@simplewebauthn/server 5.4.3 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/authentication/verifyAuthenticationResponse.d.ts +10 -2
- package/dist/authentication/verifyAuthenticationResponse.js +38 -11
- package/dist/authentication/verifyAuthenticationResponse.js.map +1 -1
- package/dist/helpers/convertCOSEtoPKCS.d.ts +5 -1
- package/dist/helpers/convertCOSEtoPKCS.js +6 -5
- package/dist/helpers/convertCOSEtoPKCS.js.map +1 -1
- package/dist/helpers/convertCertBufferToPEM.js +6 -4
- package/dist/helpers/convertCertBufferToPEM.js.map +1 -1
- package/dist/helpers/decodeAuthenticatorExtensions.d.ts +1 -1
- package/dist/helpers/verifySignature.d.ts +14 -1
- package/dist/helpers/verifySignature.js +56 -2
- package/dist/helpers/verifySignature.js.map +1 -1
- package/dist/metadata/mdsTypes.d.ts +4 -0
- package/dist/metadata/verifyAttestationWithMetadata.d.ts +6 -1
- package/dist/metadata/verifyAttestationWithMetadata.js +33 -8
- package/dist/metadata/verifyAttestationWithMetadata.js.map +1 -1
- package/dist/registration/verifications/tpm/verifyAttestationTPM.js +12 -3
- package/dist/registration/verifications/tpm/verifyAttestationTPM.js.map +1 -1
- package/dist/registration/verifications/verifyAttestationAndroidKey.js +12 -3
- package/dist/registration/verifications/verifyAttestationAndroidKey.js.map +1 -1
- package/dist/registration/verifications/verifyAttestationAndroidSafetyNet.js +12 -4
- package/dist/registration/verifications/verifyAttestationAndroidSafetyNet.js.map +1 -1
- package/dist/registration/verifications/verifyAttestationFIDOU2F.js +5 -2
- package/dist/registration/verifications/verifyAttestationFIDOU2F.js.map +1 -1
- package/dist/registration/verifications/verifyAttestationPacked.js +17 -61
- package/dist/registration/verifications/verifyAttestationPacked.js.map +1 -1
- package/package.json +7 -10
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType } from '@simplewebauthn/typescript-types';
|
|
2
|
+
import { AuthenticationCredentialJSON, AuthenticatorDevice, CredentialDeviceType, UserVerificationRequirement } from '@simplewebauthn/typescript-types';
|
|
3
3
|
import { AuthenticationExtensionsAuthenticatorOutputs } from '../helpers/decodeAuthenticatorExtensions';
|
|
4
4
|
export declare type VerifyAuthenticationResponseOpts = {
|
|
5
5
|
credential: AuthenticationCredentialJSON;
|
|
@@ -8,6 +8,9 @@ export declare type VerifyAuthenticationResponseOpts = {
|
|
|
8
8
|
expectedRPID: string | string[];
|
|
9
9
|
authenticator: AuthenticatorDevice;
|
|
10
10
|
requireUserVerification?: boolean;
|
|
11
|
+
advancedFIDOConfig?: {
|
|
12
|
+
userVerification?: UserVerificationRequirement;
|
|
13
|
+
};
|
|
11
14
|
};
|
|
12
15
|
/**
|
|
13
16
|
* Verify that the user has legitimately completed the login process
|
|
@@ -22,8 +25,13 @@ export declare type VerifyAuthenticationResponseOpts = {
|
|
|
22
25
|
* @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
|
|
23
26
|
* @param requireUserVerification (Optional) Enforce user verification by the authenticator
|
|
24
27
|
* (via PIN, fingerprint, etc...)
|
|
28
|
+
* @param advancedFIDOConfig (Optional) Options for satisfying more stringent FIDO RP feature
|
|
29
|
+
* requirements
|
|
30
|
+
* @param advancedFIDOConfig.userVerification (Optional) Enable alternative rules for evaluating the
|
|
31
|
+
* User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional
|
|
32
|
+
* unless this value is `"required"`
|
|
25
33
|
*/
|
|
26
|
-
export declare function verifyAuthenticationResponse(options: VerifyAuthenticationResponseOpts): VerifiedAuthenticationResponse
|
|
34
|
+
export declare function verifyAuthenticationResponse(options: VerifyAuthenticationResponseOpts): Promise<VerifiedAuthenticationResponse>;
|
|
27
35
|
/**
|
|
28
36
|
* Result of authentication verification
|
|
29
37
|
*
|
|
@@ -7,7 +7,6 @@ exports.verifyAuthenticationResponse = void 0;
|
|
|
7
7
|
const base64url_1 = __importDefault(require("base64url"));
|
|
8
8
|
const decodeClientDataJSON_1 = require("../helpers/decodeClientDataJSON");
|
|
9
9
|
const toHash_1 = require("../helpers/toHash");
|
|
10
|
-
const convertPublicKeyToPEM_1 = require("../helpers/convertPublicKeyToPEM");
|
|
11
10
|
const verifySignature_1 = require("../helpers/verifySignature");
|
|
12
11
|
const parseAuthenticatorData_1 = require("../helpers/parseAuthenticatorData");
|
|
13
12
|
const isBase64URLString_1 = require("../helpers/isBase64URLString");
|
|
@@ -25,9 +24,14 @@ const parseBackupFlags_1 = require("../helpers/parseBackupFlags");
|
|
|
25
24
|
* @param authenticator An internal {@link AuthenticatorDevice} matching the credential's ID
|
|
26
25
|
* @param requireUserVerification (Optional) Enforce user verification by the authenticator
|
|
27
26
|
* (via PIN, fingerprint, etc...)
|
|
27
|
+
* @param advancedFIDOConfig (Optional) Options for satisfying more stringent FIDO RP feature
|
|
28
|
+
* requirements
|
|
29
|
+
* @param advancedFIDOConfig.userVerification (Optional) Enable alternative rules for evaluating the
|
|
30
|
+
* User Presence and User Verified flags in authenticator data: UV (and UP) flags are optional
|
|
31
|
+
* unless this value is `"required"`
|
|
28
32
|
*/
|
|
29
|
-
function verifyAuthenticationResponse(options) {
|
|
30
|
-
const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, requireUserVerification, } = options;
|
|
33
|
+
async function verifyAuthenticationResponse(options) {
|
|
34
|
+
const { credential, expectedChallenge, expectedOrigin, expectedRPID, authenticator, requireUserVerification, advancedFIDOConfig, } = options;
|
|
31
35
|
const { id, rawId, type: credentialType, response } = credential;
|
|
32
36
|
// Ensure credential specified an ID
|
|
33
37
|
if (!id) {
|
|
@@ -111,17 +115,36 @@ function verifyAuthenticationResponse(options) {
|
|
|
111
115
|
throw new Error(`Unexpected RP ID hash`);
|
|
112
116
|
}
|
|
113
117
|
}
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
118
|
+
if (advancedFIDOConfig !== undefined) {
|
|
119
|
+
const { userVerification: fidoUserVerification } = advancedFIDOConfig;
|
|
120
|
+
/**
|
|
121
|
+
* Use FIDO Conformance-defined rules for verifying UP and UV flags
|
|
122
|
+
*/
|
|
123
|
+
if (fidoUserVerification === 'required') {
|
|
124
|
+
// Require `flags.uv` be true (implies `flags.up` is true)
|
|
125
|
+
if (!flags.uv) {
|
|
126
|
+
throw new Error('User verification required, but user could not be verified');
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
else if (fidoUserVerification === 'preferred' || fidoUserVerification === 'discouraged') {
|
|
130
|
+
// Ignore `flags.uv`
|
|
131
|
+
}
|
|
117
132
|
}
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
133
|
+
else {
|
|
134
|
+
/**
|
|
135
|
+
* Use WebAuthn spec-defined rules for verifying UP and UV flags
|
|
136
|
+
*/
|
|
137
|
+
// WebAuthn only requires the user presence flag be true
|
|
138
|
+
if (!flags.up) {
|
|
139
|
+
throw new Error('User not present during authentication');
|
|
140
|
+
}
|
|
141
|
+
// Enforce user verification if required
|
|
142
|
+
if (requireUserVerification && !flags.uv) {
|
|
143
|
+
throw new Error('User verification required, but user could not be verified');
|
|
144
|
+
}
|
|
121
145
|
}
|
|
122
146
|
const clientDataHash = (0, toHash_1.toHash)(base64url_1.default.toBuffer(response.clientDataJSON));
|
|
123
147
|
const signatureBase = Buffer.concat([authDataBuffer, clientDataHash]);
|
|
124
|
-
const publicKey = (0, convertPublicKeyToPEM_1.convertPublicKeyToPEM)(authenticator.credentialPublicKey);
|
|
125
148
|
const signature = base64url_1.default.toBuffer(response.signature);
|
|
126
149
|
if ((counter > 0 || authenticator.counter > 0) && counter <= authenticator.counter) {
|
|
127
150
|
// Error out when the counter in the DB is greater than or equal to the counter in the
|
|
@@ -132,7 +155,11 @@ function verifyAuthenticationResponse(options) {
|
|
|
132
155
|
}
|
|
133
156
|
const { credentialDeviceType, credentialBackedUp } = (0, parseBackupFlags_1.parseBackupFlags)(flags);
|
|
134
157
|
const toReturn = {
|
|
135
|
-
verified: (0, verifySignature_1.verifySignature)(
|
|
158
|
+
verified: await (0, verifySignature_1.verifySignature)({
|
|
159
|
+
signature,
|
|
160
|
+
signatureBase,
|
|
161
|
+
credentialPublicKey: authenticator.credentialPublicKey,
|
|
162
|
+
}),
|
|
136
163
|
authenticationInfo: {
|
|
137
164
|
newCounter: counter,
|
|
138
165
|
credentialID: authenticator.credentialID,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;
|
|
1
|
+
{"version":3,"file":"verifyAuthenticationResponse.js","sourceRoot":"","sources":["../../src/authentication/verifyAuthenticationResponse.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAQlC,0EAAuE;AACvE,8CAA2C;AAC3C,gEAA6D;AAC7D,8EAA2E;AAC3E,oEAAiE;AACjE,kEAA+D;AAe/D;;;;;;;;;;;;;;;;;;GAkBG;AACI,KAAK,UAAU,4BAA4B,CAChD,OAAyC;IAEzC,MAAM,EACJ,UAAU,EACV,iBAAiB,EACjB,cAAc,EACd,YAAY,EACZ,aAAa,EACb,uBAAuB,EACvB,kBAAkB,GACnB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAC;IAEjE,oCAAoC;IACpC,IAAI,CAAC,EAAE,EAAE;QACP,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;KAC1C;IAED,iCAAiC;IACjC,IAAI,EAAE,KAAK,KAAK,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,0CAA0C;IAC1C,IAAI,cAAc,KAAK,YAAY,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,8BAA8B,cAAc,yBAAyB,CAAC,CAAC;KACxF;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;KAChD;IAED,IAAI,OAAO,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,cAAc,CAAA,KAAK,QAAQ,EAAE;QAChD,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,MAAM,cAAc,GAAG,IAAA,2CAAoB,EAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;IAErE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,YAAY,EAAE,GAAG,cAAc,CAAC;IAEjE,6CAA6C;IAC7C,IAAI,IAAI,KAAK,cAAc,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,IAAI,EAAE,CAAC,CAAC;KACrE;IAED,sDAAsD;IACtD,IAAI,OAAO,iBAAiB,KAAK,UAAU,EAAE;QAC3C,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,EAAE;YACjC,MAAM,IAAI,KAAK,CACb,iFAAiF,SAAS,GAAG,CAC9F,CAAC;SACH;KACF;SAAM,IAAI,SAAS,KAAK,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CACb,iDAAiD,SAAS,gBAAgB,iBAAiB,GAAG,CAC/F,CAAC;KACH;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE;YACpC,MAAM,oBAAoB,GAAG,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,uBAAuB,oBAAoB,EAAE,CAClG,CAAC;SACH;KACF;SAAM;QACL,IAAI,MAAM,KAAK,cAAc,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,8CAA8C,MAAM,gBAAgB,cAAc,GAAG,CACtF,CAAC;SACH;KACF;IAED,IAAI,CAAC,IAAA,qCAAiB,EAAC,QAAQ,CAAC,iBAAiB,CAAC,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,IAAA,qCAAiB,EAAC,QAAQ,CAAC,SAAS,CAAC,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,IAAI,QAAQ,CAAC,UAAU,IAAI,OAAO,QAAQ,CAAC,UAAU,KAAK,QAAQ,EAAE;QAClE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,YAAY,EAAE;QAChB,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;YACpC,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;QAED,IAAI,CAAC,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE;YAC7E,MAAM,IAAI,KAAK,CAAC,kCAAkC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC;SAC1E;KACF;IAED,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;IACtE,MAAM,cAAc,GAAG,IAAA,+CAAsB,EAAC,cAAc,CAAC,CAAC;IAC9D,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,GAAG,cAAc,CAAC;IAEpE,yCAAyC;IACzC,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE;QACpC,MAAM,gBAAgB,GAAG,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC,CAAC;QACpE,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,kEAAkE;QAClE,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE;YAC9C,MAAM,gBAAgB,GAAG,IAAA,eAAM,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;YAChE,OAAO,QAAQ,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,UAAU,EAAE;YACf,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;SAC1C;KACF;IAED,IAAI,kBAAkB,KAAK,SAAS,EAAE;QACpC,MAAM,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,GAAG,kBAAkB,CAAC;QAEtE;;WAEG;QACH,IAAI,oBAAoB,KAAK,UAAU,EAAE;YACvC,0DAA0D;YAC1D,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;gBACb,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;aAC/E;SACF;aAAM,IAAI,oBAAoB,KAAK,WAAW,IAAI,oBAAoB,KAAK,aAAa,EAAE;YACzF,oBAAoB;SACrB;KACF;SAAM;QACL;;WAEG;QACH,wDAAwD;QACxD,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACb,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;SAC3D;QAED,wCAAwC;QACxC,IAAI,uBAAuB,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE;YACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;KACF;IAED,MAAM,cAAc,GAAG,IAAA,eAAM,EAAC,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,CAAC;IAC3E,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC,CAAC;IAEtE,MAAM,SAAS,GAAG,mBAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEzD,IAAI,CAAC,OAAO,GAAG,CAAC,IAAI,aAAa,CAAC,OAAO,GAAG,CAAC,CAAC,IAAI,OAAO,IAAI,aAAa,CAAC,OAAO,EAAE;QAClF,sFAAsF;QACtF,2FAA2F;QAC3F,sFAAsF;QACtF,gDAAgD;QAChD,MAAM,IAAI,KAAK,CACb,0BAA0B,OAAO,4BAA4B,aAAa,CAAC,OAAO,EAAE,CACrF,CAAC;KACH;IAED,MAAM,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,GAAG,IAAA,mCAAgB,EAAC,KAAK,CAAC,CAAC;IAE7E,MAAM,QAAQ,GAAG;QACf,QAAQ,EAAE,MAAM,IAAA,iCAAe,EAAC;YAC9B,SAAS;YACT,aAAa;YACb,mBAAmB,EAAE,aAAa,CAAC,mBAAmB;SACvD,CAAC;QACF,kBAAkB,EAAE;YAClB,UAAU,EAAE,OAAO;YACnB,YAAY,EAAE,aAAa,CAAC,YAAY;YACxC,oBAAoB;YACpB,kBAAkB;YAClB,6BAA6B,EAAE,cAAc;SAC9C;KACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC;AArLD,oEAqLC"}
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import type { SigningSchemeHash } from 'node-rsa';
|
|
3
2
|
import { COSEAlgorithmIdentifier } from '@simplewebauthn/typescript-types';
|
|
4
3
|
/**
|
|
5
4
|
* Takes COSE-encoded public key and converts it to PKCS key
|
|
@@ -29,3 +28,8 @@ export declare const COSECRV: {
|
|
|
29
28
|
export declare const COSEALGHASH: {
|
|
30
29
|
[key: string]: string;
|
|
31
30
|
};
|
|
31
|
+
/**
|
|
32
|
+
* Imported from node-rsa's types
|
|
33
|
+
*/
|
|
34
|
+
declare type SigningSchemeHash = 'pkcs1-ripemd160' | 'pkcs1-md4' | 'pkcs1-md5' | 'pkcs1-sha' | 'pkcs1-sha1' | 'pkcs1-sha224' | 'pkcs1-sha256' | 'pkcs1-sha384' | 'pkcs1-sha512' | 'pss-ripemd160' | 'pss-md4' | 'pss-md5' | 'pss-sha' | 'pss-sha1' | 'pss-sha224' | 'pss-sha256' | 'pss-sha384' | 'pss-sha512';
|
|
35
|
+
export {};
|
|
@@ -56,15 +56,16 @@ exports.COSECRV = {
|
|
|
56
56
|
6: 'ed25519',
|
|
57
57
|
};
|
|
58
58
|
exports.COSEALGHASH = {
|
|
59
|
-
'-257': 'sha256',
|
|
60
|
-
'-258': 'sha384',
|
|
61
|
-
'-259': 'sha512',
|
|
62
59
|
'-65535': 'sha1',
|
|
60
|
+
'-259': 'sha512',
|
|
61
|
+
'-258': 'sha384',
|
|
62
|
+
'-257': 'sha256',
|
|
63
63
|
'-39': 'sha512',
|
|
64
64
|
'-38': 'sha384',
|
|
65
65
|
'-37': 'sha256',
|
|
66
|
-
'-7': 'sha256',
|
|
67
|
-
'-8': 'sha512',
|
|
68
66
|
'-36': 'sha512',
|
|
67
|
+
'-35': 'sha384',
|
|
68
|
+
'-8': 'sha512',
|
|
69
|
+
'-7': 'sha256',
|
|
69
70
|
};
|
|
70
71
|
//# sourceMappingURL=convertCOSEtoPKCS.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"convertCOSEtoPKCS.js","sourceRoot":"","sources":["../../src/helpers/convertCOSEtoPKCS.ts"],"names":[],"mappings":";;;AACA,6CAA+C;AAE/C;;GAEG;AACH,SAAgB,iBAAiB,CAAC,aAAqB;IACrD,MAAM,MAAM,GAAkB,IAAA,4BAAe,EAAC,aAAa,CAAC,CAAC;IAE7D,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAEjC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IAED,IAAI,CAAC,EAAE;QACL,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC;KACvD;IAED,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAW,CAAC,CAAC,CAAC;AAC3C,CAAC;AAhBD,8CAgBC;AAID,IAAY,QAQX;AARD,WAAY,QAAQ;IAClB,qCAAO,CAAA;IACP,qCAAO,CAAA;IACP,sCAAQ,CAAA;IACR,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;IACN,kCAAM,CAAA;AACR,CAAC,EARW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAQnB;AAED,IAAY,OAIX;AAJD,WAAY,OAAO;IACjB,mCAAO,CAAA;IACP,mCAAO,CAAA;IACP,mCAAO,CAAA;AACT,CAAC,EAJW,OAAO,GAAP,eAAO,KAAP,eAAO,QAIlB;AAEY,QAAA,aAAa,GAAyC;IACjE,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,YAAY;IACnB,KAAK,EAAE,YAAY;IACnB,QAAQ,EAAE,YAAY;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;IACtB,MAAM,EAAE,cAAc;CACvB,CAAC;AAEF,0DAA0D;AAC7C,QAAA,OAAO,GAA8B;IAChD,UAAU;IACV,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,WAAW;IACX,CAAC,EAAE,MAAM;IACT,UAAU;IACV,CAAC,EAAE,SAAS;CACb,CAAC;AAEW,QAAA,WAAW,GAA8B;IACpD,QAAQ,EAAE,MAAM;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,MAAM,EAAE,QAAQ;IAChB,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,KAAK,EAAE,QAAQ;IACf,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,QAAQ;CACf,CAAC"}
|
|
@@ -9,14 +9,16 @@ const base64url_1 = __importDefault(require("base64url"));
|
|
|
9
9
|
* Convert buffer to an OpenSSL-compatible PEM text format.
|
|
10
10
|
*/
|
|
11
11
|
function convertCertBufferToPEM(certBuffer) {
|
|
12
|
-
let
|
|
12
|
+
let b64cert;
|
|
13
|
+
/**
|
|
14
|
+
* Get certBuffer to a base64 representation
|
|
15
|
+
*/
|
|
13
16
|
if (typeof certBuffer === 'string') {
|
|
14
|
-
|
|
17
|
+
b64cert = base64url_1.default.toBase64(certBuffer);
|
|
15
18
|
}
|
|
16
19
|
else {
|
|
17
|
-
|
|
20
|
+
b64cert = certBuffer.toString('base64');
|
|
18
21
|
}
|
|
19
|
-
const b64cert = buffer.toString('base64');
|
|
20
22
|
let PEMKey = '';
|
|
21
23
|
for (let i = 0; i < Math.ceil(b64cert.length / 64); i += 1) {
|
|
22
24
|
const start = 64 * i;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"convertCertBufferToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAGlC;;GAEG;AACH,SAAgB,sBAAsB,CAAC,UAAoC;IACzE,IAAI,
|
|
1
|
+
{"version":3,"file":"convertCertBufferToPEM.js","sourceRoot":"","sources":["../../src/helpers/convertCertBufferToPEM.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAGlC;;GAEG;AACH,SAAgB,sBAAsB,CAAC,UAAoC;IACzE,IAAI,OAAe,CAAC;IAEpB;;OAEG;IACH,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE;QAClC,OAAO,GAAG,mBAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;KAC1C;SAAM;QACL,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACzC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE;QAC1D,MAAM,KAAK,GAAG,EAAE,GAAG,CAAC,CAAC;QAErB,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,CAAC;KAC5C;IAED,MAAM,GAAG,gCAAgC,MAAM,6BAA6B,CAAC;IAE7E,OAAO,MAAM,CAAC;AAChB,CAAC;AAtBD,wDAsBC"}
|
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
*/
|
|
7
7
|
export declare function decodeAuthenticatorExtensions(extensionData: Buffer): AuthenticationExtensionsAuthenticatorOutputs | undefined;
|
|
8
8
|
export declare type AuthenticationExtensionsAuthenticatorOutputs = {
|
|
9
|
-
|
|
9
|
+
devicePubKey?: DevicePublicKeyAuthenticatorOutput;
|
|
10
10
|
uvm?: UVMAuthenticatorOutput;
|
|
11
11
|
};
|
|
12
12
|
export declare type DevicePublicKeyAuthenticatorOutput = {
|
|
@@ -1,4 +1,16 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
+
declare type VerifySignatureOptsLeafCert = {
|
|
3
|
+
signature: Buffer;
|
|
4
|
+
signatureBase: Buffer;
|
|
5
|
+
leafCert: Buffer;
|
|
6
|
+
hashAlgorithm?: string;
|
|
7
|
+
};
|
|
8
|
+
declare type VerifySignatureOptsCredentialPublicKey = {
|
|
9
|
+
signature: Buffer;
|
|
10
|
+
signatureBase: Buffer;
|
|
11
|
+
credentialPublicKey: Buffer;
|
|
12
|
+
hashAlgorithm?: string;
|
|
13
|
+
};
|
|
2
14
|
/**
|
|
3
15
|
* Verify an authenticator's signature
|
|
4
16
|
*
|
|
@@ -7,4 +19,5 @@
|
|
|
7
19
|
* @param publicKey Authenticator's public key as a PEM certificate
|
|
8
20
|
* @param algo Which algorithm to use to verify the signature (default: `'sha256'`)
|
|
9
21
|
*/
|
|
10
|
-
export declare function verifySignature(
|
|
22
|
+
export declare function verifySignature(opts: VerifySignatureOptsLeafCert | VerifySignatureOptsCredentialPublicKey): Promise<boolean>;
|
|
23
|
+
export {};
|
|
@@ -5,6 +5,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.verifySignature = void 0;
|
|
7
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
8
|
+
const cbor_1 = __importDefault(require("cbor"));
|
|
9
|
+
const ed25519_1 = require("@noble/ed25519");
|
|
10
|
+
const convertCOSEtoPKCS_1 = require("./convertCOSEtoPKCS");
|
|
11
|
+
const convertCertBufferToPEM_1 = require("./convertCertBufferToPEM");
|
|
12
|
+
const convertPublicKeyToPEM_1 = require("./convertPublicKeyToPEM");
|
|
8
13
|
/**
|
|
9
14
|
* Verify an authenticator's signature
|
|
10
15
|
*
|
|
@@ -13,8 +18,57 @@ const crypto_1 = __importDefault(require("crypto"));
|
|
|
13
18
|
* @param publicKey Authenticator's public key as a PEM certificate
|
|
14
19
|
* @param algo Which algorithm to use to verify the signature (default: `'sha256'`)
|
|
15
20
|
*/
|
|
16
|
-
function verifySignature(
|
|
17
|
-
|
|
21
|
+
async function verifySignature(opts) {
|
|
22
|
+
const { signature, signatureBase, hashAlgorithm = 'sha256' } = opts;
|
|
23
|
+
const _isLeafcertOpts = isLeafCertOpts(opts);
|
|
24
|
+
const _isCredPubKeyOpts = isCredPubKeyOpts(opts);
|
|
25
|
+
if (!_isLeafcertOpts && !_isCredPubKeyOpts) {
|
|
26
|
+
throw new Error('Must declare either "leafCert" or "credentialPublicKey"');
|
|
27
|
+
}
|
|
28
|
+
if (_isLeafcertOpts && _isCredPubKeyOpts) {
|
|
29
|
+
throw new Error('Must not declare both "leafCert" and "credentialPublicKey"');
|
|
30
|
+
}
|
|
31
|
+
let publicKeyPEM = '';
|
|
32
|
+
if (_isCredPubKeyOpts) {
|
|
33
|
+
const { credentialPublicKey } = opts;
|
|
34
|
+
// Decode CBOR to COSE
|
|
35
|
+
let struct;
|
|
36
|
+
try {
|
|
37
|
+
struct = cbor_1.default.decodeAllSync(credentialPublicKey)[0];
|
|
38
|
+
}
|
|
39
|
+
catch (err) {
|
|
40
|
+
const _err = err;
|
|
41
|
+
throw new Error(`Error decoding public key while converting to PEM: ${_err.message}`);
|
|
42
|
+
}
|
|
43
|
+
const kty = struct.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
44
|
+
if (!kty) {
|
|
45
|
+
throw new Error('Public key was missing kty');
|
|
46
|
+
}
|
|
47
|
+
// Check key type
|
|
48
|
+
if (kty === convertCOSEtoPKCS_1.COSEKTY.OKP) {
|
|
49
|
+
// Verify Ed25519 slightly differently
|
|
50
|
+
const x = struct.get(convertCOSEtoPKCS_1.COSEKEYS.x);
|
|
51
|
+
if (!x) {
|
|
52
|
+
throw new Error('Public key was missing x (OKP)');
|
|
53
|
+
}
|
|
54
|
+
return (0, ed25519_1.verify)(signature, signatureBase, x);
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
// Convert pubKey to PEM for ECC and RSA
|
|
58
|
+
publicKeyPEM = (0, convertPublicKeyToPEM_1.convertPublicKeyToPEM)(credentialPublicKey);
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
if (_isLeafcertOpts) {
|
|
62
|
+
const { leafCert } = opts;
|
|
63
|
+
publicKeyPEM = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(leafCert);
|
|
64
|
+
}
|
|
65
|
+
return crypto_1.default.createVerify(hashAlgorithm).update(signatureBase).verify(publicKeyPEM, signature);
|
|
18
66
|
}
|
|
19
67
|
exports.verifySignature = verifySignature;
|
|
68
|
+
function isLeafCertOpts(opts) {
|
|
69
|
+
return Object.keys(opts).indexOf('leafCert') >= 0;
|
|
70
|
+
}
|
|
71
|
+
function isCredPubKeyOpts(opts) {
|
|
72
|
+
return (Object.keys(opts).indexOf('credentialPublicKey') >= 0);
|
|
73
|
+
}
|
|
20
74
|
//# sourceMappingURL=verifySignature.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifySignature.js","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;
|
|
1
|
+
{"version":3,"file":"verifySignature.js","sourceRoot":"","sources":["../../src/helpers/verifySignature.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,gDAAwB;AACxB,4CAAyD;AAEzD,2DAAwD;AACxD,qEAAkE;AAClE,mEAAgE;AAgBhE;;;;;;;GAOG;AACI,KAAK,UAAU,eAAe,CACnC,IAA0E;IAE1E,MAAM,EAAE,SAAS,EAAE,aAAa,EAAE,aAAa,GAAG,QAAQ,EAAE,GAAG,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,gBAAgB,CAAC,IAAI,CAAC,CAAC;IAEjD,IAAI,CAAC,eAAe,IAAI,CAAC,iBAAiB,EAAE;QAC1C,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;KAC5E;IAED,IAAI,eAAe,IAAI,iBAAiB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,YAAY,GAAG,EAAE,CAAC;IAEtB,IAAI,iBAAiB,EAAE;QACrB,MAAM,EAAE,mBAAmB,EAAE,GAAG,IAAI,CAAC;QAErC,sBAAsB;QACtB,IAAI,MAAM,CAAC;QACX,IAAI;YACF,MAAM,GAAG,cAAI,CAAC,aAAa,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;SACrD;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,sDAAsD,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;SACvF;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAErC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;SAC/C;QAED,iBAAiB;QACjB,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;YACvB,sCAAsC;YACtC,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;YAEjC,IAAI,CAAC,CAAC,EAAE;gBACN,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;aACnD;YAED,OAAO,IAAA,gBAAa,EAAC,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC;SACnD;aAAM;YACL,wCAAwC;YACxC,YAAY,GAAG,IAAA,6CAAqB,EAAC,mBAAmB,CAAC,CAAC;SAC3D;KACF;IAED,IAAI,eAAe,EAAE;QACnB,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;QAC1B,YAAY,GAAG,IAAA,+CAAsB,EAAC,QAAQ,CAAC,CAAC;KACjD;IAED,OAAO,gBAAM,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;AAClG,CAAC;AAzDD,0CAyDC;AAED,SAAS,cAAc,CACrB,IAA0E;IAE1E,OAAO,MAAM,CAAC,IAAI,CAAC,IAAmC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;AACnF,CAAC;AAED,SAAS,gBAAgB,CACvB,IAA0E;IAE1E,OAAO,CACL,MAAM,CAAC,IAAI,CAAC,IAA8C,CAAC,CAAC,OAAO,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAChG,CAAC;AACJ,CAAC"}
|
|
@@ -5,7 +5,12 @@ import type { MetadataStatement, AlgSign } from '../metadata/mdsTypes';
|
|
|
5
5
|
* Match properties of the authenticator's attestation statement against expected values as
|
|
6
6
|
* registered with the FIDO Alliance Metadata Service
|
|
7
7
|
*/
|
|
8
|
-
export declare function verifyAttestationWithMetadata(statement
|
|
8
|
+
export declare function verifyAttestationWithMetadata({ statement, credentialPublicKey, x5c, attestationStatementAlg, }: {
|
|
9
|
+
statement: MetadataStatement;
|
|
10
|
+
credentialPublicKey: Buffer;
|
|
11
|
+
x5c: Buffer[] | Base64URLString[];
|
|
12
|
+
attestationStatementAlg?: number;
|
|
13
|
+
}): Promise<boolean>;
|
|
9
14
|
declare type COSEInfo = {
|
|
10
15
|
kty: number;
|
|
11
16
|
alg: number;
|
|
@@ -9,10 +9,11 @@ const convertCOSEtoPKCS_1 = require("../helpers/convertCOSEtoPKCS");
|
|
|
9
9
|
* Match properties of the authenticator's attestation statement against expected values as
|
|
10
10
|
* registered with the FIDO Alliance Metadata Service
|
|
11
11
|
*/
|
|
12
|
-
async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c) {
|
|
12
|
+
async function verifyAttestationWithMetadata({ statement, credentialPublicKey, x5c, attestationStatementAlg, }) {
|
|
13
|
+
const { authenticationAlgorithms, authenticatorGetInfo, attestationRootCertificates, } = statement;
|
|
13
14
|
// Make sure the alg in the attestation statement matches one of the ones specified in metadata
|
|
14
15
|
const keypairCOSEAlgs = new Set();
|
|
15
|
-
|
|
16
|
+
authenticationAlgorithms.forEach(algSign => {
|
|
16
17
|
// Map algSign string to { kty, alg, crv }
|
|
17
18
|
const algSignCOSEINFO = exports.algSignToCOSEInfoMap[algSign];
|
|
18
19
|
// Keeping this statement here just in case MDS returns something unexpected
|
|
@@ -67,7 +68,7 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
67
68
|
* ]
|
|
68
69
|
* ```
|
|
69
70
|
*/
|
|
70
|
-
const debugMDSAlgs =
|
|
71
|
+
const debugMDSAlgs = authenticationAlgorithms
|
|
71
72
|
.map((algSign) => `'${algSign}' (COSE info: ${stringifyCOSEInfo(exports.algSignToCOSEInfoMap[algSign])})`);
|
|
72
73
|
const strMDSAlgs = JSON.stringify(debugMDSAlgs, null, 2).replace(/"/g, '');
|
|
73
74
|
/**
|
|
@@ -76,12 +77,36 @@ async function verifyAttestationWithMetadata(statement, credentialPublicKey, x5c
|
|
|
76
77
|
const strPubKeyAlg = stringifyCOSEInfo(publicKeyCOSEInfo);
|
|
77
78
|
throw new Error(`Public key parameters ${strPubKeyAlg} did not match any of the following metadata algorithms:\n${strMDSAlgs}`);
|
|
78
79
|
}
|
|
79
|
-
|
|
80
|
-
|
|
80
|
+
/**
|
|
81
|
+
* Confirm the attestation statement's algorithm is one supported according to metadata
|
|
82
|
+
*/
|
|
83
|
+
if (attestationStatementAlg !== undefined && (authenticatorGetInfo === null || authenticatorGetInfo === void 0 ? void 0 : authenticatorGetInfo.algorithms) !== undefined) {
|
|
84
|
+
const getInfoAlgs = authenticatorGetInfo.algorithms.map(_alg => _alg.alg);
|
|
85
|
+
if (getInfoAlgs.indexOf(attestationStatementAlg) < 0) {
|
|
86
|
+
throw new Error(`Attestation statement alg ${attestationStatementAlg} did not match one of ${getInfoAlgs}`);
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
// Prepare to check the certificate chain
|
|
90
|
+
const authenticatorCerts = x5c.map(convertCertBufferToPEM_1.convertCertBufferToPEM);
|
|
91
|
+
const statementRootCerts = attestationRootCertificates.map(convertCertBufferToPEM_1.convertCertBufferToPEM);
|
|
92
|
+
/**
|
|
93
|
+
* If an authenticator returns exactly one certificate in its x5c, and that cert is found in the
|
|
94
|
+
* metadata statement then the authenticator is "self-referencing". In this case we forego
|
|
95
|
+
* certificate chain validation.
|
|
96
|
+
*/
|
|
97
|
+
let authenticatorIsSelfReferencing = false;
|
|
98
|
+
if (authenticatorCerts.length === 1 &&
|
|
99
|
+
statementRootCerts.indexOf(authenticatorCerts[0]) >= 0) {
|
|
100
|
+
authenticatorIsSelfReferencing = true;
|
|
81
101
|
}
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
102
|
+
if (!authenticatorIsSelfReferencing) {
|
|
103
|
+
try {
|
|
104
|
+
await (0, validateCertificatePath_1.validateCertificatePath)(authenticatorCerts, statementRootCerts);
|
|
105
|
+
}
|
|
106
|
+
catch (err) {
|
|
107
|
+
const _err = err;
|
|
108
|
+
throw new Error(`Could not validate certificate path with any metadata root certificates: ${_err.message}`);
|
|
109
|
+
}
|
|
85
110
|
}
|
|
86
111
|
return true;
|
|
87
112
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;AAGA,8EAA2E;AAC3E,gFAA6E;AAC7E,oFAAiF;AACjF,oEAAiE;AAEjE;;;GAGG;AACI,KAAK,UAAU,6BAA6B,
|
|
1
|
+
{"version":3,"file":"verifyAttestationWithMetadata.js","sourceRoot":"","sources":["../../src/metadata/verifyAttestationWithMetadata.ts"],"names":[],"mappings":";;;AAGA,8EAA2E;AAC3E,gFAA6E;AAC7E,oFAAiF;AACjF,oEAAiE;AAEjE;;;GAGG;AACI,KAAK,UAAU,6BAA6B,CAAC,EAClD,SAAS,EACT,mBAAmB,EACnB,GAAG,EACH,uBAAuB,GAMxB;IACC,MAAM,EACJ,wBAAwB,EACxB,oBAAoB,EACpB,2BAA2B,GAC5B,GAAG,SAAS,CAAC;IAEd,+FAA+F;IAC/F,MAAM,eAAe,GAAkB,IAAI,GAAG,EAAE,CAAC;IACjD,wBAAwB,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACzC,0CAA0C;QAC1C,MAAM,eAAe,GAAG,4BAAoB,CAAC,OAAO,CAAC,CAAC;QAEtD,4EAA4E;QAC5E,IAAI,eAAe,EAAE;YACnB,eAAe,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;SACtC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,MAAM,gBAAgB,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IACxE,+DAA+D;IAC/D,MAAM,iBAAiB,GAAa;QAClC,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;QACjD,GAAG,EAAE,gBAAgB,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAW;KAClD,CAAC;IACF,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE;QAC1B,OAAO,iBAAiB,CAAC,GAAG,CAAC;KAC9B;IAED;;;OAGG;IACH,IAAI,UAAU,GAAG,KAAK,CAAC;IACvB,KAAK,MAAM,UAAU,IAAI,eAAe,EAAE;QACxC,yCAAyC;QACzC,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EAAE;YACxF,+DAA+D;YAC/D,IACE,CAAC,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,IAAI,UAAU,CAAC,GAAG,KAAK,2BAAO,CAAC,GAAG,CAAC;gBAClE,UAAU,CAAC,GAAG,KAAK,iBAAiB,CAAC,GAAG,EACxC;gBACA,UAAU,GAAG,IAAI,CAAC;aACnB;iBAAM;gBACL,+CAA+C;gBAC/C,UAAU,GAAG,IAAI,CAAC;aACnB;SACF;QAED,IAAI,UAAU,EAAE;YACd,MAAM;SACP;KACF;IAED,4DAA4D;IAC5D,IAAI,CAAC,UAAU,EAAE;QACf;;;;;;;;;;;WAWG;QACH,MAAM,YAAY,GAAG,wBAAwB;aAC1C,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,OAAO,iBAAiB,iBAAiB,CAAC,4BAAoB,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC;QACrG,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAE3E;;WAEG;QACH,MAAM,YAAY,GAAG,iBAAiB,CAAC,iBAAiB,CAAC,CAAC;QAE1D,MAAM,IAAI,KAAK,CACb,yBAAyB,YAAY,6DAA6D,UAAU,EAAE,CAC/G,CAAC;KACH;IAED;;OAEG;IACH,IAAI,uBAAuB,KAAK,SAAS,IAAI,CAAA,oBAAoB,aAApB,oBAAoB,uBAApB,oBAAoB,CAAE,UAAU,MAAK,SAAS,EAAE;QAC3F,MAAM,WAAW,GAAG,oBAAoB,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1E,IAAI,WAAW,CAAC,OAAO,CAAC,uBAAuB,CAAC,GAAG,CAAC,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,6BAA6B,uBAAuB,yBAAyB,WAAW,EAAE,CAC3F,CAAC;SACH;KACF;IAED,yCAAyC;IACzC,MAAM,kBAAkB,GAAG,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GAAG,2BAA2B,CAAC,GAAG,CAAC,+CAAsB,CAAC,CAAC;IAEnF;;;;OAIG;IACH,IAAI,8BAA8B,GAAG,KAAK,CAAC;IAC3C,IACE,kBAAkB,CAAC,MAAM,KAAK,CAAC;QAC/B,kBAAkB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,EACtD;QACA,8BAA8B,GAAG,IAAI,CAAC;KACvC;IAED,IAAI,CAAC,8BAA8B,EAAE;QACnC,IAAI;YACF,MAAM,IAAA,iDAAuB,EAAC,kBAAkB,EAAE,kBAAkB,CAAC,CAAC;SACvE;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CACb,4EAA4E,IAAI,CAAC,OAAO,EAAE,CAC3F,CAAC;SACH;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAvID,sEAuIC;AAQD;;;;;;GAMG;AACU,QAAA,oBAAoB,GAAmC;IAClE,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;IACvD,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;IACvD,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;IAC3C,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;IAC3C,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE;IACxD,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE;IACxD,qBAAqB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;IAC3C,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;IAChD,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;IAChD,yBAAyB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE;IAChD,uBAAuB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,KAAK,EAAE;IAChD,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE;IACxD,0BAA0B,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE;IACxD,wBAAwB,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE;CACtD,CAAC;AAEF;;;;;;GAMG;AACH,SAAS,iBAAiB,CAAC,IAAc;IACvC,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IAE/B,IAAI,QAAQ,GAAG,EAAE,CAAC;IAClB,IAAI,GAAG,KAAK,2BAAO,CAAC,GAAG,EAAE;QACvB,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,UAAU,GAAG,IAAI,CAAC;KACxD;SAAM;QACL,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,IAAI,CAAC;KAC3C;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -200,7 +200,12 @@ async function verifyAttestationTPM(options) {
|
|
|
200
200
|
const statement = await metadataService_1.MetadataService.getStatement(aaguid);
|
|
201
201
|
if (statement) {
|
|
202
202
|
try {
|
|
203
|
-
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(
|
|
203
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)({
|
|
204
|
+
statement,
|
|
205
|
+
credentialPublicKey,
|
|
206
|
+
x5c,
|
|
207
|
+
attestationStatementAlg: alg,
|
|
208
|
+
});
|
|
204
209
|
}
|
|
205
210
|
catch (err) {
|
|
206
211
|
const _err = err;
|
|
@@ -219,8 +224,12 @@ async function verifyAttestationTPM(options) {
|
|
|
219
224
|
}
|
|
220
225
|
// Verify signature over certInfo with the public key extracted from AIK certificate.
|
|
221
226
|
// In the wise words of Yuriy Ackermann: "Get Martini friend, you are done!"
|
|
222
|
-
|
|
223
|
-
|
|
227
|
+
return (0, verifySignature_1.verifySignature)({
|
|
228
|
+
signature: sig,
|
|
229
|
+
signatureBase: certInfo,
|
|
230
|
+
leafCert: x5c[0],
|
|
231
|
+
hashAlgorithm: hashAlg
|
|
232
|
+
});
|
|
224
233
|
}
|
|
225
234
|
exports.verifyAttestationTPM = verifyAttestationTPM;
|
|
226
235
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationTPM.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAO6B;AAI7B,0FAAuF;AACvF,0EAA2E;AAC3E,oDAAiD;AACjD,oFAAiF;AACjF,sFAAmF;AACnF,4EAAyE;AACzE,sEAAmE;AACnE,uEAAoE;AACpE,mGAAgG;AAEhG,2CAA4E;AAC5E,mDAAgD;AAChD,iDAA8C;AAEvC,KAAK,UAAU,oBAAoB,CAAC,OAAsC;;IAC/E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1D;;OAEG;IACH,IAAI,GAAG,KAAK,KAAK,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,yBAAyB,CAAC,CAAC;KAClE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,aAAa,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;IAE5D,yFAAyF;IACzF,2FAA2F;IAC3F,MAAM,aAAa,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IAErE,IAAI,OAAO,KAAK,aAAa,EAAE;QAC7B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,OAAO,GAAG,CAAW,CAAC;QAC5B,8FAA8F;QAC9F,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEzD,4CAA4C;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,IAAI,eAAe,KAAK,IAAI,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,cAAc,eAAe,YAAY,CAAC,CAAC;SAC7F;KACF;SAAM,IAAI,OAAO,KAAK,aAAa,EAAE;QACpC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC,EAAE;YAC7D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9C,MAAM,0BAA0B,GAAG,sCAA0B,CAAC,cAAc,CAAC,CAAA;QAC7E,IAAI,0BAA0B,KAAK,GAAG,EAAE;YACtC,MAAM,IAAI,KAAK,CACb,6BAA6B,cAAc,gBAAgB,0BAA0B,4CAA4C,GAAG,aAAa,CAClJ,CAAC;SACH;KACF;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,CAAC,CAAC;KAC1D;IAED,MAAM,cAAc,GAAG,IAAA,6BAAa,EAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC;IAEtE,IAAI,KAAK,KAAK,UAAU,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,gCAAgC,CAAC,CAAC;KACnF;IAED,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,2CAA2C,CAAC,CAAC;KAC1F;IAED,mEAAmE;IACnE,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAE9E,uEAAuE;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,+DAA+D;IAC/D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;KAC1D;IAED,mEAAmE;IACnE,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,8FAA8F;IAC9F,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;IACnD,MAAM,iBAAiB,GAAG,IAAA,eAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEzD,gEAAgE;IAChE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED;;OAEG;IACH,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAA,uCAAkB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC;IAEnF,IAAI,kBAAkB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,mEAAmE;IACnE,IAAI,OAAO,KAAK,CAAC,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,4CAA4C;IAC5C,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACrB,IAAI,SAAS,GAAG,GAAG,EAAE;QACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAChF;IAED,yCAAyC;IACzC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAC9E;IAED;;OAEG;IACH,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IAED,IAAI,qBAAyD,CAAC;IAC9D,IAAI,WAAyC,CAAC;IAC9C,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,gCAAoB,EAAE;YACvC,qBAAqB,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,kCAAsB,CAAC,CAAC;SAChF;aAAM,IAAI,GAAG,CAAC,MAAM,KAAK,6BAAiB,EAAE;YAC3C,WAAW,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,4BAAgB,CAAC,CAAC;SAChE;IACH,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,6FAA6F;IAC7F,SAAS;IACT,IAAI,CAAC,CAAA,MAAA,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,0CAAG,CAAC,EAAE,MAAM,CAAA,EAAE;QACvD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,MAAM,EAAE,oBAAoB,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,iBAAiB,CAChF,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,CACvC,CAAC;IAEF,IAAI,CAAC,oBAAoB,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;KACjF;IAED,yFAAyF;IACzF,IAAI,CAAC,6BAAiB,CAAC,oBAAoB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,qCAAqC,oBAAoB,SAAS,CAAC,CAAC;KACrF;IAED,wFAAwF;IACxF,4CAA4C;IAC5C,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE;QACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC;KAC9F;IAED,gGAAgG;IAChG,4DAA4D;IAE5D,wEAAwE;IACxE,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"verifyAttestationTPM.js","sourceRoot":"","sources":["../../../../src/registration/verifications/tpm/verifyAttestationTPM.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAO6B;AAI7B,0FAAuF;AACvF,0EAA2E;AAC3E,oDAAiD;AACjD,oFAAiF;AACjF,sFAAmF;AACnF,4EAAyE;AACzE,sEAAmE;AACnE,uEAAoE;AACpE,mGAAgG;AAEhG,2CAA4E;AAC5E,mDAAgD;AAChD,iDAA8C;AAEvC,KAAK,UAAU,oBAAoB,CAAC,OAAsC;;IAC/E,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,mBAAmB,EAAE,cAAc,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE1D;;OAEG;IACH,IAAI,GAAG,KAAK,KAAK,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,yBAAyB,CAAC,CAAC;KAClE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;KACpE;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,IAAI,CAAC,OAAO,EAAE;QACZ,MAAM,IAAI,KAAK,CAAC,qDAAqD,CAAC,CAAC;KACxE;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,aAAa,GAAG,IAAA,2BAAY,EAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,GAAG,aAAa,CAAC;IAE5D,yFAAyF;IACzF,2FAA2F;IAC3F,MAAM,aAAa,GAAG,IAAA,qDAAyB,EAAC,mBAAmB,CAAC,CAAC;IAErE,IAAI,OAAO,KAAK,aAAa,EAAE;QAC7B,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAW,CAAC,EAAE;YAC/B,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;SAChF;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,OAAO,GAAG,CAAW,CAAC;QAC5B,8FAA8F;QAC9F,MAAM,eAAe,GAAG,UAAU,CAAC,GAAG,CAAC,QAAQ,IAAI,KAAK,CAAC;QAEzD,4CAA4C;QAC5C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAEjE,IAAI,eAAe,KAAK,IAAI,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,cAAc,eAAe,YAAY,CAAC,CAAC;SAC7F;KACF;SAAM,IAAI,OAAO,KAAK,aAAa,EAAE;QACpC,MAAM,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,GAAG,CAAC,CAAC;QAC5C,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,aAAa,CAAC,GAAG,CAAC,4BAAQ,CAAC,CAAC,CAAC,CAAC;QAExC,IAAI,CAAC,GAAG,EAAE;YACR,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QACD,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;SACxD;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAW,EAAE,CAAW,CAAC,CAAC,CAAC,EAAE;YAC7D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;SAC/E;QAED,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC;QAC9C,MAAM,0BAA0B,GAAG,sCAA0B,CAAC,cAAc,CAAC,CAAA;QAC7E,IAAI,0BAA0B,KAAK,GAAG,EAAE;YACtC,MAAM,IAAI,KAAK,CACb,6BAA6B,cAAc,gBAAgB,0BAA0B,4CAA4C,GAAG,aAAa,CAClJ,CAAC;SACH;KACF;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,6BAA6B,OAAO,GAAG,CAAC,CAAC;KAC1D;IAED,MAAM,cAAc,GAAG,IAAA,6BAAa,EAAC,QAAQ,CAAC,CAAC;IAC/C,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,cAAc,CAAC;IAEtE,IAAI,KAAK,KAAK,UAAU,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,2BAA2B,KAAK,gCAAgC,CAAC,CAAC;KACnF;IAED,IAAI,QAAQ,KAAK,uBAAuB,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,oBAAoB,QAAQ,2CAA2C,CAAC,CAAC;KAC1F;IAED,mEAAmE;IACnE,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC,CAAC;IAE9E,uEAAuE;IACvE,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,aAAa,EAAE,WAAW,CAAC,CAAC,CAAC;IAE1E,+DAA+D;IAC/D,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;KAC1D;IAED,mEAAmE;IACnE,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,8FAA8F;IAC9F,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;IACnD,MAAM,iBAAiB,GAAG,IAAA,eAAM,EAAC,aAAa,EAAE,OAAO,CAAC,CAAC;IAEzD,gEAAgE;IAChE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE;QACxC,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED;;OAEG;IACH,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,6DAA6D;IAC7D,MAAM,YAAY,GAAG,IAAA,uCAAkB,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,EAAE,kBAAkB,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,YAAY,CAAC;IAEnF,IAAI,kBAAkB,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,mEAAmE;IACnE,IAAI,OAAO,KAAK,CAAC,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;KAC7E;IAED,wCAAwC;IACxC,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;QACnC,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,4CAA4C;IAC5C,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACrB,IAAI,SAAS,GAAG,GAAG,EAAE;QACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAChF;IAED,yCAAyC;IACzC,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;QAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;KAC9E;IAED;;OAEG;IACH,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IAExD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,EAAE;QACzC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;KAC7D;IAED,IAAI,qBAAyD,CAAC;IAC9D,IAAI,WAAyC,CAAC;IAC9C,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,gCAAoB,EAAE;YACvC,qBAAqB,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,kCAAsB,CAAC,CAAC;SAChF;aAAM,IAAI,GAAG,CAAC,MAAM,KAAK,6BAAiB,EAAE;YAC3C,WAAW,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,4BAAgB,CAAC,CAAC;SAChE;IACH,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,IAAI,CAAC,qBAAqB,EAAE;QAC1B,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,6FAA6F;IAC7F,SAAS;IACT,IAAI,CAAC,CAAA,MAAA,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,0CAAG,CAAC,EAAE,MAAM,CAAA,EAAE;QACvD,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;KACvF;IAED,MAAM,EAAE,oBAAoB,EAAE,aAAa,EAAE,eAAe,EAAE,GAAG,iBAAiB,CAChF,qBAAqB,CAAC,CAAC,CAAC,CAAC,aAAa,CACvC,CAAC;IAEF,IAAI,CAAC,oBAAoB,IAAI,CAAC,aAAa,IAAI,CAAC,eAAe,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;KAC/E;IAED,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;KACjF;IAED,yFAAyF;IACzF,IAAI,CAAC,6BAAiB,CAAC,oBAAoB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,qCAAqC,oBAAoB,SAAS,CAAC,CAAC;KACrF;IAED,wFAAwF;IACxF,4CAA4C;IAC5C,IAAI,WAAW,CAAC,CAAC,CAAC,KAAK,cAAc,EAAE;QACrC,MAAM,IAAI,KAAK,CAAC,2BAA2B,WAAW,CAAC,CAAC,CAAC,kCAAkC,CAAC,CAAC;KAC9F;IAED,gGAAgG;IAChG,4DAA4D;IAE5D,wEAAwE;IACxE,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC;gBAClC,SAAS;gBACT,mBAAmB;gBACnB,GAAG;gBACH,uBAAuB,EAAE,GAAG;aAC7B,CAAC,CAAC;SACJ;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,QAAQ,CAAC,CAAC;SAC1C;KACF;IAED,qFAAqF;IACrF,4EAA4E;IAC5E,OAAO,IAAA,iCAAe,EAAC;QACrB,SAAS,EAAE,GAAG;QACd,aAAa,EAAE,QAAQ;QACvB,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAChB,aAAa,EAAE,OAAO;KACvB,CAAC,CAAC;AACL,CAAC;AArQD,oDAqQC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,IAAU;IAKnC,MAAM,eAAe,GAAG,cAAc,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC;IAChC,MAAM,UAAU,GAAG,cAAc,CAAC;IAElC,IAAI,oBAAwC,CAAC;IAC7C,IAAI,aAAiC,CAAC;IACtC,IAAI,eAAmC,CAAC;IAExC;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;QACrB,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE;YACrB,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE;gBACjC,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aAC9C;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE;gBACjC,aAAa,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACvC;iBAAM,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE;gBACnC,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;aACzC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO;QACL,oBAAoB;QACpB,aAAa;QACb,eAAe;KAChB,CAAC;AACJ,CAAC"}
|
|
@@ -57,7 +57,12 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
57
57
|
const statement = await metadataService_1.MetadataService.getStatement(aaguid);
|
|
58
58
|
if (statement) {
|
|
59
59
|
try {
|
|
60
|
-
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(
|
|
60
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)({
|
|
61
|
+
statement,
|
|
62
|
+
credentialPublicKey,
|
|
63
|
+
x5c,
|
|
64
|
+
attestationStatementAlg: alg,
|
|
65
|
+
});
|
|
61
66
|
}
|
|
62
67
|
catch (err) {
|
|
63
68
|
const _err = err;
|
|
@@ -75,9 +80,13 @@ async function verifyAttestationAndroidKey(options) {
|
|
|
75
80
|
}
|
|
76
81
|
}
|
|
77
82
|
const signatureBase = Buffer.concat([authData, clientDataHash]);
|
|
78
|
-
const leafCertPEM = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(x5c[0]);
|
|
79
83
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
80
|
-
return (0, verifySignature_1.verifySignature)(
|
|
84
|
+
return (0, verifySignature_1.verifySignature)({
|
|
85
|
+
signature: sig,
|
|
86
|
+
signatureBase,
|
|
87
|
+
leafCert: x5c[0],
|
|
88
|
+
hashAlgorithm: hashAlg
|
|
89
|
+
});
|
|
81
90
|
}
|
|
82
91
|
exports.verifyAttestationAndroidKey = verifyAttestationAndroidKey;
|
|
83
92
|
//# sourceMappingURL=verifyAttestationAndroidKey.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationAndroidKey.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidKey.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAAkD;AAClD,yDAA8E;AAI9E,iFAA8E;AAC9E,mFAAgF;AAChF,mEAAgE;AAChE,uEAAiF;AACjF,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,2BAA2B,CAC/C,OAAsC;;IAEtC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;KAC9F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC5F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,uFAAuF;IACvF,kDAAkD;IAClD,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,UAAU,CAAC,cAAc,CAAC,oBAAoB,CAAC,gBAAgB,CAChE,CAAC;IAEF,0CAA0C;IAC1C,MAAM,cAAc,GAAG,IAAA,qCAAiB,EAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,cAAc,CAAC,UAAU,0CAAE,IAAI,CAC5D,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,mCAAoB,CAC3C,CAAC;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,iBAAiB,GAAG,uBAAS,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,6BAAc,CAAC,CAAC;IAEjF,4BAA4B;IAC5B,MAAM,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC;IAElF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;QACpE,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,4FAA4F;IAC5F,aAAa;IACb,IAAI,WAAW,CAAC,eAAe,KAAK,SAAS,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,IAAI,gBAAgB,CAAC,eAAe,KAAK,SAAS,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC,SAAS,
|
|
1
|
+
{"version":3,"file":"verifyAttestationAndroidKey.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidKey.ts"],"names":[],"mappings":";;;AAAA,uDAAkD;AAClD,mDAAkD;AAClD,yDAA8E;AAI9E,iFAA8E;AAC9E,mFAAgF;AAChF,mEAAgE;AAChE,uEAAiF;AACjF,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,2BAA2B,CAC/C,OAAsC;;IAEtC,MAAM,EAAE,QAAQ,EAAE,cAAc,EAAE,OAAO,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IACV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,2EAA2E,CAAC,CAAC;KAC9F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yEAAyE,CAAC,CAAC;KAC5F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wDAAwD,CAAC,CAAC;KAC3E;IAED,uFAAuF;IACvF,kDAAkD;IAClD,MAAM,UAAU,GAAG,uBAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,uBAAW,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAClC,UAAU,CAAC,cAAc,CAAC,oBAAoB,CAAC,gBAAgB,CAChE,CAAC;IAEF,0CAA0C;IAC1C,MAAM,cAAc,GAAG,IAAA,qCAAiB,EAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE;QAC5C,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,4DAA4D;IAC5D,MAAM,WAAW,GAAG,MAAA,UAAU,CAAC,cAAc,CAAC,UAAU,0CAAE,IAAI,CAC5D,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,MAAM,KAAK,mCAAoB,CAC3C,CAAC;IAEF,IAAI,CAAC,WAAW,EAAE;QAChB,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KACzE;IAED,MAAM,iBAAiB,GAAG,uBAAS,CAAC,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE,6BAAc,CAAC,CAAC;IAEjF,4BAA4B;IAC5B,MAAM,EAAE,oBAAoB,EAAE,WAAW,EAAE,gBAAgB,EAAE,GAAG,iBAAiB,CAAC;IAElF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,EAAE;QACpE,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,4FAA4F;IAC5F,aAAa;IACb,IAAI,WAAW,CAAC,eAAe,KAAK,SAAS,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,IAAI,gBAAgB,CAAC,eAAe,KAAK,SAAS,EAAE;QAClD,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;KACnF;IAED,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC;gBAClC,SAAS;gBACT,mBAAmB;gBACnB,GAAG;gBACH,uBAAuB,EAAE,GAAG;aAC7B,CAAC,CAAC;SACJ;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SAClF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,eAAe,CAAC,CAAC;SACjD;KACF;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAChE,MAAM,OAAO,GAAG,+BAAW,CAAC,GAAa,CAAC,CAAC;IAE3C,OAAO,IAAA,iCAAe,EAAC;QACrB,SAAS,EAAE,GAAG;QACd,aAAa;QACb,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QAChB,aAAa,EAAE,OAAO;KACvB,CAAC,CAAC;AACL,CAAC;AA7FD,kEA6FC"}
|
|
@@ -17,7 +17,7 @@ const verifyAttestationWithMetadata_1 = require("../../metadata/verifyAttestatio
|
|
|
17
17
|
*/
|
|
18
18
|
async function verifyAttestationAndroidSafetyNet(options) {
|
|
19
19
|
const { attStmt, clientDataHash, authData, aaguid, rootCertificates, verifyTimestampMS = true, credentialPublicKey, } = options;
|
|
20
|
-
const { response, ver } = attStmt;
|
|
20
|
+
const { alg, response, ver } = attStmt;
|
|
21
21
|
if (!ver) {
|
|
22
22
|
throw new Error('No ver value in attestation (SafetyNet)');
|
|
23
23
|
}
|
|
@@ -73,7 +73,12 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
73
73
|
const statement = await metadataService_1.MetadataService.getStatement(aaguid);
|
|
74
74
|
if (statement) {
|
|
75
75
|
try {
|
|
76
|
-
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(
|
|
76
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)({
|
|
77
|
+
statement,
|
|
78
|
+
credentialPublicKey,
|
|
79
|
+
x5c: HEADER.x5c,
|
|
80
|
+
attestationStatementAlg: alg,
|
|
81
|
+
});
|
|
77
82
|
}
|
|
78
83
|
catch (err) {
|
|
79
84
|
const _err = err;
|
|
@@ -98,8 +103,11 @@ async function verifyAttestationAndroidSafetyNet(options) {
|
|
|
98
103
|
*/
|
|
99
104
|
const signatureBaseBuffer = Buffer.from(`${jwtParts[0]}.${jwtParts[1]}`);
|
|
100
105
|
const signatureBuffer = base64url_1.default.toBuffer(SIGNATURE);
|
|
101
|
-
const
|
|
102
|
-
|
|
106
|
+
const verified = await (0, verifySignature_1.verifySignature)({
|
|
107
|
+
signature: signatureBuffer,
|
|
108
|
+
signatureBase: signatureBaseBuffer,
|
|
109
|
+
leafCert: leafCertBuffer,
|
|
110
|
+
});
|
|
103
111
|
/**
|
|
104
112
|
* END Verify Signature
|
|
105
113
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationAndroidSafetyNet.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAIlC,iDAA8C;AAC9C,mEAAgE;AAChE,yEAAsE;AACtE,mFAAgF;AAChF,iFAA8E;AAC9E,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,iBAAiB,GAAG,IAAI,EACxB,mBAAmB,GACpB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"verifyAttestationAndroidSafetyNet.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationAndroidSafetyNet.ts"],"names":[],"mappings":";;;;;;AAAA,0DAAkC;AAIlC,iDAA8C;AAC9C,mEAAgE;AAChE,yEAAsE;AACtE,mFAAgF;AAChF,iFAA8E;AAC9E,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,iCAAiC,CACrD,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,MAAM,EACN,gBAAgB,EAChB,iBAAiB,GAAG,IAAI,EACxB,mBAAmB,GACpB,GAAG,OAAO,CAAC;IACZ,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAEvC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;KAC5D;IAED,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,0BAA0B;IAC1B,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACtC,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAEhC,MAAM,MAAM,GAAuB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,OAAO,GAAwB,IAAI,CAAC,KAAK,CAAC,mBAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,MAAM,SAAS,GAA0B,QAAQ,CAAC,CAAC,CAAC,CAAC;IAErD;;OAEG;IACH,MAAM,EAAE,KAAK,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,OAAO,CAAC;IAExD,IAAI,iBAAiB,EAAE;QACrB,qCAAqC;QACrC,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACrB,IAAI,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,WAAW,qBAAqB,GAAG,eAAe,CAAC,CAAC;SAC3F;QAED,+EAA+E;QAC/E,MAAM,kBAAkB,GAAG,WAAW,GAAG,EAAE,GAAG,IAAI,CAAC;QACnD,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACjB,IAAI,kBAAkB,GAAG,GAAG,EAAE;YAC5B,MAAM,IAAI,KAAK,CAAC,sBAAsB,kBAAkB,2BAA2B,CAAC,CAAC;SACtF;KACF;IAED,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAC5D,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,SAAS,CAAC,CAAC;IACtC,MAAM,aAAa,GAAG,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAErD,IAAI,KAAK,KAAK,aAAa,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;KAC/D;IAED,IAAI,CAAC,eAAe,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;KAClE;IACD;;OAEG;IAEH;;OAEG;IACH,MAAM,cAAc,GAAG,mBAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACzD,MAAM,YAAY,GAAG,IAAA,uCAAkB,EAAC,cAAc,CAAC,CAAC;IAExD,MAAM,EAAE,OAAO,EAAE,GAAG,YAAY,CAAC;IAEjC,qDAAqD;IACrD,+FAA+F;IAC/F,IAAI,OAAO,CAAC,EAAE,KAAK,oBAAoB,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;KACrF;IAED,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IAC7D,IAAI,SAAS,EAAE;QACb,IAAI;YACF,MAAM,IAAA,6DAA6B,EAAC;gBAClC,SAAS;gBACT,mBAAmB;gBACnB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,uBAAuB,EAAE,GAAG;aAC7B,CAAC,CAAC;SACJ;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,CAAC,CAAC;SAChD;KACF;SAAM;QACL,IAAI;YACF,0FAA0F;YAC1F,MAAM,IAAA,iDAAuB,EAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;SACzF;QAAC,OAAO,GAAG,EAAE;YACZ,MAAM,IAAI,GAAG,GAAY,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,cAAc,CAAC,CAAC;SAChD;KACF;IACD;;OAEG;IAEH;;OAEG;IACH,MAAM,mBAAmB,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IACzE,MAAM,eAAe,GAAG,mBAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEtD,MAAM,QAAQ,GAAG,MAAM,IAAA,iCAAe,EAAC;QACrC,SAAS,EAAE,eAAe;QAC1B,aAAa,EAAE,mBAAmB;QAClC,QAAQ,EAAE,cAAc;KACzB,CAAC,CAAC;IACH;;OAEG;IAEH,OAAO,QAAQ,CAAC;AAClB,CAAC;AAzHD,8EAyHC"}
|
|
@@ -39,8 +39,11 @@ async function verifyAttestationFIDOU2F(options) {
|
|
|
39
39
|
const _err = err;
|
|
40
40
|
throw new Error(`${_err.message} (FIDOU2F)`);
|
|
41
41
|
}
|
|
42
|
-
|
|
43
|
-
|
|
42
|
+
return (0, verifySignature_1.verifySignature)({
|
|
43
|
+
signature: sig,
|
|
44
|
+
signatureBase,
|
|
45
|
+
leafCert: x5c[0],
|
|
46
|
+
});
|
|
44
47
|
}
|
|
45
48
|
exports.verifyAttestationFIDOU2F = verifyAttestationFIDOU2F;
|
|
46
49
|
//# sourceMappingURL=verifyAttestationFIDOU2F.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationFIDOU2F.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationFIDOU2F.ts"],"names":[],"mappings":";;;AAEA,uEAAoE;AACpE,iFAA8E;AAC9E,mFAAgF;AAChF,mEAAgE;AAEhE;;GAEG;AACI,KAAK,UAAU,wBAAwB,CAC5C,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,MAAM,GAAG,EAAE,EACX,gBAAgB,GACjB,GAAG,OAAO,CAAC;IAEZ,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAA,qCAAiB,EAAC,mBAAmB,CAAC,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;QAClC,YAAY;QACZ,QAAQ;QACR,cAAc;QACd,YAAY;QACZ,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,gEAAgE;IAChE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,WAAW,KAAK,IAAI,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,WAAW,WAAW,0BAA0B,CAAC,CAAC;KACnE;IAED,IAAI;QACF,0FAA0F;QAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;KAClF;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,YAAY,CAAC,CAAC;KAC9C;IAED,
|
|
1
|
+
{"version":3,"file":"verifyAttestationFIDOU2F.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationFIDOU2F.ts"],"names":[],"mappings":";;;AAEA,uEAAoE;AACpE,iFAA8E;AAC9E,mFAAgF;AAChF,mEAAgE;AAEhE;;GAEG;AACI,KAAK,UAAU,wBAAwB,CAC5C,OAAsC;IAEtC,MAAM,EACJ,OAAO,EACP,cAAc,EACd,QAAQ,EACR,YAAY,EACZ,mBAAmB,EACnB,MAAM,GAAG,EAAE,EACX,gBAAgB,GACjB,GAAG,OAAO,CAAC;IAEZ,MAAM,YAAY,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;IACzC,MAAM,SAAS,GAAG,IAAA,qCAAiB,EAAC,mBAAmB,CAAC,CAAC;IAEzD,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC;QAClC,YAAY;QACZ,QAAQ;QACR,cAAc;QACd,YAAY;QACZ,SAAS;KACV,CAAC,CAAC;IAEH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;KAC3F;IAED,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,sEAAsE,CAAC,CAAC;KACzF;IAED,gEAAgE;IAChE,MAAM,WAAW,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAChE,IAAI,WAAW,KAAK,IAAI,EAAE;QACxB,MAAM,IAAI,KAAK,CAAC,WAAW,WAAW,0BAA0B,CAAC,CAAC;KACnE;IAED,IAAI;QACF,0FAA0F;QAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;KAClF;IAAC,OAAO,GAAG,EAAE;QACZ,MAAM,IAAI,GAAG,GAAY,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,YAAY,CAAC,CAAC;KAC9C;IAED,OAAO,IAAA,iCAAe,EAAC;QACrB,SAAS,EAAE,GAAG;QACd,aAAa;QACb,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;KACjB,CAAC,CAAC;AACL,CAAC;AArDD,4DAqDC"}
|
|
@@ -1,18 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
3
|
exports.verifyAttestationPacked = void 0;
|
|
7
|
-
const elliptic_1 = __importDefault(require("elliptic"));
|
|
8
|
-
const node_rsa_1 = __importDefault(require("node-rsa"));
|
|
9
4
|
const convertCOSEtoPKCS_1 = require("../../helpers/convertCOSEtoPKCS");
|
|
10
|
-
const toHash_1 = require("../../helpers/toHash");
|
|
11
5
|
const convertCertBufferToPEM_1 = require("../../helpers/convertCertBufferToPEM");
|
|
12
6
|
const validateCertificatePath_1 = require("../../helpers/validateCertificatePath");
|
|
13
7
|
const getCertificateInfo_1 = require("../../helpers/getCertificateInfo");
|
|
14
8
|
const verifySignature_1 = require("../../helpers/verifySignature");
|
|
15
|
-
const decodeCredentialPublicKey_1 = require("../../helpers/decodeCredentialPublicKey");
|
|
16
9
|
const metadataService_1 = require("../../services/metadataService");
|
|
17
10
|
const verifyAttestationWithMetadata_1 = require("../../metadata/verifyAttestationWithMetadata");
|
|
18
11
|
/**
|
|
@@ -29,9 +22,7 @@ async function verifyAttestationPacked(options) {
|
|
|
29
22
|
}
|
|
30
23
|
const signatureBase = Buffer.concat([authData, clientDataHash]);
|
|
31
24
|
let verified = false;
|
|
32
|
-
const pkcsPublicKey = (0, convertCOSEtoPKCS_1.convertCOSEtoPKCS)(credentialPublicKey);
|
|
33
25
|
if (x5c) {
|
|
34
|
-
const leafCert = (0, convertCertBufferToPEM_1.convertCertBufferToPEM)(x5c[0]);
|
|
35
26
|
const { subject, basicConstraintsCA, version, notBefore, notAfter } = (0, getCertificateInfo_1.getCertificateInfo)(x5c[0]);
|
|
36
27
|
const { OU, CN, O, C } = subject;
|
|
37
28
|
if (OU !== 'Authenticator Attestation') {
|
|
@@ -71,7 +62,12 @@ async function verifyAttestationPacked(options) {
|
|
|
71
62
|
throw new Error('Metadata does not indicate support for full attestations (Packed|Full)');
|
|
72
63
|
}
|
|
73
64
|
try {
|
|
74
|
-
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)(
|
|
65
|
+
await (0, verifyAttestationWithMetadata_1.verifyAttestationWithMetadata)({
|
|
66
|
+
statement,
|
|
67
|
+
credentialPublicKey,
|
|
68
|
+
x5c,
|
|
69
|
+
attestationStatementAlg: alg,
|
|
70
|
+
});
|
|
75
71
|
}
|
|
76
72
|
catch (err) {
|
|
77
73
|
const _err = err;
|
|
@@ -88,60 +84,20 @@ async function verifyAttestationPacked(options) {
|
|
|
88
84
|
throw new Error(`${_err.message} (Packed|Full)`);
|
|
89
85
|
}
|
|
90
86
|
}
|
|
91
|
-
verified = (0, verifySignature_1.verifySignature)(
|
|
87
|
+
verified = await (0, verifySignature_1.verifySignature)({
|
|
88
|
+
signature: sig,
|
|
89
|
+
signatureBase,
|
|
90
|
+
leafCert: x5c[0],
|
|
91
|
+
});
|
|
92
92
|
}
|
|
93
93
|
else {
|
|
94
|
-
const cosePublicKey = (0, decodeCredentialPublicKey_1.decodeCredentialPublicKey)(credentialPublicKey);
|
|
95
|
-
const kty = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.kty);
|
|
96
|
-
if (!kty) {
|
|
97
|
-
throw new Error('COSE public key was missing kty (Packed|Self)');
|
|
98
|
-
}
|
|
99
94
|
const hashAlg = convertCOSEtoPKCS_1.COSEALGHASH[alg];
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
/**
|
|
107
|
-
* Instantiating the curve here is _very_ computationally heavy - a bit of profiling
|
|
108
|
-
* (in compiled JS, not TS) reported an average of ~125ms to execute this line. The elliptic
|
|
109
|
-
* README states, "better do it once and reuse it", so maybe there's a better way to handle
|
|
110
|
-
* this in a server context, when we can re-use an existing instance.
|
|
111
|
-
*
|
|
112
|
-
* For now, it's worth noting that this line is probably the reason why it can take
|
|
113
|
-
* 5-6 seconds to run tests.
|
|
114
|
-
*/
|
|
115
|
-
const ec = new elliptic_1.default.ec(convertCOSEtoPKCS_1.COSECRV[crv]);
|
|
116
|
-
const key = ec.keyFromPublic(pkcsPublicKey);
|
|
117
|
-
verified = key.verify(signatureBaseHash, sig);
|
|
118
|
-
}
|
|
119
|
-
else if (kty === convertCOSEtoPKCS_1.COSEKTY.RSA) {
|
|
120
|
-
const n = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.n);
|
|
121
|
-
if (!n) {
|
|
122
|
-
throw new Error('COSE public key was missing n (Packed|RSA)');
|
|
123
|
-
}
|
|
124
|
-
const signingScheme = convertCOSEtoPKCS_1.COSERSASCHEME[alg];
|
|
125
|
-
// TODO: Verify this works
|
|
126
|
-
const key = new node_rsa_1.default();
|
|
127
|
-
key.setOptions({ signingScheme });
|
|
128
|
-
key.importKey({
|
|
129
|
-
n: n,
|
|
130
|
-
e: 65537,
|
|
131
|
-
}, 'components-public');
|
|
132
|
-
verified = key.verify(signatureBase, sig);
|
|
133
|
-
}
|
|
134
|
-
else if (kty === convertCOSEtoPKCS_1.COSEKTY.OKP) {
|
|
135
|
-
const x = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.x);
|
|
136
|
-
if (!x) {
|
|
137
|
-
throw new Error('COSE public key was missing x (Packed|OKP)');
|
|
138
|
-
}
|
|
139
|
-
const signatureBaseHash = (0, toHash_1.toHash)(signatureBase, hashAlg);
|
|
140
|
-
const key = new elliptic_1.default.eddsa('ed25519');
|
|
141
|
-
key.keyFromPublic(x);
|
|
142
|
-
// TODO: is `publicKey` right here?
|
|
143
|
-
verified = key.verify(signatureBaseHash, sig, pkcsPublicKey);
|
|
144
|
-
}
|
|
95
|
+
verified = await (0, verifySignature_1.verifySignature)({
|
|
96
|
+
signature: sig,
|
|
97
|
+
signatureBase,
|
|
98
|
+
credentialPublicKey,
|
|
99
|
+
hashAlgorithm: hashAlg
|
|
100
|
+
});
|
|
145
101
|
}
|
|
146
102
|
return verified;
|
|
147
103
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verifyAttestationPacked.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationPacked.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"verifyAttestationPacked.js","sourceRoot":"","sources":["../../../src/registration/verifications/verifyAttestationPacked.ts"],"names":[],"mappings":";;;AAEA,uEAA8D;AAC9D,iFAA8E;AAC9E,mFAAgF;AAChF,yEAAsE;AACtE,mEAAgE;AAChE,oEAAiE;AACjE,gGAA6F;AAE7F;;GAEG;AACI,KAAK,UAAU,uBAAuB,CAC3C,OAAsC;IAEtC,MAAM,EAAE,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,mBAAmB,EAAE,MAAM,EAAE,gBAAgB,EAAE,GACxF,OAAO,CAAC;IAEV,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC;IAElC,IAAI,CAAC,GAAG,EAAE;QACR,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;KACxF;IAED,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,4BAA4B,CAAC,CAAC;KAChF;IAED,MAAM,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;IAEhE,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,IAAI,GAAG,EAAE;QACP,MAAM,EAAE,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,IAAA,uCAAkB,EACtF,GAAG,CAAC,CAAC,CAAC,CACP,CAAC;QAEF,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,OAAO,CAAC;QAEjC,IAAI,EAAE,KAAK,2BAA2B,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,IAAI,CAAC,EAAE,EAAE;YACP,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;SAC3D;QAED,IAAI,CAAC,CAAC,EAAE;YACN,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;SAC1D;QAED,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAC;SACpF;QAED,IAAI,kBAAkB,EAAE;YACtB,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC;SACnF;QAED,IAAI,OAAO,KAAK,CAAC,EAAE;YACjB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;SACrF;QAED,IAAI,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,SAAS,GAAG,GAAG,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,gCAAgC,SAAS,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACxF;QAED,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACjB,IAAI,QAAQ,GAAG,GAAG,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,+BAA+B,QAAQ,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;SACtF;QAED,gGAAgG;QAChG,4DAA4D;QAE5D,qFAAqF;QACrF,MAAM,SAAS,GAAG,MAAM,iCAAe,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,SAAS,EAAE;YACb,yFAAyF;YACzF,gCAAgC;YAChC,IAAI,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAC;aAC3F;YAED,IAAI;gBACF,MAAM,IAAA,6DAA6B,EAAC;oBAClC,SAAS;oBACT,mBAAmB;oBACnB,GAAG;oBACH,uBAAuB,EAAE,GAAG;iBAC7B,CAAC,CAAC;aACJ;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GAAG,GAAY,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAC;aAClD;SACF;aAAM;YACL,IAAI;gBACF,0FAA0F;gBAC1F,MAAM,IAAA,iDAAuB,EAAC,GAAG,CAAC,GAAG,CAAC,+CAAsB,CAAC,EAAE,gBAAgB,CAAC,CAAC;aAClF;YAAC,OAAO,GAAG,EAAE;gBACZ,MAAM,IAAI,GAAG,GAAY,CAAC;gBAC1B,MAAM,IAAI,KAAK,CAAC,GAAG,IAAI,CAAC,OAAO,gBAAgB,CAAC,CAAC;aAClD;SACF;QAED,QAAQ,GAAG,MAAM,IAAA,iCAAe,EAAC;YAC/B,SAAS,EAAE,GAAG;YACd,aAAa;YACb,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;SACjB,CAAC,CAAC;KACJ;SAAM;QACL,MAAM,OAAO,GAAW,+BAAW,CAAC,GAAa,CAAC,CAAC;QAEnD,QAAQ,GAAG,MAAM,IAAA,iCAAe,EAAC;YAC/B,SAAS,EAAE,GAAG;YACd,aAAa;YACb,mBAAmB;YACnB,aAAa,EAAE,OAAO;SACvB,CAAC,CAAC;KACJ;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AA/GD,0DA+GC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@simplewebauthn/server",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "6.0.0",
|
|
4
4
|
"description": "SimpleWebAuthn for Servers",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"types": "dist/index.d.ts",
|
|
@@ -30,7 +30,7 @@
|
|
|
30
30
|
"access": "public"
|
|
31
31
|
},
|
|
32
32
|
"engines": {
|
|
33
|
-
"node": ">=
|
|
33
|
+
"node": ">=14.0.0"
|
|
34
34
|
},
|
|
35
35
|
"scripts": {
|
|
36
36
|
"build": "rimraf dist && tsc",
|
|
@@ -46,27 +46,24 @@
|
|
|
46
46
|
"node"
|
|
47
47
|
],
|
|
48
48
|
"dependencies": {
|
|
49
|
+
"@noble/ed25519": "^1.6.1",
|
|
49
50
|
"@peculiar/asn1-android": "^2.1.7",
|
|
50
51
|
"@peculiar/asn1-schema": "^2.1.7",
|
|
51
52
|
"@peculiar/asn1-x509": "^2.1.7",
|
|
52
|
-
"@simplewebauthn/typescript-types": "^
|
|
53
|
+
"@simplewebauthn/typescript-types": "^6.0.0",
|
|
53
54
|
"base64url": "^3.0.1",
|
|
54
55
|
"cbor": "^5.1.0",
|
|
55
56
|
"debug": "^4.3.2",
|
|
56
|
-
"elliptic": "^6.5.3",
|
|
57
57
|
"jsrsasign": "^10.4.0",
|
|
58
58
|
"jwk-to-pem": "^2.0.4",
|
|
59
|
-
"node-fetch": "^2.6.0"
|
|
60
|
-
"node-rsa": "^1.1.1"
|
|
59
|
+
"node-fetch": "^2.6.0"
|
|
61
60
|
},
|
|
62
|
-
"gitHead": "
|
|
61
|
+
"gitHead": "95cb2107d15ae15994367cc99040720ae186c9bd",
|
|
63
62
|
"devDependencies": {
|
|
64
63
|
"@types/cbor": "^5.0.1",
|
|
65
64
|
"@types/debug": "^4.1.7",
|
|
66
|
-
"@types/elliptic": "^6.4.13",
|
|
67
65
|
"@types/jsrsasign": "^8.0.13",
|
|
68
66
|
"@types/jwk-to-pem": "^2.0.1",
|
|
69
|
-
"@types/node-fetch": "^2.5.12"
|
|
70
|
-
"@types/node-rsa": "^1.1.1"
|
|
67
|
+
"@types/node-fetch": "^2.5.12"
|
|
71
68
|
}
|
|
72
69
|
}
|