@simplewebauthn/server 5.3.0 → 5.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/generateAuthenticationOptions.d.ts +1 -1
- package/dist/authentication/generateAuthenticationOptions.js +4 -3
- package/dist/authentication/generateAuthenticationOptions.js.map +1 -1
- package/dist/authentication/verifyAuthenticationResponse.d.ts +5 -1
- package/dist/authentication/verifyAuthenticationResponse.js +19 -17
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertAAGUIDToString.d.ts +1 -1
- package/dist/helpers/convertAAGUIDToString.js +2 -1
- package/dist/helpers/convertAAGUIDToString.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.d.ts +1 -1
- package/dist/helpers/convertCOSEtoPKCS.js +2 -2
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.d.ts +1 -1
- package/dist/helpers/convertCertBufferToPEM.js +2 -1
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -1
- package/dist/helpers/convertPublicKeyToPEM.d.ts +1 -1
- package/dist/helpers/convertPublicKeyToPEM.js +2 -1
- package/dist/helpers/convertPublicKeyToPEM.js.map +1 -1
- package/dist/helpers/decodeAttestationObject.d.ts +1 -1
- package/dist/helpers/decodeAttestationObject.js +2 -1
- package/dist/helpers/decodeAttestationObject.js.map +1 -1
- package/dist/helpers/decodeAuthenticatorExtensions.d.ts +20 -0
- package/dist/helpers/decodeAuthenticatorExtensions.js +25 -0
- package/dist/helpers/decodeAuthenticatorExtensions.js.map +1 -0
- package/dist/helpers/decodeClientDataJSON.d.ts +1 -1
- package/dist/helpers/decodeClientDataJSON.js +2 -1
- package/dist/helpers/decodeClientDataJSON.js.map +1 -1
- package/dist/helpers/decodeCredentialPublicKey.d.ts +1 -1
- package/dist/helpers/decodeCredentialPublicKey.js +2 -1
- package/dist/helpers/decodeCredentialPublicKey.js.map +1 -1
- package/dist/helpers/generateChallenge.d.ts +1 -1
- package/dist/helpers/generateChallenge.js +2 -1
- package/dist/helpers/generateChallenge.js.map +1 -1
- package/dist/helpers/getCertificateInfo.d.ts +1 -1
- package/dist/helpers/getCertificateInfo.js +2 -1
- package/dist/helpers/getCertificateInfo.js.map +1 -1
- package/dist/helpers/index.d.ts +15 -15
- package/dist/helpers/index.js +30 -33
- package/dist/helpers/index.js.map +1 -1
- package/dist/helpers/isBase64URLString.d.ts +1 -1
- package/dist/helpers/isBase64URLString.js +2 -1
- package/dist/helpers/isBase64URLString.js.map +1 -1
- package/dist/helpers/isCertRevoked.d.ts +1 -1
- package/dist/helpers/isCertRevoked.js +4 -3
- package/dist/helpers/isCertRevoked.js.map +1 -1
- package/dist/helpers/parseAuthenticatorData.d.ts +3 -1
- package/dist/helpers/parseAuthenticatorData.js +12 -7
- package/dist/helpers/parseAuthenticatorData.js.map +1 -1
- package/dist/helpers/parseBackupFlags.js.map +1 -1
- package/dist/helpers/toHash.d.ts +1 -1
- package/dist/helpers/toHash.js +2 -1
- package/dist/helpers/toHash.js.map +1 -1
- package/dist/helpers/validateCertificatePath.d.ts +1 -1
- package/dist/helpers/validateCertificatePath.js +4 -6
- package/dist/helpers/validateCertificatePath.js.map +1 -1
- package/dist/helpers/verifySignature.d.ts +1 -1
- package/dist/helpers/verifySignature.js +2 -1
- package/dist/helpers/verifySignature.js.map +1 -1
- package/dist/index.d.ts +6 -6
- package/dist/index.js +12 -15
- package/dist/index.js.map +1 -1
- package/dist/metadata/parseJWT.d.ts +1 -1
- package/dist/metadata/parseJWT.js +2 -1
- package/dist/metadata/parseJWT.js.map +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +1 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +30 -18
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/generateRegistrationOptions.d.ts +1 -1
- package/dist/registration/generateRegistrationOptions.js +4 -4
- package/dist/registration/generateRegistrationOptions.js.map +1 -1
- package/dist/registration/verifications/tpm/constants.d.ts +30 -0
- package/dist/registration/verifications/tpm/constants.js +36 -2
- package/dist/registration/verifications/tpm/constants.js.map +1 -1
- package/dist/registration/verifications/tpm/parseCertInfo.d.ts +1 -1
- package/dist/registration/verifications/tpm/parseCertInfo.js +2 -1
- package/dist/registration/verifications/tpm/parseCertInfo.js.map +1 -1
- package/dist/registration/verifications/tpm/parsePubArea.d.ts +4 -1
- package/dist/registration/verifications/tpm/parsePubArea.js +23 -4
- package/dist/registration/verifications/tpm/parsePubArea.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyAttestationTPM.d.ts +2 -0
- package/dist/registration/verifications/tpm/{verifyTPM.js → verifyAttestationTPM.js} +28 -34
- package/dist/registration/verifications/tpm/verifyAttestationTPM.js.map +1 -0
- package/dist/registration/verifications/{verifyAndroidKey.d.ts → verifyAttestationAndroidKey.d.ts} +1 -1
- package/dist/registration/verifications/{verifyAndroidKey.js → verifyAttestationAndroidKey.js} +15 -40
- package/dist/registration/verifications/verifyAttestationAndroidKey.js.map +1 -0
- package/dist/registration/verifications/{verifyAndroidSafetyNet.d.ts → verifyAttestationAndroidSafetyNet.d.ts} +1 -1
- package/dist/registration/verifications/{verifyAndroidSafetyNet.js → verifyAttestationAndroidSafetyNet.js} +17 -16
- package/dist/registration/verifications/verifyAttestationAndroidSafetyNet.js.map +1 -0
- package/dist/registration/verifications/verifyAttestationApple.d.ts +2 -0
- package/dist/registration/verifications/{verifyApple.js → verifyAttestationApple.js} +11 -13
- package/dist/registration/verifications/verifyAttestationApple.js.map +1 -0
- package/dist/registration/verifications/{verifyFIDOU2F.d.ts → verifyAttestationFIDOU2F.d.ts} +1 -1
- package/dist/registration/verifications/{verifyFIDOU2F.js → verifyAttestationFIDOU2F.js} +11 -13
- package/dist/registration/verifications/verifyAttestationFIDOU2F.js.map +1 -0
- package/dist/registration/verifications/{verifyPacked.d.ts → verifyAttestationPacked.d.ts} +1 -1
- package/dist/registration/verifications/{verifyPacked.js → verifyAttestationPacked.js} +22 -44
- package/dist/registration/verifications/verifyAttestationPacked.js.map +1 -0
- package/dist/registration/verifyRegistrationResponse.d.ts +6 -2
- package/dist/registration/verifyRegistrationResponse.js +32 -30
- package/dist/registration/verifyRegistrationResponse.js.map +1 -1
- package/dist/services/metadataService.d.ts +2 -2
- package/dist/services/metadataService.js +13 -14
- package/dist/services/metadataService.js.map +1 -1
- package/dist/services/settingsService.d.ts +3 -3
- package/dist/services/settingsService.js +9 -12
- package/dist/services/settingsService.js.map +1 -1
- package/package.json +3 -3
- package/dist/registration/verifications/tpm/verifyTPM.d.ts +0 -2
- package/dist/registration/verifications/tpm/verifyTPM.js.map +0 -1
- package/dist/registration/verifications/verifyAndroidKey.js.map +0 -1
- package/dist/registration/verifications/verifyAndroidSafetyNet.js.map +0 -1
- package/dist/registration/verifications/verifyApple.d.ts +0 -2
- package/dist/registration/verifications/verifyApple.js.map +0 -1
- package/dist/registration/verifications/verifyFIDOU2F.js.map +0 -1
- package/dist/registration/verifications/verifyPacked.js.map +0 -1
|
@@ -41,4 +41,4 @@ export declare const supportedCOSEAlgorithmIdentifiers: COSEAlgorithmIdentifier[
|
|
|
41
41
|
* @param supportedAlgorithmIDs Array of numeric COSE algorithm identifiers supported for
|
|
42
42
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
43
43
|
*/
|
|
44
|
-
export
|
|
44
|
+
export declare function generateRegistrationOptions(options: GenerateRegistrationOptionsOpts): PublicKeyCredentialCreationOptionsJSON;
|
|
@@ -3,9 +3,9 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
3
3
|
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
4
|
};
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
exports.supportedCOSEAlgorithmIdentifiers = void 0;
|
|
6
|
+
exports.generateRegistrationOptions = exports.supportedCOSEAlgorithmIdentifiers = void 0;
|
|
7
7
|
const base64url_1 = __importDefault(require("base64url"));
|
|
8
|
-
const generateChallenge_1 =
|
|
8
|
+
const generateChallenge_1 = require("../helpers/generateChallenge");
|
|
9
9
|
/**
|
|
10
10
|
* Supported crypto algo identifiers
|
|
11
11
|
* See https://w3c.github.io/webauthn/#sctn-alg-identifier
|
|
@@ -71,7 +71,7 @@ const defaultSupportedAlgorithmIDs = exports.supportedCOSEAlgorithmIdentifiers.f
|
|
|
71
71
|
* attestation by this RP. See https://www.iana.org/assignments/cose/cose.xhtml#algorithms
|
|
72
72
|
*/
|
|
73
73
|
function generateRegistrationOptions(options) {
|
|
74
|
-
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.
|
|
74
|
+
const { rpName, rpID, userID, userName, challenge = (0, generateChallenge_1.generateChallenge)(), userDisplayName = userName, timeout = 60000, attestationType = 'none', excludeCredentials = [], authenticatorSelection = defaultAuthenticatorSelection, extensions, supportedAlgorithmIDs = defaultSupportedAlgorithmIDs, } = options;
|
|
75
75
|
/**
|
|
76
76
|
* Prepare pubKeyCredParams from the array of algorithm ID's
|
|
77
77
|
*/
|
|
@@ -113,5 +113,5 @@ function generateRegistrationOptions(options) {
|
|
|
113
113
|
extensions,
|
|
114
114
|
};
|
|
115
115
|
}
|
|
116
|
-
exports.
|
|
116
|
+
exports.generateRegistrationOptions = generateRegistrationOptions;
|
|
117
117
|
//# sourceMappingURL=generateRegistrationOptions.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,
|
|
1
|
+
{"version":3,"file":"generateRegistrationOptions.js","sourceRoot":"","sources":["../../src/registration/generateRegistrationOptions.ts"],"names":[],"mappings":";;;;;;AASA,0DAAkC;AAElC,oEAAiE;AAiBjE;;;;GAIG;AACU,QAAA,iCAAiC,GAA8B;IAC1E,mBAAmB;IACnB,CAAC,CAAC;IACF,QAAQ;IACR,CAAC,CAAC;IACF,mBAAmB;IACnB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,wBAAwB;IACxB,CAAC,EAAE;IACH,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,+BAA+B;IAC/B,CAAC,GAAG;IACJ,mEAAmE;IACnE,CAAC,KAAK;CACP,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,6BAA6B,GAAmC;IACpE,kBAAkB,EAAE,KAAK;IACzB,gBAAgB,EAAE,WAAW;CAC9B,CAAC;AAEF;;;GAGG;AACH,MAAM,4BAA4B,GAAG,yCAAiC,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;AAEnG;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,SAAgB,2BAA2B,CACzC,OAAwC;IAExC,MAAM,EACJ,MAAM,EACN,IAAI,EACJ,MAAM,EACN,QAAQ,EACR,SAAS,GAAG,IAAA,qCAAiB,GAAE,EAC/B,eAAe,GAAG,QAAQ,EAC1B,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,MAAM,EACxB,kBAAkB,GAAG,EAAE,EACvB,sBAAsB,GAAG,6BAA6B,EACtD,UAAU,EACV,qBAAqB,GAAG,4BAA4B,GACrD,GAAG,OAAO,CAAC;IAEZ;;OAEG;IACH,MAAM,gBAAgB,GAAoC,qBAAqB,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC;QACzF,GAAG,EAAE,EAAE;QACP,IAAI,EAAE,YAAY;KACnB,CAAC,CAAC,CAAC;IAEJ;;;;;OAKG;IACH,IAAI,sBAAsB,CAAC,WAAW,KAAK,UAAU,EAAE;QACrD,sBAAsB,CAAC,kBAAkB,GAAG,IAAI,CAAC;KAClD;SAAM;QACL,sBAAsB,CAAC,kBAAkB,GAAG,KAAK,CAAC;KACnD;IAED,OAAO;QACL,SAAS,EAAE,mBAAS,CAAC,MAAM,CAAC,SAAS,CAAC;QACtC,EAAE,EAAE;YACF,IAAI,EAAE,MAAM;YACZ,EAAE,EAAE,IAAI;SACT;QACD,IAAI,EAAE;YACJ,EAAE,EAAE,MAAM;YACV,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,eAAe;SAC7B;QACD,gBAAgB;QAChB,OAAO;QACP,WAAW,EAAE,eAAe;QAC5B,kBAAkB,EAAE,kBAAkB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClD,GAAG,IAAI;YACP,EAAE,EAAE,mBAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAY,CAAC;SACxC,CAAC,CAAC;QACH,sBAAsB;QACtB,UAAU;KACX,CAAC;AACJ,CAAC;AA3DD,kEA2DC"}
|
|
@@ -1,9 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* A whole lotta domain knowledge is captured here, with hazy connections to source
|
|
3
|
+
* documents. Good places to start searching for more info on these values are the
|
|
4
|
+
* following Trusted Computing Group TPM Library docs linked in the WebAuthn API:
|
|
5
|
+
*
|
|
6
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
|
|
7
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
|
8
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf
|
|
9
|
+
*/
|
|
10
|
+
/**
|
|
11
|
+
* 6.9 TPM_ST (Structure Tags)
|
|
12
|
+
*/
|
|
1
13
|
export declare const TPM_ST: {
|
|
2
14
|
[key: number]: string;
|
|
3
15
|
};
|
|
16
|
+
/**
|
|
17
|
+
* 6.3 TPM_ALG_ID
|
|
18
|
+
*/
|
|
4
19
|
export declare const TPM_ALG: {
|
|
5
20
|
[key: number]: string;
|
|
6
21
|
};
|
|
22
|
+
/**
|
|
23
|
+
* 6.4 TPM_ECC_CURVE
|
|
24
|
+
*/
|
|
7
25
|
export declare const TPM_ECC_CURVE: {
|
|
8
26
|
[key: number]: string;
|
|
9
27
|
};
|
|
@@ -11,7 +29,19 @@ declare type ManufacturerInfo = {
|
|
|
11
29
|
name: string;
|
|
12
30
|
id: string;
|
|
13
31
|
};
|
|
32
|
+
/**
|
|
33
|
+
* Sourced from https://trustedcomputinggroup.org/resource/vendor-id-registry/
|
|
34
|
+
*
|
|
35
|
+
* Latest version:
|
|
36
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-Vendor-ID-Registry-Version-1.02-Revision-1.00.pdf
|
|
37
|
+
*/
|
|
14
38
|
export declare const TPM_MANUFACTURERS: {
|
|
15
39
|
[key: string]: ManufacturerInfo;
|
|
16
40
|
};
|
|
41
|
+
/**
|
|
42
|
+
* Match TPM public area curve ID's to `crv` numbers used in COSE public keys
|
|
43
|
+
*/
|
|
44
|
+
export declare const TPM_ECC_CURVE_COSE_CRV_MAP: {
|
|
45
|
+
[key: string]: number;
|
|
46
|
+
};
|
|
17
47
|
export {};
|
|
@@ -1,7 +1,19 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.TPM_MANUFACTURERS = exports.TPM_ECC_CURVE = exports.TPM_ALG = exports.TPM_ST = void 0;
|
|
4
2
|
/* eslint-disable @typescript-eslint/ban-ts-comment */
|
|
3
|
+
/**
|
|
4
|
+
* A whole lotta domain knowledge is captured here, with hazy connections to source
|
|
5
|
+
* documents. Good places to start searching for more info on these values are the
|
|
6
|
+
* following Trusted Computing Group TPM Library docs linked in the WebAuthn API:
|
|
7
|
+
*
|
|
8
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
|
|
9
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
|
|
10
|
+
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf
|
|
11
|
+
*/
|
|
12
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
13
|
+
exports.TPM_ECC_CURVE_COSE_CRV_MAP = exports.TPM_MANUFACTURERS = exports.TPM_ECC_CURVE = exports.TPM_ALG = exports.TPM_ST = void 0;
|
|
14
|
+
/**
|
|
15
|
+
* 6.9 TPM_ST (Structure Tags)
|
|
16
|
+
*/
|
|
5
17
|
exports.TPM_ST = {
|
|
6
18
|
0x00c4: 'TPM_ST_RSP_COMMAND',
|
|
7
19
|
0x8000: 'TPM_ST_NULL',
|
|
@@ -21,6 +33,9 @@ exports.TPM_ST = {
|
|
|
21
33
|
0x8025: 'TPM_ST_AUTH_SIGNED',
|
|
22
34
|
0x8029: 'TPM_ST_FU_MANIFEST',
|
|
23
35
|
};
|
|
36
|
+
/**
|
|
37
|
+
* 6.3 TPM_ALG_ID
|
|
38
|
+
*/
|
|
24
39
|
exports.TPM_ALG = {
|
|
25
40
|
0x0000: 'TPM_ALG_ERROR',
|
|
26
41
|
0x0001: 'TPM_ALG_RSA',
|
|
@@ -60,6 +75,9 @@ exports.TPM_ALG = {
|
|
|
60
75
|
0x0043: 'TPM_ALG_CFB',
|
|
61
76
|
0x0044: 'TPM_ALG_ECB',
|
|
62
77
|
};
|
|
78
|
+
/**
|
|
79
|
+
* 6.4 TPM_ECC_CURVE
|
|
80
|
+
*/
|
|
63
81
|
exports.TPM_ECC_CURVE = {
|
|
64
82
|
0x0000: 'TPM_ECC_NONE',
|
|
65
83
|
0x0001: 'TPM_ECC_NIST_P192',
|
|
@@ -71,6 +89,12 @@ exports.TPM_ECC_CURVE = {
|
|
|
71
89
|
0x0011: 'TPM_ECC_BN_P638',
|
|
72
90
|
0x0020: 'TPM_ECC_SM2_P256',
|
|
73
91
|
};
|
|
92
|
+
/**
|
|
93
|
+
* Sourced from https://trustedcomputinggroup.org/resource/vendor-id-registry/
|
|
94
|
+
*
|
|
95
|
+
* Latest version:
|
|
96
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-Vendor-ID-Registry-Version-1.02-Revision-1.00.pdf
|
|
97
|
+
*/
|
|
74
98
|
exports.TPM_MANUFACTURERS = {
|
|
75
99
|
'id:414D4400': {
|
|
76
100
|
name: 'AMD',
|
|
@@ -149,4 +173,14 @@ exports.TPM_MANUFACTURERS = {
|
|
|
149
173
|
id: 'FIDO',
|
|
150
174
|
},
|
|
151
175
|
};
|
|
176
|
+
/**
|
|
177
|
+
* Match TPM public area curve ID's to `crv` numbers used in COSE public keys
|
|
178
|
+
*/
|
|
179
|
+
exports.TPM_ECC_CURVE_COSE_CRV_MAP = {
|
|
180
|
+
TPM_ECC_NIST_P256: 1,
|
|
181
|
+
TPM_ECC_NIST_P384: 2,
|
|
182
|
+
TPM_ECC_NIST_P521: 3,
|
|
183
|
+
TPM_ECC_BN_P256: 1,
|
|
184
|
+
TPM_ECC_SM2_P256: 1, // p256
|
|
185
|
+
};
|
|
152
186
|
//# sourceMappingURL=constants.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/constants.ts"],"names":[],"mappings":";AAAA,sDAAsD;AACtD;;;;;;;;GAQG;;;AAEH;;GAEG;AACU,QAAA,MAAM,GAA8B;IAC/C,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,6BAA6B;IACrC,MAAM,EAAE,uBAAuB;IAC/B,MAAM,EAAE,qBAAqB;IAC7B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,oBAAoB;IAC5B,MAAM,EAAE,oBAAoB;CAC7B,CAAC;AAEF;;GAEG;AACU,QAAA,OAAO,GAA8B;IAChD,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,kBAAkB;IAClB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,gBAAgB;IACxB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,eAAe;IACvB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,wBAAwB;IAChC,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,kBAAkB;IAC1B,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;IACrB,MAAM,EAAE,aAAa;CACtB,CAAC;AAEF;;GAEG;AACU,QAAA,aAAa,GAA8B;IACtD,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,mBAAmB;IAC3B,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,iBAAiB;IACzB,MAAM,EAAE,kBAAkB;CAC3B,CAAC;AAOF;;;;;GAKG;AACU,QAAA,iBAAiB,GAAwC;IACpE,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,KAAK;QACX,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,OAAO;QACb,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,QAAQ;QACd,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,wBAAwB;QAC9B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,oBAAoB;QAC1B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,UAAU;QAChB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,MAAM;QACZ,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,qBAAqB;QAC3B,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,mBAAmB;QACzB,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,SAAS;QACf,EAAE,EAAE,KAAK;KACV;IACD,aAAa,EAAE;QACb,IAAI,EAAE,kBAAkB;QACxB,EAAE,EAAE,MAAM;KACX;IACD,aAAa,EAAE;QACb,IAAI,EAAE,eAAe;QACrB,EAAE,EAAE,MAAM;KACX;CACF,CAAC;AAEF;;GAEG;AACU,QAAA,0BAA0B,GAA8B;IACnE,iBAAiB,EAAE,CAAC;IACpB,iBAAiB,EAAE,CAAC;IACpB,iBAAiB,EAAE,CAAC;IACpB,eAAe,EAAE,CAAC;IAClB,gBAAgB,EAAE,CAAC,EAAG,OAAO;CAC9B,CAAC"}
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* Cut up a TPM attestation's certInfo into intelligible chunks
|
|
4
4
|
*/
|
|
5
|
-
export
|
|
5
|
+
export declare function parseCertInfo(certInfo: Buffer): ParsedCertInfo;
|
|
6
6
|
declare type ParsedCertInfo = {
|
|
7
7
|
magic: number;
|
|
8
8
|
type: string;
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.parseCertInfo = void 0;
|
|
3
4
|
const constants_1 = require("./constants");
|
|
4
5
|
/**
|
|
5
6
|
* Cut up a TPM attestation's certInfo into intelligible chunks
|
|
@@ -49,5 +50,5 @@ function parseCertInfo(certInfo) {
|
|
|
49
50
|
attested,
|
|
50
51
|
};
|
|
51
52
|
}
|
|
52
|
-
exports.
|
|
53
|
+
exports.parseCertInfo = parseCertInfo;
|
|
53
54
|
//# sourceMappingURL=parseCertInfo.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parseCertInfo.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parseCertInfo.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parseCertInfo.ts"],"names":[],"mappings":";;;AAAA,2CAA8C;AAE9C;;GAEG;AACH,SAAgB,aAAa,CAAC,QAAgB;IAC5C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,uBAAuB;IACvB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAEtE,+CAA+C;IAC/C,MAAM,UAAU,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,kBAAM,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,8CAA8C;IAC9C,MAAM,qBAAqB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACtF,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,qBAAqB,CAAC,CAAC,CAAC;IAEpF,4CAA4C;IAC5C,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChF,MAAM,SAAS,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,eAAe,CAAC,CAAC,CAAC;IAExE,oEAAoE;IACpE,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;IACjE,MAAM,SAAS,GAAG;QAChB,KAAK,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QAClC,UAAU,EAAE,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QACxD,YAAY,EAAE,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,CAAC,eAAe,CAAC,EAAE,CAAC;KAC5B,CAAC;IAEF,8BAA8B;IAC9B,MAAM,eAAe,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhE,gBAAgB;IAChB,MAAM,kBAAkB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,YAAY,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,kBAAkB,CAAC,CAAC,CAAC;IAE9E,0CAA0C;IAC1C,MAAM,mBAAmB,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACpF,MAAM,aAAa,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,mBAAmB,CAAC,CAAC,CAAC;IAEhF,MAAM,QAAQ,GAAG;QACf,OAAO,EAAE,mBAAO,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC1D,aAAa,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;QACvC,IAAI,EAAE,YAAY;QAClB,aAAa;KACd,CAAC;IAEF,OAAO;QACL,KAAK;QACL,IAAI;QACJ,eAAe;QACf,SAAS;QACT,SAAS;QACT,eAAe;QACf,QAAQ;KACT,CAAC;AACJ,CAAC;AAtDD,sCAsDC"}
|
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
2
|
/**
|
|
3
3
|
* Break apart a TPM attestation's pubArea buffer
|
|
4
|
+
*
|
|
5
|
+
* See 12.2.4 TPMT_PUBLIC here:
|
|
6
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
|
|
4
7
|
*/
|
|
5
|
-
export
|
|
8
|
+
export declare function parsePubArea(pubArea: Buffer): ParsedPubArea;
|
|
6
9
|
declare type ParsedPubArea = {
|
|
7
10
|
type: 'TPM_ALG_RSA' | 'TPM_ALG_ECC';
|
|
8
11
|
nameAlg: string;
|
|
@@ -1,8 +1,12 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.parsePubArea = void 0;
|
|
3
4
|
const constants_1 = require("./constants");
|
|
4
5
|
/**
|
|
5
6
|
* Break apart a TPM attestation's pubArea buffer
|
|
7
|
+
*
|
|
8
|
+
* See 12.2.4 TPMT_PUBLIC here:
|
|
9
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
|
|
6
10
|
*/
|
|
7
11
|
function parsePubArea(pubArea) {
|
|
8
12
|
let pointer = 0;
|
|
@@ -30,6 +34,7 @@ function parsePubArea(pubArea) {
|
|
|
30
34
|
const authPolicy = pubArea.slice(pointer, (pointer += authPolicyLength));
|
|
31
35
|
// Extract additional curve params according to type
|
|
32
36
|
const parameters = {};
|
|
37
|
+
let unique = Buffer.from([]);
|
|
33
38
|
if (type === 'TPM_ALG_RSA') {
|
|
34
39
|
const rsaBuffer = pubArea.slice(pointer, (pointer += 10));
|
|
35
40
|
parameters.rsa = {
|
|
@@ -38,6 +43,12 @@ function parsePubArea(pubArea) {
|
|
|
38
43
|
keyBits: rsaBuffer.slice(4, 6).readUInt16BE(0),
|
|
39
44
|
exponent: rsaBuffer.slice(6, 10).readUInt32BE(0),
|
|
40
45
|
};
|
|
46
|
+
/**
|
|
47
|
+
* See 11.2.4.5 TPM2B_PUBLIC_KEY_RSA here:
|
|
48
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
|
|
49
|
+
*/
|
|
50
|
+
const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
51
|
+
unique = pubArea.slice(pointer, (pointer += uniqueLength));
|
|
41
52
|
}
|
|
42
53
|
else if (type === 'TPM_ALG_ECC') {
|
|
43
54
|
const eccBuffer = pubArea.slice(pointer, (pointer += 8));
|
|
@@ -47,13 +58,21 @@ function parsePubArea(pubArea) {
|
|
|
47
58
|
curveID: constants_1.TPM_ECC_CURVE[eccBuffer.slice(4, 6).readUInt16BE(0)],
|
|
48
59
|
kdf: constants_1.TPM_ALG[eccBuffer.slice(6, 8).readUInt16BE(0)],
|
|
49
60
|
};
|
|
61
|
+
/**
|
|
62
|
+
* See 11.2.5.1 TPM2B_ECC_PARAMETER here:
|
|
63
|
+
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
|
|
64
|
+
*/
|
|
65
|
+
// Retrieve X
|
|
66
|
+
const uniqueXLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
67
|
+
const uniqueX = pubArea.slice(pointer, (pointer += uniqueXLength));
|
|
68
|
+
// Retrieve Y
|
|
69
|
+
const uniqueYLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
70
|
+
const uniqueY = pubArea.slice(pointer, (pointer += uniqueYLength));
|
|
71
|
+
unique = Buffer.concat([uniqueX, uniqueY]);
|
|
50
72
|
}
|
|
51
73
|
else {
|
|
52
74
|
throw new Error(`Unexpected type "${type}" (TPM)`);
|
|
53
75
|
}
|
|
54
|
-
// Slice out unique of dynamic length
|
|
55
|
-
const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
|
|
56
|
-
const unique = pubArea.slice(pointer, (pointer += uniqueLength));
|
|
57
76
|
return {
|
|
58
77
|
type,
|
|
59
78
|
nameAlg,
|
|
@@ -63,5 +82,5 @@ function parsePubArea(pubArea) {
|
|
|
63
82
|
unique,
|
|
64
83
|
};
|
|
65
84
|
}
|
|
66
|
-
exports.
|
|
85
|
+
exports.parsePubArea = parsePubArea;
|
|
67
86
|
//# sourceMappingURL=parsePubArea.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"parsePubArea.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"parsePubArea.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/parsePubArea.ts"],"names":[],"mappings":";;;AAAA,2CAAqD;AAErD;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,OAAe;IAC1C,IAAI,OAAO,GAAG,CAAC,CAAC;IAEhB,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,mBAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEjD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7D,MAAM,OAAO,GAAG,mBAAO,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,uCAAuC;IACvC,MAAM,mBAAmB,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACnF,MAAM,gBAAgB,GAAG;QACvB,QAAQ,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACrC,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACpC,WAAW,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,CAAC,CAAC;QACxC,mBAAmB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QACjD,YAAY,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC1C,eAAe,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,EAAE,CAAC;QAC7C,IAAI,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,GAAG,CAAC;QACnC,oBAAoB,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,IAAI,CAAC;QACpD,UAAU,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QAC3C,OAAO,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,KAAK,CAAC;QACxC,aAAa,EAAE,CAAC,CAAC,CAAC,mBAAmB,GAAG,MAAM,CAAC;KAChD,CAAC;IAEF,6CAA6C;IAC7C,MAAM,gBAAgB,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAChF,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,gBAAgB,CAAC,CAAC,CAAC;IAEzE,oDAAoD;IACpD,MAAM,UAAU,GAAiD,EAAE,CAAC;IACpE,IAAI,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAE7B,IAAI,IAAI,KAAK,aAAa,EAAE;QAC1B,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,CAAC;QAE1D,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;YAC9C,QAAQ,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC;SACjD,CAAC;QAEF;;;WAGG;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE5E,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,YAAY,CAAC,CAAC,CAAC;KAC5D;SAAM,IAAI,IAAI,KAAK,aAAa,EAAE;QACjC,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzD,UAAU,CAAC,GAAG,GAAG;YACf,SAAS,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACzD,MAAM,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YACtD,OAAO,EAAE,yBAAa,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7D,GAAG,EAAE,mBAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SACpD,CAAC;QAEF;;;WAGG;QACH,aAAa;QACb,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC7E,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,aAAa,CAAC,CAAC,CAAC;QACnE,aAAa;QACb,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC7E,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC,OAAO,IAAI,aAAa,CAAC,CAAC,CAAC;QAEnE,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;KAC5C;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,oBAAoB,IAAI,SAAS,CAAC,CAAC;KACpD;IAED,OAAO;QACL,IAAI;QACJ,OAAO;QACP,gBAAgB;QAChB,UAAU;QACV,UAAU;QACV,MAAM;KACP,CAAC;AACJ,CAAC;AApFD,oCAoFC"}
|
|
@@ -1,23 +1,21 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.verifyAttestationTPM = void 0;
|
|
6
4
|
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
7
5
|
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
8
|
-
const decodeCredentialPublicKey_1 =
|
|
6
|
+
const decodeCredentialPublicKey_1 = require("../../../helpers/decodeCredentialPublicKey");
|
|
9
7
|
const convertCOSEtoPKCS_1 = require("../../../helpers/convertCOSEtoPKCS");
|
|
10
|
-
const toHash_1 =
|
|
11
|
-
const convertCertBufferToPEM_1 =
|
|
12
|
-
const validateCertificatePath_1 =
|
|
13
|
-
const getCertificateInfo_1 =
|
|
14
|
-
const verifySignature_1 =
|
|
15
|
-
const metadataService_1 =
|
|
16
|
-
const verifyAttestationWithMetadata_1 =
|
|
8
|
+
const toHash_1 = require("../../../helpers/toHash");
|
|
9
|
+
const convertCertBufferToPEM_1 = require("../../../helpers/convertCertBufferToPEM");
|
|
10
|
+
const validateCertificatePath_1 = require("../../../helpers/validateCertificatePath");
|
|
11
|
+
const getCertificateInfo_1 = require("../../../helpers/getCertificateInfo");
|
|
12
|
+
const verifySignature_1 = require("../../../helpers/verifySignature");
|
|
13
|
+
const metadataService_1 = require("../../../services/metadataService");
|
|
14
|
+
const verifyAttestationWithMetadata_1 = require("../../../metadata/verifyAttestationWithMetadata");
|
|
17
15
|
const constants_1 = require("./constants");
|
|
18
|
-
const parseCertInfo_1 =
|
|
19
|
-
const parsePubArea_1 =
|
|
20
|
-
async function
|
|
16
|
+
const parseCertInfo_1 = require("./parseCertInfo");
|
|
17
|
+
const parsePubArea_1 = require("./parsePubArea");
|
|
18
|
+
async function verifyAttestationTPM(options) {
|
|
21
19
|
var _a;
|
|
22
20
|
const { aaguid, attStmt, authData, credentialPublicKey, clientDataHash, rootCertificates } = options;
|
|
23
21
|
const { ver, sig, alg, x5c, pubArea, certInfo } = attStmt;
|
|
@@ -42,11 +40,11 @@ async function verifyTPM(options) {
|
|
|
42
40
|
if (!certInfo) {
|
|
43
41
|
throw new Error('Attestation statement did not contain certInfo (TPM)');
|
|
44
42
|
}
|
|
45
|
-
const parsedPubArea = (0, parsePubArea_1.
|
|
43
|
+
const parsedPubArea = (0, parsePubArea_1.parsePubArea)(pubArea);
|
|
46
44
|
const { unique, type: pubType, parameters } = parsedPubArea;
|
|
47
45
|
// Verify that the public key specified by the parameters and unique fields of pubArea is
|
|
48
46
|
// identical to the credentialPublicKey in the attestedCredentialData in authenticatorData.
|
|
49
|
-
const cosePublicKey = (0, decodeCredentialPublicKey_1.
|
|
47
|
+
const cosePublicKey = (0, decodeCredentialPublicKey_1.decodeCredentialPublicKey)(credentialPublicKey);
|
|
50
48
|
if (pubType === 'TPM_ALG_RSA') {
|
|
51
49
|
const n = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.n);
|
|
52
50
|
const e = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.e);
|
|
@@ -72,10 +70,6 @@ async function verifyTPM(options) {
|
|
|
72
70
|
}
|
|
73
71
|
}
|
|
74
72
|
else if (pubType === 'TPM_ALG_ECC') {
|
|
75
|
-
/**
|
|
76
|
-
* TODO: Confirm this all works fine. Conformance tools v1.3.4 don't currently test ECC so I
|
|
77
|
-
* had to eyeball it based on the **duo-labs/webauthn** library
|
|
78
|
-
*/
|
|
79
73
|
const crv = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.crv);
|
|
80
74
|
const x = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.x);
|
|
81
75
|
const y = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.y);
|
|
@@ -95,15 +89,15 @@ async function verifyTPM(options) {
|
|
|
95
89
|
throw new Error(`Parsed pubArea type is ECC, but missing parameters.ecc (TPM|ECC)`);
|
|
96
90
|
}
|
|
97
91
|
const pubAreaCurveID = parameters.ecc.curveID;
|
|
98
|
-
const
|
|
99
|
-
if (
|
|
100
|
-
throw new Error(`
|
|
92
|
+
const pubAreaCurveIDMapToCOSECRV = constants_1.TPM_ECC_CURVE_COSE_CRV_MAP[pubAreaCurveID];
|
|
93
|
+
if (pubAreaCurveIDMapToCOSECRV !== crv) {
|
|
94
|
+
throw new Error(`Public area key curve ID "${pubAreaCurveID}" mapped to "${pubAreaCurveIDMapToCOSECRV}" which did not match public key crv of "${crv}" (TPM|ECC)`);
|
|
101
95
|
}
|
|
102
96
|
}
|
|
103
97
|
else {
|
|
104
98
|
throw new Error(`Unsupported pubArea.type "${pubType}"`);
|
|
105
99
|
}
|
|
106
|
-
const parsedCertInfo = (0, parseCertInfo_1.
|
|
100
|
+
const parsedCertInfo = (0, parseCertInfo_1.parseCertInfo)(certInfo);
|
|
107
101
|
const { magic, type: certType, attested, extraData } = parsedCertInfo;
|
|
108
102
|
if (magic !== 0xff544347) {
|
|
109
103
|
throw new Error(`Unexpected magic value "${magic}", expected "0xff544347" (TPM)`);
|
|
@@ -112,7 +106,7 @@ async function verifyTPM(options) {
|
|
|
112
106
|
throw new Error(`Unexpected type "${certType}", expected "TPM_ST_ATTEST_CERTIFY" (TPM)`);
|
|
113
107
|
}
|
|
114
108
|
// Hash pubArea to create pubAreaHash using the nameAlg in attested
|
|
115
|
-
const pubAreaHash = (0, toHash_1.
|
|
109
|
+
const pubAreaHash = (0, toHash_1.toHash)(pubArea, attested.nameAlg.replace('TPM_ALG_', ''));
|
|
116
110
|
// Concatenate attested.nameAlg and pubAreaHash to create attestedName.
|
|
117
111
|
const attestedName = Buffer.concat([attested.nameAlgBuffer, pubAreaHash]);
|
|
118
112
|
// Check that certInfo.attested.name is equals to attestedName.
|
|
@@ -123,7 +117,7 @@ async function verifyTPM(options) {
|
|
|
123
117
|
const attToBeSigned = Buffer.concat([authData, clientDataHash]);
|
|
124
118
|
// Hash attToBeSigned using the algorithm specified in attStmt.alg to create attToBeSignedHash
|
|
125
119
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
126
|
-
const attToBeSignedHash = (0, toHash_1.
|
|
120
|
+
const attToBeSignedHash = (0, toHash_1.toHash)(attToBeSigned, hashAlg);
|
|
127
121
|
// Check that certInfo.extraData is equals to attToBeSignedHash.
|
|
128
122
|
if (!extraData.equals(attToBeSignedHash)) {
|
|
129
123
|
throw new Error('CertInfo extra data did not equal hashed attestation (TPM)');
|
|
@@ -135,7 +129,7 @@ async function verifyTPM(options) {
|
|
|
135
129
|
throw new Error('No certificates present in x5c array (TPM)');
|
|
136
130
|
}
|
|
137
131
|
// Pick a leaf AIK certificate of the x5c array and parse it.
|
|
138
|
-
const leafCertInfo = (0, getCertificateInfo_1.
|
|
132
|
+
const leafCertInfo = (0, getCertificateInfo_1.getCertificateInfo)(x5c[0]);
|
|
139
133
|
const { basicConstraintsCA, version, subject, notAfter, notBefore } = leafCertInfo;
|
|
140
134
|
if (basicConstraintsCA) {
|
|
141
135
|
throw new Error('Certificate basic constraints CA was not `false` (TPM)');
|
|
@@ -203,10 +197,10 @@ async function verifyTPM(options) {
|
|
|
203
197
|
// TODO: If certificate contains id-fido-gen-ce-aaguid(1.3.6.1.4.1.45724.1.1.4) extension, check
|
|
204
198
|
// that it’s value is set to the same AAGUID as in authData.
|
|
205
199
|
// Run some metadata checks if a statement exists for this authenticator
|
|
206
|
-
const statement = await metadataService_1.
|
|
200
|
+
const statement = await metadataService_1.MetadataService.getStatement(aaguid);
|
|
207
201
|
if (statement) {
|
|
208
202
|
try {
|
|
209
|
-
await (0, verifyAttestationWithMetadata_1.
|
|
203
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(statement, credentialPublicKey, x5c);
|
|
210
204
|
}
|
|
211
205
|
catch (err) {
|
|
212
206
|
const _err = err;
|
|
@@ -216,7 +210,7 @@ async function verifyTPM(options) {
|
|
|
216
210
|
else {
|
|
217
211
|
try {
|
|
218
212
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
219
|
-
await (0, validateCertificatePath_1.
|
|
213
|
+
await (0, validateCertificatePath_1.validateCertificatePath)(x5c.map(convertCertBufferToPEM_1.convertCertBufferToPEM), rootCertificates);
|
|
220
214
|
}
|
|
221
215
|
catch (err) {
|
|
222
216
|
const _err = err;
|
|
@@ -225,10 +219,10 @@ async function verifyTPM(options) {
|
|
|
225
219
|
}
|
|
226
220
|
// Verify signature over certInfo with the public key extracted from AIK certificate.
|
|
227
221
|
// In the wise words of Yuriy Ackermann: "Get Martini friend, you are done!"
|
|
228
|
-
const leafCertPEM = (0, convertCertBufferToPEM_1.
|
|
229
|
-
return (0, verifySignature_1.
|
|
222
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(x5c[0]);
|
|
223
|
+
return (0, verifySignature_1.verifySignature)(sig, certInfo, leafCertPEM, hashAlg);
|
|
230
224
|
}
|
|
231
|
-
exports.
|
|
225
|
+
exports.verifyAttestationTPM = verifyAttestationTPM;
|
|
232
226
|
/**
|
|
233
227
|
* Contain logic for pulling TPM-specific values out of subjectAlternativeName extension
|
|
234
228
|
*/
|
|
@@ -286,4 +280,4 @@ function getTcgAtTpmValues(root) {
|
|
|
286
280
|
tcgAtTpmVersion,
|
|
287
281
|
};
|
|
288
282
|
}
|
|
289
|
-
//# sourceMappingURL=
|
|
283
|
+
//# sourceMappingURL=verifyAttestationTPM.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifyAttestationTPM.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAO6B;AAI7B,0FAAuF;AACvF,0EAA2E;AAC3E,oDAAiD;AACjD,oFAAiF;AACjF,sFAAmF;AACnF,4EAAyE;AACzE,sEAAmE;AACnE,uEAAoE;AACpE,mGAAgG;AAEhG,2CAA4E;AAC5E,mDAAgD;AAChD,iDAA8C;AAEvC,KAAK,UAAU,oBAAoB,CAAC,OAAsC;;IAC/E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1D;;OAEG;IACH,IAAI,GAAG,KAAK,KAAK,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,yBAAyB,CAAC,CAAC;KAClE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,aAAa,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;IAE5D,yFAAyF;IACzF,2FAA2F;IAC3F,MAAM,aAAa,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IAErE,IAAI,OAAO,KAAK,aAAa,EAAE;QAC7B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,OAAO,GAAG,CAAW,CAAC;QAC5B,8FAA8F;QAC9F,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEzD,4CAA4C;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,IAAI,eAAe,KAAK,IAAI,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,cAAc,eAAe,YAAY,CAAC,CAAC;SAC7F;KACF;SAAM,IAAI,OAAO,KAAK,aAAa,EAAE;QACpC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC,EAAE;YAC7D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9C,MAAM,0BAA0B,GAAG,sCAA0B,CAAC,cAAc,CAAC,CAAA;QAC7E,IAAI,0BAA0B,KAAK,GAAG,EAAE;YACtC,MAAM,IAAI,KAAK,CACb,6BAA6B,cAAc,gBAAgB,0BAA0B,4CAA4C,GAAG,aAAa,CAClJ,CAAC;SACH;KACF;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,CAAC,CAAC;KAC1D;IAED,MAAM,cAAc,GAAG,IAAA,6BAAa,EAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC;IAEtE,IAAI,KAAK,KAAK,UAAU,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,gCAAgC,CAAC,CAAC;KACnF;IAED,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,2CAA2C,CAAC,CAAC;KAC1F;IAED,mEAAmE;IACnE,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAE9E,uEAAuE;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,+DAA+D;IAC/D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;KAC1D;IAED,mEAAmE;IACnE,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,8FAA8F;IAC9F,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;IACnD,MAAM,iBAAiB,GAAG,IAAA,eAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEzD,gEAAgE;IAChE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED;;OAEG;IACH,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAA,uCAAkB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC;IAEnF,IAAI,kBAAkB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,mEAAmE;IACnE,IAAI,OAAO,KAAK,CAAC,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,4CAA4C;IAC5C,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACrB,IAAI,SAAS,GAAG,GAAG,EAAE;QACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAChF;IAED,yCAAyC;IACzC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAC9E;IAED;;OAEG;IACH,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IAED,IAAI,qBAAyD,CAAC;IAC9D,IAAI,WAAyC,CAAC;IAC9C,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,gCAAoB,EAAE;YACvC,qBAAqB,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,kCAAsB,CAAC,CAAC;SAChF;aAAM,IAAI,GAAG,CAAC,MAAM,KAAK,6BAAiB,EAAE;YAC3C,WAAW,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,4BAAgB,CAAC,CAAC;SAChE;IACH,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,6FAA6F;IAC7F,SAAS;IACT,IAAI,CAAC,CAAA,MAAA,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,0CAAG,CAAC,EAAE,MAAM,CAAA,EAAE;QACvD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,MAAM,EAAE,oBAAoB,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,iBAAiB,CAChF,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,CACvC,CAAC;IAEF,IAAI,CAAC,oBAAoB,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;KACjF;IAED,yFAAyF;IACzF,IAAI,CAAC,6BAAiB,CAAC,oBAAoB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,qCAAqC,oBAAoB,SAAS,CAAC,CAAC;KACrF;IAED,wFAAwF;IACxF,4CAA4C;IAC5C,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE;QACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC;KAC9F;IAED,gGAAgG;IAChG,4DAA4D;IAE5D,wEAAwE;IACxE,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;SAC1E;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;IAED,qFAAqF;IACrF,4EAA4E;IAC5E,MAAM,WAAW,GAAG,IAAA,+CAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,OAAO,IAAA,iCAAe,EAAC,GAAG,EAAE,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AAC9D,CAAC;AA5PD,oDA4PC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAU;IAKnC,MAAM,eAAe,GAAG,cAAc,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC;IAChC,MAAM,UAAU,GAAG,cAAc,CAAC;IAElC,IAAI,oBAAwC,CAAC;IAC7C,IAAI,aAAiC,CAAC;IACtC,IAAI,eAAmC,CAAC;IAExC;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACrB,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACrB,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE;gBACjC,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aAC9C;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE;gBACjC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACvC;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE;gBACnC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACzC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,aAAa;QACb,eAAe;KAChB,CAAC;AACJ,CAAC"}
|
package/dist/registration/verifications/{verifyAndroidKey.d.ts → verifyAttestationAndroidKey.d.ts}
RENAMED
|
@@ -2,4 +2,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
|
|
|
2
2
|
/**
|
|
3
3
|
* Verify an attestation response with fmt 'android-key'
|
|
4
4
|
*/
|
|
5
|
-
export
|
|
5
|
+
export declare function verifyAttestationAndroidKey(options: AttestationFormatVerifierOpts): Promise<boolean>;
|
package/dist/registration/verifications/{verifyAndroidKey.js → verifyAttestationAndroidKey.js}
RENAMED
|
@@ -1,40 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
-
if (mod && mod.__esModule) return mod;
|
|
20
|
-
var result = {};
|
|
21
|
-
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
-
__setModuleDefault(result, mod);
|
|
23
|
-
return result;
|
|
24
|
-
};
|
|
25
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
-
};
|
|
28
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.verifyAttestationAndroidKey = void 0;
|
|
29
4
|
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
30
5
|
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
31
6
|
const asn1_android_1 = require("@peculiar/asn1-android");
|
|
32
|
-
const convertCertBufferToPEM_1 =
|
|
33
|
-
const validateCertificatePath_1 =
|
|
34
|
-
const verifySignature_1 =
|
|
35
|
-
const convertCOSEtoPKCS_1 =
|
|
36
|
-
const metadataService_1 =
|
|
37
|
-
const verifyAttestationWithMetadata_1 =
|
|
7
|
+
const convertCertBufferToPEM_1 = require("../../helpers/convertCertBufferToPEM");
|
|
8
|
+
const validateCertificatePath_1 = require("../../helpers/validateCertificatePath");
|
|
9
|
+
const verifySignature_1 = require("../../helpers/verifySignature");
|
|
10
|
+
const convertCOSEtoPKCS_1 = require("../../helpers/convertCOSEtoPKCS");
|
|
11
|
+
const metadataService_1 = require("../../services/metadataService");
|
|
12
|
+
const verifyAttestationWithMetadata_1 = require("../../metadata/verifyAttestationWithMetadata");
|
|
38
13
|
/**
|
|
39
14
|
* Verify an attestation response with fmt 'android-key'
|
|
40
15
|
*/
|
|
@@ -56,7 +31,7 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
56
31
|
const parsedCert = asn1_schema_1.AsnParser.parse(x5c[0], asn1_x509_1.Certificate);
|
|
57
32
|
const parsedCertPubKey = Buffer.from(parsedCert.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey);
|
|
58
33
|
// Convert the credentialPublicKey to PKCS
|
|
59
|
-
const credPubKeyPKCS = (0, convertCOSEtoPKCS_1.
|
|
34
|
+
const credPubKeyPKCS = (0, convertCOSEtoPKCS_1.convertCOSEtoPKCS)(credentialPublicKey);
|
|
60
35
|
if (!credPubKeyPKCS.equals(parsedCertPubKey)) {
|
|
61
36
|
throw new Error('Credential public key does not equal leaf cert public key (AndroidKey)');
|
|
62
37
|
}
|
|
@@ -79,10 +54,10 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
79
54
|
if (softwareEnforced.allApplications !== undefined) {
|
|
80
55
|
throw new Error('teeEnforced contained "allApplications [600]" tag (AndroidKey)');
|
|
81
56
|
}
|
|
82
|
-
const statement = await metadataService_1.
|
|
57
|
+
const statement = await metadataService_1.MetadataService.getStatement(aaguid);
|
|
83
58
|
if (statement) {
|
|
84
59
|
try {
|
|
85
|
-
await (0, verifyAttestationWithMetadata_1.
|
|
60
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(statement, credentialPublicKey, x5c);
|
|
86
61
|
}
|
|
87
62
|
catch (err) {
|
|
88
63
|
const _err = err;
|
|
@@ -92,7 +67,7 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
92
67
|
else {
|
|
93
68
|
try {
|
|
94
69
|
// Try validating the certificate path using the root certificates set via SettingsService
|
|
95
|
-
await (0, validateCertificatePath_1.
|
|
70
|
+
await (0, validateCertificatePath_1.validateCertificatePath)(x5c.map(convertCertBufferToPEM_1.convertCertBufferToPEM), rootCertificates);
|
|
96
71
|
}
|
|
97
72
|
catch (err) {
|
|
98
73
|
const _err = err;
|
|
@@ -100,9 +75,9 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
100
75
|
}
|
|
101
76
|
}
|
|
102
77
|
const signatureBase = Buffer.concat([authData, clientDataHash]);
|
|
103
|
-
const leafCertPEM = (0, convertCertBufferToPEM_1.
|
|
78
|
+
const leafCertPEM = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(x5c[0]);
|
|
104
79
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
105
|
-
return (0, verifySignature_1.
|
|
80
|
+
return (0, verifySignature_1.verifySignature)(sig, signatureBase, leafCertPEM, hashAlg);
|
|
106
81
|
}
|
|
107
|
-
exports.
|
|
108
|
-
//# sourceMappingURL=
|
|
82
|
+
exports.verifyAttestationAndroidKey = verifyAttestationAndroidKey;
|
|
83
|
+
//# sourceMappingURL=verifyAttestationAndroidKey.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"verifyAttestationAndroidKey.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidKey.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAAkD;AAClD,yDAA8E;AAI9E,iFAA8E;AAC9E,mFAAgF;AAChF,mEAAgE;AAChE,uEAAiF;AACjF,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,2BAA2B,CAC/C,OAAsC;;IAEtC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;KAC9F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC5F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,uFAAuF;IACvF,kDAAkD;IAClD,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,UAAU,CAAC,cAAc,CAAC,oBAAoB,CAAC,gBAAgB,CAChE,CAAC;IAEF,0CAA0C;IAC1C,MAAM,cAAc,GAAG,IAAA,qCAAiB,EAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,cAAc,CAAC,UAAU,0CAAE,IAAI,CAC5D,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,mCAAoB,CAC3C,CAAC;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,iBAAiB,GAAG,uBAAS,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,6BAAc,CAAC,CAAC;IAEjF,4BAA4B;IAC5B,MAAM,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC;IAElF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;QACpE,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,4FAA4F;IAC5F,aAAa;IACb,IAAI,WAAW,CAAC,eAAe,KAAK,SAAS,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,IAAI,gBAAgB,CAAC,eAAe,KAAK,SAAS,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC,SAAS,EAAE,mBAAmB,EAAE,GAAG,CAAC,CAAC;SAC1E;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,IAAA,+CAAsB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnD,MAAM,OAAO,GAAG,+BAAW,CAAC,GAAa,CAAC,CAAC;IAE3C,OAAO,IAAA,iCAAe,EAAC,GAAG,EAAE,aAAa,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACnE,CAAC;AApFD,kEAoFC"}
|
|
@@ -2,4 +2,4 @@ import type { AttestationFormatVerifierOpts } from '../verifyRegistrationRespons
|
|
|
2
2
|
/**
|
|
3
3
|
* Verify an attestation response with fmt 'android-safetynet'
|
|
4
4
|
*/
|
|
5
|
-
export
|
|
5
|
+
export declare function verifyAttestationAndroidSafetyNet(options: AttestationFormatVerifierOpts): Promise<boolean>;
|