Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change attstmt to handle x5c array/list #781

Merged
merged 2 commits into from
Feb 8, 2024
Merged

Change attstmt to handle x5c array/list #781

merged 2 commits into from
Feb 8, 2024

Conversation

yesvivek
Copy link

@yesvivek yesvivek commented Feb 6, 2024

According to webauthn spec the x5c object under attStmt is of array type. But current code stores only the leaf certificate and discards the other certificates - reported as #749. This patch attempts to fix that.

Summary of changes,

  • x5c object under fido_attstmt is fido_blob_array_t type.
  • decode_x5c and fido_cred_set_x509 is updated to store as array.
  • fido_cred_x5c_ptr and fido_cred_x5c_len are updated to retain backward compatibility; they now work with first certificate in the list.
  • New API fido_cred_x5c_list_count added to return number of certificates in the x5c.
  • New API fido_cred_x5c_list_ptr added to return requested certificate data in the x5c.
  • New API fido_cred_x5c_list_len added to return byte length of requested certificate in the x5c.

@yesvivek yesvivek mentioned this pull request Feb 6, 2024
Closed
LDVG
LDVG reviewed Feb 6, 2024
View reviewed changes
Copy link
Contributor

@LDVG LDVG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution! This looks very close to what we had in mind. I left a few comments in-line.

@yesvivek
Copy link
Author

yesvivek commented Feb 6, 2024
edited
Loading

@LDVG do note this is my first PR, ever. Also, am usually not good at naming functions/variables (still learning). So, feel free to correct them :)
Also, I have only linux (ubuntu 22) with me. So, no clue how to update for other platforms.

@LDVG
Copy link
Contributor

LDVG commented Feb 6, 2024

@LDVG do note this is my first PR, ever. Also, am usually not good at naming functions/variables (still learning). So, feel free to correct them :)

We'll ponder on what to call them as the dust settles. FWIW, I think the current naming is fine. :-)

Also, I have only linux (ubuntu 22) with me. So, no clue how to update for other platforms.

The code that this PR touches is common for all platforms that we support, so that should be fine.

P.S.: I think src/export.msvc was left out of the most recent commit?

@yesvivek
Copy link
Author

yesvivek commented Feb 6, 2024

Ah, my bad, got missed when adding. Pushed now..

@LDVG LDVG force-pushed the change_attstmt_x5c_to_array branch 2 times, most recently from d22b809 to 138bd1c Compare February 7, 2024 11:44
@LDVG
Copy link
Contributor

LDVG commented Feb 7, 2024
edited
Loading

I added a couple of minor tweaks on top of your commits. For some reason, this caused GitHub's UI to not recognize your account authoring them anymore, despite the commits having the same SHA as previously (maybe it doesn't recognize your author email address?). If this is important to you and you want to correct this, you can feel free to squash your commits and my tweaks down to one commit. :-)

@yesvivek
Copy link
Author

yesvivek commented Feb 7, 2024

@LDVG I dont see any option other than using git rebase or reset and doing a commit again, but I dont know what side effects it might have. So, is it possible for you to squash them?

viveks and others added 2 commits February 8, 2024 09:32
@LDVG
Change attstmt to handle x5c array/list; update APIs too
141e133
@LDVG
cbor: add decode_x5c_array()
2e2d5c8 
Adds explicit checks that the target array is empty when we parse the
CBOR map. This triggers a failure for malformed responses with duplicate
keys.
@LDVG LDVG force-pushed the change_attstmt_x5c_to_array branch from 138bd1c to 2e2d5c8 Compare February 8, 2024 08:34
@LDVG
Copy link
Contributor

LDVG commented Feb 8, 2024
edited
Loading

@LDVG I dont see any option other than using git rebase or reset and doing a commit again, but I dont know what side effects it might have. So, is it possible for you to squash them?

I went ahead and squashed them, by rebasing. :-)

This looks good to me, thanks for your contribution and congratulations on your first GitHub PR!

@LDVG LDVG requested a review from kongeo February 8, 2024 08:38
@yesvivek
Copy link
Author

yesvivek commented Feb 8, 2024

Thank you @LDVG . Appreciate your guidance, certainly learned new things from you.

@kongeo kongeo merged commit b465d28 into Yubico:main Feb 8, 2024
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LDVG LDVG LDVG approved these changes

@kongeo kongeo kongeo approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@yesvivek @LDVG @kongeo