Skip to content
This repository was archived by the owner on Mar 25, 2024. It is now read-only.

Commit 38780b9

Browse files
authored
Treat cid_pubkey as optional (#20)
This resolves #14, which became necessary due to a change in newer versions of Chrome. Note: Chrome now seems to attach garbage attestation certificates, at least on the hardware I tested with. This means that full CA verification may fail even when everything else is correct. There were several changes around the CryptoToken extension/implementation in [Chrome 74](https://chromium.googlesource.com/chromium/src/+log/73.0.3683.103..74.0.3729.108?pretty=fuller&n=10000) (warning: slow) so this is likely a regression of some kind, and may be specific to certain OSs (my testing was on macOS 10.14)
1 parent a02f36e commit 38780b9

3 files changed

Lines changed: 74 additions & 4 deletions

File tree

src/ClientData.php

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ class ClientData implements JsonSerializable, ChallengeProvider
1010
{
1111
use ChallengeTrait;
1212

13+
/** @var string */
14+
private $originalJson;
1315
private $cid_pubkey;
1416
private $origin;
1517
private $typ;
@@ -23,7 +25,11 @@ public static function fromJson(string $json) {
2325
$ret->setType($ret->validateKey('typ', $data));
2426
$ret->setChallenge($ret->validateKey('challenge', $data));
2527
$ret->origin = $ret->validateKey('origin', $data);
26-
$ret->cid_pubkey = $ret->validateKey('cid_pubkey', $data);
28+
// This field is optional
29+
if (isset($data['cid_pubkey'])) {
30+
$ret->cid_pubkey = $data['cid_pubkey'];
31+
}
32+
$ret->originalJson = $json;
2733
return $ret;
2834
}
2935

@@ -63,8 +69,7 @@ private function validateKey(string $key, array $data) {
6369

6470
// Returns the SHA256 hash of this object per the raw message formats spec
6571
public function getChallengeParameter(): string {
66-
$json = json_encode($this, \JSON_UNESCAPED_SLASHES);
67-
return hash('sha256', $json, true);
72+
return hash('sha256', $this->originalJson, true);
6873
}
6974

7075
public function jsonSerialize() {

tests/ClientDataTest.php

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,6 @@ public function missingData(): array {
9494
$without('typ'),
9595
$without('challenge'),
9696
$without('origin'),
97-
$without('cid_pubkey'),
9897
];
9998
}
10099

tests/ServerTest.php

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -560,6 +560,72 @@ public function testAuthenticateThrowsIfRequestIsSignedWithWrongKey() {
560560
->authenticate($response);
561561
}
562562

563+
// -( Alternate formats (see #14) )----------------------------------------
564+
565+
public function testRegistrationWithoutCidPubkey_BugFix14()
566+
{
567+
$server = (new Server())
568+
->disableCAVerification()
569+
->setAppId('https://u2f.ericstern.com');
570+
571+
$registerRequest = new RegisterRequest();
572+
$registerRequest->setAppId($server->getAppId())
573+
->setChallenge('dNqjowssvlxx9zBhvsy03A');
574+
$server->setRegisterRequest($registerRequest);
575+
576+
$json = '{"registrationData":"BQSFDYsZaHlRBQcdLyu4jZ-Bukb1vw6QtSfmvTQO'.
577+
'IXpjZpfqYptdtpBznuNBslzlZdodspfqRkqwJIt3a0W2P_HlQImHG1FoSkYdPwSzp'.
578+
'3WvlDisShW5fveiaaI4Zk8oZBkyWoQ6v1c2ypcd5OWPX6rAH-N7cPjw1Vg_w1q_YL'.
579+
'c3mR8wggE0MIHboAMCAQICCjJ1rwmwx867ew8wCgYIKoZIzj0EAwIwFTETMBEGA1U'.
580+
'EAxMKVTJGIElzc3VlcjAaFwswMDAxMDEwMDAwWhcLMDAwMTAxMDAwMFowFTETMBEG'.
581+
'A1UEAxMKVTJGIERldmljZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCLzJT4vt'.
582+
'kl-799Ks5wINHdVRIKCLq-kX6oIajh_2Dv4Sk0cBVteQt1xdGau1XzEaGYIOvU5hU'.
583+
'm2J2pxVBQIzaajFzAVMBMGCysGAQQBguUcAgEBBAQDAgUgMAoGCCqGSM49BAMCA0g'.
584+
'AMEUCIQDBo6aOLxanIUYnBX9iu3KMngPnobpi0EZSTkVtLC8_cwIgC1945RGqGBKf'.
585+
'byNtkhMifZK05n7fU-gW37Bdnci5D94wRQIgEPJVWZ7zgVQUctG3xpWBv77s3u2R7'.
586+
'OJP-UjkWdcUs2QCIQC1fqlZIrl4kIEsSQTRMauvcaoeunV-I24WYnp3rgC_Dg","v'.
587+
'ersion":"U2F_V2","challenge":"dNqjowssvlxx9zBhvsy03A","appId":"ht'.
588+
'tps://u2f.ericstern.com","clientData":"eyJjaGFsbGVuZ2UiOiJkTnFqb3'.
589+
'dzc3ZseHg5ekJodnN5MDNBIiwib3JpZ2luIjoiaHR0cHM6Ly91MmYuZXJpY3N0ZXJ'.
590+
'uLmNvbSIsInR5cCI6Im5hdmlnYXRvci5pZC5maW5pc2hFbnJvbGxtZW50In0"}';
591+
$registerResponse = RegisterResponse::fromJson($json);
592+
593+
$registration = $server->register($registerResponse);
594+
$this->assertInstanceOf(Registration::class, $registration);
595+
}
596+
597+
public function testRegistrationWithoutCidPubkey_BugFix14_2()
598+
{
599+
$server = (new Server())
600+
->disableCAVerification()
601+
->setAppId('https://u2f.ericstern.com');
602+
603+
$registerRequest = new RegisterRequest();
604+
$registerRequest->setAppId($server->getAppId())
605+
->setChallenge('E23usdC7VkxjN1mwRAeyjg');
606+
$server->setRegisterRequest($registerRequest);
607+
608+
$json = '{"registrationData":"BQSTffB-e9hdFwhsfb2t-2ppwyxZAltnDf6TYwv4'.
609+
'1VtleEO4488JwNFGr_bks_4EzA4DoluDBCgfmULGpZpXykTZQMOMz9DfbESHnuBY9'.
610+
'cmTxVTVtrsTFTQA-IPETCYJ2dYACULXRN7_qLq_2WnDQJaME7zWyZEB0NFu-hosav'.
611+
'uqjncwggEbMIHCoAMCAQICCiIygbKxS2KpYY8wCgYIKoZIzj0EAwIwFTETMBEGA1U'.
612+
'EAxMKVTJGIElzc3VlcjAaFwswMDAxMDEwMDAwWhcLMDAwMTAxMDAwMFowFTETMBEG'.
613+
'A1UEAxMKVTJGIERldmljZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCdqjfpHR'.
614+
'9L8a6-pVRv9PWu-pORC9sO9eDk6ZlFIXaclyfxbLJqAehvIWJuzij_BxJOLbQPD_9'.
615+
'fX5uKh9tDv8nowCgYIKoZIzj0EAwIDSAAwRQIhAMGjpo4vFqchRicFf2K7coyeA-e'.
616+
'humLQRlJORW0sLz9zAiALX3jlEaoYEp9vI22SEyJ9krTmft9T6BbfsF2dyLkP3jBE'.
617+
'AiAHD70-wA4f3SZk6s0RocHAA4nDCGaVFvTBG4gZXcZTnQIge2joenpQxVP0r1o9E'.
618+
'zL9C3aR-HEKhSHr86MX4eUTMlw","version":"U2F_V2","challenge":"E23us'.
619+
'dC7VkxjN1mwRAeyjg","appId":"https://u2f.ericstern.com","clientDat'.
620+
'a":"eyJjaGFsbGVuZ2UiOiJFMjN1c2RDN1ZreGpOMW13UkFleWpnIiwib3JpZ2luI'.
621+
'joiaHR0cHM6Ly91MmYuZXJpY3N0ZXJuLmNvbSIsInR5cCI6Im5hdmlnYXRvci5pZC'.
622+
'5maW5pc2hFbnJvbGxtZW50In0"}';
623+
$registerResponse = RegisterResponse::fromJson($json);
624+
625+
$registration = $server->register($registerResponse);
626+
$this->assertInstanceOf(Registration::class, $registration);
627+
}
628+
563629
// -( Helpers )------------------------------------------------------------
564630

565631
private function getDefaultRegisterRequest(): RegisterRequest {

0 commit comments

Comments
 (0)