From 9671a3c0107a5d281517f239a96685c69dba52c4 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 21 May 2020 16:23:34 -0700 Subject: Check response counter sooner --- .../server/src/assertion/verifyAssertionResponse.ts | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) (limited to 'packages/server/src') diff --git a/packages/server/src/assertion/verifyAssertionResponse.ts b/packages/server/src/assertion/verifyAssertionResponse.ts index 54addae..c126b84 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.ts @@ -61,6 +61,15 @@ export default function verifyAssertionResponse( counter, } = authData; + if (counter <= authenticator.counter) { + // Error out when the counter in the DB is greater than or equal to the counter in the + // dataStruct. It's related to how the authenticator maintains the number of times its been + // used for this client. If this happens, then someone's somehow increased the counter + // on the device without going through this site + console.debug(`Response counter ${counter} was not greater than ${authenticator.counter}`); + throw new Error(`Counter in response did not increment from ${authenticator.counter}`); + } + const clientDataHash = toHash(base64url.toBuffer(base64ClientDataJSON)); const signatureBase = Buffer.concat([ rpIdHash, @@ -76,15 +85,5 @@ export default function verifyAssertionResponse( verified: verifySignature(signature, signatureBase, publicKey), }; - if (toReturn.verified) { - if (counter <= authenticator.counter) { - // Error out when the counter in the DB is greater than or equal to the counter in the - // dataStruct. It's related to how the authenticator maintains the number of times its been - // used for this client. If this happens, then someone's somehow increased the counter - // on the device without going through this site - throw new Error(`Device's counter ${counter} isn't greater than ${authenticator.counter}!`); - } - } - return toReturn; } -- cgit v1.2.3