From 9537bc40a58fb4e7c428fb7b7137e1fc2d004e6b Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Mon, 30 Sep 2019 19:30:37 +0200 Subject: [PATCH] core/webauthn: Use ECDH_ES_HKDF_256 instead of ES256 as the algorithm type for key-agreement keys. ECDH_ES_HKDF_256 is the wrong type to use, since the key-agreement does not use HKDF, but ES256 is even more wrong, because it is an ECDSA type rather than an ECDH type. Currently there is no correct algorithm type defined. ES256 is used by libfido2, whereas ECDH_ES_HKDF_256 is used by Chrome, YubiKey and SoloKey, so it has the majority. --- core/src/apps/webauthn/__init__.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/src/apps/webauthn/__init__.py b/core/src/apps/webauthn/__init__.py index 411fd0694e..dfffe61d8a 100644 --- a/core/src/apps/webauthn/__init__.py +++ b/core/src/apps/webauthn/__init__.py @@ -120,6 +120,7 @@ _FIDO2_CONFIRM_TIMEOUT_MS = const(60 * 1000) # CBOR object signing and encryption algorithms and keys _COSE_ALG_KEY = const(3) _COSE_ALG_ES256 = const(-7) # ECDSA P-256 with SHA-256 +_COSE_ALG_ECDH_ES_HKDF_256 = const(-25) # Ephemeral-static ECDH with HKDF SHA-256 _COSE_KEY_TYPE_KEY = const(1) _COSE_KEY_TYPE_EC2 = const(2) # elliptic curve keys with x- and y-coordinate pair _COSE_CURVE_KEY = const(-1) # elliptic curve identifier @@ -1585,7 +1586,7 @@ def cbor_get_assertion_hmac_secret( x = key_agreement[_COSE_X_COORD_KEY] y = key_agreement[_COSE_Y_COORD_KEY] if ( - key_agreement[_COSE_ALG_KEY] != _COSE_ALG_ES256 + key_agreement[_COSE_ALG_KEY] != _COSE_ALG_ECDH_ES_HKDF_256 or key_agreement[_COSE_KEY_TYPE_KEY] != _COSE_KEY_TYPE_EC2 or key_agreement[_COSE_CURVE_KEY] != _COSE_CURVE_P256 or len(x) != 32 @@ -1713,7 +1714,7 @@ def cbor_client_pin(req: Cmd) -> Cmd: # Encode the public key of the authenticator key agreement key. response_data = { _CLIENTPIN_RESP_KEY_AGREEMENT: { - _COSE_ALG_KEY: _COSE_ALG_ES256, + _COSE_ALG_KEY: _COSE_ALG_ECDH_ES_HKDF_256, _COSE_KEY_TYPE_KEY: _COSE_KEY_TYPE_EC2, _COSE_CURVE_KEY: _COSE_CURVE_P256, _COSE_X_COORD_KEY: _KEY_AGREEMENT_PUBKEY[1:33],