@notabene/verify-proof 1.8.1 → 1.9.0

package/dist/tests/cosmos.test.d.ts

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@notabene/verify-proof",
-  "version": "1.8.1",
+  "version": "1.9.0",
   "description": "Verify ownership proofs",
   "source": "src/index.ts",
   "type": "module",
@@ -44,8 +44,9 @@
   },
   "dependencies": {
     "@cardano-foundation/cardano-verify-datasignature": "^1.0.11",
+    "@cosmjs/amino": "^0.34.0",
     "@noble/curves": "^1.7.0",
-    "@notabene/javascript-sdk": "^2.11.0",
+    "@notabene/javascript-sdk": "2.11.0-next.2",
     "@scure/base": "^1.2.1",
     "@stellar/stellar-sdk": "^13.1.0",
     "bip322-js": "^2.0.0",

package/src/cosmos.ts

@@ -0,0 +1,88 @@
+import {
+  CosmosMetadata,
+  ProofStatus,
+  SignatureProof,
+} from "@notabene/javascript-sdk";
+import { bech32 } from "bech32";
+import { StdSignDoc, serializeSignDoc } from "@cosmjs/amino";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { ripemd160 } from "@noble/hashes/legacy";
+import { sha256 } from "@noble/hashes/sha2";
+
+// Base64 decode
+function base64ToUint8Array(base64: string): Uint8Array {
+  return Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
+}
+
+// Base64 encode UTF-8 bytes
+function toBase64Bytes(str: string): string {
+  const utf8 = new TextEncoder().encode(str);
+  let binary = "";
+  for (let i = 0; i < utf8.length; i++) {
+    binary += String.fromCharCode(utf8[i]);
+  }
+  return btoa(binary);
+}
+
+// Cosmos address derivation (ADR-36)
+// https://github.com/cosmos/cosmos-sdk/blob/214b11dcbaa129f7b4c0013b2103db9d54b85e9e/docs/architecture/adr-036-arbitrary-signature.md
+function deriveCosmosAddress(pubkey: Uint8Array, prefix = "cosmos"): string {
+  const sha = sha256(pubkey);
+  const rip = ripemd160(sha);
+  return bech32.encode(prefix, bech32.toWords(rip));
+}
+
+export async function verifyCosmosSignature(
+  proof: SignatureProof
+): Promise<SignatureProof> {
+  try {
+    const [ns, , address] = proof.address.split(/:/);
+    if (ns !== "cosmos") {
+      return { ...proof, status: ProofStatus.FAILED };
+    }
+
+    // Parse the proof JSON
+    const pubKeyBytes = base64ToUint8Array(
+      (proof.chainSpecificData as CosmosMetadata).pub_key.value
+    );
+    const signatureBytes = base64ToUint8Array(proof.proof);
+
+    // Step 1: Derive address from pubkey
+    const derivedAddress = deriveCosmosAddress(pubKeyBytes);
+    if (derivedAddress !== address) {
+      return { ...proof, status: ProofStatus.FAILED };
+    }
+
+    // Step 2: Build MsgSignData + StdSignDoc
+    const signDoc: StdSignDoc = {
+      chain_id: "", // must match the signing process
+      account_number: "0",
+      sequence: "0",
+      fee: { amount: [], gas: "0" },
+      msgs: [
+        {
+          type: "sign/MsgSignData",
+          value: {
+            signer: address,
+            data: toBase64Bytes(proof.attestation),
+          },
+        },
+      ],
+      memo: "",
+    };
+
+    // Step 3: Serialize + hash
+    const signBytes = await serializeSignDoc(signDoc);
+    const digest = sha256(signBytes);
+
+    // Step 4: Verify using secp256k1
+    const verified = secp256k1.verify(signatureBytes, digest, pubKeyBytes);
+
+    return {
+      ...proof,
+      status: verified ? ProofStatus.VERIFIED : ProofStatus.FAILED,
+    };
+  } catch {
+    return { ...proof, status: ProofStatus.FAILED };
+  }
+}

package/src/index.ts

@@ -14,6 +14,7 @@ import { verifyCIP8Signature } from "./cardano";
 import { verifyPersonalSignXRPL } from "./xrpl";
 import { verifyStellarSignature } from "./xlm";
 import { verifyConcordiumSignature } from "./concordium";
+import { verifyCosmosSignature } from "./cosmos";
 
 export async function verifyProof(
   proof: OwnershipProof,
@@ -46,9 +47,10 @@ export async function verifyProof(
       return verifyPersonalSignXRPL(proof as SignatureProof, publicKey);
     case ProofTypes.XLM_ED25519:
       return verifyStellarSignature(proof as SignatureProof);
-    case ProofTypes.CONCORDIUM: {
+    case ProofTypes.CONCORDIUM: 
       return verifyConcordiumSignature(proof as SignatureProof);
-    }
+    case ProofTypes.COSMOS:
+      return verifyCosmosSignature(proof as SignatureProof);
     case ProofTypes.EIP712:
     case ProofTypes.BIP137:
     case ProofTypes.BIP322:

package/src/tests/cosmos.test.ts

@@ -0,0 +1,51 @@
+import { describe, expect, it } from "vitest";
+import {
+  ProofStatus,
+  ProofTypes,
+  SignatureProof,
+} from "@notabene/javascript-sdk";
+import { verifyCosmosSignature } from "../cosmos";
+
+describe("verifyCosmosSignature", () => {
+  it("returns verified proof when valid message and address", async () => {
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation:
+        "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address:
+        "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof:
+        "r0L+4864I3p2jPRBt8IAnhhvYmemMkKGg9fcKM0GOBIScgIpmyX/+ObPT/09VMSCzxlzZkH6LQGLNiD2sudAZw==",
+      wallet_provider: "Keplr (Wallet Connect)",
+      chainSpecificData: {
+        pub_key: {
+          type: "tendermint/PubKeySecp256k1",
+          value: "Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU",
+        },
+      },
+    };
+    const result = await verifyCosmosSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.VERIFIED);
+  });
+
+  it("returns failed proof when invalid message and address", async () => {
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation:
+        "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address:
+        "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof:
+        '{"pub_key":{"type":"tendermint/PubKeySecp256k1","value":"Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU"},"signature":"invalid_signature_that_will_fail_verification"}',
+      wallet_provider: "Keplr (Wallet Connect)",
+    };
+    const result = await verifyCosmosSignature(proof);
+
+    expect(result.status).toBe(ProofStatus.FAILED);
+  });
+});

package/src/tests/index.test.ts

@@ -342,4 +342,27 @@ describe("verifyProof", () => {
       expect(result.status).toBe(ProofStatus.VERIFIED);
     });
   })
+
+  describe("Cosmos", () => {  
+    const proof: SignatureProof = {
+      type: ProofTypes.COSMOS,
+      did: "did:pkh:cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      status: ProofStatus.PENDING,
+      attestation: "I certify that\n\ncosmos:cosmoshub-4 account cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8\n\nbelonged to did:key:z6MksamQq4oVRktkeSDxs6pbixYFUaUca8xgCvnTVLQA5PC5\n\non Mon, 14 Jul 2025 15:09:56 GMT",
+      address: "cosmos:cosmoshub-4:cosmos1tzxpcdsszyfuj852msx85c24u37jd7rly8skc8",
+      proof: "r0L+4864I3p2jPRBt8IAnhhvYmemMkKGg9fcKM0GOBIScgIpmyX/+ObPT/09VMSCzxlzZkH6LQGLNiD2sudAZw==",
+      wallet_provider: "Keplr (Wallet Connect)",
+      chainSpecificData: {
+        pub_key: {
+          type: "tendermint/PubKeySecp256k1",
+          value: "Ak8k3jYgH4srYi1ygG0GWLrdbF7VwQgjiLqjifuJSsmU",
+        },
+      }
+    };
+
+    it("should verify proof", async () => {
+      const result = await verifyProof(proof);
+      expect(result.status).toBe(ProofStatus.VERIFIED);
+    });
+  });
 });