Dep update, Self attestation bug fix, PEM trailing newline fix, cleanup (#99)

* Fix packed self attestation bug

Update tldts

Update pkijs

Remove reference to std/url in Deno import map

* Fix & test for #96

* Fix lint

Author: Hexagon

deno-lock.json

@@ -1,74 +1,5 @@
 {
-  "https://deno.land/std@0.135.0/_util/assert.ts": "e94f2eb37cebd7f199952e242c77654e43333c1ac4c5c700e929ea3aa5489f74",
-  "https://deno.land/std@0.135.0/_util/os.ts": "49b92edea1e82ba295ec946de8ffd956ed123e2948d9bd1d3e901b04e4307617",
-  "https://deno.land/std@0.135.0/async/abortable.ts": "87aa7230be8360c24ad437212311c9e8d4328854baec27b4c7abb26e85515c06",
-  "https://deno.land/std@0.135.0/async/deadline.ts": "48ac998d7564969f3e6ec6b6f9bf0217ebd00239b1b2292feba61272d5dd58d0",
-  "https://deno.land/std@0.135.0/async/debounce.ts": "564273ef242bcfcda19a439132f940db8694173abffc159ea34f07d18fc42620",
-  "https://deno.land/std@0.135.0/async/deferred.ts": "bc18e28108252c9f67dfca2bbc4587c3cbf3aeb6e155f8c864ca8ecff992b98a",
-  "https://deno.land/std@0.135.0/async/delay.ts": "cbbdf1c87d1aed8edc7bae13592fb3e27e3106e0748f089c263390d4f49e5f6c",
-  "https://deno.land/std@0.135.0/async/mod.ts": "2240c6841157738414331f47dee09bb8c0482c5b1980b6e3234dd03515c8132f",
-  "https://deno.land/std@0.135.0/async/mux_async_iterator.ts": "f4d1d259b0c694d381770ddaaa4b799a94843eba80c17f4a2ec2949168e52d1e",
-  "https://deno.land/std@0.135.0/async/pool.ts": "97b0dd27c69544e374df857a40902e74e39532f226005543eabacb551e277082",
-  "https://deno.land/std@0.135.0/async/tee.ts": "1341feb1f5b1a96f8628d0f8fc07d8c43d3813423f18a63bf1b4785568d21b1f",
-  "https://deno.land/std@0.135.0/bytes/bytes_list.ts": "67eb118e0b7891d2f389dad4add35856f4ad5faab46318ff99653456c23b025d",
-  "https://deno.land/std@0.135.0/bytes/equals.ts": "a60ef9f01fb6e06a4e0343fc44d53d39d12dd66bc3f09ac8e6eb9cc1a6335e48",
-  "https://deno.land/std@0.135.0/bytes/mod.ts": "4cef6fe8f0de217b9babbcbb0a566402b667f18a8e6d094a45e5fb3fc1afff70",
-  "https://deno.land/std@0.135.0/encoding/base64.ts": "c8c16b4adaa60d7a8eee047c73ece26844435e8f7f1328d74593dbb2dd58ea4f",
-  "https://deno.land/std@0.135.0/encoding/base64url.ts": "55f9d13df02efac10c6f96169daa3e702606a64e8aa27c0295f645f198c27130",
   "https://deno.land/std@0.135.0/fmt/colors.ts": "30455035d6d728394781c10755351742dd731e3db6771b1843f9b9e490104d37",
-  "https://deno.land/std@0.135.0/fmt/printf.ts": "e2c0f72146aed1efecf0c39ab928b26ae493a2278f670a871a0fbdcf36ff3379",
-  "https://deno.land/std@0.135.0/io/buffer.ts": "bd0c4bf53db4b4be916ca5963e454bddfd3fcd45039041ea161dbf826817822b",
-  "https://deno.land/std@0.135.0/io/types.d.ts": "01f60ae7ec02675b5dbed150d258fc184a78dfe5c209ef53ba4422b46b58822c",
-  "https://deno.land/std@0.135.0/node/_buffer.d.ts": "90f674081428a61978b6d481c5f557ff743a3f4a85d7ae113caab48fdf5b8a63",
-  "https://deno.land/std@0.135.0/node/_buffer.mjs": "f4a7df481d4eed06dc0151b833177d8ef74fc3a96dd4d2b073e690b6ced9474d",
-  "https://deno.land/std@0.135.0/node/_core.ts": "568d277be2e086af996cbdd599fec569f5280e9a494335ca23ad392b130d7bb9",
-  "https://deno.land/std@0.135.0/node/_next_tick.ts": "3546559be2b353208f8b10df81c6d9c26c045fa4ea811926f6596f2dc6b1b0b1",
-  "https://deno.land/std@0.135.0/node/_process/exiting.ts": "bc9694769139ffc596f962087155a8bfef10101d03423b9dcbc51ce6e1f88fce",
-  "https://deno.land/std@0.135.0/node/_util/_util_callbackify.ts": "79928ad80df3e469f7dcdb198118a7436d18a9f6c08bd7a4382332ad25a718cf",
-  "https://deno.land/std@0.135.0/node/_utils.ts": "ae3ee3999c0b82c3d3d34c2ab5d85ff899f441662a9de05b52b68c39dce8a72c",
-  "https://deno.land/std@0.135.0/node/buffer.ts": "fbecbf3f237fa49bec96e97ecf56a7b92d48037b3d11219288e68943cc921600",
-  "https://deno.land/std@0.135.0/node/internal/buffer.mjs": "6662fe7fe517329453545be34cea27a24f8ccd6d09afd4f609f11ade2b6dfca7",
-  "https://deno.land/std@0.135.0/node/internal/crypto/keys.ts": "16ce7b15a9fc5e4e3dee8fde75dae12f3d722558d5a1a6e65a9b4f86d64a21e9",
-  "https://deno.land/std@0.135.0/node/internal/crypto/util.mjs": "1de55a47fdbed6721b467a77ba48fdd1550c10b5eee77bbdb602eaffee365a5e",
-  "https://deno.land/std@0.135.0/node/internal/error_codes.ts": "ac03c4eae33de3a69d6c98e8678003207eecf75a6900eb847e3fea3c8c9e6d8f",
-  "https://deno.land/std@0.135.0/node/internal/errors.ts": "25f91691225b001660e6e64745ecd336fbf562cf0185e8896ff013c2d0226794",
-  "https://deno.land/std@0.135.0/node/internal/fixed_queue.ts": "455b3c484de48e810b13bdf95cd1658ecb1ba6bcb8b9315ffe994efcde3ba5f5",
-  "https://deno.land/std@0.135.0/node/internal/hide_stack_frames.ts": "a91962ec84610bc7ec86022c4593cdf688156a5910c07b5bcd71994225c13a03",
-  "https://deno.land/std@0.135.0/node/internal/idna.ts": "a8bdd28431f06630d8aad85d3cb8fd862459107af228c8805373ad2080f1c587",
-  "https://deno.land/std@0.135.0/node/internal/normalize_encoding.mjs": "3779ec8a7adf5d963b0224f9b85d1bc974a2ec2db0e858396b5d3c2c92138a0a",
-  "https://deno.land/std@0.135.0/node/internal/querystring.ts": "c3b23674a379f696e505606ddce9c6feabe9fc497b280c56705c340f4028fe74",
-  "https://deno.land/std@0.135.0/node/internal/util.mjs": "2f0c8ff553c175ea6e4ed13d7cd7cd6b86dc093dc2f783c6c3dfc63f60a0943e",
-  "https://deno.land/std@0.135.0/node/internal/util/comparisons.ts": "680b55fe8bdf1613633bc469fa0440f43162c76dbe36af9aa2966310e1bb9f6e",
-  "https://deno.land/std@0.135.0/node/internal/util/debuglog.ts": "6f12a764f5379e9d2675395d15d2fb48bd7376921ef64006ffb022fc7f44ab82",
-  "https://deno.land/std@0.135.0/node/internal/util/inspect.mjs": "d1c2569c66a3dab45eec03208f22ad4351482527859c0011a28a6c797288a0aa",
-  "https://deno.land/std@0.135.0/node/internal/util/types.ts": "b2dacb8f1f5d28a51c4da5c5b75172b7fcf694073ce95ca141323657e18b0c60",
-  "https://deno.land/std@0.135.0/node/internal/validators.mjs": "a7e82eafb7deb85c332d5f8d9ffef052f46a42d4a121eada4a54232451acc49a",
-  "https://deno.land/std@0.135.0/node/internal_binding/_libuv_winerror.ts": "801e05c2742ae6cd42a5f0fd555a255a7308a65732551e962e5345f55eedc519",
-  "https://deno.land/std@0.135.0/node/internal_binding/_node.ts": "e4075ba8a37aef4eb5b592c8e3807c39cb49ca8653faf8e01a43421938076c1b",
-  "https://deno.land/std@0.135.0/node/internal_binding/_utils.ts": "1c50883b5751a9ea1b38951e62ed63bacfdc9d69ea665292edfa28e1b1c5bd94",
-  "https://deno.land/std@0.135.0/node/internal_binding/_winerror.ts": "8811d4be66f918c165370b619259c1f35e8c3e458b8539db64c704fbde0a7cd2",
-  "https://deno.land/std@0.135.0/node/internal_binding/buffer.ts": "781e1d13adc924864e6e37ecb5152e8a4e994cf394695136e451c47f00bda76c",
-  "https://deno.land/std@0.135.0/node/internal_binding/constants.ts": "171c7c5036d90a2ae6ef4fedd7232f29844dc977e50d24ea718d282949d96ffc",
-  "https://deno.land/std@0.135.0/node/internal_binding/string_decoder.ts": "5cb1863763d1e9b458bc21d6f976f16d9c18b3b3f57eaf0ade120aee38fba227",
-  "https://deno.land/std@0.135.0/node/internal_binding/types.ts": "4c26fb74ba2e45de553c15014c916df6789529a93171e450d5afb016b4c765e7",
-  "https://deno.land/std@0.135.0/node/internal_binding/util.ts": "a6d8bfcb180b8ccf1e45e44c4e0551044239a9b72c1c3b40d1cab77c3a7acba6",
-  "https://deno.land/std@0.135.0/node/internal_binding/uv.ts": "3821bc5e676d6955d68f581988c961d77dd28190aba5a9c59f16001a4deb34ba",
-  "https://deno.land/std@0.135.0/node/path.ts": "c65858e9cbb52dbc0dd348eefcdc41e82906c39cfa7982f2d4d805e828414b8c",
-  "https://deno.land/std@0.135.0/node/path/_constants.ts": "bd26f24a052b7d6b746151f4a236d29ab3c2096883bb6449c2fa499494406672",
-  "https://deno.land/std@0.135.0/node/path/_interface.ts": "6034ee29f6f295460ec82db1a94df9269aecbb0eceb81be72e9d843f8e8a97e6",
-  "https://deno.land/std@0.135.0/node/path/_util.ts": "9d4735fc05f8f1fb94406450e84e23fd201dc3fef5298b009e44cfa4e797b8f0",
-  "https://deno.land/std@0.135.0/node/path/common.ts": "f41a38a0719a1e85aa11c6ba3bea5e37c15dd009d705bd8873f94c833568cbc4",
-  "https://deno.land/std@0.135.0/node/path/glob.ts": "d6b64a24f148855a6e8057a171a2f9910c39e492e4ccec482005205b28eb4533",
-  "https://deno.land/std@0.135.0/node/path/mod.ts": "62e21dc6e1fe2e9742fce85de631a7b067d968544fe66954578e6d73c97369a2",
-  "https://deno.land/std@0.135.0/node/path/posix.ts": "9dd5fc83c4ae0e0b700bef43c88c67e276840c187a66d4d6a661440cf1fecc52",
-  "https://deno.land/std@0.135.0/node/path/separator.ts": "c908c9c28ebe7f1fea67daaccf84b63af90d882fe986f9fa03af9563a852723a",
-  "https://deno.land/std@0.135.0/node/path/win32.ts": "f869ee449b6dee69b13e2d1f8f7f1d01c7ae1e67fa573eab789429929f7a3864",
-  "https://deno.land/std@0.135.0/node/querystring.ts": "967b8a7b00a73ebe373666deb3a7e501f164bac27bb342fde7221ecbb3522689",
-  "https://deno.land/std@0.135.0/node/url.ts": "bc0bde2774854b6a377c4c61fa73e5a28283cbeb7f8703479f44e471219c33a8",
-  "https://deno.land/std@0.135.0/node/util.ts": "7fd6933b37af89a8e64d73dc6ee1732455a59e7e6d0965311fbd73cd634ea630",
-  "https://deno.land/std@0.135.0/node/util/types.mjs": "f9288198cacd374b41bae7e92a23179d3160f4c0eaf14e19be3a4e7057219a60",
-  "https://deno.land/std@0.135.0/path/_constants.ts": "df1db3ffa6dd6d1252cc9617e5d72165cd2483df90e93833e13580687b6083c3",
-  "https://deno.land/std@0.135.0/streams/conversion.ts": "712585bfa0172a97fb68dd46e784ae8ad59d11b88079d6a4ab098ff42e697d21",
   "https://deno.land/std@0.135.0/testing/_diff.ts": "9d849cd6877694152e01775b2d93f9d6b7aef7e24bfe3bfafc4d7a1ac8e9f392",
   "https://deno.land/std@0.135.0/testing/asserts.ts": "b0ef969032882b1f7eb1c7571e313214baa1485f7b61cf35807b2434e254365c",
   "https://deno.land/x/b64@1.0.19/dist/base64.min.mjs": "3acdc783155891fadbd9b825aef2fc2ac7c3ce3b319bb36fa9f69d23f0bc93c1",
@@ -160,16 +91,16 @@
   "https://deno.land/x/test_suite@0.16.1/mod.ts": "16dd20330261d5de4a0b4f85676329eb77679649d01e6468898883e527c9e133",
   "https://deno.land/x/test_suite@0.16.1/test_suite.ts": "7854f0ab37d920355fe2e1a2c386f104601449eb93fcf537dafe30d6915a32d4",
   "https://unpkg.com/asn1js@3.0.5/build/index.es.js?module": "48ff8d0f461a86989dfe5ce8133d9732517697c93e343a8e3e8d8511d95c5eeb",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/bit.js?module": "b7df5624b5bd088751caaa569e122f6052ebafcb1857c3b5d829c00637009e83",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/bit_stream.js?module": "531ec71e608c47bd2be88a60a716bc06b6e61d16ca8bf038e52f16152025b906",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/byte_stream.js?module": "ae94869d120cc9c62648d22a0c8358a38749b412e802d1fee0f17277f8f79650",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/helpers.js?module": "cad67cd361f8625aab190c46f6e2c3ed559de5f29d1dfe2aa45515723de62650",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/index.js?module": "b28479744cbecb01cb69c4a49a8797d670ba4189270504a12b366d3bff9afc63",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/seq_bit_stream.js?module": "85d9f73fefdfba00d037a13e5605a3db43852b38d47e65d55a55d2acd6259b7b",
-  "https://unpkg.com/bytestreamjs@1.1.3/build/mjs/seq_stream.js?module": "184146c7b2e0fd18ef69c026eef44478b32516d1da3d1812b3160f0662e46dc4",
-  "https://unpkg.com/pkijs@3.0.1/build/index.es.js?module": "24a08a562e88b1d2374200c334be430f660e215d42fe96cc968f82c74c4b4f7d",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/bit.js?module": "b7df5624b5bd088751caaa569e122f6052ebafcb1857c3b5d829c00637009e83",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/bit_stream.js?module": "531ec71e608c47bd2be88a60a716bc06b6e61d16ca8bf038e52f16152025b906",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/byte_stream.js?module": "ae94869d120cc9c62648d22a0c8358a38749b412e802d1fee0f17277f8f79650",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/helpers.js?module": "cad67cd361f8625aab190c46f6e2c3ed559de5f29d1dfe2aa45515723de62650",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/index.js?module": "b28479744cbecb01cb69c4a49a8797d670ba4189270504a12b366d3bff9afc63",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/seq_bit_stream.js?module": "85d9f73fefdfba00d037a13e5605a3db43852b38d47e65d55a55d2acd6259b7b",
+  "https://unpkg.com/bytestreamjs@2.0.0/build/mjs/seq_stream.js?module": "184146c7b2e0fd18ef69c026eef44478b32516d1da3d1812b3160f0662e46dc4",
+  "https://unpkg.com/pkijs@3.0.5/build/index.es.js?module": "b05407c6b58e630b649992468b14a73a7ce486e240119d1e0e93f86be2c38feb",
   "https://unpkg.com/pvtsutils@1.3.2/build/index.es.js?module": "82e3289330c5ab2b1485084ef8bc621329bf817126951252cb336e619e322ecb",
   "https://unpkg.com/pvutils@1.1.3/build/utils.es.js?module": "6def4dab26340f2056fde9711dbf595396b64d53c720268b9f9a73c46940206f",
   "https://unpkg.com/sinon@14.0.0/pkg/sinon-esm.js": "aa8c0e11667719984f284dea668a06e817244a71edf2b7f89ec9c59cca88c118",
-  "https://unpkg.com/tldts@5.7.78/dist/index.esm.min.js": "5c65e9fc8b7be173fcee87572305ebb882b5d90d2ed499108d705ec6028d5a87"
+  "https://unpkg.com/tldts@5.7.81/dist/index.esm.min.js": "2786a1f126cc153a67591056f757b4ebc3f31e297446b60a3eafc63117d154d5"
 }

import_map.json

@@ -1,13 +1,12 @@
 {
     "imports": {
-        "tldts": "https://unpkg.com/tldts@5.7.78/dist/index.esm.min.js",
+        "tldts": "https://unpkg.com/tldts@5.7.81/dist/index.esm.min.js",
         "punycode": "https://deno.land/x/punycode@v2.1.1/punycode.js",
         "jose": "https://deno.land/x/jose@v4.8.1/index.ts?module",
         "asn1js": "https://unpkg.com/asn1js@3.0.5?module",
         "cbor-x": "https://deno.land/x/cbor@v1.2.1/index.js?module",
         "std/": "https://deno.land/std@0.135.0/",
-        "url": "https://deno.land/std@0.135.0/node/url.ts",
-        "pkijs": "https://unpkg.com/pkijs@3.0.1?module",
+        "pkijs": "https://unpkg.com/pkijs@3.0.5?module",
         "@hexagon/base64": "https://deno.land/x/b64@1.0.19/dist/base64.min.mjs",
 
         "sinon": "https://unpkg.com/sinon@14.0.0/pkg/sinon-esm.js",

lib/attestations/packed.js

@@ -66,17 +66,17 @@ function packedParseFn(attStmt) {
 	return ret;
 }
 
-function packedValidateFn() {
+async function packedValidateFn() {
 	const x5c = this.authnrData.get("x5c");
 	const ecdaaKeyId = this.authnrData.get("ecdaaKeyId");
 
 	if (x5c !== undefined && ecdaaKeyId !== undefined) {
 		throw new Error("packed attestation: should be 'basic' or 'ecdaa', got both");
 	}
 
-	if (x5c) return packedValidateBasic.call(this);
-	if (ecdaaKeyId) return packedValidateEcdaa.call(this);
-	return packedValidateSurrogate.call(this);
+	if (x5c) return await packedValidateBasic.call(this);
+	if (ecdaaKeyId) return await packedValidateEcdaa.call(this);
+	return await packedValidateSurrogate.call(this);
 }
 
 async function packedValidateBasic() {
@@ -248,7 +248,7 @@ async function validateSelfSignature(rawClientData, authenticatorData, sig, hash
 	return verify;
 }
 
-function packedValidateSurrogate() {
+async function packedValidateSurrogate() {
 	// see what algorithm we're working with
 	const {
 		algName,
@@ -262,14 +262,14 @@ function packedValidateSurrogate() {
 	// from: https://w3c.github.io/webauthn/#packed-attestation
 	// Verify that sig is a valid signature over the concatenation of authenticatorData and clientDataHash using the credential public key with alg.
 
-	const res = validateSelfSignature(
+	const res = await validateSelfSignature(
 		this.clientData.get("rawClientDataJson"),
 		this.authnrData.get("rawAuthnrData"),
 		this.authnrData.get("sig"),
 		hashAlg,
 		this.authnrData.get("credentialPublicKeyPem"),
 	);
-	if (!res) {
+	if (!res || typeof res !== "boolean") {
 		throw new Error("packed attestation signature verification failed");
 	}
 	this.audit.journal.add("sig");

lib/utils.js

@@ -222,6 +222,9 @@ function pemToBase64(pem) {
 		throw new Error("expected PEM string as input");
 	}
 
+	// Remove trailing \n
+	pem = pem.replace(/^\n/, "");
+
 	// Split on \n
 	let pemArr = pem.split("\n");
 

package-lock.json

@@ -1,6 +1,6 @@
 {
 	"name": "fido2-lib",
-	"version": "3.2.1",
+	"version": "3.2.2",
 	"description": "A library for performing FIDO 2.0 / WebAuthn functionality",
 	"type": "module",
 	"main": "dist/main.cjs",
@@ -54,8 +54,8 @@
 		"asn1js": "^3.0.2",
 		"cbor-x": "~1.2.1",
 		"jose": "^4.7.0",
-		"pkijs": "^3.0.3",
-		"tldts": "^5.7.79"
+		"pkijs": "^3.0.5",
+		"tldts": "^5.7.81"
 	},
 	"eslintConfig": {
 		"root": true,