@motebit/crypto-android-keystore 1.1.0

package/dist/verify.js

@@ -0,0 +1,423 @@
+/**
+ * Android Hardware-Backed Keystore Attestation verifier — the core
+ * judgment function this package exports.
+ *
+ * Flow (matches Google's published verification recipe at
+ * https://source.android.com/docs/security/features/keystore/attestation,
+ * plus the motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into the leaf cert plus the rest of the chain
+ *      (`{leafCertB64}.{intermediatesJoinedB64}` — comma-joined leaf-
+ *      proximal-first base64url DER blobs in the second segment).
+ *   2. Parse the chain as X.509 certificates. Walk the chain leaf →
+ *      intermediates → terminal anchor with `@peculiar/x509`'s
+ *      `X509ChainBuilder`. Every non-leaf must carry
+ *      `basicConstraints.cA === true`. Every signature must verify
+ *      under its issuer's public key. Every cert must be within its
+ *      validity window. The terminal cert's DER must equal one of the
+ *      pinned Google attestation roots.
+ *   3. Read the Android Key Attestation extension (OID
+ *      `1.3.6.1.4.1.11129.2.1.17`) from the LEAF cert only. The AOSP
+ *      spec is explicit that later occurrences of this extension up
+ *      the chain MUST be ignored — only the leaf's copy carries
+ *      trustworthy data, because only the leaf is signed by the
+ *      device's secure-hardware key.
+ *   4. Constrain the parsed `KeyDescription`:
+ *        - `attestationSecurityLevel ≥ TRUSTED_ENVIRONMENT` (rejects
+ *           software-only fallback, which is structurally not
+ *           third-party meaningful)
+ *        - `attestationVersion ≥ 3` (rejects pre-Android-7 / Keymaster
+ *           v2; current production is 4 / Keymaster 4 through 400 /
+ *           KeyMint 4.0)
+ *        - `hardwareEnforced.rootOfTrust.verifiedBootState` is in the
+ *           caller's allowlist (default: VERIFIED only)
+ *        - `hardwareEnforced.attestationApplicationId` byte-equals
+ *           the caller's expected package binding
+ *        - leaf's serial number is not in the caller-supplied
+ *           revocation snapshot
+ *   5. Cryptographically bind the leaf's `attestationChallenge` field
+ *      to the motebit Ed25519 identity: re-derive
+ *      `SHA-256(canonicalJson({ attested_at, device_id,
+ *       identity_public_key, motebit_id, platform: "android_keystore",
+ *       version: "1" }))` and byte-compare against the transmitted
+ *      challenge. A malicious client that substitutes any other body
+ *      fails here.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()` and
+ * the caller-supplied revocation snapshot.
+ */
+import * as x509 from "@peculiar/x509";
+import { ANDROID_KEY_ATTESTATION_OID, DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS, } from "./google-roots.js";
+import { parseKeyDescription, SECURITY_LEVEL_TRUSTED_ENVIRONMENT, VERIFIED_BOOT_STATE_VERIFIED, } from "./asn1.js";
+/** Empty revocation snapshot — every leaf passes the revocation check. */
+export const EMPTY_REVOCATION_SNAPSHOT = { entries: {} };
+/**
+ * Android Hardware-Backed Keystore Attestation verifier.
+ *
+ * `claim.attestation_receipt` is the cert chain encoded as
+ * `{leafCertB64}.{intermediatesJoinedB64}` — leaf-first DER chain
+ * matching the wire format the Kotlin `expo-android-keystore` mint
+ * path emits. The intermediates segment is a comma-joined list of
+ * base64url-encoded DERs in leaf-proximal-first order; an empty
+ * second segment means the leaf chains directly to a pinned root.
+ */
+export async function verifyAndroidKeystoreAttestation(claim, opts) {
+    const errors = [];
+    let cert_chain_valid = false;
+    let attestation_extension_valid = false;
+    let identity_bound = false;
+    let attestation_security_level = null;
+    let verified_boot_state = null;
+    if (!claim.attestation_receipt) {
+        errors.push({ message: "android_keystore claim missing `attestation_receipt`" });
+        return finalize();
+    }
+    const parts = claim.attestation_receipt.split(".");
+    if (parts.length !== 2) {
+        errors.push({
+            message: `attestation_receipt must be 2 base64url parts (leafCert.intermediates); got ${parts.length}`,
+        });
+        return finalize();
+    }
+    const [leafB64, intermediatesB64] = parts;
+    let leafBytes;
+    let intermediatesBytes;
+    try {
+        leafBytes = fromBase64Url(leafB64);
+        intermediatesBytes =
+            intermediatesB64.length === 0 ? [] : intermediatesB64.split(",").map((p) => fromBase64Url(p));
+    }
+    catch (err) {
+        errors.push({ message: `base64url decode failed: ${messageOf(err)}` });
+        return finalize();
+    }
+    let leaf;
+    let intermediates;
+    let rootCerts;
+    try {
+        leaf = new x509.X509Certificate(toArrayBuffer(leafBytes));
+        intermediates = intermediatesBytes.map((b) => new x509.X509Certificate(toArrayBuffer(b)));
+        const pems = opts.rootPems ?? DEFAULT_ANDROID_KEYSTORE_TRUST_ANCHORS;
+        rootCerts = pems.map((pem) => new x509.X509Certificate(pem));
+    }
+    catch (err) {
+        errors.push({ message: `x509 parse: ${messageOf(err)}` });
+        return finalize();
+    }
+    const nowDate = new Date(opts.now ? opts.now() : Date.now());
+    // ── Chain verification ────────────────────────────────────────────
+    try {
+        const chainResult = await verifyChain({ leaf, intermediates, pinnedRoots: rootCerts, nowDate });
+        cert_chain_valid = chainResult.valid;
+        if (!cert_chain_valid) {
+            errors.push({ message: chainResult.reason });
+        }
+    }
+    catch (err) {
+        errors.push({ message: `chain verify crashed: ${messageOf(err)}` });
+        return finalize();
+    }
+    // ── Revocation lookup (leaf serial) ──────────────────────────────
+    // The leaf serial is the device-attestation key's serial; Google
+    // adds it to https://android.googleapis.com/attestation/status when
+    // a leaked keybox is detected. Caller-supplied snapshot.
+    const snapshot = opts.revocationSnapshot ?? EMPTY_REVOCATION_SNAPSHOT;
+    const leafSerialLower = leaf.serialNumber.toLowerCase();
+    const revocation = snapshot.entries[leafSerialLower];
+    if (revocation) {
+        errors.push({
+            message: `leaf cert revoked (serial=${leafSerialLower}, status=${revocation.status}${revocation.reason ? `, reason=${revocation.reason}` : ""})`,
+        });
+    }
+    const revocationOk = !revocation;
+    // ── Key Attestation extension ─────────────────────────────────────
+    let keyDescription = null;
+    const extension = leaf.getExtension(ANDROID_KEY_ATTESTATION_OID);
+    if (!extension) {
+        errors.push({
+            message: `leaf cert missing Android Key Attestation extension (OID ${ANDROID_KEY_ATTESTATION_OID}) — not a hardware-attested leaf`,
+        });
+    }
+    else {
+        try {
+            keyDescription = parseKeyDescription(new Uint8Array(extension.value));
+            attestation_security_level = keyDescription.attestationSecurityLevel;
+            verified_boot_state = keyDescription.hardwareEnforced.rootOfTrust?.verifiedBootState ?? null;
+            const constraintsOk = applyExtensionConstraints(keyDescription, opts, errors);
+            attestation_extension_valid = constraintsOk && revocationOk;
+        }
+        catch (err) {
+            errors.push({ message: `Key Attestation extension parse: ${messageOf(err)}` });
+        }
+    }
+    // ── Identity binding ──────────────────────────────────────────────
+    if (keyDescription) {
+        identity_bound = await applyIdentityBinding(keyDescription.attestationChallenge, opts, errors);
+    }
+    return finalize();
+    function finalize() {
+        return {
+            valid: cert_chain_valid && attestation_extension_valid && identity_bound,
+            cert_chain_valid,
+            attestation_extension_valid,
+            identity_bound,
+            attestation_security_level,
+            verified_boot_state,
+            errors,
+        };
+    }
+}
+/**
+ * Apply the policy constraints to the parsed `KeyDescription`. Returns
+ * `true` only if every constraint passed; returns `false` and pushes
+ * a structured error otherwise. Multiple failures accumulate so the
+ * caller sees the full picture.
+ */
+function applyExtensionConstraints(kd, opts, errors) {
+    let ok = true;
+    // attestationVersion floor
+    const minAttestationVersion = opts.minAttestationVersion ?? 3;
+    if (kd.attestationVersion < minAttestationVersion) {
+        errors.push({
+            message: `attestationVersion ${kd.attestationVersion} below minimum ${minAttestationVersion} (Keymaster 3 / Android 7+)`,
+        });
+        ok = false;
+    }
+    // attestationSecurityLevel floor — software-only fallback rejected
+    const minSecurityLevel = opts.minSecurityLevel ?? SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
+    if (kd.attestationSecurityLevel < minSecurityLevel) {
+        errors.push({
+            message: `attestationSecurityLevel ${kd.attestationSecurityLevel} below minimum ${minSecurityLevel} (TRUSTED_ENVIRONMENT or higher required for canonical hardware attestation)`,
+        });
+        ok = false;
+    }
+    // hardwareEnforced.rootOfTrust must be present with allowlisted
+    // verifiedBootState. The default allowlist is [VERIFIED] —
+    // user-unlocked devices are rejected at the canonical floor;
+    // GrapheneOS-style SELF_SIGNED can be opted in by the operator.
+    const allowlist = opts.verifiedBootStateAllowlist ?? [VERIFIED_BOOT_STATE_VERIFIED];
+    const rot = kd.hardwareEnforced.rootOfTrust;
+    if (!rot) {
+        errors.push({
+            message: "hardwareEnforced.rootOfTrust missing — cannot certify boot-image state",
+        });
+        ok = false;
+    }
+    else if (allowlist.length > 0 && !allowlist.includes(rot.verifiedBootState)) {
+        errors.push({
+            message: `verifiedBootState ${rot.verifiedBootState} not in allowlist [${allowlist.join(", ")}]`,
+        });
+        ok = false;
+    }
+    // attestationApplicationId binding — exact byte match. Per AOSP
+    // convention since Keymaster 4 (2018), the field lives in
+    // `softwareEnforced` because the framework computes the package
+    // signing-cert hash, not the TEE. Older Keymaster 3 chains placed
+    // it in `hardwareEnforced`. Accept either; software-enforcement is
+    // sufficient because the framework binding is not the attack surface
+    // motebit gates on (chain + boot state + identity binding are).
+    const expectedAppId = opts.expectedAttestationApplicationId;
+    const actualAppId = kd.hardwareEnforced.attestationApplicationId ?? kd.softwareEnforced.attestationApplicationId;
+    if (!actualAppId) {
+        errors.push({
+            message: "attestationApplicationId missing from both hardwareEnforced and softwareEnforced — cannot bind to package identity",
+        });
+        ok = false;
+    }
+    else if (!bytesEq(actualAppId, expectedAppId)) {
+        errors.push({
+            message: `attestationApplicationId does not match expected package binding (${actualAppId.length}B leaf vs ${expectedAppId.length}B expected)`,
+        });
+        ok = false;
+    }
+    return ok;
+}
+/**
+ * Apply the cross-stack identity binding: SHA-256 the JCS canonical
+ * body naming the caller's identity, byte-compare against the leaf's
+ * `attestationChallenge`. Returns true on success; pushes structured
+ * errors on each missing or mismatched field.
+ */
+async function applyIdentityBinding(challenge, opts, errors) {
+    if (typeof opts.expectedIdentityPublicKeyHex !== "string" ||
+        opts.expectedIdentityPublicKeyHex.length === 0) {
+        errors.push({ message: "identity_bound: expectedIdentityPublicKeyHex not supplied" });
+        return false;
+    }
+    if (typeof opts.expectedMotebitId !== "string" || opts.expectedMotebitId.length === 0) {
+        errors.push({
+            message: "identity_bound: expectedMotebitId not supplied (required for body re-derivation)",
+        });
+        return false;
+    }
+    if (typeof opts.expectedDeviceId !== "string" || opts.expectedDeviceId.length === 0) {
+        errors.push({
+            message: "identity_bound: expectedDeviceId not supplied (required for body re-derivation)",
+        });
+        return false;
+    }
+    if (typeof opts.expectedAttestedAt !== "number" || !Number.isFinite(opts.expectedAttestedAt)) {
+        errors.push({
+            message: "identity_bound: expectedAttestedAt not supplied (required for body re-derivation)",
+        });
+        return false;
+    }
+    const canonicalBody = buildCanonicalAttestationBody({
+        attested_at: opts.expectedAttestedAt,
+        device_id: opts.expectedDeviceId,
+        identity_public_key: opts.expectedIdentityPublicKeyHex.toLowerCase(),
+        motebit_id: opts.expectedMotebitId,
+    });
+    const derived = await sha256Bytes(new TextEncoder().encode(canonicalBody));
+    if (bytesEq(derived, challenge))
+        return true;
+    errors.push({
+        message: "identity_bound: reconstructed SHA256(canonical body) does not equal leaf attestationChallenge — body naming the caller's identity was not the body the device attested over",
+    });
+    return false;
+}
+// ── Helpers ──────────────────────────────────────────────────────────
+/** OID for X.509 basic-constraints extension. */
+const BASIC_CONSTRAINTS_OID = "2.5.29.19";
+/**
+ * Walk the cert chain from leaf → intermediates → pinned anchor.
+ * Mirrors the App Attest / TPM chain verifier invariants:
+ *   1. `X509ChainBuilder.build(leaf)` returns a chain terminating at
+ *      a self-signed cert reachable from the supplied + pinned pool.
+ *   2. The terminal cert's DER byte-equals one of the pinned roots.
+ *   3. Every non-leaf cert carries `basicConstraints.cA === true`.
+ *   4. Every signature verifies under its issuer's public key.
+ *   5. Every cert is within its validity window at `nowDate`.
+ */
+async function verifyChain(input) {
+    const { leaf, intermediates, pinnedRoots, nowDate } = input;
+    if (pinnedRoots.length === 0) {
+        return { valid: false, reason: "no pinned trust anchors configured" };
+    }
+    const builder = new x509.X509ChainBuilder({
+        certificates: [leaf, ...intermediates, ...pinnedRoots],
+    });
+    const chain = await builder.build(leaf);
+    const terminal = chain[chain.length - 1];
+    const terminalSelfSigned = await terminal.isSelfSigned();
+    if (!terminalSelfSigned) {
+        return { valid: false, reason: "chain does not terminate at a self-signed root" };
+    }
+    const terminalDer = new Uint8Array(terminal.rawData);
+    const matchesPinned = pinnedRoots.some((root) => bytesEq(terminalDer, new Uint8Array(root.rawData)));
+    if (!matchesPinned) {
+        return {
+            valid: false,
+            reason: "chain terminal cert DER does not match any pinned Google Hardware Attestation root (RSA / ECDSA P-384)",
+        };
+    }
+    for (let i = 0; i < chain.length; i++) {
+        const cert = chain[i];
+        if (nowDate < cert.notBefore || nowDate > cert.notAfter) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} is outside its validity window at ${nowDate.toISOString()}`,
+            };
+        }
+        const isLeaf = i === 0;
+        if (!isLeaf && !certHasCaTrue(cert)) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} lacks basicConstraints.cA=true (CA constraint not enforced)`,
+            };
+        }
+        const issuer = i === chain.length - 1 ? cert : chain[i + 1];
+        const sigOk = await cert.verify({ publicKey: issuer.publicKey, date: nowDate });
+        if (!sigOk) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} signature did not verify under its issuer's public key`,
+            };
+        }
+    }
+    return { valid: true, reason: "ok" };
+}
+function certHasCaTrue(cert) {
+    const ext = cert.getExtension(BASIC_CONSTRAINTS_OID);
+    if (!ext)
+        return false;
+    return ext.ca === true;
+}
+/**
+ * Reconstruct the byte-identical canonical body the Kotlin
+ * `expo-android-keystore` mint path composes at attestation time.
+ *
+ * Ordering: alphabetical (JCS):
+ *   attested_at, device_id, identity_public_key, motebit_id, platform,
+ *   version.
+ *
+ * `platform` is always `"android_keystore"` and `version` is always
+ * `"1"` — both constants, matching the App Attest / TPM canonical-body
+ * shape exactly.
+ */
+function buildCanonicalAttestationBody(input) {
+    return (`{"attested_at":${input.attested_at}` +
+        `,"device_id":${jsonEscapeString(input.device_id)}` +
+        `,"identity_public_key":${jsonEscapeString(input.identity_public_key)}` +
+        `,"motebit_id":${jsonEscapeString(input.motebit_id)}` +
+        `,"platform":"android_keystore"` +
+        `,"version":"1"}`);
+}
+function jsonEscapeString(s) {
+    let out = '"';
+    for (const ch of s) {
+        const code = ch.codePointAt(0);
+        if (ch === '"')
+            out += '\\"';
+        else if (ch === "\\")
+            out += "\\\\";
+        else if (ch === "\n")
+            out += "\\n";
+        else if (ch === "\r")
+            out += "\\r";
+        else if (ch === "\t")
+            out += "\\t";
+        else if (code < 0x20)
+            out += `\\u${code.toString(16).padStart(4, "0")}`;
+        else
+            out += ch;
+    }
+    out += '"';
+    return out;
+}
+async function sha256Bytes(data) {
+    const buf = await globalThis.crypto.subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+}
+function bytesEq(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++)
+        if (a[i] !== b[i])
+            return false;
+    return true;
+}
+function toArrayBuffer(bytes) {
+    const copy = new Uint8Array(bytes.length);
+    copy.set(bytes);
+    return copy.buffer;
+}
+function fromBase64Url(str) {
+    let b64 = str.replace(/-/g, "+").replace(/_/g, "/");
+    const pad = b64.length % 4;
+    if (pad === 2)
+        b64 += "==";
+    else if (pad === 3)
+        b64 += "=";
+    else if (pad === 1)
+        throw new Error("invalid base64url length");
+    const binary = atob(b64);
+    const out = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        out[i] = binary.charCodeAt(i);
+    return out;
+}
+function messageOf(err) {
+    return err instanceof Error ? err.message : String(err);
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+CG;AAEH,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AAIvC,OAAO,EACL,2BAA2B,EAC3B,sCAAsC,GACvC,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EACL,mBAAmB,EACnB,kCAAkC,EAClC,4BAA4B,GAE7B,MAAM,WAAW,CAAC;AAuBnB,0EAA0E;AAC1E,MAAM,CAAC,MAAM,yBAAyB,GAAsC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC;AA0G5F;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CACpD,KAA+B,EAC/B,IAAkC;IAElC,MAAM,MAAM,GAAiC,EAAE,CAAC;IAChD,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,2BAA2B,GAAG,KAAK,CAAC;IACxC,IAAI,cAAc,GAAG,KAAK,CAAC;IAC3B,IAAI,0BAA0B,GAAkB,IAAI,CAAC;IACrD,IAAI,mBAAmB,GAAkB,IAAI,CAAC;IAE9C,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC,CAAC;QACjF,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,+EAA+E,KAAK,CAAC,MAAM,EAAE;SACvG,CAAC,CAAC;QACH,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IACD,MAAM,CAAC,OAAO,EAAE,gBAAgB,CAAC,GAAG,KAAyB,CAAC;IAE9D,IAAI,SAAqB,CAAC;IAC1B,IAAI,kBAAgC,CAAC;IACrC,IAAI,CAAC;QACH,SAAS,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;QACnC,kBAAkB;YAChB,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAClG,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4BAA4B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,IAAI,IAA0B,CAAC;IAC/B,IAAI,aAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,IAAI,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;QAC1D,aAAa,GAAG,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,sCAAsC,CAAC;QACrE,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAE7D,qEAAqE;IACrE,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,WAAW,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAChG,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yBAAyB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACpE,OAAO,QAAQ,EAAE,CAAC;IACpB,CAAC;IAED,oEAAoE;IACpE,iEAAiE;IACjE,oEAAoE;IACpE,yDAAyD;IACzD,MAAM,QAAQ,GAAG,IAAI,CAAC,kBAAkB,IAAI,yBAAyB,CAAC;IACtE,MAAM,eAAe,GAAG,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,CAAC;IACxD,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IACrD,IAAI,UAAU,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,6BAA6B,eAAe,YAAY,UAAU,CAAC,MAAM,GAChF,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,YAAY,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EACxD,GAAG;SACJ,CAAC,CAAC;IACL,CAAC;IACD,MAAM,YAAY,GAAG,CAAC,UAAU,CAAC;IAEjC,qEAAqE;IACrE,IAAI,cAAc,GAA0B,IAAI,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,2BAA2B,CAAC,CAAC;IACjE,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,4DAA4D,2BAA2B,kCAAkC;SACnI,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,IAAI,CAAC;YACH,cAAc,GAAG,mBAAmB,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;YACtE,0BAA0B,GAAG,cAAc,CAAC,wBAAwB,CAAC;YACrE,mBAAmB,GAAG,cAAc,CAAC,gBAAgB,CAAC,WAAW,EAAE,iBAAiB,IAAI,IAAI,CAAC;YAC7F,MAAM,aAAa,GAAG,yBAAyB,CAAC,cAAc,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;YAC9E,2BAA2B,GAAG,aAAa,IAAI,YAAY,CAAC;QAC9D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,oCAAoC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACjF,CAAC;IACH,CAAC;IAED,qEAAqE;IACrE,IAAI,cAAc,EAAE,CAAC;QACnB,cAAc,GAAG,MAAM,oBAAoB,CAAC,cAAc,CAAC,oBAAoB,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IACjG,CAAC;IAED,OAAO,QAAQ,EAAE,CAAC;IAElB,SAAS,QAAQ;QACf,OAAO;YACL,KAAK,EAAE,gBAAgB,IAAI,2BAA2B,IAAI,cAAc;YACxE,gBAAgB;YAChB,2BAA2B;YAC3B,cAAc;YACd,0BAA0B;YAC1B,mBAAmB;YACnB,MAAM;SACP,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,SAAS,yBAAyB,CAChC,EAAkB,EAClB,IAAkC,EAClC,MAAoC;IAEpC,IAAI,EAAE,GAAG,IAAI,CAAC;IAEd,2BAA2B;IAC3B,MAAM,qBAAqB,GAAG,IAAI,CAAC,qBAAqB,IAAI,CAAC,CAAC;IAC9D,IAAI,EAAE,CAAC,kBAAkB,GAAG,qBAAqB,EAAE,CAAC;QAClD,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,sBAAsB,EAAE,CAAC,kBAAkB,kBAAkB,qBAAqB,6BAA6B;SACzH,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;IAED,mEAAmE;IACnE,MAAM,gBAAgB,GAAG,IAAI,CAAC,gBAAgB,IAAI,kCAAkC,CAAC;IACrF,IAAI,EAAE,CAAC,wBAAwB,GAAG,gBAAgB,EAAE,CAAC;QACnD,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,4BAA4B,EAAE,CAAC,wBAAwB,kBAAkB,gBAAgB,8EAA8E;SACjL,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;IAED,gEAAgE;IAChE,2DAA2D;IAC3D,6DAA6D;IAC7D,gEAAgE;IAChE,MAAM,SAAS,GAAG,IAAI,CAAC,0BAA0B,IAAI,CAAC,4BAA4B,CAAC,CAAC;IACpF,MAAM,GAAG,GAAG,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC;IAC5C,IAAI,CAAC,GAAG,EAAE,CAAC;QACT,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,wEAAwE;SAClF,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,IAAI,SAAS,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,CAAC;QAC9E,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,qBAAqB,GAAG,CAAC,iBAAiB,sBAAsB,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;SACjG,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;IAED,gEAAgE;IAChE,0DAA0D;IAC1D,gEAAgE;IAChE,kEAAkE;IAClE,mEAAmE;IACnE,qEAAqE;IACrE,gEAAgE;IAChE,MAAM,aAAa,GAAG,IAAI,CAAC,gCAAgC,CAAC;IAC5D,MAAM,WAAW,GACf,EAAE,CAAC,gBAAgB,CAAC,wBAAwB,IAAI,EAAE,CAAC,gBAAgB,CAAC,wBAAwB,CAAC;IAC/F,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EACL,oHAAoH;SACvH,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;SAAM,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,aAAa,CAAC,EAAE,CAAC;QAChD,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,qEAAqE,WAAW,CAAC,MAAM,aAAa,aAAa,CAAC,MAAM,aAAa;SAC/I,CAAC,CAAC;QACH,EAAE,GAAG,KAAK,CAAC;IACb,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,oBAAoB,CACjC,SAAqB,EACrB,IAAkC,EAClC,MAAoC;IAEpC,IACE,OAAO,IAAI,CAAC,4BAA4B,KAAK,QAAQ;QACrD,IAAI,CAAC,4BAA4B,CAAC,MAAM,KAAK,CAAC,EAC9C,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,2DAA2D,EAAE,CAAC,CAAC;QACtF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtF,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,kFAAkF;SAC5F,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpF,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,iFAAiF;SAC3F,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,EAAE,CAAC;QAC7F,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,mFAAmF;SAC7F,CAAC,CAAC;QACH,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,aAAa,GAAG,6BAA6B,CAAC;QAClD,WAAW,EAAE,IAAI,CAAC,kBAAkB;QACpC,SAAS,EAAE,IAAI,CAAC,gBAAgB;QAChC,mBAAmB,EAAE,IAAI,CAAC,4BAA4B,CAAC,WAAW,EAAE;QACpE,UAAU,EAAE,IAAI,CAAC,iBAAiB;KACnC,CAAC,CAAC;IACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;IAC3E,IAAI,OAAO,CAAC,OAAO,EAAE,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC;QACV,OAAO,EACL,6KAA6K;KAChL,CAAC,CAAC;IACH,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE,iDAAiD;AACjD,MAAM,qBAAqB,GAAG,WAAW,CAAC;AAO1C;;;;;;;;;GASG;AACH,KAAK,UAAU,WAAW,CAAC,KAK1B;IACC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAE5D,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IACxE,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,gBAAgB,CAAC;QACxC,YAAY,EAAE,CAAC,IAAI,EAAE,GAAG,aAAa,EAAE,GAAG,WAAW,CAAC;KACvD,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IAC1C,MAAM,kBAAkB,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAC;IACzD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gDAAgD,EAAE,CAAC;IACpF,CAAC;IACD,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAC9C,OAAO,CAAC,WAAW,EAAE,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CACnD,CAAC;IACF,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EACJ,wGAAwG;SAC3G,CAAC;IACJ,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QACvB,IAAI,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,sCAAsC,OAAO,CAAC,WAAW,EAAE,EAAE;aACjG,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,8DAA8D;aAClG,CAAC;QACJ,CAAC;QACD,MAAM,MAAM,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,yDAAyD;aAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,IAA0B;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAiC,qBAAqB,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,OAAO,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;GAWG;AACH,SAAS,6BAA6B,CAAC,KAKtC;IACC,OAAO,CACL,kBAAkB,KAAK,CAAC,WAAW,EAAE;QACrC,gBAAgB,gBAAgB,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;QACnD,0BAA0B,gBAAgB,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE;QACvE,iBAAiB,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE;QACrD,gCAAgC;QAChC,iBAAiB,CAClB,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAChC,IAAI,EAAE,KAAK,GAAG;YAAE,GAAG,IAAI,KAAK,CAAC;aACxB,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,MAAM,CAAC;aAC/B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,IAAI,GAAG,IAAI;YAAE,GAAG,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;;YACnE,GAAG,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,GAAG,IAAI,GAAG,CAAC;IACX,OAAO,GAAG,CAAC;AACb,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAgB;IACzC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAoB,CAAC,CAAC;IACnF,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,OAAO,CAAC,CAAa,EAAE,CAAa;IAC3C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,IAAI,CAAC;SACtB,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,GAAG,CAAC;SAC1B,IAAI,GAAG,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC1D,CAAC"}

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "@motebit/crypto-android-keystore",
+  "version": "1.1.0",
+  "description": "Apache-2.0 verifier for Android Hardware-Backed Keystore Attestation hardware-attestation credentials — offline X.509 chain verification against pinned Google Hardware Attestation roots (RSA-4096 + ECDSA P-384), plus ASN.1 extraction of the KeyDescription extension. Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate Android device-attested motebit identities.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.js.map",
+    "dist/**/*.d.ts",
+    "dist/**/*.d.ts.map",
+    "LICENSE",
+    "NOTICE",
+    "README.md"
+  ],
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "keywords": [
+    "motebit",
+    "android",
+    "keystore",
+    "key-attestation",
+    "hardware-attestation",
+    "attestation",
+    "trusted-environment",
+    "strongbox",
+    "x509",
+    "verify"
+  ],
+  "homepage": "https://github.com/motebit/motebit/tree/main/packages/crypto-android-keystore#readme",
+  "bugs": {
+    "url": "https://github.com/motebit/motebit/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/motebit/motebit",
+    "directory": "packages/crypto-android-keystore"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "motebit": {
+    "implements": [
+      "spec/credential-v1.md"
+    ]
+  },
+  "dependencies": {
+    "@peculiar/asn1-schema": "^2.6.0",
+    "@peculiar/x509": "^1.12.0",
+    "@motebit/protocol": "1.1.0",
+    "@motebit/crypto": "1.1.0"
+  },
+  "devDependencies": {
+    "@noble/curves": "~1.9.0",
+    "@noble/hashes": "~1.6.0",
+    "@peculiar/webcrypto": "^1.5.0",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint --parser-options=project:tsconfig.eslint.json src/",
+    "lint:pack": "publint --strict && attw --pack --profile esm-only",
+    "clean": "rm -rf dist .turbo *.tsbuildinfo"
+  }
+}