Commit 234fdbc
committed
fix(pin): validate peer COSE EC2 key x/y length in PIN/UV ECDH
A malicious or buggy authenticator can return an `EcdhEsHkdf256PublicKey`
whose x or y coordinate is shorter than 32 bytes. `cosey` accepts any
length up to 32, but `EncodedPoint::from_affine_coordinates` requires
exactly 32 bytes per coordinate; the `.into()` calls invoke
`GenericArray::from_slice` which panics on length mismatch.
CTAP 2.2 §6.5.6 requires x and y to be 32 bytes (P-256 field-element
size). Validate explicitly via `try_into` and return
`Error::Ctap(CtapError::Other)` on mismatch. Add regression tests for
short and empty x, and short y.1 parent 36cfe41 commit 234fdbc
1 file changed
Lines changed: 63 additions & 5 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
175 | 175 | | |
176 | 176 | | |
177 | 177 | | |
178 | | - | |
179 | | - | |
180 | | - | |
181 | | - | |
182 | | - | |
| 178 | + | |
| 179 | + | |
| 180 | + | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
| 185 | + | |
| 186 | + | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
| 191 | + | |
| 192 | + | |
| 193 | + | |
| 194 | + | |
183 | 195 | | |
184 | 196 | | |
185 | 197 | | |
| |||
578 | 590 | | |
579 | 591 | | |
580 | 592 | | |
| 593 | + | |
| 594 | + | |
| 595 | + | |
| 596 | + | |
| 597 | + | |
| 598 | + | |
| 599 | + | |
| 600 | + | |
| 601 | + | |
| 602 | + | |
| 603 | + | |
| 604 | + | |
| 605 | + | |
| 606 | + | |
| 607 | + | |
| 608 | + | |
| 609 | + | |
| 610 | + | |
| 611 | + | |
| 612 | + | |
| 613 | + | |
| 614 | + | |
| 615 | + | |
| 616 | + | |
| 617 | + | |
| 618 | + | |
| 619 | + | |
| 620 | + | |
| 621 | + | |
| 622 | + | |
| 623 | + | |
| 624 | + | |
| 625 | + | |
| 626 | + | |
| 627 | + | |
| 628 | + | |
| 629 | + | |
| 630 | + | |
| 631 | + | |
| 632 | + | |
| 633 | + | |
| 634 | + | |
| 635 | + | |
| 636 | + | |
| 637 | + | |
| 638 | + | |
0 commit comments