Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature/enhance-rsa-support #50

Merged
merged 27 commits into from Sep 10, 2020
Merged

feature/enhance-rsa-support #50

merged 27 commits into from Sep 10, 2020

Conversation

MasterKale
Copy link
Owner

@MasterKale MasterKale commented Aug 29, 2020
edited

This PR enhances support for attestations and assertions containing RSA authenticator public keys. The simple fact is too much code assumed it was handling EC2 public keys; going RSA public key was surprisingly underbaked.

I've renamed the PR to reflect the fact that it wasn't TPM attestation support that was fixed, but rather attestations containing RSA public keys, of which TPM devices commonly produce.

This PR contains a breaking change! The entire authenticator public key is now returned from verifyAttestationResponse() instead of a previously pared down amount of public key info. Any authenticator public keys stored before this PR are no longer valid for use in assertions.

Fortunately I was able to create a simple "upgrade" script that these "old" public keys can be run through to fix them:

https://gist.github.com/MasterKale/175cb210b097632d7cd03fd409e2dfb3

@MasterKale
Copy link
Owner Author

Issue #49 prompted me to finally push up my initial work at tracking down this bug.

@MasterKale MasterKale mentioned this pull request Aug 29, 2020
Closed
@MasterKale
Replace TPM unit tests with real TPM attestations
ed34663 
Thanks to https://github.com/abergs/fido2-net-lib/ for their legitimate TPM responses.
@MasterKale
Rename method for converting X.509 certs to PEM
13d0d84
@MasterKale
Simplify convertX509CertToPEM logic
4adc750
@MasterKale
Clarify variable name in verifyFIDOU2F
5ac5d8d
@MasterKale
Remove JSDocs from convertX509CertToPEM
61311b5
@MasterKale
Add method to convert public key to PEM
f44ac34
@MasterKale
Clean up convertCOSEtoPKCS
8f0f996
@MasterKale
Return entire public key from attestation
c739794 
This should be what actually fixes the ASN.1 tag issue I was trying to fix. This might be a breaking change…
@MasterKale
Remember to commit jwk-to-pem dependency
cd527bf
@MasterKale
Remove unused import
35162c4
@MasterKale
Convert public key to PEM during assertion
d85f2b0
@MasterKale
Skip broken test for now
9ea9d7d
@MasterKale
Try to gracefully support existing public keys
a86daa1
@MasterKale
Remove console logging
1bcf7a5
@MasterKale
Add attestation test for None type w/RSA key
924b93a
@MasterKale
Improve retrieval of TcgAtTpm values
805d33e
@MasterKale
Leave a note on both tcgAtTpm structures
eb36c23
@MasterKale
Add new tests for both tcgAtTpm structures
c0fbaae
@MasterKale
Update monorepo dependencies
45b8a33
@MasterKale
Move some type libs into Server
b5ede7c
@MasterKale
Explicitly cast cbor encode output to Buffer
ce25587
@MasterKale
Add Github Action for build and test
275db1f
@MasterKale MasterKale marked this pull request as ready for review September 9, 2020 17:03
@MasterKale
Remove backwards compatibility code
d0c78e2 
I wrote a simple script to convert existing “old format” authenticator public keys to a newer format.
@MasterKale
Upgrade existing assertion test public keys
417c5c7
@MasterKale
Clarify in test that any TPM assertion will do
0883d03
@MasterKale MasterKale changed the title feature/fix-win10-tpm-assertion feature/enhance-rsa-support Sep 10, 2020
@MasterKale MasterKale merged commit 9241fbc into master Sep 10, 2020
@MasterKale MasterKale deleted the feature/fix-win10-tpm-assertion branch September 10, 2020 05:52
@MasterKale MasterKale added the package:server @simplewebauthn/server label Sep 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
package:server @simplewebauthn/server
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@MasterKale