Merge pull request #89 from web-auth/CoseAlgIssue

Fix invalid signature length

Author: Spomky

src/cose/src/Algorithm/Signature/ECDSA/ES256.php

@@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string
 
     public function verify(string $data, Key $key, string $signature): bool
     {
-        $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
+            @trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
+        } else {
+            $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        }
 
         return parent::verify($data, $key, $signature);
     }

src/cose/src/Algorithm/Signature/ECDSA/ES256K.php

@@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string
 
     public function verify(string $data, Key $key, string $signature): bool
     {
-        $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
+            @trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
+        } else {
+            $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        }
 
         return parent::verify($data, $key, $signature);
     }

src/cose/src/Algorithm/Signature/ECDSA/ES384.php

@@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string
 
     public function verify(string $data, Key $key, string $signature): bool
     {
-        $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
+            @trigger_error('Since v2.1, the method "verify" will only accept raw ECDSA signature in v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
+        } else {
+            $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        }
 
         return parent::verify($data, $key, $signature);
     }

src/cose/src/Algorithm/Signature/ECDSA/ES512.php

@@ -34,7 +34,11 @@ public function sign(string $data, Key $key): string
 
     public function verify(string $data, Key $key, string $signature): bool
     {
-        $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        if (mb_strlen($signature, '8bit') !== $this->getSignaturePartLength()) {
+            @trigger_error('Since v2.1, the method "verify" accepts ASN.1 structures and raw ECDSA signature. In v3.0 and ASN.1 structures will be rejected', E_USER_DEPRECATED);
+        } else {
+            $signature = ECSignature::toAsn1($signature, $this->getSignaturePartLength());
+        }
 
         return parent::verify($data, $key, $signature);
     }

src/webauthn/src/Util/CoseSignatureFixer.php

@@ -30,10 +30,22 @@ public static function fix(string $signature, Signature $algorithm): string
         switch ($algorithm::identifier()) {
             case ECDSA\ES256K::ID:
             case ECDSA\ES256::ID:
+                if (64 === mb_strlen($signature, '8bit')) {
+                    return $signature;
+                }
+
                 return ECDSA\ECSignature::fromAsn1($signature, 64); //TODO: fix this hardcoded value by adding a dedicated method for the algorithms
             case ECDSA\ES384::ID:
+                if (96 === mb_strlen($signature, '8bit')) {
+                    return $signature;
+                }
+
                 return ECDSA\ECSignature::fromAsn1($signature, 96);
             case ECDSA\ES512::ID:
+                if (132 === mb_strlen($signature, '8bit')) {
+                    return $signature;
+                }
+
                 return ECDSA\ECSignature::fromAsn1($signature, 132);
         }