fix for MakeCredential Response

WebAuthnKit/Sources/Authenticator/Attestation.swift

@@ -54,13 +54,13 @@ public class AttestationObject {
 
     public func toBytes() -> Optional<[UInt8]> {
 
-        let dict = SimpleOrderedDictionary<String>()
-        dict.addBytes("authData", self.authData.toBytes())
-        dict.addString("fmt", "packed")
-        dict.addStringKeyMap("attStmt", self.attStmt)
+        let dict = SimpleOrderedDictionary<Int>()
+        dict.addString(0x01, "packed")
+        dict.addBytes(0x02, self.authData.toBytes())
+        dict.addStringKeyMap(0x03, self.attStmt)
 
         return CBORWriter()
-            .putStringKeyMap(dict)
+            .putIntKeyMap(dict)
             .getResult()
     }
 

WebAuthnKit/Sources/Authenticator/Internal/KeySupport.swift

@@ -12,8 +12,9 @@ import EllipticCurveKeyPair
 
 public protocol KeySupport {
     var selectedAlg: COSEAlgorithmIdentifier { get }
-    func createKeyPair(label: String) -> Optional<COSEKey>
-    func sign(data: [UInt8], label: String) -> Optional<[UInt8]>
+    func createKeyPair() -> Optional<COSEKey>
+    func sign(data: [UInt8]) -> Optional<[UInt8]>
+    func setup(label: String)
 }
 
 public class KeySupportChooser {
@@ -38,9 +39,14 @@ public class KeySupportChooser {
     }
 }
 
+enum ECDSAKeySupportError : Error {
+    case noKeyPair
+}
+
 public class ECDSAKeySupport : KeySupport {
 
     public let selectedAlg: COSEAlgorithmIdentifier
+    public var pair: EllipticCurveKeyPair.Manager?
 
     init(alg: COSEAlgorithmIdentifier) {
         self.selectedAlg = alg
@@ -66,9 +72,13 @@ public class ECDSAKeySupport : KeySupport {
         return EllipticCurveKeyPair.Manager(config: config)
     }
 
-    public func sign(data: [UInt8], label: String) -> Optional<[UInt8]> {
+    public func setup(label: String) {
+        self.pair = self.createPair(label: label)
+    }
+
+    public func sign(data: [UInt8]) -> Optional<[UInt8]> {
         do {
-            let pair = self.createPair(label: label)
+            guard let pair = self.pair else { throw ECDSAKeySupportError.noKeyPair }
             let signature = try pair.sign(Data(bytes: data), hash: .sha256)
             return signature.bytes
         } catch let error {
@@ -77,10 +87,10 @@ public class ECDSAKeySupport : KeySupport {
         }
     }
 
-    public func createKeyPair(label: String) -> Optional<COSEKey> {
+    public func createKeyPair() -> Optional<COSEKey> {
         WAKLogger.debug("<ECDSAKeySupport> createKeyPair")
         do {
-            let pair = self.createPair(label: label)
+            guard let pair = self.pair else { throw ECDSAKeySupportError.noKeyPair }
             let publicKey = try pair.publicKey().data().DER.bytes
             if publicKey.count != 91 {
                 WAKLogger.debug("<ECDSAKeySupport> length of pubKey should be 91: \(publicKey.count)")

WebAuthnKit/Sources/Authenticator/Internal/SelfAttestation.swift

@@ -14,23 +14,16 @@ public class SelfAttestation {
         authData:       AuthenticatorData,
         clientDataHash: [UInt8],
         alg:            COSEAlgorithmIdentifier,
-        keyLabel:       String
+        keySupport:     KeySupport
         ) -> Optional<AttestationObject> {
 
         WAKLogger.debug("<SelfAttestation> create")
 
         var dataToBeSigned = authData.toBytes()
         dataToBeSigned.append(contentsOf: clientDataHash)
 
-        guard let keySupport =
-            KeySupportChooser().choose([alg]) else {
-                WAKLogger.debug("<SelfAttestation> key-support not found")
-                return nil
-        }
-
         guard let sig = keySupport.sign(
-            data:  dataToBeSigned,
-            label: keyLabel
+            data:  dataToBeSigned
         ) else {
             WAKLogger.debug("<AttestationHelper> failed to sign")
             return nil

WebAuthnKit/Sources/Authenticator/Internal/Session/InternalAuthenticatorGetAssertionSession.swift

@@ -172,8 +172,9 @@ public class InternalAuthenticatorGetAssertionSession : AuthenticatorGetAssertio
                     self.stop(by: .unsupported)
                     return
             }
-
-            guard let signature = keySupport.sign(data: data, label: cred.keyLabel) else {
+
+            keySupport.setup(label: cred.keyLabel)
+            guard let signature = keySupport.sign(data: data) else {
                 self.stop(by: .unknown)
                 return
             }

WebAuthnKit/Sources/Authenticator/Internal/Session/InternalAuthenticatorMakeCredentialSession.swift

@@ -186,8 +186,9 @@ public class InternalAuthenticatorMakeCredentialSession : AuthenticatorMakeCrede
             )
 
             // TODO should remove fron KeyPair too?
-
-            guard let publicKeyCOSE = keySupport.createKeyPair(label: credSource.keyLabel) else {
+            keySupport.setup(label: credSource.keyLabel)
+
+            guard let publicKeyCOSE = keySupport.createKeyPair() else {
                 self.stop(by: .unknown)
                 return
             }
@@ -223,7 +224,7 @@ public class InternalAuthenticatorMakeCredentialSession : AuthenticatorMakeCrede
                     authData:       authenticatorData,
                     clientDataHash: hash,
                     alg:            keySupport.selectedAlg,
-                    keyLabel:       credSource.keyLabel
+                    keySupport:     keySupport
                 ) else {
                     WAKLogger.debug("<MakeCredentialSession> failed to build attestation object")
                     self.stop(by: .unknown)

WebAuthnKit/Sources/Client/Operation/ClientCreateOperation.swift

@@ -253,7 +253,7 @@ public class ClientCreateOperation: AuthenticatorMakeCredentialSessionDelegate {
         )
 
         session.makeCredential(
-            hash:                            self.clientDataHash,
+            hash:                            self.options.challenge,
             rpEntity:                        rpEntity,
             userEntity:                      options.user,
             requireResidentKey:              requireResidentKey,

WebAuthnKit/Sources/Format/Bytes.swift

@@ -39,7 +39,12 @@ public class Bytes {
         while b.count > 8 {
            b.removeFirst()
         }
-        let result1 = UInt64((UInt64(b[0]) << 56) | (UInt64(b[1]) << 48) | (UInt64(b[2]) << 40) | (UInt64(b[3]) << 32))
+        let A = (UInt64(b[0]) << 56)
+        let B = (UInt64(b[1]) << 48)
+        let C = (UInt64(b[2]) << 40)
+        let D = (UInt64(b[3]) << 32)
+        let result1 = UInt64( A | B | C | D )
+
         let result2 = UInt64((UInt64(b[4]) << 24) | (UInt64(b[5]) << 16) | (UInt64(b[6]) << 8) | UInt64(b[7]))
         return result1 | result2
     }

WebAuthnKit/Sources/Format/CBOR.swift

@@ -504,7 +504,11 @@ internal class CBORReader {
         case 4:
             result = Int64((UInt32(b2[0]) << 24) | (UInt32(b2[1]) << 16) | (UInt32(b2[2]) << 8) | UInt32(b2[3]))
         case 8:
-            let result1 = Int64((UInt64(b2[0]) << 56) | (UInt64(b2[1]) << 48) | (UInt64(b2[2]) << 40) | (UInt64(b2[3]) << 32))
+            let A = (UInt64(b2[0]) << 56)
+            let B = (UInt64(b2[1]) << 48)
+            let C = (UInt64(b2[2]) << 40)
+            let D = (UInt64(b2[3]) << 32)
+            let result1 = Int64( A | B | C | D )
             let result2 = Int64((UInt64(b2[4]) << 24) | (UInt64(b2[5]) << 16) | (UInt64(b2[6]) << 8) | UInt64(b2[7]))
             result = result1 | result2
         default:
@@ -603,6 +607,10 @@ internal class CBORWriter {
                 _ = self.putDouble(value as! Double)
             } else if value is Bool {
                 _ = self.putBool(value as! Bool)
+            } else if value is SimpleOrderedDictionary<String> {
+                _ = self.putStringKeyMap(value as! SimpleOrderedDictionary<String>)
+            } else if value is [Any] {
+                _ = self.putArray(value as! [Any])
             } else {
                 fatalError("unsupported value type \(value)")
             }