sign method
Asks the authenticator to sign data (typically blake2b(intent_message),
passed as the WebAuthn challenge) and returns the BCS-encoded
PasskeyAuthenticator (without the outer scheme flag).
Implementation
Future<Uint8List> sign(Uint8List data) async {
final credential = await _provider.get(data, _credentialId);
final clientDataJsonString = utf8.decode(credential.clientDataJson);
final (r, s) = _decodeDerEcdsaSignature(credential.signature);
var ecSig = ECSignature(r, s);
if (!ecSig.isNormalized(curve256r1Params)) {
ecSig = ecSig.normalize(curve256r1Params);
}
final normalized = SignatureData(ecSig.r, ecSig.s).toBytes();
// userSignature is a serialized secp256r1 signature: flag || sig(64) || pk(33).
final userSignature = Uint8List(1 + normalized.length + _publicKey.length);
userSignature[0] = SIGNATURE_SCHEME_TO_FLAG.Secp256r1;
userSignature.setAll(1, normalized);
userSignature.setAll(1 + normalized.length, _publicKey);
return SuiBcs.PasskeyAuthenticator.serialize({
'authenticatorData': credential.authenticatorData,
'clientDataJson': clientDataJsonString,
'userSignature': userSignature,
}).toBytes();
}