fix: move passkey util to new sdk

Author: cpb8010

packages/auth-server/components/account-recovery/oidc-recovery-flow/Step3.vue

@@ -12,7 +12,7 @@
 
 <script setup lang="ts">
 import { bytesToHex, type Hex, toHex } from "viem";
-// import { base64UrlToUint8Array, getPublicKeyBytesFromPasskeySignature } from "zksync-sso/utils";
+import { base64urlToUint8Array, getPublicKeyBytesFromPasskeySignature } from "zksync-sso-4337/utils";
 
 const emit = defineEmits<{
   (e: "done", passkey: PasskeyData): void;
@@ -44,7 +44,7 @@ async function getNewPasskey(): Promise<PasskeyData> {
   }
 
   return {
-    credentialId: toHex(base64UrlToUint8Array(credentialId)),
+    credentialId: toHex(base64urlToUint8Array(credentialId)),
     passkeyPubKey: [bytesToHex(buf1), bytesToHex(buf2)],
   };
 }

packages/auth-server/composables/useRecoveryGuardian.ts

@@ -1,8 +1,7 @@
 import type { Account, Address, Chain, Hex, Transport, WalletClient } from "viem";
 import { encodeAbiParameters, keccak256, pad, parseAbiParameters, toHex } from "viem";
 import { waitForTransactionReceipt } from "viem/actions";
-import { getPublicKeyBytesFromPasskeySignature } from "zksync-sso";
-import { base64urlToUint8Array } from "zksync-sso-4337/utils";
+import { base64urlToUint8Array, getPublicKeyBytesFromPasskeySignature } from "zksync-sso-4337/utils";
 
 import { GuardianExecutorAbi, RecoveryType } from "~/abi/GuardianExecutorAbi";
 

packages/auth-server/pages/recovery/guardian/(actions)/confirm-recovery.vue

@@ -106,7 +106,7 @@
 <script setup lang="ts">
 import { useAppKitAccount } from "@reown/appkit/vue";
 import { type Address, hexToBytes, isAddressEqual, keccak256, toHex } from "viem";
-// import { base64UrlToUint8Array } from "zksync-sso/utils";
+import { base64urlToUint8Array } from "zksync-sso-4337/utils";
 import { z } from "zod";
 
 import { uint8ArrayToHex } from "@/utils/formatters";
@@ -168,7 +168,7 @@ const recoveryParams = computedAsync(async () => RecoveryParamsSchema.parseAsync
 const recoveryCompleted = computedAsync(async () => {
   if (!recoveryParams.value?.accountAddress) return false;
   const result = await getRecovery(recoveryParams.value.accountAddress);
-  return result?.hashedCredentialId === keccak256(toHex(base64UrlToUint8Array(recoveryParams.value.credentialId)));
+  return result?.hashedCredentialId === keccak256(toHex(base64urlToUint8Array(recoveryParams.value.credentialId)));
 });
 
 const guardians = computedAsync(async () => {

packages/sdk-4337/src/client/passkey/cose.ts

@@ -0,0 +1,94 @@
+import { Buffer } from "buffer";
+
+enum COSEKEYS {
+  kty = 1, // Key Type
+  alg = 3, // Algorithm
+  crv = -1, // Curve for EC keys
+  x = -2, // X coordinate for EC keys
+  y = -3, // Y coordinate for EC keys
+}
+
+type COSEPublicKeyMap = Map<COSEKEYS, number | Buffer>;
+
+function decodeMap(buffer: Buffer): COSEPublicKeyMap {
+  const map = new Map<COSEKEYS, number | Buffer>();
+  let offset = 1; // Start after the map header
+
+  const mapHeader = buffer[0];
+  const mapSize = mapHeader & 0x1f; // Number of pairs
+
+  for (let i = 0; i < mapSize; i++) {
+    const [key, keyLength] = decodeInt(buffer, offset);
+    offset += keyLength;
+
+    const [value, valueLength] = decodeValue(buffer, offset);
+    offset += valueLength;
+
+    map.set(key as COSEKEYS, value);
+  }
+
+  return map;
+}
+
+function decodeInt(buffer: Buffer, offset: number): [number, number] {
+  const intByte = buffer[offset];
+
+  if (intByte < 24) {
+    // Small positive integer (0–23)
+    return [intByte, 1];
+  } else if (intByte === 0x18) {
+    // 1-byte unsigned integer
+    return [buffer[offset + 1], 2];
+  } else if (intByte === 0x19) {
+    // 2-byte unsigned integer
+    return [buffer.readUInt16BE(offset + 1), 3];
+  } else if (intByte >= 0x20 && intByte <= 0x37) {
+    // Small negative integer (-1 to -24)
+    return [-(intByte - 0x20) - 1, 1];
+  } else if (intByte === 0x38) {
+    // 1-byte negative integer
+    return [-1 - buffer[offset + 1], 2];
+  } else if (intByte === 0x39) {
+    // 2-byte negative integer
+    return [-1 - buffer.readUInt16BE(offset + 1), 3];
+  } else {
+    throw new Error("Unsupported integer format");
+  }
+}
+
+function decodeBytes(buffer: Buffer, offset: number): [Buffer, number] {
+  const lengthByte = buffer[offset];
+  if (lengthByte >= 0x40 && lengthByte <= 0x57) {
+    const length = lengthByte - 0x40;
+    return [buffer.slice(offset + 1, offset + 1 + length), length + 1];
+  } else if (lengthByte === 0x58) {
+    // Byte array with 1-byte length prefix
+    const length = buffer[offset + 1];
+    return [buffer.slice(offset + 2, offset + 2 + length), length + 2];
+  } else {
+    throw new Error("Unsupported byte format");
+  }
+}
+
+function decodeValue(buffer: Buffer, offset: number): [number | Buffer, number] {
+  const type = buffer[offset];
+  if (type >= 0x40 && type <= 0x5f) {
+    // Byte array
+    return decodeBytes(buffer, offset);
+  } else {
+    return decodeInt(buffer, offset);
+  }
+}
+
+/**
+ * Decodes a CBOR-encoded COSE public key (from WebAuthn credential) and returns the x,y coordinates.
+ * @param publicPasskey - CBOR-encoded COSE public key as Uint8Array
+ * @returns Tuple of [x, y] coordinates as Buffers
+ */
+export const getPublicKeyBytesFromPasskeySignature = (publicPasskey: Uint8Array): [Buffer, Buffer] => {
+  const cosePublicKey = decodeMap(Buffer.from(publicPasskey)); // Decodes CBOR-encoded COSE key
+  const x = cosePublicKey.get(COSEKEYS.x) as Buffer;
+  const y = cosePublicKey.get(COSEKEYS.y) as Buffer;
+
+  return [Buffer.from(x), Buffer.from(y)];
+};

packages/sdk-4337/src/client/passkey/index.ts

@@ -8,6 +8,7 @@ export {
   type PasskeyClientActions,
   passkeyClientActions,
 } from "./client-actions.js";
+export { getPublicKeyBytesFromPasskeySignature } from "./cose.js";
 export {
   base64urlToUint8Array,
   type CreateCredentialOptions,