2 files changed, 16 insertions, 5 deletions

diff --git a/packages/server/src/attestation/generateAttestationOptions.ts b/packages/server/src/attestation/generateAttestationOptions.ts
index 39d6378..e80275f 100644
--- a/packages/server/src/attestation/generateAttestationOptions.ts
+++ b/packages/server/src/attestation/generateAttestationOptions.ts
@@ -20,7 +20,18 @@ type Options = {
 
 // Supported crypto algo identifiers
 // See https://w3c.github.io/webauthn/#sctn-alg-identifier
-export const supportedCOSEAlgorithIdentifiers: COSEAlgorithmIdentifier[] = [-7, -35, -36, -8];
+export const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[] = [
+  -7,
+  -8,
+  -36,
+  -37,
+  -38,
+  -39,
+  -257,
+  -258,
+  -259,
+  -65535,
+];
 
 /**
  * Prepare a value to pass into navigator.credentials.create(...) for authenticator "registration"
@@ -71,7 +82,7 @@ export default function generateAttestationOptions(
       name: userName,
       displayName: userDisplayName,
     },
-    pubKeyCredParams: supportedCOSEAlgorithIdentifiers.map(id => ({
+    pubKeyCredParams: supportedCOSEAlgorithmIdentifiers.map(id => ({
       alg: id,
       type: 'public-key',
     })),
diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts
index 2ebf8d5..40f5d08 100644
--- a/packages/server/src/attestation/verifyAttestationResponse.ts
+++ b/packages/server/src/attestation/verifyAttestationResponse.ts
@@ -8,7 +8,7 @@ import toHash from '../helpers/toHash';
 import decodeCredentialPublicKey from '../helpers/decodeCredentialPublicKey';
 import convertCOSEtoPKCS, { COSEKEYS } from '../helpers/convertCOSEtoPKCS';
 
-import { supportedCOSEAlgorithIdentifiers } from './generateAttestationOptions';
+import { supportedCOSEAlgorithmIdentifiers } from './generateAttestationOptions';
 import verifyFIDOU2F from './verifications/verifyFIDOU2F';
 import verifyPacked from './verifications/verifyPacked';
 import verifyAndroidSafetynet from './verifications/verifyAndroidSafetyNet';
@@ -131,8 +131,8 @@ export default function verifyAttestationResponse(options: Options): VerifiedAtt
   }
 
   // Make sure the key algorithm is one we specified within the attestation options
-  if (!supportedCOSEAlgorithIdentifiers.includes(alg as number)) {
-    const supported = supportedCOSEAlgorithIdentifiers.join(', ');
+  if (!supportedCOSEAlgorithmIdentifiers.includes(alg as number)) {
+    const supported = supportedCOSEAlgorithmIdentifiers.join(', ');
     throw new Error(`Unexpected public key alg "${alg}", expected one of "${supported}"`);
   }