github-personal/certificates
1
0
Fork 0
mirror of https://github.com/outbackdingo/certificates.git synced 2026-01-27 10:18:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1663 from smallstep/herman/acme-cose-rs1-support

Browse Source
This commit is contained in:
Herman Slatman
2024-01-08 17:20:21 +01:00
committed by GitHub
parent 581db00a00 e52836f0ab
commit 4ba2e22b8d
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
acme/challenge.go
View File

@@ -528,6 +528,7 @@ type coseAlgorithmIdentifier int32
const (
coseAlgES256 coseAlgorithmIdentifier = -7
coseAlgRS256 coseAlgorithmIdentifier = -257
coseAlgRS1 coseAlgorithmIdentifier = -65535 // deprecated, but (still) often used in TPMs
)
func doTPMAttestationFormat(_ context.Context, prov Provisioner, ch *Challenge, jwk *jose.JSONWebKey, att *attestationObject) (*tpmAttestationData, error) {
@@ -652,15 +653,16 @@ func doTPMAttestationFormat(_ context.Context, prov Provisioner, ch *Challenge,
return nil, NewDetailedError(ErrorBadAttestationStatementType, "invalid alg in attestation statement")
}
// only RS256 and ES256 are allowed
coseAlg := coseAlgorithmIdentifier(alg)
if coseAlg != coseAlgRS256 && coseAlg != coseAlgES256 {
var hash crypto.Hash
switch coseAlgorithmIdentifier(alg) {
case coseAlgRS256, coseAlgES256:
hash = crypto.SHA256
case coseAlgRS1:
hash = crypto.SHA1
default:
return nil, NewDetailedError(ErrorBadAttestationStatementType, "invalid alg %d in attestation statement", alg)
}
// set the hash algorithm to use to SHA256
hash := crypto.SHA256
// recreate the generated key certification parameter values and verify
// the attested key using the public key of the AK.
certificationParameters := &attest.CertificationParameters{