Handle authenticators not supporting the signature counter (Fixes #55).

duo-labs / py_webauthn

Pythonic WebAuthn 🐍

https://duo-labs.github.io/py_webauthn

BSD 3-Clause "New" or "Revised" License

856 stars 171 forks source link

Handle authenticators not supporting the signature counter (Fixes #55). #58

Closed jonathanverner closed 4 years ago

jonathanverner commented 4 years ago

The WebAuthN spec seems to allow for authenticators which do not support the signature counter (see step 17 in 7.2 Verifying an Authentication Assertion), i.e. the signature counter should only be checked if it is non-zero.

skorokithakis commented 4 years ago

What is the status of this PR? It seems like a straightforward change.

futureimperfect commented 4 years ago

Hi @jonathanverner and @skorokithakis,

I tested this change and it looks good to me. @jordan-wright or @nicksteele when you get a chance can you review/merge?

skorokithakis commented 4 years ago

I would possibly change the return to return 0 to be more explicit, but it looks good to me too.