fix(web-demo): pad base64url before atob in toArrayBuffer

derranW26 · derranW26 · commit b60d1081af6f · 2026-05-08T11:59:35.000-04:00
passkey-crypto stores PRF salts and credential IDs as canonical base64url (no padding). atob requires the input length to be a multiple of 4 — without the padding it silently drops the trailing partial group and the PRF extension receives a salt that is missing its last byte. Pad with '=' up to the next multiple of 4 before atob. Also: pin @bitgo/passkey-crypto to ^0.2.0 in web-demo; tighten derivePasskeyPrfKey (dual webauthnDevices / webAuthnDevices, narrow auth JSON, typed allowCredential ids). Rebased onto master: prfHelpers stays on WebauthnDevice + toBase64Url. Refs: WCN-194 TICKET: WCN-194
diff --git a/modules/passkey-crypto/src/derivePasskeyPrfKey.ts b/modules/passkey-crypto/src/derivePasskeyPrfKey.ts
@@ -1,12 +1,34 @@
-import type { BitGoBase, IWallet } from '@bitgo/sdk-core';
+import type { BitGoBase, IWallet, KeychainWebauthnDevice, KeychainWithEncryptedPrv } from '@bitgo/sdk-core';
 import { buildEvalByCredential, matchDeviceByCredentialId } from './prfHelpers';
 import { derivePassword } from './derivePassword';
 import type { WebAuthnProvider } from './webAuthnTypes';
 
-interface AuthChallengeResponse {
-  challenge: string;
-  allowCredentials?: Array<{ id: string; type: string; transports?: string[] }>;
-  origin?: string;
+/** API payloads may use either spelling for the webauthn device list. */
+type UserKeychainResponse = KeychainWithEncryptedPrv & {
+  webAuthnDevices?: KeychainWebauthnDevice[];
+};
+
+function webauthnDevicesFromKeychain(keychain: UserKeychainResponse): KeychainWebauthnDevice[] | undefined {
+  const lower = keychain.webauthnDevices;
+  if (lower !== undefined && lower.length > 0) {
+    return lower;
+  }
+  const upper = keychain.webAuthnDevices;
+  if (upper !== undefined && upper.length > 0) {
+    return upper;
+  }
+  return undefined;
+}
+
+function challengeFromAuthResponse(body: unknown): string {
+  if (typeof body !== 'object' || body === null) {
+    throw new Error('Invalid assertion challenge response');
+  }
+  const rec = body as Record<string, unknown>;
+  if (typeof rec.challenge !== 'string') {
+    throw new Error('Invalid assertion challenge response');
+  }
+  return rec.challenge;
 }
 
 /**
@@ -23,45 +45,42 @@ export async function derivePasskeyPrfKey(params: {
 }): Promise<string> {
   const { bitgo, wallet, provider } = params;
 
-  // Fetch the wallet's user keychain to get webauthnDevices
-  const keychain = await wallet.getEncryptedUserKeychain();
-  const devices = (keychain as any).webauthnDevices ?? (keychain as any).webAuthnDevices;
+  const keychain: UserKeychainResponse = await wallet.getEncryptedUserKeychain();
+  const devices = webauthnDevicesFromKeychain(keychain);
 
   if (!devices || devices.length === 0) {
     throw new Error('No passkey devices available');
   }
 
-  // Build PRF eval map from devices
-  const { evalByCredential } = buildEvalByCredential(devices as Parameters<typeof buildEvalByCredential>[0]);
+  const { evalByCredential } = buildEvalByCredential(devices);
 
   if (Object.keys(evalByCredential).length === 0) {
     throw new Error('No passkey devices available with a valid PRF salt');
   }
 
-  // Fetch a server-issued assertion challenge via the auth endpoint
-  const { challenge } = (await bitgo.get(bitgo.url('/user/otp/webauthn/auth', 2)).result()) as AuthChallengeResponse;
+  const challenge = challengeFromAuthResponse(await bitgo.get(bitgo.url('/user/otp/webauthn/auth', 2)).result());
+
+  const allowCredentials = Object.keys(evalByCredential).map((credId) => {
+    const nodeBuf = Buffer.from(credId.replace(/-/g, '+').replace(/_/g, '/'), 'base64');
+    const id = nodeBuf.buffer.slice(nodeBuf.byteOffset, nodeBuf.byteOffset + nodeBuf.byteLength);
+    return {
+      type: 'public-key' as const,
+      id,
+    };
+  });
 
-  // Build allowCredentials so the browser knows which credentials to use.
-  // Pass the Buffer (Uint8Array) directly — not .buffer — so the provider
-  // layer can correctly slice it via ArrayBuffer.isView.
-  const allowCredentials = Object.keys(evalByCredential).map((credId) => ({
-    type: 'public-key' as const,
-    id: Buffer.from(credId.replace(/-/g, '+').replace(/_/g, '/'), 'base64') as unknown as ArrayBuffer,
-  }));
+  const publicKey: PublicKeyCredentialRequestOptions = {
+    challenge: new Uint8Array(Buffer.from(challenge, 'base64')),
+    allowCredentials,
+  };
 
-  // Trigger WebAuthn assertion with PRF evaluation via the provider (navigator layer)
   const result = await provider.get({
-    publicKey: {
-      challenge: Buffer.from(challenge, 'base64'),
-      allowCredentials,
-    } as PublicKeyCredentialRequestOptions,
+    publicKey,
     evalByCredential,
   });
 
-  // Verify the credential matches a known device
-  matchDeviceByCredentialId(devices as Parameters<typeof matchDeviceByCredentialId>[0], result.credentialId);
+  matchDeviceByCredentialId(devices, result.credentialId);
 
-  // Derive and return hex-encoded wallet passphrase
   if (!result.prfResult) {
     throw new Error('PRF output was not returned by the authenticator');
   }
diff --git a/modules/web-demo/package.json b/modules/web-demo/package.json
@@ -60,7 +60,7 @@
     "@bitgo/sdk-coin-xtz": "^2.10.7",
     "@bitgo/sdk-coin-zec": "^2.8.7",
     "@bitgo/sdk-core": "^36.44.0",
-    "@bitgo/passkey-crypto": "*",
+    "@bitgo/passkey-crypto": "^0.2.0",
     "@bitgo/sdk-hmac": "^1.9.0",
     "@bitgo/sdk-lib-mpc": "^10.12.0",
     "@bitgo/sdk-opensslbytes": "^2.1.0",
diff --git a/modules/web-demo/src/components/PasskeyDemo/index.tsx b/modules/web-demo/src/components/PasskeyDemo/index.tsx
@@ -166,7 +166,12 @@ function toArrayBuffer(val: any): ArrayBuffer {
     ) as ArrayBuffer;
   }
   if (typeof val === 'string') {
-    const b64 = val.replace(/-/g, '+').replace(/_/g, '/');
+    // Treat strings as base64url. Pad to a multiple of 4 before atob so
+    // unpadded base64url (the canonical form used by passkey-crypto) decodes
+    // correctly — without padding atob silently drops the trailing byte and
+    // the PRF receives the wrong salt.
+    let b64 = val.replace(/-/g, '+').replace(/_/g, '/');
+    while (b64.length % 4 !== 0) b64 += '=';
     const binary = atob(b64);
     const bytes = new Uint8Array(binary.length);
     for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
