summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/attestation/verifications/verifyAndroidSafetyNet.ts4
-rw-r--r--src/attestation/verifications/verifyFIDOU2F.ts4
-rw-r--r--src/attestation/verifications/verifyNone.ts4
-rw-r--r--src/attestation/verifications/verifyPacked.ts41
-rw-r--r--src/helpers/convertCOSEtoPKCS.ts (renamed from src/helpers/convertCOSEECDHAtoPKCS.ts)31
5 files changed, 46 insertions, 38 deletions
diff --git a/src/attestation/verifications/verifyAndroidSafetyNet.ts b/src/attestation/verifications/verifyAndroidSafetyNet.ts
index b052967..f57b68e 100644
--- a/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -3,7 +3,7 @@ import base64url from 'base64url';
import { AttestationObject, VerifiedAttestation } from "@types";
import toHash from "@helpers/toHash";
import verifySignature from '@helpers/verifySignature';
-import convertCOSEECDHAtoPKCS from '@helpers/convertCOSEECDHAtoPKCS';
+import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
import getCertificateInfo from '@helpers/getCertificateInfo';
import parseAttestationAuthData from '../parseAttestationAuthData';
@@ -122,7 +122,7 @@ export default function verifyAttestationAndroidSafetyNet(
throw new Error('No credential ID was provided by authenticator');
}
- const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(COSEPublicKey);
toReturn.authenticatorInfo = {
fmt,
diff --git a/src/attestation/verifications/verifyFIDOU2F.ts b/src/attestation/verifications/verifyFIDOU2F.ts
index d14ab97..a0f17f5 100644
--- a/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/src/attestation/verifications/verifyFIDOU2F.ts
@@ -2,7 +2,7 @@ import base64url from 'base64url';
import { AttestationObject, VerifiedAttestation } from '@types';
import toHash from '@helpers/toHash';
-import convertCOSEECDHAtoPKCS from '@helpers/convertCOSEECDHAtoPKCS';
+import convertCOSEtoPKCS from '@helpers/convertCOSEtoPKCS';
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import verifySignature from '@helpers/verifySignature';
@@ -43,7 +43,7 @@ export default function verifyAttestationFIDOU2F(
const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON));
const reservedByte = Buffer.from([0x00]);
- const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(COSEPublicKey);
const signatureBase = Buffer.concat([
reservedByte,
diff --git a/src/attestation/verifications/verifyNone.ts b/src/attestation/verifications/verifyNone.ts
index 1eeb895..589d143 100644
--- a/src/attestation/verifications/verifyNone.ts
+++ b/src/attestation/verifications/verifyNone.ts
@@ -1,7 +1,7 @@
import base64url from 'base64url';
import { AttestationObject, VerifiedAttestation } from "@types";
-import convertCOSEECDHAtoPKCS from "@helpers/convertCOSEECDHAtoPKCS";
+import convertCOSEtoPKCS from "@helpers/convertCOSEtoPKCS";
import parseAttestationAuthData from '../parseAttestationAuthData';
@@ -42,7 +42,7 @@ export default function verifyAttestationNone(
console.warn('The authenticator could not uniquely Verify the user');
}
- const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(COSEPublicKey);
const toReturn: VerifiedAttestation = {
verified: true,
diff --git a/src/attestation/verifications/verifyPacked.ts b/src/attestation/verifications/verifyPacked.ts
index e4e20de..15ec58d 100644
--- a/src/attestation/verifications/verifyPacked.ts
+++ b/src/attestation/verifications/verifyPacked.ts
@@ -4,7 +4,7 @@ import elliptic from 'elliptic';
import NodeRSA, { SigningSchemeHash } from 'node-rsa';
import { AttestationObject, VerifiedAttestation } from "@types";
-import convertCOSEECDHAtoPKCS from "@helpers/convertCOSEECDHAtoPKCS";
+import convertCOSEtoPKCS from "@helpers/convertCOSEtoPKCS";
import toHash from "@helpers/toHash";
import convertASN1toPEM from '@helpers/convertASN1toPEM';
import getCertificateInfo from '@helpers/getCertificateInfo';
@@ -43,7 +43,7 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
]);
const toReturn: VerifiedAttestation = { verified: false };
- const publicKey = convertCOSEECDHAtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(COSEPublicKey);
if (x5c) {
console.log('FULL Attestation');
@@ -89,12 +89,10 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
} else {
console.log('SELF Attestation');
- const publicKeyCOSE: Map<COSEAlgorithmIdentifier, number | Buffer> = cbor.decodeAllSync(COSEPublicKey)[0];
+ const cosePublicKey: COSEPublicKey = cbor.decodeAllSync(COSEPublicKey)[0];
- const kty = publicKeyCOSE.get(COSEKEYS.kty);
- const alg = publicKeyCOSE.get(COSEKEYS.alg);
- const x = publicKeyCOSE.get(COSEKEYS.x);
- const y = publicKeyCOSE.get(COSEKEYS.y);
+ const kty = cosePublicKey.get(COSEKEYS.kty);
+ const alg = cosePublicKey.get(COSEKEYS.alg);
if (!alg) {
throw new Error('COSE public key was missing alg');
@@ -104,44 +102,31 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
throw new Error('COSE public key was missing kty');
}
- if (!x) {
- throw new Error('COSE public key was missing x');
- }
-
- if (!y) {
- throw new Error('COSE public key was missing y');
- }
-
const hashAlg: string = COSEALGHASH[(alg as number)];
if (kty === COSEKTY.EC2) {
console.log('EC2');
- const crv = publicKeyCOSE.get(COSEKEYS.crv);
+ const crv = cosePublicKey.get(COSEKEYS.crv);
if (!crv) {
throw new Error('COSE public key was missing kty crv');
}
- const ansiKey = Buffer.concat([
- Buffer.from([0x04]),
- (x as Buffer),
- (y as Buffer),
- ]);
-
+ const pkcsPublicKey = convertCOSEtoPKCS(cosePublicKey);
const signatureBaseHash = toHash(signatureBase, hashAlg);
const ec = new elliptic.ec(COSECRV[(crv as number)]);
- const key = ec.keyFromPublic(ansiKey);
+ const key = ec.keyFromPublic(pkcsPublicKey);
toReturn.verified = key.verify(signatureBaseHash, sig);
} else if (kty === COSEKTY.RSA) {
console.log('RSA');
- const n = publicKeyCOSE.get(COSEKEYS.n);
+ const n = cosePublicKey.get(COSEKEYS.n);
if (!n) {
- throw new Error('COSE public key was missing kty n');
+ throw new Error('COSE public key was missing n');
}
const signingScheme = COSERSASCHEME[alg as number];
@@ -158,6 +143,12 @@ export default function verifyAttestationPacked(attestationObject: AttestationOb
} else if (kty === COSEKTY.OKP) {
console.log('OKP');
+ const x = cosePublicKey.get(COSEKEYS.x);
+
+ if (!x) {
+ throw new Error('COSE public key was missing x');
+ }
+
const signatureBaseHash = toHash(signatureBase, hashAlg);
const key = new elliptic.eddsa('ed25519');
diff --git a/src/helpers/convertCOSEECDHAtoPKCS.ts b/src/helpers/convertCOSEtoPKCS.ts
index 725a346..9098aae 100644
--- a/src/helpers/convertCOSEECDHAtoPKCS.ts
+++ b/src/helpers/convertCOSEtoPKCS.ts
@@ -1,11 +1,14 @@
import cbor from 'cbor';
+import { COSEKEYS, COSEPublicKey } from '@types';
+
/**
- * Takes COSE encoded public key and converts it to RAW PKCS ECDHA key
- * @param COSEPublicKey COSE-encoded public key
+ * Takes COSE-encoded public key and converts it to PKCS key
+ *
+ * @param cosePublicKey COSE-encoded public key
* @return RAW PKCS encoded public key
*/
-export default function COSEECDHAtoPKCS(COSEPublicKey: Buffer) {
+export default function convertCOSEtoPKCS(cosePublicKey: Buffer | COSEPublicKey) {
/*
+------+-------+-------+---------+----------------------------------+
| name | key | label | type | description |
@@ -22,11 +25,25 @@ export default function COSEECDHAtoPKCS(COSEPublicKey: Buffer) {
| d | 2 | -4 | bstr | Private key |
+------+-------+-------+---------+----------------------------------+
*/
+ let struct: COSEPublicKey;
+ if (cosePublicKey instanceof Buffer) {
+ struct = cbor.decodeFirstSync(cosePublicKey);
+ } else {
+ struct = cosePublicKey;
+ }
- const coseStruct = cbor.decodeAllSync(COSEPublicKey)[0];
const tag = Buffer.from([0x04]);
- const x = coseStruct.get(-2);
- const y = coseStruct.get(-3);
+ const x = struct.get(COSEKEYS.x);
+ const y = struct.get(COSEKEYS.y);
+
+
+ if (!x) {
+ throw new Error('COSE public key was missing x');
+ }
+
+ if (!y) {
+ throw new Error('COSE public key was missing y');
+ }
- return Buffer.concat([tag, x, y]);
+ return Buffer.concat([tag, (x as Buffer), (y as Buffer)]);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-05 09:20:51 +0000