From 5843d50d6ace6e4928ec1919742509c61b29d835 Mon Sep 17 00:00:00 2001 From: Luc Fauvel Date: Wed, 21 Aug 2024 11:03:56 -0400 Subject: [PATCH] Fixed base64 error for challenge decoding --- src/oath/hotp.rs | 4 ++-- src/webauthn/authenticator/mod.rs | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/oath/hotp.rs b/src/oath/hotp.rs index 20aef29..ced5504 100644 --- a/src/oath/hotp.rs +++ b/src/oath/hotp.rs @@ -180,7 +180,7 @@ impl OtpAuth for HOTPContext { .ok_or_else(|| "Otpauth uri is malformed, missing parameters".to_string()) .and_then(|param_it| { let mut secret = Vec::::new(); - let mut counter = std::u64::MAX; + let mut counter = u64::MAX; let mut alg = OTP_DEFAULT_ALG_VALUE; let mut digits = OTP_DEFAULT_DIGITS_VALUE; @@ -226,7 +226,7 @@ impl OtpAuth for HOTPContext { } } - if secret.is_empty() || counter == std::u64::MAX { + if secret.is_empty() || counter == u64::MAX { return Err("Otpauth uri is malformed".to_string()); } diff --git a/src/webauthn/authenticator/mod.rs b/src/webauthn/authenticator/mod.rs index 3353de3..dd150b3 100644 --- a/src/webauthn/authenticator/mod.rs +++ b/src/webauthn/authenticator/mod.rs @@ -144,7 +144,11 @@ impl WebauthnAuthenticator { let (attestation_object, private_key_response, der) = Self::generate_attestation_object(alg, aaguid, &credential_id, rp_id, attestation_flags)?; - let challenge = base64::decode(credential_creation_options.challenge)?; + let challenge = match base64::decode(credential_creation_options.challenge.as_str()) { + Ok(challenge) => challenge, + Err(_) => base64::decode_config(credential_creation_options.challenge, URL_SAFE_NO_PAD)?, + }; + let collected_client_data = CollectedClientData { request_type: WEBAUTHN_REQUEST_TYPE_CREATE.to_owned(), challenge: base64::encode_config(challenge, URL_SAFE_NO_PAD),