@motebit/crypto-webauthn 1.0.0

package/dist/fido-roots.js

@@ -0,0 +1,152 @@
+/**
+ * Pinned FIDO-vendor root certificates the `packed`-attestation full-
+ * attestation verifier accepts as trust anchors.
+ *
+ * This is the self-attesting contract: a verifier that dynamically
+ * fetched FIDO Metadata Service roots would have no sovereign story —
+ * third parties auditing our output could never reproduce the decision
+ * without trusting our fetch path. By committing the exact bytes of the
+ * CAs we accept, anyone can audit this file, pin the same bytes in their
+ * own verifier, and reach the same yes/no answer for any WebAuthn
+ * attestation they receive.
+ *
+ * Starter set (v1):
+ *   - Apple WebAuthn Anonymous Attestation CA — the platform-authenticator
+ *     root iOS/macOS `Touch ID` / `Face ID` / `Passkey` attestations
+ *     chain to when a site requests `attestation: "direct"`.
+ *     Source: https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
+ *
+ *   - Yubico FIDO Root CA Serial 457200631 — the Yubico attestation
+ *     root every modern YubiKey (FIDO2 / Security Key) leaf certifies
+ *     under. Source: https://developers.yubico.com/PKI/yubico-ca-certs.txt
+ *
+ *   - Microsoft TPM Root CA 2014 — the root Microsoft TPM-backed
+ *     platform-authenticator leaves chain to on Windows Hello setups.
+ *     Source: https://www.microsoft.com/pkiops/certs/Microsoft%20TPM%20Root%20Certificate%20Authority%202014.crt
+ *
+ * Rotations land as additive constants and a dispatch arm on the
+ * accept-set here. Removing a root is a wire-format break and MUST be
+ * coordinated with a spec version bump.
+ *
+ * Tests override the accept-set via `WebAuthnVerifyOptions.rootPems` so
+ * chain-validation exercises the same code path without needing a real
+ * vendor-signed leaf.
+ */
+/**
+ * Apple WebAuthn Anonymous Attestation Root CA.
+ *
+ * Published by Apple as the root for WebAuthn packed-attestation leaves
+ * minted by iOS / macOS platform authenticators. Byte-for-byte match of
+ * Apple's published certificate at
+ * https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem.
+ */
+export const APPLE_WEBAUTHN_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8w
+HQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJ
+bmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMx
+NTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEG
+A1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11k
+xu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/
+pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk
+2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cA
+MGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3
+jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5RCmGQ21gWSw2PdMsSn
+1LabATR4H7iIgXPxz8m8KiS1hXiz
+-----END CERTIFICATE-----
+`;
+/**
+ * Yubico FIDO Root CA — Serial 457200631.
+ *
+ * Root of trust for YubiKey FIDO2 / Security Key attestation leaves.
+ * Byte-for-byte match of Yubico's published certificate at
+ * https://developers.yubico.com/PKI/yubico-ca-certs.txt.
+ */
+export const YUBICO_FIDO_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIDHjCCAgagAwIBAgIEG0BT9zANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNZ
+dWJpY28gVTJGIFJvb3QgQ0EgU2VyaWFsIDQ1NzIwMDYzMTAgFw0xNDA4MDEwMDAw
+MDBaGA8yMDUwMDkwNDAwMDAwMFowLjEsMCoGA1UEAxMjWXViaWNvIFUyRiBSb290
+IENBIFNlcmlhbCA0NTcyMDA2MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC/jwYuhBVlqaiYWEMsrWFisgJ+PtM91eSrpI4TK7U53mwCIawSDHy8vUmk
+5N2KAj9abvT9NP5SMS1hQi3usxoYGonXQgfO6ZXyUA9a+KAkqdFnBnlyugSeCOep
+8EdZFfsaRFtMjkwz5Gcz2Py4vIYvCdMHPtwaz0bVuzneueIEz6TnQjE63Rdt2zbw
+nebwTG5ZybeWSwbzy+BJ34ZHcUhPAY89yJQXuE0IzMZFcEBbPNRbWECRKgjq//qT
+9nmDOFVlSRCt2wiqPSzluwn+v+suQEBsUjTGMEd25tKXXTkNW21wIWbxeSyUoTXw
+LvGS6xlwQSgNpk2qXYwf8iXg7VWZAgMBAAGjQjBAMB0GA1UdDgQWBBQgIvz0bNGJ
+hjgpToksyKpP9xv9oDAPBgNVHRMECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjAN
+BgkqhkiG9w0BAQsFAAOCAQEAjvjuOMDSa+JXFCLyBKsycXtBVZsJ4Ue3LbaEsPY4
+MYN/hIQ5ZM5p7EjfcnMG4CtYkNsfNHc0AhBLdq45rnT87q/6O3vUEtNMafbhU6kt
+hX7Y+9XFN9NpmYxr+ekVY5xOxi8h9JDIgoMP4VB1uS0aunL1IGqrNooL9mmFnL2k
+LVVee6/VR6C5+KSTCMCWppMuJIZII2v9o4dkoZ8Y7QRjQlLfYzd3qGtKbw7xaF1U
+sG/5xUb/Btwb2X2g4InpiB/yt/3CpQXpiWX/K4mBvUKiGn05ZsqeY1gx4g0xLBqc
+U9psmyPzK+Vsgw2jeRQ5JlKDyqE0hebfC1tvFu0CCrJFcw==
+-----END CERTIFICATE-----
+`;
+/**
+ * Microsoft TPM Root Certificate Authority 2014.
+ *
+ * Root of trust for Windows-Hello TPM-backed platform-authenticator
+ * attestation leaves. Byte-for-byte match of Microsoft's published
+ * certificate at
+ * https://www.microsoft.com/pkiops/certs/Microsoft%20TPM%20Root%20Certificate%20Authority%202014.crt.
+ *
+ * Note: Microsoft's Windows Hello attestation commonly uses `fmt: "tpm"`
+ * rather than `fmt: "packed"`; this root is pinned for forward-compatibility
+ * with Microsoft-signed `packed` leaves and for the TPM fmt's additive
+ * arm (non-goal in v1).
+ */
+export const MICROSOFT_TPM_ROOT_PEM = `-----BEGIN CERTIFICATE-----
+MIIF9TCCA92gAwIBAgIQXbYwTgy/J79JuMhpUB5dyzANBgkqhkiG9w0BAQsFADCB
+jDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
+ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE2MDQGA1UEAxMt
+TWljcm9zb2Z0IFRQTSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDE0MB4X
+DTE0MTIxMDIxMzExOVoXDTM5MTIxMDIxMzkyOFowgYwxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN
+aWNyb3NvZnQgQ29ycG9yYXRpb24xNjA0BgNVBAMTLU1pY3Jvc29mdCBUUE0gUm9v
+dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxNDCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAJ+n+bnKt/JHIRC/oI/xgkgsYdPzP0gpvduDA2GbRtth+L4W
+UyoZKGBw7uz5bjjP8Aql4YExyjR3EZQ4LqnZChMpoCofbeDR4MjCE1TGwWghGpS0
+mM3GtWD9XiME4rE2K0VW3pdN0CLzkYbvZbs2wQTFfE62yNQiDjyHFWAZ4BQH4eWa
+8wrDMUxIAneUCpU6zCwM+l6Qh4ohX063BHzXlTSTc1fDsiPaKuMMjWjK9vp5UHFP
+a+dMAWr6OljQZPFIg3aZ4cUfzS9y+n77Hs1NXPBn6E4Db679z4DThIXyoKeZTv1a
+aWOWl/exsDLGt2mTMTyykVV8uD1eRjYriFpLQBFT0EfijJB0WzrVeJExDVBtH74E
+1vV0zGlKn3IdmkoXMq72wBWmldvnWqMkYmG+/TT4VqsmxwYQKsW8pAmO2ouCXCq7
+x8XFs2otDi4QZIc6HBxGe0GR8yxI/XxdFR3jGq0GmgcwBKJSNXOvbTS0Ql3TjfuJ
+HO3+SM8ioybJMeAexjRPOGd9mZZdkns2awTW8lzxE2pi0iMsPALLmWekmQTxAkyo
+h+mXxIdjICnsA+J5Nc2vB/YfM1v8Of8jlLSrkVZ+HjAJKaA3TwfnuL9yPalajgSs
+AonA/aGPrpbFTJKnYsX6TAKpxvlLrNs/XZBERPFfygBJTffBMVoerIJQa+W5AgMB
+AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR6
+jArOL0hiF+KU0a5VwVLscXSkVjAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
+AQsFAAOCAgEAW4ioo1+J9VWC0UntSBXcXRm1ePTVamtsxVy/GpP4EmJd3Ub53JzN
+BfYdgfUL51CppS3ZY6BoagB+DqoA2GbSL+7sFGHBl5ka6FNelrwsH6VVw4xV/8kl
+IjmqOyfatPYsz0sUdZev+reeiGpKVoXrK6BDnUU27/mgPtem5YKWvHB/soofUrLK
+zZV3WfGdx9zBr8V0xb6n9YUTHRp/nmn5F4VWLBwyjjlRofFJuFZbM0S91aOu6hit
+UOHsgEl6vTlc1v5ymG2tTRSZ+hVbazQWGF6cnKE0NYZy7UCjl2ZWN+FYHUX3tzrK
+UXDy3jl6wmRy+R0O7CJjEgQsaa4Rkz/L+0mdCIdhTNijxPRTaPcLGn1l5ZxtqWl3
+OdcbVjQGMnOWrkaxpbI99/C8tBiYuUCiPkCeuK+0wLMjP3b3zlPGjZnTVSgq52bK
+7JIB70R8dnC6PIPjY9QeY5bOTQJ1LJ/h8Hcn4Vam0aZMIpWDjMOXK48rLNG1+mXB
+oDpoa1jAD+hxi54GSJHgGtVHG/HEiBdpHumOBYDLv5UZ9T2nHhPbmkpTA5JvzaCT
+Wb0B4htaAlVCbQ0Tn4mNHhASa/rsSpl0C5bpFggsDdaaRmcRJ3UPy+GmSZPT9Xsh
+Hv7yoFFKi50iNfc59NhT2Qh/6V/8gK7U+rfcKk+KlW/2k+JSX+4Dyh8=
+-----END CERTIFICATE-----
+`;
+/**
+ * Default FIDO root accept-set. Full attestation (x5c present) must
+ * chain to exactly one of these. Tests override by passing
+ * `WebAuthnVerifyOptions.rootPems` — the runtime-injected set replaces
+ * the pinned default so fabricated chains can exercise the same code
+ * path.
+ */
+export const DEFAULT_FIDO_ROOTS = [
+    APPLE_WEBAUTHN_ROOT_PEM,
+    YUBICO_FIDO_ROOT_PEM,
+    MICROSOFT_TPM_ROOT_PEM,
+];
+/**
+ * WebAuthn attestation format discriminator the verifier accepts in v1.
+ * `packed` is the broadest-coverage format and the only one v1 handles.
+ * `tpm`, `android-key`, `android-safetynet`, `fido-u2f`, `apple`, and
+ * `none` are rejected with a structured `fmt-not-supported` error.
+ */
+export const WEBAUTHN_FMT_PACKED = "packed";
+//# sourceMappingURL=fido-roots.js.map

package/dist/fido-roots.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fido-roots.js","sourceRoot":"","sources":["../src/fido-roots.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH;;;;;;;GAOG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAG;;;;;;;;;;;;;;CActC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;CAmBnC,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAkCrC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAA0B;IACvD,uBAAuB;IACvB,oBAAoB;IACpB,sBAAsB;CACvB,CAAC;AAEF;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,QAAQ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,91 @@
+/**
+ * @motebit/crypto-webauthn — W3C WebAuthn platform-authenticator
+ * attestation adapter for motebit hardware-attestation claims.
+ *
+ * The metabolic leaf `@motebit/crypto` delegates to when a
+ * `HardwareAttestationClaim` declares `platform: "webauthn"`. Dep-thin
+ * `@motebit/crypto` stays permissive-floor-pure; this package, also on
+ * the permissive floor (Apache-2.0), metabolizes `@peculiar/x509` + `cbor2`
+ * to judge whether the browser's platform authenticator rooted the leaf
+ * that signed the caller's attestation (full attestation), or whether the
+ * credential's own key witnessed the challenge (self attestation).
+ *
+ * Wiring from a consumer:
+ *
+ * ```ts
+ * import { verify } from "@motebit/crypto";
+ * import { webauthnVerifier } from "@motebit/crypto-webauthn";
+ *
+ * const result = await verify(credential, {
+ *   hardwareAttestation: { webauthn: webauthnVerifier({ expectedRpId: "motebit.com" }) },
+ * });
+ * ```
+ *
+ * This package exports no global state, no side-effect registrations;
+ * the injection is call-site only.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+import type { WebAuthnVerifyResult } from "./verify.js";
+export { parseWebAuthnAttestationObjectCbor } from "./cbor.js";
+export type { WebAuthnAttestationObjectCbor } from "./cbor.js";
+export { APPLE_WEBAUTHN_ROOT_PEM, YUBICO_FIDO_ROOT_PEM, MICROSOFT_TPM_ROOT_PEM, DEFAULT_FIDO_ROOTS, WEBAUTHN_FMT_PACKED, } from "./fido-roots.js";
+export { verifyWebAuthnAttestation } from "./verify.js";
+export type { WebAuthnVerifyOptions, WebAuthnVerifyResult, WebAuthnVerifyError } from "./verify.js";
+/**
+ * Shape the optional verifier injected into `@motebit/crypto`'s
+ * `HardwareAttestationVerifiers.webauthn` slot carries. Mirrors the
+ * sync-or-async return shape the dispatcher supports, and extends the
+ * canonical shape with the structured `attestation_detail` so callers
+ * can introspect chain / signature / binding independently.
+ */
+export interface WebAuthnVerifyDispatchResult {
+    readonly valid: boolean;
+    readonly platform: "webauthn";
+    readonly errors: ReadonlyArray<{
+        readonly message: string;
+    }>;
+    readonly attestation_detail?: WebAuthnVerifyResult;
+}
+/**
+ * Context fields the dispatcher lifts out of the credential subject and
+ * threads through to the verifier. All three participate in the
+ * canonical body the web mint path composes at WebAuthn challenge
+ * time — the verifier re-derives the body from them and byte-compares
+ * against the `challenge` field of clientDataJSON.
+ *
+ * All fields optional: a caller that omits one loses the identity-
+ * binding channel but still gets chain / signature / rp binding
+ * results — the verifier reports the missing channel explicitly rather
+ * than silently passing.
+ */
+export interface WebAuthnVerifierContext {
+    readonly expectedMotebitId?: string;
+    readonly expectedDeviceId?: string;
+    readonly expectedAttestedAt?: number;
+}
+export interface WebAuthnVerifierConfig {
+    /** WebAuthn Relying Party ID the credential was minted for (e.g. "motebit.com"). */
+    readonly expectedRpId: string;
+    /** Optional: override the pinned FIDO root accept-set (tests fabricate their own). */
+    readonly rootPems?: ReadonlyArray<string>;
+    /** Optional: inject a fixed clock for deterministic chain-validity checks. */
+    readonly now?: () => number;
+    /** Optional: override the accepted attestation-format string. */
+    readonly expectedFmt?: string;
+}
+/**
+ * Factory — build a `webauthn` verifier bound to a specific RP ID and
+ * (optionally) a test root set / clock / fmt. The returned function
+ * matches the `HardwareAttestationVerifiers.webauthn` signature the
+ * `@motebit/crypto` dispatcher expects.
+ *
+ * Third-parameter `context` carries motebit_id / device_id / attested_at
+ * so the verifier can re-derive the canonical body the browser signed
+ * over. Callers that omit it receive `identity_bound: false` in the
+ * result (fail-closed).
+ *
+ * Kept as a factory rather than a free function so the consumer's RP
+ * ID is captured once at wiring time, not repeated at every call site.
+ */
+export declare function webauthnVerifier(config: WebAuthnVerifierConfig): (claim: HardwareAttestationClaim, expectedIdentityHex: string, context?: WebAuthnVerifierContext) => Promise<WebAuthnVerifyDispatchResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAElE,OAAO,KAAK,EAAyB,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAG/E,OAAO,EAAE,kCAAkC,EAAE,MAAM,WAAW,CAAC;AAC/D,YAAY,EAAE,6BAA6B,EAAE,MAAM,WAAW,CAAC;AAC/D,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AACxD,YAAY,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAEpG;;;;;;GAMG;AACH,MAAM,WAAW,4BAA4B;IAC3C,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,QAAQ,EAAE,UAAU,CAAC;IAC9B,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;QAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAC7D,QAAQ,CAAC,kBAAkB,CAAC,EAAE,oBAAoB,CAAC;CACpD;AAED;;;;;;;;;;;GAWG;AACH,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;CACtC;AAED,MAAM,WAAW,sBAAsB;IACrC,oFAAoF;IACpF,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,sFAAsF;IACtF,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,8EAA8E;IAC9E,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IAC5B,iEAAiE;IACjE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,gBAAgB,CAC9B,MAAM,EAAE,sBAAsB,GAC7B,CACD,KAAK,EAAE,wBAAwB,EAC/B,mBAAmB,EAAE,MAAM,EAC3B,OAAO,CAAC,EAAE,uBAAuB,KAC9B,OAAO,CAAC,4BAA4B,CAAC,CA0BzC"}

package/dist/index.js

@@ -0,0 +1,72 @@
+/**
+ * @motebit/crypto-webauthn — W3C WebAuthn platform-authenticator
+ * attestation adapter for motebit hardware-attestation claims.
+ *
+ * The metabolic leaf `@motebit/crypto` delegates to when a
+ * `HardwareAttestationClaim` declares `platform: "webauthn"`. Dep-thin
+ * `@motebit/crypto` stays permissive-floor-pure; this package, also on
+ * the permissive floor (Apache-2.0), metabolizes `@peculiar/x509` + `cbor2`
+ * to judge whether the browser's platform authenticator rooted the leaf
+ * that signed the caller's attestation (full attestation), or whether the
+ * credential's own key witnessed the challenge (self attestation).
+ *
+ * Wiring from a consumer:
+ *
+ * ```ts
+ * import { verify } from "@motebit/crypto";
+ * import { webauthnVerifier } from "@motebit/crypto-webauthn";
+ *
+ * const result = await verify(credential, {
+ *   hardwareAttestation: { webauthn: webauthnVerifier({ expectedRpId: "motebit.com" }) },
+ * });
+ * ```
+ *
+ * This package exports no global state, no side-effect registrations;
+ * the injection is call-site only.
+ */
+import { verifyWebAuthnAttestation } from "./verify.js";
+export { parseWebAuthnAttestationObjectCbor } from "./cbor.js";
+export { APPLE_WEBAUTHN_ROOT_PEM, YUBICO_FIDO_ROOT_PEM, MICROSOFT_TPM_ROOT_PEM, DEFAULT_FIDO_ROOTS, WEBAUTHN_FMT_PACKED, } from "./fido-roots.js";
+export { verifyWebAuthnAttestation } from "./verify.js";
+/**
+ * Factory — build a `webauthn` verifier bound to a specific RP ID and
+ * (optionally) a test root set / clock / fmt. The returned function
+ * matches the `HardwareAttestationVerifiers.webauthn` signature the
+ * `@motebit/crypto` dispatcher expects.
+ *
+ * Third-parameter `context` carries motebit_id / device_id / attested_at
+ * so the verifier can re-derive the canonical body the browser signed
+ * over. Callers that omit it receive `identity_bound: false` in the
+ * result (fail-closed).
+ *
+ * Kept as a factory rather than a free function so the consumer's RP
+ * ID is captured once at wiring time, not repeated at every call site.
+ */
+export function webauthnVerifier(config) {
+    return async (claim, expectedIdentityHex, context) => {
+        const opts = {
+            expectedRpId: config.expectedRpId,
+            expectedIdentityPublicKeyHex: expectedIdentityHex,
+            ...(config.rootPems !== undefined ? { rootPems: config.rootPems } : {}),
+            ...(config.now !== undefined ? { now: config.now } : {}),
+            ...(config.expectedFmt !== undefined ? { expectedFmt: config.expectedFmt } : {}),
+            ...(context?.expectedMotebitId !== undefined
+                ? { expectedMotebitId: context.expectedMotebitId }
+                : {}),
+            ...(context?.expectedDeviceId !== undefined
+                ? { expectedDeviceId: context.expectedDeviceId }
+                : {}),
+            ...(context?.expectedAttestedAt !== undefined
+                ? { expectedAttestedAt: context.expectedAttestedAt }
+                : {}),
+        };
+        const detail = await verifyWebAuthnAttestation(claim, opts);
+        return {
+            valid: detail.valid,
+            platform: "webauthn",
+            errors: detail.errors,
+            attestation_detail: detail,
+        };
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAKH,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AAExD,OAAO,EAAE,kCAAkC,EAAE,MAAM,WAAW,CAAC;AAE/D,OAAO,EACL,uBAAuB,EACvB,oBAAoB,EACpB,sBAAsB,EACtB,kBAAkB,EAClB,mBAAmB,GACpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAE,yBAAyB,EAAE,MAAM,aAAa,CAAC;AA8CxD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,gBAAgB,CAC9B,MAA8B;IAM9B,OAAO,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,OAAO,EAAE,EAAE;QACnD,MAAM,IAAI,GAA0B;YAClC,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,4BAA4B,EAAE,mBAAmB;YACjD,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACxD,GAAG,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,GAAG,CAAC,OAAO,EAAE,iBAAiB,KAAK,SAAS;gBAC1C,CAAC,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,iBAAiB,EAAE;gBAClD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,OAAO,EAAE,gBAAgB,KAAK,SAAS;gBACzC,CAAC,CAAC,EAAE,gBAAgB,EAAE,OAAO,CAAC,gBAAgB,EAAE;gBAChD,CAAC,CAAC,EAAE,CAAC;YACP,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,SAAS;gBAC3C,CAAC,CAAC,EAAE,kBAAkB,EAAE,OAAO,CAAC,kBAAkB,EAAE;gBACpD,CAAC,CAAC,EAAE,CAAC;SACR,CAAC;QACF,MAAM,MAAM,GAAG,MAAM,yBAAyB,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;QAC5D,OAAO;YACL,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,QAAQ,EAAE,UAAU;YACpB,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,kBAAkB,EAAE,MAAM;SAC3B,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC"}

package/dist/verify.d.ts

@@ -0,0 +1,120 @@
+/**
+ * WebAuthn platform-authenticator attestation verifier — the core
+ * judgment function this package exports.
+ *
+ * Flow (matches the W3C WebAuthn `packed` attestation verification
+ * recipe, plus the motebit-specific identity-key binding step):
+ *
+ *   1. Split the receipt into (attestationObjectBase64, clientDataJSONBase64).
+ *   2. CBOR-decode the attestation object to {fmt, attStmt:{alg, sig, x5c?},
+ *      authData}. Assert fmt === "packed" in v1. Other fmts are named-not-
+ *      supported errors (tpm / android-key / android-safetynet / fido-u2f /
+ *      apple / none) — each is a separate additive arm future passes can add.
+ *   3a. Full attestation (x5c present): parse leaf, walk the chain against
+ *       the pinned FIDO roots. Every non-leaf must carry basicConstraints.cA
+ *       === true; every signature must verify; every cert must be within
+ *       its validity window; the terminal cert's DER must equal one of the
+ *       pinned roots byte-for-byte. Then verify `attStmt.sig` over
+ *       `authData || clientDataHash` using the leaf's public key and alg.
+ *   3b. Self attestation (no x5c): extract the credential public key from
+ *       `authData.attestedCredentialData`. Verify `attStmt.sig` over
+ *       `authData || clientDataHash` using that key. Self-attested
+ *       credentials carry no vendor chain and score as hardware-exported-
+ *       equivalent (0.5) in the semiring — still better than software
+ *       because the binding is still hardware-held, just not chain-proven.
+ *   4. Parse `clientDataJSON` (UTF-8 JSON): assert its `challenge` field
+ *      (base64url-decoded) byte-equals the reconstructed
+ *      SHA256(canonical body) the caller threads in via
+ *      (motebit_id, device_id, identity_public_key, attested_at). The
+ *      identity-binding step — byte-identical contract to App Attest.
+ *   5. Parse `authData` minimally: `rpIdHash` is the first 32 bytes; the
+ *      caller's RP ID (e.g. "motebit.com") hashed with SHA-256 must match
+ *      byte-for-byte. Bundle/RP binding.
+ *
+ * FIDO Metadata Service (MDS) dynamic fetch is explicitly out of scope —
+ * the pinned-roots model keeps the verifier sovereign and offline.
+ * Rotations land as additive constants in `fido-roots.ts`.
+ */
+import type { HardwareAttestationClaim } from "@motebit/protocol";
+export interface WebAuthnVerifyOptions {
+    /**
+     * Relying Party ID the credential was minted for (e.g. "motebit.com").
+     * Hashed with SHA-256 and byte-compared against authData.rpIdHash.
+     */
+    readonly expectedRpId: string;
+    /**
+     * Ed25519 identity key (lowercase hex) the motebit VC claims. The
+     * reconstructed attestation body MUST name this key.
+     */
+    readonly expectedIdentityPublicKeyHex: string;
+    /**
+     * motebit_id from the credential subject. Participates in the canonical
+     * body the web mint path signs; re-derived here and byte-compared
+     * against clientDataJSON.challenge so a malicious client cannot
+     * substitute a different body.
+     */
+    readonly expectedMotebitId?: string;
+    /** device_id from the credential subject. */
+    readonly expectedDeviceId?: string;
+    /** attested_at (unix ms) from the credential subject. */
+    readonly expectedAttestedAt?: number;
+    /**
+     * Override the pinned FIDO-root accept-set. Tests fabricate their own
+     * chain and supply its root PEM here so chain verification exercises
+     * the same code path without a real vendor-signed leaf.
+     */
+    readonly rootPems?: ReadonlyArray<string>;
+    /** Clock for chain-validity checks. Defaults to `Date.now`. */
+    readonly now?: () => number;
+    /**
+     * Override the accepted attestation-format string. Defaults to
+     * `"packed"`. Exposed only so test fabrications that exercise chain-
+     * validation edge cases can still reach the code path without
+     * colliding with a production fmt.
+     */
+    readonly expectedFmt?: string;
+}
+export interface WebAuthnVerifyError {
+    readonly message: string;
+}
+export interface WebAuthnVerifyResult {
+    readonly valid: boolean;
+    readonly cert_chain_valid: boolean;
+    /**
+     * True when the signature verifies AND the signer is the same key
+     * the credential subject claims (chain-rooted for full attestation;
+     * the credential public key itself for self attestation).
+     */
+    readonly signature_valid: boolean;
+    /** True when `authData.rpIdHash === SHA256(expectedRpId)`. */
+    readonly rp_bound: boolean;
+    /**
+     * True when `clientDataJSON.challenge` (base64url-decoded) equals
+     * SHA256(reconstructed canonical body naming the caller's identity).
+     */
+    readonly identity_bound: boolean;
+    /**
+     * Attestation kind chosen by the presence / absence of x5c in the
+     * attestation object. `"self"` scores lower in the semiring (0.5 —
+     * treated as hardware-exported equivalent) because the binding is not
+     * chain-rooted; `"full"` scores 1.0.
+     */
+    readonly attestation_kind: "full" | "self" | null;
+    readonly errors: readonly WebAuthnVerifyError[];
+}
+/**
+ * WebAuthn platform-authenticator attestation verifier.
+ *
+ * Pure. No network. No filesystem. Deterministic given `now()`.
+ *
+ * `claim` is the `HardwareAttestationClaim` as carried inside the motebit
+ * AgentTrustCredential. For WebAuthn, the `attestation_receipt` field is
+ * two base64url segments separated by `.`:
+ *
+ *   `{attestationObjectB64}.{clientDataJSONB64}`
+ *
+ * The web mint path constructs this shape; see
+ * `apps/web/src/mint-hardware-credential.ts`.
+ */
+export declare function verifyWebAuthnAttestation(claim: HardwareAttestationClaim, opts: WebAuthnVerifyOptions): Promise<WebAuthnVerifyResult>;
+//# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AAKH,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,mBAAmB,CAAC;AAKlE,MAAM,WAAW,qBAAqB;IACpC;;;OAGG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B;;;OAGG;IACH,QAAQ,CAAC,4BAA4B,EAAE,MAAM,CAAC;IAC9C;;;;;OAKG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IACpC,6CAA6C;IAC7C,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,yDAAyD;IACzD,QAAQ,CAAC,kBAAkB,CAAC,EAAE,MAAM,CAAC;IACrC;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,+DAA+D;IAC/D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IAC5B;;;;;OAKG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,OAAO,CAAC;IACxB,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,8DAA8D;IAC9D,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC;;;;;OAKG;IACH,QAAQ,CAAC,gBAAgB,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC;IAClD,QAAQ,CAAC,MAAM,EAAE,SAAS,mBAAmB,EAAE,CAAC;CACjD;AAQD;;;;;;;;;;;;;GAaG;AACH,wBAAsB,yBAAyB,CAC7C,KAAK,EAAE,wBAAwB,EAC/B,IAAI,EAAE,qBAAqB,GAC1B,OAAO,CAAC,oBAAoB,CAAC,CAyT/B"}