diff options
| author | Matthew Miller <matthew@millerti.me> | 2023-10-25 20:48:08 -0700 |
|---|---|---|
| committer | Matthew Miller <matthew@millerti.me> | 2023-10-25 20:48:08 -0700 |
| commit | 56a8ae74d11e062dc98cc3399e632795d6aa4a2c (patch) | |
| tree | dcbfa471dd564ed7ae7868f1cda16c8d1f16e5ac /packages/server/src/helpers/parseAuthenticatorData.ts | |
| parent | 48dffd2e55b2dd5a628bbaf652b118a9bb939144 (diff) | |
Restore flipped bit after handling bad CBOR
Diffstat (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts')
| -rw-r--r-- | packages/server/src/helpers/parseAuthenticatorData.ts | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index 28bd469..18ce93d 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -65,8 +65,10 @@ export function parseAuthenticatorData( // Bytes decode to `{ 1: "OKP", 3: -8, -1: "Ed25519" }` (it's missing key -2 a.k.a. COSEKEYS.x) const badEdDSACBOR = isoUint8Array.fromHex('a301634f4b500327206745643235353139'); const bytesAtCurrentPosition = authData.slice(pointer, pointer + badEdDSACBOR.byteLength); + let foundBadCBOR = false; if (isoUint8Array.areEqual(badEdDSACBOR, bytesAtCurrentPosition)) { // Change the bad CBOR 0xa3 to 0xa4 so that the credential public key can be recognized + foundBadCBOR = true; authData[pointer] = 0xa4; } @@ -76,6 +78,12 @@ export function parseAuthenticatorData( ); const firstEncoded = Uint8Array.from(isoCBOR.encode(firstDecoded)); + if (foundBadCBOR) { + // Restore the bit we changed so that `authData` is the same as it came in and won't break + // signature verification. + authData[pointer] = 0xa3; + } + credentialPublicKey = firstEncoded; pointer += firstEncoded.byteLength; } |