@ocap/mcrypto 1.29.22 → 1.29.23

package/lib/signer/secp256k1.cjs

@@ -5,14 +5,12 @@ const require_protocols_signer = require('../protocols/signer.cjs');
 let _ocap_util = require("@ocap/util");
 let randombytes = require("randombytes");
 randombytes = require_rolldown_runtime.__toESM(randombytes);
-let elliptic = require("elliptic");
-elliptic = require_rolldown_runtime.__toESM(elliptic);
+let _noble_curves_secp256k1 = require("@noble/curves/secp256k1");
+let _noble_curves_abstract_utils = require("@noble/curves/abstract/utils");
 
 //#region src/signer/secp256k1.ts
-const EC = elliptic.default.ec;
-const secp256k1 = new EC("secp256k1");
 /**
-* Signer implementation for secp256k1, based on `elliptic`
+* Signer implementation for secp256k1, based on `@noble/curves`
 *
 * @class Secp256k1Signer
 */
@@ -24,8 +22,7 @@ var Secp256k1Signer = class extends require_protocols_signer.default {
 	}
 	isValidSK(sk) {
 		if (sk.byteLength !== 32) return false;
-		const bn = new _ocap_util.BN(sk);
-		return bn.cmp(secp256k1.curve.n) < 0 && !bn.isZero();
+		return _noble_curves_secp256k1.secp256k1.utils.isValidPrivateKey(sk);
 	}
 	/**
 	* @public
@@ -53,7 +50,7 @@ var Secp256k1Signer = class extends require_protocols_signer.default {
 	*/
 	getPublicKey(sk, encoding = "hex") {
 		if (!this.isValidSK((0, _ocap_util.toUint8Array)(sk))) throw new Error("Invalid secret key");
-		let pk = secp256k1.keyFromPrivate((0, _ocap_util.toBuffer)(sk)).getPublic(this.pkCompressed, "hex");
+		let pk = (0, _noble_curves_abstract_utils.bytesToHex)(_noble_curves_secp256k1.secp256k1.getPublicKey((0, _ocap_util.toUint8Array)(sk), this.pkCompressed));
 		if (this.pkHasFormatPrefix === false) pk = pk.slice(2);
 		return require_encode.encode(`0x${pk}`, encoding);
 	}
@@ -62,30 +59,28 @@ var Secp256k1Signer = class extends require_protocols_signer.default {
 	*/
 	sign(message, sk, encoding = "hex") {
 		const msg = (0, _ocap_util.toUint8Array)(message);
-		return require_encode.encode(`0x${secp256k1.keyFromPrivate((0, _ocap_util.toBuffer)(sk)).sign((0, _ocap_util.stripHexPrefix)(msg), { canonical: true }).toDER("hex")}`, encoding);
+		return require_encode.encode(`0x${_noble_curves_secp256k1.secp256k1.sign(msg, (0, _ocap_util.toUint8Array)(sk)).toDERHex()}`, encoding);
 	}
 	/**
 	* Verify if a signature is valid
 	*/
 	verify(message, signature, pk) {
 		const msg = (0, _ocap_util.toUint8Array)(message);
-		const sigHex = (0, _ocap_util.stripHexPrefix)((0, _ocap_util.toHex)(signature));
-		const sigBuf = Buffer.from(sigHex, "hex");
-		if (sigBuf.length > 6 && sigBuf[0] === 48) {
-			const sLenIndex = 4 + sigBuf[3] + 1;
-			if (sLenIndex < sigBuf.length) {
-				const sLen = sigBuf[sLenIndex];
-				const sStart = sLenIndex + 1;
-				if (sStart + sLen <= sigBuf.length) {
-					const sValue = new _ocap_util.BN(sigBuf.slice(sStart, sStart + sLen));
-					const halfOrder = secp256k1.curve.n.shrn(1);
-					if (sValue.cmp(halfOrder) > 0) return false;
-				}
-			}
+		const sigHex = (0, _ocap_util.toHex)(signature).replace(/^0x/i, "");
+		let pkBytes = (0, _ocap_util.toUint8Array)(pk);
+		if (this.pkHasFormatPrefix === false && pkBytes[0] !== 4 && pkBytes.byteLength === 64) {
+			const prefixed = new Uint8Array(65);
+			prefixed[0] = 4;
+			prefixed.set(pkBytes, 1);
+			pkBytes = prefixed;
+		}
+		try {
+			const sig = _noble_curves_secp256k1.secp256k1.Signature.fromDER(sigHex);
+			if (sig.hasHighS()) return false;
+			return _noble_curves_secp256k1.secp256k1.verify(sig, msg, pkBytes);
+		} catch {
+			return false;
 		}
-		let pkBuffer = (0, _ocap_util.toBuffer)(pk);
-		if (this.pkHasFormatPrefix === false && pkBuffer[0] !== 4 && pkBuffer.byteLength === 64) pkBuffer = Buffer.concat([Uint8Array.from([4]), Uint8Array.from(pkBuffer)]);
-		return secp256k1.keyFromPublic(pkBuffer).verify((0, _ocap_util.stripHexPrefix)(msg), sigHex);
 	}
 };
 var secp256k1_default = new Secp256k1Signer();

package/lib/signer/secp256k1.d.cts

@@ -4,7 +4,7 @@ import { BytesType, EncodingType, KeyPairType } from "@ocap/util";
 //#region src/signer/secp256k1.d.ts
 
 /**
- * Signer implementation for secp256k1, based on `elliptic`
+ * Signer implementation for secp256k1, based on `@noble/curves`
  *
  * @class Secp256k1Signer
  */

package/lib/webauthn.cjs

@@ -0,0 +1,533 @@
+const require_rolldown_runtime = require('./_virtual/rolldown_runtime.cjs');
+let _noble_hashes_sha2_js = require("@noble/hashes/sha2.js");
+let _noble_curves_secp256k1 = require("@noble/curves/secp256k1");
+let _noble_curves_p256 = require("@noble/curves/p256");
+let _noble_curves_p384 = require("@noble/curves/p384");
+let _noble_curves_p521 = require("@noble/curves/p521");
+
+//#region src/webauthn.ts
+/**
+* Lightweight WebAuthn/passkey utilities — replaces @simplewebauthn/server/helpers.
+*
+* Provides COSE constants, CBOR-based credential public key decoding, base64url helpers,
+* authenticator data parsing, and ECDSA signature verification using @noble/curves.
+*
+* Designed for environments sensitive to bundle size (e.g. Cloudflare Workers).
+*/
+var webauthn_exports = /* @__PURE__ */ require_rolldown_runtime.__exportAll({
+	COSEALG: () => COSEALG,
+	COSECRV: () => COSECRV,
+	COSEKEYS: () => COSEKEYS,
+	COSEKTY: () => COSEKTY,
+	cose: () => cose,
+	decodeClientDataJSON: () => decodeClientDataJSON,
+	generateAuthenticationOptions: () => generateAuthenticationOptions,
+	generateChallenge: () => generateChallenge,
+	generateRegistrationOptions: () => generateRegistrationOptions,
+	isoBase64URL: () => isoBase64URL,
+	isoCBOR: () => isoCBOR,
+	isoUint8Array: () => isoUint8Array,
+	parseAuthenticatorData: () => parseAuthenticatorData,
+	toHash: () => toHash,
+	verifyRegistrationResponse: () => verifyRegistrationResponse,
+	verifySignature: () => verifySignature
+});
+const COSEKEYS = {
+	kty: 1,
+	alg: 3,
+	crv: -1,
+	x: -2,
+	y: -3,
+	n: -1,
+	e: -2
+};
+const COSEKTY = {
+	OKP: 1,
+	EC2: 2,
+	RSA: 3
+};
+const COSEALG = {
+	ES256: -7,
+	EdDSA: -8,
+	ES384: -35,
+	ES512: -36,
+	PS256: -37,
+	PS384: -38,
+	PS512: -39,
+	ES256K: -47,
+	RS256: -257,
+	RS384: -258,
+	RS512: -259,
+	RS1: -65535
+};
+const COSECRV = {
+	P256: 1,
+	P384: 2,
+	P521: 3,
+	ED25519: 6,
+	SECP256K1: 8
+};
+const cose = {
+	COSEKEYS,
+	COSEKTY,
+	COSEALG,
+	COSECRV
+};
+const isoBase64URL = {
+	toBuffer(base64url) {
+		const base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+		const padded = base64 + "=".repeat((4 - base64.length % 4) % 4);
+		const binary = atob(padded);
+		const bytes = new Uint8Array(binary.length);
+		for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+		return bytes;
+	},
+	fromBuffer(buffer, to = "base64url") {
+		const normalized = new Uint8Array(buffer);
+		let binary = "";
+		for (let i = 0; i < normalized.length; i++) binary += String.fromCharCode(normalized[i]);
+		const base64 = btoa(binary);
+		if (to === "base64") return base64;
+		return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+	},
+	toUTF8String(base64url) {
+		const bytes = isoBase64URL.toBuffer(base64url);
+		return new TextDecoder().decode(bytes);
+	},
+	fromUTF8String(utf8String) {
+		const bytes = new TextEncoder().encode(utf8String);
+		return isoBase64URL.fromBuffer(bytes);
+	}
+};
+const isoUint8Array = {
+	concat(arrays) {
+		const totalLength = arrays.reduce((sum, a) => sum + a.length, 0);
+		const result = new Uint8Array(totalLength);
+		let offset = 0;
+		for (const arr of arrays) {
+			result.set(arr, offset);
+			offset += arr.length;
+		}
+		return result;
+	},
+	areEqual(a, b) {
+		if (a.length !== b.length) return false;
+		return a.every((v, i) => v === b[i]);
+	},
+	toDataView(array) {
+		return new DataView(array.buffer, array.byteOffset, array.length);
+	},
+	fromHex(hex) {
+		const bytes = new Uint8Array(hex.length / 2);
+		for (let i = 0; i < hex.length; i += 2) bytes[i / 2] = Number.parseInt(hex.substring(i, i + 2), 16);
+		return bytes;
+	}
+};
+function decodeCBORInternal(data, offset) {
+	const major = data[offset] >> 5;
+	const additional = data[offset] & 31;
+	offset++;
+	let length;
+	if (additional < 24) length = additional;
+	else if (additional === 24) length = data[offset++];
+	else if (additional === 25) {
+		length = data[offset] << 8 | data[offset + 1];
+		offset += 2;
+	} else if (additional === 26) {
+		length = data[offset] << 24 | data[offset + 1] << 16 | data[offset + 2] << 8 | data[offset + 3];
+		offset += 4;
+	} else throw new Error(`CBOR: unsupported additional info ${additional}`);
+	switch (major) {
+		case 0: return [length, offset];
+		case 1: return [-1 - length, offset];
+		case 2: return [data.slice(offset, offset + length), offset + length];
+		case 3: return [new TextDecoder().decode(data.slice(offset, offset + length)), offset + length];
+		case 4: {
+			const arr = [];
+			for (let i = 0; i < length; i++) {
+				const [value, newOffset] = decodeCBORInternal(data, offset);
+				arr.push(value);
+				offset = newOffset;
+			}
+			return [arr, offset];
+		}
+		case 5: {
+			const map = /* @__PURE__ */ new Map();
+			for (let i = 0; i < length; i++) {
+				const [key, keyOffset] = decodeCBORInternal(data, offset);
+				const [value, valueOffset] = decodeCBORInternal(data, keyOffset);
+				map.set(key, value);
+				offset = valueOffset;
+			}
+			return [map, offset];
+		}
+		default: throw new Error(`CBOR: unsupported major type ${major}`);
+	}
+}
+function encodeCBORValue(value) {
+	if (value instanceof Uint8Array || value instanceof ArrayBuffer) {
+		const bytes = value instanceof Uint8Array ? value : new Uint8Array(value);
+		return [...encodeCBORHead(2, bytes.length), ...bytes];
+	}
+	if (typeof value === "number") {
+		if (value >= 0) return encodeCBORHead(0, value);
+		return encodeCBORHead(1, -1 - value);
+	}
+	if (typeof value === "string") {
+		const encoded = new TextEncoder().encode(value);
+		return [...encodeCBORHead(3, encoded.length), ...encoded];
+	}
+	if (Array.isArray(value)) {
+		const items = value.flatMap((v) => encodeCBORValue(v));
+		return [...encodeCBORHead(4, value.length), ...items];
+	}
+	if (value instanceof Map) {
+		const items = [];
+		for (const [k, v] of value) items.push(...encodeCBORValue(k), ...encodeCBORValue(v));
+		return [...encodeCBORHead(5, value.size), ...items];
+	}
+	throw new Error(`CBOR encode: unsupported type ${typeof value}`);
+}
+function encodeCBORHead(major, length) {
+	const prefix = major << 5;
+	if (length < 24) return [prefix | length];
+	if (length < 256) return [prefix | 24, length];
+	if (length < 65536) return [
+		prefix | 25,
+		length >> 8 & 255,
+		length & 255
+	];
+	return [
+		prefix | 26,
+		length >> 24 & 255,
+		length >> 16 & 255,
+		length >> 8 & 255,
+		length & 255
+	];
+}
+const isoCBOR = {
+	decodeFirst(input) {
+		const [value] = decodeCBORInternal(new Uint8Array(input), 0);
+		return value;
+	},
+	encode(input) {
+		return new Uint8Array(encodeCBORValue(input));
+	}
+};
+async function toHash(data, algorithm = COSEALG.ES256) {
+	const input = typeof data === "string" ? new TextEncoder().encode(data) : data;
+	if ([
+		COSEALG.ES256,
+		COSEALG.PS256,
+		COSEALG.RS256,
+		COSEALG.ES256K
+	].includes(algorithm)) return (0, _noble_hashes_sha2_js.sha256)(input);
+	if ([
+		COSEALG.ES384,
+		COSEALG.PS384,
+		COSEALG.RS384
+	].includes(algorithm)) return (0, _noble_hashes_sha2_js.sha384)(input);
+	if ([
+		COSEALG.ES512,
+		COSEALG.PS512,
+		COSEALG.RS512,
+		COSEALG.EdDSA
+	].includes(algorithm)) return (0, _noble_hashes_sha2_js.sha512)(input);
+	return (0, _noble_hashes_sha2_js.sha256)(input);
+}
+function decodeClientDataJSON(data) {
+	return JSON.parse(isoBase64URL.toUTF8String(data));
+}
+function parseAuthenticatorData(authData) {
+	if (authData.byteLength < 37) throw new Error(`Authenticator data was ${authData.byteLength} bytes, expected at least 37 bytes`);
+	let pointer = 0;
+	const dataView = isoUint8Array.toDataView(authData);
+	const rpIdHash = authData.slice(pointer, pointer += 32);
+	const flagsBuf = authData.slice(pointer, pointer += 1);
+	const flagsInt = flagsBuf[0];
+	const flags = {
+		up: !!(flagsInt & 1),
+		uv: !!(flagsInt & 4),
+		be: !!(flagsInt & 8),
+		bs: !!(flagsInt & 16),
+		at: !!(flagsInt & 64),
+		ed: !!(flagsInt & 128),
+		flagsInt
+	};
+	const counterBuf = authData.slice(pointer, pointer + 4);
+	const counter = dataView.getUint32(pointer, false);
+	pointer += 4;
+	let aaguid;
+	let credentialID;
+	let credentialPublicKey;
+	if (flags.at) {
+		aaguid = authData.slice(pointer, pointer += 16);
+		const credIDLen = dataView.getUint16(pointer);
+		pointer += 2;
+		credentialID = authData.slice(pointer, pointer += credIDLen);
+		const firstDecoded = isoCBOR.decodeFirst(authData.slice(pointer));
+		const firstEncoded = isoCBOR.encode(firstDecoded);
+		credentialPublicKey = firstEncoded;
+		pointer += firstEncoded.byteLength;
+	}
+	let extensionsData;
+	let extensionsDataBuffer;
+	if (flags.ed) {
+		const firstDecoded = isoCBOR.decodeFirst(authData.slice(pointer));
+		extensionsDataBuffer = isoCBOR.encode(firstDecoded);
+		extensionsData = firstDecoded;
+		pointer += extensionsDataBuffer.byteLength;
+	}
+	return {
+		rpIdHash,
+		flagsBuf,
+		flags,
+		counter,
+		counterBuf,
+		aaguid,
+		credentialID,
+		credentialPublicKey,
+		extensionsData,
+		extensionsDataBuffer
+	};
+}
+function getCurveForCrv(crv) {
+	switch (crv) {
+		case COSECRV.P256: return {
+			curve: _noble_curves_p256.p256,
+			hash: _noble_hashes_sha2_js.sha256,
+			componentLen: 32
+		};
+		case COSECRV.P384: return {
+			curve: _noble_curves_p384.p384,
+			hash: _noble_hashes_sha2_js.sha384,
+			componentLen: 48
+		};
+		case COSECRV.P521: return {
+			curve: _noble_curves_p521.p521,
+			hash: _noble_hashes_sha2_js.sha512,
+			componentLen: 66
+		};
+		case COSECRV.SECP256K1: return {
+			curve: _noble_curves_secp256k1.secp256k1,
+			hash: _noble_hashes_sha2_js.sha256,
+			componentLen: 32
+		};
+		default: throw new Error(`Unsupported COSE curve: ${crv}`);
+	}
+}
+async function verifySignature(opts) {
+	const { signature, data, credentialPublicKey } = opts;
+	const coseKey = isoCBOR.decodeFirst(credentialPublicKey);
+	const kty = coseKey.get(COSEKEYS.kty);
+	if (kty !== COSEKTY.EC2) throw new Error(`Unsupported COSE key type: ${kty} (only EC2 is supported)`);
+	const crv = coseKey.get(COSEKEYS.crv);
+	const x = coseKey.get(COSEKEYS.x);
+	const y = coseKey.get(COSEKEYS.y);
+	if (!x || !y) throw new Error("COSE public key missing x or y coordinate");
+	const { curve, hash, componentLen } = getCurveForCrv(crv);
+	const pubKeyBytes = new Uint8Array(1 + componentLen * 2);
+	pubKeyBytes[0] = 4;
+	pubKeyBytes.set(x.length <= componentLen ? x : x.slice(x.length - componentLen), 1 + (componentLen - x.length));
+	pubKeyBytes.set(y.length <= componentLen ? y : y.slice(y.length - componentLen), 1 + componentLen + (componentLen - y.length));
+	const msgHash = hash(data);
+	try {
+		const sig = curve.Signature.fromDER(signature);
+		return curve.verify(sig, msgHash, pubKeyBytes);
+	} catch {
+		return false;
+	}
+}
+function generateChallenge() {
+	return crypto.getRandomValues(new Uint8Array(32));
+}
+function convertAAGUIDToString(aaguid) {
+	const hex = Array.from(aaguid, (b) => b.toString(16).padStart(2, "0")).join("");
+	return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+async function matchExpectedRPID(rpIdHash, expectedRPIDs) {
+	for (const rpID of expectedRPIDs) {
+		const expectedHash = (0, _noble_hashes_sha2_js.sha256)(new TextEncoder().encode(rpID));
+		if (isoUint8Array.areEqual(rpIdHash, expectedHash)) return rpID;
+	}
+	throw new Error(`Unexpected RP ID hash, expected one of: ${expectedRPIDs.join(", ")}`);
+}
+function parseBackupFlags(flags) {
+	const credentialDeviceType = flags.be ? "multiDevice" : "singleDevice";
+	const credentialBackedUp = flags.bs;
+	if (!flags.be && flags.bs) throw new Error("Credential indicates backup state but not backup eligibility");
+	return {
+		credentialDeviceType,
+		credentialBackedUp
+	};
+}
+async function generateRegistrationOptions(options) {
+	const { rpName, rpID, userName, userID, challenge = generateChallenge(), userDisplayName = "", timeout = 6e4, attestationType = "none", excludeCredentials = [], authenticatorSelection = {
+		residentKey: "preferred",
+		userVerification: "preferred"
+	}, extensions, supportedAlgorithmIDs = [
+		-8,
+		-7,
+		-257
+	] } = options;
+	const pubKeyCredParams = supportedAlgorithmIDs.map((id) => ({
+		alg: id,
+		type: "public-key"
+	}));
+	if (authenticatorSelection.residentKey === void 0) {
+		if (authenticatorSelection.requireResidentKey) authenticatorSelection.residentKey = "required";
+	} else authenticatorSelection.requireResidentKey = authenticatorSelection.residentKey === "required";
+	let _challenge = challenge;
+	if (typeof _challenge === "string") _challenge = new TextEncoder().encode(_challenge);
+	let _userID = userID;
+	if (!_userID) _userID = crypto.getRandomValues(new Uint8Array(32));
+	return {
+		challenge: isoBase64URL.fromBuffer(_challenge),
+		rp: {
+			name: rpName,
+			id: rpID
+		},
+		user: {
+			id: isoBase64URL.fromBuffer(_userID),
+			name: userName,
+			displayName: userDisplayName
+		},
+		pubKeyCredParams,
+		timeout,
+		attestation: attestationType,
+		excludeCredentials: excludeCredentials.map((cred) => ({
+			...cred,
+			id: cred.id.replace(/=+$/, ""),
+			type: "public-key"
+		})),
+		authenticatorSelection,
+		extensions: {
+			...extensions,
+			credProps: true
+		}
+	};
+}
+async function generateAuthenticationOptions(options) {
+	const { rpID, allowCredentials, challenge = generateChallenge(), timeout = 6e4, userVerification = "preferred", extensions } = options;
+	let _challenge = challenge;
+	if (typeof _challenge === "string") _challenge = new TextEncoder().encode(_challenge);
+	return {
+		rpId: rpID,
+		challenge: isoBase64URL.fromBuffer(_challenge),
+		allowCredentials: allowCredentials?.map((cred) => ({
+			...cred,
+			id: cred.id.replace(/=+$/, ""),
+			type: "public-key"
+		})),
+		timeout,
+		userVerification,
+		extensions
+	};
+}
+async function verifyRegistrationResponse(options) {
+	const { response, expectedChallenge, expectedOrigin, expectedRPID, expectedType, requireUserPresence = true, requireUserVerification = true, supportedAlgorithmIDs = [
+		-8,
+		-7,
+		-36,
+		-37,
+		-38,
+		-39,
+		-257,
+		-258,
+		-259,
+		-65535
+	] } = options;
+	const { id, rawId, type: credentialType, response: attestationResponse } = response;
+	if (!id) throw new Error("Missing credential ID");
+	if (id !== rawId) throw new Error("Credential ID was not base64url-encoded");
+	if (credentialType !== "public-key") throw new Error(`Unexpected credential type ${credentialType}, expected "public-key"`);
+	const clientDataJSON = decodeClientDataJSON(attestationResponse.clientDataJSON);
+	const { type, origin, challenge } = clientDataJSON;
+	if (Array.isArray(expectedType)) {
+		if (!expectedType.includes(type)) throw new Error(`Unexpected registration response type "${type}", expected one of: ${expectedType.join(", ")}`);
+	} else if (expectedType) {
+		if (type !== expectedType) throw new Error(`Unexpected registration response type "${type}", expected "${expectedType}"`);
+	} else if (type !== "webauthn.create") throw new Error(`Unexpected registration response type: ${type}`);
+	if (typeof expectedChallenge === "function") {
+		if (!await expectedChallenge(challenge)) throw new Error(`Custom challenge verifier returned false for registration response challenge "${challenge}"`);
+	} else if (challenge !== expectedChallenge) throw new Error(`Unexpected registration response challenge "${challenge}", expected "${expectedChallenge}"`);
+	if (Array.isArray(expectedOrigin)) {
+		if (!expectedOrigin.includes(origin)) throw new Error(`Unexpected registration response origin "${origin}", expected one of: ${expectedOrigin.join(", ")}`);
+	} else if (origin !== expectedOrigin) throw new Error(`Unexpected registration response origin "${origin}", expected "${expectedOrigin}"`);
+	const attestationObject = isoBase64URL.toBuffer(attestationResponse.attestationObject);
+	const decodedAttestationObject = isoCBOR.decodeFirst(attestationObject);
+	const fmt = decodedAttestationObject.get("fmt");
+	const authData = decodedAttestationObject.get("authData");
+	const attStmt = decodedAttestationObject.get("attStmt");
+	const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey, extensionsData } = parseAuthenticatorData(authData);
+	let matchedRPID;
+	if (expectedRPID) matchedRPID = await matchExpectedRPID(rpIdHash, Array.isArray(expectedRPID) ? expectedRPID : [expectedRPID]);
+	if (requireUserPresence && !flags.up) throw new Error("User presence was required, but user was not present");
+	if (requireUserVerification && !flags.uv) throw new Error("User verification was required, but user could not be verified");
+	if (!credentialID) throw new Error("No credential ID was provided by authenticator");
+	if (!credentialPublicKey) throw new Error("No public key was provided by authenticator");
+	if (!aaguid) throw new Error("No AAGUID was present during registration");
+	const alg = isoCBOR.decodeFirst(credentialPublicKey).get(COSEKEYS.alg);
+	if (typeof alg !== "number") throw new Error("Credential public key was missing numeric alg");
+	if (!supportedAlgorithmIDs.includes(alg)) throw new Error(`Unexpected public key alg "${alg}", expected one of "${supportedAlgorithmIDs.join(", ")}"`);
+	let verified = false;
+	if (fmt === "none") {
+		if (attStmt.size > 0) throw new Error("None attestation had unexpected attestation statement");
+		verified = true;
+	} else if (fmt === "packed" && attStmt.size === 2 && attStmt.has("alg") && attStmt.has("sig")) {
+		const clientDataHash = await toHash(isoBase64URL.toBuffer(attestationResponse.clientDataJSON));
+		const signedData = isoUint8Array.concat([authData, clientDataHash]);
+		verified = await verifySignature({
+			signature: attStmt.get("sig"),
+			data: signedData,
+			credentialPublicKey
+		});
+	} else throw new Error(`Unsupported attestation format: "${fmt}". Only "none" and "packed" (self-attestation) are supported.`);
+	if (!verified) return { verified: false };
+	const { credentialDeviceType, credentialBackedUp } = parseBackupFlags(flags);
+	return {
+		verified: true,
+		registrationInfo: {
+			fmt,
+			aaguid: convertAAGUIDToString(aaguid),
+			credential: {
+				id: isoBase64URL.fromBuffer(credentialID),
+				publicKey: credentialPublicKey,
+				counter,
+				transports: response.response.transports
+			},
+			credentialType: "public-key",
+			attestationObject,
+			userVerified: flags.uv,
+			credentialDeviceType,
+			credentialBackedUp,
+			origin: clientDataJSON.origin,
+			rpID: matchedRPID,
+			authenticatorExtensionResults: extensionsData
+		}
+	};
+}
+
+//#endregion
+exports.COSEALG = COSEALG;
+exports.COSECRV = COSECRV;
+exports.COSEKEYS = COSEKEYS;
+exports.COSEKTY = COSEKTY;
+exports.cose = cose;
+exports.decodeClientDataJSON = decodeClientDataJSON;
+exports.generateAuthenticationOptions = generateAuthenticationOptions;
+exports.generateChallenge = generateChallenge;
+exports.generateRegistrationOptions = generateRegistrationOptions;
+exports.isoBase64URL = isoBase64URL;
+exports.isoCBOR = isoCBOR;
+exports.isoUint8Array = isoUint8Array;
+exports.parseAuthenticatorData = parseAuthenticatorData;
+exports.toHash = toHash;
+exports.verifyRegistrationResponse = verifyRegistrationResponse;
+exports.verifySignature = verifySignature;
+Object.defineProperty(exports, 'webauthn_exports', {
+  enumerable: true,
+  get: function () {
+    return webauthn_exports;
+  }
+});