summaryrefslogtreecommitdiffhomepage
path: root/packages/server/src
diff options
context:
space:
mode:
Diffstat (limited to 'packages/server/src')
-rw-r--r--packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts7
-rw-r--r--packages/server/src/attestation/verifications/verifyFIDOU2F.ts6
-rw-r--r--packages/server/src/attestation/verifications/verifyNone.ts8
-rw-r--r--packages/server/src/attestation/verifications/verifyPacked.ts13
-rw-r--r--packages/server/src/attestation/verifyAttestationResponse.ts8
-rw-r--r--packages/server/src/helpers/parseAuthenticatorData.ts8
6 files changed, 23 insertions, 27 deletions
diff --git a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
index 9ef6bf8..31aa53d 100644
--- a/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
+++ b/packages/server/src/attestation/verifications/verifyAndroidSafetyNet.ts
@@ -16,7 +16,7 @@ export default function verifyAttestationAndroidSafetyNet(
attestationObject: AttestationObject,
base64ClientDataJSON: string,
parsedAuthData: ParsedAuthenticatorData,
- COSEPublicKey: Buffer,
+ credentialPublicKey: Buffer,
): VerifiedAttestation {
const { attStmt, authData, fmt } = attestationObject;
const { counter, credentialID, flags } = parsedAuthData;
@@ -24,9 +24,6 @@ export default function verifyAttestationAndroidSafetyNet(
if (!credentialID) {
throw new Error('No credential ID was provided by authenticator (SafetyNet)');
}
- if (!COSEPublicKey) {
- throw new Error('No public key was provided by authenticator (SafetyNet)');
- }
if (!attStmt.response) {
throw new Error('No response was included in attStmt by authenticator (SafetyNet)');
@@ -109,7 +106,7 @@ export default function verifyAttestationAndroidSafetyNet(
if (toReturn.verified) {
toReturn.userVerified = flags.uv;
- const publicKey = convertCOSEtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(credentialPublicKey);
toReturn.authenticatorInfo = {
fmt,
diff --git a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
index 335c239..508f167 100644
--- a/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
+++ b/packages/server/src/attestation/verifications/verifyFIDOU2F.ts
@@ -18,9 +18,9 @@ export default function verifyAttestationFIDOU2F(
parsedAuthData: ParsedAuthenticatorData,
): VerifiedAttestation {
const { fmt, attStmt } = attestationObject;
- const { flags, COSEPublicKey, rpIdHash, credentialID, counter } = parsedAuthData;
+ const { flags, credentialPublicKey, rpIdHash, credentialID, counter } = parsedAuthData;
- if (!COSEPublicKey) {
+ if (!credentialPublicKey) {
throw new Error('No public key was provided by authenticator (FIDOU2F)');
}
@@ -30,7 +30,7 @@ export default function verifyAttestationFIDOU2F(
const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON));
const reservedByte = Buffer.from([0x00]);
- const publicKey = convertCOSEtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(credentialPublicKey);
const signatureBase = Buffer.concat([
reservedByte,
diff --git a/packages/server/src/attestation/verifications/verifyNone.ts b/packages/server/src/attestation/verifications/verifyNone.ts
index 4ac1988..f276a83 100644
--- a/packages/server/src/attestation/verifications/verifyNone.ts
+++ b/packages/server/src/attestation/verifications/verifyNone.ts
@@ -15,10 +15,10 @@ export default function verifyAttestationNone(
attestationObject: AttestationObject,
parsedAuthData: ParsedAuthenticatorData,
): VerifiedAttestation {
- const { fmt, authData } = attestationObject;
- const { credentialID, COSEPublicKey, counter, flags } = parsedAuthData;
+ const { fmt } = attestationObject;
+ const { credentialID, credentialPublicKey, counter, flags } = parsedAuthData;
- if (!COSEPublicKey) {
+ if (!credentialPublicKey) {
throw new Error('No public key was provided by authenticator (None)');
}
@@ -26,7 +26,7 @@ export default function verifyAttestationNone(
throw new Error('No credential ID was provided by authenticator (None)');
}
- const publicKey = convertCOSEtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(credentialPublicKey);
const toReturn: VerifiedAttestation = {
verified: true,
diff --git a/packages/server/src/attestation/verifications/verifyPacked.ts b/packages/server/src/attestation/verifications/verifyPacked.ts
index 48764aa..c5f8ec1 100644
--- a/packages/server/src/attestation/verifications/verifyPacked.ts
+++ b/packages/server/src/attestation/verifications/verifyPacked.ts
@@ -1,5 +1,4 @@
import base64url from 'base64url';
-import cbor from 'cbor';
import elliptic from 'elliptic';
import NodeRSA, { SigningSchemeHash } from 'node-rsa';
@@ -9,12 +8,12 @@ import type { VerifiedAttestation } from '../verifyAttestationResponse';
import convertCOSEtoPKCS, {
COSEKEYS,
- COSEPublicKey as COSEPublicKeyType
} from '../../helpers/convertCOSEtoPKCS';
import toHash from '../../helpers/toHash';
import convertASN1toPEM from '../../helpers/convertASN1toPEM';
import getCertificateInfo from '../../helpers/getCertificateInfo';
import verifySignature from '../../helpers/verifySignature';
+import decodeCredentialPublicKey from '../../helpers/decodeCredentialPublicKey';
/**
* Verify an attestation response with fmt 'packed'
@@ -26,9 +25,9 @@ export default function verifyAttestationPacked(
): VerifiedAttestation {
const { fmt, authData, attStmt } = attestationObject;
const { sig, x5c } = attStmt;
- const { COSEPublicKey, counter, credentialID, flags } = parsedAuthData;
+ const { credentialPublicKey, counter, credentialID, flags } = parsedAuthData;
- if (!COSEPublicKey) {
+ if (!credentialPublicKey) {
throw new Error('No public key was provided by authenticator (Packed)');
}
@@ -48,7 +47,7 @@ export default function verifyAttestationPacked(
verified: false,
userVerified: flags.uv,
};
- const publicKey = convertCOSEtoPKCS(COSEPublicKey);
+ const publicKey = convertCOSEtoPKCS(credentialPublicKey);
if (x5c) {
const leafCert = convertASN1toPEM(x5c[0]);
@@ -83,7 +82,7 @@ export default function verifyAttestationPacked(
toReturn.verified = verifySignature(sig, signatureBase, leafCert);
} else {
- const cosePublicKey: COSEPublicKeyType = cbor.decodeAllSync(COSEPublicKey)[0];
+ const cosePublicKey = decodeCredentialPublicKey(credentialPublicKey);
const kty = cosePublicKey.get(COSEKEYS.kty);
const alg = cosePublicKey.get(COSEKEYS.alg);
@@ -105,7 +104,7 @@ export default function verifyAttestationPacked(
throw new Error('COSE public key was missing kty crv (Packed|EC2)');
}
- const pkcsPublicKey = convertCOSEtoPKCS(COSEPublicKey);
+ const pkcsPublicKey = convertCOSEtoPKCS(credentialPublicKey);
const signatureBaseHash = toHash(signatureBase, hashAlg);
/**
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts
index 6b54d8a..96f659a 100644
--- a/packages/server/src/attestation/verifyAttestationResponse.ts
+++ b/packages/server/src/attestation/verifyAttestationResponse.ts
@@ -55,7 +55,7 @@ export default function verifyAttestationResponse(
const { fmt, authData } = attestationObject;
const parsedAuthData = parseAuthenticatorData(authData);
- const { rpIdHash, flags, COSEPublicKey } = parsedAuthData;
+ const { rpIdHash, flags, credentialPublicKey } = parsedAuthData;
// Make sure the response's RP ID is ours
const expectedRPIDHash = toHash(Buffer.from(expectedRPID, 'ascii'));
@@ -68,11 +68,11 @@ export default function verifyAttestationResponse(
throw new Error('User not present during assertion');
}
- if (!COSEPublicKey) {
+ if (!credentialPublicKey) {
throw new Error('No public key was provided by authenticator');
}
- const decodedPublicKey = decodeCredentialPublicKey(COSEPublicKey);
+ const decodedPublicKey = decodeCredentialPublicKey(credentialPublicKey);
const alg = decodedPublicKey.get(COSEKEYS.alg);
if (!alg) {
@@ -109,7 +109,7 @@ export default function verifyAttestationResponse(
attestationObject,
response.clientDataJSON,
parsedAuthData,
- COSEPublicKey,
+ credentialPublicKey,
);
}
diff --git a/packages/server/src/helpers/parseAuthenticatorData.ts b/packages/server/src/helpers/parseAuthenticatorData.ts
index 510c228..e177002 100644
--- a/packages/server/src/helpers/parseAuthenticatorData.ts
+++ b/packages/server/src/helpers/parseAuthenticatorData.ts
@@ -27,7 +27,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
let aaguid: Buffer | undefined = undefined;
let credentialID: Buffer | undefined = undefined;
- let COSEPublicKey: Buffer | undefined = undefined;
+ let credentialPublicKey: Buffer | undefined = undefined;
if (flags.at) {
aaguid = intBuffer.slice(0, 16);
@@ -41,7 +41,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
credentialID = intBuffer.slice(0, credIDLen);
intBuffer = intBuffer.slice(credIDLen);
- COSEPublicKey = intBuffer;
+ credentialPublicKey = intBuffer;
}
return {
@@ -52,7 +52,7 @@ export default function parseAuthenticatorData(authData: Buffer): ParsedAuthenti
counterBuf,
aaguid,
credentialID,
- COSEPublicKey,
+ credentialPublicKey,
};
}
@@ -70,5 +70,5 @@ export type ParsedAuthenticatorData = {
counterBuf: Buffer;
aaguid?: Buffer;
credentialID?: Buffer;
- COSEPublicKey?: Buffer;
+ credentialPublicKey?: Buffer;
};
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-22 07:45:22 +0000