Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
fido2-net-lib https://github.com/abergs/fido2-net-lib を分析している (2018/08/29) 。
{
"status": "ok",
"errorMessage": "",
"rp": {
"id": "localhost",
"name": "Fido2 test"
},
"user": {
"name": "aaa@example.com",
"id": "YWFhQGV4YW1wbGUuY29t",
"displayName": "Display aaa@example.com"
},
"challenge": "8P0YAYk-sxYVM0Xmt7Irow",
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
},
{
"type": "public-key",
"alg": -257
}
],
"timeout": 60000,
"attestation": "none",
"authenticatorSelection": null,
"excludeCredentials": []
}
{
"status": "ok",
"errorMessage": "",
"rp": {
"id": "localhost",
"name": "Fido2 test"
},
"user": {
"name": "aaa@example.com",
"id": "ArrayBuffer(15)",
"displayName": "Display aaa@example.com"
},
"challenge": "ArrayBuffer(16)",
"pubKeyCredParams(Array(2))": {
"0": {
"type": "public-key",
"alg": "-7"
},
"1": {
"type": "public-key",
"alg": "-257"
}
},
"timeout": "60000",
"attestation": "none",
"authenticatorSelection": "null",
"excludeCredentials": "[]",
"__proto__": "Object"
}
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "ArrayBuffer(64)",
"response(AuthenticatorAttestationResponse)": {
"attestationObject": "ArrayBuffer(226)",
"clientDataJSON": "ArrayBuffer(98)"
},
"type": "public-key",
"__proto__": "PublicKeyCredential"
}
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"type": "public-key",
"response": {
"AttestationObject": "o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVjESZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOBfhSeT1gdjLJwWAvagTqPQ40iMhzxnqMjSZUdQnNyzsjsoErtBxinbweZZ_u4SD_AsqOrOZK7CpIg8TWkbtwSlAQIDJiABIVggjXJiXxbIKez0-7iKeN9BLn9WSRUjGuBZT2KAzxuzvdYiWCAgv0KMHPO69DiXQntyKfueL2Fb9DpaEQrene0hZoaTsQ",
"clientDataJson": "eyJjaGFsbGVuZ2UiOiI4UDBZQVlrLXN4WVZNMFhtdDdJcm93Iiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMjkiLCJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIn0"
}
}
{
"status": "ok",
"errorMessage": "",
"result": {
"publicKey": "pQECAyYgASFYII1yYl8WyCns9Pu4injfQS5_VkkVIxrgWU9igM8bs73WIlggIL9CjBzzuvQ4l0J7cin7ni9hW_Q6WhEK3p3tIWaGk7E",
"credentialId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"user": {
"name": "aaa@example.com",
"id": "YWFhQGV4YW1wbGUuY29t",
"displayName": "Display aaa@example.com"
}
}
}
{
"status": "ok",
"errorMessage": "",
"challenge": "TDmWbzrQ9gIHkbs6dw78mA",
"timeout": 60000,
"rpId": "localhost",
"allowCredentials": [
{
"type": "public-key",
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"transports": []
}
],
"userVerification": "discouraged"
}
{
"status": "ok",
"errorMessage": "",
"challenge": {
"0": 76,
"1": 57,
"2": 150,
"3": 111,
"4": 58,
"5": 208,
"6": 246,
"7": 2,
"8": 7,
"9": 145,
"10": 187,
"11": 58,
"12": 119,
"13": 14,
"14": 252,
"15": 152
},
"timeout": 60000,
"rpId": "localhost",
"allowCredentials": [
{
"type": "public-key",
"id": {
"0": 224,
"1": 95,
"2": 133,
"3": 39,
"4": 147,
"5": 214,
"6": 7,
"7": 99,
"8": 44,
"9": 156,
"10": 22,
"11": 2,
"12": 246,
"13": 160,
"14": 78,
"15": 163,
"16": 208,
"17": 227,
"18": 72,
"19": 140,
"20": 135,
"21": 60,
"22": 103,
"23": 168,
"24": 200,
"25": 210,
"26": 101,
"27": 71,
"28": 80,
"29": 156,
"30": 220,
"31": 179,
"32": 178,
"33": 59,
"34": 40,
"35": 18,
"36": 187,
"37": 65,
"38": 198,
"39": 41,
"40": 219,
"41": 193,
"42": 230,
"43": 89,
"44": 254,
"45": 238,
"46": 18,
"47": 15,
"48": 240,
"49": 44,
"50": 168,
"51": 234,
"52": 206,
"53": 100,
"54": 174,
"55": 194,
"56": 164,
"57": 136,
"58": 60,
"59": 77,
"60": 105,
"61": 27,
"62": 183,
"63": 4
},
"transports": []
}
],
"userVerification": "discouraged"
}
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "ArrayBuffer(64) {}",
"response(AuthenticatorAssertionResponse)": {
"authenticatorData": "ArrayBuffer(37) {}",
"clientDataJSON": "ArrayBuffer(95) {}",
"signature": "ArrayBuffer(71) {}",
"userHandle": "ArrayBuffer(0) {}",
"__proto__": "AuthenticatorAssertionResponse"
},
"type": "public-key",
"__proto__": "PublicKeyCredential"
}
{
"id": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"rawId": "4F-FJ5PWB2MsnBYC9qBOo9DjSIyHPGeoyNJlR1Cc3LOyOygSu0HGKdvB5ln-7hIP8Cyo6s5krsKkiDxNaRu3BA",
"type": "public-key",
"response": {
"authenticatorData": "SZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2MBAAAAEw",
"clientDataJson": "eyJjaGFsbGVuZ2UiOiJURG1XYnpyUTlnSUhrYnM2ZHc3OG1BIiwib3JpZ2luIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMjkiLCJ0eXBlIjoid2ViYXV0aG4uZ2V0In0",
"signature": "MEUCIQDHjPF36rA_5LIXfUs8ZBI-HbQ68YRWa2z3tNVAWWqOPwIgMr_aeefHsqJJrCWkZwYO1h5ciU83dKGlQW8qOcbsJcU"
}
}
{
"CredentialId": "qD7spwzSO7q1W3F7r84aUud9yHq37aufS72jHaeckZfIbHHl9LNNzZwRohJjs9v7MjaiW/FiI/IImg1kZ9lGIQ==",
"Counter": 21
}
@daisukenishino2

This comment has been minimized.

Copy link
Owner Author

daisukenishino2 commented Aug 28, 2018

登録(Attestation)

makeCredentialOptions WebAPI

  • 引数:POST(username, attType)
  • 戻り値:navigator.credentials.create()メソッドへの引数を生成して返す。
  • JavaScript
    • 戻り値の一部のメンバがJavaScriptで、base64urlからArrayBufferに変換される(base64url -> base64 -> Uint8Array)。
      • challenge
      • user.id
      • excludeCredentials ??
    • navigator.credentials.create()メソッドの引数に渡されて戻り値を受け取る。
    • 戻り値の一部のメンバは、ArrayBufferからbase64urlに変換される(Uint8Array -> base64 -> base64url)。
      • id: 変換無し
      • rawId: base64enc (よくよく見ると、id = rawId)
      • type: 変換無し
      • response
        • attestationObject: base64enc
        • clientDataJSON: base64enc

makeCredential WebAPI

  • 引数:POST(JSON)
  • 処理内容:navigator.credentials.create()メソッドの戻り値を加工して以下のプロパティを生成・登録する。
    • UserId
    • CredentialId
    • PublicKey
  • 戻り値:JSONを生成してはいるが、
  • JavaScript
    戻り値は、そのまま捨てられている。
@daisukenishino2

This comment has been minimized.

Copy link
Owner Author

daisukenishino2 commented Aug 28, 2018

認証(Assertion)

assertionOptions WebAPI

  • 引数:POST(username)
  • 戻り値:navigator.credentials.get()メソッドへの引数を生成して返す。
  • JavaScript
    • 戻り値の一部のメンバがJavaScriptで以下のように変換される。
      Uint8Array.from(atob(string.replace(/-/g, "+").replace(/_/g, "/")), c => c.charCodeAt(0))
      • challenge
      • allowCredentials.id
    • navigator.credentials.get()メソッドの引数に渡されて戻り値を受け取る。
    • 戻り値の一部のメンバは、JavaScriptで変換される。
      • id: 変換無し
      • rawId: base64enc
      • type: 変換無し
      • response
        • authenticatorData: base64enc
        • clientDataJson: base64enc
        • signature: base64enc

makeAssertion WebAPI

  • 引数:POST(JSON)
  • 処理内容:navigator.credentials.get()メソッドの戻り値の署名を公開鍵で検証して認証する。
  • 戻り値:JSONを生成してはいるが、
  • JavaScript
    戻り値は、そのまま捨てられている。
@daisukenishino2

This comment has been minimized.

Copy link
Owner Author

daisukenishino2 commented Aug 29, 2018

参考

コミュニティとのやり取り

abergs/fido2-net-lib#26

W3Cの仕様の分析

@daisukenishino2

This comment has been minimized.

Copy link
Owner Author

daisukenishino2 commented Mar 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.