,0 +1,179 @@
+/**
+ * Android Hardware-Backed Keystore Attestation verifier — the core
+ * judgment function this package exports.
+ *
+ * Flow (matches Google's published verification recipe at
+ * https://source.android.com/docs/security/features/keystore/attestation,
+ * plus the motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into the leaf cert plus the rest of the chain
+ *      (`{leafCertB64}.{intermediatesJoinedB64}` — comma-joined leaf-
+ *      proximal-first base64url DER blobs in the second segment).
+ *   2. Parse the chain as X.509 certificates. Walk the chain leaf →
+ *      intermediates → terminal anchor with `@peculiar/x509`'s
+ *      `X509ChainBuilder`. Every non-leaf must carry
+ *      `basicConstraints.cA === true`. Every signature must verify
+ *      under its issuer's public key. Every cert must be within its
+ *      validity window. The terminal cert's DER must equal one of the
+ *      pinned Google attestation roots.
+ *   3. Read the Android Key Attestation extension (OID
+ *      `1.3.6.1.4.1.11129.2.1.17`) from the LEAF cert only. The AOSP
+ *      spec is explicit that later occurrences of this extension up
+ *      the chain MUST be ignored — only the leaf's copy carries
+ *      trustworthy data, because only the leaf is signed by the
+ *      device's secure-hardware key.
+ *   4. Constrain the parsed `KeyDescription`:
+ *        - `attestationSecurityLevel ≥ TRUSTED_ENVIRONMENT` (rejects
+ *           software-only fallback, which is structurally not
+ *           third-party meaningful)
+ *        - `attestationVersion ≥ 3` (rejects pre-Android-7 / Keymaster
+ *           v2; current production is 4 / Keymaster 4 through 400 /
+ *           KeyMint 4.0)
+ *        - `hardwareEnforced.rootOfTrust.verifiedBootState` is in the
+ *           caller's allowlist (default: VERIFIED only)
+ *        - `hardwareEnforced.attestationApplicationId` byte-equals
+ *           the caller's expected package binding
+ *        - leaf's serial number is not in the caller-supplied
+ *           revocation snapshot
+ *   5. Cryptographically bind the leaf's `attestationChallenge` field
+ *      to the motebit Ed25519 identity: re-derive
+ *      `SHA-256(canonicalJson({ attested_at, device_id,
+ *       identity_public_key, motebit_id, platform: "android_keystore",
+ *       version: "1" }))` and byte-compare against the transmitted
+ *      challenge. A malicious client that substitutes any other body
+ *      fails here.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()` and
+ * the caller-supplied revocation snapshot.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+/**
+ * Caller-supplied revocation snapshot keyed by lowercase-hex serial
+ * number — mirrors Google's published shape at
+ * https://android.googleapis.com/attestation/status. The motebit
+ * verifier never fetches this at runtime; the canonical CLI in
+ * `@motebit/verify` ships an embedded snapshot at release time and
+ * accepts an override path. Empty snapshot is the no-revocation-data
+ * default and means every leaf passes the revocation check.
+ */
+export interface AndroidKeystoreRevocationSnapshot {
+    readonly entries: Readonly<Record<string, {
+        readonly status: "REVOKED" | "SUSPENDED";
+        readonly reason?: string;
+    }>>;
+}
+/** Empty revocation snapshot — every leaf passes the revocation check. */
+export declare const EMPTY_REVOCATION_SNAPSHOT: AndroidKeystoreRevocationSnapshot;
+export interface AndroidKeystoreVerifyOptions {
+    /**
+     * Android package name + signing-cert SHA-256 hash binding the
+     * leaf's `attestationApplicationId` MUST match. The expected value
+     * is the byte-identical encoding the Kotlin mint path produces —
+     * either a raw OCTET STRING capture or a wrapped representation,
+     * depending on the surface. Implementations typically supply the
+     * raw bytes captured at registration time.
+     */
+    readonly expectedAttestationApplicationId: Uint8Array;
+    /**
+     * Ed25519 identity key (lowercase hex) the motebit VC claims. The
+     * leaf's `attestationChallenge` MUST bind this key (via the
+     * canonical-body re-derivation).
+     */
+    readonly expectedIdentityPublicKeyHex: string;
+    /**
+     * motebit_id from the credential subject. Participates in the JCS
+     * canonical body re-derived here and byte-compared against the
+     * transmitted challenge.
+     */
+    readonly expectedMotebitId?: string;
+    /** device_id from the credential subject. Same binding role. */
+    readonly expectedDeviceId?: string;
+    /** `attested_at` (unix ms) from the credential subject. Same binding role. */
+    readonly expectedAttestedAt?: number;
+    /**
+     * Override the pinned trust anchors. Tests fabricate their own root
+     * so chain verification exercises the same code path without needing
+     * a real device-signed leaf. Defaults to
+     * `DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS` (RSA + ECDSA P-384).
+     */
+    readonly rootPems?: readonly string[];
+    /**
+     * Allowlist of `verifiedBootState` ENUMERATED values the verifier
+     * accepts. Default = `[VERIFIED]` (Google-signed bootloader). Set
+     * to `[VERIFIED, SELF_SIGNED]` to allow GrapheneOS-style
+     * user-installed roots-of-trust per their published attestation
+     * compatibility model. Empty array = accept any state (NOT
+     * recommended — leaks the boot-image guarantee).
+     */
+    readonly verifiedBootStateAllowlist?: readonly number[];
+    /**
+     * Minimum `attestationSecurityLevel` the verifier accepts. Default =
+     * `TRUSTED_ENVIRONMENT` (1). Software-only attestations (level 0)
+     * are structurally not third-party meaningful and are rejected.
+     * StrongBox (2) is a higher score in the semiring, not an admission
+     * gate — pass `TRUSTED_ENVIRONMENT` here and let the score-side
+     * code differentiate.
+     */
+    readonly minSecurityLevel?: number;
+    /**
+     * Minimum `attestationVersion` the verifier accepts. Default = 3
+     * (Keymaster 3 / Android 7 — earliest version with the modern chain
+     * shape). Anything below this is rejected.
+     */
+    readonly minAttestationVersion?: number;
+    /**
+     * Caller-supplied revocation snapshot. Defaults to empty (no
+     * revocation enforcement). Production callers should supply
+     * Google's status-list shape; `@motebit/verify` ships an embedded
+     * snapshot at release time.
+     */
+    readonly revocationSnapshot?: AndroidKeystoreRevocationSnapshot;
+    /** Clock for chain-validity checks. Defaults to `Date.now`. */
+    readonly now?: () => number;
+}
+export interface AndroidKeystoreVerifyError {
+    readonly message: string;
+}
+export interface AndroidKeystoreVerifyResult {
+    readonly valid: boolean;
+    readonly cert_chain_valid: boolean;
+    /**
+     * True when the leaf carried a parseable Key Attestation extension
+     * AND every constraint check (security level, attestation version,
+     * verified-boot state, application-ID match, revocation lookup)
+     * passed.
+     */
+    readonly attestation_extension_valid: boolean;
+    /**
+     * True when `attestationChallenge` byte-equals
+     * `SHA256(canonical body)` for the caller-supplied identity.
+     */
+    readonly identity_bound: boolean;
+    /**
+     * The `attestationSecurityLevel` parsed off the leaf (or null if
+     * the extension wasn't parseable). Exposed so callers can surface
+     * `TRUSTED_ENVIRONMENT` vs `STRONG_BOX` in an audit UI alongside
+     * the pass/fail verdict — and so a routing semiring can score
+     * StrongBox higher than plain TEE.
+     */
+    readonly attestation_security_level: number | null;
+    /**
+     * The `verifiedBootState` parsed off the leaf's `rootOfTrust` (or
+     * null if absent / extension unparseable). Same audit-surface
+     * rationale as `attestation_security_level`.
+     */
+    readonly verified_boot_state: number | null;
+    readonly errors: readonly AndroidKeystoreVerifyError[];
+}
+/**
+ * Android Hardware-Backed Keystore Attestation verifier.
+ *
+ * `claim.attestation_receipt` is the cert chain encoded as
+ * `{leafCertB64}.{intermediatesJoinedB64}` — leaf-first DER chain
+ * matching the wire format the Kotlin `expo-android-keystore` mint
+ * path emits. The intermediates segment is a comma-joined list of
+ * base64url-encoded DERs in leaf-proximal-first order; an empty
+ * second segment means the leaf chains directly to a pinned root.
+ */
+export declare function verifyAndroidKeystoreAttestation(claim: HardwareAttestationClaim, opts: AndroidKeystoreVerifyOptions): Promise<AndroidKeystoreVerifyResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AAIH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAalE;;;;;;;;GAQG;AACH,MAAM,WAAW,iCAAiC;IAChD,QAAQ,CAAC,OAAO,EAAE,QAAQ,CACxB,MAAM,CACJ,MAAM,EACN;QACE,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,WAAW,CAAC;QACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;KAC1B,CACF,CACF,CAAC;CACH;AAED,0EAA0E;AAC1E,eAAO,MAAM,yBAAyB,EAAE,iCAAmD,CAAC;AAE5F,MAAM,WAAW,4BAA4B;IAC3C;;;;;;;OAOG;IACH,QAAQ,CAAC,gCAAgC,EAAE,UAAU,CAAC;IACtD;;;;OAIG;IACH,QAAQ,CAAC,4BAA4B,EAAE,MAAM,CAAC;IAC9C;;;;OAIG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,gEAAgE;IAChE,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,8EAA8E;IAC9E,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACtC;;;;;;;OAOG;IACH,QAAQ,CAAC,0BAA0B,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IACxD;;;;;;;OAOG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IACxC;;;;;OAKG;IACH,QAAQ,CAAC,kBAAkB,CAAC,EAAE,iCAAiC,CAAC;IAChE,+DAA+D;IAC/D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CAC7B;AAED,MAAM,WAAW,0BAA0B;IACzC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC;;;;;OAKG;IACH,QAAQ,CAAC,2BAA2B,EAAE,OAAO,CAAC;IAC9C;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC;;;;;;OAMG;IACH,QAAQ,CAAC,0BAA0B,EAAE,MAAM,GAAG,IAAI,CAAC;IACnD;;;;OAIG;IACH,QAAQ,CAAC,mBAAmB,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5C,QAAQ,CAAC,MAAM,EAAE,SAAS,0BAA0B,EAAE,CAAC;CACxD;AAED;;;;;;;;;GASG;AACH,wBAAsB,gCAAgC,CACpD,KAAK,EAAE,wBAAwB,EAC/B,IAAI,EAAE,4BAA4B,GACjC,OAAO,CAAC,2BAA2B,CAAC,CAiHtC"}