chore: update cose-kit

__tests__/example/multipazExample.tests.ts

@@ -0,0 +1,41 @@
+import { hex, base64url } from 'buffer-tag';
+import { Verifier } from '../../src/index';
+
+const MULTIPAZ_ISSUER_CERTIFICATE = `-----BEGIN CERTIFICATE-----
+MIICpjCCAi2gAwIBAgIQiiieDKBRbQvx4FJgTHQFbTAKBggqhkjOPQQDAzAuMR8wHQYDVQQDDBZP
+V0YgTXVsdGlwYXogVEVTVCBJQUNBMQswCQYDVQQGDAJVUzAeFw0yNDEyMDEwMDAwMDBaFw0zNDEy
+MDEwMDAwMDBaMC4xHzAdBgNVBAMMFk9XRiBNdWx0aXBheiBURVNUIElBQ0ExCzAJBgNVBAYMAlVT
+MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE+QDye70m2O0llPXMjVjxVZz3m5k6agT+wih+L79b7jyq
+Ul99sbeUnpxaLD+cmB3HK3twkA7fmVJSobBc+9CDhkh3mx6n+YoH5RulaSWThWBfMyRjsfVODkos
+HLCDnbPVo4IBDjCCAQowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwTAYDVR0S
+BEUwQ4ZBaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50
+aXR5LWNyZWRlbnRpYWwwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cHM6Ly9naXRodWIuY29tL29wZW53
+YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwvY3JsMB0GA1UdDgQWBBSr
+ZRvgVsKQU/Hdf2zkh75o3mDJ9TAfBgNVHSMEGDAWgBSrZRvgVsKQU/Hdf2zkh75o3mDJ9TAKBggq
+hkjOPQQDAwNnADBkAjAtTLS7FfsbUe/SKlIhYgnDcD6fDgiUaUR4htNhFVHPA4d8OlUGqmof76xi
+eBjEc9MCMGKk27tss0KCk93qaRsZ7NuAGWMSun6mraePJ7PUpaYz2/6zztu51kYK6NftObq4fw==
+-----END CERTIFICATE-----`
+
+describe('example 1: valid device response with full disclosure', () => {
+  // const ephemeralReaderKey = hex`534b526561646572`;
+  const encodedSessionTranscript = hex`83f6f68358203f05353416dafae1024b7d3f112e8cd96f344ad8da02be6a97f3f3fd7e78b3df58208ee9a6ef6e23c192d1ac17ac716452a883caf32c01e241b231ed9c347c50688b78266e2d65623038616362372d373665642d346438302d383439362d366638383236326436363735`;
+  const deviceResponse = base64url`o2d2ZXJzaW9uYzEuMGlkb2N1bWVudHOBo2dkb2NUeXBld2V1LmV1cm9wYS5lYy5ldWRpLnBpZC4xbGlzc3VlclNpZ25lZKJqbmFtZVNwYWNlc6F3ZXUuZXVyb3BhLmVjLmV1ZGkucGlkLjGI2BhYWqRoZGlnZXN0SUQYGGZyYW5kb21QoNrqDE5lGi-PPT7KsJ-J23FlbGVtZW50SWRlbnRpZmllcmtmYW1pbHlfbmFtZWxlbGVtZW50VmFsdWVqTXVzdGVybWFubtgYWFOkaGRpZ2VzdElEFWZyYW5kb21QAM7TPipxg_bxRFn8eb1z6HFlbGVtZW50SWRlbnRpZmllcmpnaXZlbl9uYW1lbGVsZW1lbnRWYWx1ZWVFcmlrYdgYWFukaGRpZ2VzdElEFmZyYW5kb21QS48QY5x1NDgBUyUcB4pBa3FlbGVtZW50SWRlbnRpZmllcmpiaXJ0aF9kYXRlbGVsZW1lbnRWYWx1ZdkD7GoxOTcxLTA5LTAx2BhYW6RoZGlnZXN0SUQYGmZyYW5kb21QIRyF2kynZy-TAgksAYL-BXFlbGVtZW50SWRlbnRpZmllcmtiaXJ0aF9wbGFjZWxlbGVtZW50VmFsdWVrU2FtcGxlIENpdHnYGFhVpGhkaWdlc3RJRBRmcmFuZG9tUHK79UJ6mFGV7klMGf6EKNhxZWxlbWVudElkZW50aWZpZXJrbmF0aW9uYWxpdHlsZWxlbWVudFZhbHVlgmJaWmJYWtgYWF2kaGRpZ2VzdElEGBxmcmFuZG9tUDtIWbslgxJHODubfXmfQqpxZWxlbWVudElkZW50aWZpZXJrZXhwaXJ5X2RhdGVsZWxlbWVudFZhbHVl2QPsajIwMjgtMDktMDHYGFhspGhkaWdlc3RJRA9mcmFuZG9tUDC4FhFEAUe2sbefeltqlR1xZWxlbWVudElkZW50aWZpZXJxaXNzdWluZ19hdXRob3JpdHlsZWxlbWVudFZhbHVld1V0b3BpYSBDZW50cmFsIFJlZ2lzdHJ52BhYVqRoZGlnZXN0SUQYG2ZyYW5kb21Q8QbPRB57dLjAWN_FgzIaPnFlbGVtZW50SWRlbnRpZmllcm9pc3N1aW5nX2NvdW50cnlsZWxlbWVudFZhbHVlYlVTamlzc3VlckF1dGiEQ6EBJqEYIVkCjjCCAoowggIRoAMCAQICEH6yzGyyoBE155PMSBiojRowCgYIKoZIzj0EAwMwLjEfMB0GA1UEAwwWT1dGIE11bHRpcGF6IFRFU1QgSUFDQTELMAkGA1UEBgwCVVMwHhcNMjUwOTIyMTE0NDA3WhcNMjYxMjIxMTE0NDA3WjAsMR0wGwYDVQQDDBRPV0YgTXVsdGlwYXogVEVTVCBEUzELMAkGA1UEBgwCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAThaFjj5MVPbji5lwHPgJH9Sz-FANVNipgpr4kAVSnvdC1L0Ic0jjdJp2mqDfodMD9nyy2Peu3-xUtCO7h1MdsIo4IBETCCAQ0wHwYDVR0jBBgwFoAUq2Ub4FbCkFPx3X9s5Ie-aN5gyfUwDgYDVR0PAQH_BAQDAgeAMBUGA1UdJQEB_wQLMAkGByiBjF0FAQIwTAYDVR0SBEUwQ4ZBaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cHM6Ly9naXRodWIuY29tL29wZW53YWxsZXQtZm91bmRhdGlvbi1sYWJzL2lkZW50aXR5LWNyZWRlbnRpYWwvY3JsMB0GA1UdDgQWBBQCRuCYeTUJYmQoCo_C6ClJM8vJ2TAKBggqhkjOPQQDAwNnADBkAjB2XfIOM9H1zzOtJlvTgDf7I-AzhMsees2fgaYvzmnSZ0zwOhdNzelgcXFAi9ZmhuECMFdFywsVzSw4a7hYOCa-xSNcQCQP2ASeoFxS6Syb-iNxXAhfJwCakEn4R3RrL_9JqVkFqtgYWQWlpmd2ZXJzaW9uYzEuMG9kaWdlc3RBbGdvcml0aG1nU0hBLTI1Nmdkb2NUeXBld2V1LmV1cm9wYS5lYy5ldWRpLnBpZC4xbHZhbHVlRGlnZXN0c6F3ZXUuZXVyb3BhLmVjLmV1ZGkucGlkLjG4IBgYWCCWlCYeyLWEmp8nP9t_XlqIRRxIxUobSaBmPeYKLxCfrRVYIIGmXTmzXMR9mMnUAKGiZDDPEgBAsNnt_c9xSw1Mh1wfFlggDc3APBVCjuC-FLdl2GAsFYzwiwAquX7HfADMk3z7wE0MWCA-QYZhfqkvLlIm23pkslSk9Wb3EqV--uEY9N7GdoNmMxFYIG-JB9-qxhMi0EdawnwyLOBw-U8K7YgY5aRNFxfWMzBmE1gg46aZNp_RTa7VJ4wN81kb1doL2jfYJsBsM6Ou76OSHUkYHVggHrTFp67MB1PzPZlfkL5QuPstPx10KFols_OVm6usPN8KWCAEPLa6MONnPFcCLXy_opwnzaOnVAt38sQCKB_QDmAtpBBYIBLm-fF2e69GGwO3Jup25VRzRb5VwIBhUPZmpv8HxeyCGBpYIFZJ_fxvsY-BECUACd3OxK93xk-ilgr_Qdtg3ecMdwn6DlggHaPfIpx2KmIQtb8N-fGcmvCcgopLGAgBnn-bkpEyQWwNWCArHV8IQN_t4IPa4I-_ThY6NTC1L10iLue1IvxjuPq_YRgfWCAqI9u-v1c3qsBqDDge3KHnodu54rs3WOsXqMj6Y5LVVRdYIGBdhOzVCy-WamjbOEMJp9xSPNl_Hv21C_OkkM8-EKDoGB5YIE37aBkGmQV80XZqmzXuSzN3FJpT_mC7_gl9Snx1pEUXElggWP7RaHPI_KkivPFLU_lMCnL9xoI4bU_v9LKnBlUkCGgBWCACGGKoHiOx7LrvKfX_FbUYOTK00nmikJYC9X5YEsHPKgdYILkgDLokWDBr8b0hRze0CCBscQoEcIz6hXngFruAF3iVC1ggKuvYCs8APsWKVXsBahoNzsQELBJRT-bkbBZVrva4JA4JWCBoG4Bgeq8RQnytpuul8MKftrZ3rZSZR1YZmEi6kqm9hgNYILT2hQ-aEVMtFp9sNh_tG7TOHRVZIh4e5YbxBvSWB5G4FFggdGb-Dljo6gkvL0PyRVVWK4STTbXNBj8oQb3XIPdFmdgFWCBLeiBKxWD3HJWG97AdLa-L-ahFVvGV_6a1lkX2l0B5YBgcWCBwUTa0tC6XXFjf27K0RVzM_3ar9XTu0KsC74tr18OsRA9YIFf_tSWsGk2Jhu0rK9vldJHoH0YcH0J2Vl0TtuNAHPwxAFgghbuhZyf7Vv5R5LAl7rcZvoHQj_en9FtkdAEjC60VfEcEWCD0iIkiwJhegg8nt2QQLv4WNQC2tj9efgJxV9dqr901YwhYIL7RlSK8y_r1R_GxVqMzH2SPCuiqI9CiZq6y7dVpHZLdGBtYINhc5-KE6QFQmZEEc7mLSYyEr6a-KQ3dpq9YhsLKBWjaBlggXm7T_jmHt9Jni7LM4Kd3t1-m7lBdP5WqubX5Z2nl6usCWCDQGn__ldo6DJiK_4LCTk7EZqpS9LLcC-RoVn4p-hAnVhgZWCCMq9lI60CXgGn3_95-5yyDQ2hFzWBlB9r7I9t0nEKH0G1kZXZpY2VLZXlJbmZvoWlkZXZpY2VLZXmkAQIgASFYIMQqkVk9duGfcYKy112VgkoLkwjU1c3zE6fWgfZA4aaNIlggwgC6nTrJH1XAkFMilJEZo8VdNxCJ8ERNNsImDIA5wF9sdmFsaWRpdHlJbmZvo2ZzaWduZWTAdDIwMjUtMDktMjNUMTA6NDQ6MTBaaXZhbGlkRnJvbcB0MjAyNS0wOS0yM1QxMDo0NDoxMFpqdmFsaWRVbnRpbMB0MjAyNi0wOS0yM1QxMTo0NDoxMFpYQE4aOJSvBtbx7dm9OPKnIIbKWGqErbm-au8rImes1C-XBfeR2SBi7xb3N6glaqZ04etCXfqPgkX5-bGSUOJKYDVsZGV2aWNlU2lnbmVkompuYW1lU3BhY2Vz2BhBoGpkZXZpY2VBdXRooW9kZXZpY2VTaWduYXR1cmWEQ6EBJqD2WEA84IhKZ5hHTQfbXEOaPaNyGU1nSMLldiLigj9K90qYC23szZgMK_adlIl2SZYyMM8Hamlo1aFEi5MqufSGS1wjZnN0YXR1cwA`;
+  const verifier = new Verifier([MULTIPAZ_ISSUER_CERTIFICATE]);
+
+  it('should verify properly', async () => {
+    await verifier.verify(Uint8Array.from(deviceResponse), {
+      encodedSessionTranscript: Uint8Array.from(encodedSessionTranscript)
+    });
+  });
+
+  it('should be able to verify without ephemeralReaderKey and encodedSessionTrasncript', async () => {
+    await verifier.verify(Uint8Array.from(deviceResponse), {
+      onCheck: (verification, original) => {
+        if (verification.category === 'DEVICE_AUTH') {
+          return;
+        }
+        original(verification);
+      },
+    });
+  });
+});

__tests__/issuing/deviceResponse.tests.ts

@@ -126,7 +126,7 @@ describe('issuing a device response', () => {
             });
             throw new Error('should not validate with different transcripts');
           } catch (error) {
-            expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): Device signature must be valid');
+            expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): signature verification failed');
           }
         });
       });
@@ -211,7 +211,7 @@ describe('issuing a device response', () => {
             });
             throw new Error('should not validate with different transcripts');
           } catch (error) {
-            expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): Device signature must be valid');
+            expect(error.message).toMatch('Unable to verify deviceAuth signature (ECDSA/EdDSA): signature verification failed');
           }
         });
       });

__tests__/issuing/deviceResponseWithMac.tests.ts

@@ -1,6 +1,6 @@
 import { randomFillSync } from 'node:crypto';
 import * as jose from 'jose';
-import { COSEKeyFromJWK } from 'cose-kit';
+import { COSEKey } from 'cose-kit';
 import {
   MDoc,
   Document,
@@ -95,8 +95,8 @@ curves.forEach((c) => {
         const readerKeypair = await jose.generateKeyPair(c.alg, c.opts);
         const readerKey = await jose.exportJWK(readerKeypair.privateKey);
         const { d: _1, ...pubKey } = readerKey;
-        readerPrivateKey = COSEKeyFromJWK(readerKey);
-        readerPublicKey = COSEKeyFromJWK(pubKey);
+        readerPrivateKey = COSEKey.fromJWK(readerKey).encode();
+        readerPublicKey = COSEKey.fromJWK(pubKey).encode();
       }
     });
 
@@ -152,7 +152,7 @@ curves.forEach((c) => {
               });
               throw new Error('should not validate with different transcripts');
             } catch (error) {
-              expect(error.message).toMatch('Unable to verify deviceAuth MAC: Device MAC must be valid');
+              expect(error.message).toMatch('Unable to verify deviceAuth MAC: signature verification failed');
             }
           });
         });
@@ -236,7 +236,7 @@ curves.forEach((c) => {
               });
               throw new Error('should not validate with different transcripts');
             } catch (error) {
-              expect(error.message).toMatch('Unable to verify deviceAuth MAC: Device MAC must be valid');
+              expect(error.message).toMatch('Unable to verify deviceAuth MAC: signature verification failed');
             }
           });
         });

__tests__/issuing/issuingMDoc.tests.ts

@@ -1,5 +1,5 @@
 import * as jose from 'jose';
-import { COSEKeyToJWK } from 'cose-kit';
+import { COSEKey } from 'cose-kit';
 import {
   MDoc,
   Document,
@@ -101,7 +101,7 @@ describe('issuing an MDOC', () => {
     const { deviceKeyInfo } = parsedDocument.issuerSigned.issuerAuth.decodedPayload;
     expect(deviceKeyInfo?.deviceKey).toBeDefined();
     const actual = typeof deviceKeyInfo !== 'undefined' &&
-      COSEKeyToJWK(deviceKeyInfo.deviceKey);
+      COSEKey.import(deviceKeyInfo.deviceKey).toJWK();
     expect(actual).toEqual(publicKeyJWK);
   });