diff options
Diffstat (limited to 'packages/server/src')
7 files changed, 17 insertions, 22 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts index f47eaf1..710419e 100644 --- a/packages/server/src/authentication/verifyAuthenticationResponse.ts +++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts @@ -205,7 +205,7 @@ export async function verifyAuthenticationResponse( const toReturn: VerifiedAuthenticationResponse = { verified: await verifySignature({ signature, - signatureBase, + data: signatureBase, publicKey: authenticator.credentialPublicKey, }), authenticationInfo: { diff --git a/packages/server/src/helpers/verifySignature.ts b/packages/server/src/helpers/verifySignature.ts index 69f9a8b..e7b4b28 100644 --- a/packages/server/src/helpers/verifySignature.ts +++ b/packages/server/src/helpers/verifySignature.ts @@ -9,32 +9,27 @@ import { COSECRV, COSEKEYS, COSEKTY, COSEPublicKey } from './convertCOSEtoPKCS'; import { isoCrypto } from './iso'; import { decodeCredentialPublicKey } from './decodeCredentialPublicKey'; -type VerifySignatureOptsLeafCert = { +type VerifySignatureOptsBase = { signature: Uint8Array; - signatureBase: Uint8Array; - leafCert: Uint8Array; + data: Uint8Array; rsaHashAlgorithm?: string; +} + +type VerifySignatureOptsLeafCert = VerifySignatureOptsBase & { + leafCert: Uint8Array; }; -type VerifySignatureOptsCredentialPublicKey = { - signature: Uint8Array; - signatureBase: Uint8Array; +type VerifySignatureOptsCredentialPublicKey = VerifySignatureOptsBase & { publicKey: Uint8Array; - rsaHashAlgorithm?: string; }; /** * Verify an authenticator's signature - * - * @param signature attStmt.sig - * @param signatureBase Bytes that were signed over - * @param publicKey Authenticator's public key as a PEM certificate - * @param rsaHashAlgorithm Which algorithm to use to verify RSA signatures */ export async function verifySignature( opts: VerifySignatureOptsLeafCert | VerifySignatureOptsCredentialPublicKey, ): Promise<boolean> { - const { signature, signatureBase, rsaHashAlgorithm } = opts; + const { signature, data, rsaHashAlgorithm } = opts; const _isLeafcertOpts = isLeafCertOpts(opts); const _isCredPubKeyOpts = isCredPubKeyOpts(opts); @@ -74,7 +69,7 @@ export async function verifySignature( throw new Error('Public key was missing x (OKP)'); } - return ed25519Verify(signature, signatureBase, (x as Uint8Array)); + return ed25519Verify(signature, data, (x as Uint8Array)); } // Assume we're handling COSEKTY.EC2 or COSEKTY.RSA key from here on @@ -196,7 +191,7 @@ export async function verifySignature( coseKty: kty, coseAlg: alg, signature, - data: signatureBase, + data, }); } diff --git a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts index 2580ecb..45ccca8 100644 --- a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts +++ b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts @@ -287,7 +287,7 @@ export async function verifyAttestationTPM(options: AttestationFormatVerifierOpt // In the wise words of Yuriy Ackermann: "Get Martini friend, you are done!" return verifySignature({ signature: sig, - signatureBase: certInfo, + data: certInfo, leafCert: x5c[0], rsaHashAlgorithm: hashAlg }); diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts index 1449b37..af2daf9 100644 --- a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts +++ b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts @@ -106,7 +106,7 @@ export async function verifyAttestationAndroidKey( return verifySignature({ signature: sig, - signatureBase, + data: signatureBase, leafCert: x5c[0], rsaHashAlgorithm: hashAlg }); diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts index 285f919..5e977a5 100644 --- a/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts +++ b/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts @@ -128,7 +128,7 @@ export async function verifyAttestationAndroidSafetyNet( const verified = await verifySignature({ signature: signatureBuffer, - signatureBase: signatureBaseBuffer, + data: signatureBaseBuffer, leafCert: leafCertBuffer, }); /** diff --git a/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts b/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts index 0b681fa..629746d 100644 --- a/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts +++ b/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts @@ -60,7 +60,7 @@ export async function verifyAttestationFIDOU2F( return verifySignature({ signature: sig, - signatureBase, + data: signatureBase, leafCert: x5c[0], }); } diff --git a/packages/server/src/registration/verifications/verifyAttestationPacked.ts b/packages/server/src/registration/verifications/verifyAttestationPacked.ts index da36841..5f00847 100644 --- a/packages/server/src/registration/verifications/verifyAttestationPacked.ts +++ b/packages/server/src/registration/verifications/verifyAttestationPacked.ts @@ -110,7 +110,7 @@ export async function verifyAttestationPacked( verified = await verifySignature({ signature: sig, - signatureBase, + data: signatureBase, leafCert: x5c[0], }); } else { @@ -118,7 +118,7 @@ export async function verifyAttestationPacked( verified = await verifySignature({ signature: sig, - signatureBase, + data: signatureBase, publicKey: credentialPublicKey, rsaHashAlgorithm: hashAlg }); |