npm - @motebit/crypto-tpm - Versions diffs - 1.0.0 - Mend

@motebit/crypto-tpm 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/dist/verify.js ADDED Viewed

@@ -0,0 +1,402 @@
+/**
+ * TPM 2.0 quote verifier — the core judgment function this package
+ * exports.
+ *
+ * Flow (matches the TCG verification recipe for TPM2_Quote, plus the
+ * motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into (tpmsAttestBase64, signatureBase64,
+ *      akCertDerBase64, intermediateCertsDerBase64Joined).
+ *   2. Parse the TPMS_ATTEST bytes. Assert magic = TPM_GENERATED_VALUE
+ *      and type = TPM_ST_ATTEST_QUOTE.
+ *   3. Parse the AK leaf + any intermediates as X.509. Walk the chain
+ *      from AK leaf → intermediate → vendor root. Every non-leaf must
+ *      carry `basicConstraints.cA === true`. Every signature must
+ *      verify under its issuer's public key. Every validity window
+ *      must include `now`. The terminal cert's DER must byte-equal
+ *      ONE of the pinned vendor roots.
+ *   4. Verify the AK signature over SHA-256(TPMS_ATTEST_BYTES) using
+ *      the AK certificate's public key.
+ *   5. Re-derive `extraData` from the JCS-canonical body
+ *      {attested_at, device_id, identity_public_key, motebit_id,
+ *      platform: "tpm", version: "1"} — SHA-256 of the canonical body
+ *      — and byte-compare against the transmitted `extraData`. This is
+ *      the cross-stack binding — without it every other step would
+ *      prove only that *some* TPM-enrolled device did something, not
+ *      that the Ed25519 key the credential subject claims is bound
+ *      to that device.
+ *
+ * The TPM's own EK certificate provisioning path is NOT verified here
+ * — that would require contacting the vendor's EK provisioning service
+ * and is out of scope for v1. The outer chain + extraData binding is
+ * enough for third-party self-verification of TPM-attested identity.
+ */
+import * as x509 from "@peculiar/x509";
+import { DEFAULT_PINNED_TPM_ROOTS } from "./tpm-roots.js";
+import { parseTpmsAttest, TPM_GENERATED_VALUE, TPM_ST_ATTEST_QUOTE } from "./tpm-parse.js";
+/** OID for X.509 basic-constraints extension — carries the CA bit. */
+const BASIC_CONSTRAINTS_OID = "2.5.29.19";
+/**
+ * TPM 2.0 quote verifier.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()`.
+ *
+ * `claim` is the `HardwareAttestationClaim` as carried inside the
+ * motebit AgentTrustCredential. For TPM, the `attestation_receipt`
+ * field is expected to be four base64url segments separated by `.`:
+ *
+ *   `{tpmsAttestB64}.{signatureB64}.{akCertDerB64}.{intermediatesJoinedB64}`
+ *
+ * `intermediatesJoinedB64` may itself be an empty segment (`""`) when
+ * the AK cert chains directly to a pinned root, or a `,`-joined
+ * concatenation of base64url-encoded DER intermediates in leaf-
+ * proximal-first order otherwise.
+ */
+export async function verifyTpmQuote(claim, opts) {
+    const errors = [];
+    let cert_chain_valid = false;
+    let quote_signature_valid = false;
+    let quote_shape_valid = false;
+    let identity_bound = false;
+    if (!claim.attestation_receipt) {
+        errors.push({ message: "tpm claim missing `attestation_receipt`" });
+        return fail(errors);
+    }
+    const parts = claim.attestation_receipt.split(".");
+    if (parts.length !== 4) {
+        errors.push({
+            message: `attestation_receipt must be 4 base64url parts (tpmsAttest.signature.akCert.intermediates); got ${parts.length}`,
+        });
+        return fail(errors);
+    }
+    const [attestB64, sigB64, akCertB64, intermediatesB64] = parts;
+    let attestBytes;
+    let sigBytes;
+    let akCertBytes;
+    let intermediateCertsBytes;
+    try {
+        attestBytes = fromBase64Url(attestB64);
+        sigBytes = fromBase64Url(sigB64);
+        akCertBytes = fromBase64Url(akCertB64);
+        intermediateCertsBytes =
+            intermediatesB64.length === 0 ? [] : intermediatesB64.split(",").map((p) => fromBase64Url(p));
+    }
+    catch (err) {
+        errors.push({ message: `base64url decode failed: ${messageOf(err)}` });
+        return fail(errors);
+    }
+    // ── Step 2: quote shape ─────────────────────────────────────────
+    let attest;
+    try {
+        attest = parseTpmsAttest(attestBytes);
+    }
+    catch (err) {
+        errors.push({ message: `TPMS_ATTEST parse: ${messageOf(err)}` });
+        return fail(errors, {
+            cert_chain_valid,
+            quote_signature_valid,
+            quote_shape_valid,
+            identity_bound,
+        });
+    }
+    if (attest.magic !== TPM_GENERATED_VALUE) {
+        errors.push({
+            message: `TPMS_ATTEST magic is 0x${attest.magic.toString(16)}; expected 0x${TPM_GENERATED_VALUE.toString(16)} (TPM_GENERATED_VALUE)`,
+        });
+    }
+    else if (attest.type !== TPM_ST_ATTEST_QUOTE) {
+        errors.push({
+            message: `TPMS_ATTEST type is 0x${attest.type.toString(16)}; expected 0x${TPM_ST_ATTEST_QUOTE.toString(16)} (TPM_ST_ATTEST_QUOTE)`,
+        });
+    }
+    else {
+        quote_shape_valid = true;
+    }
+    // ── Step 3: chain verify AK → intermediates → pinned vendor root ─
+    let akCert;
+    let intermediates;
+    let rootCerts;
+    try {
+        akCert = new x509.X509Certificate(toArrayBuffer(akCertBytes));
+        intermediates = intermediateCertsBytes.map((b) => new x509.X509Certificate(toArrayBuffer(b)));
+        const pems = opts.rootPems ?? DEFAULT_PINNED_TPM_ROOTS;
+        rootCerts = pems.map((pem) => new x509.X509Certificate(pem));
+    }
+    catch (err) {
+        errors.push({ message: `x509 parse: ${messageOf(err)}` });
+        return fail(errors, {
+            cert_chain_valid,
+            quote_signature_valid,
+            quote_shape_valid,
+            identity_bound,
+        });
+    }
+    const nowDate = new Date(opts.now ? opts.now() : Date.now());
+    try {
+        const chainResult = await verifyTpmCertChain({
+            leaf: akCert,
+            intermediates,
+            pinnedRoots: rootCerts,
+            nowDate,
+        });
+        cert_chain_valid = chainResult.valid;
+        if (!cert_chain_valid) {
+            errors.push({ message: chainResult.reason });
+        }
+    }
+    catch (err) {
+        errors.push({ message: `chain verify crashed: ${messageOf(err)}` });
+        return fail(errors, {
+            cert_chain_valid,
+            quote_signature_valid,
+            quote_shape_valid,
+            identity_bound,
+        });
+    }
+    // ── Step 4: AK signature over SHA-256(attestBytes) ──────────────
+    // TPM 2.0 AKs are most commonly ECDSA-P256 (the TCG's recommended
+    // profile). Future RSA-2048 AKs land as an additional dispatch arm
+    // once a real-RSA-TPM fixture is captured; today ECDSA is the only
+    // shape our test surface exercises and the only shape the Rust
+    // bridge will produce at landing.
+    //
+    // We route BOTH the `publicKey.export(...)` call AND the
+    // `subtle.verify(...)` call through the SAME crypto provider — the
+    // one registered with `@peculiar/x509`'s `cryptoProvider`. Mixing a
+    // CryptoKey minted by `@peculiar/webcrypto` with Node's native
+    // `globalThis.crypto.subtle.verify` throws "2nd argument is not of
+    // type CryptoKey" because the two providers mint different internal
+    // shapes. Staying on one provider keeps the SAB boundary clean.
+    try {
+        const provider = x509.cryptoProvider.get();
+        const cryptoKey = await akCert.publicKey.export({ name: "ECDSA", namedCurve: "P-256" }, ["verify"], provider);
+        const sigOk = await provider.subtle.verify({ name: "ECDSA", hash: "SHA-256" }, cryptoKey, sigBytes, attestBytes);
+        if (sigOk) {
+            quote_signature_valid = true;
+        }
+        else {
+            errors.push({
+                message: "AK signature does not verify against SHA-256(TPMS_ATTEST) — quote may be tampered or AK mismatch",
+            });
+        }
+    }
+    catch (err) {
+        errors.push({ message: `AK signature verify crashed: ${messageOf(err)}` });
+    }
+    // ── Step 5: identity binding via extraData ──────────────────────
+    try {
+        if (typeof opts.expectedIdentityPublicKeyHex !== "string" ||
+            opts.expectedIdentityPublicKeyHex.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedIdentityPublicKeyHex not supplied",
+            });
+        }
+        else if (typeof opts.expectedMotebitId !== "string" || opts.expectedMotebitId.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedMotebitId not supplied (required for body re-derivation)",
+            });
+        }
+        else if (typeof opts.expectedDeviceId !== "string" || opts.expectedDeviceId.length === 0) {
+            errors.push({
+                message: "identity_bound: expectedDeviceId not supplied (required for body re-derivation)",
+            });
+        }
+        else if (typeof opts.expectedAttestedAt !== "number" ||
+            !Number.isFinite(opts.expectedAttestedAt)) {
+            errors.push({
+                message: "identity_bound: expectedAttestedAt not supplied (required for body re-derivation)",
+            });
+        }
+        else {
+            const canonicalBody = buildCanonicalTpmBody({
+                attested_at: opts.expectedAttestedAt,
+                device_id: opts.expectedDeviceId,
+                identity_public_key: opts.expectedIdentityPublicKeyHex.toLowerCase(),
+                motebit_id: opts.expectedMotebitId,
+            });
+            const derived = await sha256Bytes(new TextEncoder().encode(canonicalBody));
+            if (bytesEq(derived, attest.extraData)) {
+                identity_bound = true;
+            }
+            else {
+                errors.push({
+                    message: "identity_bound: reconstructed SHA256(canonical body) does not equal transmitted extraData — body naming the caller's identity was not the body the TPM signed over",
+                });
+            }
+        }
+    }
+    catch (err) {
+        errors.push({ message: `identity binding crashed: ${messageOf(err)}` });
+    }
+    return {
+        valid: cert_chain_valid && quote_signature_valid && quote_shape_valid && identity_bound,
+        cert_chain_valid,
+        quote_signature_valid,
+        quote_shape_valid,
+        identity_bound,
+        errors,
+    };
+}
+// ── Helpers ─────────────────────────────────────────────────────────
+function fail(errors, partial) {
+    return {
+        valid: false,
+        cert_chain_valid: partial?.cert_chain_valid ?? false,
+        quote_signature_valid: partial?.quote_signature_valid ?? false,
+        quote_shape_valid: partial?.quote_shape_valid ?? false,
+        identity_bound: partial?.identity_bound ?? false,
+        errors,
+    };
+}
+function messageOf(err) {
+    return err instanceof Error ? err.message : String(err);
+}
+async function sha256Bytes(data) {
+    const buf = await globalThis.crypto.subtle.digest("SHA-256", data);
+    return new Uint8Array(buf);
+}
+function bytesEq(a, b) {
+    if (a.length !== b.length)
+        return false;
+    for (let i = 0; i < a.length; i++)
+        if (a[i] !== b[i])
+            return false;
+    return true;
+}
+/**
+ * Walk the TPM cert chain from AK → intermediates → one of the pinned
+ * vendor roots. Enforces:
+ *
+ *   1. `X509ChainBuilder.build(leaf)` with the AK + intermediates + all
+ *      pinned roots as the candidate pool produces a complete chain
+ *      terminating at a self-signed cert.
+ *   2. The chain's terminal cert's DER equals at least ONE of the pinned
+ *      vendor roots — the only acceptable trust anchors.
+ *   3. Every non-leaf cert in the chain carries
+ *      `basicConstraints.cA === true`. A misissued leaf presented as an
+ *      intermediate fails here even if its signature chains.
+ *   4. Every cert's signature verifies under its issuer's public key.
+ *   5. Every cert is within its validity window at `nowDate`.
+ */
+async function verifyTpmCertChain(input) {
+    const { leaf, intermediates, pinnedRoots, nowDate } = input;
+    const builder = new x509.X509ChainBuilder({
+        certificates: [leaf, ...intermediates, ...pinnedRoots],
+    });
+    const chain = await builder.build(leaf);
+    const terminal = chain[chain.length - 1];
+    const terminalSelfSigned = await terminal.isSelfSigned();
+    if (!terminalSelfSigned) {
+        return {
+            valid: false,
+            reason: "chain does not terminate at a self-signed root",
+        };
+    }
+    // Terminal DER must byte-equal at least one pinned vendor root. This
+    // is what defines "this is a TPM we accept" — the self-signed check
+    // alone would allow an attacker-chosen root to pass.
+    const terminalDer = new Uint8Array(terminal.rawData);
+    const matchedPinnedRoot = pinnedRoots.some((r) => bytesEq(terminalDer, new Uint8Array(r.rawData)));
+    if (!matchedPinnedRoot) {
+        return {
+            valid: false,
+            reason: "chain terminal cert DER does not match any pinned TPM vendor root " +
+                "(Infineon / Nuvoton / STMicro / Intel PTT)",
+        };
+    }
+    for (let i = 0; i < chain.length; i++) {
+        const cert = chain[i];
+        if (nowDate < cert.notBefore || nowDate > cert.notAfter) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} is outside its validity window at ${nowDate.toISOString()}`,
+            };
+        }
+        const isLeaf = i === 0;
+        if (!isLeaf && !certHasCaTrue(cert)) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} lacks basicConstraints.cA=true (CA constraint not enforced)`,
+            };
+        }
+        const issuer = i === chain.length - 1 ? cert : chain[i + 1];
+        const sigOk = await cert.verify({ publicKey: issuer.publicKey, date: nowDate });
+        if (!sigOk) {
+            return {
+                valid: false,
+                reason: `cert at chain position ${i} signature did not verify under its issuer's public key`,
+            };
+        }
+    }
+    return { valid: true, reason: "ok" };
+}
+function certHasCaTrue(cert) {
+    const ext = cert.getExtension(BASIC_CONSTRAINTS_OID);
+    if (!ext)
+        return false;
+    return ext.ca === true;
+}
+/**
+ * Reconstruct the byte-identical canonical body the Rust TPM bridge
+ * composes at quote time. Must stay byte-equal to what
+ * `apps/desktop/src-tauri/src/tpm.rs::canonical_body` will emit when
+ * the full `tss-esapi`-backed path lands.
+ *
+ * Ordering: alphabetical (JCS):
+ *   attested_at, device_id, identity_public_key, motebit_id, platform,
+ *   version.
+ *
+ * `platform` is always `"tpm"` and `version` is always `"1"` — both
+ * constants, matching the sibling App Attest path's shape exactly.
+ */
+function buildCanonicalTpmBody(input) {
+    return (`{"attested_at":${input.attested_at}` +
+        `,"device_id":${jsonEscapeString(input.device_id)}` +
+        `,"identity_public_key":${jsonEscapeString(input.identity_public_key)}` +
+        `,"motebit_id":${jsonEscapeString(input.motebit_id)}` +
+        `,"platform":"tpm"` +
+        `,"version":"1"}`);
+}
+function jsonEscapeString(s) {
+    let out = '"';
+    for (const ch of s) {
+        const code = ch.codePointAt(0);
+        if (ch === '"')
+            out += '\\"';
+        else if (ch === "\\")
+            out += "\\\\";
+        else if (ch === "\n")
+            out += "\\n";
+        else if (ch === "\r")
+            out += "\\r";
+        else if (ch === "\t")
+            out += "\\t";
+        else if (code < 0x20)
+            out += `\\u${code.toString(16).padStart(4, "0")}`;
+        else
+            out += ch;
+    }
+    out += '"';
+    return out;
+}
+function toArrayBuffer(bytes) {
+    const copy = new Uint8Array(bytes.length);
+    copy.set(bytes);
+    return copy.buffer;
+}
+function fromBase64Url(str) {
+    let b64 = str.replace(/-/g, "+").replace(/_/g, "/");
+    const pad = b64.length % 4;
+    if (pad === 2)
+        b64 += "==";
+    else if (pad === 3)
+        b64 += "=";
+    else if (pad === 1)
+        throw new Error("invalid base64url length");
+    const binary = atob(b64);
+    const out = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        out[i] = binary.charCodeAt(i);
+    return out;
+}
+//# sourceMappingURL=verify.js.map

package/dist/verify.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verify.js","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgCG;AAEH,OAAO,KAAK,IAAI,MAAM,gBAAgB,CAAC;AAIvC,OAAO,EAAE,wBAAwB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAoD3F,sEAAsE;AACtE,MAAM,qBAAqB,GAAG,WAAW,CAAC;AAE1C;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,KAA+B,EAC/B,IAAsB;IAEtB,MAAM,MAAM,GAAqB,EAAE,CAAC;IACpC,IAAI,gBAAgB,GAAG,KAAK,CAAC;IAC7B,IAAI,qBAAqB,GAAG,KAAK,CAAC;IAClC,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,cAAc,GAAG,KAAK,CAAC;IAE3B,IAAI,CAAC,KAAK,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACnD,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,kGAAkG,KAAK,CAAC,MAAM,EAAE;SAC1H,CAAC,CAAC;QACH,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IACD,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,gBAAgB,CAAC,GAAG,KAKxD,CAAC;IAEF,IAAI,WAAuB,CAAC;IAC5B,IAAI,QAAoB,CAAC;IACzB,IAAI,WAAuB,CAAC;IAC5B,IAAI,sBAAoC,CAAC;IACzC,IAAI,CAAC;QACH,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACvC,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;QACjC,WAAW,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACvC,sBAAsB;YACpB,gBAAgB,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAClG,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,4BAA4B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,mEAAmE;IACnE,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,eAAe,CAAC,WAAW,CAAC,CAAC;IACxC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,sBAAsB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,MAAM,EAAE;YAClB,gBAAgB;YAChB,qBAAqB;YACrB,iBAAiB;YACjB,cAAc;SACf,CAAC,CAAC;IACL,CAAC;IAED,IAAI,MAAM,CAAC,KAAK,KAAK,mBAAmB,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,0BAA0B,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,EAAE,CAAC,gBAAgB,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC,wBAAwB;SACrI,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,MAAM,CAAC,IAAI,KAAK,mBAAmB,EAAE,CAAC;QAC/C,MAAM,CAAC,IAAI,CAAC;YACV,OAAO,EAAE,yBAAyB,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,gBAAgB,mBAAmB,CAAC,QAAQ,CAAC,EAAE,CAAC,wBAAwB;SACnI,CAAC,CAAC;IACL,CAAC;SAAM,CAAC;QACN,iBAAiB,GAAG,IAAI,CAAC;IAC3B,CAAC;IAED,oEAAoE;IACpE,IAAI,MAA4B,CAAC;IACjC,IAAI,aAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;QAC9D,aAAa,GAAG,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9F,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,IAAI,wBAAwB,CAAC;QACvD,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,eAAe,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1D,OAAO,IAAI,CAAC,MAAM,EAAE;YAClB,gBAAgB;YAChB,qBAAqB;YACrB,iBAAiB;YACjB,cAAc;SACf,CAAC,CAAC;IACL,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;IAE7D,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,MAAM,kBAAkB,CAAC;YAC3C,IAAI,EAAE,MAAM;YACZ,aAAa;YACb,WAAW,EAAE,SAAS;YACtB,OAAO;SACR,CAAC,CAAC;QACH,gBAAgB,GAAG,WAAW,CAAC,KAAK,CAAC;QACrC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,WAAW,CAAC,MAAM,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,yBAAyB,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;QACpE,OAAO,IAAI,CAAC,MAAM,EAAE;YAClB,gBAAgB;YAChB,qBAAqB;YACrB,iBAAiB;YACjB,cAAc;SACf,CAAC,CAAC;IACL,CAAC;IAED,mEAAmE;IACnE,kEAAkE;IAClE,mEAAmE;IACnE,mEAAmE;IACnE,+DAA+D;IAC/D,kCAAkC;IAClC,EAAE;IACF,yDAAyD;IACzD,mEAAmE;IACnE,oEAAoE;IACpE,+DAA+D;IAC/D,mEAAmE;IACnE,oEAAoE;IACpE,gEAAgE;IAChE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,CAAC;QAC3C,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,MAAM,CAC7C,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,EAAuB,EAC3D,CAAC,QAAQ,CAAC,EACV,QAAQ,CACT,CAAC;QACF,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC,MAAM,CACxC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAiB,EACjD,SAAS,EACT,QAAwB,EACxB,WAA2B,CAC5B,CAAC;QACF,IAAI,KAAK,EAAE,CAAC;YACV,qBAAqB,GAAG,IAAI,CAAC;QAC/B,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EACL,kGAAkG;aACrG,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,gCAAgC,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAED,mEAAmE;IACnE,IAAI,CAAC;QACH,IACE,OAAO,IAAI,CAAC,4BAA4B,KAAK,QAAQ;YACrD,IAAI,CAAC,4BAA4B,CAAC,MAAM,KAAK,CAAC,EAC9C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,2DAA2D;aACrE,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,IAAI,CAAC,iBAAiB,KAAK,QAAQ,IAAI,IAAI,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC7F,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,kFAAkF;aAC5F,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,OAAO,IAAI,CAAC,gBAAgB,KAAK,QAAQ,IAAI,IAAI,CAAC,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3F,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EAAE,iFAAiF;aAC3F,CAAC,CAAC;QACL,CAAC;aAAM,IACL,OAAO,IAAI,CAAC,kBAAkB,KAAK,QAAQ;YAC3C,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,EACzC,CAAC;YACD,MAAM,CAAC,IAAI,CAAC;gBACV,OAAO,EACL,mFAAmF;aACtF,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,aAAa,GAAG,qBAAqB,CAAC;gBAC1C,WAAW,EAAE,IAAI,CAAC,kBAAkB;gBACpC,SAAS,EAAE,IAAI,CAAC,gBAAgB;gBAChC,mBAAmB,EAAE,IAAI,CAAC,4BAA4B,CAAC,WAAW,EAAE;gBACpE,UAAU,EAAE,IAAI,CAAC,iBAAiB;aACnC,CAAC,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC;YAC3E,IAAI,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,cAAc,GAAG,IAAI,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,CAAC;oBACV,OAAO,EACL,oKAAoK;iBACvK,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,6BAA6B,SAAS,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO;QACL,KAAK,EAAE,gBAAgB,IAAI,qBAAqB,IAAI,iBAAiB,IAAI,cAAc;QACvF,gBAAgB;QAChB,qBAAqB;QACrB,iBAAiB;QACjB,cAAc;QACd,MAAM;KACP,CAAC;AACJ,CAAC;AAED,uEAAuE;AAEvE,SAAS,IAAI,CACX,MAAwB,EACxB,OAA4D;IAE5D,OAAO;QACL,KAAK,EAAE,KAAK;QACZ,gBAAgB,EAAE,OAAO,EAAE,gBAAgB,IAAI,KAAK;QACpD,qBAAqB,EAAE,OAAO,EAAE,qBAAqB,IAAI,KAAK;QAC9D,iBAAiB,EAAE,OAAO,EAAE,iBAAiB,IAAI,KAAK;QACtD,cAAc,EAAE,OAAO,EAAE,cAAc,IAAI,KAAK;QAChD,MAAM;KACP,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,GAAY;IAC7B,OAAO,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AAC1D,CAAC;AAED,KAAK,UAAU,WAAW,CAAC,IAAgB;IACzC,MAAM,GAAG,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAoB,CAAC,CAAC;IACnF,OAAO,IAAI,UAAU,CAAC,GAAG,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,OAAO,CAAC,CAAa,EAAE,CAAa;IAC3C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACnE,OAAO,IAAI,CAAC;AACd,CAAC;AAOD;;;;;;;;;;;;;;GAcG;AACH,KAAK,UAAU,kBAAkB,CAAC,KAKjC;IACC,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC;IAE5D,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,gBAAgB,CAAC;QACxC,YAAY,EAAE,CAAC,IAAI,EAAE,GAAG,aAAa,EAAE,GAAG,WAAW,CAAC;KACvD,CAAC,CAAC;IACH,MAAM,KAAK,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAExC,MAAM,QAAQ,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;IAC1C,MAAM,kBAAkB,GAAG,MAAM,QAAQ,CAAC,YAAY,EAAE,CAAC;IACzD,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gDAAgD;SACzD,CAAC;IACJ,CAAC;IAED,qEAAqE;IACrE,oEAAoE;IACpE,qDAAqD;IACrD,MAAM,WAAW,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACrD,MAAM,iBAAiB,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,OAAO,CAAC,WAAW,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAChD,CAAC;IACF,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EACJ,oEAAoE;gBACpE,4CAA4C;SAC/C,CAAC;IACJ,CAAC;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAE,CAAC;QAEvB,IAAI,OAAO,GAAG,IAAI,CAAC,SAAS,IAAI,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;YACxD,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,sCAAsC,OAAO,CAAC,WAAW,EAAE,EAAE;aACjG,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,KAAK,CAAC,CAAC;QACvB,IAAI,CAAC,MAAM,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,8DAA8D;aAClG,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,CAAC,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAE,CAAC;QAC7D,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QAChF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0BAA0B,CAAC,yDAAyD;aAC7F,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AACvC,CAAC;AAED,SAAS,aAAa,CAAC,IAA0B;IAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,YAAY,CAAiC,qBAAqB,CAAC,CAAC;IACrF,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,OAAO,GAAG,CAAC,EAAE,KAAK,IAAI,CAAC;AACzB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,qBAAqB,CAAC,KAK9B;IACC,OAAO,CACL,kBAAkB,KAAK,CAAC,WAAW,EAAE;QACrC,gBAAgB,gBAAgB,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE;QACnD,0BAA0B,gBAAgB,CAAC,KAAK,CAAC,mBAAmB,CAAC,EAAE;QACvE,iBAAiB,gBAAgB,CAAC,KAAK,CAAC,UAAU,CAAC,EAAE;QACrD,mBAAmB;QACnB,iBAAiB,CAClB,CAAC;AACJ,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAS;IACjC,IAAI,GAAG,GAAG,GAAG,CAAC;IACd,KAAK,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;QACnB,MAAM,IAAI,GAAG,EAAE,CAAC,WAAW,CAAC,CAAC,CAAE,CAAC;QAChC,IAAI,EAAE,KAAK,GAAG;YAAE,GAAG,IAAI,KAAK,CAAC;aACxB,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,MAAM,CAAC;aAC/B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,EAAE,KAAK,IAAI;YAAE,GAAG,IAAI,KAAK,CAAC;aAC9B,IAAI,IAAI,GAAG,IAAI;YAAE,GAAG,IAAI,MAAM,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;;YACnE,GAAG,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,GAAG,IAAI,GAAG,CAAC;IACX,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,MAAM,IAAI,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAChB,OAAO,IAAI,CAAC,MAAM,CAAC;AACrB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACpD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC;IAC3B,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,IAAI,CAAC;SACtB,IAAI,GAAG,KAAK,CAAC;QAAE,GAAG,IAAI,GAAG,CAAC;SAC1B,IAAI,GAAG,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAChE,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACtE,OAAO,GAAG,CAAC;AACb,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,79 @@
+{
+  "name": "@motebit/crypto-tpm",
+  "version": "1.0.0",
+  "description": "Apache-2.0 verifier for TPM 2.0 Endorsement-Key hardware-attestation credentials — offline chain verification against pinned vendor EK roots (Infineon, Nuvoton, STMicro, Intel PTT) plus binary TPMS_ATTEST parsing. Plugs into @motebit/crypto's HardwareAttestationVerifiers dispatcher to validate TPM-attested motebit identities on Windows/Linux hosts.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "default": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*.js",
+    "dist/**/*.js.map",
+    "dist/**/*.d.ts",
+    "dist/**/*.d.ts.map",
+    "LICENSE",
+    "NOTICE",
+    "README.md"
+  ],
+  "sideEffects": false,
+  "license": "Apache-2.0",
+  "keywords": [
+    "motebit",
+    "tpm",
+    "tpm2",
+    "attestation",
+    "endorsement-key",
+    "hardware-attestation",
+    "windows",
+    "linux",
+    "x509",
+    "verify"
+  ],
+  "homepage": "https://github.com/motebit/motebit/tree/main/packages/crypto-tpm#readme",
+  "bugs": {
+    "url": "https://github.com/motebit/motebit/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/motebit/motebit",
+    "directory": "packages/crypto-tpm"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "motebit": {
+    "implements": [
+      "spec/credential-v1.md"
+    ]
+  },
+  "dependencies": {
+    "@peculiar/x509": "^1.12.0",
+    "@motebit/protocol": "1.0.0",
+    "@motebit/crypto": "1.0.0"
+  },
+  "devDependencies": {
+    "@noble/curves": "~1.9.0",
+    "@noble/hashes": "~1.6.0",
+    "@peculiar/webcrypto": "^1.5.0",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "scripts": {
+    "build": "tsc -b",
+    "test": "vitest run",
+    "test:coverage": "vitest run --coverage",
+    "typecheck": "tsc --noEmit",
+    "lint": "eslint --parser-options=project:tsconfig.eslint.json src/",
+    "lint:pack": "publint --strict && attw --pack --profile esm-only",
+    "clean": "rm -rf dist .turbo *.tsbuildinfo"
+  }
+}