Skip to content

Instantly share code, notes, and snippets.

Avatar
🙃
Chop-chop passwords...

Ackermann Yuriy herrjemand

🙃
Chop-chop passwords...
View GitHub Profile
@herrjemand
herrjemand / verify.apple.attestation.js
Last active Jul 7, 2021
Snippet code to verify apple anonymous attestation
View verify.apple.attestation.js
const crypto = require('crypto');
const base64url = require('base64url');
const cbor = require('cbor');
const asn1 = require('@lapo/asn1js');
const jsrsasign = require('jsrsasign');
/* Apple Webauthn Root
* Original is here https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
*/
let appleWebAuthnRoot = 'MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMxNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11kxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5
@herrjemand
herrjemand / appleanonymousattestationnonce.extension.asn
Last active Jan 1, 2021
Apple Anonymous Attestation ASN1 Schema
View appleanonymousattestationnonce.extension.asn
id-ce-AppleAnonymousAttestation OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) apple(113635) appleDataSecurity(100) appleWebAuthnPolicies(8) 2}
AppleAnonymousAttestation ::= SEQUENCE {
nonce [1] OCTET STRING
}
View WebAuthnRESTHelpers.js
let performGetAssertion = (getAssertionRequest) => {
getAssertionRequest.challenge = base64url.decode(getAssertionRequest.challenge);
if(getAssertionRequest.allowCredentials) { //If RK scenario
for(let allowCred of getAssertionRequest.allowCredentials) {
allowCred.id = base64url.decode(allowCred.id);
}
}
return getAssertionRequest
View keybase.md

Keybase proof

I hereby claim:

  • I am herrjemand on github.
  • I am herrjemand (https://keybase.io/herrjemand) on keybase.
  • I have a public key whose fingerprint is 6050 B0DE 350B 91AB B929 C717 F9E5 3ECE 85D1 7BAD

To claim this, I am signing this object:

View CODESAMPLES.LICENSE
The MIT License (MIT)
Copyright (c) 2018-2019 Yuriy Ackermann
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
View passwordless.MakeCredential.js
document.getElementById('register').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
let displayName = this.displayName.value;
startPasswordlessEnrolment({username, displayName})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOEnrolmentPasswordless')
throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
View usernameless.GetAssertion.js
document.getElementById('login').addEventListener('submit', function(event) {
event.preventDefault();
return getGetAssertionChallenge()
.then((getAssertionChallenge) => {
/*{
"challenge": "Ld0vp5byLeFZBOpclgKP3BEc8AA4aBewYPlwbkgLh98",
"status": "ok"
}*/
getAssertionChallenge = preformatGetAssertReq(getAssertionChallenge);
View passwordless.GetAssertion.js
document.getElementById('login').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
startAuthenticationPasswordless({username})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOAuthentication')
throw new Error('Error logging in! Server returned: ' + serverResponse.errorMessage);
View usernameless.MakeCredential.js
document.getElementById('register').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
let displayName = this.displayName.value;
startPasswordlessEnrolment({username, displayName})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOEnrolmentRK')
throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
View password.MakeCred.direct.js
document.getElementById('register').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
let password = this.password.value;
let displayName = this.displayName.value;
registerPassword({username, password, displayName})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOEnrollment')