Skip to content

Commit

Permalink
added "verbose" flag
Browse files Browse the repository at this point in the history
  • Loading branch information
dagnelies committed Jan 2, 2024
1 parent ca95606 commit 7a7d1af
Show file tree
Hide file tree
Showing 8 changed files with 29 additions and 20 deletions.
5 changes: 3 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ import * as webauthn from '@passwordless-id/webauthn'

```html
<script type="module">
import { client } from 'https://unpkg.com/@passwordless-id/[email protected].2/dist/webauthn.min.js'
import { client } from 'https://unpkg.com/@passwordless-id/[email protected].3/dist/webauthn.min.js'
</script>
```
### Import
Expand Down Expand Up @@ -310,7 +310,8 @@ const expected = {
challenge: async (challenge) => { /* async call to DB for example */ return true },
origin: (origin) => listOfAllowedOrigins.includes(origin),
userVerified: true, // no function allowed here
counter: 123 // optional, no function allowed here
counter: 123, // optional, no function allowed here
verbose: true, // optional, enables debug logs containing sensitive information
}
```

Expand Down
2 changes: 1 addition & 1 deletion demos/example-cdn.html
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@


<script type="module">
import { client } from 'https://unpkg.com/@passwordless-id/[email protected].2/dist/webauthn.min.js'
import { client } from 'https://unpkg.com/@passwordless-id/[email protected].3/dist/webauthn.min.js'

window.register = async function() {
console.log('Registering...')
Expand Down
2 changes: 1 addition & 1 deletion dist/webauthn.min.js

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions dist/webauthn.min.js.map

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "@passwordless-id/webauthn",
"version": "1.3.2",
"version": "1.3.3",
"description": "A small wrapper around the webauthn protocol to make one's life easier.",
"type": "module",
"main": "dist/esm/index.js",
Expand Down
4 changes: 2 additions & 2 deletions src/authenticators.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,9 @@ import * as utils from './utils.js'


export function parseAuthBuffer(authData :ArrayBuffer) {
console.debug(authData)
//console.debug(authData)
let flags = new DataView(authData.slice(32,33)).getUint8(0)
console.debug(flags)
//console.debug(flags)

// https://w3c.github.io/webauthn/#sctn-authenticator-data
let parsed :any = {
Expand Down
24 changes: 16 additions & 8 deletions src/server.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,8 @@ interface AuthenticationChecks {
challenge: string | Function,
origin: string | Function,
userVerified: boolean,
counter?: number // Made optional according to https://github.com/passwordless-id/webauthn/issues/38
counter?: number, // Made optional according to https://github.com/passwordless-id/webauthn/issues/38
verbose?: boolean
}


Expand All @@ -59,7 +60,8 @@ export async function verifyAuthentication(authenticationRaw: AuthenticationEnco
publicKey: credential.publicKey,
authenticatorData: authenticationRaw.authenticatorData,
clientData: authenticationRaw.clientData,
signature: authenticationRaw.signature
signature: authenticationRaw.signature,
verbose: expected.verbose
})

if(!isValidSignature)
Expand Down Expand Up @@ -140,6 +142,7 @@ type VerifyParams = {
authenticatorData: string, // Base64url encoded
clientData: string, // Base64url encoded
signature: string, // Base64url encoded
verbose?: boolean, // Enables debug logs containing sensitive data like crypto keys
}


Expand All @@ -154,20 +157,25 @@ type VerifyParams = {
[...] For COSEAlgorithmIdentifier -37 (PS256) [...] The signature is not ASN.1 wrapped.
*/
// see also https://gist.github.com/philholden/50120652bfe0498958fd5926694ba354
export async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature }: VerifyParams): Promise<boolean> {
export async function verifySignature({ algorithm, publicKey, authenticatorData, clientData, signature, verbose }: VerifyParams): Promise<boolean> {
const algoParams = getAlgoParams(algorithm)
let cryptoKey = await parseCryptoKey(algoParams, publicKey)
console.debug(cryptoKey)

if(verbose) {
console.debug(cryptoKey)
}

let clientHash = await utils.sha256(utils.parseBase64url(clientData));

// during "login", the authenticatorData is exactly 37 bytes
let comboBuffer = utils.concatenateBuffers(utils.parseBase64url(authenticatorData), clientHash)

console.debug('Crypto Algo: ' + JSON.stringify(algoParams))
console.debug('Public key: ' + publicKey)
console.debug('Data: ' + utils.toBase64url(comboBuffer))
console.debug('Signature: ' + signature)
if(verbose) {
console.debug('Crypto Algo: ' + JSON.stringify(algoParams))
console.debug('Public key: ' + publicKey)
console.debug('Data: ' + utils.toBase64url(comboBuffer))
console.debug('Signature: ' + signature)
}

// https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify
let signatureBuffer = utils.parseBase64url(signature)
Expand Down

0 comments on commit 7a7d1af

Please sign in to comment.