Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: issues with YubiKeys #862

Merged
merged 1 commit into from
Sep 9, 2024
Merged

fix: issues with YubiKeys #862

merged 1 commit into from
Sep 9, 2024

Conversation

sjinks
Copy link
Owner

@sjinks sjinks commented Sep 9, 2024

This PR uses the patch from madwizard-org/webauthn-server#23 to fix some issues with YubiKeys.

Fixes: #541

First issue: kty and crv can either be int or tstraccording to the RFC, where the string version should be one of the constants (like OKP or Ed25519). However, this library parses only the int version. This PR adds support for the string constants related to elliptic curves. There are likely more places where string constants are applicable, but the provided fixes are at least enough to get YubiKey working. Example input of such a key: {1: 'OKP', 3: -8, -1: 'Ed25519'}.

Second issue: some keys generate broken keys during registration (two errors: map length is wrong, and public key component x is bytearray instead of bytestring).

@sjinks sjinks self-assigned this Sep 9, 2024
Copy link

github-actions bot commented Sep 9, 2024

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files

@sjinks sjinks merged commit bda99b9 into master Sep 9, 2024
25 checks passed
@sjinks sjinks deleted the GH-514 branch September 9, 2024 07:04
sjinks added a commit that referenced this pull request Sep 9, 2024
fix: issues with YubiKeys
@sjinks sjinks mentioned this pull request Sep 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

webauthn_register fails
1 participant