Add W3C test vectors and expand algorithm support#96
Draft
Conversation
Import all 15 registration/authentication test vector pairs from the official W3C WebAuthn Level 3 specification, covering: - No attestation (ES256, crossOrigin, topOrigin, long credential ID) - Self attestation (ES256) - Packed attestation (ES256, ES384, ES512, RS256, Ed25519, Ed448) - TPM attestation (ES256) - Android Key attestation (ES256) - Apple Anonymous attestation (ES256) - FIDO U2F attestation (ES256) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Uncomment EcdsaSha384 (-35) in COSE Algorithm enum - Add P384 curve OID, coordinate size, and parameters to COSE Curve - Generalize EllipticCurve to support variable coordinate sizes - Add Algorithm::getOpenSslAlgorithm() to map COSE algorithms to OpenSSL digest constants - Fix Packed attestation: only require attStmt.alg == credential algorithm for self-attestation (not x5c), per spec §8.2 - Use algorithm-aware digest in GetResponse signature verification Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Enable ECDSA with SHA-512 using the P-521 curve, including SEC 2 v2 curve parameters for on-curve validation and algorithm-to-curve mapping. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Enable OctetKeyPair key type with Ed25519 curve for EdDSA signatures. Adds OKP public key parsing, RFC 8410 PEM formatting, and wires up the EdDSA algorithm with appropriate OpenSSL verification. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add the fully-specified Ed448 algorithm identifier (COSE -53, RFC 9864 §2.2) and accept it in OKP key parsing alongside the polymorphic EdDSA identifier. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add the fully-specified Ed448 algorithm identifier (COSE -53, RFC 9864 §2.2) and accept it in OKP key parsing alongside the polymorphic EdDSA identifier. Assert decoded CBOR is array in COSEKey, resolving several baselined PHPStan errors. Add type-narrowing asserts in OctetKeyPair. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #96 +/- ##
============================================
- Coverage 81.41% 81.00% -0.41%
- Complexity 335 367 +32
============================================
Files 33 35 +2
Lines 1033 1053 +20
============================================
+ Hits 841 853 +12
- Misses 192 200 +8 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
All ECDSA curves (ES256, ES384, ES512), EdDSA (Ed25519, Ed448), and RS256 are now fully supported. Remove stale footnotes referencing unofficial test vectors and missing algorithm support. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
algcheck to only apply to self-attestation (not x5c), per spec §8.2Test plan
🤖 Generated with Claude Code