Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix sig verification fail on non-padded challenge #55

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

broody
Copy link
Contributor

@broody broody commented Apr 4, 2024

Signature verification fails if authenticator returns challenges that are non-padded base64 encoding. This PR ignores the trailing '=' produced from alexandria's base64 encoder and updates p256 signer to no padding

Seems to align with spec (Base64url encoding)
https://www.w3.org/TR/webauthn-2/#sctn-dependencies

*Marking as draft until audit is done

@@ -97,7 +97,7 @@ fn verify_challenge(
) -> Result<(), AuthnError> {
let mut i: usize = 0;
let mut encoded = Base64UrlFeltEncoder::encode(challenge);
let encoded_len: usize = encoded.len();
let encoded_len: usize = encoded.len() - 1; // Ignore base64 padding '='
Copy link
Contributor

@tarrencev tarrencev Apr 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will it always be padded?

It seems it can be variable based on the encoded challenge length: https://github.com/keep-starknet-strange/alexandria/blob/bbc010b922d9ca6f807ef01b0b255e34331b5eac/src/encoding/src/base64.cairo#L82

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah got it. We should probably include the encoder in our project and modify it to avoid the extra steps

Copy link

codecov bot commented Apr 4, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.14%. Comparing base (fd2336f) to head (898d4e6).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main      #55   +/-   ##
=======================================
  Coverage   64.14%   64.14%           
=======================================
  Files          16       16           
  Lines        1163     1163           
=======================================
  Hits          746      746           
  Misses        417      417           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants