Restore flipped bit after handling bad CBOR

author: Matthew Miller <matthew@millerti.me> 2023-10-25 20:48:08 -0700
committer: Matthew Miller <matthew@millerti.me> 2023-10-25 20:48:08 -0700
commit: 56a8ae74d11e062dc98cc3399e632795d6aa4a2c (patch)
tree: dcbfa471dd564ed7ae7868f1cda16c8d1f16e5ac /packages/server/src
parent: 48dffd2e55b2dd5a628bbaf652b118a9bb939144 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 28bd469..18ce93d 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -65,8 +65,10 @@ export function parseAuthenticatorData(
     // Bytes decode to `{ 1: "OKP", 3: -8, -1: "Ed25519" }` (it's missing key -2 a.k.a. COSEKEYS.x)
     const badEdDSACBOR = isoUint8Array.fromHex('a301634f4b500327206745643235353139');
     const bytesAtCurrentPosition = authData.slice(pointer, pointer + badEdDSACBOR.byteLength);
+    let foundBadCBOR = false;
     if (isoUint8Array.areEqual(badEdDSACBOR, bytesAtCurrentPosition)) {
       // Change the bad CBOR 0xa3 to 0xa4 so that the credential public key can be recognized
+      foundBadCBOR = true;
       authData[pointer] = 0xa4;
     }
 
@@ -76,6 +78,12 @@ export function parseAuthenticatorData(
     );
     const firstEncoded = Uint8Array.from(isoCBOR.encode(firstDecoded));
 
+    if (foundBadCBOR) {
+      // Restore the bit we changed so that `authData` is the same as it came in and won't break
+      // signature verification.
+      authData[pointer] = 0xa3;
+    }
+
     credentialPublicKey = firstEncoded;
     pointer += firstEncoded.byteLength;
   }
author	Matthew Miller <matthew@millerti.me>	2023-10-25 20:48:08 -0700
committer	Matthew Miller <matthew@millerti.me>	2023-10-25 20:48:08 -0700
commit	56a8ae74d11e062dc98cc3399e632795d6aa4a2c (patch)
tree	dcbfa471dd564ed7ae7868f1cda16c8d1f16e5ac /packages/server/src
parent	48dffd2e55b2dd5a628bbaf652b118a9bb939144 (diff)