Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebAuthN: Disable EdDSA/Ed25519 for key registrations #165

Merged
merged 2 commits into from
May 22, 2023
Merged

WebAuthN: Disable EdDSA/Ed25519 for key registrations #165

merged 2 commits into from
May 22, 2023

Conversation

dd32
Copy link
Member

@dd32 dd32 commented May 17, 2023

Depends on: #153
Patch for the upstream sjinks/wp-two-factor-provider-webauthn#221 bug
See #114

The upstream plugin supports a multitude of algorithms, unfortunately it appears that when a modern security key is registered through a desktop browser, EdDSA is preferred, however it appears that at least some Android devices do not support this through NFC.

This PR disables the EdDSA algorithm during key registration.

@dd32 dd32 mentioned this pull request May 17, 2023
Merged
@iandunn iandunn mentioned this pull request May 18, 2023
Closed
13 tasks
@dd32 dd32 requested a review from iandunn May 19, 2023 01:00
iandunn
iandunn approved these changes May 19, 2023
View reviewed changes
Copy link
Member

@iandunn iandunn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I had to merge the latest trunk in to make the WebAuthn provider show up in wp-admin, but after that it worked in my test 👍🏻

wporg-two-factor.php Outdated Show resolved Hide resolved
@iandunn iandunn added this to the MVP milestone May 19, 2023
@iandunn
Copy link
Member

iandunn commented May 19, 2023

For reference, I tested the following scenarios and all of them worked:

  • Yubikey 5C Nano: Registered via USB, authenticated via USB
  • Yubikey 5C NFC: Registered via USB, authenticated via USB
  • Yubikey 5C NFC: Registered via USB, authenticated via NFC

The desktop was a 2023 Mac Mini running OSX 13.4 and Chrome 113.0.5672.126. The phone was a Pixel 4a running Android 13 and Chrome 113.0.5672.131

@dd32
Copy link
Member Author

dd32 commented May 22, 2023

I was thinking of merging #169 first and then applying this in the same manner, rather than having it in multiple places.

@dd32 dd32 force-pushed the fix/webauthn-upstream-221 branch from c59df0a to c85f865 Compare May 22, 2023 05:22
@dd32 dd32 merged commit 6a95fb3 into trunk May 22, 2023
@dd32 dd32 deleted the fix/webauthn-upstream-221 branch May 22, 2023 06:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iandunn iandunn iandunn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
MVP
Development

Successfully merging this pull request may close these issues.
2 participants
@dd32 @iandunn