@@ -22,6 +22,7 @@ use p256::ecdsa::VerifyingKey;
22
22
use rand:: rngs:: OsRng ;
23
23
use rsa:: {
24
24
pkcs1:: { DecodeRsaPrivateKey , EncodeRsaPrivateKey } ,
25
+ pkcs8:: DecodePrivateKey ,
25
26
signature:: SignatureEncoding ,
26
27
traits:: PublicKeyParts ,
27
28
} ;
@@ -61,6 +62,7 @@ pub enum WebauthnCredentialRequestError {
61
62
Base64Error ( base64:: DecodeError ) ,
62
63
Ed25519Error ( ed25519_dalek:: SignatureError ) ,
63
64
Ed25519SPKIError ( ed25519_dalek:: pkcs8:: spki:: Error ) ,
65
+ Ed25519PKCS8Error ( ed25519_dalek:: pkcs8:: Error ) ,
64
66
}
65
67
66
68
impl From < serde_json:: Error > for WebauthnCredentialRequestError {
@@ -105,6 +107,12 @@ impl From<ed25519_dalek::pkcs8::spki::Error> for WebauthnCredentialRequestError
105
107
}
106
108
}
107
109
110
+ impl From < ed25519_dalek:: pkcs8:: Error > for WebauthnCredentialRequestError {
111
+ fn from ( e : ed25519_dalek:: pkcs8:: Error ) -> Self {
112
+ WebauthnCredentialRequestError :: Ed25519PKCS8Error ( e)
113
+ }
114
+ }
115
+
108
116
pub struct WebauthnAuthenticator ;
109
117
110
118
impl WebauthnAuthenticator {
@@ -368,16 +376,20 @@ impl WebauthnAuthenticator {
368
376
369
377
match private_key_response. key_alg {
370
378
CoseAlgorithmIdentifier :: Ed25519 => {
371
- let key = ed25519_dalek:: SigningKey :: try_from ( private_key_response. private_key . as_slice ( ) ) ?;
379
+ let key = ed25519_dalek:: SigningKey :: try_from ( private_key_response. private_key . as_slice ( ) ) . or (
380
+ ed25519_dalek:: SigningKey :: from_pkcs8_der ( private_key_response. private_key . as_slice ( ) ) ,
381
+ ) ?;
372
382
Ok ( key. sign ( [ auth_data_bytes, client_data_hash] . concat ( ) . as_slice ( ) ) . to_vec ( ) )
373
383
}
374
384
CoseAlgorithmIdentifier :: ES256 => {
375
- let key = p256:: ecdsa:: SigningKey :: try_from ( private_key_response. private_key . as_slice ( ) ) ?;
385
+ let key = p256:: ecdsa:: SigningKey :: from_pkcs8_der ( private_key_response. private_key . as_slice ( ) )
386
+ . or ( p256:: ecdsa:: SigningKey :: try_from ( private_key_response. private_key . as_slice ( ) ) ) ?;
376
387
let ( sig, _) = key. sign ( [ auth_data_bytes, client_data_hash] . concat ( ) . as_slice ( ) ) ;
377
388
Ok ( sig. to_der ( ) . to_vec ( ) )
378
389
}
379
390
CoseAlgorithmIdentifier :: RSA => {
380
- let key = rsa:: RsaPrivateKey :: from_pkcs1_der ( & private_key_response. private_key ) ?;
391
+ let key = rsa:: RsaPrivateKey :: from_pkcs1_der ( & private_key_response. private_key )
392
+ . or ( rsa:: RsaPrivateKey :: from_pkcs8_der ( & private_key_response. private_key ) ) ?;
381
393
let signing_key = rsa:: pkcs1v15:: SigningKey :: < Sha256 > :: new ( key) ;
382
394
Ok ( signing_key. sign ( [ auth_data_bytes, client_data_hash] . concat ( ) . as_slice ( ) ) . to_vec ( ) )
383
395
}
0 commit comments