Skip to content
This repository has been archived by the owner on Mar 25, 2024. It is now read-only.

Webauthn support #11

Merged
merged 85 commits into from
Oct 26, 2021
Merged

Webauthn support #11

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
85 commits
Select commit Hold shift + click to select a range
6226768
Rough pass at CBOR decoder
Firehed May 11, 2019
ca8b0ae
tidy
Firehed May 12, 2019
0d9015f
Move calculation of expected signed data to the registration response
Firehed May 12, 2019
b7d523a
working concept
Firehed May 12, 2019
1ee07d5
More CBOR handling
Firehed May 12, 2019
eb7fd46
Correct some tests
Firehed May 13, 2019
c6231d3
Explicitly fail on 64-bit ints that overflow from 63-bit thing
Firehed May 14, 2019
7d078b5
Tweak data to sign location
Firehed May 14, 2019
626088c
move helpers into bootstrap
Firehed May 14, 2019
fc93bad
save progress
Firehed May 14, 2019
7596211
Create AuthenticatorData object/parser
Firehed May 14, 2019
fb0c820
massive cleanup of registration parsing
Firehed May 14, 2019
5e21d10
Move CBOR to external package
Firehed May 14, 2019
50b56aa
Namespace components
Firehed May 14, 2019
2be6af2
(Re)implement application parameter match test
Firehed May 14, 2019
75c87a6
Fix missing use
Firehed May 14, 2019
42fbf67
Add new keywords to composer manifest
Firehed May 14, 2019
c2a54ea
Create LoginResponseInterface
Firehed May 18, 2019
5895ac9
Encapsulate login response parsing
Firehed May 18, 2019
44d289d
Create RegistrationResponseInterface
Firehed May 18, 2019
502fcb9
Implement WebAuthn registration response parser
Firehed May 18, 2019
9ddd0d7
Clean up interfaces/rpIdHash
Firehed May 18, 2019
530fb6a
Validate attestation cert
Firehed May 18, 2019
febfbff
Use new logic in demo
Firehed May 18, 2019
1d95b13
Cleaup/annotations/assertions
Firehed May 18, 2019
d31e13e
Build against newer PHP versions too
Firehed May 18, 2019
ef2ba88
Coverage
Firehed May 19, 2019
4272cf3
Remove now-outdated ClientData object
Firehed May 19, 2019
1ca854c
Test authenticator data
Firehed May 19, 2019
65d14bb
Minor coverage updates
Firehed May 19, 2019
ffcdca5
Drop 7.0+7.1
Firehed May 19, 2019
88abf81
Rebuild
Firehed May 21, 2019
738ead9
test cleanup
Firehed May 21, 2019
53612c8
Modernize deps
Firehed May 21, 2019
fca5c26
Handle several PHPStan pointless warnings
Firehed May 21, 2019
bb808bd
more PHPStan
Firehed May 21, 2019
672baec
more PHPStan
Firehed May 21, 2019
e98eeee
more PHPStan
Firehed May 21, 2019
f7d0f47
more PHPStan
Firehed May 21, 2019
a60c328
Drop mbstring func overload hack
Firehed May 21, 2019
fb8e738
more PHPStan
Firehed May 21, 2019
b7c8e3e
one more trailing comma
Firehed May 21, 2019
0406369
Composer scripts
Firehed May 27, 2019
5b05e76
Merge branch 'master' into webauthn
Firehed May 27, 2019
77203d1
Merge branch 'master' into webauthn
Firehed May 30, 2019
c3a2005
Cleanup
Firehed May 30, 2019
c5e491e
Hide ClientData implementation
Firehed May 30, 2019
0c036d6
Merge branch 'master' into webauthn
Firehed May 30, 2019
68e3b40
Cleanup
Firehed May 30, 2019
80cd935
Merge branch 'master' into webauthn
Firehed May 30, 2019
276b9d2
Fix base interface
Firehed May 30, 2019
1ae1f74
Migrate to object-based pk+cert
Firehed May 30, 2019
ca5fe91
Merge branch 'master' into webauthn
Firehed May 30, 2019
2380923
Clean up ChallengeProvider stuff from master
Firehed May 30, 2019
19a5afb
Drastically clarify debug output of authenticator data
Firehed May 30, 2019
1a6c449
phpstan ignore demo for now
Firehed May 30, 2019
73c74c0
Fix test name and minor issue with demo
Firehed May 31, 2019
27f93c2
Basic db example
Firehed Jun 1, 2019
50ec2f1
Overhaul demo
Firehed Jun 1, 2019
016f238
Ensure server uses same challenge for all login/sign requests
Firehed Jun 1, 2019
8cafe0d
Use new format
Firehed Jun 1, 2019
e52d318
Cleanup
Firehed Jun 1, 2019
f3f2705
Misc cleanup
Firehed Jun 1, 2019
28bdba5
Remove demo for now, it will be reintroduced separately
Firehed Jun 1, 2019
d96f05f
Minor cleanup
Firehed Jun 1, 2019
acf726f
Update README
Firehed Jun 1, 2019
1193826
readme improvements
Firehed Jun 1, 2019
d6f6eeb
Merge branch 'master' into webauthn
Firehed Oct 22, 2021
776935a
[email protected]
Firehed Oct 22, 2021
0c9cad7
PHPStan: WebAuthn/LoginResponse
Firehed Oct 22, 2021
777f948
Most of remaining type info
Firehed Oct 22, 2021
c872bc6
More type fixes
Firehed Oct 22, 2021
feeaf78
Add goofy offsets to baseline for now
Firehed Oct 22, 2021
d2780e6
Improve debuginfo for Registration, rename varaibles
Firehed Oct 25, 2021
5dcb877
Remove incorrect field from parameter
Firehed Oct 25, 2021
1826621
Merge branch 'master' into webauthn
Firehed Oct 25, 2021
7502e68
Change example appId
Firehed Oct 25, 2021
3c84774
Merge branch 'master' into webauthn
Firehed Oct 25, 2021
b25eb16
Add some additional docs
Firehed Oct 25, 2021
2096c30
Re-link demo
Firehed Oct 26, 2021
39452da
Revert gitignore changes
Firehed Oct 26, 2021
39b6810
Remove legacy documentation
Firehed Oct 26, 2021
783a00b
Merge branch 'master' into webauthn
Firehed Oct 26, 2021
4edfcb3
Apply merged test changes to new tests too
Firehed Oct 26, 2021
2232a16
Type info for jsonserialize
Firehed Oct 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Create LoginResponseInterface
  • Loading branch information
@Firehed
Firehed committed May 18, 2019
commit c2a54ea61fc8642e87f5f8411d02227510873346
17 changes: 17 additions & 0 deletions src/LoginResponseInterface.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?php
declare(strict_types=1);

namespace Firehed\U2F;

interface LoginResponseInterface
{
public function getChallengeProvider(): ChallengeProvider;

public function getCounter(): int;

public function getKeyHandleBinary(): string;

public function getSignature(): string;

public function getSignedData(): string;
}
8 changes: 4 additions & 4 deletions src/Server.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,19 +49,19 @@ class Server
private $signRequests = [];

/**
* This method authenticates a `SignResponse` against outstanding
* This method authenticates a `LoginResponseInterface` against outstanding
* registrations and their corresponding `SignRequest`s. If the response's
* signature validates and the counter hasn't done anything strange, the
* registration will be returned with an updated counter value, which *must*
* be persisted for the next authentication. If any verification component
* fails, a `SE` will be thrown.
*
* @param SignResponse $response the parsed response from the user
* @param LoginResponseInterface $response the parsed response from the user
* @return RegistrationInterface if authentication succeeds
* @throws SE if authentication fails
* @throws BadMethodCallException if a precondition is not met
*/
public function authenticate(SignResponse $response): RegistrationInterface
public function authenticate(LoginResponseInterface $response): RegistrationInterface
{
if (!$this->registrations) {
throw new BadMethodCallException(
Expand Down Expand Up @@ -105,7 +105,7 @@ public function authenticate(SignResponse $response): RegistrationInterface
// match the one in the signing request, the client signed the
// wrong thing. This could possibly be an attempt at a replay
// attack.
$this->validateChallenge($response->getClientData(), $request);
$this->validateChallenge($response->getChallengeProvider(), $request);

$pem = $registration->getPublicKeyPem();

Expand Down
7 changes: 6 additions & 1 deletion src/SignResponse.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

use Firehed\U2F\InvalidDataException as IDE;

class SignResponse
class SignResponse implements LoginResponseInterface
{
use ResponseTrait;

Expand Down Expand Up @@ -72,4 +72,9 @@ public function getSignedData(): string
$this->getClientData()->getChallengeParameter()
);
}

public function getChallengeProvider(): ChallengeProvider
{
return $this->getClientData();
}
}