Use public key from AIK cert for signature algorithm initalization #29
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
santiagorodriguez96
changed the title
santiagorodriguez96
force-pushed
the
sr--fix-windows-hello-signature-algorithm
branch
from
7e6c35b to
6d44eb9
Compare
Validation of the TPM attestation for Windows Hello with TPM v2 is failing as the AIK certificate public key was an RSA key and the public key `pubArea` was an ECC key – which causes the gem to try to initialize an `OpenSSL::SignatureAlgorithm::RSA` object with an `curve` keyword argument resulting in a `unknown keyword` error. The problem is that we are using the key in the `pubArea` to verify the signature over `certInfo` where the the WebAuthn spec states that: > Verify the sig is a valid signature over certInfo using the > attestation public key in aikCert with the algorithm specified in alg.
santiagorodriguez96
force-pushed
the
sr--fix-windows-hello-signature-algorithm
branch
from
6d44eb9 to
950bd52
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
Attempts to fix #28.
Validation of the TPM attestation for Windows Hello with TPM v2 is failing as the AIK certificate public key was an RSA key and the public key
pubAreawas an ECC key – which causes the gem to try to initialize anOpenSSL::SignatureAlgorithm::RSAobject with ancurvekeyword argument resulting in aunknown keyworderror.The problem is that we are using the key in the
pubAreato verify the signature overcertInfowhereas the WebAuthn spec states that: