add more detailed errors

marius-se · marius-se · commit 2987d0d7cad9 · 2023-01-15T18:13:10.000+01:00
diff --git a/Sources/WebAuthn/Ceremonies/Registration/AuthenticatorAttestationResponse.swift b/Sources/WebAuthn/Ceremonies/Registration/AuthenticatorAttestationResponse.swift
@@ -37,22 +37,21 @@ struct ParsedAuthenticatorAttestationResponse {
         // Step 11. (assembling attestationObject)
         guard let attestationData = rawResponse.attestationObject.base64URLDecodedData,
             let decodedAttestationObject = try CBOR.decode([UInt8](attestationData)) else {
-            throw WebAuthnError.cborDecodingAttestationDataFailed
+            throw WebAuthnError.invalidAttestationData
         }
 
-        guard let authData = decodedAttestationObject["authData"], case let .byteString(authDataBytes) = authData else {
-            throw WebAuthnError.authDataInvalidOrMissing
+        guard let authData = decodedAttestationObject["authData"],
+            case let .byteString(authDataBytes) = authData else {
+            throw WebAuthnError.invalidAuthData
         }
-        guard let formatCBOR = decodedAttestationObject["fmt"], case let .utf8String(format) = formatCBOR else {
-            throw WebAuthnError.formatError
+        guard let formatCBOR = decodedAttestationObject["fmt"],
+            case let .utf8String(format) = formatCBOR,
+            let attestationFormat = AttestationFormat(rawValue: format) else {
+            throw WebAuthnError.invalidFmt
         }
 
         guard let attestationStatement = decodedAttestationObject["attStmt"] else {
-            throw WebAuthnError.missingAttestationFormat
-        }
-
-        guard let attestationFormat = AttestationFormat(rawValue: format) else {
-            throw WebAuthnError.unsupportedAttestationFormat
+            throw WebAuthnError.invalidAttStmt
         }
 
         attestationObject = AttestationObject(
diff --git a/Sources/WebAuthn/Ceremonies/Registration/RegistrationCredential.swift b/Sources/WebAuthn/Ceremonies/Registration/RegistrationCredential.swift
@@ -73,7 +73,7 @@ struct ParsedCredentialCreationResponse {
 
         // Step 10.
         guard let clientData = raw.clientDataJSON.data(using: .utf8) else {
-            throw WebAuthnError.hashingClientDataJSONFailed
+            throw WebAuthnError.invalidClientDataJSON
         }
         let hash = SHA256.hash(data: clientData)
 
@@ -88,7 +88,7 @@ struct ParsedCredentialCreationResponse {
 
         // Step 23.
         guard rawID.count <= 1023 else {
-            throw WebAuthnError.credentialIDTooBig
+            throw WebAuthnError.credentialRawIDTooBig
         }
     }
 }
diff --git a/Sources/WebAuthn/Ceremonies/Shared/AuthenticatorData.swift b/Sources/WebAuthn/Ceremonies/Shared/AuthenticatorData.swift
@@ -66,7 +66,7 @@ extension AuthenticatorData {
         }
 
         guard remainingCount == 0 else {
-            throw WebAuthnError.leftOverBytes
+            throw WebAuthnError.leftOverBytesInAuthenticatorData
         }
 
         self.relyingPartyIDHash = relyingPartyIDHash
diff --git a/Sources/WebAuthn/Ceremonies/Shared/CredentialPublicKey.swift b/Sources/WebAuthn/Ceremonies/Shared/CredentialPublicKey.swift
@@ -40,7 +40,7 @@ enum CredentialPublicKey {
 
     init(publicKeyBytes: [UInt8]) throws {
         guard let publicKeyObject = try CBOR.decode(publicKeyBytes) else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.badPublicKeyBytes
         }
 
         // A leading 0x04 means we got a public key from an old U2F security key.
@@ -58,12 +58,12 @@ enum CredentialPublicKey {
         guard let keyTypeRaw = publicKeyObject[COSEKey.kty.cbor],
             case let .unsignedInt(keyTypeInt) = keyTypeRaw,
             let keyType = COSEKeyType(rawValue: keyTypeInt) else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidKeyType
         }
 
         guard let algorithmRaw = publicKeyObject[COSEKey.alg.cbor],
             case let .negativeInt(algorithmNegative) = algorithmRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidAlgorithm
         }
         // https://github.com/unrelentingtech/SwiftCBOR#swiftcbor
         // Negative integers are decoded as NegativeInt(UInt), where the actual number is -1 - i
@@ -114,18 +114,18 @@ struct EC2PublicKey: PublicKey {
         guard let curveRaw = publicKeyObject[COSEKey.crv.cbor],
             case let .unsignedInt(curve) = curveRaw,
             let coseCurve = COSECurve(rawValue: curve) else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidCurve
         }
         self.curve = coseCurve
 
         guard let xCoordRaw = publicKeyObject[COSEKey.x.cbor],
               case let .byteString(xCoordinateBytes) = xCoordRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidXCoordinate
         }
         xCoordinate = xCoordinateBytes
         guard let yCoordRaw = publicKeyObject[COSEKey.y.cbor],
               case let .byteString(yCoordinateBytes) = yCoordRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidYCoordinate
         }
         yCoordinate = yCoordinateBytes
     }
@@ -136,22 +136,22 @@ struct EC2PublicKey: PublicKey {
             let ecdsaSignature = try P256.Signing.ECDSASignature(derRepresentation: signature)
             guard try P256.Signing.PublicKey(rawRepresentation: rawRepresentation)
                 .isValidSignature(ecdsaSignature, for: data) else {
-                throw WebAuthnError.badRequestData
+                throw WebAuthnError.invalidSignature
             }
         case .algES384:
             let ecdsaSignature = try P384.Signing.ECDSASignature(derRepresentation: signature)
             guard try P384.Signing.PublicKey(rawRepresentation: rawRepresentation)
                 .isValidSignature(ecdsaSignature, for: data) else {
-                throw WebAuthnError.badRequestData
+                throw WebAuthnError.invalidSignature
             }
         case .algES512:
             let ecdsaSignature = try P521.Signing.ECDSASignature(derRepresentation: signature)
             guard try P521.Signing.PublicKey(rawRepresentation: rawRepresentation)
                 .isValidSignature(ecdsaSignature, for: data) else {
-                throw WebAuthnError.badRequestData
+                throw WebAuthnError.invalidSignature
             }
         default:
-            throw WebAuthnError.unsupportedCOSEAlgorithm
+            throw WebAuthnError.unsupportedCOSEAlgorithmForEC2PublicKey
         }
     }
 }
@@ -170,13 +170,13 @@ struct RSAPublicKeyData: PublicKey {
 
         guard let nRaw = publicKeyObject[COSEKey.n.cbor],
               case let .byteString(nBytes) = nRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidModulus
         }
         n = nBytes
 
         guard let eRaw = publicKeyObject[COSEKey.e.cbor],
               case let .byteString(eBytes) = eRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidExponent
         }
         e = eBytes
     }
@@ -191,15 +191,15 @@ struct RSAPublicKeyData: PublicKey {
         case .algPS256, .algPS384, .algPS512:
             rsaPadding = .PSS
         default:
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.unsupportedCOSEAlgorithmForRSAPublicKey
         }
 
         guard try _RSA.Signing.PublicKey(derRepresentation: rawRepresentation).isValidSignature(
             rsaSignature,
             for: data,
             padding: rsaPadding
         ) else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidSignature
         }
     }
 }
@@ -213,13 +213,13 @@ struct OKPPublicKey: PublicKey {
         self.algorithm = algorithm
         // Curve is key -1, or NegativeInt 0 for SwiftCBOR
         guard let curveRaw = publicKeyObject[.negativeInt(0)], case let .unsignedInt(curve) = curveRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidCurve
         }
         self.curve = curve
         // X Coordinate is key -2, or NegativeInt 1 for SwiftCBOR
         guard let xCoordRaw = publicKeyObject[.negativeInt(1)],
             case let .byteString(xCoordinateBytes) = xCoordRaw else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidXCoordinate
         }
         xCoordinate = xCoordinateBytes
     }
diff --git a/Sources/WebAuthn/WebAuthnError.swift b/Sources/WebAuthn/WebAuthnError.swift
@@ -13,36 +13,56 @@
 //===----------------------------------------------------------------------===//
 
 public enum WebAuthnError: Error {
-    case authDataTooShort
-    case extensionDataMissing
-    case leftOverBytes
-
-    case attestedCredentialFlagNotSet
-    case userPresentFlagNotSet
-    case userVerificationRequiredButFlagNotSet
-
+    // MARK: Shared
+    case invalidClientDataJSON
     case attestedCredentialDataMissing
-    case badRequestData
-    case validationError
-    case formatError
-    case hashingClientDataJSONFailed
     case relyingPartyIDHashDoesNotMatch
+    case userPresentFlagNotSet
+    case invalidSignature
+
+    // MARK: AttestationObject
+    case userVerificationRequiredButFlagNotSet
     case attestationStatementMissing
-    case missingAttestedCredentialData
-    case missingAttestationFormat
+    case attestationVerificationNotSupported
 
-    case credentialIDTooBig
+    // MARK: WebAuthnManager
+    case invalidUserID
+    case unsupportedCredentialPublicKeyAlgorithm
     case credentialIDAlreadyExists
+    case invalidAuthenticatorData
+    case invalidRelyingPartyID
+    case userVerifiedFlagNotSet
+    case potentialReplayAttack
+    case invalidAssertionCredentialType
+
+    // MARK: ParsedAuthenticatorAttestationResponse
+    case invalidAttestationData
+    case invalidAuthData
+    case invalidFmt
+    case invalidAttStmt
+    case attestationFormatNotSupported
 
+    // MARK: ParsedCredentialCreationResponse
     case invalidRawID
     case invalidCredentialCreationType
-    case invalidClientDataJSON
-    case cborDecodingAttestationDataFailed
-    case authDataInvalidOrMissing
+    case credentialRawIDTooBig
 
-    case unsupportedCOSEAlgorithm
-    case unsupportedCredentialPublicKeyAlgorithm
-    case unsupportedAttestationFormat
+    // MARK: AuthenticatorData
+    case authDataTooShort
+    case attestedCredentialFlagNotSet
+    case extensionDataMissing
+    case leftOverBytesInAuthenticatorData
 
-    case attestationVerificationNotSupported
+    // MARK: CredentialPublicKey
+    case badPublicKeyBytes
+    case invalidKeyType
+    case invalidAlgorithm
+    case invalidCurve
+    case invalidXCoordinate
+    case invalidYCoordinate
+    case unsupportedCOSEAlgorithm
+    case unsupportedCOSEAlgorithmForEC2PublicKey
+    case invalidModulus
+    case invalidExponent
+    case unsupportedCOSEAlgorithmForRSAPublicKey
 }
diff --git a/Sources/WebAuthn/WebAuthnManager.swift b/Sources/WebAuthn/WebAuthnManager.swift
@@ -27,7 +27,7 @@ public struct WebAuthnManager {
     /// Generate a new set of registration data to be sent to the client and authenticator.
     public func beginRegistration(user: User) throws -> PublicKeyCredentialCreationOptions {
         guard let base64ID = user.userID.data(using: .utf8)?.base64EncodedString() else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidUserID
         }
 
         let userEntity = PublicKeyCredentialUserEntity(name: user.name, id: base64ID, displayName: user.displayName)
@@ -68,7 +68,7 @@ public struct WebAuthnManager {
         )
 
         guard let attestedData = parsedData.response.attestationObject.authenticatorData.attestedData else {
-            throw WebAuthnError.missingAttestedCredentialData
+            throw WebAuthnError.attestedCredentialDataMissing
         }
 
         // Step 17.
@@ -126,12 +126,12 @@ public struct WebAuthnManager {
         requireUserVerification: Bool = false
     ) throws -> VerifiedAuthentication {
         let expectedRpID = config.relyingPartyID
-        guard credential.type == "public-key" else { throw WebAuthnError.badRequestData }
+        guard credential.type == "public-key" else { throw WebAuthnError.invalidAssertionCredentialType }
 
         let response = credential.response
 
         guard let clientDataData = response.clientDataJSON.base64URLDecodedData else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidClientDataJSON
         }
         let clientData = try JSONDecoder().decode(CollectedClientData.self, from: clientDataData)
         try clientData.verify(
@@ -142,32 +142,34 @@ public struct WebAuthnManager {
         // TODO: - Verify token binding
 
         guard let authenticatorDataBytes = response.authenticatorData.base64URLDecodedData else {
-            throw WebAuthnError.badRequestData
+            throw WebAuthnError.invalidAuthenticatorData
         }
         let authenticatorData = try AuthenticatorData(bytes: authenticatorDataBytes)
 
-        guard let expectedRpIDData = expectedRpID.data(using: .utf8) else { throw WebAuthnError.badRequestData }
+        guard let expectedRpIDData = expectedRpID.data(using: .utf8) else { throw WebAuthnError.invalidRelyingPartyID }
         let expectedRpIDHash = SHA256.hash(data: expectedRpIDData)
-        guard expectedRpIDHash == authenticatorData.relyingPartyIDHash else { throw WebAuthnError.badRequestData }
+        guard expectedRpIDHash == authenticatorData.relyingPartyIDHash else {
+            throw WebAuthnError.relyingPartyIDHashDoesNotMatch
+        }
 
-        guard authenticatorData.flags.userPresent else { throw WebAuthnError.badRequestData }
+        guard authenticatorData.flags.userPresent else { throw WebAuthnError.userPresentFlagNotSet }
         if requireUserVerification {
-            guard authenticatorData.flags.userVerified else { throw WebAuthnError.badRequestData }
+            guard authenticatorData.flags.userVerified else { throw WebAuthnError.userVerifiedFlagNotSet }
         }
 
         if authenticatorData.counter > 0 || credentialCurrentSignCount > 0 {
             guard authenticatorData.counter > credentialCurrentSignCount else {
                 // This is a signal that the authenticator may be cloned, i.e. at least two copies of the credential
                 // private key may exist and are being used in parallel.
-                throw WebAuthnError.badRequestData
+                throw WebAuthnError.potentialReplayAttack
             }
         }
 
         let clientDataHash = SHA256.hash(data: clientDataData)
         let signatureBase = authenticatorDataBytes + clientDataHash
 
         let credentialPublicKey = try CredentialPublicKey(publicKeyBytes: credentialPublicKey)
-        guard let signatureData = response.signature.base64URLDecodedData else { throw WebAuthnError.badRequestData }
+        guard let signatureData = response.signature.base64URLDecodedData else { throw WebAuthnError.invalidSignature }
         try credentialPublicKey.verify(signature: signatureData, data: signatureBase)
 
         return VerifiedAuthentication(

Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ struct ParsedCredentialCreationResponse {`
`73`	`73`
`74`	`74`	`// Step 10.`
`75`	`75`	`guard let clientData = raw.clientDataJSON.data(using: .utf8) else {`
`76`		`- throw WebAuthnError.hashingClientDataJSONFailed`
	`76`	`+ throw WebAuthnError.invalidClientDataJSON`
`77`	`77`	`}`
`78`	`78`	`let hash = SHA256.hash(data: clientData)`
`79`	`79`
`@@ -88,7 +88,7 @@ struct ParsedCredentialCreationResponse {`
`88`	`88`
`89`	`89`	`// Step 23.`
`90`	`90`	`guard rawID.count <= 1023 else {`
`91`		`- throw WebAuthnError.credentialIDTooBig`
	`91`	`+ throw WebAuthnError.credentialRawIDTooBig`
`92`	`92`	`}`
`93`	`93`	`}`
`94`	`94`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ extension AuthenticatorData {`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`guard remainingCount == 0 else {`
`69`		`- throw WebAuthnError.leftOverBytes`
	`69`	`+ throw WebAuthnError.leftOverBytesInAuthenticatorData`
`70`	`70`	`}`
`71`	`71`
`72`	`72`	`self.relyingPartyIDHash = relyingPartyIDHash`
Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,7 @@ enum CredentialPublicKey {`
`40`	`40`
`41`	`41`	`init(publicKeyBytes: [UInt8]) throws {`
`42`	`42`	`guard let publicKeyObject = try CBOR.decode(publicKeyBytes) else {`
`43`		`- throw WebAuthnError.badRequestData`
	`43`	`+ throw WebAuthnError.badPublicKeyBytes`
`44`	`44`	`}`
`45`	`45`
`46`	`46`	`// A leading 0x04 means we got a public key from an old U2F security key.`
`@@ -58,12 +58,12 @@ enum CredentialPublicKey {`
`58`	`58`	`guard let keyTypeRaw = publicKeyObject[COSEKey.kty.cbor],`
`59`	`59`	`case let .unsignedInt(keyTypeInt) = keyTypeRaw,`
`60`	`60`	`let keyType = COSEKeyType(rawValue: keyTypeInt) else {`
`61`		`- throw WebAuthnError.badRequestData`
	`61`	`+ throw WebAuthnError.invalidKeyType`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`guard let algorithmRaw = publicKeyObject[COSEKey.alg.cbor],`
`65`	`65`	`case let .negativeInt(algorithmNegative) = algorithmRaw else {`
`66`		`- throw WebAuthnError.badRequestData`
	`66`	`+ throw WebAuthnError.invalidAlgorithm`
`67`	`67`	`}`
`68`	`68`	`// https://github.com/unrelentingtech/SwiftCBOR#swiftcbor`
`69`	`69`	`// Negative integers are decoded as NegativeInt(UInt), where the actual number is -1 - i`
`@@ -114,18 +114,18 @@ struct EC2PublicKey: PublicKey {`
`114`	`114`	`guard let curveRaw = publicKeyObject[COSEKey.crv.cbor],`
`115`	`115`	`case let .unsignedInt(curve) = curveRaw,`
`116`	`116`	`let coseCurve = COSECurve(rawValue: curve) else {`
`117`		`- throw WebAuthnError.badRequestData`
	`117`	`+ throw WebAuthnError.invalidCurve`
`118`	`118`	`}`
`119`	`119`	`self.curve = coseCurve`
`120`	`120`
`121`	`121`	`guard let xCoordRaw = publicKeyObject[COSEKey.x.cbor],`
`122`	`122`	`case let .byteString(xCoordinateBytes) = xCoordRaw else {`
`123`		`- throw WebAuthnError.badRequestData`
	`123`	`+ throw WebAuthnError.invalidXCoordinate`
`124`	`124`	`}`
`125`	`125`	`xCoordinate = xCoordinateBytes`
`126`	`126`	`guard let yCoordRaw = publicKeyObject[COSEKey.y.cbor],`
`127`	`127`	`case let .byteString(yCoordinateBytes) = yCoordRaw else {`
`128`		`- throw WebAuthnError.badRequestData`
	`128`	`+ throw WebAuthnError.invalidYCoordinate`
`129`	`129`	`}`
`130`	`130`	`yCoordinate = yCoordinateBytes`
`131`	`131`	`}`
`@@ -136,22 +136,22 @@ struct EC2PublicKey: PublicKey {`
`136`	`136`	`let ecdsaSignature = try P256.Signing.ECDSASignature(derRepresentation: signature)`
`137`	`137`	`guard try P256.Signing.PublicKey(rawRepresentation: rawRepresentation)`
`138`	`138`	`.isValidSignature(ecdsaSignature, for: data) else {`
`139`		`- throw WebAuthnError.badRequestData`
	`139`	`+ throw WebAuthnError.invalidSignature`
`140`	`140`	`}`
`141`	`141`	`case .algES384:`
`142`	`142`	`let ecdsaSignature = try P384.Signing.ECDSASignature(derRepresentation: signature)`
`143`	`143`	`guard try P384.Signing.PublicKey(rawRepresentation: rawRepresentation)`
`144`	`144`	`.isValidSignature(ecdsaSignature, for: data) else {`
`145`		`- throw WebAuthnError.badRequestData`
	`145`	`+ throw WebAuthnError.invalidSignature`
`146`	`146`	`}`
`147`	`147`	`case .algES512:`
`148`	`148`	`let ecdsaSignature = try P521.Signing.ECDSASignature(derRepresentation: signature)`
`149`	`149`	`guard try P521.Signing.PublicKey(rawRepresentation: rawRepresentation)`
`150`	`150`	`.isValidSignature(ecdsaSignature, for: data) else {`
`151`		`- throw WebAuthnError.badRequestData`
	`151`	`+ throw WebAuthnError.invalidSignature`
`152`	`152`	`}`
`153`	`153`	`default:`
`154`		`- throw WebAuthnError.unsupportedCOSEAlgorithm`
	`154`	`+ throw WebAuthnError.unsupportedCOSEAlgorithmForEC2PublicKey`
`155`	`155`	`}`
`156`	`156`	`}`
`157`	`157`	`}`
`@@ -170,13 +170,13 @@ struct RSAPublicKeyData: PublicKey {`
`170`	`170`
`171`	`171`	`guard let nRaw = publicKeyObject[COSEKey.n.cbor],`
`172`	`172`	`case let .byteString(nBytes) = nRaw else {`
`173`		`- throw WebAuthnError.badRequestData`
	`173`	`+ throw WebAuthnError.invalidModulus`
`174`	`174`	`}`
`175`	`175`	`n = nBytes`
`176`	`176`
`177`	`177`	`guard let eRaw = publicKeyObject[COSEKey.e.cbor],`
`178`	`178`	`case let .byteString(eBytes) = eRaw else {`
`179`		`- throw WebAuthnError.badRequestData`
	`179`	`+ throw WebAuthnError.invalidExponent`
`180`	`180`	`}`
`181`	`181`	`e = eBytes`
`182`	`182`	`}`
`@@ -191,15 +191,15 @@ struct RSAPublicKeyData: PublicKey {`
`191`	`191`	`case .algPS256, .algPS384, .algPS512:`
`192`	`192`	`rsaPadding = .PSS`
`193`	`193`	`default:`
`194`		`- throw WebAuthnError.badRequestData`
	`194`	`+ throw WebAuthnError.unsupportedCOSEAlgorithmForRSAPublicKey`
`195`	`195`	`}`
`196`	`196`
`197`	`197`	`guard try _RSA.Signing.PublicKey(derRepresentation: rawRepresentation).isValidSignature(`
`198`	`198`	`rsaSignature,`
`199`	`199`	`for: data,`
`200`	`200`	`padding: rsaPadding`
`201`	`201`	`) else {`
`202`		`- throw WebAuthnError.badRequestData`
	`202`	`+ throw WebAuthnError.invalidSignature`
`203`	`203`	`}`
`204`	`204`	`}`
`205`	`205`	`}`
`@@ -213,13 +213,13 @@ struct OKPPublicKey: PublicKey {`
`213`	`213`	`self.algorithm = algorithm`
`214`	`214`	`// Curve is key -1, or NegativeInt 0 for SwiftCBOR`
`215`	`215`	`guard let curveRaw = publicKeyObject[.negativeInt(0)], case let .unsignedInt(curve) = curveRaw else {`
`216`		`- throw WebAuthnError.badRequestData`
	`216`	`+ throw WebAuthnError.invalidCurve`
`217`	`217`	`}`
`218`	`218`	`self.curve = curve`
`219`	`219`	`// X Coordinate is key -2, or NegativeInt 1 for SwiftCBOR`
`220`	`220`	`guard let xCoordRaw = publicKeyObject[.negativeInt(1)],`
`221`	`221`	`case let .byteString(xCoordinateBytes) = xCoordRaw else {`
`222`		`- throw WebAuthnError.badRequestData`
	`222`	`+ throw WebAuthnError.invalidXCoordinate`
`223`	`223`	`}`
`224`	`224`	`xCoordinate = xCoordinateBytes`
`225`	`225`	`}`