summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/authentication/verifyAuthenticationResponse.ts2
-rw-r--r--packages/server/src/helpers/verifySignature.ts58
-rw-r--r--packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts2
-rw-r--r--packages/server/src/registration/verifications/verifyAttestationPacked.ts4
7 files changed, 21 insertions, 51 deletions
diff --git a/packages/server/src/authentication/verifyAuthenticationResponse.ts b/packages/server/src/authentication/verifyAuthenticationResponse.ts
index 710419e..c99013e 100644
--- a/packages/server/src/authentication/verifyAuthenticationResponse.ts
+++ b/packages/server/src/authentication/verifyAuthenticationResponse.ts
@@ -206,7 +206,7 @@ export async function verifyAuthenticationResponse(
verified: await verifySignature({
signature,
data: signatureBase,
- publicKey: authenticator.credentialPublicKey,
+ credentialPublicKey: authenticator.credentialPublicKey,
}),
authenticationInfo: {
newCounter: counter,
diff --git a/packages/server/src/helpers/verifySignature.ts b/packages/server/src/helpers/verifySignature.ts
index 4bc38e2..19cbac1 100644
--- a/packages/server/src/helpers/verifySignature.ts
+++ b/packages/server/src/helpers/verifySignature.ts
@@ -9,35 +9,23 @@ import { COSEALG, COSECRV, COSEKEYS, COSEKTY, COSEPublicKey, COSEPublicKeyEC2, C
import { isoCrypto } from './iso';
import { decodeCredentialPublicKey } from './decodeCredentialPublicKey';
-type VerifySignatureOptsBase = {
+/**
+ * Verify an authenticator's signature
+ */
+export async function verifySignature(opts: {
signature: Uint8Array;
data: Uint8Array;
+ credentialPublicKey?: Uint8Array;
+ leafCertificate?: Uint8Array;
rsaHashAlgorithm?: string;
-}
+}): Promise<boolean> {
+ const { signature, data, credentialPublicKey, leafCertificate, rsaHashAlgorithm } = opts;
-type VerifySignatureOptsLeafCert = VerifySignatureOptsBase & {
- leafCert: Uint8Array;
-};
-
-type VerifySignatureOptsCredentialPublicKey = VerifySignatureOptsBase & {
- publicKey: Uint8Array;
-};
-
-/**
- * Verify an authenticator's signature
- */
-export async function verifySignature(
- opts: VerifySignatureOptsLeafCert | VerifySignatureOptsCredentialPublicKey,
-): Promise<boolean> {
- const { signature, data, rsaHashAlgorithm } = opts;
- const _isLeafcertOpts = isLeafCertOpts(opts);
- const _isCredPubKeyOpts = isCredPubKeyOpts(opts);
-
- if (!_isLeafcertOpts && !_isCredPubKeyOpts) {
+ if (!leafCertificate && !credentialPublicKey) {
throw new Error('Must declare either "leafCert" or "credentialPublicKey"');
}
- if (_isLeafcertOpts && _isCredPubKeyOpts) {
+ if (leafCertificate && credentialPublicKey) {
throw new Error('Must not declare both "leafCert" and "credentialPublicKey"');
}
@@ -45,10 +33,8 @@ export async function verifySignature(
let kty: COSEKTY;
let alg: COSEALG;
- if (_isCredPubKeyOpts) {
- const { publicKey } = opts;
-
- const cosePublicKey = decodeCredentialPublicKey(publicKey);
+ if (credentialPublicKey) {
+ const cosePublicKey = decodeCredentialPublicKey(credentialPublicKey);
const _kty = cosePublicKey.get(COSEKEYS.kty);
const _alg = cosePublicKey.get(COSEKEYS.alg);
@@ -80,13 +66,11 @@ export async function verifySignature(
subtlePublicKey = await isoCrypto.importKey(cosePublicKey as COSEPublicKeyEC2 | COSEPublicKeyRSA);
kty = _kty as COSEKTY;
alg = _alg;
- } else if (_isLeafcertOpts) {
+ } else if (leafCertificate) {
/**
* Time to extract the public key from an X.509 leaf certificate
*/
- const { leafCert } = opts;
-
- const x509 = AsnParser.parse(leafCert, Certificate);
+ const x509 = AsnParser.parse(leafCertificate, Certificate);
const { tbsCertificate } = x509;
const {
@@ -198,17 +182,3 @@ export async function verifySignature(
data,
});
}
-
-function isLeafCertOpts(
- opts: VerifySignatureOptsLeafCert | VerifySignatureOptsCredentialPublicKey,
-): opts is VerifySignatureOptsLeafCert {
- return Object.keys(opts as VerifySignatureOptsLeafCert).indexOf('leafCert') >= 0;
-}
-
-function isCredPubKeyOpts(
- opts: VerifySignatureOptsLeafCert | VerifySignatureOptsCredentialPublicKey,
-): opts is VerifySignatureOptsCredentialPublicKey {
- return (
- Object.keys(opts as VerifySignatureOptsCredentialPublicKey).indexOf('publicKey') >= 0
- );
-}
diff --git a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts
index 7a147e3..283e417 100644
--- a/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts
+++ b/packages/server/src/registration/verifications/tpm/verifyAttestationTPM.ts
@@ -304,7 +304,7 @@ export async function verifyAttestationTPM(options: AttestationFormatVerifierOpt
return verifySignature({
signature: sig,
data: certInfo,
- leafCert: x5c[0],
+ leafCertificate: x5c[0],
rsaHashAlgorithm: hashAlg
});
}
diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts
index 1287ac0..57dd921 100644
--- a/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationAndroidKey.ts
@@ -111,7 +111,7 @@ export async function verifyAttestationAndroidKey(
return verifySignature({
signature: sig,
data: signatureBase,
- leafCert: x5c[0],
+ leafCertificate: x5c[0],
rsaHashAlgorithm: hashAlg
});
}
diff --git a/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts b/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts
index 5e977a5..d47dd70 100644
--- a/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationAndroidSafetyNet.ts
@@ -129,7 +129,7 @@ export async function verifyAttestationAndroidSafetyNet(
const verified = await verifySignature({
signature: signatureBuffer,
data: signatureBaseBuffer,
- leafCert: leafCertBuffer,
+ leafCertificate: leafCertBuffer,
});
/**
* END Verify Signature
diff --git a/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts b/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts
index 629746d..f37dfea 100644
--- a/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationFIDOU2F.ts
@@ -61,6 +61,6 @@ export async function verifyAttestationFIDOU2F(
return verifySignature({
signature: sig,
data: signatureBase,
- leafCert: x5c[0],
+ leafCertificate: x5c[0],
});
}
diff --git a/packages/server/src/registration/verifications/verifyAttestationPacked.ts b/packages/server/src/registration/verifications/verifyAttestationPacked.ts
index bf3fbc7..85c2e8c 100644
--- a/packages/server/src/registration/verifications/verifyAttestationPacked.ts
+++ b/packages/server/src/registration/verifications/verifyAttestationPacked.ts
@@ -115,7 +115,7 @@ export async function verifyAttestationPacked(
verified = await verifySignature({
signature: sig,
data: signatureBase,
- leafCert: x5c[0],
+ leafCertificate: x5c[0],
});
} else {
const hashAlg: string = coseAlgSHAHashMap[alg];
@@ -123,7 +123,7 @@ export async function verifyAttestationPacked(
verified = await verifySignature({
signature: sig,
data: signatureBase,
- publicKey: credentialPublicKey,
+ credentialPublicKey,
rsaHashAlgorithm: hashAlg
});
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 09:11:03 +0000