npm - @simplewebauthn/server - Versions diffs - 10.0.0 → 11.0.0-alpha3 - Mend

@simplewebauthn/server 10.0.0 → 11.0.0-alpha3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/script/helpers/iso/isoBase64URL.js CHANGED Viewed

@@ -1,7 +1,17 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.trimPadding = exports.isBase64URL = exports.isBase64 = exports.toUTF8String = exports.fromUTF8String = exports.toBase64 = exports.fromBuffer = exports.toBuffer = void 0;
-const deps_js_1 = require("../../deps.js");
+exports.toBuffer = toBuffer;
+exports.fromBuffer = fromBuffer;
+exports.toBase64 = toBase64;
+exports.fromUTF8String = fromUTF8String;
+exports.toUTF8String = toUTF8String;
+exports.isBase64 = isBase64;
+exports.isBase64URL = isBase64URL;
+exports.trimPadding = trimPadding;
+const base64_1 = __importDefault(require("@hexagon/base64"));
 /**
  * Decode from a Base64URL-encoded string to an ArrayBuffer. Best used when converting a
  * credential ID from a JSON string to an ArrayBuffer, like in allowCredentials or
@@ -11,10 +21,9 @@ const deps_js_1 = require("../../deps.js");
  * @param to (optional) The decoding to use, in case it's desirable to decode from base64 instead
  */
 function toBuffer(base64urlString, from = 'base64url') {
-    const _buffer = deps_js_1.base64.toArrayBuffer(base64urlString, from === 'base64url');
+    const _buffer = base64_1.default.toArrayBuffer(base64urlString, from === 'base64url');
     return new Uint8Array(_buffer);
 }
-exports.toBuffer = toBuffer;
 /**
  * Encode the given array buffer into a Base64URL-encoded string. Ideal for converting various
  * credential response ArrayBuffers to string for sending back to the server as JSON.
@@ -23,52 +32,45 @@ exports.toBuffer = toBuffer;
  * @param to (optional) The encoding to use, in case it's desirable to encode to base64 instead
  */
 function fromBuffer(buffer, to = 'base64url') {
-    return deps_js_1.base64.fromArrayBuffer(buffer, to === 'base64url');
+    return base64_1.default.fromArrayBuffer(buffer, to === 'base64url');
 }
-exports.fromBuffer = fromBuffer;
 /**
  * Convert a base64url string into base64
  */
 function toBase64(base64urlString) {
-    const fromBase64Url = deps_js_1.base64.toArrayBuffer(base64urlString, true);
-    const toBase64 = deps_js_1.base64.fromArrayBuffer(fromBase64Url);
+    const fromBase64Url = base64_1.default.toArrayBuffer(base64urlString, true);
+    const toBase64 = base64_1.default.fromArrayBuffer(fromBase64Url);
     return toBase64;
 }
-exports.toBase64 = toBase64;
 /**
  * Encode a UTF-8 string to base64url
  */
 function fromUTF8String(utf8String) {
-    return deps_js_1.base64.fromString(utf8String, true);
+    return base64_1.default.fromString(utf8String, true);
 }
-exports.fromUTF8String = fromUTF8String;
 /**
  * Decode a base64url string into its original UTF-8 string
  */
 function toUTF8String(base64urlString) {
-    return deps_js_1.base64.toString(base64urlString, true);
+    return base64_1.default.toString(base64urlString, true);
 }
-exports.toUTF8String = toUTF8String;
 /**
  * Confirm that the string is encoded into base64
  */
 function isBase64(input) {
-    return deps_js_1.base64.validate(input, false);
+    return base64_1.default.validate(input, false);
 }
-exports.isBase64 = isBase64;
 /**
  * Confirm that the string is encoded into base64url, with support for optional padding
  */
 function isBase64URL(input) {
     // Trim padding characters from the string if present
     input = trimPadding(input);
-    return deps_js_1.base64.validate(input, true);
+    return base64_1.default.validate(input, true);
 }
-exports.isBase64URL = isBase64URL;
 /**
  * Remove optional padding from a base64url-encoded string
  */
 function trimPadding(input) {
     return input.replace(/=/g, '');
 }
-exports.trimPadding = trimPadding;

package/script/helpers/iso/isoCBOR.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { tinyCbor } from '../../deps.js';
+import * as tinyCbor from '@levischuck/tiny-cbor';
 /**
  * Whatever CBOR encoder is used should keep CBOR data the same length when data is re-encoded
  *
@@ -21,3 +21,4 @@ export declare function decodeFirst<Type>(input: Uint8Array): Type;
  * Encode data to CBOR
  */
 export declare function encode(input: tinyCbor.CBORType): Uint8Array;
+//# sourceMappingURL=isoCBOR.d.ts.map

package/script/helpers/iso/isoCBOR.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"isoCBOR.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/isoCBOR.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,QAAQ,MAAM,uBAAuB,CAAC;AAElD;;;;;;;;;GASG;AAEH;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAQzD;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,QAAQ,GAAG,UAAU,CAE3D"}

package/script/helpers/iso/isoCBOR.js CHANGED Viewed

@@ -1,7 +1,31 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encode = exports.decodeFirst = void 0;
-const deps_js_1 = require("../../deps.js");
+exports.decodeFirst = decodeFirst;
+exports.encode = encode;
+const tinyCbor = __importStar(require("@levischuck/tiny-cbor"));
 /**
  * Whatever CBOR encoder is used should keep CBOR data the same length when data is re-encoded
  *
@@ -22,15 +46,13 @@ const deps_js_1 = require("../../deps.js");
 function decodeFirst(input) {
     // Make a copy so we don't mutate the original
     const _input = new Uint8Array(input);
-    const decoded = deps_js_1.tinyCbor.decodePartialCBOR(_input, 0);
+    const decoded = tinyCbor.decodePartialCBOR(_input, 0);
     const [first] = decoded;
     return first;
 }
-exports.decodeFirst = decodeFirst;
 /**
  * Encode data to CBOR
  */
 function encode(input) {
-    return deps_js_1.tinyCbor.encodeCBOR(input);
+    return tinyCbor.encodeCBOR(input);
 }
-exports.encode = encode;

package/script/helpers/iso/isoCrypto/digest.d.ts CHANGED Viewed

@@ -6,3 +6,4 @@ import { COSEALG } from '../../cose.js';
  * @param algorithm A COSE algorithm ID that maps to a desired SHA algorithm
  */
 export declare function digest(data: Uint8Array, algorithm: COSEALG): Promise<Uint8Array>;
+//# sourceMappingURL=digest.d.ts.map

package/script/helpers/iso/isoCrypto/digest.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"digest.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/digest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAIxC;;;;;GAKG;AACH,wBAAsB,MAAM,CAC1B,IAAI,EAAE,UAAU,EAChB,SAAS,EAAE,OAAO,GACjB,OAAO,CAAC,UAAU,CAAC,CAQrB"}

package/script/helpers/iso/isoCrypto/digest.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.digest = void 0;
+exports.digest = digest;
 const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
 const getWebCrypto_js_1 = require("./getWebCrypto.js");
 /**
@@ -15,4 +15,3 @@ async function digest(data, algorithm) {
     const hashed = await WebCrypto.subtle.digest(subtleAlgorithm, data);
     return new Uint8Array(hashed);
 }
-exports.digest = digest;

package/script/helpers/iso/isoCrypto/getRandomValues.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@
  * @returns the same bytes array passed into the method
  */
 export declare function getRandomValues(array: Uint8Array): Promise<Uint8Array>;
+//# sourceMappingURL=getRandomValues.d.ts.map

package/script/helpers/iso/isoCrypto/getRandomValues.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getRandomValues.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/getRandomValues.ts"],"names":[],"mappings":"AAEA;;;;GAIG;AACH,wBAAsB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC,CAM5E"}

package/script/helpers/iso/isoCrypto/getRandomValues.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getRandomValues = void 0;
+exports.getRandomValues = getRandomValues;
 const getWebCrypto_js_1 = require("./getWebCrypto.js");
 /**
  * Fill up the provided bytes array with random bytes equal to its length.
@@ -12,4 +12,3 @@ async function getRandomValues(array) {
     WebCrypto.getRandomValues(array);
     return array;
 }
-exports.getRandomValues = getRandomValues;

package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Crypto } from '../../../deps.js';
+import type { Crypto } from '@simplewebauthn/types';
 /**
  * Try to get an instance of the Crypto API from the current runtime. Should support Node,
  * as well as others, like Deno, that implement Web APIs.
@@ -11,3 +11,4 @@ export declare const _getWebCryptoInternals: {
     stubThisGlobalThisCrypto: () => globalThis.Crypto;
     setCachedCrypto: (newCrypto: Crypto | undefined) => void;
 };
+//# sourceMappingURL=getWebCrypto.d.ts.map

package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"getWebCrypto.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/getWebCrypto.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAIpD;;;GAGG;AACH,wBAAgB,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC,CAgC9C;AAED,qBAAa,gBAAiB,SAAQ,KAAK;;CAM1C;AAGD,eAAO,MAAM,sBAAsB;;iCAGJ,MAAM,GAAG,SAAS;CAGhD,CAAC"}

package/script/helpers/iso/isoCrypto/getWebCrypto.js CHANGED Viewed

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports._getWebCryptoInternals = exports.MissingWebCrypto = exports.getWebCrypto = void 0;
+exports._getWebCryptoInternals = exports.MissingWebCrypto = void 0;
+exports.getWebCrypto = getWebCrypto;
 let webCrypto = undefined;
 /**
  * Try to get an instance of the Crypto API from the current runtime. Should support Node,
@@ -35,7 +36,6 @@ function getWebCrypto() {
     });
     return toResolve;
 }
-exports.getWebCrypto = getWebCrypto;
 class MissingWebCrypto extends Error {
     constructor() {
         const message = 'An instance of the Crypto API could not be located';

package/script/helpers/iso/isoCrypto/importKey.d.ts CHANGED Viewed

@@ -2,3 +2,4 @@ export declare function importKey(opts: {
     keyData: JsonWebKey;
     algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams;
 }): Promise<CryptoKey>;
+//# sourceMappingURL=importKey.d.ts.map

package/script/helpers/iso/isoCrypto/importKey.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"importKey.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/importKey.ts"],"names":[],"mappings":"AAEA,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,OAAO,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,mBAAmB,GAAG,qBAAqB,GAAG,iBAAiB,CAAC;CAC5E,GAAG,OAAO,CAAC,SAAS,CAAC,CAQrB"}

package/script/helpers/iso/isoCrypto/importKey.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.importKey = void 0;
+exports.importKey = importKey;
 const getWebCrypto_js_1 = require("./getWebCrypto.js");
 async function importKey(opts) {
     const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
@@ -9,4 +9,3 @@ async function importKey(opts) {
         'verify',
     ]);
 }
-exports.importKey = importKey;

package/script/helpers/iso/isoCrypto/index.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export { digest } from './digest.js';
 export { getRandomValues } from './getRandomValues.js';
 export { verify } from './verify.js';
+//# sourceMappingURL=index.d.ts.map

package/script/helpers/iso/isoCrypto/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AACrC,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC"}

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ import { COSEALG } from '../../cose.js';
  * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
  */
 export declare function mapCoseAlgToWebCryptoAlg(alg: COSEALG): SubtleCryptoAlg;
+//# sourceMappingURL=mapCoseAlgToWebCryptoAlg.d.ts.map

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mapCoseAlgToWebCryptoAlg.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAC/C,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAExC;;GAEG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,OAAO,GAAG,eAAe,CAetE"}

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mapCoseAlgToWebCryptoAlg = void 0;
+exports.mapCoseAlgToWebCryptoAlg = mapCoseAlgToWebCryptoAlg;
 const cose_js_1 = require("../../cose.js");
 /**
  * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
@@ -21,4 +21,3 @@ function mapCoseAlgToWebCryptoAlg(alg) {
     }
     throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto alg`);
 }
-exports.mapCoseAlgToWebCryptoAlg = mapCoseAlgToWebCryptoAlg;

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ import { SubtleCryptoKeyAlgName } from './structs.js';
  * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
  */
 export declare function mapCoseAlgToWebCryptoKeyAlgName(alg: COSEALG): SubtleCryptoKeyAlgName;
+//# sourceMappingURL=mapCoseAlgToWebCryptoKeyAlgName.d.ts.map

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mapCoseAlgToWebCryptoKeyAlgName.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AACxC,OAAO,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAC;AAEtD;;GAEG;AACH,wBAAgB,+BAA+B,CAC7C,GAAG,EAAE,OAAO,GACX,sBAAsB,CAoBxB"}

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.mapCoseAlgToWebCryptoKeyAlgName = void 0;
+exports.mapCoseAlgToWebCryptoKeyAlgName = mapCoseAlgToWebCryptoKeyAlgName;
 const cose_js_1 = require("../../cose.js");
 /**
  * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
@@ -20,4 +20,3 @@ function mapCoseAlgToWebCryptoKeyAlgName(alg) {
     }
     throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto key alg name`);
 }
-exports.mapCoseAlgToWebCryptoKeyAlgName = mapCoseAlgToWebCryptoKeyAlgName;

package/script/helpers/iso/isoCrypto/structs.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export type SubtleCryptoAlg = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
 export type SubtleCryptoCrv = 'P-256' | 'P-384' | 'P-521' | 'Ed25519';
 export type SubtleCryptoKeyAlgName = 'ECDSA' | 'Ed25519' | 'RSASSA-PKCS1-v1_5' | 'RSA-PSS';
+//# sourceMappingURL=structs.d.ts.map

package/script/helpers/iso/isoCrypto/structs.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"structs.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/structs.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,CAAC;AAC1E,MAAM,MAAM,eAAe,GAAG,OAAO,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,CAAC;AACtE,MAAM,MAAM,sBAAsB,GAC9B,OAAO,GACP,SAAS,GACT,mBAAmB,GACnB,SAAS,CAAC"}

package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts CHANGED Viewed

@@ -1,6 +1,8 @@
+import { COSECRV } from '../../cose.js';
 /**
  * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
  *
  * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
  */
-export declare function unwrapEC2Signature(signature: Uint8Array): Uint8Array;
+export declare function unwrapEC2Signature(signature: Uint8Array, crv: COSECRV): Uint8Array;
+//# sourceMappingURL=unwrapEC2Signature.d.ts.map

package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"unwrapEC2Signature.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/unwrapEC2Signature.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAC;AAGxC;;;;GAIG;AACH,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,UAAU,EAAE,GAAG,EAAE,OAAO,GAAG,UAAU,CAelF"}

package/script/helpers/iso/isoCrypto/unwrapEC2Signature.js CHANGED Viewed

@@ -1,34 +1,76 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.unwrapEC2Signature = void 0;
-const deps_js_1 = require("../../../deps.js");
+exports.unwrapEC2Signature = unwrapEC2Signature;
+const asn1_schema_1 = require("@peculiar/asn1-schema");
+const asn1_ecc_1 = require("@peculiar/asn1-ecc");
+const cose_js_1 = require("../../cose.js");
 const index_js_1 = require("../index.js");
 /**
  * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
  *
  * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
  */
-function unwrapEC2Signature(signature) {
-    const parsedSignature = deps_js_1.AsnParser.parse(signature, deps_js_1.ECDSASigValue);
-    let rBytes = new Uint8Array(parsedSignature.r);
-    let sBytes = new Uint8Array(parsedSignature.s);
-    if (shouldRemoveLeadingZero(rBytes)) {
-        rBytes = rBytes.slice(1);
-    }
-    if (shouldRemoveLeadingZero(sBytes)) {
-        sBytes = sBytes.slice(1);
-    }
-    const finalSignature = index_js_1.isoUint8Array.concat([rBytes, sBytes]);
+function unwrapEC2Signature(signature, crv) {
+    const parsedSignature = asn1_schema_1.AsnParser.parse(signature, asn1_ecc_1.ECDSASigValue);
+    const rBytes = new Uint8Array(parsedSignature.r);
+    const sBytes = new Uint8Array(parsedSignature.s);
+    const componentLength = getSignatureComponentLength(crv);
+    const rNormalizedBytes = toNormalizedBytes(rBytes, componentLength);
+    const sNormalizedBytes = toNormalizedBytes(sBytes, componentLength);
+    const finalSignature = index_js_1.isoUint8Array.concat([
+        rNormalizedBytes,
+        sNormalizedBytes,
+    ]);
     return finalSignature;
 }
-exports.unwrapEC2Signature = unwrapEC2Signature;
 /**
- * Determine if the DER-specific `00` byte at the start of an ECDSA signature byte sequence
- * should be removed based on the following logic:
+ * The SubtleCrypto Web Crypto API expects ECDSA signatures with `r` and `s` values to be encoded
+ * to a specific length depending on the order of the curve. This function returns the expected
+ * byte-length for each of the `r` and `s` signature components.
+ *
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
+ */
+function getSignatureComponentLength(crv) {
+    switch (crv) {
+        case cose_js_1.COSECRV.P256:
+            return 32;
+        case cose_js_1.COSECRV.P384:
+            return 48;
+        case cose_js_1.COSECRV.P521:
+            return 66;
+        default:
+            throw new Error(`Unexpected COSE crv value of ${crv} (EC2)`);
+    }
+}
+/**
+ * Converts the ASN.1 integer representation to bytes of a specific length `n`.
  *
- * "If the leading byte is 0x0, and the the high order bit on the second byte is not set to 0,
- * then remove the leading 0x0 byte"
+ * DER encodes integers as big-endian byte arrays, with as small as possible representation and
+ * requires a leading `0` byte to disambiguate between negative and positive numbers. This means
+ * that `r` and `s` can potentially not be the expected byte-length that is needed by the
+ * SubtleCrypto Web Crypto API: if there are leading `0`s it can be shorter than expected, and if
+ * it has a leading `1` bit, it can be one byte longer.
+ *
+ * See <https://www.itu.int/rec/T-REC-X.690-202102-I/en>
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
  */
-function shouldRemoveLeadingZero(bytes) {
-    return bytes[0] === 0x0 && (bytes[1] & (1 << 7)) !== 0;
+function toNormalizedBytes(bytes, componentLength) {
+    let normalizedBytes;
+    if (bytes.length < componentLength) {
+        // In case the bytes are shorter than expected, we need to pad it with leading `0`s.
+        normalizedBytes = new Uint8Array(componentLength);
+        normalizedBytes.set(bytes, componentLength - bytes.length);
+    }
+    else if (bytes.length === componentLength) {
+        normalizedBytes = bytes;
+    }
+    else if (bytes.length === componentLength + 1 && bytes[0] === 0 && (bytes[1] & 0x80) === 0x80) {
+        // The bytes contain a leading `0` to encode that the integer is positive. This leading `0`
+        // needs to be removed for compatibility with the SubtleCrypto Web Crypto API.
+        normalizedBytes = bytes.subarray(1);
+    }
+    else {
+        throw new Error(`Invalid signature component length ${bytes.length}, expected ${componentLength}`);
+    }
+    return normalizedBytes;
 }

package/script/helpers/iso/isoCrypto/verify.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verify(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verify.d.ts.map

package/script/helpers/iso/isoCrypto/verify.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EAEP,aAAa,EAKd,MAAM,eAAe,CAAC;AAMvB;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CAyBnB"}

package/script/helpers/iso/isoCrypto/verify.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verify = void 0;
+exports.verify = verify;
 const cose_js_1 = require("../../cose.js");
 const verifyEC2_js_1 = require("./verifyEC2.js");
 const verifyRSA_js_1 = require("./verifyRSA.js");
@@ -12,7 +12,11 @@ const unwrapEC2Signature_js_1 = require("./unwrapEC2Signature.js");
 function verify(opts) {
     const { cosePublicKey, signature, data, shaHashOverride } = opts;
     if ((0, cose_js_1.isCOSEPublicKeyEC2)(cosePublicKey)) {
-        const unwrappedSignature = (0, unwrapEC2Signature_js_1.unwrapEC2Signature)(signature);
+        const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
+        if (!(0, cose_js_1.isCOSECrv)(crv)) {
+            throw new Error(`unknown COSE curve ${crv}`);
+        }
+        const unwrappedSignature = (0, unwrapEC2Signature_js_1.unwrapEC2Signature)(signature, crv);
         return (0, verifyEC2_js_1.verifyEC2)({
             cosePublicKey,
             signature: unwrappedSignature,
@@ -29,4 +33,3 @@ function verify(opts) {
     const kty = cosePublicKey.get(cose_js_1.COSEKEYS.kty);
     throw new Error(`Signature verification with public key of kty ${kty} is not supported by this method`);
 }
-exports.verify = verify;

package/script/helpers/iso/isoCrypto/verifyEC2.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verifyEC2(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyEC2.d.ts.map

package/script/helpers/iso/isoCrypto/verifyEC2.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyEC2.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyEC2.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAqB,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAO7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CA0EnB"}

package/script/helpers/iso/isoCrypto/verifyEC2.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyEC2 = void 0;
+exports.verifyEC2 = verifyEC2;
 const cose_js_1 = require("../../cose.js");
 const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
 const importKey_js_1 = require("./importKey.js");
@@ -74,4 +74,3 @@ async function verifyEC2(opts) {
     };
     return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
-exports.verifyEC2 = verifyEC2;

package/script/helpers/iso/isoCrypto/verifyOKP.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ export declare function verifyOKP(opts: {
     signature: Uint8Array;
     data: Uint8Array;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyOKP.d.ts.map

package/script/helpers/iso/isoCrypto/verifyOKP.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyOKP.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyOKP.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,gBAAgB,EAAa,MAAM,eAAe,CAAC;AAM/E,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;CAClB,GAAG,OAAO,CAAC,OAAO,CAAC,CAyDnB"}

package/script/helpers/iso/isoCrypto/verifyOKP.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyOKP = void 0;
+exports.verifyOKP = verifyOKP;
 const cose_js_1 = require("../../cose.js");
 const index_js_1 = require("../../index.js");
 const importKey_js_1 = require("./importKey.js");
@@ -52,4 +52,3 @@ async function verifyOKP(opts) {
     };
     return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
-exports.verifyOKP = verifyOKP;

package/script/helpers/iso/isoCrypto/verifyRSA.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verifyRSA(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyRSA.d.ts.map

package/script/helpers/iso/isoCrypto/verifyRSA.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyRSA.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyRSA.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,gBAAgB,EAAa,MAAM,eAAe,CAAC;AAO/E;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CA2FnB"}

package/script/helpers/iso/isoCrypto/verifyRSA.js CHANGED Viewed

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyRSA = void 0;
+exports.verifyRSA = verifyRSA;
 const cose_js_1 = require("../../cose.js");
 const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
 const importKey_js_1 = require("./importKey.js");
@@ -92,4 +92,3 @@ async function verifyRSA(opts) {
     });
     return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
-exports.verifyRSA = verifyRSA;

package/script/helpers/iso/isoUint8Array.d.ts CHANGED Viewed

@@ -34,3 +34,4 @@ export declare function fromASCIIString(value: string): Uint8Array;
  * Prepare a DataView we can slice our way around in as we parse the bytes in a Uint8Array
  */
 export declare function toDataView(array: Uint8Array): DataView;
+//# sourceMappingURL=isoUint8Array.d.ts.map

package/script/helpers/iso/isoUint8Array.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"isoUint8Array.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/isoUint8Array.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAMxE;AAED;;;;GAIG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAK/C;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAe/C;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAYvD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGtD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAG7D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAEzD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,CAEtD"}

package/script/helpers/iso/isoUint8Array.js CHANGED Viewed

@@ -1,6 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.toDataView = exports.fromASCIIString = exports.fromUTF8String = exports.toUTF8String = exports.concat = exports.fromHex = exports.toHex = exports.areEqual = void 0;
+exports.areEqual = areEqual;
+exports.toHex = toHex;
+exports.fromHex = fromHex;
+exports.concat = concat;
+exports.toUTF8String = toUTF8String;
+exports.fromUTF8String = fromUTF8String;
+exports.fromASCIIString = fromASCIIString;
+exports.toDataView = toDataView;
 /**
  * Make sure two Uint8Arrays are deeply equivalent
  */
@@ -10,7 +17,6 @@ function areEqual(array1, array2) {
     }
     return array1.every((val, i) => val === array2[i]);
 }
-exports.areEqual = areEqual;
 /**
  * Convert a Uint8Array to Hexadecimal.
  *
@@ -21,7 +27,6 @@ function toHex(array) {
     // adce000235bcc60a648b0b25f1f05503
     return hexParts.join('');
 }
-exports.toHex = toHex;
 /**
  * Convert a hexadecimal string to isoUint8Array.
  *
@@ -39,7 +44,6 @@ function fromHex(hex) {
     const byteStrings = hex.match(/.{1,2}/g) ?? [];
     return Uint8Array.from(byteStrings.map((byte) => parseInt(byte, 16)));
 }
-exports.fromHex = fromHex;
 /**
  * Combine multiple Uint8Arrays into a single Uint8Array
  */
@@ -53,7 +57,6 @@ function concat(arrays) {
     });
     return toReturn;
 }
-exports.concat = concat;
 /**
  * Convert bytes into a UTF-8 string
  */
@@ -61,7 +64,6 @@ function toUTF8String(array) {
     const decoder = new globalThis.TextDecoder('utf-8');
     return decoder.decode(array);
 }
-exports.toUTF8String = toUTF8String;
 /**
  * Convert a UTF-8 string back into bytes
  */
@@ -69,18 +71,15 @@ function fromUTF8String(utf8String) {
     const encoder = new globalThis.TextEncoder();
     return encoder.encode(utf8String);
 }
-exports.fromUTF8String = fromUTF8String;
 /**
  * Convert an ASCII string to Uint8Array
  */
 function fromASCIIString(value) {
     return Uint8Array.from(value.split('').map((x) => x.charCodeAt(0)));
 }
-exports.fromASCIIString = fromASCIIString;
 /**
  * Prepare a DataView we can slice our way around in as we parse the bytes in a Uint8Array
  */
 function toDataView(array) {
     return new DataView(array.buffer, array.byteOffset, array.length);
 }
-exports.toDataView = toDataView;