Switch decode and encode naming

src/client/api.ts

@@ -1,5 +1,5 @@
 import * as schema from '../server/schema.js';
-import { cborDecode, decode, safeByteDecode } from '../utils.js';
+import { cborDecode, decode, safeByteEncode } from '../utils.js';
 
 const makeRequest = (endpoint: string, data: object = {}) =>
     fetch(
@@ -59,11 +59,11 @@ export namespace Attestation {
 
             const payload: schema.Attestation.StoreCredentialPayload = {
                 kid: credential.id,
-                clientDataJSON: safeByteDecode(attestation.clientDataJSON),
-                attestationObject: safeByteDecode(
+                clientDataJSON: safeByteEncode(attestation.clientDataJSON),
+                attestationObject: safeByteEncode(
                     attestation.attestationObject
                 ),
-                pubkey: safeByteDecode(getPublicKey(attestation)),
+                pubkey: safeByteEncode(getPublicKey(attestation)),
                 coseAlg: getPublicKeyAlgorithm(attestation),
             };
 
@@ -99,9 +99,9 @@ export namespace Assertion {
 
         const payload: schema.Assertion.VerifyPayload = {
             kid: credential.id,
-            clientDataJSON: safeByteDecode(assertion.clientDataJSON),
-            authenticatorData: safeByteDecode(assertion.authenticatorData),
-            signature: safeByteDecode(assertion.signature),
+            clientDataJSON: safeByteEncode(assertion.clientDataJSON),
+            authenticatorData: safeByteEncode(assertion.authenticatorData),
+            signature: safeByteEncode(assertion.signature),
         };
         const response = await makeRequest('assertion/verify', payload);
         return (await response.json()) as schema.Assertion.VerifyResponse;

src/client/assertion.ts

@@ -1,10 +1,10 @@
-import { safeEncode } from '../utils.js';
+import { safeDecode } from '../utils.js';
 import * as api from './api.js';
 
 export async function assertion(abortController: AbortController) {
     const { challenge } = await api.Assertion.generate();
     const publicKey: PublicKeyCredentialRequestOptions = {
-        challenge: safeEncode(challenge),
+        challenge: safeDecode(challenge),
         rpId: window.location.host,
         timeout: 60_000,
     };

src/client/attestation.ts

@@ -1,5 +1,5 @@
 import { COSEAlgorithm } from '../crypto.js';
-import { encode, safeEncode } from '../utils.js';
+import { encode, safeDecode } from '../utils.js';
 import * as api from './api.js';
 
 export async function attestation(
@@ -9,7 +9,7 @@ export async function attestation(
     const userId = crypto.randomUUID();
     const { challenge } = await api.Attestation.generate(userId);
     const publicKey: PublicKeyCredentialCreationOptions = {
-        challenge: safeEncode(challenge),
+        challenge: safeDecode(challenge),
         rp: {
             id: window.location.host,
             name: document.title,

src/server/assertion.ts

@@ -11,7 +11,7 @@ import {
     concatBuffer,
     isEqualBuffer,
     isValidSignCounter,
-    safeByteEncode,
+    safeByteDecode,
     unmarshal,
 } from '../utils';
 import { HostDigest, Origin, WebAuthnType } from './constants';
@@ -34,9 +34,9 @@ export class Assertion {
         );
         const digestAlg = COSEAlgToDigest[coseAlg];
 
-        const signature = safeByteEncode(payload.signature);
-        const authenticatorData = safeByteEncode(payload.authenticatorData);
-        const clientDataJSON = safeByteEncode(payload.clientDataJSON);
+        const signature = safeByteDecode(payload.signature);
+        const authenticatorData = safeByteDecode(payload.authenticatorData);
+        const clientDataJSON = safeByteDecode(payload.clientDataJSON);
 
         // Convert from DER ASN.1 encoding to r|s ECDSA signature
         const rawSig = fromAsn1DERtoRSSignature(
@@ -74,7 +74,7 @@ export class Assertion {
                 clientDataJSON
             ) as schema.ClientDataJSON;
 
-            const authenticatorData = safeByteEncode(payload.authenticatorData);
+            const authenticatorData = safeByteDecode(payload.authenticatorData);
             const rpIdHash = authenticatorData.slice(0, 32);
 
             if (type !== WebAuthnType.Get) {

src/server/attestation.ts

@@ -12,7 +12,7 @@ import {
     cborDecode,
     concatBuffer,
     isEqualBuffer,
-    safeByteEncode,
+    safeByteDecode,
     unmarshal,
 } from '../utils';
 import { HostDigest, Origin, WebAuthnType } from './constants';
@@ -54,14 +54,14 @@ async function validatePacked(
         pubkey = await cert.publicKey.export();
     } else {
         pubkey = await _Crypto.toCryptoKey(
-            safeByteEncode(payload.pubkey),
+            safeByteDecode(payload.pubkey),
             COSEAlgToSigningAlg[payload.coseAlg],
             COSEAlgToSigningCurve[payload.coseAlg]
         );
     }
     const clientDataHash = await crypto.subtle.digest(
         'SHA-256',
-        safeByteEncode(payload.clientDataJSON)
+        safeByteDecode(payload.clientDataJSON)
     );
     const signatureBase = concatBuffer(authData, clientDataHash);
     const isVerified = await crypto.subtle.verify(
@@ -107,7 +107,7 @@ export class Attestation {
             }
 
             const { fmt, authData, attStmt }: DecodedAttestationObject =
-                cborDecode(new Uint8Array(safeByteEncode(attestationObject)));
+                cborDecode(new Uint8Array(safeByteDecode(attestationObject)));
 
             switch (fmt) {
                 case 'none':

src/server/context.ts

@@ -1,5 +1,5 @@
 import { Request } from '@cloudflare/workers-types';
-import { safeDecode } from '../utils.js';
+import { safeEncode } from '../utils.js';
 import { Cache } from './cache';
 import { DB } from './db';
 import { Env } from './env';
@@ -45,6 +45,6 @@ export class Context {
         this.response = new ContextResponse();
     }
     generateChallenge() {
-        return safeDecode(crypto.getRandomValues(new Uint8Array(16)));
+        return safeEncode(crypto.getRandomValues(new Uint8Array(16)));
     }
 }

src/server/db/index.ts

@@ -1,4 +1,4 @@
-import { safeByteEncode } from '../../utils';
+import { safeByteDecode } from '../../utils';
 import { Env } from '../env';
 import * as schema from '../schema';
 
@@ -57,8 +57,8 @@ export class DB {
             'INSERT INTO public_keys(kid, pubkey, attestation_data, cose_alg, user_id) VALUES(?1, ?2, ?3, ?4, ?5)'
         ).bind(
             kid,
-            safeByteEncode(pubkey),
-            safeByteEncode(attestationObject),
+            safeByteDecode(pubkey),
+            safeByteDecode(attestationObject),
             coseAlg,
             userId
         );

src/utils.ts

@@ -21,11 +21,11 @@ export const fromBase64Url = _fromBase64Url;
 export const marshal = (data: object) => toBase64Url(JSON.stringify(data));
 export const unmarshal = (data: string) => JSON.parse(fromBase64Url(data));
 
-export const safeEncode = (data: string) => encode(fromBase64Url(data));
-export const safeDecode = (data: ArrayBuffer) => toBase64Url(decode(data));
-export const safeByteEncode = (data: string) =>
+export const safeDecode = (data: string): Uint8Array => encode(fromBase64Url(data));
+export const safeEncode = (data: ArrayBuffer): string => toBase64Url(decode(data));
+export const safeByteDecode = (data: string): ArrayBufferLike =>
     byteStringToBuffer(fromBase64Url(data));
-export const safeByteDecode = (data: ArrayBuffer) =>
+export const safeByteEncode = (data: ArrayBuffer): string =>
     toBase64Url(bufferToByteString(data));
 
 export function concatBuffer(...buffers: ArrayBuffer[]) {