webauthn::WebAuthn method verify_rs256_assertion (protected)

 <instance of webauthn::WebAuthn[i]> verify_rs256_assertion \
    [ -cose cose ] [ -sig sig ] [ -signedData signedData ]

Defined in packages/webauthn/tcl/webauthn-procs.tcl

Verify a WebAuthn assertion signature for an RS256 credential. The expected COSE key type is RSA (kty=3) with alg=-257 (RS256), carrying modulus and exponent parameters.

Switches:
-cose (optional)
Parsed COSE_Key dict.
-sig (optional)
Signature returned by the authenticator.
-signedData (optional)
Binary signed data (authenticatorData || hash(clientDataJSON)).

Testcases:
No testcase defined.
Source code:
if {![dict exists $cose 1] || [dict get $cose 1] != 3} {
    throw {validation keytype-unsupported} "unsupported COSE kty (expected 3 RSA)"
}
if {![dict exists $cose 3] || [dict get $cose 3] != -257} {
    throw {validation alg-unsupported} "unsupported COSE alg (expected -257 RS256)"
}

set pubpem [:cose_public_key_pem -cose $cose]

set ok [ns_crypto::md string  -digest sha256  -binary  -encoding binary  -verify $pubpem  -signature $sig  -- $signedData]

if {!$ok} {
    throw {validation signature-invalid} "signature verification failed"
}
XQL Not present:
Generic, PostgreSQL, Oracle
[ hide source ] | [ make this the default ]
Show another procedure: