fix errornous reporting of missing TPM version & model#241
fix errornous reporting of missing TPM version & model#241emlun merged 8 commits intoYubico:mainfrom
Conversation
|
Thanks a lot! That indeed looks like an oversight in the code, perhaps a prototype first step that we forgot to revisit and finish. Would you mind sharing an example Either way, I'll try to get the fix released pretty soon - we can probably have an RC build out this week. After that we usually wait about 2 weeks before promoting it to an official release. |
|
Would you like to be credited by name or GitHub username in the release notes? (or would you prefer not at all?) |
|
Hi @emlun Looking forward for the RC |
`webauthn-server-core`:
Changes:
- Changed internal structure of `RegistrationResult` and
`AssertionResult`. This may affect you if you use Jackson or similar
tools to serialize these values to JSON, for example. This is not an
officially supported use case and thus does not warrant a major
version bump.
- Removed methods `RegistrationResult.toBuilder()` and
`AssertionResult.toBuilder()`. Both had package-private return
types, and thus were not usable by outside callers.
New features:
- (Experimental) Added support for the new `BE` (backup eligible) and
`BS` (backup state) flags in authenticator data:
- NOTE: Experimental features may receive breaking changes without a
major version increase.
- Added `BE` and `BS` properties to `AuthenticatorDataFlags`,
reflecting the respective flags (bits 0x08 and 0x10).
- Added methods `isBackupEligible()` and `isBackedUp()` to
`RegistrationResult` and `AssertionResult`, reflecting
respectively the `BE` and `BS` flags.
- Added properties `backupEligible` and `backupState`, getters
`isBackupEligible()` and `isBackedUp()`, and corresponding builder
methods to `RegisteredCredential`.
`RelyingParty.finishAssertion(...)` will now validate that if
`RegisteredCredential.isBackupEligible()` is present, then the
`BE` flag of any assertion of that credential must match the
stored value.
Fixes:
- Fixed TPM attestation verification rejecting attestation
certificates with TPM Device Attributes split between multiple
RelativeDistinguishedName structures in the Subject Alternative
Names extension.
- Thanks to Oussama Zgheb for the contribution, see
#241
- Fixed various errors in JavaDoc.
`webauthn-server-attestation`:
Fixes:
- Improved documentation of guarantees provided by
`FidoMetadataDownloader` and required of its parameters.
2 participants
This PR fixes the erroneous reporting of "Missing TPM model" & "Missing TPM version".
Tested on two Lenovo Thinkpads X1 Gen9 - TPMModel=ST33HTPHAHD8 and T14 Gen3 (TPMModel=NPCT75x).
Here a debugger screenshot that tries to show the problem, your code tried to read the OIDs only from the first RDN
Initial issue created by me: #240