Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add EdDSA/Minisign signatures to #397 (sign-hash/sign-file CTAP command) #583

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add EdDSA/Minisign signatures to #397 (sign-hash/sign-file CTAP command) #583

wants to merge 8 commits into from

Commits on Oct 18, 2021

  1. PoC: Add vendor command for signing an arbitrary SHA256 hash 

    This patch adds new CTAP2 vendor command with command value 0x50. The
command arguments are credentialId and user specified SHA256 hash. It
returns a DER encoded signature of the given hash, using the key
which corresponds to the specified credentialId.

Example request:
{1: <sha256_hash>,
 2: {"id": <credential_id>, "type": "public-key"},
 3: [pinAuth]}

Example response:
{1: <der_signature>}

Issue: solokeys#395
    @rgerganov
    Radoslav Gerganov authored and rgerganov committed Oct 18, 2021
    Configuration menu
    Copy the full SHA
    ebef6da View commit details
    Browse the repository at this point in the history

Commits on Oct 20, 2021

  1. Added EdDSA/Minisign to sign-hash/sign-file command (first version) w… 

    …ith support for arbitrary-length hashes up to 64B and a trusted comment in the EdDSA case.

Also fixed existing bug: get_credential_id_size(SH.cred.type) should be get_credential_id_size(&SH.cred)
Also now cose_alg is checked. I'm not sure yet if it is safe to use arbitrary-length hashes with verify_pin_auth_ex. Maybe a min length should be set?
    @stevenwdv
    stevenwdv committed Oct 20, 2021
    Configuration menu
    Copy the full SHA
    51c0b87 View commit details
    Browse the repository at this point in the history

  2. Only accept hash of 32/64B in ctap_parse_sign_hash

    @stevenwdv
    stevenwdv committed Oct 20, 2021
    Configuration menu
    Copy the full SHA
    7708b97 View commit details
    Browse the repository at this point in the history

Commits on Oct 25, 2021

  1. Authenticate sign-hash credential, with special "solo-sign-hash:" RP … 

    …ID prefix
    @stevenwdv
    stevenwdv committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    1fd5b74 View commit details
    Browse the repository at this point in the history

  2. sign-hash: validate hash length per signature algorithm, check if sig… 

    …nature algorithm is supported
    @stevenwdv
    stevenwdv committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    861d783 View commit details
    Browse the repository at this point in the history

  3. sign-hash: some cleanup

    @stevenwdv
    stevenwdv committed Oct 25, 2021
    Configuration menu
    Copy the full SHA
    d067d94 View commit details
    Browse the repository at this point in the history

Commits on Oct 27, 2021

  1. sign-hash: simplify prefix check

    @stevenwdv
    stevenwdv committed Oct 27, 2021
    Configuration menu
    Copy the full SHA
    c26a983 View commit details
    Browse the repository at this point in the history

Commits on Oct 29, 2021

  1. Disallow solo-sign-hash RP ID in ctap_get_assertion

    @stevenwdv
    stevenwdv committed Oct 29, 2021
    Configuration menu
    Copy the full SHA
    fd8033b View commit details
    Browse the repository at this point in the history