@simplewebauthn/server 3.0.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{assertion/generateAssertionOptions.d.ts → authentication/generateAuthenticationOptions.d.ts} +5 -5
- package/dist/{assertion/generateAssertionOptions.js → authentication/generateAuthenticationOptions.js} +6 -6
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -0
- package/dist/{assertion/verifyAssertionResponse.d.ts → authentication/verifyAuthenticationResponse.d.ts} +12 -12
- package/dist/{assertion/verifyAssertionResponse.js → authentication/verifyAuthenticationResponse.js} +13 -12
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -0
- package/dist/helpers/convertAAGUIDToString.js +1 -1
- package/dist/helpers/convertAAGUIDToString.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.d.ts +6 -0
- package/dist/helpers/{convertX509CertToPEM.js → convertCertBufferToPEM.js} +4 -4
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -0
- package/dist/helpers/decodeAttestationObject.d.ts +2 -10
- package/dist/helpers/decodeAttestationObject.js +0 -11
- package/dist/helpers/decodeAttestationObject.js.map +1 -1
- package/dist/helpers/decodeClientDataJSON.d.ts +1 -2
- package/dist/helpers/index.d.ts +23 -0
- package/dist/helpers/index.js +39 -0
- package/dist/helpers/index.js.map +1 -0
- package/dist/helpers/isCertRevoked.js +4 -2
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/logging.d.ts +16 -0
- package/dist/helpers/logging.js +27 -0
- package/dist/helpers/logging.js.map +1 -0
- package/dist/helpers/parseAuthenticatorData.js +13 -18
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/validateCertificatePath.d.ts +2 -1
- package/dist/helpers/validateCertificatePath.js +43 -4
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/index.d.ts +13 -11
- package/dist/index.js +12 -10
- package/dist/index.js.map +1 -1
- package/dist/metadata/mdsTypes.d.ts +207 -0
- package/dist/metadata/mdsTypes.js +3 -0
- package/dist/metadata/mdsTypes.js.map +1 -0
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +5 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +61 -27
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/{attestation/generateAttestationOptions.d.ts → registration/generateRegistrationOptions.d.ts} +2 -2
- package/dist/{attestation/generateAttestationOptions.js → registration/generateRegistrationOptions.js} +3 -3
- package/dist/registration/generateRegistrationOptions.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/constants.js +0 -0
- package/dist/registration/verifications/tpm/constants.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parseCertInfo.d.ts +0 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js +53 -0
- package/dist/registration/verifications/tpm/parseCertInfo.js.map +1 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.d.ts +0 -0
- package/dist/{attestation → registration}/verifications/tpm/parsePubArea.js +10 -19
- package/dist/registration/verifications/tpm/parsePubArea.js.map +1 -0
- package/dist/registration/verifications/tpm/verifyTPM.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/tpm/verifyTPM.js +14 -4
- package/dist/registration/verifications/tpm/verifyTPM.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidKey.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidKey.js +17 -12
- package/dist/registration/verifications/verifyAndroidKey.js.map +1 -0
- package/dist/registration/verifications/verifyAndroidSafetyNet.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyAndroidSafetyNet.js +6 -27
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +1 -0
- package/dist/registration/verifications/verifyApple.d.ts +2 -0
- package/dist/{attestation → registration}/verifications/verifyApple.js +3 -26
- package/dist/registration/verifications/verifyApple.js.map +1 -0
- package/dist/registration/verifications/verifyFIDOU2F.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyFIDOU2F.js +12 -4
- package/dist/registration/verifications/verifyFIDOU2F.js.map +1 -0
- package/dist/registration/verifications/verifyPacked.d.ts +5 -0
- package/dist/{attestation → registration}/verifications/verifyPacked.js +15 -7
- package/dist/registration/verifications/verifyPacked.js.map +1 -0
- package/dist/registration/verifyRegistrationResponse.d.ts +71 -0
- package/dist/{attestation/verifyAttestationResponse.js → registration/verifyRegistrationResponse.js} +56 -92
- package/dist/registration/verifyRegistrationResponse.js.map +1 -0
- package/dist/services/defaultRootCerts/android-key.d.ts +24 -0
- package/dist/services/defaultRootCerts/android-key.js +89 -0
- package/dist/services/defaultRootCerts/android-key.js.map +1 -0
- package/dist/services/defaultRootCerts/android-safetynet.d.ts +22 -0
- package/dist/services/defaultRootCerts/android-safetynet.js +69 -0
- package/dist/services/defaultRootCerts/android-safetynet.js.map +1 -0
- package/dist/services/defaultRootCerts/apple.d.ts +11 -0
- package/dist/services/defaultRootCerts/apple.js +29 -0
- package/dist/services/defaultRootCerts/apple.js.map +1 -0
- package/dist/services/defaultRootCerts/mds.d.ts +11 -0
- package/dist/services/defaultRootCerts/mds.js +36 -0
- package/dist/services/defaultRootCerts/mds.js.map +1 -0
- package/dist/services/metadataService.d.ts +54 -0
- package/dist/{metadata → services}/metadataService.js +90 -109
- package/dist/services/metadataService.js.map +1 -0
- package/dist/services/settingsService.d.ts +26 -0
- package/dist/services/settingsService.js +63 -0
- package/dist/services/settingsService.js.map +1 -0
- package/package.json +28 -12
- package/.env +0 -2
- package/dist/assertion/generateAssertionOptions.js.map +0 -1
- package/dist/assertion/verifyAssertionResponse.js.map +0 -1
- package/dist/attestation/generateAttestationOptions.js.map +0 -1
- package/dist/attestation/verifications/tpm/constants.js.map +0 -1
- package/dist/attestation/verifications/tpm/parseCertInfo.js +0 -65
- package/dist/attestation/verifications/tpm/parseCertInfo.js.map +0 -1
- package/dist/attestation/verifications/tpm/parsePubArea.js.map +0 -1
- package/dist/attestation/verifications/tpm/verifyTPM.d.ts +0 -11
- package/dist/attestation/verifications/tpm/verifyTPM.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidKey.d.ts +0 -11
- package/dist/attestation/verifications/verifyAndroidKey.js.map +0 -1
- package/dist/attestation/verifications/verifyAndroidSafetyNet.d.ts +0 -14
- package/dist/attestation/verifications/verifyAndroidSafetyNet.js.map +0 -1
- package/dist/attestation/verifications/verifyApple.d.ts +0 -10
- package/dist/attestation/verifications/verifyApple.js.map +0 -1
- package/dist/attestation/verifications/verifyFIDOU2F.d.ts +0 -15
- package/dist/attestation/verifications/verifyFIDOU2F.js.map +0 -1
- package/dist/attestation/verifications/verifyPacked.d.ts +0 -14
- package/dist/attestation/verifications/verifyPacked.js.map +0 -1
- package/dist/attestation/verifyAttestationResponse.d.ts +0 -56
- package/dist/attestation/verifyAttestationResponse.js.map +0 -1
- package/dist/helpers/constants.d.ts +0 -30
- package/dist/helpers/constants.js +0 -52
- package/dist/helpers/constants.js.map +0 -1
- package/dist/helpers/convertX509CertToPEM.d.ts +0 -6
- package/dist/helpers/convertX509CertToPEM.js.map +0 -1
- package/dist/metadata/metadataService.d.ts +0 -75
- package/dist/metadata/metadataService.js.map +0 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB
|
|
1
|
+
{"version":3,"file":"validateCertificatePath.js","sourceRoot":"","sources":["../../src/helpers/validateCertificatePath.ts"],"names":[],"mappings":";;;;;AAAA,sDAAsD;AACtD,qDAAqD;AACrD,kBAAkB;AAClB,yCAA4D;AAE5D,oEAA4C;AAE5C,MAAM,EAAE,MAAM,EAAE,GAAG,gBAAI,CAAC;AAExB;;;;GAIG;AACY,KAAK,UAAU,uBAAuB,CACnD,YAAsB,EACtB,mBAA6B,EAAE;IAE/B,IAAI,gBAAgB,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,kFAAkF;QAClF,0DAA0D;QAC1D,OAAO,IAAI,CAAC;KACb;IAED,IAAI,4BAA4B,GAAG,KAAK,CAAC;IACzC,KAAK,MAAM,QAAQ,IAAI,gBAAgB,EAAE;QACvC,IAAI;YACF,MAAM,aAAa,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;YACtD,MAAM,aAAa,CAAC,aAAa,CAAC,CAAC;YACnC,uEAAuE;YACvE,4BAA4B,GAAG,KAAK,CAAC;YACrC,MAAM;SACP;QAAC,OAAO,GAAG,EAAE;YACZ,IAAI,GAAG,YAAY,uBAAuB,EAAE;gBAC1C,4BAA4B,GAAG,IAAI,CAAC;aACrC;iBAAM;gBACL,MAAM,GAAG,CAAC;aACX;SACF;KACF;IAED,uDAAuD;IACvD,IAAI,4BAA4B,EAAE;QAChC,MAAM,IAAI,uBAAuB,EAAE,CAAC;KACrC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAjCD,0CAiCC;AAED,KAAK,UAAU,aAAa,CAAC,YAAsB;IACjD,IAAI,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,MAAM,EAAE;QACtD,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,wFAAwF;IACxF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE;QAC/C,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QAEnC,MAAM,WAAW,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC/B,WAAW,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAEpC,IAAI,SAAS,GAAG,EAAE,CAAC;QACnB,IAAI,CAAC,GAAG,CAAC,IAAI,YAAY,CAAC,MAAM,EAAE;YAChC,SAAS,GAAG,UAAU,CAAC;SACxB;aAAM;YACL,SAAS,GAAG,YAAY,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;SACjC;QAED,MAAM,UAAU,GAAG,IAAI,gBAAI,EAAE,CAAC;QAC9B,UAAU,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;QAElC,mCAAmC;QACnC,MAAM,kBAAkB,GAAG,MAAM,uBAAa,CAAC,WAAW,CAAC,CAAC;QAE5D,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,sEAAsE;QACtE,MAAM,SAAS,GAAG,sBAAU,CAAC,UAAU,CAAC,YAAY,EAAE,CAAC,CAAC;QACxD,MAAM,QAAQ,GAAG,sBAAU,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtD,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjC,IAAI,SAAS,GAAG,GAAG,IAAI,QAAQ,GAAG,GAAG,EAAE;YACrC,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;SACzE;QAED,IAAI,WAAW,CAAC,eAAe,EAAE,KAAK,UAAU,CAAC,gBAAgB,EAAE,EAAE;YACnE,MAAM,IAAI,uBAAuB,EAAE,CAAC;SACrC;QAED,MAAM,iBAAiB,GAAG,mBAAO,CAAC,YAAY,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,GAAG,GAAG,WAAW,CAAC,0BAA0B,EAAE,CAAC;QACrD,MAAM,YAAY,GAAG,WAAW,CAAC,oBAAoB,EAAE,CAAC;QAExD,MAAM,SAAS,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QAChD,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1B,SAAS,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAEvC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;SAChE;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,+CAA+C;AAC/C,MAAM,uBAAwB,SAAQ,KAAK;IACzC;QACE,MAAM,OAAO,GAAG,6CAA6C,CAAC;QAC9D,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,yBAAyB,CAAC;IACxC,CAAC;CACF"}
|
package/dist/index.d.ts
CHANGED
|
@@ -2,14 +2,16 @@
|
|
|
2
2
|
* @packageDocumentation
|
|
3
3
|
* @module @simplewebauthn/server
|
|
4
4
|
*/
|
|
5
|
-
import
|
|
6
|
-
import
|
|
7
|
-
import
|
|
8
|
-
import
|
|
9
|
-
import MetadataService from './
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
import type {
|
|
13
|
-
import type {
|
|
14
|
-
import type {
|
|
15
|
-
|
|
5
|
+
import generateRegistrationOptions from './registration/generateRegistrationOptions';
|
|
6
|
+
import verifyRegistrationResponse from './registration/verifyRegistrationResponse';
|
|
7
|
+
import generateAuthenticationOptions from './authentication/generateAuthenticationOptions';
|
|
8
|
+
import verifyAuthenticationResponse from './authentication/verifyAuthenticationResponse';
|
|
9
|
+
import MetadataService from './services/metadataService';
|
|
10
|
+
import SettingsService from './services/settingsService';
|
|
11
|
+
export { generateRegistrationOptions, verifyRegistrationResponse, generateAuthenticationOptions as generateAuthenticationOptions, verifyAuthenticationResponse, MetadataService, SettingsService, };
|
|
12
|
+
import type { GenerateRegistrationOptionsOpts } from './registration/generateRegistrationOptions';
|
|
13
|
+
import type { GenerateAuthenticationOptionsOpts } from './authentication/generateAuthenticationOptions';
|
|
14
|
+
import type { MetadataStatement } from './metadata/mdsTypes';
|
|
15
|
+
import type { VerifiedRegistrationResponse, VerifyRegistrationResponseOpts } from './registration/verifyRegistrationResponse';
|
|
16
|
+
import type { VerifiedAuthenticationResponse, VerifyAuthenticationResponseOpts } from './authentication/verifyAuthenticationResponse';
|
|
17
|
+
export type { GenerateRegistrationOptionsOpts, GenerateAuthenticationOptionsOpts, MetadataStatement, VerifyRegistrationResponseOpts, VerifyAuthenticationResponseOpts, VerifiedRegistrationResponse, VerifiedAuthenticationResponse, };
|
package/dist/index.js
CHANGED
|
@@ -3,19 +3,21 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.MetadataService = exports.
|
|
6
|
+
exports.SettingsService = exports.MetadataService = exports.verifyAuthenticationResponse = exports.generateAuthenticationOptions = exports.verifyRegistrationResponse = exports.generateRegistrationOptions = void 0;
|
|
7
7
|
/**
|
|
8
8
|
* @packageDocumentation
|
|
9
9
|
* @module @simplewebauthn/server
|
|
10
10
|
*/
|
|
11
|
-
const
|
|
12
|
-
exports.
|
|
13
|
-
const
|
|
14
|
-
exports.
|
|
15
|
-
const
|
|
16
|
-
exports.
|
|
17
|
-
const
|
|
18
|
-
exports.
|
|
19
|
-
const metadataService_1 = __importDefault(require("./
|
|
11
|
+
const generateRegistrationOptions_1 = __importDefault(require("./registration/generateRegistrationOptions"));
|
|
12
|
+
exports.generateRegistrationOptions = generateRegistrationOptions_1.default;
|
|
13
|
+
const verifyRegistrationResponse_1 = __importDefault(require("./registration/verifyRegistrationResponse"));
|
|
14
|
+
exports.verifyRegistrationResponse = verifyRegistrationResponse_1.default;
|
|
15
|
+
const generateAuthenticationOptions_1 = __importDefault(require("./authentication/generateAuthenticationOptions"));
|
|
16
|
+
exports.generateAuthenticationOptions = generateAuthenticationOptions_1.default;
|
|
17
|
+
const verifyAuthenticationResponse_1 = __importDefault(require("./authentication/verifyAuthenticationResponse"));
|
|
18
|
+
exports.verifyAuthenticationResponse = verifyAuthenticationResponse_1.default;
|
|
19
|
+
const metadataService_1 = __importDefault(require("./services/metadataService"));
|
|
20
20
|
exports.MetadataService = metadataService_1.default;
|
|
21
|
+
const settingsService_1 = __importDefault(require("./services/settingsService"));
|
|
22
|
+
exports.SettingsService = settingsService_1.default;
|
|
21
23
|
//# sourceMappingURL=index.js.map
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;AAAA;;;GAGG;AACH,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;AAAA;;;GAGG;AACH,6GAAqF;AAQnF,sCARK,qCAA2B,CAQL;AAP7B,2GAAmF;AAQjF,qCARK,oCAA0B,CAQL;AAP5B,mHAA2F;AAQxD,wCAR5B,uCAA6B,CAQ4B;AAPhE,iHAAyF;AAQvF,uCARK,sCAA4B,CAQL;AAP9B,iFAAyD;AAQvD,0BARK,yBAAe,CAQL;AAPjB,iFAAyD;AAQvD,0BARK,yBAAe,CAQL"}
|
|
@@ -0,0 +1,207 @@
|
|
|
1
|
+
import { Base64URLString } from '@simplewebauthn/typescript-types';
|
|
2
|
+
/**
|
|
3
|
+
* Metadata Service structures
|
|
4
|
+
* https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
|
|
5
|
+
*/
|
|
6
|
+
export declare type MDSJWTHeader = {
|
|
7
|
+
alg: string;
|
|
8
|
+
typ: string;
|
|
9
|
+
x5c: Base64URLString[];
|
|
10
|
+
};
|
|
11
|
+
export declare type MDSJWTPayload = {
|
|
12
|
+
legalHeader: string;
|
|
13
|
+
no: number;
|
|
14
|
+
nextUpdate: string;
|
|
15
|
+
entries: MetadataBLOBPayloadEntry[];
|
|
16
|
+
};
|
|
17
|
+
export declare type MetadataBLOBPayloadEntry = {
|
|
18
|
+
aaid?: string;
|
|
19
|
+
aaguid?: string;
|
|
20
|
+
attestationCertificateKeyIdentifiers?: string[];
|
|
21
|
+
metadataStatement?: MetadataStatement;
|
|
22
|
+
biometricStatusReports?: BiometricStatusReport[];
|
|
23
|
+
statusReports: StatusReport[];
|
|
24
|
+
timeOfLastStatusChange: string;
|
|
25
|
+
rogueListURL?: string;
|
|
26
|
+
rogueListHash?: string;
|
|
27
|
+
};
|
|
28
|
+
export declare type BiometricStatusReport = {
|
|
29
|
+
certLevel: number;
|
|
30
|
+
modality: UserVerify;
|
|
31
|
+
effectiveDate?: string;
|
|
32
|
+
certificationDescriptor?: string;
|
|
33
|
+
certificateNumber?: string;
|
|
34
|
+
certificationPolicyVersion?: string;
|
|
35
|
+
certificationRequirementsVersion?: string;
|
|
36
|
+
};
|
|
37
|
+
export declare type StatusReport = {
|
|
38
|
+
status: AuthenticatorStatus;
|
|
39
|
+
effectiveDate?: string;
|
|
40
|
+
authenticatorVersion?: number;
|
|
41
|
+
certificate?: string;
|
|
42
|
+
url?: string;
|
|
43
|
+
certificationDescriptor?: string;
|
|
44
|
+
certificateNumber?: string;
|
|
45
|
+
certificationPolicyVersion?: string;
|
|
46
|
+
certificationRequirementsVersion?: string;
|
|
47
|
+
};
|
|
48
|
+
export declare type AuthenticatorStatus = 'NOT_FIDO_CERTIFIED' | 'FIDO_CERTIFIED' | 'USER_VERIFICATION_BYPASS' | 'ATTESTATION_KEY_COMPROMISE' | 'USER_KEY_REMOTE_COMPROMISE' | 'USER_KEY_PHYSICAL_COMPROMISE' | 'UPDATE_AVAILABLE' | 'REVOKED' | 'SELF_ASSERTION_SUBMITTED' | 'FIDO_CERTIFIED_L1' | 'FIDO_CERTIFIED_L1plus' | 'FIDO_CERTIFIED_L2' | 'FIDO_CERTIFIED_L2plus' | 'FIDO_CERTIFIED_L3' | 'FIDO_CERTIFIED_L3plus';
|
|
49
|
+
/**
|
|
50
|
+
* Types defined in the FIDO Metadata Statement spec
|
|
51
|
+
*
|
|
52
|
+
* See https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html
|
|
53
|
+
*/
|
|
54
|
+
export declare type CodeAccuracyDescriptor = {
|
|
55
|
+
base: number;
|
|
56
|
+
minLength: number;
|
|
57
|
+
maxRetries?: number;
|
|
58
|
+
blockSlowdown?: number;
|
|
59
|
+
};
|
|
60
|
+
export declare type BiometricAccuracyDescriptor = {
|
|
61
|
+
selfAttestedFRR?: number;
|
|
62
|
+
selfAttestedFAR?: number;
|
|
63
|
+
maxTemplates?: number;
|
|
64
|
+
maxRetries?: number;
|
|
65
|
+
blockSlowdown?: number;
|
|
66
|
+
};
|
|
67
|
+
export declare type PatternAccuracyDescriptor = {
|
|
68
|
+
minComplexity: number;
|
|
69
|
+
maxRetries?: number;
|
|
70
|
+
blockSlowdown?: number;
|
|
71
|
+
};
|
|
72
|
+
export declare type VerificationMethodDescriptor = {
|
|
73
|
+
userVerificationMethod: UserVerify;
|
|
74
|
+
caDesc?: CodeAccuracyDescriptor;
|
|
75
|
+
baDesc?: BiometricAccuracyDescriptor;
|
|
76
|
+
paDesc?: PatternAccuracyDescriptor;
|
|
77
|
+
};
|
|
78
|
+
export declare type VerificationMethodANDCombinations = VerificationMethodDescriptor[];
|
|
79
|
+
export declare type rgbPaletteEntry = {
|
|
80
|
+
r: number;
|
|
81
|
+
g: number;
|
|
82
|
+
b: number;
|
|
83
|
+
};
|
|
84
|
+
export declare type DisplayPNGCharacteristicsDescriptor = {
|
|
85
|
+
width: number;
|
|
86
|
+
height: number;
|
|
87
|
+
bitDepth: number;
|
|
88
|
+
colorType: number;
|
|
89
|
+
compression: number;
|
|
90
|
+
filter: number;
|
|
91
|
+
interlace: number;
|
|
92
|
+
plte?: rgbPaletteEntry[];
|
|
93
|
+
};
|
|
94
|
+
export declare type EcdaaTrustAnchor = {
|
|
95
|
+
X: string;
|
|
96
|
+
Y: string;
|
|
97
|
+
c: string;
|
|
98
|
+
sx: string;
|
|
99
|
+
sy: string;
|
|
100
|
+
G1Curve: string;
|
|
101
|
+
};
|
|
102
|
+
export declare type ExtensionDescriptor = {
|
|
103
|
+
id: string;
|
|
104
|
+
tag?: number;
|
|
105
|
+
data?: string;
|
|
106
|
+
fail_if_unknown: boolean;
|
|
107
|
+
};
|
|
108
|
+
export declare type AlternativeDescriptions = {
|
|
109
|
+
[langCode: string]: string;
|
|
110
|
+
};
|
|
111
|
+
export declare type MetadataStatement = {
|
|
112
|
+
legalHeader?: string;
|
|
113
|
+
aaid?: string;
|
|
114
|
+
aaguid?: string;
|
|
115
|
+
attestationCertificateKeyIdentifiers?: string[];
|
|
116
|
+
description: string;
|
|
117
|
+
alternativeDescriptions?: AlternativeDescriptions;
|
|
118
|
+
authenticatorVersion: number;
|
|
119
|
+
protocolFamily: string;
|
|
120
|
+
schema: number;
|
|
121
|
+
upv: Version[];
|
|
122
|
+
authenticationAlgorithms: AlgSign[];
|
|
123
|
+
publicKeyAlgAndEncodings: AlgKey[];
|
|
124
|
+
attestationTypes: Attestation[];
|
|
125
|
+
userVerificationDetails: VerificationMethodANDCombinations[];
|
|
126
|
+
keyProtection: KeyProtection[];
|
|
127
|
+
isKeyRestricted?: boolean;
|
|
128
|
+
isFreshUserVerificationRequired?: boolean;
|
|
129
|
+
matcherProtection: MatcherProtection[];
|
|
130
|
+
cryptoStrength?: number;
|
|
131
|
+
attachmentHint?: AttachmentHint[];
|
|
132
|
+
tcDisplay: TransactionConfirmationDisplay[];
|
|
133
|
+
tcDisplayContentType?: string;
|
|
134
|
+
tcDisplayPNGCharacteristics?: DisplayPNGCharacteristicsDescriptor[];
|
|
135
|
+
attestationRootCertificates: string[];
|
|
136
|
+
ecdaaTrustAnchors?: EcdaaTrustAnchor[];
|
|
137
|
+
icon?: string;
|
|
138
|
+
supportedExtensions?: ExtensionDescriptor[];
|
|
139
|
+
authenticatorGetInfo?: AuthenticatorGetInfo;
|
|
140
|
+
};
|
|
141
|
+
/**
|
|
142
|
+
* Types declared in other specs
|
|
143
|
+
*/
|
|
144
|
+
/**
|
|
145
|
+
* USER_VERIFY
|
|
146
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#user-verification-methods
|
|
147
|
+
*/
|
|
148
|
+
export declare type UserVerify = 'presence_internal' | 'fingerprint_internal' | 'passcode_internal' | 'voiceprint_internal' | 'faceprint_internal' | 'location_internal' | 'eyeprint_internal' | 'pattern_internal' | 'handprint_internal' | 'passcode_external' | 'pattern_external' | 'none' | 'all';
|
|
149
|
+
/**
|
|
150
|
+
* ALG_SIGN
|
|
151
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
|
|
152
|
+
*/
|
|
153
|
+
export declare type AlgSign = 'secp256r1_ecdsa_sha256_raw' | 'secp256r1_ecdsa_sha256_der' | 'rsassa_pss_sha256_raw' | 'rsassa_pss_sha256_der' | 'secp256k1_ecdsa_sha256_raw' | 'secp256k1_ecdsa_sha256_der' | 'sm2_sm3_raw' | 'rsa_emsa_pkcs1_sha256_raw' | 'rsa_emsa_pkcs1_sha256_der' | 'rsassa_pss_sha384_raw' | 'rsassa_pss_sha256_raw' | 'rsassa_pkcsv15_sha256_raw' | 'rsassa_pkcsv15_sha384_raw' | 'rsassa_pkcsv15_sha512_raw' | 'rsassa_pkcsv15_sha1_raw' | 'secp384r1_ecdsa_sha384_raw' | 'secp512r1_ecdsa_sha256_raw' | 'ed25519_eddsa_sha512_raw';
|
|
154
|
+
/**
|
|
155
|
+
* ALG_KEY
|
|
156
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#public-key-representation-formats
|
|
157
|
+
*/
|
|
158
|
+
export declare type AlgKey = 'ecc_x962_raw' | 'ecc_x962_der' | 'rsa_2048_raw' | 'rsa_2048_der' | 'cose';
|
|
159
|
+
/**
|
|
160
|
+
* ATTESTATION
|
|
161
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authenticator-attestation-types
|
|
162
|
+
*/
|
|
163
|
+
export declare type Attestation = 'basic_full' | 'basic_surrogate' | 'ecdaa' | 'attca';
|
|
164
|
+
/**
|
|
165
|
+
* KEY_PROTECTION
|
|
166
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types
|
|
167
|
+
*/
|
|
168
|
+
export declare type KeyProtection = 'software' | 'hardware' | 'tee' | 'secure_element' | 'remote_handle';
|
|
169
|
+
/**
|
|
170
|
+
* MATCHER_PROTECTION
|
|
171
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types
|
|
172
|
+
*/
|
|
173
|
+
export declare type MatcherProtection = 'software' | 'tee' | 'on_chip';
|
|
174
|
+
/**
|
|
175
|
+
* ATTACHMENT_HINT
|
|
176
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authenticator-attachment-hints
|
|
177
|
+
*/
|
|
178
|
+
export declare type AttachmentHint = 'internal' | 'external' | 'wired' | 'wireless' | 'nfc' | 'bluetooth' | 'network' | 'ready' | 'wifi_direct';
|
|
179
|
+
/**
|
|
180
|
+
* TRANSACTION_CONFIRMATION_DISPLAY
|
|
181
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#transaction-confirmation-display-types
|
|
182
|
+
*/
|
|
183
|
+
export declare type TransactionConfirmationDisplay = 'any' | 'privileged_software' | 'tee' | 'hardware' | 'remote';
|
|
184
|
+
/**
|
|
185
|
+
* https://fidoalliance.org/specs/fido-uaf-v1.2-ps-20201020/fido-uaf-protocol-v1.2-ps-20201020.html#version-interface
|
|
186
|
+
*/
|
|
187
|
+
export declare type Version = {
|
|
188
|
+
major: number;
|
|
189
|
+
minor: number;
|
|
190
|
+
};
|
|
191
|
+
/**
|
|
192
|
+
* https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorGetInfoz
|
|
193
|
+
*/
|
|
194
|
+
export declare type AuthenticatorGetInfo = {
|
|
195
|
+
versions: ('FIDO_2_0' | 'U2F_V2')[];
|
|
196
|
+
extensions?: string[];
|
|
197
|
+
aaguid: string;
|
|
198
|
+
options?: {
|
|
199
|
+
plat?: boolean;
|
|
200
|
+
rk?: boolean;
|
|
201
|
+
clientPin?: boolean;
|
|
202
|
+
up?: boolean;
|
|
203
|
+
uv?: boolean;
|
|
204
|
+
};
|
|
205
|
+
maxMsgSize?: number;
|
|
206
|
+
pinProtocols?: number[];
|
|
207
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mdsTypes.js","sourceRoot":"","sources":["../../src/metadata/mdsTypes.ts"],"names":[],"mappings":""}
|
|
@@ -1,4 +1,8 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
import { Base64URLString } from '@simplewebauthn/typescript-types';
|
|
3
|
-
import { MetadataStatement } from '
|
|
3
|
+
import { MetadataStatement } from '../metadata/mdsTypes';
|
|
4
|
+
/**
|
|
5
|
+
* Match properties of the authenticator's attestation statement against expected values as
|
|
6
|
+
* registered with the FIDO Alliance Metadata Service
|
|
7
|
+
*/
|
|
4
8
|
export default function verifyAttestationWithMetadata(statement: MetadataStatement, alg: number, x5c: Buffer[] | Base64URLString[]): Promise<boolean>;
|
|
@@ -3,40 +3,74 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
const
|
|
7
|
-
const convertX509CertToPEM_1 = __importDefault(require("../helpers/convertX509CertToPEM"));
|
|
6
|
+
const convertCertBufferToPEM_1 = __importDefault(require("../helpers/convertCertBufferToPEM"));
|
|
8
7
|
const validateCertificatePath_1 = __importDefault(require("../helpers/validateCertificatePath"));
|
|
8
|
+
/**
|
|
9
|
+
* Match properties of the authenticator's attestation statement against expected values as
|
|
10
|
+
* registered with the FIDO Alliance Metadata Service
|
|
11
|
+
*/
|
|
9
12
|
async function verifyAttestationWithMetadata(statement, alg, x5c) {
|
|
10
|
-
// Make sure the alg in the attestation statement matches the
|
|
11
|
-
const
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
// Try to validate the chain with each metadata root cert until we find one that works
|
|
18
|
-
let foundValidPath = false;
|
|
19
|
-
for (const rootCert of statement.attestationRootCertificates) {
|
|
20
|
-
try {
|
|
21
|
-
// Push the root cert to the cert path and try to validate it
|
|
22
|
-
path.push(convertX509CertToPEM_1.default(rootCert));
|
|
23
|
-
foundValidPath = await validateCertificatePath_1.default(path);
|
|
24
|
-
}
|
|
25
|
-
catch (err) {
|
|
26
|
-
// Swallow the error for now
|
|
27
|
-
foundValidPath = false;
|
|
28
|
-
// Remove the root cert before we try again with another
|
|
29
|
-
path.splice(path.length - 1, 1);
|
|
30
|
-
}
|
|
31
|
-
// Don't continue if we've validated a full path
|
|
32
|
-
if (foundValidPath) {
|
|
33
|
-
break;
|
|
13
|
+
// Make sure the alg in the attestation statement matches one of the ones specified in metadata
|
|
14
|
+
const statementCOSEAlgs = new Set();
|
|
15
|
+
statement.authenticationAlgorithms.forEach(algSign => {
|
|
16
|
+
// Convert algSign string to { kty, alg, crv }
|
|
17
|
+
const algSignCOSEINFO = algSignToCOSEInfo(algSign);
|
|
18
|
+
if (algSignCOSEINFO) {
|
|
19
|
+
statementCOSEAlgs.add(algSignCOSEINFO.alg);
|
|
34
20
|
}
|
|
21
|
+
});
|
|
22
|
+
if (!statementCOSEAlgs.has(alg)) {
|
|
23
|
+
const debugAlgs = Array.from(statementCOSEAlgs).join(', ');
|
|
24
|
+
throw new Error(`Attestation alg "${alg}" did not match metadata auth algs [${debugAlgs}]`);
|
|
35
25
|
}
|
|
36
|
-
|
|
26
|
+
try {
|
|
27
|
+
await validateCertificatePath_1.default(x5c.map(convertCertBufferToPEM_1.default), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.default));
|
|
28
|
+
}
|
|
29
|
+
catch (err) {
|
|
37
30
|
throw new Error(`Could not validate certificate path with any metadata root certificates`);
|
|
38
31
|
}
|
|
39
32
|
return true;
|
|
40
33
|
}
|
|
41
34
|
exports.default = verifyAttestationWithMetadata;
|
|
35
|
+
/**
|
|
36
|
+
* Convert ALG_SIGN values to COSE info
|
|
37
|
+
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
|
|
38
|
+
*/
|
|
39
|
+
function algSignToCOSEInfo(algSign) {
|
|
40
|
+
switch (algSign) {
|
|
41
|
+
case 'secp256r1_ecdsa_sha256_raw':
|
|
42
|
+
case 'secp256r1_ecdsa_sha256_der':
|
|
43
|
+
return { kty: 2, alg: -7, crv: 1 };
|
|
44
|
+
case 'rsassa_pss_sha256_raw':
|
|
45
|
+
case 'rsassa_pss_sha256_der':
|
|
46
|
+
return { kty: 3, alg: -37 };
|
|
47
|
+
case 'secp256k1_ecdsa_sha256_raw':
|
|
48
|
+
case 'secp256k1_ecdsa_sha256_der':
|
|
49
|
+
return { kty: 2, alg: -7, crv: 8 };
|
|
50
|
+
case 'rsassa_pss_sha384_raw':
|
|
51
|
+
return { kty: 3, alg: -38 };
|
|
52
|
+
case 'rsassa_pkcsv15_sha256_raw':
|
|
53
|
+
return { kty: 3, alg: -257 };
|
|
54
|
+
case 'rsassa_pkcsv15_sha384_raw':
|
|
55
|
+
return { kty: 3, alg: -258 };
|
|
56
|
+
case 'rsassa_pkcsv15_sha512_raw':
|
|
57
|
+
return { kty: 3, alg: -259 };
|
|
58
|
+
case 'rsassa_pkcsv15_sha1_raw':
|
|
59
|
+
return { kty: 3, alg: -65535 };
|
|
60
|
+
case 'secp384r1_ecdsa_sha384_raw':
|
|
61
|
+
return { kty: 2, alg: -35, crv: 2 };
|
|
62
|
+
case 'secp512r1_ecdsa_sha256_raw':
|
|
63
|
+
return { kty: 2, alg: -36, crv: 3 };
|
|
64
|
+
case 'ed25519_eddsa_sha512_raw':
|
|
65
|
+
return { kty: 1, alg: -8, crv: 6 };
|
|
66
|
+
// TODO: COSE info in FIDO Registry v2.1 isn't readily available for these, these seem rare...
|
|
67
|
+
// case 'sm2_sm3_raw':
|
|
68
|
+
// return {};
|
|
69
|
+
// case 'rsa_emsa_pkcs1_sha256_raw':
|
|
70
|
+
// case 'rsa_emsa_pkcs1_sha256_der':
|
|
71
|
+
// return {};
|
|
72
|
+
default:
|
|
73
|
+
return undefined;
|
|
74
|
+
}
|
|
75
|
+
}
|
|
42
76
|
//# sourceMappingURL=verifyAttestationWithMetadata.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;;;AAGA,+FAAuE;AACvE,iGAAyE;AAEzE;;;GAGG;AACY,KAAK,UAAU,6BAA6B,CACzD,SAA4B,EAC5B,GAAW,EACX,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,iBAAiB,GAAgB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,iBAAiB,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE;QAC/B,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,uCAAuC,SAAS,GAAG,CAAC,CAAC;KAC7F;IAED,IAAI;QACF,MAAM,iCAAuB,CAC3B,GAAG,CAAC,GAAG,CAAC,gCAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,gCAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC5F;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AA/BD,gDA+BC;AAQD;;;GAGG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,8FAA8F;QAC9F,sBAAsB;QACtB,eAAe;QACf,oCAAoC;QACpC,oCAAoC;QACpC,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
import type { AttestationConveyancePreference, AuthenticationExtensionsClientInputs, AuthenticatorSelectionCriteria, COSEAlgorithmIdentifier, PublicKeyCredentialCreationOptionsJSON, PublicKeyCredentialDescriptor } from '@simplewebauthn/typescript-types';
|
|
3
|
-
export declare type
|
|
3
|
+
export declare type GenerateRegistrationOptionsOpts = {
|
|
4
4
|
rpName: string;
|
|
5
5
|
rpID: string;
|
|
6
6
|
userID: string;
|
|
@@ -41,4 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
|
|
|
41
41
|
* @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
|
|
42
42
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
43
43
|
*/
|
|
44
|
-
export default function
|
|
44
|
+
export default function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): PublicKeyCredentialCreationOptionsJSON;
|
|
@@ -70,7 +70,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
70
70
|
* @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
|
-
function
|
|
73
|
+
function generateRegistrationOptions(options) {
|
|
74
74
|
const { rpName, rpID, userID, userName, challenge = generateChallenge_1.default(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
@@ -113,5 +113,5 @@ function generateAttestationOptions(options) {
|
|
|
113
113
|
extensions,
|
|
114
114
|
};
|
|
115
115
|
}
|
|
116
|
-
exports.default =
|
|
117
|
-
//# sourceMappingURL=
|
|
116
|
+
exports.default = generateRegistrationOptions;
|
|
117
|
+
//# sourceMappingURL=generateRegistrationOptions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,qFAA6D;AAiB7D;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAwB,2BAA2B,CACjD,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,2BAAiB,EAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,8CA2DC"}
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":";;;AAAA,sDAAsD;AACzC,QAAA,MAAM,GAA8B;IAC/C,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,qBAAqB;IAC7B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,oBAAoB;CAC7B,CAAC;AAEW,QAAA,OAAO,GAA8B;IAChD,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,kBAAkB;IAClB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;CACtB,CAAC;AAEW,QAAA,aAAa,GAA8B;IACtD,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;CAC3B,CAAC;AAOW,QAAA,iBAAiB,GAAwC;IACpE,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,wBAAwB;QAC9B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,oBAAoB;QAC1B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,qBAAqB;QAC3B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,mBAAmB;QACzB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,MAAM;KACX;CACF,CAAC"}
|
|
File without changes
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const constants_1 = require("./constants");
|
|
4
|
+
/**
|
|
5
|
+
* Cut up a TPM attestation's certInfo into intelligible chunks
|
|
6
|
+
*/
|
|
7
|
+
function parseCertInfo(certInfo) {
|
|
8
|
+
let pointer = 0;
|
|
9
|
+
// Get a magic constant
|
|
10
|
+
const magic = certInfo.slice(pointer, (pointer += 4)).readUInt32BE(0);
|
|
11
|
+
// Determine the algorithm used for attestation
|
|
12
|
+
const typeBuffer = certInfo.slice(pointer, (pointer += 2));
|
|
13
|
+
const type = constants_1.TPM_ST[typeBuffer.readUInt16BE(0)];
|
|
14
|
+
// The name of a parent entity, can be ignored
|
|
15
|
+
const qualifiedSignerLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
16
|
+
const qualifiedSigner = certInfo.slice(pointer, (pointer += qualifiedSignerLength));
|
|
17
|
+
// Get the expected hash of `attsToBeSigned`
|
|
18
|
+
const extraDataLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
19
|
+
const extraData = certInfo.slice(pointer, (pointer += extraDataLength));
|
|
20
|
+
// Information about the TPM device's internal clock, can be ignored
|
|
21
|
+
const clockInfoBuffer = certInfo.slice(pointer, (pointer += 17));
|
|
22
|
+
const clockInfo = {
|
|
23
|
+
clock: clockInfoBuffer.slice(0, 8),
|
|
24
|
+
resetCount: clockInfoBuffer.slice(8, 12).readUInt32BE(0),
|
|
25
|
+
restartCount: clockInfoBuffer.slice(12, 16).readUInt32BE(0),
|
|
26
|
+
safe: !!clockInfoBuffer[16],
|
|
27
|
+
};
|
|
28
|
+
// TPM device firmware version
|
|
29
|
+
const firmwareVersion = certInfo.slice(pointer, (pointer += 8));
|
|
30
|
+
// Attested Name
|
|
31
|
+
const attestedNameLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
32
|
+
const attestedName = certInfo.slice(pointer, (pointer += attestedNameLength));
|
|
33
|
+
// Attested qualified name, can be ignored
|
|
34
|
+
const qualifiedNameLength = certInfo.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
35
|
+
const qualifiedName = certInfo.slice(pointer, (pointer += qualifiedNameLength));
|
|
36
|
+
const attested = {
|
|
37
|
+
nameAlg: constants_1.TPM_ALG[attestedName.slice(0, 2).readUInt16BE(0)],
|
|
38
|
+
nameAlgBuffer: attestedName.slice(0, 2),
|
|
39
|
+
name: attestedName,
|
|
40
|
+
qualifiedName,
|
|
41
|
+
};
|
|
42
|
+
return {
|
|
43
|
+
magic,
|
|
44
|
+
type,
|
|
45
|
+
qualifiedSigner,
|
|
46
|
+
extraData,
|
|
47
|
+
clockInfo,
|
|
48
|
+
firmwareVersion,
|
|
49
|
+
attested,
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
exports.default = parseCertInfo;
|
|
53
|
+
//# sourceMappingURL=parseCertInfo.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parseCertInfo.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":";;AAAA,2CAA8C;AAE9C;;GAEG;AACH,SAAwB,aAAa,CAAC,QAAgB;IACpD,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,uBAAuB;IACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAEtE,+CAA+C;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,kBAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,8CAA8C;IAC9C,MAAM,qBAAqB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtF,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,qBAAqB,CAAC,CAAC,CAAC;IAEpF,4CAA4C;IAC5C,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC,CAAC;IAExE,oEAAoE;IACpE,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG;QAChB,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAClC,UAAU,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACxD,YAAY,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC;KAC5B,CAAC;IAEF,8BAA8B;IAC9B,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhE,gBAAgB;IAChB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,kBAAkB,CAAC,CAAC,CAAC;IAE9E,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACpF,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,mBAAmB,CAAC,CAAC,CAAC;IAEhF,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE,mBAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1D,aAAa,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,EAAE,YAAY;QAClB,aAAa;KACd,CAAC;IAEF,OAAO;QACL,KAAK;QACL,IAAI;QACJ,eAAe;QACf,SAAS;QACT,SAAS;QACT,eAAe;QACf,QAAQ;KACT,CAAC;AACJ,CAAC;AAtDD,gCAsDC"}
|
|
File without changes
|
|
@@ -5,16 +5,13 @@ const constants_1 = require("./constants");
|
|
|
5
5
|
* Break apart a TPM attestation's pubArea buffer
|
|
6
6
|
*/
|
|
7
7
|
function parsePubArea(pubArea) {
|
|
8
|
-
let
|
|
9
|
-
const typeBuffer =
|
|
10
|
-
pubBuffer = pubBuffer.slice(2);
|
|
8
|
+
let pointer = 0;
|
|
9
|
+
const typeBuffer = pubArea.slice(pointer, (pointer += 2));
|
|
11
10
|
const type = constants_1.TPM_ALG[typeBuffer.readUInt16BE(0)];
|
|
12
|
-
const nameAlgBuffer =
|
|
13
|
-
pubBuffer = pubBuffer.slice(2);
|
|
11
|
+
const nameAlgBuffer = pubArea.slice(pointer, (pointer += 2));
|
|
14
12
|
const nameAlg = constants_1.TPM_ALG[nameAlgBuffer.readUInt16BE(0)];
|
|
15
13
|
// Get some authenticator attributes(?)
|
|
16
|
-
const objectAttributesInt =
|
|
17
|
-
pubBuffer = pubBuffer.slice(4);
|
|
14
|
+
const objectAttributesInt = pubArea.slice(pointer, (pointer += 4)).readUInt32BE(0);
|
|
18
15
|
const objectAttributes = {
|
|
19
16
|
fixedTPM: !!(objectAttributesInt & 1),
|
|
20
17
|
stClear: !!(objectAttributesInt & 2),
|
|
@@ -29,15 +26,12 @@ function parsePubArea(pubArea) {
|
|
|
29
26
|
signOrEncrypt: !!(objectAttributesInt & 131072),
|
|
30
27
|
};
|
|
31
28
|
// Slice out the authPolicy of dynamic length
|
|
32
|
-
const authPolicyLength =
|
|
33
|
-
|
|
34
|
-
const authPolicy = pubBuffer.slice(0, authPolicyLength);
|
|
35
|
-
pubBuffer = pubBuffer.slice(authPolicyLength);
|
|
29
|
+
const authPolicyLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
30
|
+
const authPolicy = pubArea.slice(pointer, (pointer += authPolicyLength));
|
|
36
31
|
// Extract additional curve params according to type
|
|
37
32
|
const parameters = {};
|
|
38
33
|
if (type === 'TPM_ALG_RSA') {
|
|
39
|
-
const rsaBuffer =
|
|
40
|
-
pubBuffer = pubBuffer.slice(10);
|
|
34
|
+
const rsaBuffer = pubArea.slice(pointer, (pointer += 10));
|
|
41
35
|
parameters.rsa = {
|
|
42
36
|
symmetric: constants_1.TPM_ALG[rsaBuffer.slice(0, 2).readUInt16BE(0)],
|
|
43
37
|
scheme: constants_1.TPM_ALG[rsaBuffer.slice(2, 4).readUInt16BE(0)],
|
|
@@ -46,8 +40,7 @@ function parsePubArea(pubArea) {
|
|
|
46
40
|
};
|
|
47
41
|
}
|
|
48
42
|
else if (type === 'TPM_ALG_ECC') {
|
|
49
|
-
const eccBuffer =
|
|
50
|
-
pubBuffer = pubBuffer.slice(8);
|
|
43
|
+
const eccBuffer = pubArea.slice(pointer, (pointer += 8));
|
|
51
44
|
parameters.ecc = {
|
|
52
45
|
symmetric: constants_1.TPM_ALG[eccBuffer.slice(0, 2).readUInt16BE(0)],
|
|
53
46
|
scheme: constants_1.TPM_ALG[eccBuffer.slice(2, 4).readUInt16BE(0)],
|
|
@@ -59,10 +52,8 @@ function parsePubArea(pubArea) {
|
|
|
59
52
|
throw new Error(`Unexpected type "${type}" (TPM)`);
|
|
60
53
|
}
|
|
61
54
|
// Slice out unique of dynamic length
|
|
62
|
-
const uniqueLength =
|
|
63
|
-
|
|
64
|
-
const unique = pubBuffer.slice(0, uniqueLength);
|
|
65
|
-
pubBuffer = pubBuffer.slice(uniqueLength);
|
|
55
|
+
const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
56
|
+
const unique = pubArea.slice(pointer, (pointer += uniqueLength));
|
|
66
57
|
return {
|
|
67
58
|
type,
|
|
68
59
|
nameAlg,
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"parsePubArea.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":";;AAAA,2CAAqD;AAErD;;GAEG;AACH,SAAwB,YAAY,CAAC,OAAe;IAClD,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,mBAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,mBAAO,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,uCAAuC;IACvC,MAAM,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,gBAAgB,GAAG;QACvB,QAAQ,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACpC,WAAW,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACxC,mBAAmB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QACjD,YAAY,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC1C,eAAe,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,GAAG,CAAC;QACnC,oBAAoB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,IAAI,CAAC;QACpD,UAAU,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAC3C,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QACxC,aAAa,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,MAAM,CAAC;KAChD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC,CAAC;IAEzE,oDAAoD;IACpD,MAAM,UAAU,GAAiD,EAAE,CAAC;IACpE,IAAI,IAAI,KAAK,aAAa,EAAE;QAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAE1D,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;YAC9C,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;SACjD,CAAC;KACH;SAAM,IAAI,IAAI,KAAK,aAAa,EAAE;QACjC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzD,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,yBAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7D,GAAG,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SACpD,CAAC;KACH;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,SAAS,CAAC,CAAC;KACpD;IAED,qCAAqC;IACrC,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC5E,MAAM,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,YAAY,CAAC,CAAC,CAAC;IAEjE,OAAO;QACL,IAAI;QACJ,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,UAAU;QACV,MAAM;KACP,CAAC;AACJ,CAAC;AAjED,+BAiEC"}
|