Rename convertCOSEECDHAtoPKCS helper

author: Matthew Miller <matthew@millerti.me> 2020-05-19 08:32:41 -0700
committer: Matthew Miller <matthew@millerti.me> 2020-05-19 08:32:41 -0700
commit: b9697f0cfe458530e24524f06c8f6153955b8af2 (patch)
tree: 19957570f380a8b18923e644bdba2b7a4fb2b463 /src
parent: 7bb996683e6ed0b87e4fd33fccf6e0c1d39ff99a (diff)
5 files changed, 46 insertions, 38 deletions
diff --git a/src/attestation/verifications/verifyAndroidSafetyNet.ts b/src/attestation/verifications/verifyAndroidSafetyNet.ts
index b052967..f57b68e 100644
--- a/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -3,7 +3,7 @@ import base64url from 'base64url';
 import { AttestationObject, VerifiedAttestation } from "@types";
 import toHash from "@helpers/toHash";
 import verifySignature from '@helpers/verifySignature';
-import convertCOSEECDHAtoPKCS from '@helpers/convertCOSEECDHAtoPKCS';
+import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
 import getCertificateInfo from '@helpers/getCertificateInfo';
 
 import parseAttestationAuthData from '../parseAttestationAuthData';
@@ -122,7 +122,7 @@ export default function verifyAttestationAndroidSafetyNet(
       throw new Error('No credential ID was provided by authenticator');
     }
 
-    const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+    const publicKey = convertCOSEtoPKCS(COSEPublicKey);
 
     toReturn.authenticatorInfo = {
       fmt,
diff --git a/src/attestation/verifications/verifyFIDOU2F.ts b/src/attestation/verifications/verifyFIDOU2F.ts
index d14ab97..a0f17f5 100644
--- a/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/src/attestation/verifications/verifyFIDOU2F.ts
@@ -2,7 +2,7 @@ import base64url from 'base64url';
 
 import { AttestationObject, VerifiedAttestation } from '@types';
 import toHash from '@helpers/toHash';
-import convertCOSEECDHAtoPKCS from '@helpers/convertCOSEECDHAtoPKCS';
+import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
 import convertASN1toPEM from '@helpers/convertASN1toPEM';
 import verifySignature from '@helpers/verifySignature';
 
@@ -43,7 +43,7 @@ export default function verifyAttestationFIDOU2F(
 
   const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON));
   const reservedByte = Buffer.from([0x00]);
-  const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+  const publicKey = convertCOSEtoPKCS(COSEPublicKey);
 
   const signatureBase = Buffer.concat([
     reservedByte,
diff --git a/src/attestation/verifications/verifyNone.ts b/src/attestation/verifications/verifyNone.ts
index 1eeb895..589d143 100644
--- a/src/attestation/verifications/verifyNone.ts
+++ b/src/attestation/verifications/verifyNone.ts
@@ -1,7 +1,7 @@
 import base64url from 'base64url';
 
 import { AttestationObject, VerifiedAttestation } from "@types";
-import convertCOSEECDHAtoPKCS from "@helpers/convertCOSEECDHAtoPKCS";
+import convertCOSEtoPKCS from "@helpers/convertCOSEtoPKCS";
 
 import parseAttestationAuthData from '../parseAttestationAuthData';
 
@@ -42,7 +42,7 @@ export default function verifyAttestationNone(
     console.warn('The authenticator could not uniquely Verify the user');
   }
 
-  const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+  const publicKey = convertCOSEtoPKCS(COSEPublicKey);
 
   const toReturn: VerifiedAttestation = {
     verified: true,
diff --git a/src/attestation/verifications/verifyPacked.ts b/src/attestation/verifications/verifyPacked.ts
index e4e20de..15ec58d 100644
--- a/src/attestation/verifications/verifyPacked.ts
+++ b/src/attestation/verifications/verifyPacked.ts
@@ -4,7 +4,7 @@ import elliptic from 'elliptic';
 import NodeRSA, { SigningSchemeHash } from 'node-rsa';
 
 import { AttestationObject, VerifiedAttestation } from "@types";
-import convertCOSEECDHAtoPKCS from "@helpers/convertCOSEECDHAtoPKCS";
+import convertCOSEtoPKCS from "@helpers/convertCOSEtoPKCS";
 import toHash from "@helpers/toHash";
 import convertASN1toPEM from '@helpers/convertASN1toPEM';
 import getCertificateInfo from '@helpers/getCertificateInfo';
@@ -43,7 +43,7 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
   ]);
 
   const toReturn: VerifiedAttestation = { verified: false };
-  const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+  const publicKey = convertCOSEtoPKCS(COSEPublicKey);
 
   if (x5c) {
     console.log('FULL Attestation');
@@ -89,12 +89,10 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
   } else {
     console.log('SELF Attestation');
 
-    const publicKeyCOSE: Map<COSEAlgorithmIdentifier, number | Buffer> = cbor.decodeAllSync(COSEPublicKey)[0];
+    const cosePublicKey: COSEPublicKey = cbor.decodeAllSync(COSEPublicKey)[0];
 
-    const kty = publicKeyCOSE.get(COSEKEYS.kty);
-    const alg = publicKeyCOSE.get(COSEKEYS.alg);
-    const x = publicKeyCOSE.get(COSEKEYS.x);
-    const y = publicKeyCOSE.get(COSEKEYS.y);
+    const kty = cosePublicKey.get(COSEKEYS.kty);
+    const alg = cosePublicKey.get(COSEKEYS.alg);
 
     if (!alg) {
       throw new Error('COSE public key was missing alg');
@@ -104,44 +102,31 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
       throw new Error('COSE public key was missing kty');
     }
 
-    if (!x) {
-      throw new Error('COSE public key was missing x');
-    }
-
-    if (!y) {
-      throw new Error('COSE public key was missing y');
-    }
-
     const hashAlg: string = COSEALGHASH[(alg as number)];
 
     if (kty === COSEKTY.EC2) {
       console.log('EC2');
 
-      const crv = publicKeyCOSE.get(COSEKEYS.crv);
+      const crv = cosePublicKey.get(COSEKEYS.crv);
 
       if (!crv) {
         throw new Error('COSE public key was missing kty crv');
       }
 
-      const ansiKey = Buffer.concat([
-        Buffer.from([0x04]),
-        (x as Buffer),
-        (y as Buffer),
-      ]);
-
+      const pkcsPublicKey = convertCOSEtoPKCS(cosePublicKey);
       const signatureBaseHash = toHash(signatureBase, hashAlg);
 
       const ec = new elliptic.ec(COSECRV[(crv as number)]);
-      const key = ec.keyFromPublic(ansiKey);
+      const key = ec.keyFromPublic(pkcsPublicKey);
 
       toReturn.verified = key.verify(signatureBaseHash, sig);
     } else if (kty === COSEKTY.RSA) {
       console.log('RSA');
 
-      const n = publicKeyCOSE.get(COSEKEYS.n);
+      const n = cosePublicKey.get(COSEKEYS.n);
 
       if (!n) {
-        throw new Error('COSE public key was missing kty n');
+        throw new Error('COSE public key was missing n');
       }
 
       const signingScheme = COSERSASCHEME[alg as number];
@@ -158,6 +143,12 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
     } else if (kty === COSEKTY.OKP) {
       console.log('OKP');
 
+      const x = cosePublicKey.get(COSEKEYS.x);
+
+      if (!x) {
+        throw new Error('COSE public key was missing x');
+      }
+
       const signatureBaseHash = toHash(signatureBase, hashAlg);
 
       const key = new elliptic.eddsa('ed25519');
diff --git a/src/helpers/convertCOSEECDHAtoPKCS.ts b/src/helpers/convertCOSEtoPKCS.ts
index 725a346..9098aae 100644
--- a/src/helpers/convertCOSEECDHAtoPKCS.ts
+++ b/src/helpers/convertCOSEtoPKCS.ts
@@ -1,11 +1,14 @@
 import cbor from 'cbor';
 
+import { COSEKEYS, COSEPublicKey } from '@types';
+
 /**
- * Takes COSE encoded public key and converts it to RAW PKCS ECDHA key
- * @param COSEPublicKey COSE-encoded public key
+ * Takes COSE-encoded public key and converts it to PKCS key
+ *
+ * @param cosePublicKey COSE-encoded public key
  * @return RAW PKCS encoded public key
  */
-export default function COSEECDHAtoPKCS(COSEPublicKey: Buffer) {
+export default function convertCOSEtoPKCS(cosePublicKey: Buffer | COSEPublicKey) {
   /*
     +------+-------+-------+---------+----------------------------------+
     | name | key   | label | type    | description                      |
@@ -22,11 +25,25 @@ export default function COSEECDHAtoPKCS(COSEPublicKey: Buffer) {
     | d    | 2     | -4    | bstr    | Private key                      |
     +------+-------+-------+---------+----------------------------------+
   */
+ let struct: COSEPublicKey;
+ if (cosePublicKey instanceof Buffer) {
+   struct = cbor.decodeFirstSync(cosePublicKey);
+ } else {
+   struct = cosePublicKey;
+ }
 
-  const coseStruct = cbor.decodeAllSync(COSEPublicKey)[0];
   const tag = Buffer.from([0x04]);
-  const x = coseStruct.get(-2);
-  const y = coseStruct.get(-3);
+  const x = struct.get(COSEKEYS.x);
+  const y = struct.get(COSEKEYS.y);
+
+
+  if (!x) {
+    throw new Error('COSE public key was missing x');
+  }
+
+  if (!y) {
+    throw new Error('COSE public key was missing y');
+  }
 
-  return Buffer.concat([tag, x, y]);
+  return Buffer.concat([tag, (x as Buffer), (y as Buffer)]);
 }
author	Matthew Miller <matthew@millerti.me>	2020-05-19 08:32:41 -0700
committer	Matthew Miller <matthew@millerti.me>	2020-05-19 08:32:41 -0700
commit	b9697f0cfe458530e24524f06c8f6153955b8af2 (patch)
tree	19957570f380a8b18923e644bdba2b7a4fb2b463 /src
parent	7bb996683e6ed0b87e4fd33fccf6e0c1d39ff99a (diff)