Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Compare versions

Comparing version 5.4.0 to 5.4.1

30

dist/registration/verifications/tpm/constants.d.ts

@@ -0,7 +1,25 @@

/**
* A whole lotta domain knowledge is captured here, with hazy connections to source
* documents. Good places to start searching for more info on these values are the
* following Trusted Computing Group TPM Library docs linked in the WebAuthn API:
*
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf
*/
/**
* 6.9 TPM_ST (Structure Tags)
*/
export declare const TPM_ST: {
[key: number]: string;
};
/**
* 6.3 TPM_ALG_ID
*/
export declare const TPM_ALG: {
[key: number]: string;
};
/**
* 6.4 TPM_ECC_CURVE
*/
export declare const TPM_ECC_CURVE: {

@@ -14,5 +32,17 @@ [key: number]: string;

};
/**
* Sourced from https://trustedcomputinggroup.org/resource/vendor-id-registry/
*
* Latest version:
* https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-Vendor-ID-Registry-Version-1.02-Revision-1.00.pdf
*/
export declare const TPM_MANUFACTURERS: {
[key: string]: ManufacturerInfo;
};
/**
* Match TPM public area curve ID's to `crv` numbers used in COSE public keys
*/
export declare const TPM_ECC_CURVE_COSE_CRV_MAP: {
[key: string]: number;
};
export {};

38

dist/registration/verifications/tpm/constants.js
"use strict";
/* eslint-disable @typescript-eslint/ban-ts-comment */
/**
* A whole lotta domain knowledge is captured here, with hazy connections to source
* documents. Good places to start searching for more info on these values are the
* following Trusted Computing Group TPM Library docs linked in the WebAuthn API:
*
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
* - https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.TPM_MANUFACTURERS = exports.TPM_ECC_CURVE = exports.TPM_ALG = exports.TPM_ST = void 0;
/* eslint-disable @typescript-eslint/ban-ts-comment */
exports.TPM_ECC_CURVE_COSE_CRV_MAP = exports.TPM_MANUFACTURERS = exports.TPM_ECC_CURVE = exports.TPM_ALG = exports.TPM_ST = void 0;
/**
* 6.9 TPM_ST (Structure Tags)
*/
exports.TPM_ST = {

@@ -24,2 +36,5 @@ 0x00c4: 'TPM_ST_RSP_COMMAND',

};
/**
* 6.3 TPM_ALG_ID
*/
exports.TPM_ALG = {

@@ -64,2 +79,5 @@ 0x0000: 'TPM_ALG_ERROR',

};
/**
* 6.4 TPM_ECC_CURVE
*/
exports.TPM_ECC_CURVE = {

@@ -76,2 +94,8 @@ 0x0000: 'TPM_ECC_NONE',

};
/**
* Sourced from https://trustedcomputinggroup.org/resource/vendor-id-registry/
*
* Latest version:
* https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-Vendor-ID-Registry-Version-1.02-Revision-1.00.pdf
*/
exports.TPM_MANUFACTURERS = {

@@ -155,2 +179,12 @@ 'id:414D4400': {

};
/**
* Match TPM public area curve ID's to `crv` numbers used in COSE public keys
*/
exports.TPM_ECC_CURVE_COSE_CRV_MAP = {
TPM_ECC_NIST_P256: 1,
TPM_ECC_NIST_P384: 2,
TPM_ECC_NIST_P521: 3,
TPM_ECC_BN_P256: 1,
TPM_ECC_SM2_P256: 1, // p256
};
//# sourceMappingURL=constants.js.map

3

dist/registration/verifications/tpm/parsePubArea.d.ts
/// <reference types="node" />
/**
* Break apart a TPM attestation's pubArea buffer
*
* See 12.2.4 TPMT_PUBLIC here:
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
*/

@@ -5,0 +8,0 @@ export declare function parsePubArea(pubArea: Buffer): ParsedPubArea;

24

dist/registration/verifications/tpm/parsePubArea.js

@@ -7,2 +7,5 @@ "use strict";

* Break apart a TPM attestation's pubArea buffer
*
* See 12.2.4 TPMT_PUBLIC here:
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
*/

@@ -35,2 +38,3 @@ function parsePubArea(pubArea) {

const parameters = {};
let unique = Buffer.from([]);
if (type === 'TPM_ALG_RSA') {

@@ -44,2 +48,8 @@ const rsaBuffer = pubArea.slice(pointer, (pointer += 10));

};
/**
* See 11.2.4.5 TPM2B_PUBLIC_KEY_RSA here:
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
*/
const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
unique = pubArea.slice(pointer, (pointer += uniqueLength));
}

@@ -54,2 +64,13 @@ else if (type === 'TPM_ALG_ECC') {

};
/**
* See 11.2.5.1 TPM2B_ECC_PARAMETER here:
* https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-00.96-130315.pdf
*/
// Retrieve X
const uniqueXLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
const uniqueX = pubArea.slice(pointer, (pointer += uniqueXLength));
// Retrieve Y
const uniqueYLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
const uniqueY = pubArea.slice(pointer, (pointer += uniqueYLength));
unique = Buffer.concat([uniqueX, uniqueY]);
}

@@ -59,5 +80,2 @@ else {

}
// Slice out unique of dynamic length
const uniqueLength = pubArea.slice(pointer, (pointer += 2)).readUInt16BE(0);
const unique = pubArea.slice(pointer, (pointer += uniqueLength));
return {

@@ -64,0 +82,0 @@ type,

10

dist/registration/verifications/tpm/verifyAttestationTPM.js

@@ -73,6 +73,2 @@ "use strict";

else if (pubType === 'TPM_ALG_ECC') {
/**
* TODO: Confirm this all works fine. Conformance tools v1.3.4 don't currently test ECC so I
* had to eyeball it based on the **duo-labs/webauthn** library
*/
const crv = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.crv);

@@ -97,5 +93,5 @@ const x = cosePublicKey.get(convertCOSEtoPKCS_1.COSEKEYS.x);

const pubAreaCurveID = parameters.ecc.curveID;
const pubKeyCurveID = constants_1.TPM_ECC_CURVE[crv.readUInt16BE(0)];
if (pubAreaCurveID !== pubKeyCurveID) {
throw new Error(`Unexpected public key curve ID "${pubKeyCurveID}", expected "${pubAreaCurveID}" (TPM|ECC)`);
const pubAreaCurveIDMapToCOSECRV = constants_1.TPM_ECC_CURVE_COSE_CRV_MAP[pubAreaCurveID];
if (pubAreaCurveIDMapToCOSECRV !== crv) {
throw new Error(`Public area key curve ID "${pubAreaCurveID}" mapped to "${pubAreaCurveIDMapToCOSECRV}" which did not match public key crv of "${crv}" (TPM|ECC)`);
}

@@ -102,0 +98,0 @@ }

4

package.json
{
"name": "@simplewebauthn/server",
"version": "5.4.0",
"version": "5.4.1",
"description": "SimpleWebAuthn for Servers",

@@ -62,3 +62,3 @@ "main": "dist/index.js",

},
"gitHead": "c41351664e47b0606d49da435298ef588bfe137f",
"gitHead": "3a673b2cf940133ed8d3a68e80a95f198b1e6f9e",
"devDependencies": {

@@ -65,0 +65,0 @@ "@types/cbor": "^5.0.1",

dist/registration/verifications/tpm/constants.js.map

Sorry, the diff of this file is not supported yet

dist/registration/verifications/tpm/parsePubArea.js.map

Sorry, the diff of this file is not supported yet

dist/registration/verifications/tpm/verifyAttestationTPM.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc