Skip to content

Commit

Permalink
Ignore key parameters with unsupported type
Browse files Browse the repository at this point in the history
As required by the Webauthn spec, we now ignore public key credential
parameters with a type other than "public-key".

Fixes: trussed-dev#28
  • Loading branch information
robin-nitrokey committed Jul 5, 2023
1 parent d3e1753 commit 2dfefb3
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 9 deletions.
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## Unreleased
- Ignore public key credential paramters with an unknown type, as required by
the Webauthn spec ([#28][])

[#28]: https://github.com/solokeys/fido-authenticator/issues/28

## [0.1.1] - 2022-08-22
- Fix bug that treated U2F payloads as APDU over APDU in NFC transport @conorpp
- Add config option to skip UP when device was just booted,
Expand Down
16 changes: 7 additions & 9 deletions src/ctap2.rs
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,11 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti

let mut algorithm: Option<SigningAlgorithm> = None;
for param in parameters.pub_key_cred_params.iter() {
// Ignore unknown key types
if param.key_type != "public-key" {
continue;
}

match param.alg {
-7 => {
if algorithm.is_none() {
Expand All @@ -211,15 +216,8 @@ impl<UP: UserPresence, T: TrussedRequirements> Authenticator for crate::Authenti
_ => {}
}
}
let algorithm = match algorithm {
Some(algorithm) => {
info_now!("algo: {:?}", algorithm as i32);
algorithm
}
None => {
return Err(Error::UnsupportedAlgorithm);
}
};
let algorithm = algorithm.ok_or(Error::UnsupportedAlgorithm)?;
info_now!("algo: {:?}", algorithm as i32);

// 8. process options; on known but unsupported error UnsupportedOption

Expand Down

0 comments on commit 2dfefb3

Please sign in to comment.