This PR adds support for Ed25519 signature verification. Unfortunately this represents a breaking change to SimpleWebAuthn as verifyAuthenticationResponse() needed to be marked async and return Promise<VerifiedAuthenticationResponse> instead of simply VerifiedAuthenticationResponse in order to work with the library I pulled in to assist with the Ed25519 signature verification. The silver lining is that now both verifyRegistrationResponse() and verifyAuthenticationResponse() return Promise<boolean> and it's simpler to internalize "both return promises" than "registration is a promise, and authentication is just a boolean...or was it the other way around?"
I also managed to completely remove elliptic and node-rsa libraries for more of Node's crypto module.
I ran the Example server with this code again FIDO Conformance v1.7.2 and was able to pass all tests, including most of the optional algorithm tests:
This includes the Ed25519 test mentioned in #252:
Refactoring existing use of verifyAuthenticationResponse()
Update your existing calls to verifyAuthenticationResponse() to work with them like promises, whether with .then() or await depending on your code structure:
This PR adds support for Ed25519 signature verification. Unfortunately this represents a breaking change to SimpleWebAuthn as
verifyAuthenticationResponse()needed to be markedasyncand returnPromise<VerifiedAuthenticationResponse>instead of simplyVerifiedAuthenticationResponsein order to work with the library I pulled in to assist with the Ed25519 signature verification. The silver lining is that now bothverifyRegistrationResponse()andverifyAuthenticationResponse()returnPromise<boolean>and it's simpler to internalize "both return promises" than "registration is a promise, and authentication is just aboolean...or was it the other way around?"I also managed to completely remove elliptic and node-rsa libraries for more of Node's
cryptomodule.I ran the Example server with this code again FIDO Conformance v1.7.2 and was able to pass all tests, including most of the optional algorithm tests:
This includes the Ed25519 test mentioned in #252:
Refactoring existing use of
verifyAuthenticationResponse()Update your existing calls to
verifyAuthenticationResponse()to work with them like promises, whether with.then()orawaitdepending on your code structure:Before
after