convertPublicKeyToPEM not working

[MartTave]

Hello,

First of all thank you for this lib, I was struggling trying to implement a simple webauthn lib and found your that worked perfectly !

But I encountered a small problem. While trying to validate the login (authenticate) challenge by calling verifyAuthenticationResponse, I got an error in the convertPublicKeyToPEM.js file on the line 17 const kty = struct.get(convertCOSEtoPKCS_1.COSEKEYS.kty);. It was telling me TypeError: struct.get is not a function. While debugging, I found that struct was undefined as the cbor_1.default.decodeAllSync returned an empty array. While trying many things, I changed that line from struct = cbor_1.default.decodeAllSync(publicKey)[0]; to struct = cbor_1.default.decodeAllSync(Buffer.from(publicKey))[0]; (Added a Buffer.from()) before using the publicKey. And now it seems to work. I post here because I'm not confident in what i'm doing and I want to make the best implementation possible. Is it normal that I need to do that in order for this function to work ?

For infos, I'm first trying to make this work, my plan is to have only my key registered in the db and authorize access only to people having access to my physical key (i.e. me). For now, I'm saving the data in a file in plaintext for convenience but in the near future I'll be setting a database for it. I've tested it while keeping the authenticator in memory from the registration to the authentication to see if it was the file encoding that was messing things up but it seems that that wasn't the case as it wasn't working either.

Sorry for my bad english

Tavernier Martin

[MasterKale]

@MartTave Can you include a code sample of how you're calling verifyAuthenticationResponse(), particularly the value you're passing in for authenticator?

[MartTave]

Yup, here's the call

    let success = true;
    try {
        authenticator = fs.readFileSync(path.join(__dirname, 'data/data.json'), 'utf8');
        authenticator = JSON.parse(authenticator);
    } catch (e) {
        success = false;
    }
    if (!authenticator || !success) {
        res.send("Something went wrong");
        return;
    }
    try {
        const reqAuthId = base64url.toBuffer(req.body.rawId);
        const dataId = Buffer.from(authenticator.credentialID);
        if (dataId.equals(reqAuthId)) {
            verification = await SimpleWebAuthnServer.verifyAuthenticationResponse({
                credential: req.body,
                expectedChallenge: req.session.login_challenge,
                expectedOrigin: origin,
                expectedRPID: rpID,
                authenticator,
            });
        } else {
            res.send({
                message: "The authenticator you used is not registered",
            })
        }

For the authenticator value, as you can see. I'm reading it from a file.

Here's the file content

    "credentialID":
    {
        "type":"Buffer",
        "data":[42,214,105,11,104,249,225,29,50,188,48,37,153,127,243,205,105,176,63,27,143,219,66,236,218,214,244,141,141,81,132,38]
    },
    "credentialPublicKey":
    {
        "type":"Buffer",
        "data":[164,1,3,3,57,1,0,32,89,1,0,186,85,236,182,107,150,216,166,254,2,30,75,58,38,27,158,205,242,89,209,241,129,47,41,143,172,234,178,159,34,216,190,86,67,26,69,62,78,134,141,101,4,182,87,224,148,106,100,86,35,67,227,5,222,166,59,92,50,157,68,203,80,7,231,214,181,122,165,182,58,32,89,216,170,125,221,154,186,30,101,27,255,137,88,152,75,5,41,28,118,22,75,225,227,197,170,133,53,8,192,116,157,111,95,5,234,5,139,209,138,146,30,86,58,154,176,175,7,231,149,61,169,127,192,71,37,18,47,15,193,198,86,111,245,155,63,202,190,65,133,132,253,232,198,71,52,13,160,134,186,60,100,99,215,4,234,53,58,18,216,11,193,140,183,64,190,200,117,253,179,158,120,247,41,113,39,109,25,32,218,174,186,251,198,152,184,53,247,165,234,26,12,112,7,76,152,218,155,167,174,101,158,128,29,23,9,0,75,118,25,79,91,13,28,54,141,252,83,196,66,137,199,133,189,53,224,98,23,96,232,147,80,254,82,177,198,53,202,82,1,199,131,58,124,180,104,252,171,37,222,91,95,103,149,39,205,33,67,1,0,1]
    },
    "counter":0,
    "transports":["internal"]
}

Thanks for you time !

Tavernier Martin

[MasterKale]

Okay, I think I see what's going on. Your authenticator's "credentialID" and "credentialPublicKey" are objects, not Buffers. Did you JSON.stringify() those values from a registration before storing them in a .json file?

You can probably get this to work after reading in data.json by creating a new object and calling Buffer.from() on the data properties:

import { AuthenticatorDevice, AuthenticatorTransport } from '@simplewebauthn/typescript-types';

const authenticator: AuthenticatorDevice = {
  credentialID: Buffer.from(authrData.credentialID.data),
  credentialPublicKey: Buffer.from(authrData.credentialPublicKey.data),
  counter: authrData.counter,
  transports: authrData.transports as AuthenticatorTransport[],
};

Then pass in the authenticator above to verifyAuthenticationResponse() and I bet you it'll work.

[MartTave]

Yeah in fact now that you said it, it seems pretty much normal that I need to convert the string from the file back to a Buffer object but I didn't though of it alone. Thank you very much for your time and help ! And great module by the way !

Tavernier Martin

[MasterKale]

Aww dang, I didn't get an email that you'd responded, apologies for the delay. I'll take a look tonight or tomorrow and follow up

[edbella]

@MasterKale I'd like to follow up on this.

This issue still persists for me.

On the authentication generation side of thing;

                            const allowCredentials = userAuthenticators.map(authenticator => {
			console.log('isBuffer', Buffer.isBuffer(authenticator.credentialID));

			return {
				// Converting the value back to a buffer
				id: Buffer.from((authenticator.credentialID as any)?.data),
				type: 'public-key' as PublicKeyCredentialType,
				transports: authenticator?.transports ?? [],
			};
		});

		console.log('allowed credentials', allowCredentials);

		const options = generateAuthenticationOptions({
			// Require users to use a previously-registered authenticator
			allowCredentials,
			userVerification: 'required',
			timeout,
			rpID,
		});

On the verification end of things;

                    // Verify the response of the biometrics from the client
		const verification = await verifyAuthenticationResponse({
			credential: data // req.body,
			expectedChallenge: biometricChallenge,
			expectedOrigin: origin,
			expectedRPID: rpID,
			authenticator,
		});

I still get the same error as defined
TypeError: Cannot read properties of undefined (reading 'get') at verifySignature

[MasterKale]

Hello @edbella, did you ever figure this out? What is the value of data when you call verifyAuthenticationResponse()?