@ocap/mcrypto 1.18.166 → 1.19.1

package/lib/encode.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encode = void 0;
+exports.encode = encode;
 const util_1 = require("@ocap/util");
 function encode(data, encoding = 'hex') {
     if (['hex', 'base16'].includes(encoding)) {
@@ -20,4 +20,3 @@ function encode(data, encoding = 'hex') {
     }
     return data;
 }
-exports.encode = encode;

package/lib/index.d.ts

@@ -1,10 +1,9 @@
-/// <reference types="node" />
 import type { BytesType, EncodingType, KeyPairType } from '@ocap/util';
 import type { LiteralUnion } from 'type-fest';
-export declare type KeyType = LiteralUnion<'ED25519' | 'SECP256K1' | 'ETHEREUM', string>;
-export declare type HashType = LiteralUnion<'KECCAK' | 'SHA3' | 'KECCAK_384' | 'SHA3_384' | 'KECCAK_512' | 'SHA3_512' | 'SHA2', string>;
-export declare type RoleType = LiteralUnion<'ROLE_ACCOUNT' | 'ROLE_NODE' | 'ROLE_DEVICE' | 'ROLE_APPLICATION' | 'ROLE_SMART_CONTRACT' | 'ROLE_BOT' | 'ROLE_ASSET' | 'ROLE_STAKE' | 'ROLE_VALIDATOR' | 'ROLE_GROUP' | 'ROLE_GROUP' | 'ROLE_TX' | 'ROLE_TETHER' | 'ROLE_SWAP' | 'ROLE_DELEGATION' | 'ROLE_VC' | 'ROLE_BLOCKLET' | 'ROLE_STORE' | 'ROLE_TOKEN' | 'ROLE_FACTORY' | 'ROLE_ROLLUP' | 'ROLE_ANY', string>;
-export declare type AddressType = LiteralUnion<'BASE16' | 'BASE58', string>;
+export type KeyType = LiteralUnion<'ED25519' | 'SECP256K1' | 'ETHEREUM', string>;
+export type HashType = LiteralUnion<'KECCAK' | 'SHA3' | 'KECCAK_384' | 'SHA3_384' | 'KECCAK_512' | 'SHA3_512' | 'SHA2', string>;
+export type RoleType = LiteralUnion<'ROLE_ACCOUNT' | 'ROLE_NODE' | 'ROLE_DEVICE' | 'ROLE_APPLICATION' | 'ROLE_SMART_CONTRACT' | 'ROLE_BOT' | 'ROLE_ASSET' | 'ROLE_STAKE' | 'ROLE_VALIDATOR' | 'ROLE_GROUP' | 'ROLE_GROUP' | 'ROLE_TX' | 'ROLE_TETHER' | 'ROLE_SWAP' | 'ROLE_DELEGATION' | 'ROLE_VC' | 'ROLE_BLOCKLET' | 'ROLE_STORE' | 'ROLE_TOKEN' | 'ROLE_FACTORY' | 'ROLE_ROLLUP' | 'ROLE_STORAGE' | 'ROLE_PROFILE' | 'ROLE_PASSKEY' | 'ROLE_ANY', string>;
+export type AddressType = LiteralUnion<'BASE16' | 'BASE58', string>;
 export interface HashFnType {
     (data: BytesType, round: number, encoding?: 'hex'): string;
     (data: BytesType, round: number, encoding?: 'base16'): string;
@@ -30,7 +29,7 @@ export interface SignerType {
     sign(data: BytesType, sk: BytesType, encoding?: 'buffer'): Buffer;
     sign(data: BytesType, sk: BytesType, encoding?: 'Uint8Array'): Uint8Array;
     sign(data: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
-    verify(data: BytesType, pk: BytesType, signature: BytesType): boolean;
+    verify(data: BytesType, pk: BytesType, signature: BytesType, extra?: any): boolean;
     ethHash?(data: string): string;
     ethSign?(data: string, sk: string): string;
     ethVerify?(data: string, pk: string, signature: BytesType): boolean;
@@ -57,6 +56,7 @@ export declare const Signer: {
     Ed25519: import("./signer/ed25519").Ed25519Signer;
     Secp256k1: import("./signer/secp256k1").Secp256k1Signer;
     Ethereum: import("./signer/ethereum").EthereumSigner;
+    Passkey: import("./signer/passkey").PasskeySigner;
 };
 /**
  * Contains all supported hasher, eg: `SHA2`,`SHA3` and `Keccak`, each of them supports `hash224`, `hash256`, `hash384`, `hash512`
@@ -106,6 +106,7 @@ export declare const types: {
         ED25519: number;
         SECP256K1: number;
         ETHEREUM: number;
+        PASSKEY: number;
     };
     /**
      * Hashing algorithms
@@ -157,6 +158,7 @@ export declare const types: {
         ROLE_ROLLUP: number;
         ROLE_STORAGE: number;
         ROLE_PROFILE: number;
+        ROLE_PASSKEY: number;
         ROLE_ANY: number;
     };
     /**
@@ -223,7 +225,7 @@ export declare function getRandomBytes(length: number, encoding?: 'buffer'): Buf
 export declare function getRandomBytes(length: number, encoding?: 'Uint8Array'): Uint8Array;
 export declare function getRandomBytes(length: number, encoding?: EncodingType): BytesType;
 export declare const Signers: Readonly<{
-    [x: number]: import("./signer/ed25519").Ed25519Signer | import("./signer/secp256k1").Secp256k1Signer;
+    [x: number]: import("./signer/ed25519").Ed25519Signer | import("./signer/secp256k1").Secp256k1Signer | import("./signer/passkey").PasskeySigner;
 }>;
 export declare const Hashers: Readonly<{
     [x: number]: (data: BytesType, round?: number, encoding?: EncodingType) => BytesType;

package/lib/index.js

@@ -3,7 +3,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.toTxHash = exports.Hashers = exports.Signers = exports.getRandomBytes = exports.getHasher = exports.getSigner = exports.types = exports.Hasher = exports.Signer = void 0;
+exports.toTxHash = exports.Hashers = exports.Signers = exports.types = exports.Hasher = exports.Signer = void 0;
+exports.getSigner = getSigner;
+exports.getHasher = getHasher;
+exports.getRandomBytes = getRandomBytes;
 const randombytes_1 = __importDefault(require("randombytes"));
 const encode_1 = require("./encode");
 const keccak_1 = __importDefault(require("./hasher/keccak"));
@@ -12,6 +15,7 @@ const sha3_1 = __importDefault(require("./hasher/sha3"));
 const ed25519_1 = __importDefault(require("./signer/ed25519"));
 const ethereum_1 = __importDefault(require("./signer/ethereum"));
 const secp256k1_1 = __importDefault(require("./signer/secp256k1"));
+const passkey_1 = __importDefault(require("./signer/passkey"));
 /**
  * Contains all supported signers, eg: `Ed25519` and `Secp256k1`
  *
@@ -33,6 +37,7 @@ exports.Signer = {
     Ed25519: ed25519_1.default,
     Secp256k1: secp256k1_1.default,
     Ethereum: ethereum_1.default,
+    Passkey: passkey_1.default,
 };
 /**
  * Contains all supported hasher, eg: `SHA2`,`SHA3` and `Keccak`, each of them supports `hash224`, `hash256`, `hash384`, `hash512`
@@ -82,6 +87,7 @@ exports.types = {
         ED25519: 0,
         SECP256K1: 1,
         ETHEREUM: 2,
+        PASSKEY: 3,
     },
     /**
      * Hashing algorithms
@@ -133,6 +139,7 @@ exports.types = {
         ROLE_ROLLUP: 19,
         ROLE_STORAGE: 20,
         ROLE_PROFILE: 21,
+        ROLE_PASSKEY: 22,
         ROLE_ANY: 63,
     },
     /**
@@ -175,7 +182,6 @@ function getSigner(type) {
     // @ts-ignore
     return exports.Signers[type];
 }
-exports.getSigner = getSigner;
 /**
  * Get hasher instance
  *
@@ -201,15 +207,14 @@ function getHasher(type) {
     // @ts-ignore
     return exports.Hashers[type];
 }
-exports.getHasher = getHasher;
 function getRandomBytes(length = 32, encoding = 'hex') {
     return (0, encode_1.encode)((0, randombytes_1.default)(length), encoding);
 }
-exports.getRandomBytes = getRandomBytes;
 exports.Signers = Object.freeze({
     [exports.types.KeyType.ED25519]: exports.Signer.Ed25519,
     [exports.types.KeyType.SECP256K1]: exports.Signer.Secp256k1,
     [exports.types.KeyType.ETHEREUM]: exports.Signer.Ethereum,
+    [exports.types.KeyType.PASSKEY]: exports.Signer.Passkey,
 });
 exports.Hashers = Object.freeze({
     [exports.types.HashType.KECCAK]: exports.Hasher.Keccak.hash256,

package/lib/signer/passkey.d.ts

@@ -0,0 +1,27 @@
+import { BytesType, EncodingType, KeyPairType } from '@ocap/util';
+import BaseSigner from '../protocols/signer';
+/**
+ * Signer implementation for passkey, based on `@simplewebauthn/server`
+ * Since passkey supports only verification, we do not need to implement the sign method
+ * And passkeys can used multiple algorithms, we do not need to implement the algorithm selection
+ *
+ * @class PasskeySigner
+ */
+declare class PasskeySigner extends BaseSigner {
+    constructor();
+    genKeyPair(encoding?: EncodingType, userSeed?: BytesType): KeyPairType;
+    getPublicKey(sk: BytesType, encoding?: EncodingType): BytesType;
+    sign(message: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
+    /**
+     * Verify if a signature is valid
+     *
+     * @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
+     * @param {string|buffer} signature - signature from passkey
+     * @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
+     * @returns {bool}
+     */
+    verify(challenge: BytesType, signature: BytesType, pk: BytesType, extra: string): Promise<boolean>;
+}
+declare const _default: PasskeySigner;
+export default _default;
+export { PasskeySigner };

package/lib/signer/passkey.js

@@ -0,0 +1,65 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasskeySigner = void 0;
+/* eslint-disable @typescript-eslint/no-useless-constructor */
+const util_1 = require("@ocap/util");
+const helpers_1 = require("@simplewebauthn/server/helpers");
+const signer_1 = __importDefault(require("../protocols/signer"));
+/**
+ * Signer implementation for passkey, based on `@simplewebauthn/server`
+ * Since passkey supports only verification, we do not need to implement the sign method
+ * And passkeys can used multiple algorithms, we do not need to implement the algorithm selection
+ *
+ * @class PasskeySigner
+ */
+class PasskeySigner extends signer_1.default {
+    constructor() {
+        super();
+    }
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    genKeyPair(encoding = 'hex', userSeed) {
+        throw new Error('Not supported');
+    }
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    getPublicKey(sk, encoding = 'hex') {
+        throw new Error('Not supported');
+    }
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    sign(message, sk, encoding = 'hex') {
+        throw new Error('Not supported');
+    }
+    /**
+     * Verify if a signature is valid
+     *
+     * @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
+     * @param {string|buffer} signature - signature from passkey
+     * @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
+     * @returns {bool}
+     */
+    async verify(challenge, signature, pk, extra) {
+        const parsed = JSON.parse(extra);
+        if (!parsed.authenticatorData || !parsed.clientDataJSON) {
+            throw new Error('extra.authenticatorData or extra.clientDataJSON is required for passkey signature verification');
+        }
+        const authDataBuffer = (0, util_1.toBuffer)((0, util_1.fromBase64)(parsed.authenticatorData));
+        const clientDataHash = await (0, helpers_1.toHash)(helpers_1.isoBase64URL.toBuffer(parsed.clientDataJSON));
+        const clientData = (0, helpers_1.decodeClientDataJSON)(parsed.clientDataJSON);
+        if (clientData.challenge !== (0, util_1.toBase64)(challenge)) {
+            throw new Error('challenge mismatch for passkey signature');
+        }
+        // FIXME: @wangshijun add more check here
+        // if (clientData.type !== 'ocap.tx.sign') {
+        //   throw new Error('Invalid client data type');
+        // }
+        return (0, helpers_1.verifySignature)({
+            signature: helpers_1.isoBase64URL.toBuffer(typeof signature === 'string' ? signature : (0, util_1.toBase64)(signature)),
+            data: helpers_1.isoUint8Array.concat([authDataBuffer, clientDataHash]),
+            credentialPublicKey: pk,
+        });
+    }
+}
+exports.PasskeySigner = PasskeySigner;
+exports.default = new PasskeySigner();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ocap/mcrypto",
-  "version": "1.18.166",
+  "version": "1.19.1",
   "description": "Crypto lib that provides signer,crypter,hasher interface",
   "keywords": [
     "crypto",
@@ -21,22 +21,34 @@
   ],
   "homepage": "https://github.com/ArcBlock/blockchain/tree/master/core/mcrypto",
   "license": "Apache-2.0",
-  "main": "lib/index.js",
-  "typings": "lib/index.d.ts",
+  "main": "./lib/index.js",
+  "module": "./lib/index.js",
+  "types": "./esm/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./esm/index.js",
+      "require": "./lib/index.js",
+      "default": "./esm/index.js"
+    },
+    "./lib/*": {
+      "require": "./lib/*.js"
+    }
+  },
   "files": [
-    "lib"
+    "lib",
+    "esm"
   ],
   "devDependencies": {
-    "@arcblock/eslint-config-ts": "0.2.3",
+    "@arcblock/eslint-config-ts": "0.3.3",
     "@types/crypto-js": "^4.2.2",
-    "@types/elliptic": "^6.4.14",
-    "@types/node": "^17.0.45",
-    "@types/randombytes": "^2.0.0",
-    "eslint": "^8.25.0",
+    "@types/elliptic": "^6.4.18",
+    "@types/node": "^22.7.5",
+    "@types/randombytes": "^2.0.3",
+    "eslint": "^8.57.0",
     "jest": "^29.7.0",
     "ts-jest": "^29.2.5",
     "type-fest": "^3.1.0",
-    "typescript": "^4.8.4"
+    "typescript": "^5.6.2"
   },
   "repository": {
     "type": "git",
@@ -48,16 +60,19 @@
     "prepush": "CI=1 yarn test",
     "test": "jest --forceExit --detectOpenHandles",
     "coverage": "npm run test -- --coverage",
-    "clean": "rm -fr lib",
+    "clean": "rm -fr lib esm",
     "prebuild": "npm run clean",
-    "build": "tsc",
+    "build:cjs": "tsc -p tsconfig.cjs.json",
+    "build:esm": "tsc -p tsconfig.esm.json",
+    "build": "npm run build:cjs && npm run build:esm",
     "build:watch": "npm run build -- -w"
   },
   "bugs": {
     "url": "https://github.com/ArcBlock/blockchain/issues"
   },
   "dependencies": {
-    "@ocap/util": "1.18.166",
+    "@ocap/util": "1.19.1",
+    "@simplewebauthn/server": "^13.0.0",
     "bn.js": "5.2.1",
     "crypto-js": "^4.2.0",
     "elliptic": "^6.5.4",
@@ -72,5 +87,5 @@
     "bn.js": "5.2.1",
     "elliptic": "6.5.3"
   },
-  "gitHead": "58c8356b3b8c238728560e4c3fef6ed1704d3ac4"
+  "gitHead": "21184488172c6c824ebd1714f728ff2aee4a3ac0"
 }