Merge pull request #134 from MasterKale/feat/improved-buffer-slicing

feat/improved-buffer-slicing

3 files changed, 35 insertions, 65 deletions

diff --git a/packages/server/src/attestation/verifications/tpm/parseCertInfo.ts b/packages/server/src/attestation/verifications/tpm/parseCertInfo.ts
index e7c9225..1ac391e 100644
--- a/packages/server/src/attestation/verifications/tpm/parseCertInfo.ts
+++ b/packages/server/src/attestation/verifications/tpm/parseCertInfo.ts
@@ -4,32 +4,25 @@ import { TPM_ST, TPM_ALG } from './constants';
  * Cut up a TPM attestation's certInfo into intelligible chunks
  */
 export default function parseCertInfo(certInfo: Buffer): ParsedCertInfo {
-  let certBuffer = certInfo;
+  let pointer = 0;
 
   // Get a magic constant
-  const magic = certBuffer.slice(0, 4).readUInt32BE(0);
-  certBuffer = certBuffer.slice(4);
+  const magic = certInfo.slice(pointer, (pointer += 4)).readUInt32BE(0);
 
   // Determine the algorithm used for attestation
-  const typeBuffer = certBuffer.slice(0, 2);
-  certBuffer = certBuffer.slice(2);
+  const typeBuffer = certInfo.slice(pointer, (pointer += 2));
   const type = TPM_ST[typeBuffer.readUInt16BE(0)];
 
   // The name of a parent entity, can be ignored
-  const qualifiedSignerLength = certBuffer.slice(0, 2).readUInt16BE(0);
-  certBuffer = certBuffer.slice(2);
-  const qualifiedSigner = certBuffer.slice(0, qualifiedSignerLength);
-  certBuffer = certBuffer.slice(qualifiedSignerLength);
+  const qualifiedSignerLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const qualifiedSigner = certInfo.slice(pointer, (pointer += qualifiedSignerLength));
 
   // Get the expected hash of `attsToBeSigned`
-  const extraDataLength = certBuffer.slice(0, 2).readUInt16BE(0);
-  certBuffer = certBuffer.slice(2);
-  const extraData = certBuffer.slice(0, extraDataLength);
-  certBuffer = certBuffer.slice(extraDataLength);
+  const extraDataLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const extraData = certInfo.slice(pointer, (pointer += extraDataLength));
 
   // Information about the TPM device's internal clock, can be ignored
-  const clockInfoBuffer = certBuffer.slice(0, 17);
-  certBuffer = certBuffer.slice(17);
+  const clockInfoBuffer = certInfo.slice(pointer, (pointer += 17));
   const clockInfo = {
     clock: clockInfoBuffer.slice(0, 8),
     resetCount: clockInfoBuffer.slice(8, 12).readUInt32BE(0),
@@ -38,20 +31,15 @@ export default function parseCertInfo(certInfo: Buffer): ParsedCertInfo {
   };
 
   // TPM device firmware version
-  const firmwareVersion = certBuffer.slice(0, 8);
-  certBuffer = certBuffer.slice(8);
+  const firmwareVersion = certInfo.slice(pointer, (pointer += 8));
 
   // Attested Name
-  const attestedNameLength = certBuffer.slice(0, 2).readUInt16BE(0);
-  certBuffer = certBuffer.slice(2);
-  const attestedName = certBuffer.slice(0, attestedNameLength);
-  certBuffer = certBuffer.slice(attestedNameLength);
+  const attestedNameLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const attestedName = certInfo.slice(pointer, (pointer += attestedNameLength));
 
   // Attested qualified name, can be ignored
-  const qualifiedNameLength = certBuffer.slice(0, 2).readUInt16BE(0);
-  certBuffer = certBuffer.slice(2);
-  const qualifiedName = certBuffer.slice(0, qualifiedNameLength);
-  certBuffer = certBuffer.slice(qualifiedNameLength);
+  const qualifiedNameLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const qualifiedName = certInfo.slice(pointer, (pointer += qualifiedNameLength));
 
   const attested = {
     nameAlg: TPM_ALG[attestedName.slice(0, 2).readUInt16BE(0)],
diff --git a/packages/server/src/attestation/verifications/tpm/parsePubArea.ts b/packages/server/src/attestation/verifications/tpm/parsePubArea.ts
index a9ee374..5f0d63b 100644
--- a/packages/server/src/attestation/verifications/tpm/parsePubArea.ts
+++ b/packages/server/src/attestation/verifications/tpm/parsePubArea.ts
@@ -4,19 +4,16 @@ import { TPM_ALG, TPM_ECC_CURVE } from './constants';
  * Break apart a TPM attestation's pubArea buffer
  */
 export default function parsePubArea(pubArea: Buffer): ParsedPubArea {
-  let pubBuffer: Buffer = pubArea;
+  let pointer = 0;
 
-  const typeBuffer = pubBuffer.slice(0, 2);
-  pubBuffer = pubBuffer.slice(2);
+  const typeBuffer = pubArea.slice(pointer, (pointer += 2));
   const type = TPM_ALG[typeBuffer.readUInt16BE(0)];
 
-  const nameAlgBuffer = pubBuffer.slice(0, 2);
-  pubBuffer = pubBuffer.slice(2);
+  const nameAlgBuffer = pubArea.slice(pointer, (pointer += 2));
   const nameAlg = TPM_ALG[nameAlgBuffer.readUInt16BE(0)];
 
   // Get some authenticator attributes(?)
-  const objectAttributesInt = pubBuffer.slice(0, 4).readUInt32BE(0);
-  pubBuffer = pubBuffer.slice(4);
+  const objectAttributesInt = pubArea.slice(pointer, (pointer += 4)).readUInt32BE(0);
   const objectAttributes = {
     fixedTPM: !!(objectAttributesInt & 1),
     stClear: !!(objectAttributesInt & 2),
@@ -32,16 +29,13 @@ export default function parsePubArea(pubArea: Buffer): ParsedPubArea {
   };
 
   // Slice out the authPolicy of dynamic length
-  const authPolicyLength = pubBuffer.slice(0, 2).readUInt16BE(0);
-  pubBuffer = pubBuffer.slice(2);
-  const authPolicy = pubBuffer.slice(0, authPolicyLength);
-  pubBuffer = pubBuffer.slice(authPolicyLength);
+  const authPolicyLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const authPolicy = pubArea.slice(pointer, (pointer += authPolicyLength));
 
   // Extract additional curve params according to type
   const parameters: { rsa?: RSAParameters; ecc?: ECCParameters } = {};
   if (type === 'TPM_ALG_RSA') {
-    const rsaBuffer = pubBuffer.slice(0, 10);
-    pubBuffer = pubBuffer.slice(10);
+    const rsaBuffer = pubArea.slice(pointer, (pointer += 10));
 
     parameters.rsa = {
       symmetric: TPM_ALG[rsaBuffer.slice(0, 2).readUInt16BE(0)],
@@ -50,8 +44,7 @@ export default function parsePubArea(pubArea: Buffer): ParsedPubArea {
       exponent: rsaBuffer.slice(6, 10).readUInt32BE(0),
     };
   } else if (type === 'TPM_ALG_ECC') {
-    const eccBuffer = pubBuffer.slice(0, 8);
-    pubBuffer = pubBuffer.slice(8);
+    const eccBuffer = pubArea.slice(pointer, (pointer += 8));
 
     parameters.ecc = {
       symmetric: TPM_ALG[eccBuffer.slice(0, 2).readUInt16BE(0)],
@@ -64,10 +57,8 @@ export default function parsePubArea(pubArea: Buffer): ParsedPubArea {
   }
 
   // Slice out unique of dynamic length
-  const uniqueLength = pubBuffer.slice(0, 2).readUInt16BE(0);
-  pubBuffer = pubBuffer.slice(2);
-  const unique = pubBuffer.slice(0, uniqueLength);
-  pubBuffer = pubBuffer.slice(uniqueLength);
+  const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
+  const unique = pubArea.slice(pointer, (pointer += uniqueLength));
 
   return {
     type,
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index cce6756..9b13195 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -11,14 +11,11 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
     );
   }
 
-  let intBuffer = authData;
+  let pointer = 0;
 
-  const rpIdHash = intBuffer.slice(0, 32);
-  intBuffer = intBuffer.slice(32);
-
-  const flagsBuf = intBuffer.slice(0, 1);
-  intBuffer = intBuffer.slice(1);
+  const rpIdHash = authData.slice(pointer, (pointer += 32));
 
+  const flagsBuf = authData.slice(pointer, (pointer += 1));
   const flagsInt = flagsBuf[0];
 
   const flags = {
@@ -29,9 +26,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
     flagsInt,
   };
 
-  const counterBuf = intBuffer.slice(0, 4);
-  intBuffer = intBuffer.slice(4);
-
+  const counterBuf = authData.slice(pointer, (pointer += 4));
   const counter = counterBuf.readUInt32BE(0);
 
   let aaguid: Buffer | undefined = undefined;
@@ -39,33 +34,29 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
   let credentialPublicKey: Buffer | undefined = undefined;
 
   if (flags.at) {
-    aaguid = intBuffer.slice(0, 16);
-    intBuffer = intBuffer.slice(16);
-
-    const credIDLenBuf = intBuffer.slice(0, 2);
-    intBuffer = intBuffer.slice(2);
+    aaguid = authData.slice(pointer, (pointer += 16));
 
+    const credIDLenBuf = authData.slice(pointer, (pointer += 2));
     const credIDLen = credIDLenBuf.readUInt16BE(0);
 
-    credentialID = intBuffer.slice(0, credIDLen);
-    intBuffer = intBuffer.slice(credIDLen);
+    credentialID = authData.slice(pointer, (pointer += credIDLen));
 
     // Decode the next CBOR item in the buffer, then re-encode it back to a Buffer
-    const firstDecoded = decodeCborFirst(intBuffer);
+    const firstDecoded = decodeCborFirst(authData.slice(pointer));
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer);
     credentialPublicKey = firstEncoded;
-    intBuffer = intBuffer.slice(firstEncoded.byteLength);
+    authData = authData.slice((pointer += firstEncoded.byteLength));
   }
 
   let extensionsDataBuffer: Buffer | undefined = undefined;
   if (flags.ed) {
-    const firstDecoded = decodeCborFirst(intBuffer);
+    const firstDecoded = decodeCborFirst(authData);
     const firstEncoded = Buffer.from(cbor.encode(firstDecoded) as ArrayBuffer);
     extensionsDataBuffer = firstEncoded;
-    intBuffer = intBuffer.slice(firstEncoded.byteLength);
+    authData = authData.slice((pointer += firstEncoded.byteLength));
   }
 
-  if (intBuffer.byteLength > 0) {
+  if (authData.byteLength > pointer) {
     throw new Error('Leftover bytes detected while parsing authenticator data');
   }