Skip to content

Commit

Permalink
Correctly handle U2F public key typecast failure (gravitational#15689)
Browse files Browse the repository at this point in the history 
U2F keys are always [ECDSA/P-256 keys][1], making this an impossible branch in
practice, but better safe than sorry.

[1]: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#registration-response-message-success
  • Loading branch information
@codingllama
codingllama authored Aug 22, 2022
1 parent ab6f430 commit ed24c18
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion lib/auth/webauthn/device.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ func u2fDERKeyToCBOR(der []byte) ([]byte, error) {
// https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-raw-message-formats-v1.2-ps-20170411.html#h3_registration-response-message-success.
pubKey, ok := pubKeyI.(*ecdsa.PublicKey)
if !ok {
return nil, trace.Wrap(err)
return nil, trace.BadParameter("U2F public key has an unexpected type: %T", pubKeyI)
}
return U2FKeyToCBOR(pubKey)
}
Expand Down

0 comments on commit ed24c18

Please sign in to comment.