mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-15 19:08:07 +00:00
core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys.
ECDH_ES_HKDF_256 is the wrong type to use, since the key-agreement does not use HKDF, but ES256 is even more wrong, because it is an ECDSA type rather than an ECDH type. Currently there is no correct algorithm type defined. ES256 is used by libfido2, whereas ECDH_ES_HKDF_256 is used by Chrome, YubiKey and SoloKey, so it has the majority.
This commit is contained in:
parent
d48c5c6450
commit
9537bc40a5
@ -120,6 +120,7 @@ _FIDO2_CONFIRM_TIMEOUT_MS = const(60 * 1000)
|
||||
# CBOR object signing and encryption algorithms and keys
|
||||
_COSE_ALG_KEY = const(3)
|
||||
_COSE_ALG_ES256 = const(-7) # ECDSA P-256 with SHA-256
|
||||
_COSE_ALG_ECDH_ES_HKDF_256 = const(-25) # Ephemeral-static ECDH with HKDF SHA-256
|
||||
_COSE_KEY_TYPE_KEY = const(1)
|
||||
_COSE_KEY_TYPE_EC2 = const(2) # elliptic curve keys with x- and y-coordinate pair
|
||||
_COSE_CURVE_KEY = const(-1) # elliptic curve identifier
|
||||
@ -1585,7 +1586,7 @@ def cbor_get_assertion_hmac_secret(
|
||||
x = key_agreement[_COSE_X_COORD_KEY]
|
||||
y = key_agreement[_COSE_Y_COORD_KEY]
|
||||
if (
|
||||
key_agreement[_COSE_ALG_KEY] != _COSE_ALG_ES256
|
||||
key_agreement[_COSE_ALG_KEY] != _COSE_ALG_ECDH_ES_HKDF_256
|
||||
or key_agreement[_COSE_KEY_TYPE_KEY] != _COSE_KEY_TYPE_EC2
|
||||
or key_agreement[_COSE_CURVE_KEY] != _COSE_CURVE_P256
|
||||
or len(x) != 32
|
||||
@ -1713,7 +1714,7 @@ def cbor_client_pin(req: Cmd) -> Cmd:
|
||||
# Encode the public key of the authenticator key agreement key.
|
||||
response_data = {
|
||||
_CLIENTPIN_RESP_KEY_AGREEMENT: {
|
||||
_COSE_ALG_KEY: _COSE_ALG_ES256,
|
||||
_COSE_ALG_KEY: _COSE_ALG_ECDH_ES_HKDF_256,
|
||||
_COSE_KEY_TYPE_KEY: _COSE_KEY_TYPE_EC2,
|
||||
_COSE_CURVE_KEY: _COSE_CURVE_P256,
|
||||
_COSE_X_COORD_KEY: _KEY_AGREEMENT_PUBKEY[1:33],
|
||||
|
Loading…
Reference in New Issue
Block a user