diff options
13 files changed, 139 insertions, 155 deletions
diff --git a/packages/server/src/helpers/convertCOSEtoPKCS.test.ts b/packages/server/src/helpers/convertCOSEtoPKCS.test.ts index db760d7..761382f 100644 --- a/packages/server/src/helpers/convertCOSEtoPKCS.test.ts +++ b/packages/server/src/helpers/convertCOSEtoPKCS.test.ts @@ -1,6 +1,7 @@ import { isoCBOR } from './iso'; -import { convertCOSEtoPKCS, COSEKEYS } from './convertCOSEtoPKCS'; +import { convertCOSEtoPKCS } from './convertCOSEtoPKCS'; +import { COSEKEYS } from './cose'; test('should throw an error curve if, somehow, curve coordinate x is missing', () => { const mockCOSEKey = new Map<number, number | Buffer>(); diff --git a/packages/server/src/helpers/convertCOSEtoPKCS.ts b/packages/server/src/helpers/convertCOSEtoPKCS.ts index d388d98..761fae6 100644 --- a/packages/server/src/helpers/convertCOSEtoPKCS.ts +++ b/packages/server/src/helpers/convertCOSEtoPKCS.ts @@ -1,4 +1,5 @@ import { isoCBOR, isoUint8Array } from './iso'; +import { COSEPublicKeyEC2, COSEKEYS } from './cose'; /** * Takes COSE-encoded public key and converts it to PKCS key @@ -23,146 +24,3 @@ export function convertCOSEtoPKCS(cosePublicKey: Uint8Array): Uint8Array { return isoUint8Array.concat([tag, x]); } - -/** - * Fundamental values that are needed to discern the more specific COSE public key types below - */ -export type COSEPublicKey = { - // Getters - get(key: COSEKEYS.kty): COSEKTY | undefined; - get(key: COSEKEYS.alg): COSEALG | undefined; - // Setters - set(key: COSEKEYS.kty, value: COSEKTY): void; - set(key: COSEKEYS.alg, value: COSEALG): void; -}; - -export type COSEPublicKeyOKP = COSEPublicKey & { - // Getters - get(key: COSEKEYS.x): Uint8Array | undefined; - // Setters - set(key: COSEKEYS.x, value: Uint8Array): void; -}; - -export type COSEPublicKeyEC2 = COSEPublicKey & { - // Getters - get(key: COSEKEYS.crv): number | undefined; - get(key: COSEKEYS.x): Uint8Array | undefined; - get(key: COSEKEYS.y): Uint8Array | undefined; - // Setters - set(key: COSEKEYS.crv, value: number): void; - set(key: COSEKEYS.x, value: Uint8Array): void; - set(key: COSEKEYS.y, value: Uint8Array): void; -}; - -export type COSEPublicKeyRSA = COSEPublicKey & { - // Getters - get(key: COSEKEYS.n): Uint8Array | undefined; - get(key: COSEKEYS.e): Uint8Array | undefined; - // Setters - set(key: COSEKEYS.n, value: Uint8Array): void; - set(key: COSEKEYS.e, value: Uint8Array): void; -}; - -export function isCOSEPublicKeyOKP(publicKey: COSEPublicKey): publicKey is COSEPublicKeyOKP { - return publicKey.get(COSEKEYS.kty) === COSEKTY.OKP; -} - -export function isCOSEPublicKeyEC2(publicKey: COSEPublicKey): publicKey is COSEPublicKeyEC2 { - return publicKey.get(COSEKEYS.kty) === COSEKTY.EC2; -} - -export function isCOSEPublicKeyRSA(publicKey: COSEPublicKey): publicKey is COSEPublicKeyRSA { - return publicKey.get(COSEKEYS.kty) === COSEKTY.RSA; -} - -export enum COSEKEYS { - kty = 1, - alg = 3, - crv = -1, - x = -2, - y = -3, - n = -1, - e = -2, -} - -export enum COSEKTY { - OKP = 1, - EC2 = 2, - RSA = 3, -} - -export enum COSECRV { - P256 = 1, - P384 = 2, - P521 = 3, - ED25519 = 6, -} - -export const coseAlgs = [-65535, -259, -258, -257, -47, -39, -38, -37, -36, -35, -8, -7] as const; -export type COSEALG = typeof coseAlgs[number]; -/** - * Ensure that a number is a valid COSE algorithm ID - */ -export function isCOSEAlg(alg: number): alg is COSEALG { - return coseAlgs.indexOf(alg as COSEALG) >= 0; -} - -export const COSERSASCHEME: { [key: string]: SigningSchemeHash } = { - '-3': 'pss-sha256', - '-39': 'pss-sha512', - '-38': 'pss-sha384', - '-65535': 'pkcs1-sha1', - '-257': 'pkcs1-sha256', - '-258': 'pkcs1-sha384', - '-259': 'pkcs1-sha512', -}; - -// See https://w3c.github.io/webauthn/#sctn-alg-identifier -export const coseCRV: { [key: number]: string } = { - // alg: -7 - 1: 'p256', - // alg: -35 - 2: 'p384', - // alg: -36 - 3: 'p521', - // alg: -8 - 6: 'ed25519', -}; - -export const coseAlgSHAHashMap: { [K in COSEALG]: string } = { - '-65535': 'sha1', - '-259': 'sha512', - '-258': 'sha384', - '-257': 'sha256', - '-47': 'sha256', - '-39': 'sha512', - '-38': 'sha384', - '-37': 'sha256', - '-36': 'sha512', - '-35': 'sha384', - '-8': 'sha512', - '-7': 'sha256', -}; - -/** - * Imported from node-rsa's types - */ -type SigningSchemeHash = - | 'pkcs1-ripemd160' - | 'pkcs1-md4' - | 'pkcs1-md5' - | 'pkcs1-sha' - | 'pkcs1-sha1' - | 'pkcs1-sha224' - | 'pkcs1-sha256' - | 'pkcs1-sha384' - | 'pkcs1-sha512' - | 'pss-ripemd160' - | 'pss-md4' - | 'pss-md5' - | 'pss-sha' - | 'pss-sha1' - | 'pss-sha224' - | 'pss-sha256' - | 'pss-sha384' - | 'pss-sha512'; diff --git a/packages/server/src/helpers/cose.ts b/packages/server/src/helpers/cose.ts new file mode 100644 index 0000000..d9863ee --- /dev/null +++ b/packages/server/src/helpers/cose.ts @@ -0,0 +1,124 @@ +/** + * Fundamental values that are needed to discern the more specific COSE public key types below + */ + export type COSEPublicKey = { + // Getters + get(key: COSEKEYS.kty): COSEKTY | undefined; + get(key: COSEKEYS.alg): COSEALG | undefined; + // Setters + set(key: COSEKEYS.kty, value: COSEKTY): void; + set(key: COSEKEYS.alg, value: COSEALG): void; +}; + +export type COSEPublicKeyOKP = COSEPublicKey & { + // Getters + get(key: COSEKEYS.x): Uint8Array | undefined; + // Setters + set(key: COSEKEYS.x, value: Uint8Array): void; +}; + +export type COSEPublicKeyEC2 = COSEPublicKey & { + // Getters + get(key: COSEKEYS.crv): number | undefined; + get(key: COSEKEYS.x): Uint8Array | undefined; + get(key: COSEKEYS.y): Uint8Array | undefined; + // Setters + set(key: COSEKEYS.crv, value: number): void; + set(key: COSEKEYS.x, value: Uint8Array): void; + set(key: COSEKEYS.y, value: Uint8Array): void; +}; + +export type COSEPublicKeyRSA = COSEPublicKey & { + // Getters + get(key: COSEKEYS.n): Uint8Array | undefined; + get(key: COSEKEYS.e): Uint8Array | undefined; + // Setters + set(key: COSEKEYS.n, value: Uint8Array): void; + set(key: COSEKEYS.e, value: Uint8Array): void; +}; + +export function isCOSEPublicKeyOKP(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyOKP { + const kty = cosePublicKey.get(COSEKEYS.kty); + return isCOSEKty(kty) && kty === COSEKTY.OKP; +} + +export function isCOSEPublicKeyEC2(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyEC2 { + const kty = cosePublicKey.get(COSEKEYS.kty); + return isCOSEKty(kty) && kty === COSEKTY.EC2; +} + +export function isCOSEPublicKeyRSA(cosePublicKey: COSEPublicKey): cosePublicKey is COSEPublicKeyRSA { + const kty = cosePublicKey.get(COSEKEYS.kty); + return isCOSEKty(kty) && kty === COSEKTY.RSA; +} + +/** + * COSE Keys + * + * https://www.iana.org/assignments/cose/cose.xhtml#key-common-parameters + * https://www.iana.org/assignments/cose/cose.xhtml#key-type-parameters + */ +export enum COSEKEYS { + kty = 1, + alg = 3, + crv = -1, + x = -2, + y = -3, + n = -1, + e = -2, +} + +/** + * COSE Key Types + * + * https://www.iana.org/assignments/cose/cose.xhtml#key-type + */ +export enum COSEKTY { + OKP = 1, + EC2 = 2, + RSA = 3, +} + +export function isCOSEKty(kty: number | undefined): kty is COSEKTY { + return Object.values(COSEKTY).indexOf(kty as COSEKTY) >= 0; +} + +/** + * COSE Curves + * + * https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves + */ +export enum COSECRV { + P256 = 1, + P384 = 2, + P521 = 3, + ED25519 = 6, +} + +export function isCOSECrv(crv: number | undefined): crv is COSECRV { + return Object.values(COSECRV).indexOf(crv as COSECRV) >= 0; +} + +/** + * COSE Algorithms + * + * https://www.iana.org/assignments/cose/cose.xhtml#algorithms + */ +export enum COSEALG { + ES256 = -7, + EdDSA = -8, + ES384 = -35, + ES512 = -36, + PS256 = -37, + PS384 = -38, + PS512 = -39, + ES256K = -47, + RS256 = -257, + RS384 = -258, + RS512 = -259, + RS1 = -65535, +} + +export function isCOSEAlg(alg: number | undefined): alg is COSEALG { + return Object.values(COSEALG).indexOf(alg as COSEALG) >= 0; +} diff --git a/packages/server/src/helpers/decodeCredentialPublicKey.ts b/packages/server/src/helpers/decodeCredentialPublicKey.ts index a2f8e55..32f4199 100644 --- a/packages/server/src/helpers/decodeCredentialPublicKey.ts +++ b/packages/server/src/helpers/decodeCredentialPublicKey.ts @@ -1,4 +1,4 @@ -import { COSEPublicKey } from './convertCOSEtoPKCS'; +import { COSEPublicKey } from './cose'; import { isoCBOR } from './iso'; export function decodeCredentialPublicKey(publicKey: Uint8Array): COSEPublicKey { diff --git a/packages/server/src/helpers/index.ts b/packages/server/src/helpers/index.ts index 643b417..7bc9031 100644 --- a/packages/server/src/helpers/index.ts +++ b/packages/server/src/helpers/index.ts @@ -1,6 +1,6 @@ import { convertAAGUIDToString } from './convertAAGUIDToString'; import { convertCertBufferToPEM } from './convertCertBufferToPEM'; -import { convertCOSEtoPKCS } from './convertCOSEtoPKCS'; +import { convertCOSEtoPKCS } from './cose'; import { convertPublicKeyToPEM } from './convertPublicKeyToPEM'; import { decodeAttestationObject } from './decodeAttestationObject'; import { decodeClientDataJSON } from './decodeClientDataJSON'; @@ -41,7 +41,7 @@ import type { } from './decodeAttestationObject'; import type { CertificateInfo } from './getCertificateInfo'; import type { ClientDataJSON } from './decodeClientDataJSON'; -import type { COSEPublicKey } from './convertCOSEtoPKCS'; +import type { COSEPublicKey } from './cose'; import type { ParsedAuthenticatorData } from './parseAuthenticatorData'; export type { diff --git a/packages/server/src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts b/packages/server/src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts index 6f4c661..78876f8 100644 --- a/packages/server/src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts +++ b/packages/server/src/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.ts @@ -1,5 +1,5 @@ import { SubtleCryptoAlg } from "./structs"; -import { COSEALG } from "../../convertCOSEtoPKCS"; +import { COSEALG } from "../../cose"; /** diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts index bcc552d..4e3bb0b 100644 --- a/packages/server/src/helpers/parseAuthenticatorData.ts +++ b/packages/server/src/helpers/parseAuthenticatorData.ts @@ -3,7 +3,7 @@ import { AuthenticationExtensionsAuthenticatorOutputs, } from './decodeAuthenticatorExtensions'; import { isoCBOR, isoUint8Array } from './iso'; -import { COSEPublicKey } from './convertCOSEtoPKCS'; +import { COSEPublicKey } from './cose'; /** * Make sense of the authData buffer contained in an Attestation diff --git a/packages/server/src/metadata/verifyAttestationWithMetadata.ts b/packages/server/src/metadata/verifyAttestationWithMetadata.ts index 80a0142..dea3417 100644 --- a/packages/server/src/metadata/verifyAttestationWithMetadata.ts +++ b/packages/server/src/metadata/verifyAttestationWithMetadata.ts @@ -4,7 +4,7 @@ import type { MetadataStatement, AlgSign } from '../metadata/mdsTypes'; import { convertCertBufferToPEM } from '../helpers/convertCertBufferToPEM'; import { validateCertificatePath } from '../helpers/validateCertificatePath'; import { decodeCredentialPublicKey } from '../helpers/decodeCredentialPublicKey'; -import { COSEALG, COSECRV, COSEKEYS, COSEKTY, COSEPublicKeyEC2, isCOSEPublicKeyEC2 } from '../helpers/convertCOSEtoPKCS'; +import { COSEALG, COSECRV, COSEKEYS, COSEKTY, COSEPublicKeyEC2, isCOSEPublicKeyEC2 } from '../helpers/cose'; /** * Match properties of the authenticator's attestation statement against expected values as diff --git a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts index 283e417..3fe5f24 100644 --- a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts +++ b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts @@ -11,7 +11,7 @@ import { import type { AttestationFormatVerifierOpts } from '../../verifyRegistrationResponse'; import { decodeCredentialPublicKey } from '../../../helpers/decodeCredentialPublicKey'; -import { COSEKEYS, coseAlgSHAHashMap, isCOSEAlg, isCOSEPublicKeyEC2, isCOSEPublicKeyRSA } from '../../../helpers/convertCOSEtoPKCS'; +import { COSEKEYS, isCOSEAlg, COSEKTY, isCOSEPublicKeyRSA, isCOSEPublicKeyEC2, COSEALG } from '../../../helpers/cose'; import { toHash } from '../../../helpers/toHash'; import { convertCertBufferToPEM } from '../../../helpers/convertCertBufferToPEM'; import { validateCertificatePath } from '../../../helpers/validateCertificatePath'; diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts index 57dd921..cceedb8 100644 --- a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts +++ b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts @@ -7,7 +7,8 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons import { convertCertBufferToPEM } from '../../helpers/convertCertBufferToPEM'; import { validateCertificatePath } from '../../helpers/validateCertificatePath'; import { verifySignature } from '../../helpers/verifySignature'; -import { coseAlgSHAHashMap, convertCOSEtoPKCS, isCOSEAlg } from '../../helpers/convertCOSEtoPKCS'; +import { convertCOSEtoPKCS } from '../../helpers/convertCOSEtoPKCS'; +import { isCOSEAlg } from '../../helpers/cose'; import { isoUint8Array } from '../../helpers/iso'; import { MetadataService } from '../../services/metadataService'; import { verifyAttestationWithMetadata } from '../../metadata/verifyAttestationWithMetadata'; diff --git a/packages/server/src/registration/verifications/verifyAttestationPacked.ts b/packages/server/src/registration/verifications/verifyAttestationPacked.ts index 85c2e8c..a03f22b 100644 --- a/packages/server/src/registration/verifications/verifyAttestationPacked.ts +++ b/packages/server/src/registration/verifications/verifyAttestationPacked.ts @@ -1,6 +1,6 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationResponse'; -import { coseAlgSHAHashMap, isCOSEAlg } from '../../helpers/convertCOSEtoPKCS'; +import { isCOSEAlg } from '../../helpers/cose'; import { convertCertBufferToPEM } from '../../helpers/convertCertBufferToPEM'; import { validateCertificatePath } from '../../helpers/validateCertificatePath'; import { getCertificateInfo } from '../../helpers/getCertificateInfo'; diff --git a/packages/server/src/registration/verifyRegistrationResponse.test.ts b/packages/server/src/registration/verifyRegistrationResponse.test.ts index 22706ac..e456f5c 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.test.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.test.ts @@ -8,7 +8,7 @@ import * as esmParseAuthenticatorData from '../helpers/parseAuthenticatorData'; import * as esmDecodeCredentialPublicKey from '../helpers/decodeCredentialPublicKey'; import { toHash } from '../helpers/toHash'; import { isoBase64URL, isoUint8Array } from '../helpers/iso'; -import { COSEPublicKey, COSEKEYS } from '../helpers/convertCOSEtoPKCS'; +import { COSEPublicKey, COSEKEYS } from '../helpers/cose'; import { SettingsService } from '../services/settingsService'; import * as esmVerifyAttestationFIDOU2F from './verifications/verifyAttestationFIDOU2F'; diff --git a/packages/server/src/registration/verifyRegistrationResponse.ts b/packages/server/src/registration/verifyRegistrationResponse.ts index 4b1cbc7..dad5b56 100644 --- a/packages/server/src/registration/verifyRegistrationResponse.ts +++ b/packages/server/src/registration/verifyRegistrationResponse.ts @@ -14,7 +14,7 @@ import { decodeClientDataJSON } from '../helpers/decodeClientDataJSON'; import { parseAuthenticatorData } from '../helpers/parseAuthenticatorData'; import { toHash } from '../helpers/toHash'; import { decodeCredentialPublicKey } from '../helpers/decodeCredentialPublicKey'; -import { COSEKEYS } from '../helpers/convertCOSEtoPKCS'; +import { COSEKEYS } from '../helpers/cose'; import { convertAAGUIDToString } from '../helpers/convertAAGUIDToString'; import { parseBackupFlags } from '../helpers/parseBackupFlags'; import { matchExpectedRPID } from '../helpers/matchExpectedRPID'; |