web_authn 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/VERSION +1 -1
  3. data/lib/web_authn/authenticator_data.rb +5 -3
  4. data/lib/web_authn/context/authentication.rb +15 -10
  5. data/lib/web_authn/context/registration.rb +8 -0
  6. data/lib/web_authn/context.rb +6 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 784513f8a1a80761ffa9558612eab5eacaef353b57b6776dcb5f0032f4419258
4
- data.tar.gz: a5c88010f0994e656368cc728e1adc275252df6f4e7bbc52ff66f077102789f9
2
+ SHA1:
3
+ metadata.gz: f927ccba375bfe84ed554363fbfed46e00de82ec
4
+ data.tar.gz: 1bd39fa9d390134bb1e454de1c416d42b48bce02
5
5
  SHA512:
6
- metadata.gz: bd1c7a275db5675cc95bb2f3c8bbda9316dbcdd16a4d8c20ba0f1deb6ff2cc9e9f7ccf6227cf8ffe40f6c8e6a0aef59bbb938ab7b9c2986ef8dd126e702cb3bf
7
- data.tar.gz: 10fcb7862d202e0e8b920386d5d07ec444690cd22e8c6a76bbf579d27cea92c0a856ade5d0dee951ebdce8654e7690ac3bccfef7c696f16e7d49377c997ac042
6
+ metadata.gz: 89142065e44b732f310c51405b50b93fbb22b5399897aee01e0912ea7b1ebf8612bae025e85703dbbc49ac29fc93fdfd74c1961178cb18dad08050389be9eaa1
7
+ data.tar.gz: 68277376ecc0fe3b03ed44b898e66235727381837d2ec001788555d18669229b94f98d99feb3822b5b839faf9e9ee575a3097fb910343526d1dbf49617d8e1d3
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.0.5
1
+ 0.0.6
data/lib/web_authn/authenticator_data.rb CHANGED
@@ -1,15 +1,16 @@
1
1
  module WebAuthn
2
2
  class AuthenticatorData
3
- attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data
3
+ attr_accessor :rp_id_hash, :flags, :sign_count, :attested_credential_data, :raw
4
4
 
5
5
  %i(credential_id public_key).each do |method|
6
6
  delegate method, to: :attested_credential_data, allow_nil: true
7
7
  end
8
8
 
9
- def initialize(rp_id_hash:, flags:, sign_count:, attested_credential_data: nil)
9
+ def initialize(rp_id_hash:, flags:, sign_count:, raw:, attested_credential_data: nil)
10
10
  self.rp_id_hash = rp_id_hash
11
11
  self.flags = flags
12
12
  self.sign_count = sign_count
13
+ self.raw = raw
13
14
  self.attested_credential_data = attested_credential_data
14
15
  end
15
16
 
@@ -37,7 +38,8 @@ module WebAuthn
37
38
  rp_id_hash: Base64.urlsafe_encode64(rp_id_hash, padding: false),
38
39
  flags: flags,
39
40
  sign_count: sign_count.unpack('N1').first,
40
- attested_credential_data: attested_credential_data
41
+ attested_credential_data: attested_credential_data,
42
+ raw: auth_data
41
43
  )
42
44
  end
43
45
  end
data/lib/web_authn/context/authentication.rb CHANGED
@@ -13,31 +13,36 @@ module WebAuthn
13
13
  end
14
14
 
15
15
  def verify!(encoded_authenticator_data, public_key:, sign_count:, signature:)
16
- raw_authenticator_data = Base64.urlsafe_decode64 encoded_authenticator_data
17
16
  self.authenticator_data = AuthenticatorData.decode(
18
- raw_authenticator_data
17
+ Base64.urlsafe_decode64 encoded_authenticator_data
19
18
  )
20
- verify_sign_count!(sign_count, authenticator_data.sign_count)
21
- verify_signature!(raw_authenticator_data, client_data_json.raw, public_key, signature)
19
+ verify_flags!
20
+ verify_sign_count!(sign_count)
21
+ verify_signature!(public_key, signature)
22
22
  self
23
23
  end
24
24
 
25
25
  private
26
26
 
27
- def verify_sign_count!(before, current)
28
- if before == 0 && current == 0
27
+ def verify_flags!
28
+ super
29
+ raise InvalidAssertion, 'Unexpected Flag: "at"' if flags.at?
30
+ end
31
+
32
+ def verify_sign_count!(before)
33
+ if before == 0 && sign_count == 0
29
34
  self # NOTE: no counter supported on the authenticator
30
- elsif before < current
35
+ elsif before < sign_count
31
36
  self
32
37
  else
33
38
  raise InvalidAssertion, 'Invalid Sign Count'
34
39
  end
35
40
  end
36
41
 
37
- def verify_signature!(raw_authenticator_data, raw_client_data_json, public_key, signature)
42
+ def verify_signature!(public_key, signature)
38
43
  signature_base_string = [
39
- raw_authenticator_data,
40
- OpenSSL::Digest::SHA256.digest(raw_client_data_json)
44
+ authenticator_data.raw,
45
+ OpenSSL::Digest::SHA256.digest(client_data_json.raw)
41
46
  ].join
42
47
  result = public_key.verify(
43
48
  OpenSSL::Digest::SHA256.new,
data/lib/web_authn/context/registration.rb CHANGED
@@ -16,8 +16,16 @@ module WebAuthn
16
16
  self.attestation_object = AttestationObject.decode(
17
17
  encoded_attestation_object
18
18
  )
19
+ verify_flags!
19
20
  self
20
21
  end
22
+
23
+ private
24
+
25
+ def verify_flags!
26
+ super
27
+ raise InvalidAssertion, 'Missing Flag: "at"' unless flags.at?
28
+ end
21
29
  end
22
30
  end
23
31
  end
data/lib/web_authn/context.rb CHANGED
@@ -24,6 +24,12 @@ module WebAuthn
24
24
  false
25
25
  end
26
26
 
27
+ def verify_flags!
28
+ unless flags.uv? || flags.up?
29
+ raise InvalidAssertion, 'Missing Flag: uv" nor "up"'
30
+ end
31
+ end
32
+
27
33
  class << self
28
34
  def for(encoded_client_data_json, origin:, challenge:)
29
35
  client_data_json = ClientDataJSON.decode encoded_client_data_json
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: web_authn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - nov matake
@@ -162,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
162
162
  version: '0'
163
163
  requirements: []
164
164
  rubyforge_project:
165
- rubygems_version: 2.7.6
165
+ rubygems_version: 2.6.11
166
166
  signing_key:
167
167
  specification_version: 4
168
168
  summary: W3C WebAuthn (a.k.a. FIDO2) RP library in Ruby