@verbeth/sdk 0.1.4

package/dist/src/verify.d.ts

@@ -0,0 +1,54 @@
+import { JsonRpcProvider } from "ethers";
+import { HandshakeLog, HandshakeResponseLog, IdentityProof, TopicInfoWire, DuplexTopics } from "./types.js";
+import { Rpcish } from "./utils.js";
+/**
+ * handshake verification with mandatory identity proof
+ */
+export declare function verifyHandshakeIdentity(handshakeEvent: HandshakeLog, provider: JsonRpcProvider): Promise<boolean>;
+/**
+ * handshake response verification with mandatory identity proof
+ */
+export declare function verifyHandshakeResponseIdentity(responseEvent: HandshakeResponseLog, responderIdentityPubKey: Uint8Array, initiatorEphemeralSecretKey: Uint8Array, provider: JsonRpcProvider): Promise<boolean>;
+/**
+ * Verify "IdentityProof" for EOAs and smart accounts.
+ * - Verifies the signature with viem (EOA / ERC-1271 / ERC-6492).
+ * - Parses and checks the expected address and public key against the message content.
+ */
+export declare function verifyIdentityProof(identityProof: IdentityProof, smartAccountAddress: string, expectedUnifiedKeys: {
+    identityPubKey: Uint8Array;
+    signingPubKey: Uint8Array;
+}, provider: Rpcish): Promise<boolean>;
+export declare function verifyAndExtractHandshakeKeys(handshakeEvent: HandshakeLog, provider: JsonRpcProvider): Promise<{
+    isValid: boolean;
+    keys?: {
+        identityPubKey: Uint8Array;
+        signingPubKey: Uint8Array;
+    };
+}>;
+export declare function verifyAndExtractHandshakeResponseKeys(responseEvent: HandshakeResponseLog, initiatorEphemeralSecretKey: Uint8Array, provider: JsonRpcProvider): Promise<{
+    isValid: boolean;
+    keys?: {
+        identityPubKey: Uint8Array;
+        signingPubKey: Uint8Array;
+        ephemeralPubKey: Uint8Array;
+        note?: string;
+    };
+}>;
+/**
+ * Verify and derive duplex topics from a long-term DH secret.
+ * - Accepts either `tag` (inResponseTo) or a raw salt as KDF input.
+ * - Recomputes topicOut/topicIn deterministically from the identity DH.
+ * - If topicInfo is provided (from HSR), also verify the checksum.
+ * - Used by the initiator after decrypting a HandshakeResponse to confirm responder’s topics.
+ */
+export declare function verifyDerivedDuplexTopics({ myIdentitySecretKey, theirIdentityPubKey, tag, salt, topicInfo }: {
+    myIdentitySecretKey: Uint8Array;
+    theirIdentityPubKey: Uint8Array;
+    tag?: `0x${string}`;
+    salt?: Uint8Array;
+    topicInfo?: TopicInfoWire;
+}): {
+    topics: DuplexTopics;
+    ok?: boolean;
+};
+//# sourceMappingURL=verify.d.ts.map

package/dist/src/verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../src/verify.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAiC,MAAM,QAAQ,CAAC;AAExE,OAAO,EAAE,YAAY,EAAE,oBAAoB,EAAE,aAAa,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE5G,OAAO,EACL,MAAM,EAGP,MAAM,YAAY,CAAC;AAIpB;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,cAAc,EAAE,YAAY,EAC5B,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC,OAAO,CAAC,CA6ClB;AAID;;GAEG;AACH,wBAAsB,+BAA+B,CACnD,aAAa,EAAE,oBAAoB,EACnC,uBAAuB,EAAE,UAAU,EACnC,2BAA2B,EAAE,UAAU,EACvC,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC,OAAO,CAAC,CAgDlB;AAED;;;;GAIG;AACH,wBAAsB,mBAAmB,CACvC,aAAa,EAAE,aAAa,EAC5B,mBAAmB,EAAE,MAAM,EAC3B,mBAAmB,EAAE;IACnB,cAAc,EAAE,UAAU,CAAC;IAC3B,aAAa,EAAE,UAAU,CAAC;CAC3B,EACD,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,OAAO,CAAC,CA+DlB;AAID,wBAAsB,6BAA6B,CACjD,cAAc,EAAE,YAAY,EAC5B,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE;QACL,cAAc,EAAE,UAAU,CAAC;QAC3B,aAAa,EAAE,UAAU,CAAC;KAC3B,CAAC;CACH,CAAC,CAgBD;AAED,wBAAsB,qCAAqC,CACzD,aAAa,EAAE,oBAAoB,EACnC,2BAA2B,EAAE,UAAU,EACvC,QAAQ,EAAE,eAAe,GACxB,OAAO,CAAC;IACT,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE;QACL,cAAc,EAAE,UAAU,CAAC;QAC3B,aAAa,EAAE,UAAU,CAAC;QAC1B,eAAe,EAAE,UAAU,CAAC;QAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;KACf,CAAC;CACH,CAAC,CAwCD;AAED;;;;;;GAMG;AACH,wBAAgB,yBAAyB,CAAC,EACxC,mBAAmB,EACnB,mBAAmB,EACnB,GAAG,EACH,IAAI,EACJ,SAAS,EACV,EAAE;IACD,mBAAmB,EAAE,UAAU,CAAC;IAChC,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,CAAC,EAAE,KAAK,MAAM,EAAE,CAAC;IACpB,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,SAAS,CAAC,EAAE,aAAa,CAAC;CAC3B,GAAG;IAAE,MAAM,EAAE,YAAY,CAAC;IAAC,EAAE,CAAC,EAAE,OAAO,CAAA;CAAE,CAYzC"}

package/dist/src/verify.js

@@ -0,0 +1,186 @@
+// packages/sdk/src/verify.ts
+import { getBytes, hexlify, getAddress } from "ethers";
+import { decryptAndExtractHandshakeKeys, computeTagFromInitiator, verifyDuplexTopicsChecksum, deriveDuplexTopics } from "./crypto.js";
+import { parseHandshakePayload, parseHandshakeKeys } from "./payload.js";
+import { makeViemPublicClient, parseBindingMessage, } from "./utils.js";
+// ============= Handshake Verification =============
+/**
+ * handshake verification with mandatory identity proof
+ */
+export async function verifyHandshakeIdentity(handshakeEvent, provider) {
+    try {
+        let plaintextPayload = handshakeEvent.plaintextPayload;
+        if (typeof plaintextPayload === "string" &&
+            plaintextPayload.startsWith("0x")) {
+            try {
+                const bytes = new Uint8Array(Buffer.from(plaintextPayload.slice(2), "hex"));
+                plaintextPayload = new TextDecoder().decode(bytes);
+            }
+            catch (err) {
+                console.error("Failed to decode hex payload:", err);
+                return false;
+            }
+        }
+        const content = parseHandshakePayload(plaintextPayload);
+        const parsedKeys = parseHandshakeKeys(handshakeEvent);
+        if (!parsedKeys) {
+            console.error("Failed to parse unified pubKeys from handshake event");
+            return false;
+        }
+        // // 6492 awareness
+        // const dp: any = content.identityProof;
+        // const sigPrimary: string = dp.signature;
+        // const sig6492: string | undefined = dp.signature6492 ?? dp.erc6492;
+        // const uses6492 = hasERC6492Suffix(sigPrimary) || !!sig6492;
+        // const isContract1271 = await isSmartContract1271(handshakeEvent.sender, provider);
+        return await verifyIdentityProof(content.identityProof, handshakeEvent.sender, parsedKeys, provider);
+    }
+    catch (err) {
+        console.error("verifyHandshakeIdentity error:", err);
+        return false;
+    }
+}
+// ============= HandshakeResponse Verification =============
+/**
+ * handshake response verification with mandatory identity proof
+ */
+export async function verifyHandshakeResponseIdentity(responseEvent, responderIdentityPubKey, initiatorEphemeralSecretKey, provider) {
+    try {
+        const extractedResponse = decryptAndExtractHandshakeKeys(responseEvent.ciphertext, initiatorEphemeralSecretKey);
+        if (!extractedResponse) {
+            console.error("Failed to decrypt handshake response");
+            return false;
+        }
+        if (!Buffer.from(extractedResponse.identityPubKey).equals(Buffer.from(responderIdentityPubKey))) {
+            console.error("Identity public key mismatch in handshake response");
+            return false;
+        }
+        // 6492 awareness
+        const dpAny = extractedResponse.identityProof;
+        if (!dpAny) {
+            console.error("Missing identityProof in handshake response payload");
+            return false;
+        }
+        // const sigPrimary: string = dpAny.signature;
+        // const sig6492: string | undefined = dpAny.signature6492 ?? dpAny.erc6492;
+        // const uses6492 = hasERC6492Suffix(sigPrimary) || !!sig6492;
+        // const isContract1271 = await isSmartContract1271(responseEvent.responder,provider);
+        const expectedKeys = {
+            identityPubKey: extractedResponse.identityPubKey,
+            signingPubKey: extractedResponse.signingPubKey,
+        };
+        return await verifyIdentityProof(extractedResponse.identityProof, responseEvent.responder, expectedKeys, provider);
+    }
+    catch (err) {
+        console.error("verifyHandshakeResponseIdentity error:", err);
+        return false;
+    }
+}
+/**
+ * Verify "IdentityProof" for EOAs and smart accounts.
+ * - Verifies the signature with viem (EOA / ERC-1271 / ERC-6492).
+ * - Parses and checks the expected address and public key against the message content.
+ */
+export async function verifyIdentityProof(identityProof, smartAccountAddress, expectedUnifiedKeys, provider) {
+    try {
+        const client = await makeViemPublicClient(provider);
+        const address = smartAccountAddress;
+        const okSig = await client.verifyMessage({
+            address,
+            message: identityProof.message,
+            signature: identityProof.signature,
+        });
+        if (!okSig) {
+            console.error("Binding signature invalid for address");
+            return false;
+        }
+        const parsed = parseBindingMessage(identityProof.message);
+        if (parsed.header && parsed.header !== "VerbEth Key Binding v1") {
+            console.error("Unexpected binding header:", parsed.header);
+            return false;
+        }
+        if (!parsed.address ||
+            getAddress(parsed.address) !== getAddress(smartAccountAddress)) {
+            console.error("Binding message address mismatch");
+            return false;
+        }
+        const expectedPkX = hexlify(expectedUnifiedKeys.identityPubKey);
+        const expectedPkEd = hexlify(expectedUnifiedKeys.signingPubKey);
+        if (!parsed.pkX25519 || hexlify(parsed.pkX25519) !== expectedPkX) {
+            console.error("PkX25519 mismatch");
+            return false;
+        }
+        if (!parsed.pkEd25519 || hexlify(parsed.pkEd25519) !== expectedPkEd) {
+            console.error("PkEd25519 mismatch");
+            return false;
+        }
+        if (parsed.context && parsed.context !== "verbeth") {
+            console.error("Unexpected context:", parsed.context);
+            return false;
+        }
+        if (parsed.version && parsed.version !== "1") {
+            console.error("Unexpected version:", parsed.version);
+            return false;
+        }
+        // if (typeof parsed.chainId === 'number' && parsed.chainId !== currentChainId) return false;
+        return true;
+    }
+    catch (err) {
+        console.error("verifyIdentityProof error:", err);
+        return false;
+    }
+}
+// ============= Utility Functions =============
+export async function verifyAndExtractHandshakeKeys(handshakeEvent, provider) {
+    const isValid = await verifyHandshakeIdentity(handshakeEvent, provider);
+    if (!isValid) {
+        return { isValid: false };
+    }
+    const parsedKeys = parseHandshakeKeys(handshakeEvent);
+    if (!parsedKeys) {
+        return { isValid: false };
+    }
+    return {
+        isValid: true,
+        keys: parsedKeys,
+    };
+}
+export async function verifyAndExtractHandshakeResponseKeys(responseEvent, initiatorEphemeralSecretKey, provider) {
+    const Rbytes = getBytes(responseEvent.responderEphemeralR); // hex -> Uint8Array
+    const expectedTag = computeTagFromInitiator(initiatorEphemeralSecretKey, Rbytes);
+    if (expectedTag !== responseEvent.inResponseTo) {
+        return { isValid: false };
+    }
+    const extractedResponse = decryptAndExtractHandshakeKeys(responseEvent.ciphertext, initiatorEphemeralSecretKey);
+    if (!extractedResponse) {
+        return { isValid: false };
+    }
+    const isValid = await verifyHandshakeResponseIdentity(responseEvent, extractedResponse.identityPubKey, initiatorEphemeralSecretKey, provider);
+    if (!isValid) {
+        return { isValid: false };
+    }
+    return {
+        isValid: true,
+        keys: {
+            identityPubKey: extractedResponse.identityPubKey,
+            signingPubKey: extractedResponse.signingPubKey,
+            ephemeralPubKey: extractedResponse.ephemeralPubKey,
+            note: extractedResponse.note,
+        },
+    };
+}
+/**
+ * Verify and derive duplex topics from a long-term DH secret.
+ * - Accepts either `tag` (inResponseTo) or a raw salt as KDF input.
+ * - Recomputes topicOut/topicIn deterministically from the identity DH.
+ * - If topicInfo is provided (from HSR), also verify the checksum.
+ * - Used by the initiator after decrypting a HandshakeResponse to confirm responder’s topics.
+ */
+export function verifyDerivedDuplexTopics({ myIdentitySecretKey, theirIdentityPubKey, tag, salt, topicInfo }) {
+    const s = salt ?? (tag ? getBytes(tag) : undefined);
+    if (!s)
+        throw new Error("Provide either salt or inResponseTo");
+    const { topicOut, topicIn, checksum } = deriveDuplexTopics(myIdentitySecretKey, theirIdentityPubKey, s);
+    const ok = topicInfo ? verifyDuplexTopicsChecksum(topicOut, topicIn, topicInfo.chk) : undefined;
+    return { topics: { topicOut, topicIn }, ok };
+}

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "@verbeth/sdk",
+  "version": "0.1.4",
+  "private": false,
+  "main": "dist/src/index.js",
+  "module": "dist/esm/src/index.js",
+  "exports": {
+    "import": "./dist/esm/src/index.js",
+    "require": "./dist/src/index.js"
+  },
+  "type": "module",
+  "types": "dist/src/index.d.ts",
+  "files": [
+    "dist/src",
+    "dist/esm/src"
+  ],
+  "dependencies": {
+    "@noble/curves": "^1.8.1",
+    "@noble/hashes": "^1.8.0",
+    "@noble/secp256k1": "^2.2.3",
+    "ethers": "^6.7.0",
+    "tweetnacl": "^1.0.3",
+    "viem": "^2.37.5"
+  },
+  "devDependencies": {
+    "@verbeth/contracts": "workspace:^0.1.0",
+    "ts-node": "^10.9.2",
+    "typechain": "^8.3.2",
+    "typescript": "^5.4.0",
+    "vitest": "^3.1.4"
+  },
+  "scripts": {
+    "build:cjs": "tsc --project tsconfig.json",
+    "build:esm": "tsc --project tsconfig.esm.json",
+    "build": "npm run build:cjs && npm run build:esm",
+    "test": "vitest run"
+  }
+}