npm - @simplewebauthn/server - Versions diffs - 10.0.0 → 11.0.0-alpha3 - Mend

@simplewebauthn/server 10.0.0 → 11.0.0-alpha3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (348) hide show

package/esm/helpers/iso/isoCrypto/unwrapEC2Signature.js CHANGED Viewed

@@ -1,30 +1,73 @@
-import { AsnParser, ECDSASigValue } from '../../../deps.js';
+import { AsnParser } from '@peculiar/asn1-schema';
+import { ECDSASigValue } from '@peculiar/asn1-ecc';
+import { COSECRV } from '../../cose.js';
 import { isoUint8Array } from '../index.js';
 /**
  * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
  *
  * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
  */
-export function unwrapEC2Signature(signature) {
+export function unwrapEC2Signature(signature, crv) {
     const parsedSignature = AsnParser.parse(signature, ECDSASigValue);
-    let rBytes = new Uint8Array(parsedSignature.r);
-    let sBytes = new Uint8Array(parsedSignature.s);
-    if (shouldRemoveLeadingZero(rBytes)) {
-        rBytes = rBytes.slice(1);
-    }
-    if (shouldRemoveLeadingZero(sBytes)) {
-        sBytes = sBytes.slice(1);
-    }
-    const finalSignature = isoUint8Array.concat([rBytes, sBytes]);
+    const rBytes = new Uint8Array(parsedSignature.r);
+    const sBytes = new Uint8Array(parsedSignature.s);
+    const componentLength = getSignatureComponentLength(crv);
+    const rNormalizedBytes = toNormalizedBytes(rBytes, componentLength);
+    const sNormalizedBytes = toNormalizedBytes(sBytes, componentLength);
+    const finalSignature = isoUint8Array.concat([
+        rNormalizedBytes,
+        sNormalizedBytes,
+    ]);
     return finalSignature;
 }
 /**
- * Determine if the DER-specific `00` byte at the start of an ECDSA signature byte sequence
- * should be removed based on the following logic:
+ * The SubtleCrypto Web Crypto API expects ECDSA signatures with `r` and `s` values to be encoded
+ * to a specific length depending on the order of the curve. This function returns the expected
+ * byte-length for each of the `r` and `s` signature components.
+ *
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
+ */
+function getSignatureComponentLength(crv) {
+    switch (crv) {
+        case COSECRV.P256:
+            return 32;
+        case COSECRV.P384:
+            return 48;
+        case COSECRV.P521:
+            return 66;
+        default:
+            throw new Error(`Unexpected COSE crv value of ${crv} (EC2)`);
+    }
+}
+/**
+ * Converts the ASN.1 integer representation to bytes of a specific length `n`.
+ *
+ * DER encodes integers as big-endian byte arrays, with as small as possible representation and
+ * requires a leading `0` byte to disambiguate between negative and positive numbers. This means
+ * that `r` and `s` can potentially not be the expected byte-length that is needed by the
+ * SubtleCrypto Web Crypto API: if there are leading `0`s it can be shorter than expected, and if
+ * it has a leading `1` bit, it can be one byte longer.
  *
- * "If the leading byte is 0x0, and the the high order bit on the second byte is not set to 0,
- * then remove the leading 0x0 byte"
+ * See <https://www.itu.int/rec/T-REC-X.690-202102-I/en>
+ * See <https://www.w3.org/TR/WebCryptoAPI/#ecdsa-operations>
  */
-function shouldRemoveLeadingZero(bytes) {
-    return bytes[0] === 0x0 && (bytes[1] & (1 << 7)) !== 0;
+function toNormalizedBytes(bytes, componentLength) {
+    let normalizedBytes;
+    if (bytes.length < componentLength) {
+        // In case the bytes are shorter than expected, we need to pad it with leading `0`s.
+        normalizedBytes = new Uint8Array(componentLength);
+        normalizedBytes.set(bytes, componentLength - bytes.length);
+    }
+    else if (bytes.length === componentLength) {
+        normalizedBytes = bytes;
+    }
+    else if (bytes.length === componentLength + 1 && bytes[0] === 0 && (bytes[1] & 0x80) === 0x80) {
+        // The bytes contain a leading `0` to encode that the integer is positive. This leading `0`
+        // needs to be removed for compatibility with the SubtleCrypto Web Crypto API.
+        normalizedBytes = bytes.subarray(1);
+    }
+    else {
+        throw new Error(`Invalid signature component length ${bytes.length}, expected ${componentLength}`);
+    }
+    return normalizedBytes;
 }

package/esm/helpers/iso/isoCrypto/verify.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verify(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verify.d.ts.map

package/esm/helpers/iso/isoCrypto/verify.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,OAAO,EAEP,aAAa,EAKd,MAAM,eAAe,CAAC;AAMvB;;GAEG;AACH,wBAAgB,MAAM,CAAC,IAAI,EAAE;IAC3B,aAAa,EAAE,aAAa,CAAC;IAC7B,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CAyBnB"}

package/esm/helpers/iso/isoCrypto/verify.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { COSEKEYS, isCOSEPublicKeyEC2, isCOSEPublicKeyOKP, isCOSEPublicKeyRSA, } from '../../cose.js';
+import { COSEKEYS, isCOSECrv, isCOSEPublicKeyEC2, isCOSEPublicKeyOKP, isCOSEPublicKeyRSA, } from '../../cose.js';
 import { verifyEC2 } from './verifyEC2.js';
 import { verifyRSA } from './verifyRSA.js';
 import { verifyOKP } from './verifyOKP.js';
@@ -9,7 +9,11 @@ import { unwrapEC2Signature } from './unwrapEC2Signature.js';
 export function verify(opts) {
     const { cosePublicKey, signature, data, shaHashOverride } = opts;
     if (isCOSEPublicKeyEC2(cosePublicKey)) {
-        const unwrappedSignature = unwrapEC2Signature(signature);
+        const crv = cosePublicKey.get(COSEKEYS.crv);
+        if (!isCOSECrv(crv)) {
+            throw new Error(`unknown COSE curve ${crv}`);
+        }
+        const unwrappedSignature = unwrapEC2Signature(signature, crv);
         return verifyEC2({
             cosePublicKey,
             signature: unwrappedSignature,

package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verifyEC2(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyEC2.d.ts.map

package/esm/helpers/iso/isoCrypto/verifyEC2.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyEC2.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyEC2.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAqB,gBAAgB,EAAE,MAAM,eAAe,CAAC;AAO7E;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CA0EnB"}

package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ export declare function verifyOKP(opts: {
     signature: Uint8Array;
     data: Uint8Array;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyOKP.d.ts.map

package/esm/helpers/iso/isoCrypto/verifyOKP.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyOKP.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyOKP.ts"],"names":[],"mappings":"AAAA,OAAO,EAAqB,gBAAgB,EAAa,MAAM,eAAe,CAAC;AAM/E,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;CAClB,GAAG,OAAO,CAAC,OAAO,CAAC,CAyDnB"}

package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@ export declare function verifyRSA(opts: {
     data: Uint8Array;
     shaHashOverride?: COSEALG;
 }): Promise<boolean>;
+//# sourceMappingURL=verifyRSA.d.ts.map

package/esm/helpers/iso/isoCrypto/verifyRSA.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyRSA.d.ts","sourceRoot":"","sources":["../../../../src/helpers/iso/isoCrypto/verifyRSA.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAY,gBAAgB,EAAa,MAAM,eAAe,CAAC;AAO/E;;GAEG;AACH,wBAAsB,SAAS,CAAC,IAAI,EAAE;IACpC,aAAa,EAAE,gBAAgB,CAAC;IAChC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,eAAe,CAAC,EAAE,OAAO,CAAC;CAC3B,GAAG,OAAO,CAAC,OAAO,CAAC,CA2FnB"}

package/esm/helpers/iso/isoUint8Array.d.ts CHANGED Viewed

@@ -34,3 +34,4 @@ export declare function fromASCIIString(value: string): Uint8Array;
  * Prepare a DataView we can slice our way around in as we parse the bytes in a Uint8Array
  */
 export declare function toDataView(array: Uint8Array): DataView;
+//# sourceMappingURL=isoUint8Array.d.ts.map

package/esm/helpers/iso/isoUint8Array.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"isoUint8Array.d.ts","sourceRoot":"","sources":["../../../src/helpers/iso/isoUint8Array.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAMxE;AAED;;;;GAIG;AACH,wBAAgB,KAAK,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAK/C;AAED;;;;GAIG;AACH,wBAAgB,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAe/C;AAED;;GAEG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,GAAG,UAAU,CAYvD;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGtD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,UAAU,CAG7D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,UAAU,CAEzD;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,QAAQ,CAEtD"}

package/esm/helpers/logging.d.ts CHANGED Viewed

@@ -13,3 +13,4 @@
  * ```
  */
 export declare function getLogger(_name: string): (message: string, ..._rest: unknown[]) => void;
+//# sourceMappingURL=logging.d.ts.map

package/esm/helpers/logging.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"logging.d.ts","sourceRoot":"","sources":["../../src/helpers/logging.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,KAAK,IAAI,CAGvF"}

package/esm/helpers/logging.js CHANGED Viewed

@@ -1,4 +1,3 @@
-// import { debug, Debugger } from '../deps.ts';
 // const defaultLogger = debug('SimpleWebAuthn');
 /**
  * Generate an instance of a `debug` logger that extends off of the "simplewebauthn" namespace for

package/esm/helpers/mapX509SignatureAlgToCOSEAlg.d.ts CHANGED Viewed

@@ -6,3 +6,4 @@ import { COSEALG } from './cose.js';
  * - RSA OIDs: https://oidref.com/1.2.840.113549.1.1
  */
 export declare function mapX509SignatureAlgToCOSEAlg(signatureAlgorithm: string): COSEALG;
+//# sourceMappingURL=mapX509SignatureAlgToCOSEAlg.d.ts.map

package/esm/helpers/mapX509SignatureAlgToCOSEAlg.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mapX509SignatureAlgToCOSEAlg.d.ts","sourceRoot":"","sources":["../../src/helpers/mapX509SignatureAlgToCOSEAlg.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC;;;;;GAKG;AACH,wBAAgB,4BAA4B,CAC1C,kBAAkB,EAAE,MAAM,GACzB,OAAO,CAwBT"}

package/esm/helpers/matchExpectedRPID.d.ts CHANGED Viewed

@@ -5,3 +5,4 @@
  * Raises an `UnexpectedRPIDHash` error if no match is found
  */
 export declare function matchExpectedRPID(rpIDHash: Uint8Array, expectedRPIDs: string[]): Promise<string>;
+//# sourceMappingURL=matchExpectedRPID.d.ts.map

package/esm/helpers/matchExpectedRPID.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"matchExpectedRPID.d.ts","sourceRoot":"","sources":["../../src/helpers/matchExpectedRPID.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,UAAU,EACpB,aAAa,EAAE,MAAM,EAAE,GACtB,OAAO,CAAC,MAAM,CAAC,CA8BjB"}

package/esm/helpers/parseAuthenticatorData.d.ts CHANGED Viewed

@@ -26,3 +26,4 @@ export type ParsedAuthenticatorData = {
 export declare const _parseAuthenticatorDataInternals: {
     stubThis: (value: ParsedAuthenticatorData) => ParsedAuthenticatorData;
 };
+//# sourceMappingURL=parseAuthenticatorData.d.ts.map

package/esm/helpers/parseAuthenticatorData.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseAuthenticatorData.d.ts","sourceRoot":"","sources":["../../src/helpers/parseAuthenticatorData.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,4CAA4C,EAE7C,MAAM,oCAAoC,CAAC;AAI5C;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,UAAU,GACnB,uBAAuB,CAwHzB;AAED,MAAM,MAAM,uBAAuB,GAAG;IACpC,QAAQ,EAAE,UAAU,CAAC;IACrB,QAAQ,EAAE,UAAU,CAAC;IACrB,KAAK,EAAE;QACL,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,EAAE,EAAE,OAAO,CAAC;QACZ,QAAQ,EAAE,MAAM,CAAC;KAClB,CAAC;IACF,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,UAAU,CAAC;IACvB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,YAAY,CAAC,EAAE,UAAU,CAAC;IAC1B,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,cAAc,CAAC,EAAE,4CAA4C,CAAC;IAC9D,oBAAoB,CAAC,EAAE,UAAU,CAAC;CACnC,CAAC;AAGF,eAAO,MAAM,gCAAgC;sBACzB,uBAAuB;CAC1C,CAAC"}

package/esm/helpers/parseAuthenticatorData.js CHANGED Viewed

@@ -15,12 +15,12 @@ export function parseAuthenticatorData(authData) {
     // Bit positions can be referenced here:
     // https://www.w3.org/TR/webauthn-2/#flags
     const flags = {
-        up: !!(flagsInt & (1 << 0)),
-        uv: !!(flagsInt & (1 << 2)),
-        be: !!(flagsInt & (1 << 3)),
-        bs: !!(flagsInt & (1 << 4)),
-        at: !!(flagsInt & (1 << 6)),
-        ed: !!(flagsInt & (1 << 7)),
+        up: !!(flagsInt & (1 << 0)), // User Presence
+        uv: !!(flagsInt & (1 << 2)), // User Verified
+        be: !!(flagsInt & (1 << 3)), // Backup Eligibility
+        bs: !!(flagsInt & (1 << 4)), // Backup State
+        at: !!(flagsInt & (1 << 6)), // Attested Credential Data Present
+        ed: !!(flagsInt & (1 << 7)), // Extension Data Present
         flagsInt,
     };
     const counterBuf = authData.slice(pointer, pointer + 4);

package/esm/helpers/parseBackupFlags.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { CredentialDeviceType } from '../deps.js';
+import type { CredentialDeviceType } from '@simplewebauthn/types';
 /**
  * Make sense of Bits 3 and 4 in authenticator indicating:
  *
@@ -17,3 +17,4 @@ export declare function parseBackupFlags({ be, bs }: {
 export declare class InvalidBackupFlags extends Error {
     constructor(message: string);
 }
+//# sourceMappingURL=parseBackupFlags.d.ts.map

package/esm/helpers/parseBackupFlags.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseBackupFlags.d.ts","sourceRoot":"","sources":["../../src/helpers/parseBackupFlags.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAElE;;;;;;;GAOG;AACH,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,EAAE,EAAE,OAAO,CAAA;CAAE,GAAG;IAC1E,oBAAoB,EAAE,oBAAoB,CAAC;IAC3C,kBAAkB,EAAE,OAAO,CAAC;CAC7B,CAeA;AAED,qBAAa,kBAAmB,SAAQ,KAAK;gBAC/B,OAAO,EAAE,MAAM;CAI5B"}

package/esm/helpers/toHash.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@ import { COSEALG } from './cose.js';
  * SHA-256.
  */
 export declare function toHash(data: Uint8Array | string, algorithm?: COSEALG): Promise<Uint8Array>;
+//# sourceMappingURL=toHash.d.ts.map

package/esm/helpers/toHash.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"toHash.d.ts","sourceRoot":"","sources":["../../src/helpers/toHash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;;GAGG;AACH,wBAAgB,MAAM,CACpB,IAAI,EAAE,UAAU,GAAG,MAAM,EACzB,SAAS,GAAE,OAAY,GACtB,OAAO,CAAC,UAAU,CAAC,CAQrB"}

package/esm/helpers/validateCertificatePath.d.ts CHANGED Viewed

@@ -4,3 +4,4 @@
  * @param rootCertificates Possible root certificates to complete the path
  */
 export declare function validateCertificatePath(certificates: string[], rootCertificates?: string[]): Promise<boolean>;
+//# sourceMappingURL=validateCertificatePath.d.ts.map

package/esm/helpers/validateCertificatePath.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validateCertificatePath.d.ts","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":"AAQA;;;;GAIG;AACH,wBAAsB,uBAAuB,CAC3C,YAAY,EAAE,MAAM,EAAE,EACtB,gBAAgB,GAAE,MAAM,EAAO,GAC9B,OAAO,CAAC,OAAO,CAAC,CAuClB"}

package/esm/helpers/validateCertificatePath.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { AsnSerializer } from '../deps.js';
+import { AsnSerializer } from '@peculiar/asn1-schema';
 import { isCertRevoked } from './isCertRevoked.js';
 import { verifySignature } from './verifySignature.js';
 import { mapX509SignatureAlgToCOSEAlg } from './mapX509SignatureAlgToCOSEAlg.js';

package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import { Extensions } from '@peculiar/asn1-x509';
+/**
+ * Look for the id-fido-gen-ce-aaguid certificate extension. If it's present then check it against
+ * the attestation statement AAGUID.
+ */
+export declare function validateExtFIDOGenCEAAGUID(certExtensions: Extensions | undefined, aaguid: Uint8Array): boolean;
+//# sourceMappingURL=validateExtFIDOGenCEAAGUID.d.ts.map

package/esm/helpers/validateExtFIDOGenCEAAGUID.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"validateExtFIDOGenCEAAGUID.d.ts","sourceRoot":"","sources":["../../src/helpers/validateExtFIDOGenCEAAGUID.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAWjD;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,cAAc,EAAE,UAAU,GAAG,SAAS,EACtC,MAAM,EAAE,UAAU,GACjB,OAAO,CA6BT"}

package/esm/helpers/validateExtFIDOGenCEAAGUID.js ADDED Viewed

@@ -0,0 +1,34 @@
+import { AsnParser, OctetString } from '@peculiar/asn1-schema';
+import { isoUint8Array } from './iso/index.js';
+/**
+ * Attestation Certificate Extension OID: `id-fido-gen-ce-aaguid`
+ *
+ * Sourced from https://fidoalliance.org/specs/fido-v2.0-ps-20150904/fido-key-attestation-v2.0-ps-20150904.html#verifying-an-attestation-statement
+ */
+const id_fido_gen_ce_aaguid = '1.3.6.1.4.1.45724.1.1.4';
+/**
+ * Look for the id-fido-gen-ce-aaguid certificate extension. If it's present then check it against
+ * the attestation statement AAGUID.
+ */
+export function validateExtFIDOGenCEAAGUID(certExtensions, aaguid) {
+    // The certificate had no extensions so there's nothing to validate
+    if (!certExtensions) {
+        return true;
+    }
+    const extFIDOGenCEAAGUID = certExtensions.find((ext) => ext.extnID === id_fido_gen_ce_aaguid);
+    // The extension isn't present so there's nothing to validate
+    if (!extFIDOGenCEAAGUID) {
+        return true;
+    }
+    // Parse the extension value
+    const parsedExtFIDOGenCEAAGUID = AsnParser.parse(extFIDOGenCEAAGUID.extnValue, OctetString);
+    const extValue = new Uint8Array(parsedExtFIDOGenCEAAGUID.buffer);
+    // Compare the two values
+    const aaguidAndExtAreEqual = isoUint8Array.areEqual(aaguid, extValue);
+    if (!aaguidAndExtAreEqual) {
+        const _debugExtHex = isoUint8Array.toHex(extValue);
+        const _debugAAGUIDHex = isoUint8Array.toHex(aaguid);
+        throw new Error(`Certificate extension id-fido-gen-ce-aaguid (${id_fido_gen_ce_aaguid}) value of "${_debugExtHex}" was present but not equal to attestation statement AAGUID value of "${_debugAAGUIDHex}"`);
+    }
+    return true;
+}

package/esm/helpers/verifySignature.d.ts CHANGED Viewed

@@ -12,3 +12,4 @@ export declare function verifySignature(opts: {
 export declare const _verifySignatureInternals: {
     stubThis: (value: Promise<boolean>) => Promise<boolean>;
 };
+//# sourceMappingURL=verifySignature.d.ts.map

package/esm/helpers/verifySignature.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifySignature.d.ts","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAiB,MAAM,WAAW,CAAC;AAKnD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE;IACpC,SAAS,EAAE,UAAU,CAAC;IACtB,IAAI,EAAE,UAAU,CAAC;IACjB,mBAAmB,CAAC,EAAE,UAAU,CAAC;IACjC,eAAe,CAAC,EAAE,UAAU,CAAC;IAC7B,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,GAAG,OAAO,CAAC,OAAO,CAAC,CAmCnB;AAGD,eAAO,MAAM,yBAAyB;sBAClB,OAAO,CAAC,OAAO,CAAC;CACnC,CAAC"}

package/esm/index.d.ts CHANGED Viewed

@@ -15,3 +15,4 @@ import type { MetadataStatement } from './metadata/mdsTypes.js';
 import type { VerifiedRegistrationResponse, VerifyRegistrationResponseOpts } from './registration/verifyRegistrationResponse.js';
 import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse.js';
 export type { GenerateAuthenticationOptionsOpts, GenerateRegistrationOptionsOpts, MetadataStatement, VerifiedAuthenticationResponse, VerifiedRegistrationResponse, VerifyAuthenticationResponseOpts, VerifyRegistrationResponseOpts, };
+//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,2BAA2B,EAAE,MAAM,+CAA+C,CAAC;AAC5F,OAAO,EAAE,0BAA0B,EAAE,MAAM,8CAA8C,CAAC;AAC1F,OAAO,EAAE,6BAA6B,EAAE,MAAM,mDAAmD,CAAC;AAClG,OAAO,EAAE,4BAA4B,EAAE,MAAM,kDAAkD,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAChE,OAAO,EAAE,eAAe,EAAE,MAAM,+BAA+B,CAAC;AAEhE,OAAO,EACL,6BAA6B,EAC7B,2BAA2B,EAC3B,eAAe,EACf,eAAe,EACf,4BAA4B,EAC5B,0BAA0B,GAC3B,CAAC;AAEF,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+CAA+C,CAAC;AACrG,OAAO,KAAK,EAAE,iCAAiC,EAAE,MAAM,mDAAmD,CAAC;AAC3G,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAC;AAChE,OAAO,KAAK,EACV,4BAA4B,EAC5B,8BAA8B,EAC/B,MAAM,8CAA8C,CAAC;AACtD,OAAO,KAAK,EACV,8BAA8B,EAC9B,gCAAgC,EACjC,MAAM,kDAAkD,CAAC;AAE1D,YAAY,EACV,iCAAiC,EACjC,+BAA+B,EAC/B,iBAAiB,EACjB,8BAA8B,EAC9B,4BAA4B,EAC5B,gCAAgC,EAChC,8BAA8B,GAC/B,CAAC"}

package/esm/metadata/mdsTypes.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Base64URLString } from '../deps.js';
+import type { Base64URLString } from '@simplewebauthn/types';
 /**
  * Metadata Service structures
  * https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
@@ -214,3 +214,4 @@ export type AuthenticatorGetInfo = {
     }[];
 };
 export {};
+//# sourceMappingURL=mdsTypes.d.ts.map

package/esm/metadata/mdsTypes.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mdsTypes.d.ts","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D;;;GAGG;AACH,MAAM,MAAM,YAAY,GAAG;IACzB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,eAAe,EAAE,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,aAAa,GAAG;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,wBAAwB,EAAE,CAAC;CACrC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG;IACrC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,iBAAiB,CAAC,EAAE,iBAAiB,CAAC;IACtC,sBAAsB,CAAC,EAAE,qBAAqB,EAAE,CAAC;IACjD,aAAa,EAAE,YAAY,EAAE,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,qBAAqB,GAAG;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,UAAU,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,mBAAmB,CAAC;IAC5B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,uBAAuB,CAAC,EAAE,MAAM,CAAC;IACjC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,gCAAgC,CAAC,EAAE,MAAM,CAAC;CAC3C,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAC3B,oBAAoB,GACpB,gBAAgB,GAChB,0BAA0B,GAC1B,4BAA4B,GAC5B,4BAA4B,GAC5B,8BAA8B,GAC9B,kBAAkB,GAClB,SAAS,GACT,0BAA0B,GAC1B,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,GACvB,mBAAmB,GACnB,uBAAuB,CAAC;AAE5B;;;;GAIG;AACH,MAAM,MAAM,sBAAsB,GAAG;IACnC,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,2BAA2B,GAAG;IACxC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,yBAAyB,GAAG;IACtC,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,4BAA4B,GAAG;IACzC,sBAAsB,EAAE,UAAU,CAAC;IACnC,MAAM,CAAC,EAAE,sBAAsB,CAAC;IAChC,MAAM,CAAC,EAAE,2BAA2B,CAAC;IACrC,MAAM,CAAC,EAAE,yBAAyB,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,iCAAiC,GAAG,4BAA4B,EAAE,CAAC;AAE/E,MAAM,MAAM,eAAe,GAAG;IAC5B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,mCAAmC,GAAG;IAChD,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,eAAe,EAAE,CAAC;CAC1B,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAC7B,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC;IACX,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,OAAO,CAAC;CAC1B,CAAC;AAGF,MAAM,MAAM,uBAAuB,GAAG;IAAE,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAAA;CAAE,CAAC;AAErE,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,oCAAoC,CAAC,EAAE,MAAM,EAAE,CAAC;IAChD,WAAW,EAAE,MAAM,CAAC;IACpB,uBAAuB,CAAC,EAAE,uBAAuB,CAAC;IAClD,oBAAoB,EAAE,MAAM,CAAC;IAC7B,cAAc,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,OAAO,EAAE,CAAC;IACf,wBAAwB,EAAE,OAAO,EAAE,CAAC;IACpC,wBAAwB,EAAE,MAAM,EAAE,CAAC;IACnC,gBAAgB,EAAE,WAAW,EAAE,CAAC;IAChC,uBAAuB,EAAE,iCAAiC,EAAE,CAAC;IAC7D,aAAa,EAAE,aAAa,EAAE,CAAC;IAC/B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,+BAA+B,CAAC,EAAE,OAAO,CAAC;IAC1C,iBAAiB,EAAE,iBAAiB,EAAE,CAAC;IACvC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,cAAc,EAAE,CAAC;IAClC,SAAS,EAAE,8BAA8B,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,CAAC,EAAE,mCAAmC,EAAE,CAAC;IACpE,2BAA2B,EAAE,MAAM,EAAE,CAAC;IACtC,iBAAiB,CAAC,EAAE,gBAAgB,EAAE,CAAC;IACvC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,mBAAmB,CAAC,EAAE,mBAAmB,EAAE,CAAC;IAC5C,oBAAoB,CAAC,EAAE,oBAAoB,CAAC;CAC7C,CAAC;AAEF;;GAEG;AAEH;;;GAGG;AACH,MAAM,MAAM,UAAU,GAClB,mBAAmB,GACnB,sBAAsB,GACtB,mBAAmB,GACnB,qBAAqB,GACrB,oBAAoB,GACpB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,oBAAoB,GACpB,mBAAmB,GACnB,kBAAkB,GAClB,MAAM,GACN,KAAK,CAAC;AAEV;;;;;;GAMG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC;AAC7C,QAAA,MAAM,OAAO,wZAeH,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,MAAM,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,cAAc,GACd,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,WAAW,GACnB,YAAY,GACZ,iBAAiB,GACjB,OAAO,GACP,OAAO,GACP,QAAQ,GACR,MAAM,CAAC;AAEX;;;GAGG;AACH,MAAM,MAAM,aAAa,GACrB,UAAU,GACV,UAAU,GACV,KAAK,GACL,gBAAgB,GAChB,eAAe,CAAC;AAEpB;;;GAGG;AACH,MAAM,MAAM,iBAAiB,GAAG,UAAU,GAAG,KAAK,GAAG,SAAS,CAAC;AAE/D;;;GAGG;AACH,MAAM,MAAM,cAAc,GACtB,UAAU,GACV,UAAU,GACV,OAAO,GACP,UAAU,GACV,KAAK,GACL,WAAW,GACX,SAAS,GACT,OAAO,GACP,aAAa,CAAC;AAElB;;;GAGG;AACH,MAAM,MAAM,8BAA8B,GACtC,KAAK,GACL,qBAAqB,GACrB,KAAK,GACL,UAAU,GACV,QAAQ,CAAC;AAEb;;GAEG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf,CAAC;AAEF;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG;IACjC,QAAQ,EAAE,CAAC,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC;IACpC,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,EAAE,OAAO,CAAC;QACf,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,SAAS,CAAC,EAAE,OAAO,CAAC;QACpB,EAAE,CAAC,EAAE,OAAO,CAAC;QACb,EAAE,CAAC,EAAE,OAAO,CAAC;KACd,CAAC;IACF,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,EAAE,CAAC;IACxB,UAAU,CAAC,EAAE;QAAE,IAAI,EAAE,YAAY,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,EAAE,CAAC;CACpD,CAAC"}

package/esm/metadata/parseJWT.d.ts CHANGED Viewed

@@ -2,3 +2,4 @@
  * Process a JWT into Javascript-friendly data structures
  */
 export declare function parseJWT<T1, T2>(jwt: string): [T1, T2, string];
+//# sourceMappingURL=parseJWT.d.ts.map

package/esm/metadata/parseJWT.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"parseJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/parseJWT.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,MAAM,CAAC,CAO9D"}

package/esm/metadata/verifyAttestationWithMetadata.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { Base64URLString } from '../deps.js';
+import type { Base64URLString } from '@simplewebauthn/types';
 import type { AlgSign, MetadataStatement } from './mdsTypes.js';
 import { COSEALG, COSECRV, COSEKTY } from '../helpers/cose.js';
 /**
@@ -27,3 +27,4 @@ export declare const algSignToCOSEInfoMap: {
     [key in AlgSign]: COSEInfo;
 };
 export {};
+//# sourceMappingURL=verifyAttestationWithMetadata.d.ts.map

package/esm/metadata/verifyAttestationWithMetadata.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"verifyAttestationWithMetadata.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE7D,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAIhE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAY,OAAO,EAAsB,MAAM,oBAAoB,CAAC;AAE7F;;;GAGG;AACH,wBAAsB,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GACxB,EAAE;IACD,SAAS,EAAE,iBAAiB,CAAC;IAC7B,mBAAmB,EAAE,UAAU,CAAC;IAChC,GAAG,EAAE,UAAU,EAAE,GAAG,eAAe,EAAE,CAAC;IACtC,uBAAuB,CAAC,EAAE,MAAM,CAAC;CAClC,GAAG,OAAO,CAAC,OAAO,CAAC,CAoJnB;AAED,KAAK,QAAQ,GAAG;IACd,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oBAAoB,EAAE;KAAG,GAAG,IAAI,OAAO,GAAG,QAAQ;CAe9D,CAAC"}

package/esm/metadata/verifyJWT.d.ts CHANGED Viewed

@@ -8,3 +8,4 @@
  * (Pulled from https://www.rfc-editor.org/rfc/rfc7515#section-4.1.1)
  */
 export declare function verifyJWT(jwt: string, leafCert: Uint8Array): Promise<boolean>;
+//# sourceMappingURL=verifyJWT.d.ts.map

package/esm/metadata/verifyJWT.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyJWT.d.ts","sourceRoot":"","sources":["../../src/metadata/verifyJWT.ts"],"names":[],"mappings":"AAMA;;;;;;;;GAQG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,MAAM,EAAE,QAAQ,EAAE,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CA0B7E"}

package/esm/registration/generateRegistrationOptions.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '../deps.js';
+import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, AuthenticatorTransportFuture, Base64URLString, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON } from '@simplewebauthn/types';
 export type GenerateRegistrationOptionsOpts = {
     rpName: string;
     rpID: string;
@@ -41,3 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
  * @param supportedAlgorithmIDs **(Optional)** - Array of numeric COSE algorithm identifiers supported for attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms. Defaults to `[-8, -7, -257]`
  */
 export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): Promise<PublicKeyCredentialCreationOptionsJSON>;
+//# sourceMappingURL=generateRegistrationOptions.d.ts.map

package/esm/registration/generateRegistrationOptions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"generateRegistrationOptions.d.ts","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,+BAA+B,EAC/B,oCAAoC,EACpC,8BAA8B,EAC9B,4BAA4B,EAC5B,eAAe,EACf,uBAAuB,EACvB,sCAAsC,EAEvC,MAAM,uBAAuB,CAAC;AAM/B,MAAM,MAAM,+BAA+B,GAAG;IAC5C,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,CAAC,EAAE,UAAU,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,GAAG,UAAU,CAAC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,eAAe,CAAC,EAAE,+BAA+B,CAAC;IAClD,kBAAkB,CAAC,EAAE;QACnB,EAAE,EAAE,eAAe,CAAC;QACpB,UAAU,CAAC,EAAE,4BAA4B,EAAE,CAAC;KAC7C,EAAE,CAAC;IACJ,sBAAsB,CAAC,EAAE,8BAA8B,CAAC;IACxD,UAAU,CAAC,EAAE,oCAAoC,CAAC;IAClD,qBAAqB,CAAC,EAAE,uBAAuB,EAAE,CAAC;CACnD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,EAAE,uBAAuB,EAqBtE,CAAC;AAsBF;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,sCAAsC,CAAC,CAiHjD"}

package/esm/registration/verifications/tpm/constants.d.ts CHANGED Viewed

@@ -45,3 +45,4 @@ export declare const TPM_ECC_CURVE_COSE_CRV_MAP: {
     [key: string]: number;
 };
 export {};
+//# sourceMappingURL=constants.d.ts.map

package/esm/registration/verifications/tpm/constants.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":"AACA;;;;;;;;GAQG;AAEH;;GAEG;AACH,eAAO,MAAM,MAAM,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAkB3C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAsC5C,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,aAAa,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAUlD,CAAC;AAEF,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAA;CAiFhE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAAA;CAM/D,CAAC"}

package/esm/registration/verifications/tpm/constants.js CHANGED Viewed

@@ -109,6 +109,10 @@ export const TPM_MANUFACTURERS = {
         name: 'IBM',
         id: 'IBM',
     },
+    'id:49424D00': {
+        name: 'IBM',
+        id: 'IBM',
+    },
     'id:49465800': {
         name: 'Infineon',
         id: 'IFX',
@@ -174,9 +178,9 @@ export const TPM_MANUFACTURERS = {
  * Match TPM public area curve ID's to `crv` numbers used in COSE public keys
  */
 export const TPM_ECC_CURVE_COSE_CRV_MAP = {
-    TPM_ECC_NIST_P256: 1,
-    TPM_ECC_NIST_P384: 2,
-    TPM_ECC_NIST_P521: 3,
-    TPM_ECC_BN_P256: 1,
+    TPM_ECC_NIST_P256: 1, // p256
+    TPM_ECC_NIST_P384: 2, // p384
+    TPM_ECC_NIST_P521: 3, // p521
+    TPM_ECC_BN_P256: 1, // p256
     TPM_ECC_SM2_P256: 1, // p256
 };

package/esm/registration/verifications/tpm/parseCertInfo.d.ts CHANGED Viewed

@@ -22,3 +22,4 @@ type ParsedCertInfo = {
     };
 };
 export {};
+//# sourceMappingURL=parseCertInfo.d.ts.map

package/esm/registration/verifications/tpm/parseCertInfo.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parseCertInfo.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,wBAAgB,aAAa,CAAC,QAAQ,EAAE,UAAU,GAAG,cAAc,CAkElE;AAED,KAAK,cAAc,GAAG;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,eAAe,EAAE,UAAU,CAAC;IAC5B,SAAS,EAAE,UAAU,CAAC;IACtB,SAAS,EAAE;QACT,KAAK,EAAE,UAAU,CAAC;QAClB,UAAU,EAAE,MAAM,CAAC;QACnB,YAAY,EAAE,MAAM,CAAC;QACrB,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,eAAe,EAAE,UAAU,CAAC;IAC5B,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,aAAa,EAAE,UAAU,CAAC;QAC1B,IAAI,EAAE,UAAU,CAAC;QACjB,aAAa,EAAE,UAAU,CAAC;KAC3B,CAAC;CACH,CAAC"}

package/esm/registration/verifications/tpm/parsePubArea.d.ts CHANGED Viewed

@@ -41,3 +41,4 @@ type ECCParameters = {
     kdf: string;
 };
 export {};
+//# sourceMappingURL=parsePubArea.d.ts.map

package/esm/registration/verifications/tpm/parsePubArea.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"parsePubArea.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":"AAGA;;;;;GAKG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,UAAU,GAAG,aAAa,CAyG/D;AAED,KAAK,aAAa,GAAG;IACnB,IAAI,EAAE,aAAa,GAAG,aAAa,CAAC;IACpC,OAAO,EAAE,MAAM,CAAC;IAChB,gBAAgB,EAAE;QAChB,QAAQ,EAAE,OAAO,CAAC;QAClB,OAAO,EAAE,OAAO,CAAC;QACjB,WAAW,EAAE,OAAO,CAAC;QACrB,mBAAmB,EAAE,OAAO,CAAC;QAC7B,YAAY,EAAE,OAAO,CAAC;QACtB,eAAe,EAAE,OAAO,CAAC;QACzB,IAAI,EAAE,OAAO,CAAC;QACd,oBAAoB,EAAE,OAAO,CAAC;QAC9B,UAAU,EAAE,OAAO,CAAC;QACpB,OAAO,EAAE,OAAO,CAAC;QACjB,aAAa,EAAE,OAAO,CAAC;KACxB,CAAC;IACF,UAAU,EAAE,UAAU,CAAC;IACvB,UAAU,EAAE;QACV,GAAG,CAAC,EAAE,aAAa,CAAC;QACpB,GAAG,CAAC,EAAE,aAAa,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,UAAU,CAAC;CACpB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF,KAAK,aAAa,GAAG;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb,CAAC"}

package/esm/registration/verifications/tpm/verifyAttestationTPM.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 import type { AttestationFormatVerifierOpts } from '../../verifyRegistrationResponse.js';
 export declare function verifyAttestationTPM(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationTPM.d.ts.map

package/esm/registration/verifications/tpm/verifyAttestationTPM.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationTPM.d.ts","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":"AAUA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,qCAAqC,CAAC;AAuBzF,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA+VlB"}

package/esm/registration/verifications/tpm/verifyAttestationTPM.js CHANGED Viewed

@@ -1,4 +1,5 @@
-import { AsnParser, Certificate, ExtendedKeyUsage, id_ce_extKeyUsage, id_ce_subjectAltName, SubjectAlternativeName, } from '../../../deps.js';
+import { AsnParser } from '@peculiar/asn1-schema';
+import { Certificate, ExtendedKeyUsage, id_ce_extKeyUsage, id_ce_subjectAltName, SubjectAlternativeName, } from '@peculiar/asn1-x509';
 import { decodeCredentialPublicKey } from '../../../helpers/decodeCredentialPublicKey.js';
 import { COSEALG, COSEKEYS, isCOSEAlg, isCOSEPublicKeyEC2, isCOSEPublicKeyRSA, } from '../../../helpers/cose.js';
 import { toHash } from '../../../helpers/toHash.js';
@@ -7,6 +8,7 @@ import { validateCertificatePath } from '../../../helpers/validateCertificatePat
 import { getCertificateInfo } from '../../../helpers/getCertificateInfo.js';
 import { verifySignature } from '../../../helpers/verifySignature.js';
 import { isoUint8Array } from '../../../helpers/iso/index.js';
+import { validateExtFIDOGenCEAAGUID } from '../../../helpers/validateExtFIDOGenCEAAGUID.js';
 import { MetadataService } from '../../../services/metadataService.js';
 import { verifyAttestationWithMetadata } from '../../../metadata/verifyAttestationWithMetadata.js';
 import { TPM_ECC_CURVE_COSE_CRV_MAP, TPM_MANUFACTURERS } from './constants.js';
@@ -206,8 +208,14 @@ export async function verifyAttestationTPM(options) {
     if (extKeyUsage[0] !== '2.23.133.8.3') {
         throw new Error(`Unexpected extKeyUsage "${extKeyUsage[0]}", expected "2.23.133.8.3" (TPM)`);
     }
-    // TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
-    // that it’s value is set to the same AAGUID as in authData.
+    // Validate attestation statement AAGUID against leaf cert AAGUID
+    try {
+        await validateExtFIDOGenCEAAGUID(parsedCert.tbsCertificate.extensions, aaguid);
+    }
+    catch (err) {
+        const _err = err;
+        throw new Error(`${_err.message} (TPM)`);
+    }
     // Run some metadata checks if a statement exists for this authenticator
     const statement = await MetadataService.getStatement(aaguid);
     if (statement) {

package/esm/registration/verifications/verifyAttestationAndroidKey.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
  * Verify an attestation response with fmt 'android-key'
  */
 export declare function verifyAttestationAndroidKey(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationAndroidKey.d.ts.map

package/esm/registration/verifications/verifyAttestationAndroidKey.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationAndroidKey.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidKey.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAUtF;;GAEG;AACH,wBAAsB,2BAA2B,CAC/C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA+HlB"}

package/esm/registration/verifications/verifyAttestationAndroidKey.js CHANGED Viewed

@@ -1,4 +1,6 @@
-import { AsnParser, Certificate, id_ce_keyDescription, KeyDescription } from '../../deps.js';
+import { AsnParser } from '@peculiar/asn1-schema';
+import { Certificate } from '@peculiar/asn1-x509';
+import { id_ce_keyDescription, KeyDescription } from '@peculiar/asn1-android';
 import { convertCertBufferToPEM } from '../../helpers/convertCertBufferToPEM.js';
 import { validateCertificatePath } from '../../helpers/validateCertificatePath.js';
 import { verifySignature } from '../../helpers/verifySignature.js';

package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
  * Verify an attestation response with fmt 'android-safetynet'
  */
 export declare function verifyAttestationAndroidSafetyNet(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationAndroidSafetyNet.d.ts.map

package/esm/registration/verifications/verifyAttestationAndroidSafetyNet.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationAndroidSafetyNet.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAWtF;;GAEG;AACH,wBAAsB,iCAAiC,CACrD,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA2IlB"}

package/esm/registration/verifications/verifyAttestationApple.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
 import type { AttestationFormatVerifierOpts } from '../verifyRegistrationResponse.js';
 export declare function verifyAttestationApple(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationApple.d.ts.map

package/esm/registration/verifications/verifyAttestationApple.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationApple.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationApple.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAOtF,wBAAsB,sBAAsB,CAC1C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA6ElB"}

package/esm/registration/verifications/verifyAttestationApple.js CHANGED Viewed

@@ -1,4 +1,5 @@
-import { AsnParser, Certificate } from '../../deps.js';
+import { AsnParser } from '@peculiar/asn1-schema';
+import { Certificate } from '@peculiar/asn1-x509';
 import { validateCertificatePath } from '../../helpers/validateCertificatePath.js';
 import { convertCertBufferToPEM } from '../../helpers/convertCertBufferToPEM.js';
 import { toHash } from '../../helpers/toHash.js';

package/esm/registration/verifications/verifyAttestationFIDOU2F.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
  * Verify an attestation response with fmt 'fido-u2f'
  */
 export declare function verifyAttestationFIDOU2F(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationFIDOU2F.d.ts.map

package/esm/registration/verifications/verifyAttestationFIDOU2F.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationFIDOU2F.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationFIDOU2F.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAStF;;GAEG;AACH,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CA4DlB"}

package/esm/registration/verifications/verifyAttestationPacked.d.ts CHANGED Viewed

@@ -3,3 +3,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
  * Verify an attestation response with fmt 'packed'
  */
 export declare function verifyAttestationPacked(options: AttestationFormatVerifierOpts): Promise<boolean>;
+//# sourceMappingURL=verifyAttestationPacked.d.ts.map

package/esm/registration/verifications/verifyAttestationPacked.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"verifyAttestationPacked.d.ts","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationPacked.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,6BAA6B,EAAE,MAAM,kCAAkC,CAAC;AAYtF;;GAEG;AACH,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,6BAA6B,GACrC,OAAO,CAAC,OAAO,CAAC,CAyJlB"}