npm - @simplewebauthn/server - Versions diffs - 5.4.1 → 5.4.2 - Mend

@simplewebauthn/server 5.4.1 → 5.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/metadata/verifyAttestationWithMetadata.js CHANGED Viewed

@@ -54,8 +54,19 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
     }
     // Make sure the public key is one of the allowed algorithms
     if (!foundMatch) {
-        const debugAlgs = Array.from(keypairCOSEAlgs).join(', ');
-        throw new Error(`Public key algorithm ${publicKeyCOSEInfo} did not match any metadata algorithms [${debugAlgs}]`);
+        const debugMDSAlgs = Array.from(keypairCOSEAlgs);
+        // Construct some useful error output about the public key
+        const debugPubKeyAlgInfo = {
+            kty: publicKeyCOSEInfo.kty,
+            alg: publicKeyCOSEInfo.alg,
+        };
+        // Don't output a bunch of bytes for `crv` when the public key is an RSA key
+        if (publicKeyCOSEInfo.kty !== convertCOSEtoPKCS_1.COSEKTY.RSA) {
+            debugPubKeyAlgInfo.crv = publicKeyCOSEInfo.crv;
+        }
+        const strPubKeyAlg = JSON.stringify(debugPubKeyAlgInfo);
+        const strMDSAlgs = JSON.stringify(debugMDSAlgs);
+        throw new Error(`Public key algorithm ${strPubKeyAlg} did not match any metadata algorithms ${strMDSAlgs}`);
     }
     try {
         await (0, validateCertificatePath_1.validateCertificatePath)(x5c.map(convertCertBufferToPEM_1.convertCertBufferToPEM), statement.attestationRootCertificates.map(convertCertBufferToPEM_1.convertCertBufferToPEM));
@@ -69,6 +80,9 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
 exports.verifyAttestationWithMetadata = verifyAttestationWithMetadata;
 /**
  * Convert ALG_SIGN values to COSE info
+ *
+ * Values pulled from `ALG_KEY_COSE` definitions in the FIDO Registry of Predefined Values
+ *
  * https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
  */
 function algSignToCOSEInfo(algSign) {
@@ -81,7 +95,7 @@ function algSignToCOSEInfo(algSign) {
             return { kty: 3, alg: -37 };
         case 'secp256k1_ecdsa_sha256_raw':
         case 'secp256k1_ecdsa_sha256_der':
-            return { kty: 2, alg: -7, crv: 8 };
+            return { kty: 2, alg: 7, crv: 8 };
         case 'rsassa_pss_sha384_raw':
             return { kty: 3, alg: -38 };
         case 'rsassa_pkcsv15_sha256_raw':
@@ -98,12 +112,12 @@ function algSignToCOSEInfo(algSign) {
             return { kty: 2, alg: -36, crv: 3 };
         case 'ed25519_eddsa_sha512_raw':
             return { kty: 1, alg: -8, crv: 6 };
-        // TODO: COSE info in FIDO Registry v2.1 isn't readily available for these, these seem rare...
+        case 'rsa_emsa_pkcs1_sha256_raw':
+        case 'rsa_emsa_pkcs1_sha256_der':
+            return { kty: 3, alg: -257 };
+        // TODO: COSE info wasn't readily available for these, these seem rare...
         // case 'sm2_sm3_raw':
         //   return {};
-        // case 'rsa_emsa_pkcs1_sha256_raw':
-        // case 'rsa_emsa_pkcs1_sha256_der':
-        //   return {};
         default:
             return undefined;
     }

package/dist/metadata/verifyAttestationWithMetadata.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;AAGA,8EAA2E;AAC3E,gFAA6E;AAC7E,oFAAiF;AACjF,oEAAiE;AAEjE;;;GAGG;AACI,KAAK,UAAU,6BAA6B,CACjD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;gBAClE,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EACxC;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,~~SAAS~~,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;~~QACzD~~,MAAM,IAAI,KAAK,CACb,wBAAwB,~~iBAAiB~~,~~2CAA2C~~,~~SAAS~~,~~GAAG~~,~~CACjG~~,CAAC;KACH;IAED,IAAI;QACF,MAAM,IAAA,iDAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,+CAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAC3F,CAAC;KACH;IAED,OAAO,IAAI,CAAC;AACd,CAAC;~~AA1ED~~,~~sEA0EC~~;AAQD~~;;;GAGG~~;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,~~CAAC,~~EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;~~QACrC~~,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,~~8FAA8F~~;~~QAC9F~~,~~sBAAsB~~;~~QACtB~~,~~eAAe~~;~~QACf~~,~~oCAAoC~~;~~QACpC~~,~~oCAAoC~~;~~QACpC~~,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}
1	+ {"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;AAGA,8EAA2E;AAC3E,gFAA6E;AAC7E,oFAAiF;AACjF,oEAAiE;AAEjE;;;GAGG;AACI,KAAK,UAAU,6BAA6B,CACjD,SAA4B,EAC5B,mBAA2B,EAC3B,GAAiC;IAEjC,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,SAAS,CAAC,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACnD,8CAA8C;QAC9C,MAAM,eAAe,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAEnD,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;gBAClE,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EACxC;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf,MAAM,YAAY,GAAG,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACjD,0DAA0D;QAC1D,MAAM,kBAAkB,GAAa;YACnC,GAAG,EAAE,iBAAiB,CAAC,GAAG;YAC1B,GAAG,EAAE,iBAAiB,CAAC,GAAG;SAC3B,CAAC;QACF,4EAA4E;QAC5E,IAAI,iBAAiB,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;YACzC,kBAAkB,CAAC,GAAG,GAAG,iBAAiB,CAAC,GAAG,CAAC;SAChD;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QACxD,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;QAEhD,MAAM,IAAI,KAAK,CACb,wBAAwB,YAAY,0CAA0C,UAAU,EAAE,CAC3F,CAAC;KACH;IAED,IAAI;QACF,MAAM,IAAA,iDAAuB,EAC3B,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAC/B,SAAS,CAAC,2BAA2B,CAAC,GAAG,CAAC,+CAAsB,CAAC,CAClE,CAAC;KACH;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CACb,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAC3F,CAAC;KACH;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAvFD,sEAuFC;AAQD;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,OAAgB;IACzC,QAAQ,OAAO,EAAE;QACf,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,uBAAuB,CAAC;QAC7B,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,4BAA4B,CAAC;QAClC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACpC,KAAK,uBAAuB;YAC1B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAC9B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,KAAK,yBAAyB;YAC5B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE,CAAC;QACjC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,4BAA4B;YAC/B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACtC,KAAK,0BAA0B;YAC7B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;QACrC,KAAK,2BAA2B,CAAC;QACjC,KAAK,2BAA2B;YAC9B,OAAO,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC;QAC/B,yEAAyE;QACzE,sBAAsB;QACtB,eAAe;QACf;YACE,OAAO,SAAS,CAAC;KACpB;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@simplewebauthn/server",
-  "version": "5.4.1",
+  "version": "5.4.2",
   "description": "SimpleWebAuthn for Servers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -59,7 +59,7 @@
     "node-fetch": "^2.6.0",
     "node-rsa": "^1.1.1"
   },
-  "gitHead": "3a673b2cf940133ed8d3a68e80a95f198b1e6f9e",
+  "gitHead": "a79e3d35f30970439b3bab01d7039b535cacf9ab",
   "devDependencies": {
     "@types/cbor": "^5.0.1",
     "@types/debug": "^4.1.7",