bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2025-12-15 15:53:27 +00:00
Code Issues Releases Wiki Activity

[EC-598] feat: check for supported key algorithms

Browse Source
This commit is contained in:
Andreas Coroiu
2023-03-30 14:37:36 +02:00
parent 142aa016d4
commit 259e646ed7
3 changed files with 39 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libs/common/src/webauthn/abstractions/fido2-client.service.abstraction.ts
View File

@@ -33,10 +33,7 @@ export interface CreateCredentialParams {
credProps?: boolean; credProps?: boolean;
uvm?: boolean; uvm?: boolean;
}; };
pubKeyCredParams: { pubKeyCredParams: PublicKeyCredentialParam[];
alg: number;
// type: "public-key"; // not used
}[];
rp: { rp: {
id?: string; id?: string;
name: string; name: string;
@@ -74,6 +71,11 @@ export interface AssertCredentialResult {
userHandle: string; userHandle: string;
} }
export interface PublicKeyCredentialParam {
alg: number;
type: "public-key";
}
export class Fido2Error extends Error { export class Fido2Error extends Error {
constructor(message: string, readonly fallbackRequested = false) { constructor(message: string, readonly fallbackRequested = false) {
super(message); super(message);

17
libs/common/src/webauthn/services/fido2-client.service.spec.ts
View File

@@ -82,6 +82,22 @@ describe("FidoAuthenticatorService", () => {
await rejects.toMatchObject({ name: "SecurityError" }); await rejects.toMatchObject({ name: "SecurityError" });
await rejects.toBeInstanceOf(DOMException); await rejects.toBeInstanceOf(DOMException);
}); });
// Spec: If credTypesAndPubKeyAlgs is empty, return a DOMException whose name is "NotSupportedError", and terminate this algorithm.
it("should throw error if no support key algorithms were found", async () => {
const params = createParams({
pubKeyCredParams: [
{ alg: -9001, type: "public-key" },
{ alg: -7, type: "not-supported" as any },
],
});
const result = async () => await client.createCredential(params);
const rejects = expect(result).rejects;
await rejects.toMatchObject({ name: "NotSupportedError" });
await rejects.toBeInstanceOf(DOMException);
});
}); });
function createParams(params: Partial<CreateCredentialParams> = {}): CreateCredentialParams { function createParams(params: Partial<CreateCredentialParams> = {}): CreateCredentialParams {
@@ -96,6 +112,7 @@ describe("FidoAuthenticatorService", () => {
pubKeyCredParams: params.pubKeyCredParams ?? [ pubKeyCredParams: params.pubKeyCredParams ?? [
{ {
alg: -7, alg: -7,
type: "public-key",
}, },
], ],
rp: params.rp ?? { rp: params.rp ?? {

17
libs/common/src/webauthn/services/fido2-client.service.ts
View File

@@ -7,6 +7,7 @@ import {
CreateCredentialParams, CreateCredentialParams,
CreateCredentialResult, CreateCredentialResult,
Fido2ClientService as Fido2ClientServiceAbstraction, Fido2ClientService as Fido2ClientServiceAbstraction,
PublicKeyCredentialParam,
} from "../abstractions/fido2-client.service.abstraction"; } from "../abstractions/fido2-client.service.abstraction";
import { Fido2Utils } from "../abstractions/fido2-utils"; import { Fido2Utils } from "../abstractions/fido2-utils";
@@ -36,7 +37,21 @@ export class Fido2ClientService implements Fido2ClientServiceAbstraction {
throw new DOMException("'rp.id' does not match origin effective domain", "SecurityError"); throw new DOMException("'rp.id' does not match origin effective domain", "SecurityError");
} }
throw new Error("Not implemented"); let credTypesAndPubKeyAlgs: PublicKeyCredentialParam[];
if (params.pubKeyCredParams?.length > 0) {
credTypesAndPubKeyAlgs = params.pubKeyCredParams.filter(
(kp) => kp.alg === -7 && kp.type === "public-key"
);
} else {
credTypesAndPubKeyAlgs = [
{ alg: -7, type: "public-key" },
{ alg: -257, type: "public-key" },
];
}
if (credTypesAndPubKeyAlgs.length === 0) {
throw new DOMException("No supported key algorithms were found", "NotSupportedError");
}
} }
assertCredential( assertCredential(