react-native-dpop 0.1.0 → 0.3.0

package/ios/DPoPModule.swift

@@ -0,0 +1,373 @@
+import Foundation
+import Security
+import React
+
+final class DPoPModule {
+  static let shared = DPoPModule()
+
+  private let keyStore = DPoPKeyStore()
+  private let defaultAlias = "react-native-dpop"
+
+  private init() {}
+
+  func resolveAlias(_ alias: String?) -> String {
+    guard let alias, !alias.isEmpty else {
+      return defaultAlias
+    }
+    return alias
+  }
+
+  func assertHardwareBacked(alias: String?) throws {
+    let effectiveAlias = resolveAlias(alias)
+    guard keyStore.hasKeyPair(alias: effectiveAlias) else {
+      throw DPoPError.keyNotFound(alias: effectiveAlias)
+    }
+
+    guard keyStore.isHardwareBacked(alias: effectiveAlias) else {
+      throw DPoPError.notHardwareBacked(alias: effectiveAlias)
+    }
+  }
+
+  func calculateThumbprint(alias: String?) throws -> String {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    let coordinates = try DPoPUtils.getPublicCoordinates(fromRawPublicKey: try DPoPUtils.toRawPublicKey(keyPair.publicKey))
+    return DPoPUtils.calculateThumbprint(kty: "EC", crv: "P-256", x: coordinates.x, y: coordinates.y)
+  }
+
+  func deleteKeyPair(alias: String?) throws {
+    try keyStore.deleteKeyPair(alias: resolveAlias(alias))
+  }
+
+  func getKeyInfo(alias: String?) -> [String: Any] {
+    let effectiveAlias = resolveAlias(alias)
+    let secureEnclaveAvailable = keyStore.isSecureEnclaveAvailable()
+    let fallbackReason = keyStore.getSecureEnclaveFallbackReason(alias: effectiveAlias)
+    let secureEnclaveFallbackReason: Any = fallbackReason ?? NSNull()
+    let keyInfo = keyStore.getKeyInfo(alias: effectiveAlias)
+
+    if !keyInfo.hasKeyPair {
+      return [
+        "alias": effectiveAlias,
+        "hasKeyPair": false,
+        "hardware": [
+          "ios": [
+            "secureEnclaveAvailable": secureEnclaveAvailable,
+            "secureEnclaveBacked": false,
+            "securityLevel": NSNull(),
+            "secureEnclaveFallbackReason": secureEnclaveFallbackReason
+          ]
+        ]
+      ]
+    }
+
+    let secureEnclaveBacked = secureEnclaveAvailable && keyInfo.insideSecureHardware
+    let securityLevel = secureEnclaveBacked ? 2 : 1
+
+    return [
+      "alias": keyInfo.alias,
+      "algorithm": keyInfo.algorithm,
+      "curve": keyInfo.curve,
+      "hasKeyPair": true,
+      "insideSecureHardware": secureEnclaveBacked,
+      "hardware": [
+        "ios": [
+          "secureEnclaveAvailable": secureEnclaveAvailable,
+          "secureEnclaveBacked": secureEnclaveBacked,
+          "securityLevel": securityLevel,
+          "secureEnclaveFallbackReason": secureEnclaveFallbackReason
+        ]
+      ]
+    ]
+  }
+
+  func getPublicKeyDer(alias: String?) throws -> String {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    return DPoPUtils.base64UrlEncode(try DPoPUtils.toDerPublicKey(keyPair.publicKey))
+  }
+
+  func getPublicKeyJwk(alias: String?) throws -> [String: Any] {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    let coordinates = try DPoPUtils.getPublicCoordinates(fromRawPublicKey: try DPoPUtils.toRawPublicKey(keyPair.publicKey))
+    return [
+      "kty": "EC",
+      "crv": "P-256",
+      "x": coordinates.x,
+      "y": coordinates.y
+    ]
+  }
+
+  func getPublicKeyRaw(alias: String?) throws -> String {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    return DPoPUtils.base64UrlEncode(try DPoPUtils.toRawPublicKey(keyPair.publicKey))
+  }
+
+  func hasKeyPair(alias: String?) -> Bool {
+    keyStore.hasKeyPair(alias: resolveAlias(alias))
+  }
+
+  func isBoundToAlias(proof: String, alias: String?) throws -> Bool {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    return try DPoPUtils.isProofBoundToPublicKey(proof, publicKey: keyPair.publicKey)
+  }
+
+  func rotateKeyPair(alias: String?) throws {
+    try keyStore.generateKeyPair(alias: resolveAlias(alias))
+  }
+
+  func signWithDpopPrivateKey(payload: String, alias: String?) throws -> String {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    var error: Unmanaged<CFError>?
+    guard let derSignature = SecKeyCreateSignature(
+      keyPair.privateKey,
+      .ecdsaSignatureMessageX962SHA256,
+      Data(payload.utf8) as CFData,
+      &error
+    ) as Data? else {
+      throw DPoPError.securityError(error?.takeRetainedValue())
+    }
+    let joseSignature = try DPoPUtils.derToJose(derSignature, partLength: 32)
+    return DPoPUtils.base64UrlEncode(joseSignature)
+  }
+
+  func generateProof(
+    htu: String,
+    htm: String,
+    nonce: String?,
+    accessToken: String?,
+    additional: [String: Any]?,
+    kid: String?,
+    jti: String?,
+    iat: NSNumber?,
+    alias: String?
+  ) throws -> [String: Any] {
+    let effectiveAlias = resolveAlias(alias)
+    if !keyStore.hasKeyPair(alias: effectiveAlias) {
+      try keyStore.generateKeyPair(alias: effectiveAlias)
+    }
+    let keyPair = try keyStore.getKeyPair(alias: effectiveAlias)
+    let coordinates = try DPoPUtils.getPublicCoordinates(fromRawPublicKey: try DPoPUtils.toRawPublicKey(keyPair.publicKey))
+
+    var jwk: [String: Any] = [
+      "kty": "EC",
+      "crv": "P-256",
+      "x": coordinates.x,
+      "y": coordinates.y
+    ]
+
+    var header: [String: Any] = [
+      "typ": "dpop+jwt",
+      "alg": "ES256",
+      "jwk": jwk
+    ]
+
+    if let kid, !kid.isEmpty {
+      header["kid"] = kid
+    }
+
+    let issuedAt = iat?.int64Value ?? Int64(Date().timeIntervalSince1970)
+    let finalJti = (jti?.isEmpty == false) ? jti! : UUID().uuidString
+
+    var payload: [String: Any] = [
+      "jti": finalJti,
+      "htm": htm.uppercased(),
+      "htu": htu,
+      "iat": issuedAt
+    ]
+
+    if let nonce, !nonce.isEmpty {
+      payload["nonce"] = nonce
+    }
+
+    if let accessToken, !accessToken.isEmpty {
+      payload["ath"] = DPoPUtils.hashAccessToken(accessToken)
+    }
+
+    if let additional {
+      for (key, value) in additional {
+        payload[key] = value
+      }
+    }
+
+    let headerSegment = DPoPUtils.base64UrlEncode(try DPoPUtils.jsonData(header))
+    let payloadSegment = DPoPUtils.base64UrlEncode(try DPoPUtils.jsonData(payload))
+    let signingInput = "\(headerSegment).\(payloadSegment)"
+
+    var error: Unmanaged<CFError>?
+    guard let derSignature = SecKeyCreateSignature(
+      keyPair.privateKey,
+      .ecdsaSignatureMessageX962SHA256,
+      Data(signingInput.utf8) as CFData,
+      &error
+    ) as Data? else {
+      throw DPoPError.securityError(error?.takeRetainedValue())
+    }
+    let joseSignature = try DPoPUtils.derToJose(derSignature, partLength: 32)
+    let jwt = "\(signingInput).\(DPoPUtils.base64UrlEncode(joseSignature))"
+
+    let proofContext: [String: Any] = [
+      "htu": payload["htu"] as? String ?? htu,
+      "htm": payload["htm"] as? String ?? htm.uppercased(),
+      "nonce": payload["nonce"] ?? NSNull(),
+      "ath": payload["ath"] ?? NSNull(),
+      "kid": header["kid"] ?? NSNull(),
+      "jti": payload["jti"] as? String ?? finalJti,
+      "iat": Double(issuedAt),
+      "additional": additional ?? NSNull()
+    ]
+
+    return [
+      "proof": jwt,
+      "proofContext": proofContext
+    ]
+  }
+
+}
+
+@objc extension ReactNativeDPoP {
+  static func moduleName() -> String! {
+    "ReactNativeDPoP"
+  }
+
+  static func requiresMainQueueSetup() -> Bool {
+    false
+  }
+
+  func assertHardwareBacked(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      try DPoPModule.shared.assertHardwareBacked(alias: alias)
+      resolve(nil)
+    } catch {
+      reject("ERR_DPOP_ASSERT_HARDWARE_BACKED", error.localizedDescription, error)
+    }
+  }
+
+  func calculateThumbprint(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.calculateThumbprint(alias: alias))
+    } catch {
+      reject("ERR_DPOP_CALCULATE_THUMBPRINT", error.localizedDescription, error)
+    }
+  }
+
+  func deleteKeyPair(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      try DPoPModule.shared.deleteKeyPair(alias: alias)
+      resolve(nil)
+    } catch {
+      reject("ERR_DPOP_DELETE_KEY_PAIR", error.localizedDescription, error)
+    }
+  }
+
+  func getKeyInfo(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    resolve(DPoPModule.shared.getKeyInfo(alias: alias))
+  }
+
+  func getPublicKeyDer(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.getPublicKeyDer(alias: alias))
+    } catch {
+      reject("ERR_DPOP_PUBLIC_KEY", error.localizedDescription, error)
+    }
+  }
+
+  func getPublicKeyJwk(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.getPublicKeyJwk(alias: alias))
+    } catch {
+      reject("ERR_DPOP_PUBLIC_KEY", error.localizedDescription, error)
+    }
+  }
+
+  func getPublicKeyRaw(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.getPublicKeyRaw(alias: alias))
+    } catch {
+      reject("ERR_DPOP_PUBLIC_KEY", error.localizedDescription, error)
+    }
+  }
+
+  func hasKeyPair(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    resolve(DPoPModule.shared.hasKeyPair(alias: alias))
+  }
+
+  func isBoundToAlias(_ proof: String, alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.isBoundToAlias(proof: proof, alias: alias))
+    } catch {
+      reject("ERR_DPOP_IS_BOUND_TO_ALIAS", error.localizedDescription, error)
+    }
+  }
+
+  func rotateKeyPair(_ alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      try DPoPModule.shared.rotateKeyPair(alias: alias)
+      resolve(nil)
+    } catch {
+      reject("ERR_DPOP_ROTATE_KEY_PAIR", error.localizedDescription, error)
+    }
+  }
+
+  func signWithDpopPrivateKey(_ payload: String, alias: String?, resolve: @escaping RCTPromiseResolveBlock, reject: @escaping RCTPromiseRejectBlock) {
+    do {
+      resolve(try DPoPModule.shared.signWithDpopPrivateKey(payload: payload, alias: alias))
+    } catch {
+      reject("ERR_DPOP_SIGN_WITH_PRIVATE_KEY", error.localizedDescription, error)
+    }
+  }
+
+  func generateProof(
+    _ htu: String,
+    htm: String,
+    nonce: String?,
+    accessToken: String?,
+    additional: [String: Any]?,
+    kid: String?,
+    jti: String?,
+    iat: NSNumber?,
+    alias: String?,
+    resolve: @escaping RCTPromiseResolveBlock,
+    reject: @escaping RCTPromiseRejectBlock
+  ) {
+    do {
+      resolve(
+        try DPoPModule.shared.generateProof(
+          htu: htu,
+          htm: htm,
+          nonce: nonce,
+          accessToken: accessToken,
+          additional: additional,
+          kid: kid,
+          jti: jti,
+          iat: iat,
+          alias: alias
+        )
+      )
+    } catch {
+      reject("ERR_DPOP_GENERATE_PROOF", error.localizedDescription, error)
+    }
+  }
+}

package/ios/DPoPModuleBridge.mm

@@ -0,0 +1,93 @@
+#import <React/RCTBridgeModule.h>
+#import <React/RCTUtils.h>
+
+#ifdef RCT_NEW_ARCH_ENABLED
+#if __has_include(<ReactNativeDPoPSpec/ReactNativeDPoPSpec.h>)
+#import <ReactNativeDPoPSpec/ReactNativeDPoPSpec.h>
+#else
+#import "ReactNativeDPoPSpec.h"
+#endif
+#endif
+
+#if __has_include(<ReactNativeDPoP/ReactNativeDPoP-Swift.h>)
+#import <ReactNativeDPoP/ReactNativeDPoP-Swift.h>
+#else
+#import "ReactNativeDPoP-Swift.h"
+#endif
+
+@interface RCT_EXTERN_MODULE(ReactNativeDPoP, NSObject)
+
+RCT_EXTERN_METHOD(assertHardwareBacked:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(calculateThumbprint:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(deleteKeyPair:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getKeyInfo:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getPublicKeyDer:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getPublicKeyJwk:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(getPublicKeyRaw:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(hasKeyPair:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(isBoundToAlias:(NSString *)proof
+                  alias:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(rotateKeyPair:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(signWithDpopPrivateKey:(NSString *)payload
+                  alias:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+RCT_EXTERN_METHOD(generateProof:(NSString *)htu
+                  htm:(NSString *)htm
+                  nonce:(NSString * _Nullable)nonce
+                  accessToken:(NSString * _Nullable)accessToken
+                  additional:(NSDictionary * _Nullable)additional
+                  kid:(NSString * _Nullable)kid
+                  jti:(NSString * _Nullable)jti
+                  iat:(NSNumber * _Nullable)iat
+                  alias:(NSString * _Nullable)alias
+                  resolve:(RCTPromiseResolveBlock)resolve
+                  reject:(RCTPromiseRejectBlock)reject)
+
+@end
+
+@implementation ReactNativeDPoP
+@end
+
+#if RCT_NEW_ARCH_ENABLED
+@implementation ReactNativeDPoP (TurboModule)
+
+- (std::shared_ptr<facebook::react::TurboModule>)getTurboModule:
+    (const facebook::react::ObjCTurboModule::InitParams &)params
+{
+    return std::make_shared<facebook::react::NativeReactNativeDPoPSpecJSI>(params);
+}
+
+@end
+#endif

package/ios/DPoPUtils.swift

@@ -0,0 +1,203 @@
+import Foundation
+import CryptoKit
+import Security
+
+enum DPoPUtils {
+  static func base64UrlEncode(_ data: Data) -> String {
+    data.base64EncodedString()
+      .replacingOccurrences(of: "+", with: "-")
+      .replacingOccurrences(of: "/", with: "_")
+      .replacingOccurrences(of: "=", with: "")
+  }
+
+  static func base64UrlDecode(_ value: String) -> Data? {
+    let remainder = value.count % 4
+    let padded = remainder == 0 ? value : value + String(repeating: "=", count: 4 - remainder)
+    let base64 = padded
+      .replacingOccurrences(of: "-", with: "+")
+      .replacingOccurrences(of: "_", with: "/")
+    return Data(base64Encoded: base64)
+  }
+
+  static func sha256(_ data: Data) -> Data {
+    Data(SHA256.hash(data: data))
+  }
+
+  static func hashAccessToken(_ accessToken: String) -> String {
+    let data = Data(accessToken.utf8)
+    return base64UrlEncode(sha256(data))
+  }
+
+  static func calculateThumbprint(kty: String, crv: String, x: String, y: String) -> String {
+    let canonical = "{\"crv\":\"\(crv)\",\"kty\":\"\(kty)\",\"x\":\"\(x)\",\"y\":\"\(y)\"}"
+    return base64UrlEncode(sha256(Data(canonical.utf8)))
+  }
+
+  static func jsonData(_ object: Any) throws -> Data {
+    if #available(iOS 11.0, *) {
+      return try JSONSerialization.data(withJSONObject: object, options: [.sortedKeys])
+    }
+    return try JSONSerialization.data(withJSONObject: object, options: [])
+  }
+
+  static func derToJose(_ derSignature: Data, partLength: Int = 32) throws -> Data {
+    let bytes = [UInt8](derSignature)
+    guard !bytes.isEmpty, bytes[0] == 0x30 else {
+      throw DPoPError.invalidDerSignature
+    }
+
+    var index = 1
+    let (_, seqLengthBytes) = try readDerLength(bytes, startIndex: index)
+    index += seqLengthBytes
+
+    guard index < bytes.count, bytes[index] == 0x02 else {
+      throw DPoPError.invalidDerSignature
+    }
+
+    index += 1
+    let (rLength, rLengthBytes) = try readDerLength(bytes, startIndex: index)
+    index += rLengthBytes
+    let rEnd = index + rLength
+    guard rEnd <= bytes.count else {
+      throw DPoPError.invalidDerSignature
+    }
+    let r = Data(bytes[index..<rEnd])
+    index = rEnd
+
+    guard index < bytes.count, bytes[index] == 0x02 else {
+      throw DPoPError.invalidDerSignature
+    }
+
+    index += 1
+    let (sLength, sLengthBytes) = try readDerLength(bytes, startIndex: index)
+    index += sLengthBytes
+    let sEnd = index + sLength
+    guard sEnd <= bytes.count else {
+      throw DPoPError.invalidDerSignature
+    }
+    let s = Data(bytes[index..<sEnd])
+
+    let rFixed = try toUnsignedFixedLength(r, length: partLength)
+    let sFixed = try toUnsignedFixedLength(s, length: partLength)
+    return rFixed + sFixed
+  }
+
+  static func getPublicCoordinates(fromRawPublicKey raw: Data) throws -> (x: String, y: String) {
+    guard raw.count == 65, raw.first == 0x04 else {
+      throw DPoPError.invalidPublicKey
+    }
+
+    let x = raw.subdata(in: 1..<33)
+    let y = raw.subdata(in: 33..<65)
+    return (base64UrlEncode(x), base64UrlEncode(y))
+  }
+
+  static func toRawPublicKey(_ publicKey: SecKey) throws -> Data {
+    var error: Unmanaged<CFError>?
+    guard let publicKeyData = SecKeyCopyExternalRepresentation(publicKey, &error) as Data? else {
+      throw DPoPError.securityError(error?.takeRetainedValue())
+    }
+
+    guard publicKeyData.count == 65, publicKeyData.first == 0x04 else {
+      throw DPoPError.invalidPublicKey
+    }
+
+    return publicKeyData
+  }
+
+  static func toDerPublicKey(_ publicKey: SecKey) throws -> Data {
+    let raw = try toRawPublicKey(publicKey)
+    let cryptoKey = try P256.Signing.PublicKey(x963Representation: raw)
+    return cryptoKey.derRepresentation
+  }
+
+  static func isProofBoundToPublicKey(_ proof: String, publicKey: SecKey) throws -> Bool {
+    let parts = proof.split(separator: ".", omittingEmptySubsequences: false)
+    guard parts.count == 3 else {
+      throw DPoPError.invalidProofFormat
+    }
+
+    guard let headerData = base64UrlDecode(String(parts[0])) else {
+      throw DPoPError.invalidProofFormat
+    }
+
+    let json = try JSONSerialization.jsonObject(with: headerData, options: [])
+    guard let header = json as? [String: Any],
+          let jwk = header["jwk"] as? [String: Any],
+          let kty = jwk["kty"] as? String,
+          let crv = jwk["crv"] as? String,
+          let x = jwk["x"] as? String,
+          let y = jwk["y"] as? String else {
+      throw DPoPError.invalidProofFormat
+    }
+
+    let coordinates = try getPublicCoordinates(fromRawPublicKey: try toRawPublicKey(publicKey))
+    return kty == "EC" && crv == "P-256" && x == coordinates.x && y == coordinates.y
+  }
+
+  private static func readDerLength(_ input: [UInt8], startIndex: Int) throws -> (Int, Int) {
+    guard startIndex < input.count else {
+      throw DPoPError.invalidDerSignature
+    }
+
+    let first = Int(input[startIndex])
+    if (first & 0x80) == 0 {
+      return (first, 1)
+    }
+
+    let lengthBytesCount = first & 0x7F
+    guard lengthBytesCount > 0, lengthBytesCount <= 4, startIndex + lengthBytesCount < input.count else {
+      throw DPoPError.invalidDerSignature
+    }
+
+    var length = 0
+    for index in 0..<lengthBytesCount {
+      length = (length << 8) | Int(input[startIndex + 1 + index])
+    }
+
+    return (length, 1 + lengthBytesCount)
+  }
+
+  private static func toUnsignedFixedLength(_ value: Data, length: Int) throws -> Data {
+    let bytes = [UInt8](value)
+    if bytes.count == length {
+      return value
+    }
+
+    if bytes.count == length + 1, bytes.first == 0x00 {
+      return Data(bytes.dropFirst())
+    }
+
+    if bytes.count < length {
+      return Data(repeating: 0, count: length - bytes.count) + value
+    }
+
+    throw DPoPError.invalidDerSignature
+  }
+}
+
+enum DPoPError: LocalizedError {
+  case invalidDerSignature
+  case invalidPublicKey
+  case invalidProofFormat
+  case keyNotFound(alias: String)
+  case notHardwareBacked(alias: String)
+  case securityError(CFError?)
+
+  var errorDescription: String? {
+    switch self {
+    case .invalidDerSignature:
+      return "Invalid DER signature format"
+    case .invalidPublicKey:
+      return "Invalid P-256 public key"
+    case .invalidProofFormat:
+      return "Invalid DPoP proof format"
+    case .keyNotFound(let alias):
+      return "Key pair not found for alias: \(alias)"
+    case .notHardwareBacked(let alias):
+      return "Key pair is not hardware-backed for alias: \(alias)"
+    case .securityError(let error):
+      return (error as Error?)?.localizedDescription ?? "Security framework error"
+    }
+  }
+}