passkey test (#116)
Co-authored-by: Trent Larson <trent@trentlarson.com> Reviewed-on: #116 Co-authored-by: trentlarson <trent@trentlarson.com> Co-committed-by: trentlarson <trent@trentlarson.com>
This commit is contained in:
@@ -11,6 +11,8 @@ import { DEFAULT_DID_PROVIDER_NAME } from "../veramo/setup";
|
||||
|
||||
export const DEFAULT_ROOT_DERIVATION_PATH = "m/84737769'/0'/0'/0'";
|
||||
|
||||
export const LOCAL_KMS_NAME = "local";
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
@@ -31,7 +33,7 @@ export const newIdentifier = (
|
||||
keys: [
|
||||
{
|
||||
kid: publicHex,
|
||||
kms: "local",
|
||||
kms: LOCAL_KMS_NAME,
|
||||
meta: { derivationPath: derivationPath },
|
||||
privateKeyHex: privateHex,
|
||||
publicKeyHex: publicHex,
|
||||
@@ -64,6 +66,10 @@ export const deriveAddress = (
|
||||
return [address, privateHex, publicHex, derivationPath];
|
||||
};
|
||||
|
||||
export const generateRandomBytes = (numBytes: number): Uint8Array => {
|
||||
return getRandomBytesSync(numBytes);
|
||||
};
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
|
||||
102
src/libs/crypto/passkeyHelpers.ts
Normal file
102
src/libs/crypto/passkeyHelpers.ts
Normal file
@@ -0,0 +1,102 @@
|
||||
// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoCrypto/unwrapEC2Signature.ts
|
||||
import { AsnParser } from "@peculiar/asn1-schema";
|
||||
import { ECDSASigValue } from "@peculiar/asn1-ecc";
|
||||
|
||||
/**
|
||||
* In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
|
||||
*
|
||||
* See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
|
||||
*/
|
||||
export function unwrapEC2Signature(signature: Uint8Array): Uint8Array {
|
||||
const parsedSignature = AsnParser.parse(signature, ECDSASigValue);
|
||||
let rBytes = new Uint8Array(parsedSignature.r);
|
||||
let sBytes = new Uint8Array(parsedSignature.s);
|
||||
|
||||
if (shouldRemoveLeadingZero(rBytes)) {
|
||||
rBytes = rBytes.slice(1);
|
||||
}
|
||||
|
||||
if (shouldRemoveLeadingZero(sBytes)) {
|
||||
sBytes = sBytes.slice(1);
|
||||
}
|
||||
|
||||
const finalSignature = isoUint8ArrayConcat([rBytes, sBytes]);
|
||||
|
||||
return finalSignature;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine if the DER-specific `00` byte at the start of an ECDSA signature byte sequence
|
||||
* should be removed based on the following logic:
|
||||
*
|
||||
* "If the leading byte is 0x0, and the the high order bit on the second byte is not set to 0,
|
||||
* then remove the leading 0x0 byte"
|
||||
*/
|
||||
function shouldRemoveLeadingZero(bytes: Uint8Array): boolean {
|
||||
return bytes[0] === 0x0 && (bytes[1] & (1 << 7)) !== 0;
|
||||
}
|
||||
|
||||
// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoUint8Array.ts#L49
|
||||
/**
|
||||
* Combine multiple Uint8Arrays into a single Uint8Array
|
||||
*/
|
||||
export function isoUint8ArrayConcat(arrays: Uint8Array[]): Uint8Array {
|
||||
let pointer = 0;
|
||||
const totalLength = arrays.reduce((prev, curr) => prev + curr.length, 0);
|
||||
|
||||
const toReturn = new Uint8Array(totalLength);
|
||||
|
||||
arrays.forEach((arr) => {
|
||||
toReturn.set(arr, pointer);
|
||||
pointer += arr.length;
|
||||
});
|
||||
|
||||
return toReturn;
|
||||
}
|
||||
|
||||
// from https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/server/src/helpers/iso/isoCrypto/getWebCrypto.ts
|
||||
let webCrypto: unknown = undefined;
|
||||
export function getWebCrypto() {
|
||||
/**
|
||||
* Hello there! If you came here wondering why this method is asynchronous when use of
|
||||
* `globalThis.crypto` is not, it's to minimize a bunch of refactor related to making this
|
||||
* synchronous. For example, `generateRegistrationOptions()` and `generateAuthenticationOptions()`
|
||||
* become synchronous if we make this synchronous (since nothing else in that method is async)
|
||||
* which represents a breaking API change in this library's core API.
|
||||
*
|
||||
* TODO: If it's after February 2025 when you read this then consider whether it still makes sense
|
||||
* to keep this method asynchronous.
|
||||
*/
|
||||
const toResolve = new Promise((resolve, reject) => {
|
||||
if (webCrypto) {
|
||||
return resolve(webCrypto);
|
||||
}
|
||||
/**
|
||||
* Naively attempt to access Crypto as a global object, which popular ESM-centric run-times
|
||||
* support (and Node v20+)
|
||||
*/
|
||||
const _globalThisCrypto = _getWebCryptoInternals.stubThisGlobalThisCrypto();
|
||||
if (_globalThisCrypto) {
|
||||
webCrypto = _globalThisCrypto;
|
||||
return resolve(webCrypto);
|
||||
}
|
||||
// We tried to access it both in Node and globally, so bail out
|
||||
return reject(new MissingWebCrypto());
|
||||
});
|
||||
return toResolve;
|
||||
}
|
||||
export class MissingWebCrypto extends Error {
|
||||
constructor() {
|
||||
const message = "An instance of the Crypto API could not be located";
|
||||
super(message);
|
||||
this.name = "MissingWebCrypto";
|
||||
}
|
||||
}
|
||||
// Make it possible to stub return values during testing
|
||||
export const _getWebCryptoInternals = {
|
||||
stubThisGlobalThisCrypto: () => globalThis.crypto,
|
||||
// Make it possible to reset the `webCrypto` at the top of the file
|
||||
setCachedCrypto: (newCrypto: unknown) => {
|
||||
webCrypto = newCrypto;
|
||||
},
|
||||
};
|
||||
Reference in New Issue
Block a user