mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 19:43:44 +08:00
3d59f767ae
RS256 was added for Windows Hello and as a side effect we speculatively added RS384 and RS512. These ciphers were not tested and are now failing on solo keys. It may be the case that the ciphers are not configured correctly on our side. It may be the case that this is a Solo key bug. Regardless, we are removing the ciphers and will only consider adding them again if absolutely needed.
49 lines
1.1 KiB
Ruby
49 lines
1.1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'cose'
|
|
require 'openssl/signature_algorithm/rsapkcs1'
|
|
|
|
# 'cose' gem does not implement all algorithms from the Web Authentication
|
|
# (WebAuthn) standard specification. This patch implements one of the missing
|
|
# ones, RSASSA-PKCS1-v1_5.
|
|
module COSE
|
|
module Algorithm
|
|
def self.registered_algorithm_ids
|
|
@registered_by_id.keys
|
|
end
|
|
|
|
class RSAPKCS1 < SignatureAlgorithm
|
|
attr_reader :hash_function
|
|
|
|
def initialize(*args, hash_function:)
|
|
super(*args)
|
|
|
|
@hash_function = hash_function
|
|
end
|
|
|
|
private
|
|
|
|
def valid_key?(key)
|
|
to_cose_key(key).is_a?(COSE::Key::RSA)
|
|
end
|
|
|
|
def signature_algorithm_class
|
|
OpenSSL::SignatureAlgorithm::RSAPKCS1
|
|
end
|
|
|
|
def to_pkey(key)
|
|
case key
|
|
when COSE::Key::RSA
|
|
key.to_pkey
|
|
when OpenSSL::PKey::RSA
|
|
key
|
|
else
|
|
raise(COSE::Error, 'Incompatible key for algorithm')
|
|
end
|
|
end
|
|
end
|
|
|
|
register(RSAPKCS1.new(-257, 'RS256', hash_function: 'SHA256'))
|
|
end
|
|
end
|