mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 12:42:16 +08:00
FEATURE: RS512, RS384 and RS256 COSE algorithms (#15804)
* FEATURE: RS512, RS384 and RS256 COSE algorithms These algorithms are not implemented by cose-ruby, but used in the web authentication API and were marked as supported. * FEATURE: Use all algorithms supported by cose-ruby Previously only a subset of the algorithms were allowed.
This commit is contained in:
parent
03b7d71827
commit
6f7364e48b
50
lib/freedom_patches/cose_rsapkcs1.rb
Normal file
50
lib/freedom_patches/cose_rsapkcs1.rb
Normal file
|
@ -0,0 +1,50 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'cose'
|
||||
require 'openssl/signature_algorithm/rsapkcs1'
|
||||
|
||||
# 'cose' gem does not implement all algorithms from the Web Authentication
|
||||
# (WebAuthn) standard specification. This patch implements one of the missing
|
||||
# ones, RSASSA-PKCS1-v1_5.
|
||||
module COSE
|
||||
module Algorithm
|
||||
def self.registered_algorithm_ids
|
||||
@registered_by_id.keys
|
||||
end
|
||||
|
||||
class RSAPKCS1 < SignatureAlgorithm
|
||||
attr_reader :hash_function
|
||||
|
||||
def initialize(*args, hash_function:)
|
||||
super(*args)
|
||||
|
||||
@hash_function = hash_function
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def valid_key?(key)
|
||||
to_cose_key(key).is_a?(COSE::Key::RSA)
|
||||
end
|
||||
|
||||
def signature_algorithm_class
|
||||
OpenSSL::SignatureAlgorithm::RSAPKCS1
|
||||
end
|
||||
|
||||
def to_pkey(key)
|
||||
case key
|
||||
when COSE::Key::RSA
|
||||
key.to_pkey
|
||||
when OpenSSL::PKey::RSA
|
||||
key
|
||||
else
|
||||
raise(COSE::Error, 'Incompatible key for algorithm')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
register(RSAPKCS1.new(-257, 'RS256', hash_function: 'SHA256'))
|
||||
register(RSAPKCS1.new(-258, 'RS384', hash_function: 'SHA384'))
|
||||
register(RSAPKCS1.new(-259, 'RS512', hash_function: 'SHA512'))
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@ module Webauthn
|
|||
|
||||
# -7 - ES256
|
||||
# -257 - RS256 (Windows Hello supported alg.)
|
||||
SUPPORTED_ALGORITHMS = [-7, -257].freeze
|
||||
SUPPORTED_ALGORITHMS = COSE::Algorithm.registered_algorithm_ids.freeze
|
||||
VALID_ATTESTATION_FORMATS = ['none', 'packed', 'fido-u2f'].freeze
|
||||
|
||||
class SecurityKeyError < StandardError; end
|
||||
|
|
|
@ -157,4 +157,10 @@ describe Webauthn::SecurityKeyAuthenticationService do
|
|||
)
|
||||
end
|
||||
end
|
||||
|
||||
it 'all supported algorithms are implemented' do
|
||||
Webauthn::SUPPORTED_ALGORITHMS.each do |alg|
|
||||
expect(COSE::Algorithm.find(alg)).not_to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue
Block a user