Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proper public keys implementation #23

Merged
merged 20 commits into from
Aug 2, 2020
Merged

Proper public keys implementation #23

merged 20 commits into from
Aug 2, 2020

Conversation

arianvp
Copy link
Owner

@arianvp arianvp commented Jun 28, 2020
edited
Loading

The current webauthn standard is rather ambigious again. So I think
there are some mistakes in the implementation that make our public
key decoder too crypto-agile.

The new draft of the webauthn standard is not ambigious, but also
has an issue I'd like to be clarified first:

w3c/webauthn#1446

it probably means alg should imply crv and we should remove
support for Ed448 or wait for the spec to be more fleshed out

Fixes #20

@arianvp
Make ghcide work on all components
5c30eb8
@arianvp
Implement proper public key decoding
cf9052a 
The current webauthn standard is rather ambigious again. So I think
there are some mistakes in the implementation that make our public
key decoder too crypto-agile.

The new draft of the webauthn standard is not ambigious, but also
has an issue I'd like to be clarified first:

w3c/webauthn#1446

it probably means `alg` should imply `crv` and we should remove
support for Ed448 or wait for the spec to be more fleshed out
@arianvp arianvp changed the title Proper public keys Proper public keys implementation Jun 28, 2020
@arianvp arianvp requested review from duijf and ruuda and removed request for duijf June 28, 2020 01:29
arianvp
arianvp commented Jun 28, 2020
View reviewed changes
fido/Crypto/Fido2/PublicKey.hs Outdated

data ECDSAKey = ECDSAKey ECDSAIdentifier ECDSA.PublicKey deriving (Eq, Show)

instance Arbitrary ECDSAKey where
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probaly move all these arbitrary instances to the test module?

@arianvp
Copy link
Owner Author

arianvp commented Jun 28, 2020
edited
Loading

Specifically Section 5.8.5. of the draft forces us to make alg uniquely define kty and crv; which is not how COSE was originally designed. This is all super confusing.

Keys with algorithm ES256 (-7) MUST specify P-256 (1) as the crv parameter.
Keys with algorithm ES384 (-35) MUST specify P-384 (2) as the crv parameter.
Keys with algorithm ES512 (-36) MUST specify P-521 (3) as the crv parameter.
Keys with algorithm EdDSA (-8) MUST specify Ed25519 (6) as the crv parameter.

ruuda
ruuda reviewed Jun 28, 2020
View reviewed changes
fido/Crypto/Fido2/PublicKey.hs Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Outdated Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Outdated Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Outdated Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs Show resolved Hide resolved
fido/Crypto/Fido2/PublicKey.hs
2 -> ECDSAPublicKey <$> decodeECDSAPublicKey
x -> fail $ "unexpected kty: " ++ show x

decodeEdDSAKey :: Decoder s EdDSAKey
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of the other decoders have PublicKey in the name, but this one just Key. But “key” here does refer to the public key, right? To avoid confusion, I would call this one decodeEdDSAPublicKey.

tests/Spec.hs Outdated Show resolved Hide resolved
server/Database.hs
[userId]
pure $ Maybe.catMaybes $ fmap (mkCredential) $ credentialRows
where
mkCredential (id, x, y) = do
mkCredential (id, publicKey) = do
-- TODO(#22): Convert to the compressed representation so we don't need
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment is now outdated.

@arianvp
Fix build of server
3896036
@arianvp
Try adding coverage report to github actions
5ef7b9b
@arianvp
Try v2
9b2ec86
@arianvp
Increase coverage a bit by defining domain objects
64aabcb 
Instead of translatign to cryptonite primitives, which is a bit lossy,
we use sum types to model our domain! could remove a never reached error
case because of this
@arianvp arianvp mentioned this pull request Jun 28, 2020
Closed
@arianvp arianvp mentioned this pull request Jun 28, 2020
Open
@arianvp arianvp merged commit 27029d8 into master Aug 2, 2020
@arianvp arianvp deleted the proper-public-keys branch August 2, 2020 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ruuda ruuda ruuda left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement EdDSA
2 participants
@arianvp @ruuda