@ocap/mcrypto 1.27.16 → 1.28.1

package/esm/signer/ed25519.js

@@ -1,82 +1,82 @@
-/* eslint-disable @typescript-eslint/no-useless-constructor */
-import tweetnacl from 'tweetnacl';
-import randomBytes from 'randombytes';
-import { toUint8Array } from '@ocap/util';
-import BaseSigner from '../protocols/signer';
-import { encode } from '../encode';
+import { encode } from "../encode.js";
+import signer_default from "../protocols/signer.js";
+import { toUint8Array } from "@ocap/util";
+import randomBytes from "randombytes";
+import tweetnacl from "tweetnacl";
+
+//#region src/signer/ed25519.ts
 const ed25519 = tweetnacl.sign;
 /**
- * Signer implementation for ed25519, based on `tweetnacl`
- *
- * @class Ed25519Signer
- */
-class Ed25519Signer extends BaseSigner {
-    constructor() {
-        super();
-    }
-    /**
-     * @public
-     * @typedefKeyPairType
-     * @prop {string} publicKey - publicKey in hex format
-     * @prop {string} secretKey - secretKey in hex format
-     * @memberof Ed25519Signer
-     */
-    /**
-     * Generate random secret/public key pair
-     *
-     * @param {Buffer|Uint8Array} [userSeed=undefined]
-     * @param {string} [encoding='hex']
-     * @returns {KeyPairType}
-     * @memberof Ed25519Signer
-     */
-    genKeyPair(encoding = 'hex', userSeed) {
-        const seed = userSeed ? toUint8Array(userSeed) : new Uint8Array(randomBytes(32));
-        if (seed.byteLength !== 32) {
-            throw new Error('Invalid seed to generate key pair');
-        }
-        const keyPair = ed25519.keyPair.fromSeed(seed);
-        keyPair.publicKey = encode(keyPair.publicKey, encoding);
-        keyPair.secretKey = encode(keyPair.secretKey, encoding);
-        return keyPair;
-    }
-    /**
-     * Get publicKey from secretKey
-     *
-     * @param {hex|buffer|base58|Uint8Array} sk - can be either a hex encoded string or a buffer
-     * @returns {string} hex encoded publicKey
-     */
-    getPublicKey(sk, encoding = 'hex') {
-        const skBytes = toUint8Array(sk);
-        const pk = ed25519.keyPair.fromSecretKey(skBytes).publicKey;
-        return encode(pk, encoding);
-    }
-    /**
-     * Sign a message and get the signature hex
-     *
-     * @param {hex|base58|buffer|Uint8Array} message
-     * @param {hex|base58|buffer|Uint8Array} sk
-     * @returns {string} hex encoded signature
-     */
-    sign(message, sk, encoding = 'hex') {
-        const skBytes = toUint8Array(sk);
-        const messageBytes = toUint8Array(message);
-        const signature = ed25519.detached(messageBytes, skBytes);
-        return encode(signature, encoding);
-    }
-    /**
-     * Verify if a signature is valid
-     *
-     * @param {string|buffer} message
-     * @param {string|buffer} signature
-     * @param {string|buffer} pk
-     * @returns {bool}
-     */
-    verify(message, signature, pk) {
-        const pkBytes = toUint8Array(pk);
-        const messageBytes = toUint8Array(message);
-        const signatureBytes = toUint8Array(signature);
-        return ed25519.detached.verify(messageBytes, signatureBytes, pkBytes);
-    }
-}
-export default new Ed25519Signer();
-export { Ed25519Signer };
+* Signer implementation for ed25519, based on `tweetnacl`
+*
+* @class Ed25519Signer
+*/
+var Ed25519Signer = class extends signer_default {
+	constructor() {
+		super();
+	}
+	/**
+	* @public
+	* @typedefKeyPairType
+	* @prop {string} publicKey - publicKey in hex format
+	* @prop {string} secretKey - secretKey in hex format
+	* @memberof Ed25519Signer
+	*/
+	/**
+	* Generate random secret/public key pair
+	*
+	* @param {Buffer|Uint8Array} [userSeed=undefined]
+	* @param {string} [encoding='hex']
+	* @returns {KeyPairType}
+	* @memberof Ed25519Signer
+	*/
+	genKeyPair(encoding = "hex", userSeed) {
+		const seed = userSeed ? toUint8Array(userSeed) : new Uint8Array(randomBytes(32));
+		if (seed.byteLength !== 32) throw new Error("Invalid seed to generate key pair");
+		const keyPair = ed25519.keyPair.fromSeed(seed);
+		keyPair.publicKey = encode(keyPair.publicKey, encoding);
+		keyPair.secretKey = encode(keyPair.secretKey, encoding);
+		return keyPair;
+	}
+	/**
+	* Get publicKey from secretKey
+	*
+	* @param {hex|buffer|base58|Uint8Array} sk - can be either a hex encoded string or a buffer
+	* @returns {string} hex encoded publicKey
+	*/
+	getPublicKey(sk, encoding = "hex") {
+		const skBytes = toUint8Array(sk);
+		const pk = ed25519.keyPair.fromSecretKey(skBytes).publicKey;
+		return encode(pk, encoding);
+	}
+	/**
+	* Sign a message and get the signature hex
+	*
+	* @param {hex|base58|buffer|Uint8Array} message
+	* @param {hex|base58|buffer|Uint8Array} sk
+	* @returns {string} hex encoded signature
+	*/
+	sign(message, sk, encoding = "hex") {
+		const skBytes = toUint8Array(sk);
+		const messageBytes = toUint8Array(message);
+		return encode(ed25519.detached(messageBytes, skBytes), encoding);
+	}
+	/**
+	* Verify if a signature is valid
+	*
+	* @param {string|buffer} message
+	* @param {string|buffer} signature
+	* @param {string|buffer} pk
+	* @returns {bool}
+	*/
+	verify(message, signature, pk) {
+		const pkBytes = toUint8Array(pk);
+		const messageBytes = toUint8Array(message);
+		const signatureBytes = toUint8Array(signature);
+		return ed25519.detached.verify(messageBytes, signatureBytes, pkBytes);
+	}
+};
+var ed25519_default = new Ed25519Signer();
+
+//#endregion
+export { Ed25519Signer, ed25519_default as default };

package/esm/signer/ethereum.d.ts

@@ -1,16 +1,19 @@
-import { Secp256k1Signer } from './secp256k1';
+import { Secp256k1Signer } from "./secp256k1.js";
+
+//#region src/signer/ethereum.d.ts
+
 /**
  * Signer implementation for secp256k1, based on `elliptic`, and ethereum compatible
  *
  * @class EthereumSigner
  */
 declare class EthereumSigner extends Secp256k1Signer {
-    pkHasFormatPrefix: boolean;
-    constructor();
-    ethHash(data: string): string;
-    ethSign(data: string, privateKey: string): string;
-    ethRecover(data: string, signature: string): string;
+  pkHasFormatPrefix: boolean;
+  constructor();
+  ethHash(data: string): string;
+  ethSign(data: string, privateKey: string): string;
+  ethRecover(data: string, signature: string): string;
 }
 declare const _default: EthereumSigner;
-export default _default;
-export { EthereumSigner };
+//#endregion
+export { EthereumSigner, _default as default };

package/esm/signer/ethereum.js

@@ -1,35 +1,35 @@
-/* eslint-disable @typescript-eslint/ban-ts-comment */
-// @ts-ignore
-import Account from 'eth-lib/lib/account';
-// @ts-ignore
-import Hash from 'eth-lib/lib/hash';
-import { isHexStrict, utf8ToHex, hexToBytes } from '@ocap/util';
-import { Secp256k1Signer } from './secp256k1';
+import { Secp256k1Signer } from "./secp256k1.js";
+import { hexToBytes, isHexStrict, utf8ToHex } from "@ocap/util";
+import Account from "eth-lib/lib/account.js";
+import Hash from "eth-lib/lib/hash.js";
+
+//#region src/signer/ethereum.ts
 /**
- * Signer implementation for secp256k1, based on `elliptic`, and ethereum compatible
- *
- * @class EthereumSigner
- */
-class EthereumSigner extends Secp256k1Signer {
-    constructor() {
-        super();
-        this.pkHasFormatPrefix = false;
-    }
-    ethHash(data) {
-        const messageHex = isHexStrict(data) ? data : utf8ToHex(data);
-        const messageBytes = hexToBytes(messageHex);
-        const messageBuffer = Buffer.from(messageBytes);
-        const preamble = `\x19Ethereum Signed Message:\n${messageBytes.length}`;
-        const preambleBuffer = Buffer.from(preamble);
-        const ethMessage = Buffer.concat([preambleBuffer, messageBuffer]);
-        return Hash.keccak256s(ethMessage);
-    }
-    ethSign(data, privateKey) {
-        return Account.sign(data, privateKey);
-    }
-    ethRecover(data, signature) {
-        return Account.recover(data, signature);
-    }
-}
-export default new EthereumSigner();
-export { EthereumSigner };
+* Signer implementation for secp256k1, based on `elliptic`, and ethereum compatible
+*
+* @class EthereumSigner
+*/
+var EthereumSigner = class extends Secp256k1Signer {
+	constructor() {
+		super();
+		this.pkHasFormatPrefix = false;
+	}
+	ethHash(data) {
+		const messageBytes = hexToBytes(isHexStrict(data) ? data : utf8ToHex(data));
+		const messageBuffer = Buffer.from(messageBytes);
+		const preamble = `\x19Ethereum Signed Message:\n${messageBytes.length}`;
+		const preambleBuffer = Buffer.from(preamble);
+		const ethMessage = Buffer.concat([preambleBuffer, messageBuffer]);
+		return Hash.keccak256s(ethMessage);
+	}
+	ethSign(data, privateKey) {
+		return Account.sign(data, privateKey);
+	}
+	ethRecover(data, signature) {
+		return Account.recover(data, signature);
+	}
+};
+var ethereum_default = new EthereumSigner();
+
+//#endregion
+export { EthereumSigner, ethereum_default as default };

package/esm/signer/passkey.d.ts

@@ -1,5 +1,8 @@
-import { BytesType, EncodingType, KeyPairType } from '@ocap/util';
-import BaseSigner from '../protocols/signer';
+import _default$1 from "../protocols/signer.js";
+import { BytesType, EncodingType, KeyPairType } from "@ocap/util";
+
+//#region src/signer/passkey.d.ts
+
 /**
  * Signer implementation for passkey, based on `@simplewebauthn/server`
  * Since passkey supports only verification, we do not need to implement the sign method
@@ -7,21 +10,21 @@ import BaseSigner from '../protocols/signer';
  *
  * @class PasskeySigner
  */
-declare class PasskeySigner extends BaseSigner {
-    constructor();
-    genKeyPair(encoding?: EncodingType, userSeed?: BytesType): KeyPairType;
-    getPublicKey(sk: BytesType, encoding?: EncodingType): BytesType;
-    sign(message: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
-    /**
-     * Verify if a signature is valid
-     *
-     * @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
-     * @param {string|buffer} signature - signature from passkey
-     * @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
-     * @returns {bool}
-     */
-    verify(challenge: BytesType, signature: BytesType, pk: BytesType, extra: string): Promise<boolean>;
+declare class PasskeySigner extends _default$1 {
+  constructor();
+  genKeyPair(encoding?: EncodingType, userSeed?: BytesType): KeyPairType;
+  getPublicKey(sk: BytesType, encoding?: EncodingType): BytesType;
+  sign(message: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
+  /**
+   * Verify if a signature is valid
+   *
+   * @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
+   * @param {string|buffer} signature - signature from passkey
+   * @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
+   * @returns {bool}
+   */
+  verify(challenge: BytesType, signature: BytesType, pk: BytesType, extra: string): Promise<boolean>;
 }
 declare const _default: PasskeySigner;
-export default _default;
-export { PasskeySigner };
+//#endregion
+export { PasskeySigner, _default as default };

package/esm/signer/passkey.js

@@ -1,59 +1,50 @@
-/* eslint-disable @typescript-eslint/no-useless-constructor */
-import { toBuffer, fromBase64, toBase64 } from '@ocap/util';
-import { decodeClientDataJSON, isoBase64URL, isoUint8Array, toHash, verifySignature, } from '@simplewebauthn/server/helpers';
-import BaseSigner from '../protocols/signer';
+import signer_default from "../protocols/signer.js";
+import { fromBase64, toBase64, toBuffer } from "@ocap/util";
+import { decodeClientDataJSON, isoBase64URL, isoUint8Array, toHash, verifySignature } from "@simplewebauthn/server/helpers";
+
+//#region src/signer/passkey.ts
 /**
- * Signer implementation for passkey, based on `@simplewebauthn/server`
- * Since passkey supports only verification, we do not need to implement the sign method
- * And passkeys can used multiple algorithms, we do not need to implement the algorithm selection
- *
- * @class PasskeySigner
- */
-class PasskeySigner extends BaseSigner {
-    constructor() {
-        super();
-    }
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    genKeyPair(encoding = 'hex', userSeed) {
-        throw new Error('Not supported');
-    }
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    getPublicKey(sk, encoding = 'hex') {
-        throw new Error('Not supported');
-    }
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    sign(message, sk, encoding = 'hex') {
-        throw new Error('Not supported');
-    }
-    /**
-     * Verify if a signature is valid
-     *
-     * @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
-     * @param {string|buffer} signature - signature from passkey
-     * @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
-     * @returns {bool}
-     */
-    async verify(challenge, signature, pk, extra) {
-        const parsed = JSON.parse(extra);
-        if (!parsed.authenticatorData || !parsed.clientDataJSON) {
-            throw new Error('extra.authenticatorData or extra.clientDataJSON is required for passkey signature verification');
-        }
-        const authDataBuffer = toBuffer(fromBase64(parsed.authenticatorData));
-        const clientDataHash = await toHash(isoBase64URL.toBuffer(parsed.clientDataJSON));
-        const clientData = decodeClientDataJSON(parsed.clientDataJSON);
-        if (clientData.challenge !== toBase64(challenge)) {
-            throw new Error('challenge mismatch for passkey signature');
-        }
-        // FIXME: @wangshijun add more check here
-        // if (clientData.type !== 'ocap.tx.sign') {
-        //   throw new Error('Invalid client data type');
-        // }
-        return verifySignature({
-            signature: isoBase64URL.toBuffer(typeof signature === 'string' ? signature : toBase64(signature)),
-            data: isoUint8Array.concat([authDataBuffer, clientDataHash]),
-            credentialPublicKey: pk,
-        });
-    }
-}
-export default new PasskeySigner();
-export { PasskeySigner };
+* Signer implementation for passkey, based on `@simplewebauthn/server`
+* Since passkey supports only verification, we do not need to implement the sign method
+* And passkeys can used multiple algorithms, we do not need to implement the algorithm selection
+*
+* @class PasskeySigner
+*/
+var PasskeySigner = class extends signer_default {
+	constructor() {
+		super();
+	}
+	genKeyPair(encoding = "hex", userSeed) {
+		throw new Error("Not supported");
+	}
+	getPublicKey(sk, encoding = "hex") {
+		throw new Error("Not supported");
+	}
+	sign(message, sk, encoding = "hex") {
+		throw new Error("Not supported");
+	}
+	/**
+	* Verify if a signature is valid
+	*
+	* @param {string|buffer} challenge - the challenge sent to passkey, should be txHash when signing a transaction
+	* @param {string|buffer} signature - signature from passkey
+	* @param {string|buffer} pk - credentialPublicKey from passkey, must be parsed with `parseAuthenticatorData`
+	* @returns {bool}
+	*/
+	async verify(challenge, signature, pk, extra) {
+		const parsed = JSON.parse(extra);
+		if (!parsed.authenticatorData || !parsed.clientDataJSON) throw new Error("extra.authenticatorData or extra.clientDataJSON is required for passkey signature verification");
+		const authDataBuffer = toBuffer(fromBase64(parsed.authenticatorData));
+		const clientDataHash = await toHash(isoBase64URL.toBuffer(parsed.clientDataJSON));
+		if (decodeClientDataJSON(parsed.clientDataJSON).challenge !== toBase64(challenge)) throw new Error("challenge mismatch for passkey signature");
+		return verifySignature({
+			signature: isoBase64URL.toBuffer(typeof signature === "string" ? signature : toBase64(signature)),
+			data: isoUint8Array.concat([authDataBuffer, clientDataHash]),
+			credentialPublicKey: pk
+		});
+	}
+};
+var passkey_default = new PasskeySigner();
+
+//#endregion
+export { PasskeySigner, passkey_default as default };

package/esm/signer/secp256k1.d.ts

@@ -1,39 +1,42 @@
-import { BytesType, KeyPairType, EncodingType } from '@ocap/util';
-import Signer from '../protocols/signer';
+import _default$1 from "../protocols/signer.js";
+import { BytesType, EncodingType, KeyPairType } from "@ocap/util";
+
+//#region src/signer/secp256k1.d.ts
+
 /**
  * Signer implementation for secp256k1, based on `elliptic`
  *
  * @class Secp256k1Signer
  */
-declare class Secp256k1Signer extends Signer {
-    pkCompressed: boolean;
-    pkHasFormatPrefix: boolean;
-    constructor();
-    isValidSK(sk: Uint8Array): boolean;
-    /**
-     * @public
-     * @typedefKeyPairType
-     * @prop {string} publicKey - publicKey in hex format
-     * @prop {string} secretKey - secretKey in hex format
-     * @memberof Secp256k1Signer
-     */
-    /**
-     * Generate random secret/public key pair
-     */
-    genKeyPair(encoding?: EncodingType): KeyPairType;
-    /**
-     * Get publicKey from secretKey
-     */
-    getPublicKey(sk: BytesType, encoding?: EncodingType): BytesType;
-    /**
-     * Sign a message and get the signature hex
-     */
-    sign(message: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
-    /**
-     * Verify if a signature is valid
-     */
-    verify(message: BytesType, signature: BytesType, pk: BytesType): boolean;
+declare class Secp256k1Signer extends _default$1 {
+  pkCompressed: boolean;
+  pkHasFormatPrefix: boolean;
+  constructor();
+  isValidSK(sk: Uint8Array): boolean;
+  /**
+   * @public
+   * @typedefKeyPairType
+   * @prop {string} publicKey - publicKey in hex format
+   * @prop {string} secretKey - secretKey in hex format
+   * @memberof Secp256k1Signer
+   */
+  /**
+   * Generate random secret/public key pair
+   */
+  genKeyPair(encoding?: EncodingType): KeyPairType;
+  /**
+   * Get publicKey from secretKey
+   */
+  getPublicKey(sk: BytesType, encoding?: EncodingType): BytesType;
+  /**
+   * Sign a message and get the signature hex
+   */
+  sign(message: BytesType, sk: BytesType, encoding?: EncodingType): BytesType;
+  /**
+   * Verify if a signature is valid
+   */
+  verify(message: BytesType, signature: BytesType, pk: BytesType): boolean;
 }
 declare const _default: Secp256k1Signer;
-export default _default;
-export { Secp256k1Signer };
+//#endregion
+export { Secp256k1Signer, _default as default };