New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@simplewebauthn/server

Package Overview
Dependencies
Maintainers
1
Versions
89
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@simplewebauthn/server - npm Package Compare versions

Comparing version 5.4.2 to 5.4.3

25

dist/metadata/mdsTypes.d.ts

@@ -146,3 +146,3 @@ import { Base64URLString } from '@simplewebauthn/typescript-types';

* USER_VERIFY
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#user-verification-methods
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#user-verification-methods
*/

@@ -152,8 +152,12 @@ export declare type UserVerify = 'presence_internal' | 'fingerprint_internal' | 'passcode_internal' | 'voiceprint_internal' | 'faceprint_internal' | 'location_internal' | 'eyeprint_internal' | 'pattern_internal' | 'handprint_internal' | 'passcode_external' | 'pattern_external' | 'none' | 'all';

* ALG_SIGN
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#authentication-algorithms
*
* Using this helpful TS pattern here so that we can strongly enforce the existence of COSE info
* mappings in `algSignToCOSEInfoMap` in verifyAttestationWithMetadata.ts
*/
export declare type AlgSign = 'secp256r1_ecdsa_sha256_raw' | 'secp256r1_ecdsa_sha256_der' | 'rsassa_pss_sha256_raw' | 'rsassa_pss_sha256_der' | 'secp256k1_ecdsa_sha256_raw' | 'secp256k1_ecdsa_sha256_der' | 'sm2_sm3_raw' | 'rsa_emsa_pkcs1_sha256_raw' | 'rsa_emsa_pkcs1_sha256_der' | 'rsassa_pss_sha384_raw' | 'rsassa_pss_sha256_raw' | 'rsassa_pkcsv15_sha256_raw' | 'rsassa_pkcsv15_sha384_raw' | 'rsassa_pkcsv15_sha512_raw' | 'rsassa_pkcsv15_sha1_raw' | 'secp384r1_ecdsa_sha384_raw' | 'secp512r1_ecdsa_sha256_raw' | 'ed25519_eddsa_sha512_raw';
export declare type AlgSign = typeof AlgSign[number];
declare const AlgSign: readonly ["secp256r1_ecdsa_sha256_raw", "secp256r1_ecdsa_sha256_der", "rsassa_pss_sha256_raw", "rsassa_pss_sha256_der", "secp256k1_ecdsa_sha256_raw", "secp256k1_ecdsa_sha256_der", "rsassa_pss_sha384_raw", "rsassa_pkcsv15_sha256_raw", "rsassa_pkcsv15_sha384_raw", "rsassa_pkcsv15_sha512_raw", "rsassa_pkcsv15_sha1_raw", "secp384r1_ecdsa_sha384_raw", "secp512r1_ecdsa_sha256_raw", "ed25519_eddsa_sha512_raw"];
/**
* ALG_KEY
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#public-key-representation-formats
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#public-key-representation-formats
*/

@@ -163,8 +167,8 @@ export declare type AlgKey = 'ecc_x962_raw' | 'ecc_x962_der' | 'rsa_2048_raw' | 'rsa_2048_der' | 'cose';

* ATTESTATION
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authenticator-attestation-types
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#authenticator-attestation-types
*/
export declare type Attestation = 'basic_full' | 'basic_surrogate' | 'ecdaa' | 'attca';
export declare type Attestation = 'basic_full' | 'basic_surrogate' | 'ecdaa' | 'attca' | 'anonca' | 'none';
/**
* KEY_PROTECTION
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#key-protection-types
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#key-protection-types
*/

@@ -174,3 +178,3 @@ export declare type KeyProtection = 'software' | 'hardware' | 'tee' | 'secure_element' | 'remote_handle';

* MATCHER_PROTECTION
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#matcher-protection-types
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#matcher-protection-types
*/

@@ -180,3 +184,3 @@ export declare type MatcherProtection = 'software' | 'tee' | 'on_chip';

* ATTACHMENT_HINT
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authenticator-attachment-hints
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#authenticator-attachment-hints
*/

@@ -186,3 +190,3 @@ export declare type AttachmentHint = 'internal' | 'external' | 'wired' | 'wireless' | 'nfc' | 'bluetooth' | 'network' | 'ready' | 'wifi_direct';

* TRANSACTION_CONFIRMATION_DISPLAY
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#transaction-confirmation-display-types
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#transaction-confirmation-display-types
*/

@@ -214,1 +218,2 @@ export declare type TransactionConfirmationDisplay = 'any' | 'privileged_software' | 'tee' | 'hardware' | 'remote';

};
export {};

16

dist/metadata/mdsTypes.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const AlgSign = [
'secp256r1_ecdsa_sha256_raw',
'secp256r1_ecdsa_sha256_der',
'rsassa_pss_sha256_raw',
'rsassa_pss_sha256_der',
'secp256k1_ecdsa_sha256_raw',
'secp256k1_ecdsa_sha256_der',
'rsassa_pss_sha384_raw',
'rsassa_pkcsv15_sha256_raw',
'rsassa_pkcsv15_sha384_raw',
'rsassa_pkcsv15_sha512_raw',
'rsassa_pkcsv15_sha1_raw',
'secp384r1_ecdsa_sha384_raw',
'secp512r1_ecdsa_sha256_raw',
'ed25519_eddsa_sha512_raw',
];
//# sourceMappingURL=mdsTypes.js.map

18

dist/metadata/verifyAttestationWithMetadata.d.ts
/// <reference types="node" />
import { Base64URLString } from '@simplewebauthn/typescript-types';
import { MetadataStatement } from '../metadata/mdsTypes';
import type { MetadataStatement, AlgSign } from '../metadata/mdsTypes';
/**

@@ -9,1 +9,17 @@ * Match properties of the authenticator's attestation statement against expected values as

export declare function verifyAttestationWithMetadata(statement: MetadataStatement, credentialPublicKey: Buffer, x5c: Buffer[] | Base64URLString[]): Promise<boolean>;
declare type COSEInfo = {
kty: number;
alg: number;
crv?: number;
};
/**
* Convert ALG_SIGN values to COSE info
*
* Values pulled from `ALG_KEY_COSE` definitions in the FIDO Registry of Predefined Values
*
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#authentication-algorithms
*/
export declare const algSignToCOSEInfoMap: {
[key in AlgSign]: COSEInfo;
};
export {};

109

dist/metadata/verifyAttestationWithMetadata.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.verifyAttestationWithMetadata = void 0;
exports.algSignToCOSEInfoMap = exports.verifyAttestationWithMetadata = void 0;
const convertCertBufferToPEM_1 = require("../helpers/convertCertBufferToPEM");

@@ -16,4 +16,5 @@ const validateCertificatePath_1 = require("../helpers/validateCertificatePath");

statement.authenticationAlgorithms.forEach(algSign => {
// Convert algSign string to { kty, alg, crv }
const algSignCOSEINFO = algSignToCOSEInfo(algSign);
// Map algSign string to { kty, alg, crv }
const algSignCOSEINFO = exports.algSignToCOSEInfoMap[algSign];
// Keeping this statement here just in case MDS returns something unexpected
if (algSignCOSEINFO) {

@@ -58,15 +59,22 @@ keypairCOSEAlgs.add(algSignCOSEINFO);

if (!foundMatch) {
const debugMDSAlgs = Array.from(keypairCOSEAlgs);
// Construct some useful error output about the public key
const debugPubKeyAlgInfo = {
kty: publicKeyCOSEInfo.kty,
alg: publicKeyCOSEInfo.alg,
};
// Don't output a bunch of bytes for `crv` when the public key is an RSA key
if (publicKeyCOSEInfo.kty !== convertCOSEtoPKCS_1.COSEKTY.RSA) {
debugPubKeyAlgInfo.crv = publicKeyCOSEInfo.crv;
}
const strPubKeyAlg = JSON.stringify(debugPubKeyAlgInfo);
const strMDSAlgs = JSON.stringify(debugMDSAlgs);
throw new Error(`Public key algorithm ${strPubKeyAlg} did not match any metadata algorithms ${strMDSAlgs}`);
/**
* Craft some useful error output from the MDS algorithms
*
* Example:
*
* ```
* [
* 'rsassa_pss_sha256_raw' (COSE info: { kty: 3, alg: -37 }),
* 'secp256k1_ecdsa_sha256_raw' (COSE info: { kty: 2, alg: -47, crv: 8 })
* ]
* ```
*/
const debugMDSAlgs = statement.authenticationAlgorithms
.map((algSign) => `'${algSign}' (COSE info: ${stringifyCOSEInfo(exports.algSignToCOSEInfoMap[algSign])})`);
const strMDSAlgs = JSON.stringify(debugMDSAlgs, null, 2).replace(/"/g, '');
/**
* Construct useful error output about the public key
*/
const strPubKeyAlg = stringifyCOSEInfo(publicKeyCOSEInfo);
throw new Error(`Public key parameters ${strPubKeyAlg} did not match any of the following metadata algorithms:\n${strMDSAlgs}`);
}

@@ -88,41 +96,38 @@ try {

*
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.1-ps-20191217.html#authentication-algorithms
* https://fidoalliance.org/specs/common-specs/fido-registry-v2.2-ps-20220523.html#authentication-algorithms
*/
function algSignToCOSEInfo(algSign) {
switch (algSign) {
case 'secp256r1_ecdsa_sha256_raw':
case 'secp256r1_ecdsa_sha256_der':
return { kty: 2, alg: -7, crv: 1 };
case 'rsassa_pss_sha256_raw':
case 'rsassa_pss_sha256_der':
return { kty: 3, alg: -37 };
case 'secp256k1_ecdsa_sha256_raw':
case 'secp256k1_ecdsa_sha256_der':
return { kty: 2, alg: 7, crv: 8 };
case 'rsassa_pss_sha384_raw':
return { kty: 3, alg: -38 };
case 'rsassa_pkcsv15_sha256_raw':
return { kty: 3, alg: -257 };
case 'rsassa_pkcsv15_sha384_raw':
return { kty: 3, alg: -258 };
case 'rsassa_pkcsv15_sha512_raw':
return { kty: 3, alg: -259 };
case 'rsassa_pkcsv15_sha1_raw':
return { kty: 3, alg: -65535 };
case 'secp384r1_ecdsa_sha384_raw':
return { kty: 2, alg: -35, crv: 2 };
case 'secp512r1_ecdsa_sha256_raw':
return { kty: 2, alg: -36, crv: 3 };
case 'ed25519_eddsa_sha512_raw':
return { kty: 1, alg: -8, crv: 6 };
case 'rsa_emsa_pkcs1_sha256_raw':
case 'rsa_emsa_pkcs1_sha256_der':
return { kty: 3, alg: -257 };
// TODO: COSE info wasn't readily available for these, these seem rare...
// case 'sm2_sm3_raw':
// return {};
default:
return undefined;
exports.algSignToCOSEInfoMap = {
secp256r1_ecdsa_sha256_raw: { kty: 2, alg: -7, crv: 1 },
secp256r1_ecdsa_sha256_der: { kty: 2, alg: -7, crv: 1 },
rsassa_pss_sha256_raw: { kty: 3, alg: -37 },
rsassa_pss_sha256_der: { kty: 3, alg: -37 },
secp256k1_ecdsa_sha256_raw: { kty: 2, alg: -47, crv: 8 },
secp256k1_ecdsa_sha256_der: { kty: 2, alg: -47, crv: 8 },
rsassa_pss_sha384_raw: { kty: 3, alg: -38 },
rsassa_pkcsv15_sha256_raw: { kty: 3, alg: -257 },
rsassa_pkcsv15_sha384_raw: { kty: 3, alg: -258 },
rsassa_pkcsv15_sha512_raw: { kty: 3, alg: -259 },
rsassa_pkcsv15_sha1_raw: { kty: 3, alg: -65535 },
secp384r1_ecdsa_sha384_raw: { kty: 2, alg: -35, crv: 2 },
secp512r1_ecdsa_sha256_raw: { kty: 2, alg: -36, crv: 3 },
ed25519_eddsa_sha512_raw: { kty: 1, alg: -8, crv: 6 },
};
/**
* A helper to format COSEInfo a little nicer than we can achieve with JSON.stringify()
*
* Input: `{ "kty": 3, "alg": -257 }`
*
* Output: `"{ kty: 3, alg: -257 }"`
*/
function stringifyCOSEInfo(info) {
const { kty, alg, crv } = info;
let toReturn = '';
if (kty !== convertCOSEtoPKCS_1.COSEKTY.RSA) {
toReturn = `{ kty: ${kty}, alg: ${alg}, crv: ${crv} }`;
}
else {
toReturn = `{ kty: ${kty}, alg: ${alg} }`;
}
return toReturn;
}
//# sourceMappingURL=verifyAttestationWithMetadata.js.map

4

package.json
{
"name": "@simplewebauthn/server",
"version": "5.4.2",
"version": "5.4.3",
"description": "SimpleWebAuthn for Servers",

@@ -62,3 +62,3 @@ "main": "dist/index.js",

},
"gitHead": "a79e3d35f30970439b3bab01d7039b535cacf9ab",
"gitHead": "bee3aefe652cba5b6e46dc2af282ec4028e3eefa",
"devDependencies": {

@@ -65,0 +65,0 @@ "@types/cbor": "^5.0.1",

dist/metadata/mdsTypes.js.map

Sorry, the diff of this file is not supported yet

dist/metadata/verifyAttestationWithMetadata.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc