UNPKG

ox

Version:

Ethereum Standard Library

wevm.dev

wevm/ox

282 lines 9.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
import * as Authentication from '../webauthn/Authentication.js'; import * as Authenticator from '../webauthn/Authenticator.js'; import * as Registration from '../webauthn/Registration.js'; export const createChallenge = Registration.createChallenge; /** * Creates a new WebAuthn P256 Credential, which can be stored and later used for signing. * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const credential = await WebAuthnP256.createCredential({ name: 'Example' }) // [!code focus] * // @log: { * // @log: id: 'oZ48...', * // @log: publicKey: { x: 51421...5123n, y: 12345...6789n }, * // @log: raw: PublicKeyCredential {}, * // @log: } * * const { metadata, signature } = await WebAuthnP256.sign({ * credentialId: credential.id, * challenge: '0xdeadbeef', * }) * ``` * * @param options - Credential creation options. * @returns A WebAuthn P256 credential. */ export async function createCredential(options) { return Registration.create(options); } /** * Gets the authenticator data which contains information about the * processing of an authenticator request (ie. from `WebAuthnP256.sign`). * * :::warning * * This function is mainly for testing purposes or for manually constructing * autenticator data. In most cases you will not need this function. * `authenticatorData` is typically returned as part of the * {@link ox#WebAuthnP256.(sign:function)} response (ie. an authenticator response). * * ::: * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const authenticatorData = WebAuthnP256.getAuthenticatorData({ * rpId: 'example.com', * signCount: 420, * }) * // @log: "0xa379a6f6eeafb9a55e378c118034e2751e682fab9f2d30ab13d2125586ce194705000001a4" * ``` * * @example * ### With Attested Credential Data * * Include a credential ID and public key in the authenticator data (for registration responses): * * ```ts twoslash * import { P256, WebAuthnP256 } from 'ox' * * const { publicKey } = P256.createKeyPair() * * const authenticatorData = WebAuthnP256.getAuthenticatorData({ * rpId: 'example.com', * flag: 0x41, // UP + AT * credential: { * id: new Uint8Array(32), * publicKey, * }, * }) * ``` * * @param options - Options to construct the authenticator data. * @returns The authenticator data. */ export const getAuthenticatorData = Authenticator.getAuthenticatorData; /** * Constructs the Client Data in stringified JSON format which represents client data that * was passed to `credentials.get()` in {@link ox#WebAuthnP256.(sign:function)}. * * :::warning * * This function is mainly for testing purposes or for manually constructing * client data. In most cases you will not need this function. * `clientDataJSON` is typically returned as part of the * {@link ox#WebAuthnP256.(sign:function)} response (ie. an authenticator response). * * ::: * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const clientDataJSON = WebAuthnP256.getClientDataJSON({ * challenge: '0xdeadbeef', * origin: 'https://example.com', * }) * // @log: "{"type":"webauthn.get","challenge":"3q2-7w","origin":"https://example.com","crossOrigin":false}" * ``` * * @param options - Options to construct the client data. * @returns The client data. */ export const getClientDataJSON = Authenticator.getClientDataJSON; /** * Constructs a CBOR-encoded attestation object for testing WebAuthn registration * verification. Combines the authenticator data with an attestation statement. * * :::warning * * This function is mainly for testing purposes. In production, the attestation * object is returned by the authenticator during `navigator.credentials.create()`. * * ::: * * @example * ```ts twoslash * import { P256, WebAuthnP256 } from 'ox' * * const { publicKey } = P256.createKeyPair() * * const attestationObject = WebAuthnP256.getAttestationObject({ * authData: WebAuthnP256.getAuthenticatorData({ * rpId: 'example.com', * flag: 0x41, * credential: { id: new Uint8Array(32), publicKey }, * }), * }) * ``` * * @param options - Options to construct the attestation object. * @returns The CBOR-encoded attestation object as a Hex string. */ export const getAttestationObject = Authenticator.getAttestationObject; /** * Returns the creation options for a P256 WebAuthn Credential to be used with * the Web Authentication API. * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const options = WebAuthnP256.getCredentialCreationOptions({ name: 'Example' }) * * const credential = await window.navigator.credentials.create(options) * ``` * * @param options - Options. * @returns The credential creation options. */ export const getCredentialCreationOptions = Registration.getOptions; /** * Returns the request options to sign a challenge with the Web Authentication API. * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const options = WebAuthnP256.getCredentialRequestOptions({ * challenge: '0xdeadbeef', * }) * * const credential = await window.navigator.credentials.get(options) * ``` * * @param options - Options. * @returns The credential request options. */ export const getCredentialRequestOptions = Authentication.getOptions; /** * Constructs the final digest that was signed and computed by the authenticator. This payload includes * the cryptographic `challenge`, as well as authenticator metadata (`authenticatorData` + `clientDataJSON`). * This value can be also used with raw P256 verification (such as {@link ox#P256.(verify:function)} or * {@link ox#WebCryptoP256.(verify:function)}). * * :::warning * * This function is mainly for testing purposes or for manually constructing * signing payloads. In most cases you will not need this function and * instead use {@link ox#WebAuthnP256.(sign:function)}. * * ::: * * @example * ```ts twoslash * import { WebAuthnP256, WebCryptoP256 } from 'ox' * * const { metadata, payload } = WebAuthnP256.getSignPayload({ // [!code focus] * challenge: '0xdeadbeef', // [!code focus] * }) // [!code focus] * // @log: { * // @log: metadata: { * // @log: authenticatorData: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000", * // @log: challengeIndex: 23, * // @log: clientDataJSON: "{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}", * // @log: typeIndex: 1, * // @log: userVerificationRequired: true, * // @log: }, * // @log: payload: "0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d9763050000000045086dcb06a5f234db625bcdc94e657f86b76b6fd3eb9c30543eabc1e577a4b0", * // @log: } * * const { publicKey, privateKey } = await WebCryptoP256.createKeyPair() * * const signature = await WebCryptoP256.sign({ * payload, * privateKey, * }) * ``` * * @param options - Options to construct the signing payload. * @returns The signing payload. */ export const getSignPayload = Authentication.getSignPayload; /** * Signs a challenge using a stored WebAuthn P256 Credential. If no Credential is provided, * a prompt will be displayed for the user to select an existing Credential * that was previously registered. * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const credential = await WebAuthnP256.createCredential({ * name: 'Example', * }) * * const { metadata, signature } = await WebAuthnP256.sign({ // [!code focus] * credentialId: credential.id, // [!code focus] * challenge: '0xdeadbeef', // [!code focus] * }) // [!code focus] * // @log: { * // @log: metadata: { * // @log: authenticatorData: '0x49960de5880e8c687434170f6476605b8fe4aeb9a28632c7995cf3ba831d97630500000000', * // @log: clientDataJSON: '{"type":"webauthn.get","challenge":"9jEFijuhEWrM4SOW-tChJbUEHEP44VcjcJ-Bqo1fTM8","origin":"http://localhost:5173","crossOrigin":false}', * // @log: challengeIndex: 23, * // @log: typeIndex: 1, * // @log: userVerificationRequired: true, * // @log: }, * // @log: signature: { r: 51231...4215n, s: 12345...6789n }, * // @log: } * ``` * * @param options - Options. * @returns The signature. */ export async function sign(options) { return Authentication.sign(options); } /** * Verifies a signature using the Credential's public key and the challenge which was signed. * * @example * ```ts twoslash * import { WebAuthnP256 } from 'ox' * * const credential = await WebAuthnP256.createCredential({ * name: 'Example', * }) * * const { metadata, signature } = await WebAuthnP256.sign({ * credentialId: credential.id, * challenge: '0xdeadbeef', * }) * * const result = await WebAuthnP256.verify({ // [!code focus] * metadata, // [!code focus] * challenge: '0xdeadbeef', // [!code focus] * publicKey: credential.publicKey, // [!code focus] * signature, // [!code focus] * }) // [!code focus] * // @log: true * ``` * * @param options - Options. * @returns Whether the signature is valid. */ export function verify(options) { return Authentication.verify(options); } //# sourceMappingURL=WebAuthnP256.js.map