summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src/helpers/parseAuthenticatorData.ts
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src/helpers/parseAuthenticatorData.ts')
-rw-r--r--packages/server/src/helpers/parseAuthenticatorData.ts8
1 files changed, 8 insertions, 0 deletions
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 28bd469..18ce93d 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -65,8 +65,10 @@ export function parseAuthenticatorData(
// Bytes decode to `{ 1: "OKP", 3: -8, -1: "Ed25519" }` (it's missing key -2 a.k.a. COSEKEYS.x)
const badEdDSACBOR = isoUint8Array.fromHex('a301634f4b500327206745643235353139');
const bytesAtCurrentPosition = authData.slice(pointer, pointer + badEdDSACBOR.byteLength);
+ let foundBadCBOR = false;
if (isoUint8Array.areEqual(badEdDSACBOR, bytesAtCurrentPosition)) {
// Change the bad CBOR 0xa3 to 0xa4 so that the credential public key can be recognized
+ foundBadCBOR = true;
authData[pointer] = 0xa4;
}
@@ -76,6 +78,12 @@ export function parseAuthenticatorData(
);
const firstEncoded = Uint8Array.from(isoCBOR.encode(firstDecoded));
+ if (foundBadCBOR) {
+ // Restore the bit we changed so that `authData` is the same as it came in and won't break
+ // signature verification.
+ authData[pointer] = 0xa3;
+ }
+
credentialPublicKey = firstEncoded;
pointer += firstEncoded.byteLength;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 05:12:37 +0000