search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.62k stars 137 forks source link

Verification error: Invalid key for curve: "Public key is not a point" #292

Closed KuznetsovNikita closed 2 years ago

KuznetsovNikita commented 2 years ago

Hello I have an issue during verification verifyAuthenticationResponse - in the function convertPublicKeyToPEM The issue: Invalid key for curve: "Public key is not a point"

it's throw by this function jwkToPem:

const ecPEM = jwkToPem({
      kty: 'EC',
      // Specify curve as "P-256" from "p256"
      crv: COSECRV[crv as number].replace('p', 'P-'),
      x: (x as Buffer).toString('base64'),
      y: (y as Buffer).toString('base64'),
 });

The service is running locally

It's happen on macOs Catalina 10.15.7 when I try to verify Touch Id

Server algorithm - p256

Could you please help me?

KuznetsovNikita commented 2 years ago

In my case x and y is not a buffers, it's objects with looks like

{
0: 184
1: 30
2: 104
3: 232
4: 100
....
}
MasterKale commented 2 years ago

Hello @KuznetsovNikita, can you please include how you're calling verifyAuthenticationResponse()? I'm particularly interested in the value you're passing in for credential when you call it.

KuznetsovNikita commented 2 years ago

Hello @KuznetsovNikita, can you please include how you're calling verifyAuthenticationResponse()? I'm particularly interested in the value you're passing in for credential when you call it.

I'm use it in this way:

      const authentication = await startAuthentication(options);

      // and later

       const authenticator: AuthenticatorDevice = {
          credentialPublicKey: registrationInfo.credentialPublicKey,
          credentialID: registrationInfo.credentialID,
          counter: registrationInfo.counter,
          transports: credential.transports,
        };

       const authenticationResponse = await verifyAuthenticationResponse({
          credential: authentication,
          expectedChallenge: options.challenge,
          expectedOrigin: expectedOrigin,
          expectedRPID: expectedRPID,
          authenticator,
        });

I didn't serialize/deserialize startAuthentication response.

I guess the issue is that I try to run this function in a browser context. I try to run in the chrome extension background service worker, and the context for this environment is close to the browser instead node.

Do you know if it possible to verify authentication in the browser? Thank you in advance!

KuznetsovNikita commented 2 years ago

I found a lot of discussions in discussions page. Looks like it's not possible. Thank you for your time.

MasterKale commented 2 years ago

Thank you for looking around, I'm glad to see you were able to find previous discussions around this. Your story is yet another point convincing me to try for a "universal" refactor to make SimpleWebAuthn work in more environments than just Node. I'll attempt that as part of addressing #268