/verify.packed.webauthn.js
Last active May 16, 2020
WebAuthn Packed attestation verification sample in NodeJS
| const crypto = require('crypto'); | |
| const base64url = require('base64url'); | |
| const cbor = require('cbor'); | |
| const jsrsasign = require('jsrsasign'); | |
| const elliptic = require('elliptic'); | |
| const NodeRSA = require('node-rsa'); | |
| let COSEKEYS = { | |
| 'kty' : 1, | |
| 'alg' : 3, | |
| 'crv' : -1, | |
| 'x' : -2, | |
| 'y' : -3, | |
| 'n' : -1, | |
| 'e' : -2 | |
| } | |
| let COSEKTY = { | |
| 'OKP': 1, | |
| 'EC2': 2, | |
| 'RSA': 3 | |
| } | |
| let COSERSASCHEME = { | |
| '-3': 'pss-sha256', | |
| '-39': 'pss-sha512', | |
| '-38': 'pss-sha384', | |
| '-65535': 'pkcs1-sha1', | |
| '-257': 'pkcs1-sha256', | |
| '-258': 'pkcs1-sha384', | |
| '-259': 'pkcs1-sha512' | |
| } | |
| var COSECRV = { | |
| '1': 'p256', | |
| '2': 'p384', | |
| '3': 'p521' | |
| } | |
| var COSEALGHASH = { | |
| '-257': 'sha256', | |
| '-258': 'sha384', | |
| '-259': 'sha512', | |
| '-65535': 'sha1', | |
| '-39': 'sha512', | |
| '-38': 'sha384', | |
| '-37': 'sha256', | |
| '-260': 'sha256', | |
| '-261': 'sha512', | |
| '-7': 'sha256', | |
| '-36': 'sha512' | |
| } | |
| let hash = (alg, message) => { | |
| return crypto.createHash(alg).update(message).digest(); | |
| } | |
| let base64ToPem = (b64cert) => { | |
| let pemcert = ''; | |
| for(let i = 0; i < b64cert.length; i += 64) | |
| pemcert += b64cert.slice(i, i + 64) + '\n'; | |
| return '-----BEGIN CERTIFICATE-----\n' + pemcert + '-----END CERTIFICATE-----'; | |
| } | |
| var getCertificateInfo = (certificate) => { | |
| let subjectCert = new jsrsasign.X509(); | |
| subjectCert.readCertPEM(certificate); | |
| let subjectString = subjectCert.getSubjectString(); | |
| let subjectParts = subjectString.slice(1).split('/'); | |
| let subject = {}; | |
| for(let field of subjectParts) { | |
| let kv = field.split('='); | |
| subject[kv[0]] = kv[1]; | |
| } | |
| let version = subjectCert.version; | |
| let basicConstraintsCA = !!subjectCert.getExtBasicConstraints().cA; | |
| return { | |
| subject, version, basicConstraintsCA | |
| } | |
| } | |
| var parseAuthData = (buffer) => { | |
| let rpIdHash = buffer.slice(0, 32); buffer = buffer.slice(32); | |
| let flagsBuf = buffer.slice(0, 1); buffer = buffer.slice(1); | |
| let flagsInt = flagsBuf[0]; | |
| let flags = { | |
| up: !!(flagsInt & 0x01), | |
| uv: !!(flagsInt & 0x04), | |
| at: !!(flagsInt & 0x40), | |
| ed: !!(flagsInt & 0x80), | |
| flagsInt | |
| } | |
| let counterBuf = buffer.slice(0, 4); buffer = buffer.slice(4); | |
| let counter = counterBuf.readUInt32BE(0); | |
| let aaguid = undefined; | |
| let credID = undefined; | |
| let COSEPublicKey = undefined; | |
| if(flags.at) { | |
| aaguid = buffer.slice(0, 16); buffer = buffer.slice(16); | |
| let credIDLenBuf = buffer.slice(0, 2); buffer = buffer.slice(2); | |
| let credIDLen = credIDLenBuf.readUInt16BE(0); | |
| credID = buffer.slice(0, credIDLen); buffer = buffer.slice(credIDLen); | |
| COSEPublicKey = buffer; | |
| } | |
| return {rpIdHash, flagsBuf, flags, counter, counterBuf, aaguid, credID, COSEPublicKey} | |
| } | |
| let verifyPackedAttestation = (webAuthnResponse) => { | |
| let attestationBuffer = base64url.toBuffer(webAuthnResponse.response.attestationObject); | |
| let attestationStruct = cbor.decodeAllSync(attestationBuffer)[0]; | |
| let authDataStruct = parseAuthData(attestationStruct.authData); | |
| let clientDataHashBuf = hash('sha256', base64url.toBuffer(webAuthnResponse.response.clientDataJSON)); | |
| let signatureBaseBuffer = Buffer.concat([attestationStruct.authData, clientDataHashBuf]); | |
| let signatureBuffer = attestationStruct.attStmt.sig | |
| let signatureIsValid = false; | |
| if(attestationStruct.attStmt.x5c) { | |
| /* ----- Verify FULL attestation ----- */ | |
| let leafCert = base64ToPem(attestationStruct.attStmt.x5c[0].toString('base64')); | |
| let certInfo = getCertificateInfo(leafCert); | |
| if(certInfo.subject.OU !== 'Authenticator Attestation') | |
| throw new Error('Batch certificate OU MUST be set strictly to "Authenticator Attestation"!'); | |
| if(!certInfo.subject.CN) | |
| throw new Error('Batch certificate CN MUST no be empty!'); | |
| if(!certInfo.subject.O) | |
| throw new Error('Batch certificate CN MUST no be empty!'); | |
| if(!certInfo.subject.C || certInfo.subject.C.length !== 2) | |
| throw new Error('Batch certificate C MUST be set to two character ISO 3166 code!'); | |
| if(certInfo.basicConstraintsCA) | |
| throw new Error('Batch certificate basic constraints CA MUST be false!'); | |
| if(certInfo.version !== 3) | |
| throw new Error('Batch certificate version MUST be 3(ASN1 2)!'); | |
| signatureIsValid = crypto.createVerify('sha256') | |
| .update(signatureBaseBuffer) | |
| .verify(leafCert, signatureBuffer); | |
| /* ----- Verify FULL attestation ENDS ----- */ | |
| } else if(attestationStruct.attStmt.ecdaaKeyId) { | |
| throw new Error('ECDAA IS NOT SUPPORTED YET!'); | |
| } else { | |
| /* ----- Verify SURROGATE attestation ----- */ | |
| let pubKeyCose = cbor.decodeAllSync(authDataStruct.COSEPublicKey)[0]; | |
| let hashAlg = COSEALGHASH[pubKeyCose.get(COSEKEYS.alg)]; | |
| if(pubKeyCose.get(COSEKEYS.kty) === COSEKTY.EC2) { | |
| let x = pubKeyCose.get(COSEKEYS.x); | |
| let y = pubKeyCose.get(COSEKEYS.y); | |
| let ansiKey = Buffer.concat([Buffer.from([0x04]), x, y]); | |
| let signatureBaseHash = hash(hashAlg, signatureBaseBuffer); | |
| let ec = new elliptic.ec(COSECRV[pubKeyCose.get(COSEKEYS.crv)]); | |
| let key = ec.keyFromPublic(ansiKey); | |
| signatureIsValid = key.verify(signatureBaseHash, signatureBuffer) | |
| } else if(pubKeyCose.get(COSEKEYS.kty) === COSEKTY.RSA) { | |
| let signingScheme = COSERSASCHEME[pubKeyCose.get(COSEKEYS.alg)]; | |
| let key = new NodeRSA(undefined, { signingScheme }); | |
| key.importKey({ | |
| n: pubKeyCose.get(COSEKEYS.n), | |
| e: 65537, | |
| }, 'components-public'); | |
| signatureIsValid = key.verify(signatureBaseBuffer, signatureBuffer) | |
| } else if(pubKeyCose.get(COSEKEYS.kty) === COSEKTY.OKP) { | |
| let x = pubKeyCose.get(COSEKEYS.x); | |
| let signatureBaseHash = hash(hashAlg, signatureBaseBuffer); | |
| let key = new elliptic.eddsa('ed25519'); | |
| key.keyFromPublic(x) | |
| signatureIsValid = key.verify(signatureBaseHash, signatureBuffer) | |
| } | |
| /* ----- Verify SURROGATE attestation ENDS ----- */ | |
| } | |
| if(!signatureIsValid) | |
| throw new Error('Failed to verify the signature!'); | |
| return true | |
| } | |
| let packedFullAttestationWebAuthnSample = { | |
| "rawId": "wsLryOAxXMU54s2fCSWPzWjXHOBKPploN-UHftj4_rpIu6BZxNXppm82f7Y6iX9FEOKKeS5-N2TALeyzLnJfAA", | |
| "id": "wsLryOAxXMU54s2fCSWPzWjXHOBKPploN-UHftj4_rpIu6BZxNXppm82f7Y6iX9FEOKKeS5-N2TALeyzLnJfAA", | |
| "response": { | |
| "clientDataJSON": "eyJjaGFsbGVuZ2UiOiJZTVdFVGYtUDc5aU1iLUJxZFRreVNOUmVPdmE3bksyaVZDOWZpQzhpR3ZZeXB1bkVPQ1pHWjYtWTVPVjFydk1pRGdBaldmRmk2VUMwV3lLR3NqQS1nQSIsIm9yaWdpbiI6Imh0dHBzOi8vd2ViYXV0aG4ub3JnIiwidHlwZSI6IndlYmF1dGhuLmNyZWF0ZSJ9", | |
| "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAIzOihC6Ba80o5JnoYOJJ_EtEVmWQcAvxVCnsCFnVRQZAiAfeIddLPsPl1FeSX8B5xZANcQKGNoO7pb0TZPnuJdebGN4NWOBWQKzMIICrzCCAZegAwIBAgIESFs9tjANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDDBZZdWJpY28gRklETyBQcmV2aWV3IENBMB4XDTE4MDQxMjEwNTcxMFoXDTE4MTIzMTEwNTcxMFowbzELMAkGA1UEBhMCU0UxEjAQBgNVBAoMCVl1YmljbyBBQjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjEoMCYGA1UEAwwfWXViaWNvIFUyRiBFRSBTZXJpYWwgMTIxMzkzOTEyNjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPss3TBDKMVySlDM5vYLrX0nqRtZ4eZvKXuJydQ9wrLHeIm08P-dAijLlG384BsZWJtngEqsl38oGJzNsyV0yiijbDBqMCIGCSsGAQQBgsQKAgQVMS4zLjYuMS40LjEuNDE0ODIuMS42MBMGCysGAQQBguUcAgEBBAQDAgQwMCEGCysGAQQBguUcAQEEBBIEEPigEfOMCk0VgAYXER-e3H0wDAYDVR0TAQH_BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAMvPkvVjXQiuvSZmGCB8NqTvGqhxyEfkoU-vz63PaaTsG3jEzjl0C7PZ26VxCvqWPJdM3P3e7Kp18sj4RjEHUmkya2PPipOwBd3p0qMQSQ8MeziCPLQ9uvGGb4YShcvaprMv4c21b4piza-znHneNCmmq-ZS4Y23o-vYv085_BEwyLPcmPjSZ5qWysCq7rVvZ7OWwcU1zu5RhSZyUKl8dzK9lAzs5OdRH2fzEewsW2OkB_Ow_jBvAxqwLXXTHuwMFaRfpmBoZuQlcofSrnwJ8KA-K-e0dKTz2zC8EbZrWYrSpbrHKyqxeBT6DkUd8H4tgAd5lOr_yqrtVmIaRfq07NmhhdXRoRGF0YVjElWkIjx7O4yMpVANdvRDXyuORMFonUbVZu4_Xy7IpvdRBAAAAAPigEfOMCk0VgAYXER-e3H0AQMLC68jgMVzFOeLNnwklj81o1xzgSj6ZaDflB37Y-P66SLugWcTV6aZvNn-2Ool_RRDiinkufjdkwC3ssy5yXwClAQIDJiABIVggAYD1TSpf120DSVxen8ki56kF1bmT4EXO-P0JnSk5mMwiWCB3TlMZBRqPY6llzDcfHd-oW0EHdaFNgBdlGGFobpHKlw" | |
| } | |
| } | |
| let packedSurrogateAttestationWebAuthnSample = { | |
| "id": "H6X2BnnjgOzu_Oj87vpRnwMJeJYVzwM3wtY1lhAfQ14", | |
| "rawId": "H6X2BnnjgOzu_Oj87vpRnwMJeJYVzwM3wtY1lhAfQ14", | |
| "response": { | |
| "attestationObject": "o2NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZzn__mNzaWdZAQCPypMLXWqtCZ1sc5QdjhH-pAzm8-adpfbemd5zsym2krscwV0EeOdTrdUOdy3hWj5HuK9dIX_OpNro2jKrHfUj_0Kp-u87iqJ3MPzs-D9zXOqkbWqcY94Zh52wrPwhGfJ8BiQp5T4Q97E042hYQRDKmtv7N-BT6dywiuFHxfm1sDbUZ_yyEIN3jgttJzjp_wvk_RJmb78bLPTlym83Y0Ws73K6FFeiqFNqLA_8a4V0I088hs_IEPlj8PWxW0wnIUhI9IcRf0GEmUwTBpbNDGpIFGOudnl_C3YuXuzK3R6pv2r7m9-9cIIeeYXD9BhSMBQ0A8oxBbVF7j-0xXDNrXHZaGF1dGhEYXRhWQFnSZYN5YgOjGh0NBcPZHZgW4_krrmihjLHmVzzuoMdl2NBAAAAOKjVmSRjt0nqud40p1PeHgEAIB-l9gZ544Ds7vzo_O76UZ8DCXiWFc8DN8LWNZYQH0NepAEDAzn__iBZAQDAIqzybPPmgeL5OR6JKq9bWDiENJlN_LePQEnf1_sgOm4FJ9kBTbOTtWplfoMXg40A7meMppiRqP72A3tmILwZ5xKIyY7V8Y2t8X1ilYJol2nCKOpAEqGLTRJjF64GQxen0uFpi1tA6l6N-ZboPxjky4aidBdUP22YZuEPCO8-9ZTha8qwvTgZwMHhZ40TUPEJGGWOnHNlYmqnfFfk0P-UOZokI0rqtqqQGMwzV2RrH2kjKTZGfyskAQnrqf9PoJkye4KUjWkWnZzhkZbrDoLyTEX2oWvTTflnR5tAVMQch4UGgEHSZ00G5SFoc19nGx_UJcqezx5cLZsny-qQYDRjIUMBAAE", | |
| "clientDataJSON": "eyJvcmlnaW4iOiJodHRwOi8vbG9jYWxob3N0OjMwMDAiLCJjaGFsbGVuZ2UiOiJBWGtYV1hQUDNnTHg4T0xscGtKM2FSUmhGV250blNFTmdnbmpEcEJxbDFuZ0tvbDd4V3dldlVZdnJwQkRQM0xFdmRyMkVPU3RPRnBHR3huTXZYay1WdyIsInR5cGUiOiJ3ZWJhdXRobi5jcmVhdGUifQ" | |
| }, | |
| "type": "public-key" | |
| } | |
| verifyPackedAttestation(packedFullAttestationWebAuthnSample) | |
| verifyPackedAttestation(packedSurrogateAttestationWebAuthnSample) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
herrjemand commentedNov 11, 2018
Don't forget to install dependencies: