UNPKG

@mysten/sui

Version:

Sui TypeScript API(Work in Progress)

sdk.mystenlabs.com

189 lines (168 loc) 5.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
// Copyright (c) Mysten Labs, Inc. // SPDX-License-Identifier: Apache-2.0 import { fromBase64, toBase64 } from '@mysten/bcs'; import { secp256r1 } from '@noble/curves/p256'; import { sha256 } from '@noble/hashes/sha256'; import { PasskeyAuthenticator } from '../../bcs/bcs.js'; import { bytesEqual, PublicKey } from '../../cryptography/publickey.js'; import type { PublicKeyInitData } from '../../cryptography/publickey.js'; import { SIGNATURE_SCHEME_TO_FLAG } from '../../cryptography/signature-scheme.js'; export const PASSKEY_PUBLIC_KEY_SIZE = 33; export const PASSKEY_UNCOMPRESSED_PUBLIC_KEY_SIZE = 65; export const PASSKEY_SIGNATURE_SIZE = 64; /** Fixed DER header for secp256r1 SubjectPublicKeyInfo DER structure for P-256 SPKI: 30 -- SEQUENCE 59 -- length (89 bytes) 30 -- SEQUENCE 13 -- length (19 bytes) 06 -- OBJECT IDENTIFIER 07 -- length 2A 86 48 CE 3D 02 01 -- id-ecPublicKey 06 -- OBJECT IDENTIFIER 08 -- length 2A 86 48 CE 3D 03 01 07 -- secp256r1/prime256v1 03 -- BIT STRING 42 -- length (66 bytes) 00 -- padding ===== above bytes are considered header ===== 04 || x || y -- uncompressed point (65 bytes: 0x04 || 32-byte x || 32-byte y) */ export const SECP256R1_SPKI_HEADER = new Uint8Array([ 0x30, 0x59, // SEQUENCE, length 89 0x30, 0x13, // SEQUENCE, length 19 0x06, 0x07, // OID, length 7 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, // OID: 1.2.840.10045.2.1 (ecPublicKey) 0x06, 0x08, // OID, length 8 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, // OID: 1.2.840.10045.3.1.7 (prime256v1/secp256r1) 0x03, 0x42, // BIT STRING, length 66 0x00, // no unused bits ] as const); /** * A passkey public key */ export class PasskeyPublicKey extends PublicKey { static SIZE = PASSKEY_PUBLIC_KEY_SIZE; private data: Uint8Array; /** * Create a new PasskeyPublicKey object * @param value passkey public key as buffer or base-64 encoded string */ constructor(value: PublicKeyInitData) { super(); if (typeof value === 'string') { this.data = fromBase64(value); } else if (value instanceof Uint8Array) { this.data = value; } else { this.data = Uint8Array.from(value); } if (this.data.length !== PASSKEY_PUBLIC_KEY_SIZE) { throw new Error( `Invalid public key input. Expected ${PASSKEY_PUBLIC_KEY_SIZE} bytes, got ${this.data.length}`, ); } } /** * Checks if two passkey public keys are equal */ override equals(publicKey: PasskeyPublicKey): boolean { return super.equals(publicKey); } /** * Return the byte array representation of the Secp256r1 public key */ toRawBytes(): Uint8Array { return this.data; } /** * Return the Sui address associated with this Secp256r1 public key */ flag(): number { return SIGNATURE_SCHEME_TO_FLAG['Passkey']; } /** * Verifies that the signature is valid for for the provided message */ async verify(message: Uint8Array, signature: Uint8Array | string): Promise<boolean> { const parsed = parseSerializedPasskeySignature(signature); const clientDataJSON = JSON.parse(parsed.clientDataJson); if (clientDataJSON.type !== 'webauthn.get') { return false; } // parse challenge from base64 url const parsedChallenge = fromBase64( clientDataJSON.challenge.replace(/-/g, '+').replace(/_/g, '/'), ); if (!bytesEqual(message, parsedChallenge)) { return false; } const pk = parsed.userSignature.slice(1 + PASSKEY_SIGNATURE_SIZE); if (!bytesEqual(this.toRawBytes(), pk)) { return false; } const payload = new Uint8Array([...parsed.authenticatorData, ...sha256(parsed.clientDataJson)]); const sig = parsed.userSignature.slice(1, PASSKEY_SIGNATURE_SIZE + 1); return secp256r1.verify(sig, sha256(payload), pk); } } /** * Parses a DER SubjectPublicKeyInfo into an uncompressed public key. This also verifies * that the curve used is P-256 (secp256r1). * * @param data: DER SubjectPublicKeyInfo * @returns uncompressed public key (`0x04 || x || y`) */ export function parseDerSPKI(derBytes: Uint8Array): Uint8Array { // Verify length and header bytes are expected if (derBytes.length !== SECP256R1_SPKI_HEADER.length + PASSKEY_UNCOMPRESSED_PUBLIC_KEY_SIZE) { throw new Error('Invalid DER length'); } for (let i = 0; i < SECP256R1_SPKI_HEADER.length; i++) { if (derBytes[i] !== SECP256R1_SPKI_HEADER[i]) { throw new Error('Invalid spki header'); } } if (derBytes[SECP256R1_SPKI_HEADER.length] !== 0x04) { throw new Error('Invalid point marker'); } // Returns the last 65 bytes `04 || x || y` return derBytes.slice(SECP256R1_SPKI_HEADER.length); } /** * Parse signature from bytes or base64 string into the following fields. */ export function parseSerializedPasskeySignature(signature: Uint8Array | string) { const bytes = typeof signature === 'string' ? fromBase64(signature) : signature; if (bytes[0] !== SIGNATURE_SCHEME_TO_FLAG.Passkey) { throw new Error('Invalid signature scheme'); } const dec = PasskeyAuthenticator.parse(bytes.slice(1)); return { signatureScheme: 'Passkey' as const, serializedSignature: toBase64(bytes), signature: bytes, authenticatorData: dec.authenticatorData, clientDataJson: dec.clientDataJson, userSignature: new Uint8Array(dec.userSignature), publicKey: new Uint8Array(dec.userSignature.slice(1 + PASSKEY_SIGNATURE_SIZE)), }; }