14230329879

Committed 02 Apr 2025 09:53PM UTC coverage: 68.787% (-0.8%) from 69.577%

Build # 14230329879

Build Type

push

github

Committed by

web-flow

Commit Message

upgrade to go v1.24 (#119)

* upgrade to go v1.24

* Update README.md

Run Details

3 of 5 new or added lines in 1 file covered. (60.0%)

14 existing lines in 1 file now uncovered.

1287 of 1871 relevant lines covered (68.79%)

4.43 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

62.5

/attested_credential_data.go

package webauthn

import (
        "bytes"
        "crypto/rand"
        "encoding/binary"
        "errors"
        "fmt"
        "io"

        "github.com/ccoveille/go-safecast"

        "github.com/pomerium/webauthn/fido"
)

// AAGUIDSize is the number of bytes of an AAGUID in the AttestedCredentialData.
const AAGUIDSize = fido.AAGUIDSize

// AAGUID is the Authenticator Attestation GUID.
type AAGUID = fido.AAGUID

func newRandomAAGUID() AAGUID {
        var aaguid AAGUID
        _, err := io.ReadFull(rand.Reader, aaguid[:])
        if err != nil {
                panic(err)
        }
        return aaguid
}

// ErrInvalidAttestedCredentialData indicates the attested credential data is invalid.
var ErrInvalidAttestedCredentialData = errors.New("invalid attested credential data")

// AttestedCredentialData is added to the authenticator data when generating an attestation object for a given
// credential.
type AttestedCredentialData struct {
        // AAGUID is the AAGUID of the authenticator.
        AAGUID AAGUID
        // The CredentialID is a probabilistically-unique byte sequence identifying a public key credential source and
        // its authentication assertions.
        CredentialID []byte
        // CredentialPublicKey is the credential public key encoded in COSE_Key format.
        CredentialPublicKey []byte
}

// UnmarshalAttestedCredentialData unmarshals an AttestedCredentialData according to the data layout described in
// https://www.w3.org/TR/webauthn-2/#sctn-attested-credential-data:
//
//        aaguid: 16 bytes
//        credentialIdLength: 2 bytes, 16-bit unsigned big-endian = L
//        credentialId: L bytes
//        credentialPublicKey: variable, CTAP2 canonical CBOR encoding form
func UnmarshalAttestedCredentialData(raw []byte) (data *AttestedCredentialData, remaining []byte, err error) {
        data = new(AttestedCredentialData)

        // unmarshal AAGUID
        if len(raw) < AAGUIDSize {
                return nil, nil, fmt.Errorf("%w: missing AAGUID", ErrInvalidAttestedCredentialData)
        }
        copy(data.AAGUID[:], raw[:AAGUIDSize])
        raw = raw[AAGUIDSize:]

        // unmarshal credential id
        if len(raw) < 2 {
                return nil, nil, fmt.Errorf("%w: missing credential id length", ErrInvalidAttestedCredentialData)
        }
        credentialIDLength := int(binary.BigEndian.Uint16(raw[:2]))
        raw = raw[2:]
        if len(raw) < credentialIDLength {
                return nil, nil, fmt.Errorf("%w: missing credential id", ErrInvalidAttestedCredentialData)
        }
        data.CredentialID = raw[:credentialIDLength]
        raw = raw[credentialIDLength:]

        // unmarshal credential public key
        data.CredentialPublicKey, raw, err = extractCBOR(raw)
        if err != nil {
                return nil, nil, err
        }

        return data, raw, nil
}

// Marshal marshals the attested credential data in the format described in Unmarshal.
func (attestedCredentialData *AttestedCredentialData) Marshal() ([]byte, error) {
        if attestedCredentialData == nil {
                return nil, fmt.Errorf("cannot marshal a nil attested credential")
        }

        var buf bytes.Buffer
        if err := write(&buf, attestedCredentialData.AAGUID[:]...); err != nil {
                return nil, err
        }
        sz, err := safecast.ToUint16(len(attestedCredentialData.CredentialID))
        if err != nil {
                return nil, err
        }
        if err := writeUint16(&buf, sz); err != nil {
                return nil, err
        }
        if err := write(&buf, attestedCredentialData.CredentialID...); err != nil {
                return nil, err
        }
        if err := write(&buf, attestedCredentialData.CredentialPublicKey...); err != nil {
                return nil, err
        }
        return buf.Bytes(), nil
}

1	package webauthn
2
3	import (
4	"bytes"
5	"crypto/rand"
6	"encoding/binary"
7	"errors"
8	"fmt"
9	"io"
10
11	"github.com/ccoveille/go-safecast"
12
13	"github.com/pomerium/webauthn/fido"
14	)
15
16	// AAGUIDSize is the number of bytes of an AAGUID in the AttestedCredentialData.
17	const AAGUIDSize = fido.AAGUIDSize
18
19	// AAGUID is the Authenticator Attestation GUID.
20	type AAGUID = fido.AAGUID
21
22	func newRandomAAGUID() AAGUID {	10✔
23	var aaguid AAGUID	10✔
24	_, err := io.ReadFull(rand.Reader, aaguid[:])	10✔
25	if err != nil {	10✔
26	panic(err)	×
27	}
28	return aaguid	10✔
29	}
30
31	// ErrInvalidAttestedCredentialData indicates the attested credential data is invalid.
32	var ErrInvalidAttestedCredentialData = errors.New("invalid attested credential data")
33
34	// AttestedCredentialData is added to the authenticator data when generating an attestation object for a given
35	// credential.
36	type AttestedCredentialData struct {
37	// AAGUID is the AAGUID of the authenticator.
38	AAGUID AAGUID
39	// The CredentialID is a probabilistically-unique byte sequence identifying a public key credential source and
40	// its authentication assertions.
41	CredentialID []byte
42	// CredentialPublicKey is the credential public key encoded in COSE_Key format.
43	CredentialPublicKey []byte
44	}
45
46	// UnmarshalAttestedCredentialData unmarshals an AttestedCredentialData according to the data layout described in
47	// https://www.w3.org/TR/webauthn-2/#sctn-attested-credential-data:
48	//
49	// aaguid: 16 bytes
50	// credentialIdLength: 2 bytes, 16-bit unsigned big-endian = L
51	// credentialId: L bytes
52	// credentialPublicKey: variable, CTAP2 canonical CBOR encoding form
53	func UnmarshalAttestedCredentialData(raw []byte) (data *AttestedCredentialData, remaining []byte, err error) {	30✔
54	data = new(AttestedCredentialData)	30✔
55		30✔
56	// unmarshal AAGUID	30✔
57	if len(raw) < AAGUIDSize {	30✔
58	return nil, nil, fmt.Errorf("%w: missing AAGUID", ErrInvalidAttestedCredentialData)	×
59	}	×
60	copy(data.AAGUID[:], raw[:AAGUIDSize])	30✔
61	raw = raw[AAGUIDSize:]	30✔
62		30✔
63	// unmarshal credential id	30✔
64	if len(raw) < 2 {	30✔
65	return nil, nil, fmt.Errorf("%w: missing credential id length", ErrInvalidAttestedCredentialData)	×
66	}	×
67	credentialIDLength := int(binary.BigEndian.Uint16(raw[:2]))	30✔
68	raw = raw[2:]	30✔
69	if len(raw) < credentialIDLength {	30✔
70	return nil, nil, fmt.Errorf("%w: missing credential id", ErrInvalidAttestedCredentialData)	×
71	}	×
72	data.CredentialID = raw[:credentialIDLength]	30✔
73	raw = raw[credentialIDLength:]	30✔
74		30✔
75	// unmarshal credential public key	30✔
76	data.CredentialPublicKey, raw, err = extractCBOR(raw)	30✔
77	if err != nil {	30✔
78	return nil, nil, err	×
79	}	×
80
81	return data, raw, nil	30✔
82	}
83
84	// Marshal marshals the attested credential data in the format described in Unmarshal.
85	func (attestedCredentialData *AttestedCredentialData) Marshal() ([]byte, error) {	11✔
86	if attestedCredentialData == nil {	11✔
87	return nil, fmt.Errorf("cannot marshal a nil attested credential")	×
88	}	×
89
90	var buf bytes.Buffer	11✔
91	if err := write(&buf, attestedCredentialData.AAGUID[:]...); err != nil {	11✔
92	return nil, err	×
93	}	×
94	sz, err := safecast.ToUint16(len(attestedCredentialData.CredentialID))	11✔
95	if err != nil {	11✔
NEW 96	return nil, err	×
NEW 97	}	×
98	if err := writeUint16(&buf, sz); err != nil {	11✔
99	return nil, err	×
100	}	×
101	if err := write(&buf, attestedCredentialData.CredentialID...); err != nil {	11✔
102	return nil, err	×
103	}	×
104	if err := write(&buf, attestedCredentialData.CredentialPublicKey...); err != nil {	11✔
105	return nil, err	×
106	}	×
107	return buf.Bytes(), nil	11✔
108	}

pomerium / webauthn / 14230329879

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous