Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
obj.verifyAuthenticatorAttestationResponse = function (webauthnResponse) {
const attestationBuffer = Buffer.from(webauthnResponse.attestationObject, 'base64');
const ctapMakeCredResp = cbor.decodeAllSync(attestationBuffer)[0];
const authrDataStruct = parseMakeCredAuthData(ctapMakeCredResp.authData);
//console.log('***CTAP_RESPONSE', ctapMakeCredResp)
//console.log('***AUTHR_DATA_STRUCT', authrDataStruct)
const response = { 'verified': false };
if (ctapMakeCredResp.fmt === 'none') {
if (!(authrDataStruct.flags & 0x01)) { throw new Error('User was NOT presented during authentication!'); } // U2F_USER_PRESENTED
const publicKey = COSEECDHAtoPKCS(authrDataStruct.COSEPublicKey);
response.verified = true;
if (response.verified) {
response.authrInfo = {
fmt: 'none',
publicKey: ASN1toPEM(publicKey),
function parseAttestationObject(attestationObject) {
// update docs to say ArrayBuffer-ish object
attestationObject = coerceToArrayBuffer(attestationObject, "attestationObject");
// parse attestation
var parsed;
try {
parsed = cbor.decodeAllSync(Buffer.from(attestationObject));
} catch (err) {
throw new TypeError("couldn't parse attestationObject CBOR");
}
if (!Array.isArray(parsed) || typeof parsed[0] !== "object") {
throw new TypeError("invalid parsing of attestationObject CBOR");
}
parsed = parsed[0];
if (typeof parsed.fmt !== "string") {
throw new Error("expected attestation CBOR to contain a 'fmt' string");
}
if (typeof parsed.attStmt !== "object") {
throw new Error("expected attestation CBOR to contain a 'attStmt' object");
}
exports.index = asyncWrap(async function (event, ctx) {
var [ result ] = cbor.decodeAllSync(event);
if (result) {
console.log(`Version: ${result.Version}`);
for (var i = 0; i < result.Records.length; i++) {
var record = result.Records[i];
console.log(`type: ${record.Type}`);
console.log(`primary keys:`);
for (var j = 0; j < record.PrimaryKey.length; j++) {
var key = record.PrimaryKey[j];
console.log(` ${key.ColumnName}: ${key.Value}`);
}
}
}
return 'ok';
});
| name | key | label | type | description |
| | type | | | |
+------+-------+-------+---------+----------------------------------+
| crv | 2 | -1 | int / | EC Curve identifier - Taken from |
| | | | tstr | the COSE Curves registry |
| | | | | |
| x | 2 | -2 | bstr | X Coordinate |
| | | | | |
| y | 2 | -3 | bstr / | Y Coordinate |
| | | | bool | |
| | | | | |
| d | 2 | -4 | bstr | Private key |
+------+-------+-------+---------+----------------------------------+
*/
let coseStruct = cbor.decodeAllSync(COSEPublicKey)[0];
let tag = Buffer.from([0x04]);
let x = coseStruct.get(-2);
let y = coseStruct.get(-3);
return Buffer.concat([tag, x, y])
}
function COSEECDHAtoPKCS(COSEPublicKey) {
const coseStruct = cbor.decodeAllSync(COSEPublicKey)[0];
return Buffer.concat([Buffer.from([0x04]), coseStruct.get(-2), coseStruct.get(-3)]);
}
let verifyAuthenticatorAttestationResponse = (webAuthnResponse) => {
let attestationBuffer = base64url.toBuffer(webAuthnResponse.response.attestationObject);
let ctapMakeCredResp = cbor.decodeAllSync(attestationBuffer)[0];
let response = {'verified': false};
if(ctapMakeCredResp.fmt === 'fido-u2f') {
let authrDataStruct = parseMakeCredAuthData(ctapMakeCredResp.authData);
if(!(authrDataStruct.flags & U2F_USER_PRESENTED))
throw new Error('User was NOT presented durring authentication!');
let clientDataHash = hash(base64url.toBuffer(webAuthnResponse.response.clientDataJSON))
let reservedByte = Buffer.from([0x00]);
let publicKey = COSEECDHAtoPKCS(authrDataStruct.COSEPublicKey)
let signatureBase = Buffer.concat([reservedByte, authrDataStruct.rpIdHash, clientDataHash, authrDataStruct.credID, publicKey]);
let PEMCertificate = ASN1toPEM(ctapMakeCredResp.attStmt.x5c[0]);
let signature = ctapMakeCredResp.attStmt.sig;
export const decodeTx = function (encodedTx) {
try {
const buffer = base64ToUint8Array(encodedTx);
const decodedTx = cbor.decodeAllSync(buffer)[0];
const inputs = decodedTx[0];
const outputs = decodedTx[1].map((output) => {
return {
address: toAddress(output[0]),
coin: output[1]
};
});
return {
txInputs: inputs,
txOutputs: outputs
};
} catch (e) {
return undefined;
}
};