search

webauthn-open-source / fido2-lib

A node.js library for performing FIDO 2.0 / WebAuthn server functionality
https://webauthn.io
MIT License
407 stars 120 forks source link

Fixed mapping of SHA1 on algToJWKAlg #168

Closed bobgrey closed 6 months ago

bobgrey commented 6 months ago

Issue identified using the FIDO Conformance Tools v1.7.19 ("tpm" attestation for SHA-1).

The error returned by crypto lib is: JWK "alg" does not match the requested algorithm

It expects RS1, not RS256.

Reference crypto:

...
const kHashNames = {
  sha1: {
    [kHashContextNode]: 'sha1',
    [kHashContextWebCrypto]: 'SHA-1',
    [kHashContextJwkRsa]: 'RS1',
    [kHashContextJwkRsaPss]: 'PS1',
    [kHashContextJwkRsaOaep]: 'RSA-OAEP',
    [kHashContextJwkHmac]: 'HS1',
  },
codecov-commenter commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 92.86%. Comparing base (ba30d26) to head (337d6b7).

:exclamation: Current head 337d6b7 differs from pull request most recent head e05ef27. Consider uploading reports for the commit e05ef27 to get more accurate results

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #168 +/- ## ======================================= Coverage 92.86% 92.86% ======================================= Files 16 16 Lines 6027 6027 ======================================= Hits 5597 5597 Misses 430 430 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

Hexagon commented 6 months ago

@bobgrey Have not looked into the issue, but why did you close this? Is the fix still valid?

bobgrey commented 5 months ago

@Hexagon Yes, it's still valid. I accidentally closed it due to additional unnecessary commits in my fork that altered the PR.

JamesCullum commented 5 months ago

Do you want to recreate it then?