search

sjinks / wp-two-factor-provider-webauthn

WebAuthn Provider for Two Factor plugin
https://wordpress.org/plugins/two-factor-provider-webauthn/
MIT License
15 stars 7 forks source link

fix: issues with YubiKeys #862

Closed sjinks closed 3 weeks ago

sjinks commented 3 weeks ago

This PR uses the patch from madwizard-org/webauthn-server#23 to fix some issues with YubiKeys.

Fixes: #541

First issue: kty and crv can either be int or tstraccording to the RFC, where the string version should be one of the constants (like OKP or Ed25519). However, this library parses only the int version. This PR adds support for the string constants related to elliptic curves. There are likely more places where string constants are applicable, but the provided fixes are at least enough to get YubiKey working. Example input of such a key: {1: 'OKP', 3: -8, -1: 'Ed25519'}.

Second issue: some keys generate broken keys during registration (two errors: map length is wrong, and public key component x is bytearray instead of bytestring).

github-actions[bot] commented 3 weeks ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails

Scanned Manifest Files