Skip to content

Commit

Permalink
Merge pull request #89 from web-auth/CoseAlgIssue
Browse files Browse the repository at this point in the history 
Fix invalid signature length
  • Loading branch information
@Spomky
Spomky authored Sep 2, 2019
2 parents d2f8415 + b8de3f4 commit 15f2fa4
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 4 deletions.
6 changes: 5 additions & 1 deletion src/cose/src/Algorithm/Signature/ECDSA/ES256.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string

public function verify(string $data, Key $key, string $signature): bool
{
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
@trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
} else {
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
}

return parent::verify($data, $key, $signature);
}
Expand Down
6 changes: 5 additions & 1 deletion src/cose/src/Algorithm/Signature/ECDSA/ES256K.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string

public function verify(string $data, Key $key, string $signature): bool
{
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
@trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
} else {
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
}

return parent::verify($data, $key, $signature);
}
Expand Down
6 changes: 5 additions & 1 deletion src/cose/src/Algorithm/Signature/ECDSA/ES384.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string

public function verify(string $data, Key $key, string $signature): bool
{
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
@trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
} else {
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
}

return parent::verify($data, $key, $signature);
}
Expand Down
6 changes: 5 additions & 1 deletion src/cose/src/Algorithm/Signature/ECDSA/ES512.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string

public function verify(string $data, Key $key, string $signature): bool
{
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
@trigger_error('Since v2.1, the method "verify" accepts ASN.1 structures and raw ECDSA signature. In v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
} else {
$signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
}

return parent::verify($data, $key, $signature);
}
Expand Down
12 changes: 12 additions & 0 deletions src/webauthn/src/Util/CoseSignatureFixer.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,22 @@ public static function fix(string $signature, Signature $algorithm): string
switch ($algorithm::identifier()) {
case ECDSA\ES256K::ID:
case ECDSA\ES256::ID:
if (64 === mb_strlen($signature, '8bit')) {
return $signature;
}

return ECDSA\ECSignature::fromAsn1($signature, 64); //TODO: fix this hardcoded value by adding a dedicated method for the algorithms
case ECDSA\ES384::ID:
if (96 === mb_strlen($signature, '8bit')) {
return $signature;
}

return ECDSA\ECSignature::fromAsn1($signature, 96);
case ECDSA\ES512::ID:
if (132 === mb_strlen($signature, '8bit')) {
return $signature;
}

return ECDSA\ECSignature::fromAsn1($signature, 132);
}

Expand Down

0 comments on commit 15f2fa4

Please sign in to comment.