From 11da0b8118ae1124e868afd6ac25af164f4e698e Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 2 Feb 2021 14:13:48 -0800 Subject: Update AuthenticatorDevice with more data --- packages/typescript-types/src/index.ts | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index c950398..ef6ebcc 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -112,12 +112,16 @@ export interface AuthenticatorAssertionResponseJSON * A WebAuthn-compatible device and the information needed to verify assertions by it */ export type AuthenticatorDevice = { - publicKey: Base64URLString; - credentialID: Base64URLString; - // Number of times this device is expected to have been used + credentialPublicKey: Buffer; + credentialID: Buffer; + // Number of times this authenticator is expected to have been used counter: number; + // The random Buffer generated as user.id in attestation options + userHandle: Buffer; // From browser's `startAttestation()` -> AttestationCredentialJSON.transports (API L2 and up) transports?: AuthenticatorTransport[]; + // If desired, store the original value of response.attestationObject for later scrutiny + attestationObject?: Base64URLString; }; /** -- cgit v1.2.3 From 25dec97c0f7c395cf41616973e973bd08508af85 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Tue, 2 Feb 2021 14:48:47 -0800 Subject: Return attestationObject as Buffer --- packages/server/src/attestation/verifyAttestationResponse.ts | 9 +++++---- packages/server/src/helpers/decodeAttestationObject.ts | 7 ++----- packages/typescript-types/src/index.ts | 2 +- 3 files changed, 8 insertions(+), 10 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/server/src/attestation/verifyAttestationResponse.ts b/packages/server/src/attestation/verifyAttestationResponse.ts index 109d824..be14402 100644 --- a/packages/server/src/attestation/verifyAttestationResponse.ts +++ b/packages/server/src/attestation/verifyAttestationResponse.ts @@ -111,8 +111,9 @@ export default async function verifyAttestationResponse( } } - const attestationObject = decodeAttestationObject(response.attestationObject); - const { fmt, authData, attStmt } = attestationObject; + const attestationObject = base64url.toBuffer(response.attestationObject); + const decodedAttestationObject = decodeAttestationObject(attestationObject); + const { fmt, authData, attStmt } = decodedAttestationObject; const parsedAuthData = parseAuthenticatorData(authData); const { aaguid, rpIdHash, flags, credentialID, counter, credentialPublicKey } = parsedAuthData; @@ -248,7 +249,7 @@ export default async function verifyAttestationResponse( credentialID, credentialType, userVerified: flags.uv, - attestationObject: response.attestationObject, + attestationObject, }; } @@ -279,6 +280,6 @@ export type VerifiedAttestation = { credentialID: Buffer; credentialType: string; userVerified: boolean; - attestationObject: string; + attestationObject: Buffer; }; }; diff --git a/packages/server/src/helpers/decodeAttestationObject.ts b/packages/server/src/helpers/decodeAttestationObject.ts index fd6ad21..362e8a0 100644 --- a/packages/server/src/helpers/decodeAttestationObject.ts +++ b/packages/server/src/helpers/decodeAttestationObject.ts @@ -6,11 +6,8 @@ import cbor from 'cbor'; * * @param base64AttestationObject Base64URL-encoded Attestation Object */ -export default function decodeAttestationObject( - base64AttestationObject: string, -): AttestationObject { - const toBuffer = base64url.toBuffer(base64AttestationObject); - const toCBOR: AttestationObject = cbor.decodeAllSync(toBuffer)[0]; +export default function decodeAttestationObject(attestationObject: Buffer): AttestationObject { + const toCBOR: AttestationObject = cbor.decodeAllSync(attestationObject)[0]; return toCBOR; } diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index ef6ebcc..3e14e8b 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -121,7 +121,7 @@ export type AuthenticatorDevice = { // From browser's `startAttestation()` -> AttestationCredentialJSON.transports (API L2 and up) transports?: AuthenticatorTransport[]; // If desired, store the original value of response.attestationObject for later scrutiny - attestationObject?: Base64URLString; + attestationObject?: Buffer; }; /** -- cgit v1.2.3 From d8cbcb40b9f32d7a6eab82f5e31c6e5272c9d163 Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Wed, 3 Feb 2021 17:48:03 -0800 Subject: Make userHandle on AuthenticatorDevice optional Better aligns with the fact that `response.userHandle` in an assertion may be null --- packages/server/src/assertion/verifyAssertionResponse.test.ts | 3 --- packages/typescript-types/src/index.ts | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/server/src/assertion/verifyAssertionResponse.test.ts b/packages/server/src/assertion/verifyAssertionResponse.test.ts index 61d125f..1708f77 100644 --- a/packages/server/src/assertion/verifyAssertionResponse.test.ts +++ b/packages/server/src/assertion/verifyAssertionResponse.test.ts @@ -202,7 +202,6 @@ test.skip('should verify TPM assertion', () => { credentialPublicKey: base64url.toBuffer('BAEAAQ'), credentialID: base64url.toBuffer('YJ8FMM-AmcUt73XPX341WXWd7ypBMylGjjhu0g3VzME'), counter: 0, - userHandle: Buffer.from('randomID', 'ascii'), }, }); @@ -288,7 +287,6 @@ const authenticator: AuthenticatorDevice = { 'KEbWNCc7NgaYnUyrNeFGX9_3Y-8oJ3KwzjnaiD1d1LVTxR7v3CaKfCz2Vy_g_MHSh7yJ8yL0Pxg6jo_o0hYiew', ), counter: 143, - userHandle: Buffer.from('randomID', 'ascii'), }; /** @@ -316,5 +314,4 @@ const authenticatorFirstTimeUsed: AuthenticatorDevice = { 'wSisR0_4hlzw3Y1tj4uNwwifIhRa-ZxWJwWbnfror0pVK9qPdBPO5pW3gasPqn6wXHb0LNhXB_IrA1nFoSQJ9A', ), counter: 0, - userHandle: Buffer.from('randomID', 'ascii'), }; diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 3e14e8b..8ee599c 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -117,7 +117,7 @@ export type AuthenticatorDevice = { // Number of times this authenticator is expected to have been used counter: number; // The random Buffer generated as user.id in attestation options - userHandle: Buffer; + userHandle?: Buffer; // From browser's `startAttestation()` -> AttestationCredentialJSON.transports (API L2 and up) transports?: AuthenticatorTransport[]; // If desired, store the original value of response.attestationObject for later scrutiny -- cgit v1.2.3 From 6c01bca1797c9bb8f3fb03b5cdf6c67d7c5e7bdf Mon Sep 17 00:00:00 2001 From: Matthew Miller Date: Thu, 4 Feb 2021 10:17:17 -0800 Subject: Revert changes to AuthenticatorDevice type --- packages/typescript-types/src/index.ts | 4 ---- 1 file changed, 4 deletions(-) (limited to 'packages/typescript-types/src') diff --git a/packages/typescript-types/src/index.ts b/packages/typescript-types/src/index.ts index 8ee599c..8ba2297 100644 --- a/packages/typescript-types/src/index.ts +++ b/packages/typescript-types/src/index.ts @@ -116,12 +116,8 @@ export type AuthenticatorDevice = { credentialID: Buffer; // Number of times this authenticator is expected to have been used counter: number; - // The random Buffer generated as user.id in attestation options - userHandle?: Buffer; // From browser's `startAttestation()` -> AttestationCredentialJSON.transports (API L2 and up) transports?: AuthenticatorTransport[]; - // If desired, store the original value of response.attestationObject for later scrutiny - attestationObject?: Buffer; }; /** -- cgit v1.2.3