Skip to content

Commit a91e6a5

Browse files
committed
Return U2F attestation statement in a way that does not require error checking in clients
1 parent 830647d commit a91e6a5

2 files changed

Lines changed: 4 additions & 9 deletions

File tree

libwebauthn/src/ops/u2f.rs

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,8 @@ use crate::proto::ctap1::{Ctap1RegisterRequest, Ctap1SignRequest};
1515
use crate::proto::ctap1::{Ctap1RegisterResponse, Ctap1SignResponse};
1616
use crate::proto::ctap2::cbor;
1717
use crate::proto::ctap2::{
18-
Ctap2AttestationStatement, Ctap2COSEAlgorithmIdentifier, Ctap2GetAssertionResponse,
19-
Ctap2MakeCredentialResponse, Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialType,
20-
FidoU2fAttestationStmt,
18+
Ctap2AttestationStatement, Ctap2GetAssertionResponse, Ctap2MakeCredentialResponse,
19+
Ctap2PublicKeyCredentialDescriptor, Ctap2PublicKeyCredentialType, FidoU2fAttestationStmt,
2120
};
2221
use crate::webauthn::{CtapError, Error};
2322

@@ -132,9 +131,8 @@ impl UpgradableResponse<MakeCredentialResponse, MakeCredentialRequest> for Regis
132131
// Note: An ASN.1-encoded ECDSA signature value ranges over 8–72 bytes in length. [U2FRawMsgs] incorrectly
133132
// states a different length range.
134133
let attestation_statement = Ctap2AttestationStatement::FidoU2F(FidoU2fAttestationStmt {
135-
algorithm: Ctap2COSEAlgorithmIdentifier::ES256,
136134
signature: ByteBuf::from(self.signature.clone()),
137-
certificates: vec![ByteBuf::from(self.attestation.clone())],
135+
certificate: ByteBuf::from(self.attestation.clone()),
138136
});
139137

140138
// Let attestationObject be a CBOR map (see "attObj" in Generating an Attestation Object [WebAuthn]) with the

libwebauthn/src/proto/ctap2/model/get_assertion.rs

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,14 +57,11 @@ pub struct PackedAttestationStmt {
5757

5858
#[derive(Debug, Clone, Deserialize)]
5959
pub struct FidoU2fAttestationStmt {
60-
#[serde(rename = "alg")]
61-
pub algorithm: Ctap2COSEAlgorithmIdentifier,
62-
6360
#[serde(rename = "sig")]
6461
pub signature: ByteBuf,
6562

6663
#[serde(rename = "x5c")]
67-
pub certificates: Vec<ByteBuf>,
64+
pub certificate: ByteBuf,
6865
}
6966

7067
#[derive(Debug, Clone, Deserialize)]

0 commit comments

Comments
 (0)