Skip to content

Commit

Permalink
refactor: use WebAuthn::PublicKey on assertion
Browse files Browse the repository at this point in the history
  • Loading branch information
@ssuttner
ssuttner committed Nov 29, 2019
1 parent 474f7f3 commit cdc101c
Showing 1 changed file with 4 additions and 27 deletions.
31 changes: 4 additions & 27 deletions lib/webauthn/authenticator_assertion_response.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

require "cose/algorithm"
require "cose/key"
require "webauthn/attestation_statement/fido_u2f/public_key"
require "webauthn/authenticator_data"
require "webauthn/authenticator_response"
require "webauthn/encoder"
require "webauthn/signature_verifier"
require "webauthn/public_key"

module WebAuthn
class SignatureVerificationError < VerificationError; end
Expand Down Expand Up @@ -42,7 +42,7 @@ def initialize(authenticator_data:, signature:, user_handle: nil, **options)
def verify(expected_challenge, expected_origin = nil, public_key:, sign_count:, user_verification: nil,
rp_id: nil)
super(expected_challenge, expected_origin, user_verification: user_verification, rp_id: rp_id)
verify_item(:signature, credential_cose_key(public_key))
verify_item(:signature, WebAuthn::PublicKey.deserialize(public_key))
verify_item(:sign_count, sign_count)

true
Expand All @@ -56,9 +56,9 @@ def authenticator_data

attr_reader :authenticator_data_bytes, :signature

def valid_signature?(credential_cose_key)
def valid_signature?(webauthn_public_key)
WebAuthn::SignatureVerifier
.new(credential_cose_key.alg, credential_cose_key.to_pkey)
.new(webauthn_public_key.cose_key.alg, webauthn_public_key.pkey)
.verify(signature, authenticator_data_bytes + client_data.hash)
end

Expand All @@ -71,29 +71,6 @@ def valid_sign_count?(stored_sign_count)
end
end

def credential_cose_key(public_key)
if WebAuthn::AttestationStatement::FidoU2f::PublicKey.uncompressed_point?(public_key)
# Gem version v1.11.0 and lower, used to behave so that Credential#public_key
# returned an EC P-256 uncompressed point.
#
# Because of https://github.com/cedarcode/webauthn-ruby/issues/137 this was changed
# and Credential#public_key started returning the unchanged COSE_Key formatted
# credentialPublicKey (as in https://www.w3.org/TR/webauthn/#credentialpublickey).
#
# Given that the credential public key is expected to be stored long-term by the gem
# user and later be passed as the public_key argument in the
# AuthenticatorAssertionResponse.verify call, we then need to support the two formats.
COSE::Key::EC2.new(
alg: COSE::Algorithm.by_name("ES256").id,
crv: 1,
x: public_key[1..32],
y: public_key[33..-1]
)
else
COSE::Key.deserialize(public_key)
end
end

def type
WebAuthn::TYPES[:get]
end
Expand Down

0 comments on commit cdc101c

Please sign in to comment.