diff --git a/src/Attestations/FidoU2F.php b/src/Attestations/FidoU2F.php index 7a00093..5a144b4 100644 --- a/src/Attestations/FidoU2F.php +++ b/src/Attestations/FidoU2F.php @@ -8,6 +8,7 @@ use Firehed\WebAuthn\AuthenticatorData; use Firehed\WebAuthn\BinaryString; use Firehed\WebAuthn\Certificate; +use Firehed\WebAuthn\COSE\Curve; use Firehed\WebAuthn\PublicKey\EllipticCurve; /** @@ -46,10 +47,7 @@ public function verify(AuthenticatorData $data, BinaryString $clientDataHash): V if ($info['type'] !== OPENSSL_KEYTYPE_EC) { throw new \Exception('Certificate PubKey is not Elliptic Curve'); } - // OID for P-156 curve - // http://oid-info.com/get/1.2.840.10045.3.1.7 - // See also EllipticCurve - if ($info['ec']['curve_oid'] !== '1.2.840.10045.3.1.7') { + if ($info['ec']['curve_oid'] !== Curve::P256->getOid()) { throw new \Exception('Certificate PubKey is not Elliptic Curve'); } diff --git a/src/COSE/Curve.php b/src/COSE/Curve.php index fef8e54..1e4bb98 100644 --- a/src/COSE/Curve.php +++ b/src/COSE/Curve.php @@ -30,4 +30,12 @@ enum Curve: int case ED25519 = 6; // OKP case ED448 = 7; // OKP + + public function getOid(): string + { + return match ($this) { // @phpstan-ignore-line default unhandled match is desired + self::P256 => '1.2.840.10045.3.1.7', + // TODO: add others as support increases + }; + } }