Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Previous fix for eddsa key fail at authentication #448

Closed
Gashmob opened this issue Jul 25, 2023 · 2 comments
Closed

Previous fix for eddsa key fail at authentication #448

Gashmob opened this issue Jul 25, 2023 · 2 comments

Comments

@Gashmob
Copy link
Contributor

Gashmob commented Jul 25, 2023
edited
Loading

Version(s) affected

4.6.4

Description

Your previous fix for registration of eddsa key works fine (#436). But I've not tried if it works for authentication before today.

When you fix the cbor map in load you define a field as a byte string: AuthenticatorDataLoader.php line 110

->add(UnsignedIntegerObject::create(1), ByteStringObject::create('OKP'))

Or in https://www.rfc-editor.org/rfc/rfc8152#section-7 it tell that it must be a text string or an integer

How to reproduce

Use a recent yubikey (eg. firmware 5.4.3), register it with eddsa as prefered algorithm, then use it for authentication.

Possible Solution

- ->add(UnsignedIntegerObject::create(1), ByteStringObject::create('OKP'))
+ ->add(UnsignedIntegerObject::create(1), TextStringObject::create('OKP'))

I can create the pr if you want as the fix is very small

Additional Context

No response
Gashmob added a commit to Gashmob/webauthn-framework that referenced this issue Jul 25, 2023
@Gashmob
Fix wrong creation of eddsa public key
f260c3f 
Closes web-auth#448

Previously added for issue web-auth#436, the field kty must be text string or
int but not byte string (rfc8152 section 7)
@Gashmob Gashmob mentioned this issue Jul 25, 2023
Merged
4 tasks
@Gashmob
Copy link
Contributor Author

Gashmob commented Jul 25, 2023
edited
Loading

In parallel, in class OkpKey, when you check fields 1 and -1, you assume that the value is an int, but it can also be a text string. And same in class EdDSA, when you check again field -1.

@Gashmob Gashmob mentioned this issue Jul 25, 2023
Closed
Gashmob added a commit to Gashmob/webauthn-framework that referenced this issue Jul 26, 2023
@Gashmob
Add tests to check if fixed OKP key can be check by validator
6e7d362 
issue web-auth#448
@Spomky Spomky closed this as completed in 0e945db Jul 26, 2023
@github-actions
Copy link
Contributor

github-actions bot commented Sep 9, 2023

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 9, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Gashmob