Skip to content

Instantly share code, notes, and snippets.

@ritou

ritou/WebAuthnKit_vs_WebAuthnLite.md

Created November 24, 2018 16:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ritou/186cefb7f2767d06e4e32c7935be8a0b to your computer and use it in GitHub Desktop.
Save ritou/186cefb7f2767d06e4e32c7935be8a0b to your computer and use it in GitHub Desktop.
Download ZIP
Interop result with WebAuthnKit and WebAuthnLite
Raw
WebAuthnKit_vs_WebAuthnLite.md

Interop result with WebAuthnKit and WebAuthnLite. parameters is from https://github.com/lyokato/WebAuthnKit/blob/develop/utils/interop/go_koesie10_webauthn/main.go

iex(1)> origin = "https://example.org"
"https://example.org"
iex(2)> challenge = "rtnHiVQ7"
"rtnHiVQ7"
iex(3)> encoded_registration_client_data_json = "eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"

iex(4)> {:ok, client_data_json} = WebAuthnLite.Operation.Register.validate_client_data_json(%{client_data_json: encoded_registration_client_data_json, origin: origin, challenge: challenge})
{:ok,
 %WebAuthnLite.ClientDataJSON{
   challenge: "rtnHiVQ7",
   hash: <<185, 60, 53, 7, 106, 184, 49, 119, 233, 3, 2, 86, 166, 204, 159, 44,
     213, 166, 244, 209, 118, 252, 77, 182, 205, 107, 217, 196, 255, 31, 155,
     207>>,
   origin: "https://example.org",
   raw: "{\"type\":\"webauthn.create\",\"challenge\":\"rtnHiVQ7\",\"origin\":\"https:\\/\\/example.org\"}",
   type: "webauthn.create"
 }}

iex(5)> encoded_attestation_object = "o2hhdXRoRGF0YViUUNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7BitBAAAAAAAAAAAAAAAAAAAAAAAAAAAAELkR__xkcUGHv0OXAkpYGLqlAQIDJiABIVggcveTEqCmGOGZz_4cFwd3HoBdzk4IF7E0xEpLHk0aBN8iWCC_fRoVhaVW1r_73coq6pR1Eybvp7o2w8puhRtejsut82NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEYwRAIgbrC6c2l6VcttVxNLeOd3q-Og4nlnTMxo33TrnoX2ki8CIDgFh5YlhPSEw-h2joSrfD4eiBYplFw_izUI2iQryqcu"
"o2hhdXRoRGF0YViUUNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7BitBAAAAAAAAAAAAAAAAAAAAAAAAAAAAELkR__xkcUGHv0OXAkpYGLqlAQIDJiABIVggcveTEqCmGOGZz_4cFwd3HoBdzk4IF7E0xEpLHk0aBN8iWCC_fRoVhaVW1r_73coq6pR1Eybvp7o2w8puhRtejsut82NmbXRmcGFja2VkZ2F0dFN0bXSiY2FsZyZjc2lnWEYwRAIgbrC6c2l6VcttVxNLeOd3q-Og4nlnTMxo33TrnoX2ki8CIDgFh5YlhPSEw-h2joSrfD4eiBYplFw_izUI2iQryqcu"
iex(6)> # NOTE: This function doesn't verify attestation statement yet.
nil
iex(7)> {:ok, attestation_object} = WebAuthnLite.Operation.Register.validate_attestation_object(%{attestation_object: encoded_attestation_object, client_data_json: encoded_registration_client_data_json})
{:ok,
 %WebAuthnLite.AttestationObject{
   att_stmt: %{
     "alg" => -7,
     "sig" => <<48, 68, 2, 32, 110, 176, 186, 115, 105, 122, 85, 203, 109, 87,
       19, 75, 120, 231, 119, 171, 227, 160, 226, 121, 103, 76, 204, 104, 223,
       116, 235, 158, 133, 246, 146, 47, 2, 32, 56, 5, 135, 150, 37, 132, 244,
       ...>>
   },
   auth_data: %WebAuthnLite.AuthenticatorData{
     attested_credential_data: %WebAuthnLite.AttestedCredentialData{
       aaguid: "AAAAAAAAAAAAAAAAAAAAAA",
       credential_id: "uRH__GRxQYe_Q5cCSlgYug",
       credential_public_key: %WebAuthnLite.CredentialPublicKey.ES256{
         digest_type: :sha256,
         json: "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"cveTEqCmGOGZz/4cFwd3HoBdzk4IF7E0xEpLHk0aBN8\",\"y\":\"v30aFYWlVta/+93KKuqUdRMm76e6NsPKboUbXo7LrfM\"}",
         key: {{:ECPoint,
           <<4, 114, 247, 147, 18, 160, 166, 24, 225, 153, 207, 254, 28, 23, 7,
             119, 30, 128, 93, 206, 78, 8, 23, 177, 52, 196, 74, 75, 30, 77, 26,
             4, 223, 191, 125, 26, ...>>},
          {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}},
         map: %{
           "crv" => "P-256",
           "kty" => "EC",
           "x" => "cveTEqCmGOGZz/4cFwd3HoBdzk4IF7E0xEpLHk0aBN8",
           "y" => "v30aFYWlVta/+93KKuqUdRMm76e6NsPKboUbXo7LrfM"
         }
       },
       raw: <<0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 16, 185, 17,
         255, 252, 100, 113, 65, 135, 191, 67, 151, 2, 74, 88, 24, 186, 165, 1,
         2, 3, 38, 32, 1, ...>>
     },
     extensions: nil,
     flags: %WebAuthnLite.AuthenticatorData.Flags{
       at: true,
       ed: false,
       flags: "A",
       up: true,
       uv: false
     },
     raw: <<80, 215, 169, 5, 227, 4, 107, 136, 99, 131, 98, 204, 52, 163, 26,
       26, 229, 52, 118, 108, 165, 94, 58, 163, 151, 149, 30, 254, 101, 59, 6,
       43, 65, 0, 0, 0, 0, 0, 0, 0, 0, 0, ...>>,
     rp_id_hash: "UNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7Bis",
     sign_count: 0
   },
   fmt: "packed",
   raw: <<163, 104, 97, 117, 116, 104, 68, 97, 116, 97, 88, 148, 80, 215, 169,
     5, 227, 4, 107, 136, 99, 131, 98, 204, 52, 163, 26, 26, 229, 52, 118, 108,
     165, 94, 58, 163, 151, 149, 30, 254, 101, 59, 6, 43, ...>>
 }}

iex(8)> public_key = attestation_object.auth_data.attested_credential_data.credential_public_key
%WebAuthnLite.CredentialPublicKey.ES256{
  digest_type: :sha256,
  json: "{\"crv\":\"P-256\",\"kty\":\"EC\",\"x\":\"cveTEqCmGOGZz/4cFwd3HoBdzk4IF7E0xEpLHk0aBN8\",\"y\":\"v30aFYWlVta/+93KKuqUdRMm76e6NsPKboUbXo7LrfM\"}",
  key: {{:ECPoint,
    <<4, 114, 247, 147, 18, 160, 166, 24, 225, 153, 207, 254, 28, 23, 7, 119,
      30, 128, 93, 206, 78, 8, 23, 177, 52, 196, 74, 75, 30, 77, 26, 4, 223,
      191, 125, 26, 21, 133, 165, 86, 214, 191, 251, 221, ...>>},
   {:namedCurve, {1, 2, 840, 10045, 3, 1, 7}}},
  map: %{
    "crv" => "P-256",
    "kty" => "EC",
    "x" => "cveTEqCmGOGZz/4cFwd3HoBdzk4IF7E0xEpLHk0aBN8",
    "y" => "v30aFYWlVta/+93KKuqUdRMm76e6NsPKboUbXo7LrfM"
  }
}

iex(9)> encoded_assertion_client_data_json = "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
"eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoicnRuSGlWUTciLCJvcmlnaW4iOiJodHRwczpcL1wvZXhhbXBsZS5vcmcifQ"
iex(10)> encoded_assertion_authenticator_data = "UNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7BisBAAAAAQ"
"UNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7BisBAAAAAQ"
iex(11)> encoded_assertion_signature = "MEUCIQDHv3C_QjqX_0UerM3sB0NbusD5RMp3QpK5OqGyk-6U-wIgBLEGrtF64i3N2S6q9x_JRLjCcAguwjoZ_SbCp2g2F08"
"MEUCIQDHv3C_QjqX_0UerM3sB0NbusD5RMp3QpK5OqGyk-6U-wIgBLEGrtF64i3N2S6q9x_JRLjCcAguwjoZ_SbCp2g2F08"
iex(12)> {:ok, authenticator_data} = WebAuthnLite.Operation.Authenticate.validate_authenticator_assertion(%{signature: encoded_assertion_signature, authenticator_data: encoded_assertion_authenticator_data, client_data_json: encoded_assertion_client_data_json, public_key: public_key})
{:ok,
 %WebAuthnLite.AuthenticatorData{
   attested_credential_data: nil,
   extensions: nil,
   flags: %WebAuthnLite.AuthenticatorData.Flags{
     at: false,
     ed: false,
     flags: <<1>>,
     up: true,
     uv: false
   },
   raw: <<80, 215, 169, 5, 227, 4, 107, 136, 99, 131, 98, 204, 52, 163, 26, 26,
     229, 52, 118, 108, 165, 94, 58, 163, 151, 149, 30, 254, 101, 59, 6, 43, 1,
     0, 0, 0, 1>>,
   rp_id_hash: "UNepBeMEa4hjg2LMNKMaGuU0dmylXjqjl5Ue_mU7Bis",
   sign_count: 1
 }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment